SafeConnect RADIUS Server Authentication Mode Configuration

Accessing the RADIUS Server Interface

Login to the SafeConnect management interface at: If this does not work, you can replace ‘’ with the IP address of your SafeConnect appliance. In a cluster environment, this must be the manager node. If a branded URL is configured, replace ‘’ with the branded URL chosen. Once Logged in, choose Configuration Manger > Enforcement Setup > RADIUS Configuration > RADIUS Configuration.

SafeConnect provides three RADIUS server modes. Only one mode can be in use at a time. In most cases, Direct mode will be used, however, proxy and out-of-line modes provide powerful options for more advanced use-cases.

  • Direct Mode: SafeConnect performs all RADIUS authentication actions and communicates via RADIUS only with the access layer network infrastructure.

  • Proxy Mode: SafeConnect performs authorization level access and role enforcement, but forwards authentication requests to an upstream RADIUS server or servers. Proxy mode is best utilized in networks where functioning RADIUS infrastructure already exists, or there is a need to use multiple RADIUS servers for authenticating different classes of users. Note that in this mode, SafeConnect will perform MAC authentication for open and PSK wireless networks and non-802.1x wired ports that are configured to use SafeConnect for MAC authentication via RADIUS.

  • Out-of-Line Mode: SafeConnect will not be used for authentication, or authorization, but instead will be used to dynamically assign RADIUS attributes to perform policy enforcement. Note that SafeConnect must still be a RADIUS accounting server and not all vendors are supported in this model.

Click below to find configuration guide for each mode mentioned above.

Configure RADIUS Server for Direct Authentication

Configure RADIUS Server for Out-of-Line Mode

Configure RADIUS Server in for Proxy Mode