OpenWiFi
2.4.0
2.4.0
  • OpenWiFi Release 2.4 GA
  • Ordering OpenWiFi APs
  • Device Partner Information
  • Cloud Partner Information
  • Getting Started
    • Cloud Discovery
      • Discovery without Cloud
    • Release 2.0 SDK
    • Access Points
      • Local Device Settings
    • Repositories
  • Provisioning
    • Data Model Introduction
    • Creating a Configuration
  • User Interface
    • Devices
      • Commands
      • Statistics
      • Command History
    • Firmware
  • API
    • OpenAPI Definitions
    • Security Service
    • Gateway Service
    • Firmware Management Service
  • Monitoring
    • ELK Integration
  • SDK Installation
    • Overview
    • Deploy using Docker Compose
    • Deploy using Helm
  • Configuration Examples
    • Basic Device Provisioning
      • Bridge Mode SSID
      • NAT Gateway Mode SSID
      • Multi-VLAN SSID
    • Device Feature Configuration Examples
      • Zero Touch Provisioning
      • DHCP Relay
      • Services
      • Metrics
      • GRE
      • L2TP
      • VxLAN
      • WDS
      • Mesh
      • QoS
      • Dynamic Air Time Fairness
      • Dynamic Subscriber QoS
      • Captive Portal
        • External Captive Portal
      • ExpressWiFi
      • Roaming RRM and SON
      • RADIUS Authenticated SSID
        • Dynamic VLANs with RADIUS
      • Multi-PSK (MDU Shared Key)
      • Dynamic Air-Time Policy
      • Passpoint®
        • Configuration Introduction
        • Advertising Services
        • Passpoint® Configuration
      • Switching
        • Port Speed
  • Release Notes
    • Features
    • Security
    • Resolved Issues
  • Test Automation Framework
    • Overview
Powered by GitBook
On this page
  1. Configuration Examples
  2. Device Feature Configuration Examples

RADIUS Authenticated SSID

TIP OpenWiFi 2.0

When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis.

    "interfaces": [
        {
            "name": "WAN",
            "role": "upstream",
            "ethernet": [
                {
                    "select-ports": [
                        "WAN*"
                    ]
                }
            ],
            "ipv4": {
                "addressing": "dynamic"
            },
            "ssids": [
                {
                    "name": "OpenWifi",
                    "wifi-bands": [
                        "5G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "wpa2",
                        "ieee80211w": "optional"
                    },
                    "radius": {
                        "authentication": {
                            "host": "192.168.178.192",
                            "port": 1812,
                            "secret": "secret"
                        },
                        "accounting": {
                            "host": "192.168.178.192",
                            "port": 1813,
                            "secret": "secret"
                        }
                    }
                }
            ]
        },
            "ssids": [
                {
                    "name": "OpenWifi",
                    "wifi-bands": [
                        "2G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "wpa2",
                        "ieee80211w": "optional"
                    },
                    "certificates": {
                        "ca-certificate": "/etc/ucentral/cas.pem",
                        "certificate": "/etc/ucentral/cert.pem",
                        "private-key": "/etc/ucentral/key.pem"
                    },
                    "radius": {
                        "local": {
                            "server-identity": "OpenWiFi-Local-EAP",
                            "users": [
                                {
                                    "user-name": "open",
                                    "password": "wifi"
                                }
                            ]
                        }
                    }
                }
            ]
        },

Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.

RADIUS Attribute

Description

nas-identifier

Unique NAS Id used with RADIUS server

chargeable-user-id

Chargeable User Entity per RFC4372

local

Local RADIUS within AP device

  • server-identity

    • users - Local EAP users based on username, PreShared Key and VLAN id

authentication

RADIUS server

  • host IP address

  • port ( example 1812)

  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request

  • request-attribute ( id of RADIUS server )

    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value

accounting

RADIUS server

  • host IP address

  • port ( example 1813)

  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request sent in Accounting

  • request-attribute ( id of RADIUS server )

    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value

accounting

interval ( Interim accounting interval defined in seconds )

PreviousRoaming RRM and SONNextDynamic VLANs with RADIUS

Last updated 3 years ago