RADIUS can be enabled on any interface that is configured as a routed interface. The SD-WAN Edge supports both username/password (EAP-MD5) and certificate (EAP-TLS) based 802.1x Authentication methods. See the section below for step-by-step instructions.
- A RADIUS server must be configured and added to the Edge. This is performed on the Configure -> Network Services screen.
- RADIUS may be enabled on any interface that can be configured as a routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Enabling RADIUS on a Routed Interface
- Go to Edit for the interface you want to enable RADIUS authentication. , click
- Configure the Capability parameter as Routed.
- Disable the WAN Overlay by unchecking the box.
- Enable RADIUS Authentication by checking that box.
- Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) and by OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).