Forward RADIUS accounting data to Linewize Filter

For Schools using the RADIUS networking protocol, your Linewize appliance can serve as your RADIUS Accounting Server.

Figure 1. - RADIUS Accounting data to Linewize Filter

In this configuration, your school's RADIUS server sends RADIUS Accounting messages to the Linewize appliance using a shared secret key for security purposes. This uses the standard UDP port 1813 for RADIUS Accounting.

Your appliance needs to send the Framed-IP-Address and a User-Name that matches what is synced within Linewize Filter. These are typically Active Directory usernames, but can also be Microsoft Entra ID or Google Workspace usernames, depending on your school’s authentication configuration.

The Linewize appliance does not validate users via a password for RADIUS. The Linewize appliance also expects a school’s RADIUS server to complete authentication and authorization, before passing accounting to the Linewize appliance.

Linewize Filter RADIUS Requirements

Your third-party appliance must:

• Support RADIUS Accounting
• Send the user’s IP address as a Framed-IP-Address
• Send the user’s login name as a User-Name (must contain the client’s username that matches a user in Linewize Filter)
• Support shared secret

Linewize Filter RADIUS Configuration

To configure RADIUS in Linewize Filter, follow these steps:

1. Sign in to Linewize Filter.
2. Go to Configuration > Authentication > RADIUS
3. Select the Enabled checkbox.
4. Enter the Shared Secret (must match with the network access appliance)
5. (Optional) Enter an IP address Forward. This may be required to forward Accounting messages from the Linewize Filter to another network appliance.
6. (Optional) Select the Exclude criteria drop-down and select User or Group.
   Search the Users or Groups box to exclude a user or group.
7. Select Save.

Forwarding RADIUS accounting data to Linewize Filter

Refer to your hardware vendor’s instructions for forwarding RADIUS Accounting messages.

• Windows Network Policy Server (NPS) - Plan NPS as a RADIUS proxy 
• Aruba Clearpass - Setting Up RADIUS Authentication, Authorization, and Accounting
• Extreme Networks - Product Documentation
• PacketFence - Support Documentation
• Meraki - Configuring RADIUS Authentication with WPA2-Enterprise
• UniFi - Help Center

Troubleshooting RADIUS Forwarding

Check Network Firewall Rules

Confirm no firewall rules exist that block RADIUS traffic to Linewize Filter. Some network providers block RADIUS traffic by default.

Test RADIUS Server Configuration using NTRadPing

You can test the RADIUS Server configuration by using the NTRadPing tool. Download Link

RADIUS Server Configuration Failed using NTRadPing

If the RADIUS server configuration fails, ensure the Framed-IP-Address and User-Name attributes are sent to the Linewize appliance. Some third-party appliances send different attributes. If your device is sending different attributes or you can’t find the source of the failure, please contact Linewize Support.

Test RADIUS Server Configuration using Linewize Filter and Wireshark

You can test your RADIUS Server configuration by using Linewize Filter and Wireshark.

1. Run a packet capture in Linewize Filter on the management bridge and filter it by port 1813
2. Open the .pcap file using Wireshark and:
   1. check the Framed-IP-Address and User-Name attributes are being sent to the Linewize appliance, and
   2. cross-check with authentication events in Linewize Filter to ensure they match up.

If you are not capturing any packets, check that you are capturing them on the correct interface and that packets are being forwarded to that interface.