RADIUS Authenticated SSID

OpenWiFi 2.0

When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis.

	"interfaces": [
		{
			"name": "WAN",
			"role": "upstream",
			"ethernet": [
				{
					"select-ports": [
						"WAN*"
					]
				}
			],
			"ipv4": {
				"addressing": "dynamic"
			},
			"ssids": [
				{
					"name": "OpenWifi",
					"wifi-bands": [
						"5G"
					],
					"bss-mode": "ap",
					"encryption": {
						"proto": "wpa2",
						"ieee80211w": "optional"
					},
					"radius": {
						"authentication": {
							"host": "192.168.178.192",
							"port": 1812,
							"secret": "secret"
						},
						"accounting": {
							"host": "192.168.178.192",
							"port": 1813,
							"secret": "secret"
						}
					}
				}
			]
		},

			"ssids": [
				{
					"name": "OpenWifi",
					"wifi-bands": [
						"2G"
					],
					"bss-mode": "ap",
					"encryption": {
						"proto": "wpa2",
						"ieee80211w": "optional"
					},
					"certificates": {
						"ca-certificate": "/etc/ucentral/cas.pem",
						"certificate": "/etc/ucentral/cert.pem",
						"private-key": "/etc/ucentral/key.pem"
					},
					"radius": {
						"local": {
							"server-identity": "OpenWiFi-Local-EAP",
							"users": [
								{
									"user-name": "open",
									"password": "wifi"
								}
							]
						}
					}
				}
			]
		},

Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.

RADIUS Attribute

Description

nas-identifier

Unique NAS Id used with RADIUS server

chargeable-user-id

Chargeable User Entity per RFC4372

local

Local RADIUS within AP device

server-identity
- users - Local EAP users based on username, PreShared Key and VLAN id

authentication

RADIUS server

host IP address
port ( example 1812)
secret ( Shared secret with RADIUS server )

Additional methods within Access-Request

request-attribute ( id of RADIUS server )
- id ( numeric value of RADIUS server )
- value
  Any sub-value defined as integer RADIUS attribute value

accounting

RADIUS server

host IP address
port ( example 1813)
secret ( Shared secret with RADIUS server )

Additional methods within Access-Request sent in Accounting

request-attribute ( id of RADIUS server )
- id ( numeric value of RADIUS server )
- value
  Any sub-value defined as integer RADIUS attribute value

accounting

interval ( Interim accounting interval defined in seconds )

PreviousGRE NextDynamic VLANs with RADIUS

Last updated 2 years ago