You can use a RADIUS Server profile to define a remote Authentication, Authorization, and Accounting (AAA) server for use by one or more networks that utilize an external RADIUS server (such as Enterprise AAA (802.1X) networks).

1. Add the RADIUS Server service to your tenant account. From the navigation bar, select Network Control > Service Catalog. Alternatively, you can select Network Control > My Services, then click Add Service.
2. Find the RADIUS Server tile and click Add.
   The Add RADIUS Server page is displayed.

   

3. Enter a Profile Name for the RADIUS server.
4. Select the Type of RADIUS server to configure. The options are:
   • Authentication RADIUS Server: Selecting this option enables the wireless device to send authentication requests to the RADIUS server to verify user credentials and allow or deny network access.
   • Accounting RADIUS Server: Selecting this option enables the wireless device to send accounting information to the RADIUS server to record user login, logout, and usage details of the authenticated user.
   Note: User Role Mapping is available only for Authentication RADIUS Servers and is not supported for Accounting RADIUS Servers.
5. Toggle the Enable RadSec (over TLS) switch on to enable this feature. Enabling RadSec ensures secure and reliable transport and encryption of RADIUS protocol traffic over TLS. When enabled, the RADIUS Server communicates over port 2083 by default. This option is disabled by default. Complete the following configuration to finish the setup.

   

   • CN/SAN Identity: Common Name (CN) or Subject Alternative Name (SAN) is used to verify the identity of the RADIUS server. Enter the CN or SAN value that matches the server certificate to ensure the connection is established with the intended server.
   • Trusted Certificate Authority: Issues and verifies the server certificates. Select a Certificate Authority from the drop-down list or click Add CA to add a new Certificate Authority. Refer to Adding a Certificate Authority for more information.
   • Client Certificate: Authenticates this RADIUS proxy to the remote AAA server when establishing outbound RadSec connections for authentication and accounting requests. Select a client certificate from the drop-down list or click Generate new client certificate to add a new client certificate. Refer to Generating Server and Client Certificates.
   • Server Certificate: Authenticates this RADIUS proxy to external AAA servers when accepting inbound CoA (Change of Authorization) requests over RadSec. Select a server certificate from the drop-down list or click Generate new server certificate to add a new server certificate. Refer to Generating Server and Client Certificates.
6. Primary Server: Complete the following primary RADIUS Server fields:
   1. Port: Enter the listening port number.
      Note: The default port for the Authentication RADIUS Server is 1812, and for the Accounting RADIUS Server is 1813.
   2. Shared Secret: Enter the shared secret configured on the RADIUS Server.
7. Secondary Server: Click Add Secondary Server to display the secondary server settings.
   Note: Add a secondary server only if a secondary RADIUS Server is available. To remove the secondary server, click Remove Secondary Server.

   Complete the following secondary RADIUS Server fields:

   • Port: Enter the listening port number.
     Note: The default port for the Authentication RADIUS Server is 1812, and for the Accounting RADIUS Server is 1813.
   • Shared Secret: Enter the shared secret configured on the RADIUS Server.
8. Click Add.
   The new RADIUS Server is created and displayed in the RADIUS Server page.