"text":"Enter this secret in your access point or wireless controller as the RADIUS shared secret. It authenticates your APs to this router's RADIUS server."
},
{
"type":"pre_block",
"text":"%RADIUS_SECRET%"
},
{
"type":"p",
"text":"Use this router's IP address on the AP's VLAN as the RADIUS server address. Authentication port: 1812. Accounting port: 1813."
"hint":"Copies VLAN and authorization attributes from the inner EAP exchange to the outer RADIUS Access-Accept. Required by some switches for VLAN assignment to work correctly."
"checkbox_label":"Try MAB first before prompting supplicant",
"value":"%RADIUS_MAB_FALLBACK%",
"hint":"When a device fails or skips 802.1X, RADIUS will attempt to authenticate it by MAC address before rejecting it. Useful for networks with a mix of 802.1X-capable and non-802.1X devices."
},
{
"type":"raw_html",
"html":"</div>"
},
{
"type":"button_row",
"items":[
{
"type":"button_primary",
"text":"Save"
},
{
"type":"button_cancel",
"text":"Cancel"
}
]
}
]
}
]
},
{
"type":"card",
"label":"Unknown Clients",
"client_requirement":"client_is_administrator+",
"items":[
{
"type":"p",
"text":"The DEFAULT Rule only applies to unknown devices (those without a DHCP reservation/authorization)."
},
{
"type":"raw_html",
"html":"<br>"
},
{
"type":"form",
"action":"/action/radius/default_rule_save",
"method":"post",
"items":[
{
"type":"field",
"label":"Which RADIUS Clients (authenticators) may apply the DEFAULT rule to unknown devices?",
"name":"apply_to",
"input_type":"select",
"value":"%RADIUS_APPLY_TO%",
"options":[
{"value":"all","label":"All authenticators"},
{"value":"wireless","label":"Wireless authenticators only (NAS-Port-Type = Wireless-802.11)"},
{"value":"huntgroup","label":"Wireless authenticators only (AP huntgroup by IP)"}
],
"hint":"_"
},
{
"type":"field",
"label":"Which of the following authenticators are Wireless Access Points that you wish to add to the huntgroup?",
"name":"ap_ips",
"input_type":"checkbox_group",
"options":"%RADIUS_AP_IPS_OPTIONS%",
"value":"%RADIUS_AP_IPS%",
"hint":"These authenticators are defined on the DHCP Reservations page by denoting a device (such as a managed switch or wireless access point) as a \"RADIUS Client\"."
},
{
"type":"button_row",
"items":[
{
"type":"button_primary",
"text":"Save"
},
{
"type":"button_cancel",
"text":"Cancel"
}
]
}
]
},
{
"type":"hr"
},
{
"type":"p",
"text":"Unknown devices are assigned to this VLAN. For wired switch ports, also set the fallback network in your managed switch's configuration."
},
{
"type":"raw_html",
"html":"<br>"
},
{
"type":"form",
"action":"/action/radius/default_vlan_save",
"method":"post",
"items":[
{
"type":"field",
"label":"Default VLAN",
"name":"default_vlan",
"input_type":"select",
"value":"%RADIUS_DEFAULT_VLAN%",
"options":"%RADIUS_DEFAULT_VLAN_OPTIONS%",
"hint":"Devices without a DHCP reservation will receive RADIUS authorization to be placed on this VLAN. This may also be selected on the Network Layout page by denoting a VLAN as the \"RADIUS Default\"."
