RADIUS / NAC — Overview & Settings
DashX runs a cloud RADIUS service for network access control (NAC) — 802.1X for Wi‑Fi and wired, certificate or password auth, with MFA, posture, and dynamic VLAN/ACL. This tab holds the org‑wide settings; the other tabs configure the pieces.
Turn RADIUS on and set the basics
- Go to Network → RADIUS / NAC → Overview.
- Enable RADIUS.
- Set your Realm (e.g.
acme.dashxtech.com— appended to usernames where applicable) and a Default VLAN (used when no policy assigns one). - Choose the MFA mode: Off, Optional, or Required.
Choose which auth methods are allowed
Toggle the methods your network should accept:
- EAP‑TLS (certificate auth) — the strongest; devices present a client certificate. Pair with Certificates and Network Profiles.
- Password auth (PEAP/MSCHAPv2) — username/password against an Identity source.
- MAC Authentication Bypass (MAB) — for devices that can't do 802.1X (printers, IoT); see MAC Auth Bypass.
RADSEC
Enable RADSEC (RADIUS over TLS) to encrypt RADIUS between your NAS and DashX — recommended over classic UDP RADIUS. Your NAS then connects with a client certificate (configure per device under NAS Clients).
tip
A solid starting point: EAP‑TLS on, RADSEC on, MFA Optional, plus MAB for the handful of devices that can't do 802.1X. Tighten MFA to Required once enrollment is rolled out.