RADIUS can be enabled on any interface that is configured as a routed interface. The SD-WAN Edge supports both username/password (EAP-MD5) and certificate (EAP-TLS) based 802.1x Authentication methods.
- A RADIUS server must be configured and added to the Edge. See Configure Authentication Services.
- RADIUS may be enabled on any routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Enabling RADIUS on a Routed Interface
- In the Enterprise portal, click .
- Click the Device Icon next to an Edge, or click the link to the Edge, and then click the Device tab.
- Scroll down to the Device Settings section and click the DOWN arrow to view the Interface Settings for the Edge.
- The Interface Settings section displays the existing interfaces available in the Edge.
- Click the Edit option for the Routed interface that you want to enable RADIUS authentication.
- Deactivate the WAN Overlay option.
- Select the RADIUS Authentication checkbox.
- Configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by using individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) or by using OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
For more information on other options in the Interface Settings window, see Configure Interface Settings.