RADIUS (Remote Access Dial In User Service ) provides central authentication for users.
It is a client server protocol that runs on application layer. It can use either TCP or UDP as transport.
Normally, all users have access to use all devices without restriction.
Configuration
1. Login in as admin and go to Security
2. Select Authentication and Click Add.
3. Select Radius as method and enter the IP address of remote server.
4. Enter IP address of Radius accounting server.
5. Enter the secret key and confirm it .
6. Select Fallback if denied access option.
7. Click Save.
8. Go back to Security and select Services.
9. Look in to Manage devices portion and select Device access enforced via user group authentication option.
10. Click Save.
Now, login as a normal user and one can see that user does not have access to any devices.
To give access to a user,
1. login as admin and go to Security
2. Select Authorization and select the group needed and click Add.
3. Enter the user one wants to add. If more users needs to be added then separate each username with a comma.
4. Click Save.
Login back as normal user and one can see that user will have access to devices allowed by the group.