OpenWiFi
2.2.0
2.2.0
  • OpenWiFi Release 2.2
  • Ordering OpenWiFi APs
  • Getting Started
    • Cloud Discovery
      • Discovery without Cloud
    • Release 2.0 SDK
      • Deploy using Docker Compose
      • Deploy using Helm
    • Access Points
      • Local Device Settings
  • Provisioning
    • Data Model Introduction
    • Creating a Configuration
  • User Interface
    • Devices
      • Commands
      • Statistics
      • Command History
    • Firmware
  • API
    • OpenAPI Definitions
  • Monitoring
    • ELK Integration
  • Configuration Examples
    • Basic Device Provisioning
      • Bridge Mode SSID
      • NAT Gateway Mode SSID
      • Multi-VLAN SSID
    • Device Feature Configuration Examples
      • DHCP Relay
      • Services
      • Metrics
      • GRE
      • L2TP
      • VxLAN
      • WDS
      • Mesh
      • Captive Portal
        • External Captive Portal
      • ExpressWiFi
      • Roaming RRM and SON
      • RADIUS Authenticated SSID
        • Dynamic VLANs with RADIUS
      • Multi-PSK (MDU Shared Key)
      • Dynamic Air-Time Policy
      • Passpoint®
        • Configuration Introduction
        • Advertising Services
        • Passpoint® Configuration
      • Switching
        • Port Speed
      • P4
Powered by GitBook
On this page
  1. Configuration Examples
  2. Device Feature Configuration Examples

RADIUS Authenticated SSID

TIP OpenWiFi 2.0

When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis.

    "interfaces": [
        {
            "name": "WAN",
            "role": "upstream",
            "ethernet": [
                {
                    "select-ports": [
                        "WAN*"
                    ]
                }
            ],
            "ipv4": {
                "addressing": "dynamic"
            },
            "ssids": [
                {
                    "name": "OpenWifi",
                    "wifi-bands": [
                        "5G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "wpa2",
                        "ieee80211w": "optional"
                    },
                    "radius": {
                        "authentication": {
                            "host": "192.168.178.192",
                            "port": 1812,
                            "secret": "secret"
                        },
                        "accounting": {
                            "host": "192.168.178.192",
                            "port": 1813,
                            "secret": "secret"
                        }
                    }
                }
            ]
        },
            "ssids": [
                {
                    "name": "OpenWifi",
                    "wifi-bands": [
                        "2G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "wpa2",
                        "ieee80211w": "optional"
                    },
                    "certificates": {
                        "ca-certificate": "/etc/ucentral/cas.pem",
                        "certificate": "/etc/ucentral/cert.pem",
                        "private-key": "/etc/ucentral/key.pem"
                    },
                    "radius": {
                        "local": {
                            "server-identity": "OpenWiFi-Local-EAP",
                            "users": [
                                {
                                    "user-name": "open",
                                    "password": "wifi"
                                }
                            ]
                        }
                    }
                }
            ]
        },

Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.

RADIUS Attribute

Description

nas-identifier

Unique NAS Id used with RADIUS server

chargeable-user-id

Chargeable User Entity per RFC4372

local

Local RADIUS within AP device

  • server-identity

    • users - Local EAP users based on username, PreShared Key and VLAN id

authentication

RADIUS server

  • host IP address

  • port ( example 1812)

  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request

  • request-attribute ( id of RADIUS server )

    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value

accounting

RADIUS server

  • host IP address

  • port ( example 1813)

  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request sent in Accounting

  • request-attribute ( id of RADIUS server )

    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value

accounting

interval ( Interim accounting interval defined in seconds )

PreviousRoaming RRM and SONNextDynamic VLANs with RADIUS

Last updated 3 years ago