Selected Vigor Routers have built in an internal RADIUS server, and they can act as authentication servers for 802.1X authentication. This document introduces how to set up Vigor Router to be a RADIUS server.
1. Create user profiles: Go to User Management >> User profiles, click on an available profile index, enable this profile, enter Username and Password
2. In Internal Services, enable RADIUS, so that this profile can be used for RADIUS clients. Then click OK to save.
3. Enable internal RADIUS: Go to Applications >> RADIUS/TACACS+ >> Internal RADIUS page,
User Profile shows the user profiles stored on the router. The profiles in Authentication List are the profiles that have "RADIUS" enabled and can be used by RADIUS client, such as the profile created in step 1. The profiles in Available List are the user profiles that don't have "RADIUS" enabled; however, if you would like RADIUS client to use those profiles, you may select the available profiles and click on ">>" to put them into Authentication List.
4. RADIUS client setup: For the 802.1X authenticator which would like to use Vigor Router as RADIUS server, need to enter the IP address of Vigor Router and Shared Secret set in step 2.
If you are using the Internal RADIUS server for local Wi-Fi authentication, select a security Mode that uses 802.1X at Wireless LAN >> Security, and click the link "Wireless LAN 802.1X Setting". In the Setting page, set Authentication Type as "Local 802.1X" and check "Enable", then click OK to save.
5. After the above configuration, when client devices connect to RADIUS client (the authenticator) and attempt to join the network, they will be asked to enter the credentials first, which should be the username and password set in step1.
6. And from Diagnostics >> Authentication Information, the network administrator may check each user's last successful authentication and failed attempts.
If the client devices failed to join the network, and the Syslog shows
RADIUS SRV: Invalid Message- Authenticator from [Radius Client IP], it might because that the shared secret of client and server do not match.
Was this helpful?
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.