Skip to main content

Netskope Help

Configure RADIUS Authentication

Radius authentication can be used to authenticate a user logging into the appliance via CLI. This provides each user with a unique ID and provides external control for user access.

To configure RADIUS on an appliance:

  1. Access the appliance console using ssh.

  2. Log in to the console using the credentials nsadmin/nsappliance. An nsshell opens.

  3. Enter configure to enter the nsshell configure mode.

  4. Configure the RADIUS server using these commands:

    set radius-server hostname <RADIUS server hostname>
    set radius-server port <RADIUS server port>
    set radius-server shared-secret <RADIUS shared secret>
    set radius-server timeout <timeout>


    The timeout value can be set to a minimum of 1 second and maximum of 60 seconds.

  5. Add a RADIUS user to the appliance using this command:

    auth nsshell-user add username <username>


    Usernames can only contain lower case alphabets, numbers, underscores, and $. They should start with an alphabet and can end with a $.

  6. Additional users can be added one at a time using this command. To delete a user, replace add with delete in the above command.