NAS List

All entries

The possible options for your NAS include:

  • AccessPoints such as Meraki, OpenWiFi and Cisco;

  • Routers like Cisco, Mikrotik Router Board, pfSense, OpenWRT;

  • GGSN or PGW.

  • The AAAs from your MSO (if applicable)

  • SpherAAA as client: Your partner's AAA servers.

It's important to note that there is no default NAS configuration included.

Click to Configuration > NAS

NAS List

NAS List

Adding new entry

After clicking to Create, you need specify following parameters:

Nas List

New entry

  • IP Address: Enter a public IP address (NOT 192.168 OR 172.16 OR 10.*), a Network address (CIDR, eg 1.1.1.0/24) or AAA Servers IP/FQDN

  • Secret: Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network.

  • Type: Type can be used to group / classify NAS's into sub-groups. Like NAS-Type might be ResidentialAp, CafeAp, OutdoorAP, Hotspot, WLC, BRAS etc. This variable is accessible on PolicyLogic via radius.nas['Type'].

  • Environment: This Network Access Server (NAS) will utilize the assigned environment, including PolicyLogic and EAP certificates.

  • DM / CoA Port: RADIUS DM (Disconnect Message) and RADIUS CoA (Change of Authorization) is a feature that allows a RADIUS server to adjust an active client session. Default port is 3799

  • Mark as RADIUS Server: Check this mark to identify this entry as either a RADIUS or Proxy server for authentication or proxying requests.

  • Protocol: The transport protocol for this server: UDP, TCP or RADSEC.

  • Previously Imported Certificates: For RADSEC Servers, use previously imported certificates. Manage it using RADSEC Servers

  • Client Private Key: Private key file for RADSEC Client.

  • Client Certificate: Certificate file.

  • Server Root certificate: CA Certificate for RADSEC server.

  • Disable CN or SAN verification Do not validate the RADSEC server's CN or SAN with the server's IP or FQDN.

  • RADSEC Port: RADSEC Server port.

  • Note: Add description for your NAS.

Click to submit to save your changes.

Note: If you getting "Conflict NAS IP Address" error, that means you are not using public IP address of your NAS or this IP is already registered

After adding your first NAS details, you can continue configuration on your actual NAS hardware/software.

When you done on integration on your NAS, you can start adding your new users