Skip to main content

RADIUS / NAC — Overview & Settings

DashX runs a cloud RADIUS service for network access control (NAC) — 802.1X for Wi‑Fi and wired, certificate or password auth, with MFA, posture, and dynamic VLAN/ACL. This tab holds the org‑wide settings; the other tabs configure the pieces.

Turn RADIUS on and set the basics

  1. Go to Network → RADIUS / NAC → Overview.
  2. Enable RADIUS.
  3. Set your Realm (e.g. acme.dashxtech.com — appended to usernames where applicable) and a Default VLAN (used when no policy assigns one).
  4. Choose the MFA mode: Off, Optional, or Required.

Choose which auth methods are allowed

Toggle the methods your network should accept:

  • EAP‑TLS (certificate auth) — the strongest; devices present a client certificate. Pair with Certificates and Network Profiles.
  • Password auth (PEAP/MSCHAPv2) — username/password against an Identity source.
  • MAC Authentication Bypass (MAB) — for devices that can't do 802.1X (printers, IoT); see MAC Auth Bypass.

RADSEC

Enable RADSEC (RADIUS over TLS) to encrypt RADIUS between your NAS and DashX — recommended over classic UDP RADIUS. Your NAS then connects with a client certificate (configure per device under NAS Clients).

tip

A solid starting point: EAP‑TLS on, RADSEC on, MFA Optional, plus MAB for the handful of devices that can't do 802.1X. Tighten MFA to Required once enrollment is rolled out.