"text":"Enter this secret in your access point or wireless controller as the RADIUS shared secret. It authenticates your APs to this router's RADIUS server."
},
{
"type":"pre_block",
"text":"%RADIUS_SECRET%"
},
{
"type":"p",
"text":"Use this router's IP address on the AP's VLAN as the RADIUS server address. Authentication port: 1812. Accounting port: 1813."
"hint":"Copies VLAN and authorization attributes from the inner EAP exchange to the outer RADIUS Access-Accept. Required by some switches for VLAN assignment to work correctly."
"hint":"RADIUS checks the device's MAC address first. Known devices (those with a DHCP reservation) are admitted immediately without waiting for 802.1X negotiation or credential entry. Unknown devices fall through to 802.1X."
"text":"The DEFAULT Rule only applies to unknown devices (those without a DHCP reservation/authorization)."
},
{
"type":"raw_html",
"html":"<br>"
},
{
"type":"form",
"action":"/action/radius/default_rule_save",
"method":"post",
"items":[
{
"type":"field",
"label":"Which RADIUS Clients (authenticators) may apply the DEFAULT rule to unknown devices?",
"name":"apply_to",
"input_type":"select",
"value":"%RADIUS_APPLY_TO%",
"options":[
{"value":"all","label":"All authenticators"},
{"value":"wireless","label":"Wireless authenticators only (NAS-Port-Type = Wireless-802.11)"},
{"value":"huntgroup","label":"Wireless authenticators only (AP huntgroup by IP)"}
],
"hint":"_"
},
{
"type":"field",
"label":"Which of the following authenticators are Wireless Access Points that you wish to add to the huntgroup?",
"name":"ap_ips",
"input_type":"checkbox_group",
"options":"%RADIUS_AP_IPS_OPTIONS%",
"value":"%RADIUS_AP_IPS%",
"hint":"These authenticators are defined on the DHCP Reservations page by denoting a device (such as a managed switch or wireless access point) as a \"RADIUS Client\"."
},
{
"type":"button_row",
"items":[
{
"type":"button_primary",
"text":"Save"
},
{
"type":"button_cancel",
"text":"Cancel"
}
]
}
]
},
{
"type":"hr"
},
{
"type":"p",
"text":"Unknown devices are assigned to this VLAN. For wired switch ports, also set the fallback network in your managed switch's configuration."
},
{
"type":"raw_html",
"html":"<br>"
},
{
"type":"form",
"action":"/action/radius/default_vlan_save",
"method":"post",
"items":[
{
"type":"field",
"label":"Default VLAN",
"name":"default_vlan",
"input_type":"select",
"value":"%RADIUS_DEFAULT_VLAN%",
"options":"%RADIUS_DEFAULT_VLAN_OPTIONS%",
"hint":"Devices without a DHCP reservation will receive RADIUS authorization to be placed on this VLAN. This may also be selected on the Network Layout page by denoting a VLAN as the \"RADIUS Default\"."
