RADIUS can be enabled on any interface that can be configured as a routed interface. See the section below for step-by-step instructions.

Requirements

  • A RADIUS server must be configured and added to the Edge. This is perfomed on the Configure -> Network Services screen in the VMware SD-WAN Orchestrator.
  • RADIUS may be enabled on any interface that can be configured as a routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Note: RADIUS enabled interfaces do not use DPDK.

Enabling RADIUS on a Routed Interface

  1. Go to Configure->Device on the VMware SD-WAN Orchestrator, click Edit for the interface you want to enable RADIUS authentication.
  2. Configure the Capability parameter as Routed.
  3. Disable the WAN Overlay by unchecking the box.
  4. Enable RADIUS Authentication by checking that box.
  5. Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) and by OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
Note: The interface will use the server that has already been assigned to the Edge (i.e. two interfaces cannot use two different RADIUS servers).