Skip to main content

Netskope Help

Configure RADIUS Authentication

Radius authentication can be used to authenticate a user logging into the appliance via CLI. This provides each user with a unique ID and provides external control for user access. Radius authenticated users are only supported for Appliance CLI access and are not supported for OPLP log uploads.

To configure RADIUS on an appliance:

  1. Access the appliance console using ssh.

  2. Log in to the console using the credentials nsadmin/nsappliance. An nsshell opens.

  3. Enter configure to enter the nsshell configure mode.

  4. Configure the RADIUS server using these commands:

    set radius-server hostname <RADIUS server hostname>
    set radius-server port <RADIUS server port>
    set radius-server shared-secret <RADIUS shared secret>
    set radius-server timeout <timeout>


    The timeout value can be set to a minimum of 1 second and maximum of 60 seconds.

  5. Add a RADIUS user to the appliance using this command:

    auth nsshell-user add username <username>


    Usernames can only contain lower case alphabets, numbers, underscores, and $. They should start with an alphabet and can end with a $.

  6. Additional users can be added one at a time using this command. To delete a user, replace add with delete in the above command.