301 lines
9.2 KiB
JSON
301 lines
9.2 KiB
JSON
{
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "header_page_title",
|
|
"items": [
|
|
{
|
|
"type": "h1",
|
|
"text": "RADIUS"
|
|
},
|
|
{
|
|
"type": "p",
|
|
"text": "FreeRADIUS server configuration and shared secret."
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "Shared Secret",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "p",
|
|
"text": "Enter this secret in your access point or wireless controller as the RADIUS shared secret. It authenticates your APs to this router's RADIUS server."
|
|
},
|
|
{
|
|
"type": "pre_block",
|
|
"text": "%RADIUS_SECRET%"
|
|
},
|
|
{
|
|
"type": "p",
|
|
"text": "Use this router's IP address on the AP's VLAN as the RADIUS server address. Authentication port: 1812. Accounting port: 1813."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_danger",
|
|
"action": "/action/radius/regenerate",
|
|
"method": "post",
|
|
"text": "Regenerate"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "Options",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "form",
|
|
"action": "/action/radius/options_save",
|
|
"method": "post",
|
|
"items": [
|
|
{
|
|
"type": "field",
|
|
"label": "MAC Address Format",
|
|
"name": "mac_format",
|
|
"input_type": "select",
|
|
"value": "%RADIUS_MAC_FORMAT%",
|
|
"options": [
|
|
{"value": "aabbccddeeff", "label": "aabbccddeeff"},
|
|
{"value": "aa-bb-cc-dd-ee-ff", "label": "aa-bb-cc-dd-ee-ff"},
|
|
{"value": "aa:bb:cc:dd:ee:ff", "label": "aa:bb:cc:dd:ee:ff"},
|
|
{"value": "AABBCCDDEEFF", "label": "AABBCCDDEEFF"},
|
|
{"value": "AA-BB-CC-DD-EE-FF", "label": "AA-BB-CC-DD-EE-FF"},
|
|
{"value": "AA:BB:CC:DD:EE:FF", "label": "AA:BB:CC:DD:EE:FF"}
|
|
],
|
|
"hint": "Must match your AP/controller's expected format."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_primary",
|
|
"action": "/action/radius/options_save",
|
|
"method": "post",
|
|
"text": "Save"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "DEFAULT Rule Scope",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "p",
|
|
"text": "The DEFAULT Rule only applies to unknown devices (those without a DHCP reservation/authorization)."
|
|
},
|
|
{
|
|
"type": "hr"
|
|
},
|
|
{
|
|
"type": "form",
|
|
"action": "/action/radius/default_rule_save",
|
|
"method": "post",
|
|
"items": [
|
|
{
|
|
"type": "field",
|
|
"label": "Apply DEFAULT Rule To",
|
|
"name": "apply_to",
|
|
"input_type": "select",
|
|
"value": "%RADIUS_APPLY_TO%",
|
|
"options": [
|
|
{"value": "all", "label": "All authenticators"},
|
|
{"value": "wireless", "label": "Wireless authenticators only (NAS-Port-Type = Wireless-802.11)"},
|
|
{"value": "huntgroup", "label": "Wireless authenticators only (AP huntgroup by IP)"}
|
|
],
|
|
"hint": "\"Wireless authenticators only\" means that unknown wired devices will be rejected by RADIUS, rather than receive RADIUS authorization for placement onto the fallback VLAN. Your managed switch may have additional policy rules for handling of devices rejected by RADIUS."
|
|
},
|
|
{
|
|
"type": "field",
|
|
"label": "Which of the following RADIUS Authenticators are Wireless Access Points that you wish to add to the huntgroup?",
|
|
"name": "ap_ips",
|
|
"input_type": "checkbox_group",
|
|
"options": "%RADIUS_AP_IPS_OPTIONS%",
|
|
"value": "%RADIUS_AP_IPS%",
|
|
"hint": "Used when Apply DEFAULT Rule To is set to huntgroup."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_primary",
|
|
"action": "/action/radius/default_rule_save",
|
|
"method": "post",
|
|
"text": "Save"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "Fallback VLAN",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "p",
|
|
"text": "Unknown or unregistered devices are assigned to this VLAN. For wired switch ports, also set the fallback network in the switch configuration."
|
|
},
|
|
{
|
|
"type": "hr"
|
|
},
|
|
{
|
|
"type": "form",
|
|
"action": "/action/radius/default_vlan_save",
|
|
"method": "post",
|
|
"items": [
|
|
{
|
|
"type": "field",
|
|
"label": "Fallback VLAN",
|
|
"name": "default_vlan",
|
|
"input_type": "select",
|
|
"value": "%RADIUS_DEFAULT_VLAN%",
|
|
"options": "%RADIUS_DEFAULT_VLAN_OPTIONS%",
|
|
"hint": "Devices not in the RADIUS user list will be placed on this VLAN."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_primary",
|
|
"text": "Save"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "EAP Settings",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "p",
|
|
"text": "These settings are required for MAC-based 802.1X authentication on managed switches."
|
|
},
|
|
{
|
|
"type": "hr"
|
|
},
|
|
{
|
|
"type": "form",
|
|
"action": "/action/radius/eap_save",
|
|
"method": "post",
|
|
"items": [
|
|
{
|
|
"type": "field",
|
|
"label": "",
|
|
"name": "allow_weak_eap",
|
|
"input_type": "checkbox",
|
|
"checkbox_label": "Allow weak EAP types",
|
|
"value": "%RADIUS_ALLOW_WEAK_EAP%",
|
|
"hint": "Enables EAP-MD5. Required for switch port MAC-based 802.1X authentication."
|
|
},
|
|
{
|
|
"type": "field",
|
|
"label": "",
|
|
"name": "tunneled_reply",
|
|
"input_type": "checkbox",
|
|
"checkbox_label": "Use tunneled reply (EAP-TTLS / EAP-PEAP)",
|
|
"value": "%RADIUS_TUNNELED_REPLY%",
|
|
"hint": "Sets use_tunneled_reply = yes in EAP-TTLS and EAP-PEAP modules. Required for switch MAC authentication."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_primary",
|
|
"text": "Save"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "card",
|
|
"label": "Logging",
|
|
"client_requirement": "client_is_administrator+",
|
|
"items": [
|
|
{
|
|
"type": "form",
|
|
"action": "/action/radius/logging_save",
|
|
"method": "post",
|
|
"items": [
|
|
{
|
|
"type": "field",
|
|
"label": "",
|
|
"name": "logging",
|
|
"input_type": "checkbox",
|
|
"checkbox_label": "Log auth requests",
|
|
"value": "%RADIUS_LOGGING%",
|
|
"hint": "%RADIUS_LOGGING_HINT%"
|
|
},
|
|
{
|
|
"type": "hr"
|
|
},
|
|
{
|
|
"type": "pre_block",
|
|
"text": "%RADIUS_LOG_TAIL%",
|
|
"scroll_to_bottom": true
|
|
},
|
|
{
|
|
"type": "raw_html",
|
|
"html": "%RADIUS_LOG_SUMMARY%"
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_ghost",
|
|
"action": "/action/radius/logging_download",
|
|
"text": "Download Log"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "hr"
|
|
},
|
|
{
|
|
"type": "field",
|
|
"label": "Max Log Size (KB)",
|
|
"name": "log_max_kb",
|
|
"input_type": "number",
|
|
"layout": "inline",
|
|
"value": "%RADIUS_GEN_LOG_MAX_KB%",
|
|
"min": "64",
|
|
"hint": "Log will automatically be cleared when it reaches this size."
|
|
},
|
|
{
|
|
"type": "button_row",
|
|
"items": [
|
|
{
|
|
"type": "button_primary",
|
|
"text": "Save"
|
|
},
|
|
{
|
|
"type": "button_cancel",
|
|
"text": "Cancel"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|