LogoLogo
Release NoteMicrositeWhite PapersCloud License
Cloud User Manual
Cloud User Manual
  • What is EnGenius Cloud?
  • Getting Started
    • Signing Up
    • Logging On
    • Registering Devices to Organization
    • Assigning Devices to Network
    • Device Setup
      • QIG
      • Troubleshooting ECW AP
        • LED Status
        • Default SSIDs
        • Login to Local Access Page
      • Label information
  • Working with Organization Trees
    • Organization
    • Hierarchy View
    • Network
  • Managing Devices
    • Managing Camera
      • Recording Playback and smart Motion Search
      • Configure and Check Camera Details
        • Camera AI settings
        • Region & Cross Lines
      • Video Walls
      • AI-Powered Search
    • Managing Gateway
      • Configure and Check Gateway Details
      • VPN Status
    • Managing Access Points
      • Diag Tools
      • Configure and Check AP Details
      • AirGuard
    • Managing Switches
      • Diag Tools
      • PoE scheduling
      • Getting Switch Analytics
      • PD/Auto-Cam Lifeguard
      • VLANs
      • Mirror
      • Link Aggregation
    • Managing PDU
      • Outlet Summary
      • Outlet Scheduling
      • Outlet AutoReboot
      • Alerts
      • Diag Tool
      • LCD Panel
    • Managing Clients
      • Client Timeline
    • Device Map Location
    • Floor Plans
    • Topology
  • Configuring Networks
    • Configuring Access Points
      • Configuring SSIDs
        • 802.11 Settings
        • Configuring Security
        • SmartCasting
        • Client IP Addressing
        • Dynamic VLAN Pooling
        • Advanced Settings
        • QoS
        • Captive Portal
        • LDAP server
        • Active Directory
        • Azure AD
        • Voucher Service
        • Configuring Splash Page
        • Access control
        • Clone SSID
        • Hotspot 2.0
        • Application Control
        • Layer 3 (L3) outbound firewall
        • Examples
      • Configuring Radio
      • Configuring Cloud RADIUS
      • Configuring MyPSK
      • Configuring VLAN
    • Configuring Switch
      • System & Protocols
      • Templates
    • Configuring Gateway
      • Configuring Interface
        • WAN
        • LAN
        • Static Route
        • Policy Route
      • Configuring Site to Site VPN
      • Configuring Client VPN
        • VPN settings for IOS
        • VPN settings for Mac OS
        • VPN settings for Android
        • VPN settings for Windows 10
      • Configure ESG VPN Users
      • Configuring Firewall
    • Configuring PDU
      • Template
    • Configuring Camera
      • Quality & Retention
    • Firmware Upgrade
    • General Settings
    • Client Access Control
  • Analytics
    • Device Events
    • System Events
    • Config Logs
  • MSP Portal
    • Dashboard
    • Teams
    • Inventory & License
    • Clone Org & Networks
  • Managing Organizations
    • Managing Device Inventory and License
    • Privacy
    • Backup & Restore
      • Configuration Template
  • Managing Team Members
    • Roles and Permissions
  • Notification & Alerts
    • Notification Center
    • Configuring Alert Settings
  • Mobile App
  • Get Remote Support
  • Security
    • Two Factor Authentication
    • RadSec Certificate
  • Report
  • Appendix
    • Access Point LED Behavior
    • ESG LED Behavior
    • SSID Troubleshooting Naming Rules
    • Firewall rules
      • Global Site
      • Japan Site
  • Configuration Guide
    • SAML SSO with ADFS
Powered by GitBook
On this page
  • How to Configure
  • Test

Was this helpful?

Export as PDF
  1. Security

RadSec Certificate

Last updated 11 months ago

Was this helpful?

By default, RADIUS does not encrypt user credentials or other sensitive information transmitted between the RADIUS client and server. This leaves the authentication process vulnerable to eavesdropping attacks, where an attacker can do MITM (man-in-the-middle) to intersect traffic and get user information. This becomes even more important when the Radius server is located at a remote site.

RadSec, or RADIUS over TLS, is a common encryption method for RADIUS. It allows you to exchange RADIUS authentication, authorization, and accounting messages through a secure TLS tunnel between the RADIUS server and the AP.

How to Configure

  1. Upload RadSec certificate that you got from RADIUS servers in ORGANIZATION > Security > Certificates

  1. Enable the RadSec function on APs. We support this option for both WPA2/3 Enterprise and Captive portal access. Go to following pages to enable RadSec function: - CONFIGURE > AP > SSID > Wireless > WPA2/3 Enterprise > Custom RADIUS - CONFIGURE > AP > SSID > Captive Portal > Custom RADIUS

    APs will automatically search available certificates from Org pool to associate with RADIUS servers after enabling RadSec function.

Test

Test function is to make sure that the radius configuration is correct. AP will use the IP : Port and secret to try to connect with the radius server.

If Captive Portal > Custom Radius > “Radius MAC-Auth” is enabled, then an authorized MAC is required for the test.

Note

RadSec requires AP firmware version 1.x.81 or higher and the addition of a RadSec certificate for functionality.