RadSec Certificate

By default, RADIUS does not encrypt user credentials or other sensitive information transmitted between the RADIUS client and server. This leaves the authentication process vulnerable to eavesdropping attacks, where an attacker can do MITM (man-in-the-middle) to intersect traffic and get user information. This becomes even more important when the Radius server is located at a remote site.

RadSec, or RADIUS over TLS, is a common encryption method for RADIUS. It allows you to exchange RADIUS authentication, authorization, and accounting messages through a secure TLS tunnel between the RADIUS server and the AP.

How to Configure

  1. Upload RadSec certificate that you got from RADIUS servers in ORGANIZATION > Security > Certificates

  1. Enable the RadSec function on APs. We support this option for both WPA2/3 Enterprise and Captive portal access. Go to following pages to enable RadSec function: - CONFIGURE > AP > SSID > Wireless > WPA2/3 Enterprise > Custom RADIUS - CONFIGURE > AP > SSID > Captive Portal > Custom RADIUS

    APs will automatically search available certificates from Org pool to associate with RADIUS servers after enabling RadSec function.


Test function is to make sure that the radius configuration is correct. AP will use the IP : Port and secret to try to connect with the radius server.

If Captive Portal > Custom Radius > “Radius MAC-Auth” is enabled, then an authorized MAC is required for the test.


RadSec requires AP firmware version 1.x.81 or higher and the addition of a RadSec certificate for functionality.

Last updated