Create the following policies on the Pulse Policy Secure
. These policies may be set up in any order, but are listed in the order that makes the most sense.
- Location Group
- Sign-in Policy
- Authentication Protocol Set
- Radius Attributes Policy (optional)
- User Realm/Role
- Radius Client
A location group associates a sign-in policy with a group of network access devices. This is configured in Network Access > Location Group > New Location Group...
. You will need to supply a name of the location group and a sign-in policy.Sign-in Policy
A sign-in policy defines which URL and realm(s) that the user will have access to. This is configured in Signing-in > Sign-in Policies > New URL...
. You will need to supply a Sign-in URL (Example: */radius), a sign-in page, and choose an available realm with an authentication protocol set.Authentication Protocol Set
An Authentication Protocol Set is where you configure the protocols used by your client for 802.1x authentication. You have the option of choosing which authentication protocol to use, as well as the corresponding options for EAP and TTLS. This is configured under Signing-in > Authentication Protocol Sets > New Authentication Protocol...
.Radius Attributes Policy
This is a policy which you would use if you need to return any specific attributes to your switch and/or access point. It is often used to assign client to a specific VLAN. Go to Network Access > Radius Attributes > New Policy...
to configure this policy. You will need to give the policy a name, assign a location group, assign the attributes to be returned from a list, specify the interface and tell it which user role to use.User Realm/Role
As with all configuration on the Pulse Policy Secure
, it requires the use of a Realm and a Role. Just configure them as you normally would. One thing to remember is that the authentication server that you choose for the realm will be what is ultimately used for authentication purposes by the end user.Radius Client
Add your Radius client to the PPS. This is done under PPS > Network Access > RADIUS Client > New RADIUS Client...
. You will need to provide a name for the policy, the IP address of the client, an IP address range (optional), the shared secret, the make/model of your client, and your location group. Unless you are using specific Vendor-Specific Attributes (VSA's) you can set the make/model to -Standard Radius-.