The POLICIES > RADIUS tab is used to manage RADIUS settings for the policy.
Do not change the Supported Protocols settings in a production environment.
| Field name | Description |
|---|---|
| Supported Protocols | Select the protocol group from the drop-down list. Possible values:
If you enable EAP-TTLSv0, OneSpan Authentication Server will always propose it as the first option for the outer authentication method during protocol negotiation with the RADIUS client. Some RADIUS clients, which do not support EAP-TTLSv0, may interpret this as a negotiation failure and terminate the authentication request. If you experience this issue, you can circumvent it by disabling all RADIUS protocols except the ones that are explicitly supported by the RADIUS client. |
| Wireless Session Lifetime | The length of time a machine may be connected before a fast-reconnect is required (in seconds). Two RADIUS return attributes are returned to the WAP with an Access-Accept:
The used WAP may not support these attributes, and may use its own configured defaults. Default value: 3600 (1 hour) |
| TLS Session Settings | |
| TLS Session Lifetime | The length of time allowed before a full authentication, including the user supplying an OTP, is required (in seconds). Possible values: 3600–2147483647 Default value: 86400. |
| Maximum Fast Reconnect Count | The maximum number of fast reconnects (fast re-authentication) allowed between full OTP authentications, including the user supplying an OTP. Possible values:
Default value: 48 If roaming wireless connections will be in use, the Maximum Fast Reconnect Count setting should be set higher than if static wireless connections are used. If you set this value to 0, you effectively disable fast reconnect. |
If any of these values have static settings on your access point, the values set here will be overridden.