RadSec Configuration for RADIUS

Traditional RADIUS over UDP can be susceptible to certain security threats. RadSec is an encrypted communication to the RADIUS server. RadSec offers security and reliability by using TLS encryption, based on mutual certificate authentication over TCP to communicate with the RADIUS server. There is no change to the end-client authentication process when compared to the normal RADIUS process. This will strengthen security and help to prevent data interception and unauthorized access.

Enabling RadSec Configuration

To set up a RadSec configuration for JumpCloud RADIUS:

  1. Log in to the JumpCloud Admin Portal.
  2. In the left-hand navigation menu, go to USER MANAGEMENT > RADIUS.
  3. Click Settings.
    A screenshot showing the RADIUS page in Jumpcloud Admin Portal.
  4. In the RadSec Configuration window, click Choose A File to manually upload a RadSec certificate file.
    A screenshot showing RadSec Configuration page on JumpCloud Admin Portal.

Note:

A toaster notification will confirm whether the certificate was uploaded successfully or unsuccessfully. Once uploaded, certificate details are displayed.

  1. Click RADIUS in the upper left corner to go back to your RADIUS servers.
  2. Select the RADIUS server you want to configure for RadSec. 
  3. In the server configuration, select RADIUS over TLS checkbox.
    A screenshot showing RADIUS configuration on JumpCloud Admin Portal.

Note:

When you enable radsec over TLS for your server configuration, the shared secret is set to radsec by default, and the default port is set to 2083.

  1. Select Also Require RadSec Only. Enabling this only allows RadSec traffic and blocks any UDP traffic. 
  2. To download the root certificate for upload to your vendor’s access point, click Download Certificate.
  3. Upload the certificate to your vendor’s certificate trust.

Note:

To edit access control settings and enter RADIUS IP addresses, see Configure a Wap VPN or Router for RADIUS.

Removing a RadSec Certificate

  1. Log in to the JumpCloud Admin Portal.
  2. Go to USER MANAGEMENT > RADIUS.
  3. To remove a RadSec certificate, manually disable each configuration dependent on the RadSec certificate.

Note:

Currently, there is no way to disable multiple configurations at once.

  1. Click Settings to view your uploaded RadSec certificate file.
  2. Click Remove Certificate. If there are no RADIUS configurations dependent on the RadSec certificate, click Proceed to confirm its removal.

Note:

Admins are not able to remove the global RadSec certificate until RadSec is disabled for each RADIUS configuration.

Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case