Skip to main content
Skip table of contents

Radius Server Management

The Authentication Servers RADIUS Server Management Screen displays all RADIUS Servers known to OmniVista Cirrus. It also enables you to add, edit, and delete RADIUS Servers from the list of RADIUS Servers known to OmniVista Cirrus. A built-in RADIUS Client is available in the device. A RADIUS Server that supports Vendor Specific Attributes (VSAs) is required. VSAs carry specific authentication, authorization, and configuration details about RADIUS requests to and replies from the server. Refer to "Managing Authentication Servers" in your Network Configuration Guide for specific information on the VSAs required. Before you add a RADIUS Server to OmniVista's list of RADIUS Servers known to OmniVista, you must first install and configure the RADIUS Server.

  • You cannot add, modify, or delete users and user privileges from RADIUS Servers in OmniVista Cirrus.

  • RADIUS Server Management supports wireless devices; however certain attributes may not be supported on wireless devices. See the configuration fields below for more information.

  • If you change the Shared Secret of the UPAM Radius Server, you also must update Shared Secrecy of NAS Client on the NAS Clients screen (UPAM-NAC > NAS Clients).

Adding a RADIUS Server

After configuring a RADIUS Server, you must add it to the list of RADIUS Servers known to OmniVista Cirrus. To add a new RADIUS Server, navigate to the RADIUS Servers Management screen by clicking on Network Access> Unified Access > Auth Servers > RADIUS Servers under the “Configure” section of the OmniVista Cirrus Menu. The RADIUS Servers Management screen displays.

To add a new RADIUS Server, click on the Create RADIUS Server button and complete the fields as described below. When you are finished, click on Create Radius Server.

Basic Information

  • Server Name - Unique name for the RADIUS Server. This name will be used by OmniVista and the device to identify the Server.

  • Host Name/IP Address - The name of the computer where the server is located OR the IP address of the computer where the Server is located.

  • Backup Host Name/IP Address - Each RADIUS Server may optionally have a backup server. If you wish to define a backup server that will be used if this server is unavailable, enter the name of the computer where the backup server is located OR enter the IP address of the computer where the backup Server is located.

  • Shared Secret - The password to the RADIUS Server (maximum of 64 characters). The "Shared Secret" is essentially the server password. Note that the password you enter must be configured identically on the RADIUS Server. Also note that if you use a remote RADIUS Server with a Shared Secret greater than 16 characters, OmniVista only supports PAP and CHAP authentication.

  • Confirm Secret - Re-enter the Shared Secret.

Advanced Information

  • Retries - The number of retries that you want the device to attempt when trying to contact the RADIUS Server (Range = 1 - 3, Default = 3).

  • Timeout - The number of seconds that you want the device to wait before a request to the RADIUS Server is timed out (Range = 1 - 30, Default = 2).

  • TLS - Enable/disable the use of the Transport Layer Security encryption method. Enable the TLS option to allow the RADIUS Server to use RadSec (RADIUS-over-TLS). Note that an AP can only support one RadSec Server. If you set up multiple RadSec (TLS-Enabled Radius) servers in OmniVista, make sure that all SSIDs within an AP Group are configured to use the same RadSec server. In addition, an AP does not support MAC authentication or External Captive Portal using RadSec.

    • TLS Port - The TLS port number for the RADIUS Server (Range = 1 - 65535, Default = 2083).

  • Authentication Port - The port to access the Server (Range = 1 - 65535, Default = 1812).

  • Accounting Port - The port for accounting information (Range = 1 - 65535, Default = 1813).

  • Pre-emption - If Pre-emption is enabled, Access Point (AP) will switch back to primary RADIUS server at the end of Count-Down Timer. If Pre-emption is disabled, then AP will switch to use the primary RADIUS server only if the backup RADIUS server is timed out. By default Pre-emption is Enabled.

  • Count-down Timer - Enter the number of seconds for the AP to adhere with the Secondary server, before moving back to Primary (Default is 600 seconds).

Editing a Radius Server

Select a RADIUS Server in the list and click on the Edit icon. Edit any necessary fields as described above, then click on the Save button. It is important to note that you cannot modify values indiscriminately. The values must match those of the actual RADIUS Server. For example, if you want to change the RADIUS Authentication port, you must first use the tools provided by your RADIUS Server's vendor to change the port on the RADIUS Server itself. You can then inform OmniVista that the port number has changed by modifying the Authentication Port field.

A default “UPAMRadiusServer” is provided. This default server cannot be deleted. In addition, do not enable TLS on this server. This functionality is not needed between an AP and the UPAM RADIUS Server.

View Additional RADIUS Server Information

Select the RADIUS Server in the list and click on the Additional Information icon to view additional information about the selected RADIUS Server.

  • Server Name - Unique name for the RADIUS Server. This name will be used by OmniVista and the switch to identify the Server.

  • Host Name/IP Address - The name of the computer where the server is located OR the IP address of the computer where the Server is located.

  • Authentication Port - The port you to access the Server (Range = 1 - 65535, Default = 1812).

  • Accounting Port - The port for accounting information (Range = 1 - 65535, Default = 1813).

  • TLS - Whether the TLS encryption method is enabled or disabled.

  • TLS Port - The TLS port number, when TLS is enabled.

  • Backup Host Name/IP Address - Each RADIUS Server may optionally have a backup server. If you wish to define a backup server that will be used if this server is unavailable, enter the name of the computer where the backup server is located OR enter the IP address of the computer where the backup Server is located. (Not supported on wireless devices and ignored when applied to those devices.)

  • Pre-emption - If Pre-emption is enabled, Access Point (AP) will switch back to primary RADIUS server at the end of Count-Down Timer. If Pre-emption is disabled, then AP will switch to use the primary RADIUS server only if the backup RADIUS server is timed out. By default Pre-emption is Enabled.

    • Count-down Timer - The number of seconds for the AP to adhere with the Secondary server, before moving back to Primary (Default is 600 seconds).

  • Retries - The number of retries that you want the switch to attempt when trying to contact the RADIUS Server (Range = 1 - 3, Default = 3).

  • Timeout - The number of seconds that you want the switch to wait before a request to the RADIUS Server is timed out (Range = 1 - 30, Default = 2).

Deleting a RADIUS Server

Select a RADIUS Server in the list and click on the Delete icon. Note that deleting an authentication server from the list of RADIUS Servers known to OmniVista Cirrus will not cause devices that currently use that RADIUS Server to cease using it. Devices using the deleted RADIUS Server will continue to use it until the devices are reassigned.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close