Authentication using RADIUS (802.1x)

Note

This feature required Enterprise Edition

Genian NAC has its own RADIUS server that supports 802.1x port-based access control. Generally, 802.1x is widely used to provide enhanced user authentication for endpoints connecting to wireless networks. In wired networks, it can provide user authentication functionality for endpoints connected to the network via switches that support 802.1x.

First, you must enable the RADIUS server. Refer to Configuring RADIUS Enforcement.

For RADIUS authentication against an external database, you must configure authentication integration. Refer to Integrating User Directories.

To update authentication results in node information, you must enable the RADIUS account server. Refer to RADIUS Accounting.

RADIUS AD Authentication Integration

  1. Go to Preferences in the top menu.
  2. In the left Preferences menu, go to Service > RADIUS Server.
  3. Find the RADIUS Server > AD Authentication menu and select On from the dropdown.

Note

※ This option can be configured only when EAP Authentication > Default EAP Type (PEAP) is "MSCHAPv2".

  1. Enter the following items:
    • Domain Name : Enter the domain name of the Active Directory server. (e.g., genians.com)
    • Domain Admin Privilege Account ID : Enter the account ID with Domain Admin privileges on the Active Directory server.
    • Domain Admin Privilege Account Password : Enter the account password with Domain Admin privileges on the Active Directory server.
  2. Click the Update button.

RADIUS URL Authentication Integration

Step 1.
  1. Go to Preferences in the top menu.
  2. In the left Preferences menu, go to Service > RADIUS Server.
  3. Find the RADIUS Server > Webhook Authentication Integration menu and select On from the dropdown.

Note

※ All options in the step below can be configured only when EAP Authentication > Default EAP Type (PEAP) is "GTC".

Step 2.
  1. In the left Preferences menu, go to Service > Authentication Integration > Webhook Authentication Integration.
  2. Enter the following items:
  • URL : Enter the external URL to perform authentication. (e.g., http://.com)
  • Method : Select the call method. (GET / POST / PUT / DELETE)
  • Result Verification Regex : Enter a regular expression that can determine authentication success.
  1. Click Update

RADIUS Email Authentication Integration

  1. Go to Preferences in the top menu.
  2. In the left Preferences menu, go to Service > RADIUS Server.
  3. Find the RADIUS Server > E-Mail Authentication Integration menu and select On from the dropdown.
  4. Prerequisites: IMAP/POP3/SMTP settings are required. Refer to Integrating User Directories.
  5. Click the Update button.

User Endpoint (MAC) Authentication via RADIUS

MAC authentication is an authentication method that replaces the authentication process for a user account with the MAC information of the interface attempting communication. The MAC address replaces the ID and password for RADIUS authentication. Users do not need to provide a specific ID or password to access the network.

  • If the RADIUS server cannot verify the user's MAC address, authentication fails.
  1. Go to Preferences in the top menu.
  2. In the left Preferences menu, go to Service > RADIUS Server.
  3. In the RADIUS Server screen, find the Authentication Server > MAC Authentication Node Group option.
    • Set MAC Authentication option to On.
    • In the Node Group option, select the node group to which MAC Authentication Node Group will be applied.
  4. Click the Update button.