RADIUS Authenticated SSID

OpenWiFi 2.0

When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis.

	"interfaces": [
		{
			"name": "WAN",
			"role": "upstream",
			"ethernet": [
				{
					"select-ports": [
						"WAN*"
					]
				}
			],
			"ipv4": {
				"addressing": "dynamic"
			},
			"ssids": [
				{
					"name": "OpenWifi",
					"wifi-bands": [
						"5G"
					],
					"bss-mode": "ap",
					"encryption": {
						"proto": "wpa2",
						"ieee80211w": "optional"
					},
					"radius": {
						"authentication": {
							"host": "192.168.178.192",
							"port": 1812,
							"secret": "secret"
						},
						"accounting": {
							"host": "192.168.178.192",
							"port": 1813,
							"secret": "secret"
						}
					}
				}
			]
		},

			"ssids": [
				{
					"name": "OpenWifi",
					"wifi-bands": [
						"2G"
					],
					"bss-mode": "ap",
					"encryption": {
						"proto": "wpa2",
						"ieee80211w": "optional"
					},
					"certificates": {
						"ca-certificate": "/etc/ucentral/cas.pem",
						"certificate": "/etc/ucentral/cert.pem",
						"private-key": "/etc/ucentral/key.pem"
					},
					"radius": {
						"local": {
							"server-identity": "OpenWiFi-Local-EAP",
							"users": [
								{
									"user-name": "open",
									"password": "wifi"
								}
							]
						}
					}
				}
			]
		},

Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.

PreviousGRE NextDynamic VLANs with RADIUS

Last updated 3 years ago