Has anyone configured a Microsoft RADIUS server to authenticate PTP 800 access?

We have mostly PTP 800 series radios and would like to use Microsoft RADIUS to authenticate.   When I attempt to configure the radio, the RADIUS status shows "Invalid AAA Server (VSA or Service-Type mismatch).  Does anyone have experience setting this up?

Have you tried this?


(It contains details on implementing end-to-end RADIUS security on Cambium Networks equipment.)

I hope this helps!


Yes - unfortunately, the article does not provide enough info on the Microsoft RADIUS configuration. 


It looks like your VSA are not supported. Do you know we have these VSAs?


#  Cambium vendor-specific attributes.



ATTRIBUTE       Auth-Role         26    integer      #Role of authorized user

VALUE Auth-Role  Invalid         0

VALUE Auth-Role  ReadOnly        1

VALUE Auth-Role  SystemAdmin     2

VALUE Auth-Role  SecurityOfficer 3


1 Like

I was able to get the RADIUS configuration working.  The VSA (Vendor Specific Attribute) was the problem.   On a Microsoft RADIUS server,  you have to create a "Network Policy" that includes Vendor Specific information.   There are four tabs listed for the Network Policy (Overview, Conditions, Constraints, and Settings).  Select the Settings tab and then select "Vendor Specific."  Add an atrribute based on the Vendor: "RADIUS Standard" and Name: "Vendor-Specific" (which is attribute number 26).   Click Add again - enter vendor code 17713, select "Yes, It conforms" and select "OK."   Enter the following information on the next screen:  Vendor-Assigned attribute number: 1,  Attribute format: Decimal, and attribute value: (depends on what level of permissions you want), we used 3.  Everything else is the standard Windows RADIUS configuration.


1 Like