[NEBULA] How to setup sign-in method with My RADIUS server?

Zyxel_Joslyn
Zyxel_Joslyn Posts: 346  Zyxel Employee
edited October 4 in Nebula Access Point

Where to find: 
Access point > Configure > Authentication > Network Access > Sign-in method

Function description: 
Use the existing database to let the stations pass authentication. AP will block network traffic until a client authenticates with an external RADIUS server through the specifically designated web portal page.

Scenario: 
We have our own RADIUS server, and it will be combined with the AP authentication. All our employees must pass the RADIUS authentication to access the internet


Configuration: 
1. Go to Access point > Configure > SSID overview, and configure the SSID name.


2. Go to Access point > Configure > Authentication. Choose the SSID and configure the settings.

Confirm the SSID name is correct


Choose the Sign-in method as Sign-on with My RADIUS server and add the RADIUS server detail.


3. (Optional) If there is a RADIUS accounting server in the environment, we also can add it here.


4. (Optional) Access point > Configure > Authentication > Walled garden. When choosing Sign-on with My RADIUS server, the wall garden will be enabled as well. We can add the website that the customer can access without passing the authentication. If we want to promote some website as our hotel website or our co-operator website, we can configure here. It will be listed in the whitelist.*1


5. (Optional) Access point > Configure > Authentication > Captive portal access attribute. We can have more setting in Captive portal access attribute.

Login on multiple client devices: this can restrict the login devices at a time. It could be one device or multiple devices.


Strict Policy: Allow HTTPs traffic without sign-on or not.


Reauth time: The agreement page will pop out again when the lease time is expired. We can choose the follow site-wide setting*2 or assign a definite time for it.


6. (Optional) Access point > Configure > Captive portal. We can captive portal content here.


Confirmation

Login page and successful page on the station


Log


 

Note.

1.      About the Walled garden, One IP address/domain in one line to specify your walled garden. Example: *.zyxel.com, www.zyxel.com, 192.168.1.0/24

2.      Site-wide reauthentication time: Site-wide > Configure > General settings > Captive portal reauthentication > For click-to-continue users.


3.      The AP must be added in trust list in the RADIUS server.