RADIUS can be enabled on any interface that can be configured as a routed interface. See the section below for step-by-step instructions.
Requirements
- A RADIUS server must be configured and added to the Edge. This is perfomed on the Configure -> Network Services screen in the VMware SD-WAN Orchestrator.
- RADIUS may be enabled on any interface that can be configured as a routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Note: RADIUS enabled interfaces do not use DPDK.
Enabling RADIUS on a Routed Interface
- Go to Configure->Device on the VMware SD-WAN Orchestrator, click Edit for the interface you want to enable RADIUS authentication.
- Configure the Capability parameter as Routed.
- Disable the WAN Overlay by unchecking the box.
- Enable RADIUS Authentication by checking that box.
- Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) and by OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
Note: The interface will use the server that has already been assigned to the Edge (i.e. two interfaces cannot use two different RADIUS servers).