Its easy to configure AP and Wisp tool box for the AP web UI authentcaition, please follow the below steps.
Below configuring, please make sure we have reachability to AP and the WISP tool box(Radius Server).
Step 1:
Login to the WISP tool box using the IP address of the server.
Default User name: ‘’root’’ and Password: ‘’public’’.
Step 2:
Add the client (AP) under RADUIS >> RADIUS Administration >> Clients (NAS) as below.
Step 3:
Configure all the required fields like IP address of the AP, Type, Shared Secret key, Port Number etc as below.
Note : Make sure you use the same secret password on the AP as well.
Step 4: Create the User account under RADIUS >> Accounts which will be used for login to the radios.
Step 5: Create the user accounts to login to the AP
Click on “Add New” and fill in the detail like User Name, Password then click on “Add” to configure the Group Membership and User Attributes set to 3 with Admin rights.
Step 6: Hit ‘’Submit’’ button on all three tabs to save the configuration i.e under Radius >> Accounts >> Click on the user you have created, then click on submit button available on "Edit Account Password", "Group Membership" and "User Attributes" tab.
Step 7: Configuring the Radius security settings on the AP (PMP450/PMP100)
Under Configuration>> Security >> Authentication Mode >> Radius AAA and enter the Radius server ip address and Shared Secret key (should be same as configured on the radius server).
Step: 8
Selecting the "Authentication Mode" on AP, there are three authentication mode on the AP as below.
- Local: The local SM is checked for accounts. No centralized RADIUS accounting (access control) is performed.
- Remote: Authentication by the centralized RADIUS server is required to gain access to the SM if the SM is registered to an AP that has RADIUS AAA Authentication Mode selected. For up to 2 minutes a test pattern is displayed until the server responds or times out.
- Remote then Local: Authentication using the centralized RADIUS server is attempted. If the server sends a reject message, then the setting of Allow Local Login after Reject from AAA determines if the local user database is checked or not. If the configured servers do not respond within 2 minutes, then the local user database is used. The successful login method is displayed in the navigation column of the SM.
Preferred method is to use “Remote then local” and also Enable “Allow Local Login after reject from AAA” to be on the safer side, so that if we forget the user name or password, the radio can authenticate against its Local database and still we have access to radio to make any changes.
This is located Under Accounts >> User Authentication And Access Tracking >> Select the Authentcaition Mode as explained above.
Note: Make sure we have the same user name and password configured on the AP local database. This can be configured under Accounts >> Users >> create user name and password with specific rights.
Step: 9
"Reboot" the AP to take effect on the configuration, once done the AP should authenticate against the Radius Server.
Step: 10
After successful radius authentication. We could verify the same on AP and Radius server as below:
- Login to the AP, towards the left bottom shows “Authentication Method“ as “Remote” which comes AP is authenticated Via radius server.
- On radius server, Under Radius>> Accounts >> click on User name created you should see Under “Recent Authentication Attempts” showing “Access-Accept” confirming the same.
I have also attached the detailed screen shots of the WISP tool box and the AP configurations for reference.