RadSec is a protocol which allows RADIUS servers to transfer data over TCP and TLS for increased security. With RadSec capabilities, you can transfer RADIUS packets through public networks while still ensuring end-to-end security through the transport layer. This feature is configurable through using our Mist API or directly from the UI.
UI configuration
To configure RadSec, set up a 802.1X or MAC auth WLAN and select Enable under RadSec. Here, provide the Server Name, Server Addresses, and RADIUS Authentication Server.
Navigate to Organization -> Settings to obtain the Mist Certificate and enter your RadSec Certificate to complete the setup.
API configuration
API documentation which can be found here: https://api.mist.com/api/v1/docs/Home
To use RadSec on your networks, please follow these steps:
- Enable RadSec in your WLAN as the authentication type – once “radsec” is enabled, auth_servers, acct_servers, and coa_server will be ignored.
https://api.mist.com/api/v1/docs/Site#wlan
- Configure and add your CA certs to Org Settings – We use this to verify the RadSec server.
https://api.mist.com/api/v1/docs/Org#org-settings
- Get the Mist-generated per-org CA cert.