POLICIESRADIUS (tab)

The POLICIES > RADIUS tab is used to manage RADIUS settings for the policy.

Do not change the Supported Protocols settings in a production environment.

Table: POLICIESRADIUS tab
Field name Description
Supported Protocols

Select the protocol group from the drop-down list.

Possible values:

  • Default. Use the setting of the parent policy.
  • Any. Any RADIUS protocol suggested by the client, whether for wireless or non-wireless, may be used.

  • Secure. Enable all of the following EAP or PEAP protocols::

    • EAP-TTLSv0
    • PEAPv0
    • PEAPv1

  • Custom. Select one or more of the following protocols:

    • EAP-TTLSv0
    • PEAP v0
    • PEAP v1
    • PAP
    • CHAP
    • MSCHAP
    • MSCHAP2
    • VASCO-Specific
Wireless Session Lifetime

The length of time a machine may be connected before a fast-reconnect is required (in seconds).

Two RADIUS return attributes are returned to the WAP with an Access-Accept:

  • Session-Timeout (value: Wireless Session Lifetime)
  • Terminate-Action (value: RADIUS-Request)

The used WAP may not support these attributes, and may use its own configured defaults.

Default value: 3600 (1 hour)
TLS Session Settings
TLS Session Lifetime

The length of time allowed before a full authentication, including the user supplying an OTP, is required (in seconds).

Possible values: 36002147483647

Default value: 86400.
Max. Fast Reconnect Count

The maximum number of fast reconnects allowed between full OTP authentications, including the user supplying an OTP.

Possible values:

  • Default. Use the setting of the parent policy.
  • Limited. Enter a maximum value in the box below.
  • Unlimited. Allow unlimited fast reconnects within the TLS session lifetime.

Default value: 48

If roaming wireless connections will be in use, the Max. Fast Reconnect Count setting should be set higher than if static wireless connections are used.

If any of these values have static settings on your access point, the values set here will be overridden.