--- description: TIP OpenWiFi 2.0 --- # RADIUS Authenticated SSID When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis. {% tabs %} {% tab title="Simple RADIUS" %} ```text "interfaces": [ { "name": "WAN", "role": "upstream", "ethernet": [ { "select-ports": [ "WAN*" ] } ], "ipv4": { "addressing": "dynamic" }, "ssids": [ { "name": "OpenWifi", "wifi-bands": [ "5G" ], "bss-mode": "ap", "encryption": { "proto": "wpa2", "ieee80211w": "optional" }, "radius": { "authentication": { "host": "192.168.178.192", "port": 1812, "secret": "secret" }, "accounting": { "host": "192.168.178.192", "port": 1813, "secret": "secret" } } } ] }, ``` {% endtab %} {% tab title="EAP-Local SSID" %} ```text "ssids": [ { "name": "OpenWifi", "wifi-bands": [ "2G" ], "bss-mode": "ap", "encryption": { "proto": "wpa2", "ieee80211w": "optional" }, "certificates": { "ca-certificate": "/etc/ucentral/cas.pem", "certificate": "/etc/ucentral/cert.pem", "private-key": "/etc/ucentral/key.pem" }, "radius": { "local": { "server-identity": "OpenWiFi-Local-EAP", "users": [ { "user-name": "open", "password": "wifi" } ] } } } ] }, ``` {% endtab %} {% endtabs %} Many parameters are possible with RADIUS authentications given the many methods in use worldwide. Many of the EAP methods have configuration options described below.
RADIUS Attribute Description
nas-identifier Unique NAS Id used with RADIUS server
chargeable-user-id Chargeable User Entity per RFC4372
local

Local RADIUS within AP device

  • server-identity
    • users - Local EAP users based on username, PreShared Key and VLAN id
authentication

RADIUS server

  • host IP address
  • port ( example 1812)
  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request

  • request-attribute ( id of RADIUS server )
    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value
accounting

RADIUS server

  • host IP address
  • port ( example 1813)
  • secret ( Shared secret with RADIUS server )

Additional methods within Access-Request sent in Accounting

  • request-attribute ( id of RADIUS server )
    • id ( numeric value of RADIUS server )

    • value

      Any sub-value defined as integer RADIUS attribute value
accounting interval ( Interim accounting interval defined in seconds )