How-To: Use Local Users & Devices with Cloud RADIUS in EZRADIUS

How Can I Use RADIUS Without Certificates or Entra ID?

While we recommend using EAP-TLS with certificates or Entra ID for secure RADIUS authentication, we understand that some devices may not support these methods. In such cases, you can use local users with password-based authentication methods like PAP, MSCHAPv2, and EAP-TTLS, or enable MAC Address Bypass (MAB) for devices that cannot authenticate using traditional methods.

Local Users - Password-Based Authentication for Legacy Devices

Network administrators can create and manage local users directly within the EZRADIUS portal. These users can authenticate using password-based methods such as PAP, MSCHAPv2, or EAP-TTLS. This is particularly useful for devices that do not support certificate-based authentication or when integrating with legacy systems.

Self-Service User Management - Allow Users to Manage Their Own Local Accounts

For large organizations, it can be cumbersome for IT staff to manage local user accounts for every employee. EZRADIUS offers a self-service user management feature that allows users to create and manage their own local accounts. This includes changing passwords, reducing the administrative burden on IT teams. These local users can authenticate using password-based methods such as PAP, MSCHAPv2, or EAP-TTLS without needing to contact the network administrator.

MAC Address Bypass (MAB) - Authenticate Devices by MAC Address

Many legacy devices, such as printers, IP phones, and IoT devices, do not support traditional RADIUS authentication methods. EZRADIUS supports MAC Address Bypass (MAB), allowing these devices to authenticate based on their MAC addresses. Administrators can create a list of allowed MAC addresses in the EZRADIUS portal, enabling seamless network access for these devices without the need for certificates or passwords.