RADIUS can be enabled on any interface that is configured as a routed interface. The SD-WAN Edge supports both username/password (EAP-MD5) and certificate (EAP-TLS) based 802.1x Authentication methods. See the section below for step-by-step instructions.


  • A RADIUS server must be configured and added to the Edge. This is performed on the Configure -> Network Services screen.
  • RADIUS may be enabled on any interface that can be configured as a routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Note: RADIUS enabled interfaces do not use DPDK.

Enabling RADIUS on a Routed Interface

  1. Go to Configure > Device, click Edit for the interface you want to enable RADIUS authentication.
  2. Configure the Capability parameter as Routed.
  3. Disable the WAN Overlay by unchecking the box.
  4. Enable RADIUS Authentication by checking that box.
  5. Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) and by OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
Note: The interface will use the server that has already been assigned to the Edge (i.e. two interfaces cannot use two different RADIUS servers).