Contact Us
Help Center Home > Authentication > Configure a WAP, VPN, or Router for RADIUS

Configure a WAP, VPN, or Router for RADIUS

The JumpCloud RADIUS infrastructure has been updated, and requires changes to the existing RADIUS IP addresses used for this application. The list given under the Configuration section should be used for all RADIUS apps and/or devices. Update any app and/or device using RADIUS with the IPs listed on this page.

Note:

This help article is to be used in conjunction with RADIUS Configuration and Authentication.

Prerequisites:

  • Device or service endpoint that supports RADIUS and either EAP-PEAP/MSCHAPv2 or EAP-TTLS/PAP authentication methods.  Simple PAP may also be used, but we highly recommend you use a more secure authentication protocol such as EAP-PEAP/MSCHAPv2 or EAP-TTLS/PAP
  • Port 1812/UDP to our RADIUS service endpoints (RADIUS Accounting on 1813 is not supported)
  • If using EAP-TTLS (we suggest most users use EAP-PEAP/MSCAHAPv2 as setup is easier), update the JumpCloud RADIUS server certificate.
  • The Shared Secret from the JumpCloud RADIUS Server configuration in JumpCloud Admin Portal.

Configuration

The following is general information for setting up RADIUS on a device or service endpoint. Please refer to your vendor's documentation for specific configuration details, or for a specific example, see Configure a Cisco Meraki WAP to Use Cloud RADIUS.

New RADIUS IP Addresses

Important:

JumpCloud's RADIUS service supports AnyCast Routing. This automatically routes RADIUS requests to the nearest server. If you are an EU tenant, you must use the dedicated EU IP addresses provided, as there are no fully qualified domain names (FQDNs) available for EU.

All organizations must assign their RADIUS configuration with the appropriate IP addresses as the primary or backup address:

IP Addresses RADIUS URL Port
Everyone Except EU Tenants 76.223.67.151 75.2.116.112 radius.jumpcloud.com 1812
EU Tenants Only 75.2.91.61 76.223.72.136 Use IP Address 1812

TLS

Important:
  • When transitioning to the new AnyCast IP addresses, TLSv1.0 and TLSv1.1 will not support RADIUS requests to JumpCloud. 
  • Use your networking equipment vendor’s monitoring and administration tools to help discover any devices on your network still attempting to authenticate with TLSv1.0/v1.1.
  • If any devices are still using the obsolete TLSv1.0 or TSLv1.1 protocol for RADIUS authentication, update them to at least TLS version 1.2 as soon as possible. 
  • You must enable these device updates before transitioning to the new AnyCast IP addresses.

Testing the connection

  • Authenticate using the JumpCloud username and password, or email address and password.
  • Test the authentication directly from the device (If supported).

Debugging

For more information on troubleshooting and debugging your RADIUS configuration, see Troubleshoot: RADIUS Server Authentication.

Back to Top

List IconIn this Article

Notebook IconLearn More

Troubleshooting: RADIUS Server Authentication

RADIUS Configuration and Authentication

Get Started: RADIUS

Configure EAP-TLS for RADIUS using Certificate Example Scripts

What Is EAP-TLS?

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case