You can enter up to 64 users In the user database that the RADIUS server can authenticate without needing other databases. This user table uses the RADIUS server for local requests, also for requests with usernames without a realm.
- Name: Enter the name of the user
- Please note that the username is case-sensitive: When enabled, the RADIUS server distinguishes between uppercase and lowercase. "User12345" and "user12345" are therefore two different users.
- Password: User password.
- VLAN ID: ID of the logical subnet
- Comment: Additional information about the user
- Service type: The service type is a special attribute of the RADIUS protocol, which the NAS (Network Access Server) transmits with the authentication request. The request will only receive a positive response if the requested service type fits the service type of the user account. Possible values include:
- Any: The service type can be any type.
- Framed: For checking WLAN MAC addresses via RADIUS or IEEE 802.1x.
- Login: For Public-Spot logins.
- Authentication only: For RADIUS authentication of dialup peers via PPP.
Note: Please note that, depending on the device, the number of entries can be limited with the service type Any or Login. If your device, for example, is able to manage a total of 64 Public Spot users, the LANconfig rejects them after 64. User account with the service type Any/Login requires the creation of additional user accounts with these service types. - Protocol restriction: This option limits the selection of authentication methods allowed for the user. Possible values include:
- PAP
- CHAP
- MSCHAP
- MSCHAPv2
- EAP
- Passphrase: Associated WPA passphrase of the registered user
- TX bandwidth limit: Bandwidth limitation for sending data
- RX bandwidth limit: Bandwidth limitation for receiving data Note: The bandwidth limitation for sending and receiving applies regardless of the interface used (LAN and WLAN).
- Calling station: This mask limits the validity of the entry to certain IDs transmitted by the calling station (WLAN client). When authenticating via 802.1x the calling station's MAC address is transmitted in ASCII format (capital letters only) with a hyphen separating pairs of characters (for example, "00-10-A4-23-19-C0").
- Called station: This mask limits the validity of the entry to specified IDs as transmitted by the called station (BSSID and SSID of the access point). When authenticating via 802.1x the called station's MAC address (BSSID) is transmitted in ASCII format (capital letters only) with a hyphen separating pairs of characters. The SSID is appended using a colon as a separator (e.g., "00-10-A4-23-19-C0:AP1").
- Expiry type: This option specifies the type of the validity period of the user account. Possible values include:
- Relative & absolute:
- Relative
- Absolute
- Never
- Relative expiry: Validity period in seconds from the initial successful login
- Absolute expiry: Validity period in hours, minutes and seconds from a certain date
- Multiple login: Activates the option for the client to register more than once
- Maximum number: Maximum number of concurrent logins by the client
- Time budget: Specifies the time in seconds available to the client.
- Volume budget: Specifies the data volume available to the client.