Search…
RADIUS Authenticated SSID
OpenWiFi 2.0
When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis.
Simple RADIUS
EAP-Local SSID
1
"interfaces": [
2
{
3
"name": "WAN",
4
"role": "upstream",
5
"ethernet": [
6
{
7
"select-ports": [
8
"WAN*"
9
]
10
}
11
],
12
"ipv4": {
13
"addressing": "dynamic"
14
},
15
"ssids": [
16
{
17
"name": "OpenWifi",
18
"wifi-bands": [
19
"5G"
20
],
21
"bss-mode": "ap",
22
"encryption": {
23
"proto": "wpa2",
24
"ieee80211w": "optional"
25
},
26
"radius": {
27
"authentication": {
28
"host": "192.168.178.192",
29
"port": 1812,
30
"secret": "secret"
31
},
32
"accounting": {
33
"host": "192.168.178.192",
34
"port": 1813,
35
"secret": "secret"
36
}
37
}
38
}
39
]
40
},
Copied!
1
"ssids": [
2
{
3
"name": "OpenWifi",
4
"wifi-bands": [
5
"2G"
6
],
7
"bss-mode": "ap",
8
"encryption": {
9
"proto": "wpa2",
10
"ieee80211w": "optional"
11
},
12
"certificates": {
13
"ca-certificate": "/etc/ucentral/cas.pem",
14
"certificate": "/etc/ucentral/cert.pem",
15
"private-key": "/etc/ucentral/key.pem"
16
},
17
"radius": {
18
"local": {
19
"server-identity": "OpenWiFi-Local-EAP",
20
"users": [
21
{
22
"user-name": "open",
23
"password": "wifi"
24
}
25
]
26
}
27
}
28
}
29
]
30
},
Copied!
Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.
RADIUS Attribute
Description
nas-identifier
Unique NAS Id used with RADIUS server
chargeable-user-id
Chargeable User Entity per RFC4372
local
Local RADIUS within AP device
    server-identity
      users - Local EAP users based on username, PreShared Key and VLAN id
authentication
RADIUS server
    host IP address
    port ( example 1812)
    secret ( Shared secret with RADIUS server )
Additional methods within Access-Request
    request-attribute ( id of RADIUS server )
      id ( numeric value of RADIUS server )
      value
      Any sub-value defined as integer RADIUS attribute value
accounting
RADIUS server
    host IP address
    port ( example 1813)
    secret ( Shared secret with RADIUS server )
Additional methods within Access-Request sent in Accounting
    request-attribute ( id of RADIUS server )
      id ( numeric value of RADIUS server )
      value
      Any sub-value defined as integer RADIUS attribute value
accounting
interval ( Interim accounting interval defined in seconds )
Last modified 2mo ago
Export as PDF
Copy link