Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

How to Configure RadSec

RadSec and How It Works in RADIUS Communication

RadSec is an 802.11x protocol designed to securely transfer information from a RADIUS through TCP (Transmission Control Protocol) and TLS (Transport Layer Security) for protected communications. At a basic level, it protects RADIUS packets sent through public networks.

When a RADIUS connects to a peer, RadSec enables them to communicate by establishing trust through server certificates and helps protect data sent over the air. One of RadSec’s most common applications is to protect data transmissions when connected to insecure networks or roaming.

RadSec is an excellent network tool to enable safer communications and will be more valuable as computing continues to go more mobile. But how can you configure RadSec to maximize security while benefiting from the efficiency it provides?

SecureW2 can allow you to take advantage of RadSec regardless of your network infrastructure, check out how we helped this organization upgrade to a powerful RADIUS-backed network.

Configuring RadSec for Secure Authentication

The detailed configuration process for implementing RadSec requires a guide to complete accurately, so we will summarize the process into a few key steps that are required. To begin, a network admin will need to specify the name of the RADIUS server used for authentication purposes on their network. This will be the RADIUS that RadSec works in concert with.

Next is specifying the TLS parameters that will dictate how information will be accepted and transferred through RadSec. It would not be secure to allow just any information or sender access, there needs to be specifications in place to ensure information is sent securely. For example, admins could configure RadSec to limit IP number source parameters, the TLS Port number, and configure a shared secret between client and server.

The last major action taken in the RadSec configuration process is configuring the RADIUS server certificate and the RadSec server certificate to trust one another. This can be done by issuing certificates from the same CA. Once this step is complete, the RADIUS is set to accept authentication requests and RadSec is set to protect information sent in the TLS tunnel.

Who Supports RadSec

Mist is the only known hardware that fully supports RadSec implementation. Our support team analyzed other hardware and came up with this list below:


Aruba “InstantAP” line Limited Support
Cisco Limited Support
(Cisco) Meraki No support
Mist Systems Fully supported

Protecting RadSec with SecureW2 Certificates

SecureW2 is known in networking for providing top level certificate services. One of the aspects of our certificate solutions that makes it so effective is our integration capabilities. Some identity and authentication solutions are skewed towards a particular vendor (think Microsoft and Active Directory), but our solutions can integrate with any major IDP.

Certificates are simply superior to credentials in every way, and SecureW2 provides all the tools your organization needs to transition to certificate-based authentication. The Dynamic Cloud RADIUS is the latest in cloud RADIUS technology, providing easy configuration and dynamic communication with the IDP during authentication. Our turnkey PKI solution easily distributes client and server certificates, including provision RadSec with a server certificate. And our JoinNow onboarding solution can be completed by users in minutes, or use API gateways to equip managed devices with certificates, all with no end user interaction.

All of SecureW2’s certificate solutions are vendor-neutral and are compatible with any major hardware or software vendor. Integration requires no forklift upgrades to complete, so you can quickly configure your network to authentication with certificates. And it easily integrates with RadSec to allow users to communicate securely even when they are away from the home network. Check out our pricing page to see if a certificate upgrade is right for your organization.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

How to Configure RadSec