RADIUS can be enabled on any interface that is configured as a routed interface. The SD-WAN Edge supports both username/password (EAP-MD5) and certificate (EAP-TLS) based 802.1x Authentication methods.

Requirements

  • A RADIUS server must be configured and added to the Edge. See Configure Authentication Services.
  • RADIUS may be enabled on any routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Note: RADIUS enabled interfaces do not use DPDK.

Enabling RADIUS on a Routed Interface

  1. In the Enterprise portal, click Configure > Edges.
  2. Click the Device Icon next to an Edge, or click the link to the Edge, and then click the Device tab.
  3. Scroll down to the Device Settings section and click the DOWN arrow to view the Interface Settings for the Edge.
  4. The Interface Settings section displays the existing interfaces available in the Edge.
  5. Click the Edit option for the Routed interface that you want to enable RADIUS authentication.

  6. Deactivate the WAN Overlay option.
  7. Select the RADIUS Authentication checkbox.
  8. Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by using individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) or by using OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
Note: The interface will use the server that has already been assigned to the Edge. In an Edge, two interfaces cannot use two different RADIUS servers.

For more information on other options in the Interface Settings window, see Configure Interface Settings.