General Structure
Rules allow further restriction
Last updated
Rules allow further restriction
Last updated
We recommend providing descriptive names for your rules, as this will allow them to be clearly identifiable in the Log area.
Every Rule can have a Name, Description and is specified for a specific authentication type. Currently you can define a rule for Wi-Fi, LAN and VPN. Furthermore, you can Enable or Disable each rule.
For Wi-Fi and Wired/LAN networks only!
To restrict access from specific infrastructure items only such as access points, SSIDs or network switches, you have two options:
Add the respective MAC address(es) or SSID(s) directly in the Rule collection.
Create Groups that allow you to add multiple targets and manage them more efficiently. This way, items can be added or removed without the need to touch the Rule itself, as the Rule will only reference the Group.
For VPN networks only!
When using RADIUSaaS for authenticating a VPN, the authentication requests can be limited to certain Network Access Controllers (NAS) by allow-listing their identifier or IP address.
Add the respective NAS Identifier(s) or NAS IP Address(es) directly in the Rule collection
Create Groups that allow you to add multiple targets and manage them more efficiently. This way, items can be added or removed without the need to touch the Rule itself, as the Rule will only reference the Group.
If you have your own PKI and want to assign VLAN IDs based on the value of a custom certificate extension (OID), you can make that mapping information available to RADIUSaaS under Custom Certificate Extensions. Once you have specified such a custom extension, you can reference it in any rule and assign VLANs based on the raw or filtered extension value.
Currently it is not supported to add custom certificate extensions to SCEP profiles in many MDM systems, including Microsoft Intune and Jamf Pro.
We therefore recommend using the Certificate Subject Name instead to dynamically assign VLANs.
