RADIUS can be enabled on any interface that is configured as a routed interface. The SD-WAN Edge supports both username/password (EAP-MD5) and certificate (EAP-TLS) based 802.1x Authentication methods.

Requirements

  • A RADIUS server must be configured and added to the Edge. See Configure Authentication Services.
  • RADIUS may be enabled on any routed interface. This includes the interfaces for any Edge model, except for the LAN 1-8 ports on Edge models 500/520/540.
Note: RADIUS enabled interfaces do not use DPDK.

Enabling RADIUS on a Routed Interface

Note: These steps can be followed at either the Profile or Edge level. If done at the Profile level every Edge associated with that Profile would be configured for RADIUS authentication on the specified switched interface.
  1. In the SD-WAN service of the Enterprise portal, click Configure > Edges.
  2. Click the link to an Edge or click the View link in the Device column of the Edge. The configuration options for the selected Edge are displayed in the Device tab.
  3. In the Connectivity category, click and expand Interfaces.
  4. The Interfaces section displays the different types of Interfaces available for the selected Edge.
  5. Click the link to the routed interface that you want to configure RADIUS authentication.
  6. Deactivate the Enable WAN Link check box to configure RADIUS authentication.
  7. Select the RADIUS Authentication check box.
  8. Click +Add and configure the allowed list of devices that are pre-authenticated and should not be forwarded to RADIUS for re-authentication. You can add devices by using individual MAC addresses (e.g. 8c:ae:4c:fd:67:d5) or by using OUI (Organizationally Unique Identifier [e.g. 8c:ae:4c:00:00:00]).
Note: The interface will use the server that has already been assigned to the Edge. In an Edge, two interfaces cannot use two different RADIUS servers.

For more information on other options in the Interface Settings window, see Configure Interface Settings for Edges.