{ "client_requirement": "client_is_administrator+", "items": [ { "type": "header_page_title", "items": [ { "type": "h1", "text": "RADIUS" }, { "type": "p", "text": "FreeRADIUS server configuration and shared secret." } ] }, { "type": "raw_html", "html": "" }, { "type": "info_bar", "variant": "info", "text": "%RADIUS_CLIENT_STATUS_TEXT%" }, { "type": "card", "label": "Shared Secret", "client_requirement": "client_is_administrator+", "items": [ { "type": "p", "text": "Enter this secret in your access point or wireless controller as the RADIUS shared secret. It authenticates your APs to this router's RADIUS server." }, { "type": "pre_block", "text": "%RADIUS_SECRET%" }, { "type": "p", "text": "Use this router's IP address on the AP's VLAN as the RADIUS server address. Authentication port: 1812. Accounting port: 1813." }, { "type": "button_row", "items": [ { "type": "button_danger", "action": "/action/radius/regenerate", "method": "post", "text": "Regenerate" } ] } ] }, { "type": "card", "label": "Options", "client_requirement": "client_is_administrator+", "items": [ { "type": "form", "action": "/action/radius/options_save", "method": "post", "items": [ { "type": "field", "label": "MAC Address Format", "name": "mac_format", "input_type": "select", "value": "%RADIUS_MAC_FORMAT%", "options": [ {"value": "aabbccddeeff", "label": "aabbccddeeff"}, {"value": "aa-bb-cc-dd-ee-ff", "label": "aa-bb-cc-dd-ee-ff"}, {"value": "aa:bb:cc:dd:ee:ff", "label": "aa:bb:cc:dd:ee:ff"}, {"value": "AABBCCDDEEFF", "label": "AABBCCDDEEFF"}, {"value": "AA-BB-CC-DD-EE-FF", "label": "AA-BB-CC-DD-EE-FF"}, {"value": "AA:BB:CC:DD:EE:FF", "label": "AA:BB:CC:DD:EE:FF"} ], "hint": "Must match your AP/controller's expected format." }, { "type": "button_row", "items": [ { "type": "button_primary", "action": "/action/radius/options_save", "method": "post", "text": "Save" }, { "type": "button_cancel", "text": "Cancel" } ] } ] } ] }, { "type": "card", "label": "Default VLAN", "client_requirement": "client_is_administrator+", "items": [ { "type": "p", "text": "Unknown or unregistered devices are assigned to this VLAN. For wired switch ports, also set the fallback network in your managed switch's configuration." }, { "type": "hr" }, { "type": "form", "action": "/action/radius/default_vlan_save", "method": "post", "items": [ { "type": "field", "label": "Default VLAN", "name": "default_vlan", "input_type": "select", "value": "%RADIUS_DEFAULT_VLAN%", "options": "%RADIUS_DEFAULT_VLAN_OPTIONS%", "hint": "Devices without a DHCP reservation will receive RADIUS authorization to be placed on this VLAN. This may also be selected on the Network Layout page by denoting a VLAN as the \"RADIUS Default\"." }, { "type": "button_row", "items": [ { "type": "button_primary", "text": "Save" }, { "type": "button_cancel", "text": "Cancel" } ] } ] } ] }, { "type": "card", "label": "DEFAULT Rule Scope", "client_requirement": "client_is_administrator+", "items": [ { "type": "p", "text": "The DEFAULT Rule only applies to unknown devices (those without a DHCP reservation/authorization)." }, { "type": "hr" }, { "type": "form", "action": "/action/radius/default_rule_save", "method": "post", "items": [ { "type": "field", "label": "Which RADIUS Clients (authenticators) may apply the DEFAULT rule to unknown devices?", "name": "apply_to", "input_type": "select", "value": "%RADIUS_APPLY_TO%", "options": [ {"value": "all", "label": "All authenticators"}, {"value": "wireless", "label": "Wireless authenticators only (NAS-Port-Type = Wireless-802.11)"}, {"value": "huntgroup", "label": "Wireless authenticators only (AP huntgroup by IP)"} ], "hint": "_" }, { "type": "field", "label": "Which of the following authenticators are Wireless Access Points that you wish to add to the huntgroup?", "name": "ap_ips", "input_type": "checkbox_group", "options": "%RADIUS_AP_IPS_OPTIONS%", "value": "%RADIUS_AP_IPS%", "hint": "These authenticators are defined on the DHCP Reservations page by denoting a device (such as a managed switch or wireless access point) as a \"RADIUS Client\"." }, { "type": "button_row", "items": [ { "type": "button_primary", "action": "/action/radius/default_rule_save", "method": "post", "text": "Save" }, { "type": "button_cancel", "text": "Cancel" } ] } ] } ] }, { "type": "card", "label": "Authentication Mode", "client_requirement": "client_is_administrator+", "items": [ { "type": "p", "text": "802.1X authentication modes require a Routlin Pro license." }, { "type": "hr" }, { "type": "form", "action": "/action/radius/auth_mode_save", "method": "post", "items": [ { "type": "field", "label": "Authentication Mode", "name": "auth_mode", "input_type": "select", "value": "%RADIUS_AUTH_MODE%", "options": "%RADIUS_AUTH_MODE_OPTIONS%", "hint": "_" }, { "type": "raw_html", "html": "
" }, { "type": "field", "label": "Username/Password Protocol", "name": "eap_protocol", "input_type": "select", "value": "%RADIUS_EAP_PROTOCOL%", "options": "%RADIUS_EAP_PROTOCOL_OPTIONS%", "hint": "_" }, { "type": "raw_html", "html": "
" }, { "type": "field", "label": "Inner Protocol", "name": "inner_protocol", "input_type": "select", "value": "%RADIUS_INNER_PROTOCOL%", "options": "%RADIUS_INNER_PROTOCOL_OPTIONS%", "hint": "_" }, { "type": "raw_html", "html": "
" }, { "type": "raw_html", "html": "
" }, { "type": "field", "label": "", "name": "tunneled_reply", "input_type": "checkbox", "checkbox_label": "Propagate inner tunnel reply attributes", "value": "%RADIUS_TUNNELED_REPLY%", "hint": "Copies VLAN and authorization attributes from the inner EAP exchange to the outer RADIUS Access-Accept. Required by some switches for VLAN assignment to work correctly." }, { "type": "field", "label": "", "name": "include_length", "input_type": "checkbox", "checkbox_label": "Include Length", "value": "%RADIUS_INCLUDE_LENGTH%", "hint": "Include the total length of message in every packet." }, { "type": "raw_html", "html": "
" }, { "type": "raw_html", "html": "
" }, { "type": "button_row", "items": [ { "type": "button_primary", "text": "Save" }, { "type": "button_cancel", "text": "Cancel" } ] } ] } ] }, { "type": "card", "label": "Logging", "client_requirement": "client_is_administrator+", "items": [ { "type": "form", "action": "/action/radius/logging_save", "method": "post", "items": [ { "type": "field", "label": "", "name": "logging", "input_type": "checkbox", "checkbox_label": "Log auth requests", "value": "%RADIUS_LOGGING%", "hint": "%RADIUS_LOGGING_HINT%" }, { "type": "hr" }, { "type": "pre_block", "text": "%RADIUS_LOG_TAIL%", "scroll_to_bottom": true }, { "type": "raw_html", "html": "%RADIUS_LOG_SUMMARY%" }, { "type": "button_row", "items": [ { "type": "button_ghost", "action": "/action/radius/logging_download", "text": "Download Log" } ] }, { "type": "hr" }, { "type": "field", "label": "Max Log Size (KB)", "name": "log_max_kb", "input_type": "number", "layout": "inline", "value": "%RADIUS_GEN_LOG_MAX_KB%", "min": "64", "hint": "Log will automatically be cleared when it reaches this size." }, { "type": "button_row", "items": [ { "type": "button_primary", "text": "Save" }, { "type": "button_cancel", "text": "Cancel" } ] } ] } ] } ] }