Configure RADIUS for User Authentication
For supported software information, click here.
RADIUS is a distributed client-server system that secures networks against unauthorized access. A RADIUS server provides an external database that you can use to authenticate users before allowing them to access a network, a device, or related services.
Configure RADIUS for User Authentication
You can configure RADIUS for secure access user authentication.
To configure RADIUS for user authentication:
- In Director view:
- Select the Administration tab in the top menu bar.
- Select Appliances in the left menu bar.
- Select a device in the main pane. The view changes to Appliance view.
- Select the Configuration tab in the top menu bar.
- Select Others
> Organization 
> RADIUS Servers
in the left menu bar. The main pane displays the RADIUS servers that are already configured.
- Click the
Add icon, and in the Add RADIUS Servers popup window, enter information for the following fields.
Field Description Name (Required) Enter a name for the RADIUS server.
Description Enter a text description for the RADIUS server. IP Address (Required)
Enter the IP address of the RADIUS server. Port (Required) Enter the port number to use on the RADIUS server. Routing Instance Enter the routing instance to use to reach the RADIUS server. Shared Secret (Required) Enter the RADIUS shared secret (password) string. - Click OK.
- Select Others > Organization > Authentication Profiles
in the left menu bar. The main pane displays the Authentication Profiles that are already configured. - Click the Add icon. The Add Authentication Profile popup window displays.
- In the Name field, enter a name for the authentication profile.
- In the Type field, click RADIUS, and enter information for the following fields. Note that when you click RADIUS, the RADIUS Attributes tab displays in the popup window.
Field Description Description Enter a description for the RADIUS server Radius Server (Required) Click the
Add icon and select a RADIUS server from the drop-down list.To configure a new RADIUS server, click + New Radius Server and enter the required information.
- Select the RADIUS Attributes tab, and enter the information for the following fields.
Field Description NAS Identifier Enter a text string to identify the network access server (NAS) that originates the access request. NAS IP Enter the IP address of the NAS that is requesting authentication.
Default: None
NAS Port Enter the number of the physical port number to use to connect to the NAS that is authenticating the user.
Range: 0 through 65535
Default: None
- Click OK.
Configure the RADIUS Server
The following example shows how to configure the freeRADIUS server on Ubuntu. Note that Versa only supports MSCHAPv2 authentication when using RADIUS authentication for SSE.
- To configure RADIUS clients to connect to the RADIUS server, modify the configuration at the cat /etc/freeradius/3.0/clients.conf location. For example:
client versa1 { ipaddr = 10.111.11.211 ##Egress ip address of radius requests sent out from Flex-VNF secret = "password123" #Same password which was set on Flex-VNF radius server config } - Add users (to be authenticated) at the /etc/freeradius/3.0/users location. For example:
cat /etc/freeradius/3.0/users user1@radius.com Cleartext-Password := "123@User" user2@radius.com Cleartext-Password := "123@User"
- Configure MSCHAPv2 at the cat /etc/freeradius/3.0/mods-enabled/eap location. For example:
eap { default_eap_type = mschapv2 - Restart the RADIUS server by issuing the sudo systemctl restart freeradius CLI command.
Supported Software Information
Releases 20.2.2 and later support all content described in this article.