UniFi
RADIUS over TLS (RADSEC) has been added to UniFi Network 8.4 and newer versions. Please have your controller and network devices up-to-date before following this guide.
Prepare Certificates
To establish a valid RadSec connection, your Access Points must trust the RADIUS Server Certificate and your RADIUS server must trust your RadSec client certificate.
UniFi Configuration
Below settings are the necessary settings to establish a functional RadSec connection with our service. Configure any other settings at your discretion.
Navigate to your Unifi Network controller and open Settings > Profiles > RADIUS.
Create a new profile or update an existing one:
Fill in the required information:
RADIUS Assigned VLAN Support: optional / if needed
RADIUS Settings:
TLS: Enable the checkbox.
Authentication Servers: - Server IP Address/es: Provide the IP address of your RadSec service endpoint. - Port: 2083. - Shared Secret:
radsec
.Client Certificate: Upload the RadSec client certificate (obtained from step 3 here).
Private Key: Upload the private key of your RadSec client certificate (obtained from step 3 here).
Private Key Password: as noted down.
CA Certificate: Upload the Root certificate of the CA that has issued your RADIUS server certificate (obtained from step 1 here).
Accounting: Enable the checkbox.
RADIUS Accounting Server: - Server IP Address/es: Provide the IP address of your RadSec service endpoint. - Port: 2083 - Shared Secret:
radsec
Interim Update Interval: optional / if needed
Assign this profile to the desired WiFi profile:
Reference: UniFi Help Center
Last updated