RADIUS settings
RADIUS allows you to configure the device’s RADIUS server settings. A RADIUS server provides user-based authentication to improve security and control wireless device access. The access point can authenticate users before they can gain access to the network. You can set a primary and a secondary RADIUS server for each wireless frequency.
RADIUS server (2.4 GHz, 5 GHz, 6 GHz)
You can configure the following options for the primary and secondary RADIUS servers on the 2.4 GHz, 5 GHz, and 6 GHZ wireless bands.
-
You can choose one of the following for RADIUS type:
- Internal: Use the access point's built-in RADIUS server. See Internal server.
-
External: Use an external RADIUS server. If you choose External, you must configure the following options:
- RADIUS server: Sets the IP address of the external RADIUS server.
- Authentication port: Set the UDP port you want to use for RADIUS authentication. You must choose a port between 1 – 65535. The default is 1812.
- Shared secret: Enter a shared secret 1 and 99 characters in length.
- Session timeout: Set a session timeout duration between 0 and 86400 seconds. The default is 3600.
- Accounting: Turns RADIUS accounting on or off.
- Accounting port: Set the UDP port you want to use for RADIUS accounting. You must choose a port between 1 and 65535. The default is 1813.
Sophos Central management
Sophos Central allows you to configure a RADIUS server for each SSID that uses an enterprise authentication method. If you assign multiple SSIDs with different RADIUS servers to an AP6 access point, you can see the following behavior:
- Sophos Central assigns the RADIUS server you configure as the primary RADIUS server for each frequency band configured for the SSID.
- When you assign an SSID with enterprise authentication and RADIUS configured on the same frequency band (2.4 GHz, 5 GHz, 6 GHz), the update overwrites the existing primary RADIUS server with the new SSID RADIUS server configuration.
More information