LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Rule Collection
  • SSID, Access Point (AP) and Switch MAC Groups
  • Trusted NAS Identifiers and IP Addresses
  • Custom Certificate Extensions

Was this helpful?

  1. Admin Portal
  2. Settings
  3. Rules

General Structure

Rules allow further restrictions

Last updated 2 months ago

Was this helpful?

Rule Collection

We recommend providing descriptive names for your rules, as this will allow them to be clearly identifiable in the Insight s.

Every Rule can have a Name, Description and is specified for a specific authentication type. Currently you can define a rule for Wi-Fi, LAN and VPN. Furthermore, you can Enable or Disable each rule.

SSID, Access Point (AP) and Switch MAC Groups

For Wi-Fi and Wired/LAN networks only!

To restrict access to specific networking infrastructure elements, such as APs, SSIDs or network switches, you have two options:

  1. Add the respective MAC address(es) or SSID(s) directly in the Rule collection.

  2. Create Groups that allow you to add multiple targets and manage them more efficiently. This way, items can be added or removed without the need to touch the Rule itself, as the Rule will only reference the Group.

Should you have a large number of MAC addresses that you wish to add, you can import them from the following file types: .xlsx, .xls or .csv file.

The maximum number of MAC addresses that can be imported depends on a number of factors, including the number of rules you have configured.

Trusted NAS Identifiers and IP Addresses

For VPN networks only!

When using RADIUSaaS for authenticating a VPN, the authentication requests can be limited to certain Network Access Servers (NAS) by allow-listing their identifier or IP address.

  1. Add the respective NAS Identifier(s) or NAS IP Address(es) directly in the Rule collection

  2. Create Groups that allow you to add multiple targets and manage them more efficiently. This way, items can be added or removed without the need to touch the Rule itself, as the Rule will only reference the Group.

Custom Certificate Extensions

If you have your own PKI and want to assign VLAN IDs based on the value of a custom certificate extension (OID), you can make that mapping information available to RADIUSaaS under Custom Certificate Extensions. Once you have specified such a custom extension, you can reference it in any rule and assign VLANs based on the raw or filtered extension value.

Currently it is not supported to add custom certificate extensions to SCEP profiles in many MDM systems, including Microsoft Intune and Jamf Pro.

We therefore recommend using the Certificate Subject Name instead to .

Log
dynamically assign VLANs
Showing various rules
Showing VLAN assignment by Certificate Extension
Showing a Certificate Extension