Technical data
150 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Radius Authentication
1. Depending on the EAP type, you may first need to obtain a digital certificate from
the Certificate Server.
2. Using EAP as end user, contact the AP in order to be authenticated.
3. The AP forwards the request to the controller.
4. The controller acts as a Radius client and sends the request to the Radius server.
5. Depending on the EAP type, the Radius server may challenge the end user for a
password, or the user may present a digital certificate that they have previously
obtained from a Certificate Server.
6. The Radius server authenticates the end user and the access point, and opens a
port to accept the data from the end user.
Configure Radius Authentication for Users With the Web UI
Note: Radius Authentication requires Level 10 permission.
To use Radius authentication for guests and employees on the network, you first need
to create a Radius Profile, then include that Radius Profile in a Security Profile, then
include the Security Profile in an ESS Profile. Configuring Radius authentication for
administrators is a different, simpler process. Follow these steps to add a Radius
profile to System Director:
1. Click Configuration > Security > Radius.
2. Provide a name, IP address, secret key, and port number (1812 is default).
3. Select a MAC address delimiter (Hyphen, Single Hyphen or Colon) from the list.
4. Select a password type (Shared Key or MAC Address) from the list.
5. Click OK.
Indicate when the Radius server should be used. There are two ways to do this. One
way is a two-step process that creates a Security Profile to call the Radius Profile,
and then creates an ESS Profile to call the Security Profile. This process is described
in steps 6 and 7.
6. Click Configuration > Security > Profile. Here you see all security profiles that
have been created on this controller. You can either modify an existing security
profile to use the Radius server or you can add a new security profile. Either way,
the security profile includes a drop-down list for Primary Radius Profile Name and
Secondary Radius Profile Name; all configured Radius servers are listed and you
can select one from the list.
Indicate which ESS Profile should use the Security Profile.
7. Click Configuration > Wireless > ESS. Here you see all ESS profiles that have been
created on this controller. You can either modify an existing ESS profile to use the
Security Profile or you can add a new ESS Profile. Either way, there is a drop-down
list for Security Profile Name; all configured Security Profiles are listed and you
can select one from the list.