Reset Search



KB13420 - How to set up your Pulse Policy Secure to use Radius for 802.1x enforcement.

« Go Back


Last Modified Date8/2/2015 9:15 PM
This is a guide on how to set up the  Pulse Policy Secure  (PPS 2.2) to act as a Radius server. A version of SBR is embedded within the Pulse Policy Secure, which can be used for layer 2/802.1x authentication.

Problem or Goal
How to set up Pulse Policy Secure to use Radius for 802.1x enforcement.
Create the following policies on the  Pulse Policy Secure. These policies may be set up in any order, but are listed in the order that makes the most sense.
  • Location Group 
  • Sign-in Policy
  • Authentication Protocol Set
  • Radius Attributes Policy (optional)  
  • User Realm/Role
  • Radius Client
Location Group

A location group associates a sign-in policy with a group of network access devices. This is configured in Network Access > Location Group > New Location Group.... You will need to supply a name of the location group and a sign-in policy.

Policy

A sign-in policy defines which URL and realm(s) that the user will have access to. This is configured in Signing-in > Sign-in Policies > New URL.... You will need to supply a Sign-in URL (Example: */radius), a sign-in page, and choose an available realm with an authentication protocol set.

Authentication Protocol Set

An Authentication Protocol Set is where you configure the protocols used by your client for 802.1x authentication. You have the option of choosing which authentication protocol to use, as well as the corresponding options for EAP and TTLS. This is configured under Signing-in > Authentication Protocol Sets > New Authentication Protocol....

Radius Attributes Policy

This is a policy which you would use if you need to return any specific attributes to your switch and/or access point. It is often used to assign client to a specific VLAN. Go to Network Access > Radius Attributes > New Policy... to configure this policy. You will need to give the policy a name, assign a location group, assign the attributes to be returned from a list, specify the interface and tell it which user role to use.

User Realm/Role

As with all configuration on the Pulse Policy Secure , it requires the use of a Realm and a Role. Just configure them as you normally would. One thing to remember is that the authentication server that you choose for the realm will be what is ultimately used for authentication purposes by the end user.

Radius Client

Add your Radius client to the PPS. This is done under PPS > Network Access > RADIUS Client > New RADIUS Client.... You will need to provide a name for the policy, the IP address of the client, an IP address range (optional), the shared secret, the make/model of your client, and your location group. Unless you are using specific Vendor-Specific Attributes (VSA's) you can set the make/model to -Standard Radius-.
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255