Radius Configuration on Ubiquiti Unifi Wireless Network

Ubiquiti logo

Scenario
Make: Ubiquiti
Model: Unifi Controller
Version: 6.0.43
Mode: GUI
Description: This article is to discuss and show a stepwise method to add radius-server authentication of wireless clients on a wireless SSID in Ubiquiti Unifi Wireless network.

In this article, the configuration is done on the Unifi Controller running on firmware version 6.0.43 and on the various models of access points like Unifi nano HD, HD, Wi-Fi 6LR, Wi-Fi 6 Light etc. First of all, we would need to add access points to the radius server for host authentication.

Adding Hosts To Radius

Step1: Access Radius Server
RDP to the radius server. Follow the steps shown below.

mstsc ==> Radius server ==> Server Manager ==> Network Policy Server

Step2: Add New Host (access point)
Add the hosts i.e the access points to the Radius Server. Follow the steps shown below in the image.

Right click on "Radius Clients" and then click "New"

Step3: Add host (access points) to the Radius server
Add the details of the host and then save the configuration. Follow the steps as shown below.

Name of the access point - edledge-ap
IP address of the switch - 10.1.1.1
Key - edledge [The same key will be used in the controller under SSID]


Press "OK" to save.

Add Radius To Hosts

Step4: Login To Controller
Login to the Unifi controller and navigate to the “Profiles” tab. On the profile page click “Create New Profile” as shown in the image.

Unifi Create New Radius Profile

Step5: Adding Radius Server Details
Add the Radius server details along with PSK to the controller. Details are shown below.

Name of the radius server - edledge-radius
IP address of the switch - 10.1.11.11
Key - edledge [The same key will be used in the radius server in step3 above]
Radius Config on the unifi controller

Step6: Enable Radius On SSID
Navigate to setting and then to “Wireless Network“. Select the Wi-Fi SSID on which radius authentication needs to enable. Click “edit” against the SSID and then add radius profile as shown below in the image.

Add Radius to Wifi SSID

Do not forget to Save the config after selecting the radius at "Radius profile => Choose One" tab

Now Radius Server details are added to the Unifi Controller under an SSID and the access points are added to the Radius server as hosts. Please make sure the PSK [Pre Shared Key] should remain the same in the Radius Server and the Unifi Controller. The Radius enabled SSID should be able to authenticate clients through the Radius server as per NPS [Network Policy Server].

Radius configuration can be done on Cisco switches and Dell Switches. It is always recommended to have a redundant radius server on devices. Radius Fail-over can be configured on Cisco Switches and Dell Switches as well. There are quite a few interesting articles available on this website on Unifi or Ubiquiti devices.

Source: Knowledge Base, Lab, Ubiquiti

EA00071

2 thoughts on “Radius Configuration on Ubiquiti Unifi Wireless Network
  1. ” First of all, we would need to add access points to the radius server for host authentication. For the radius authentication of clients, we would need to add access points as hosts in the radius server.”

    Oh my friend! Sorry, but you should master the basics of understandable and logical communication before you make people sacrifice time. Thanks for your work – and sorry!

    1. Hi, Thanks for your time for going through the article and pointing out the mistake. Apologies for the mistakes. Readers like you are always helpful and motivation for continuous improvement.

Leave a Reply

Your email address will not be published.