Request Demo
Features Use Cases About Documentation Contact Request Demo

Adding Hosts

Register network devices to authenticate through Warden

Before You Start

You'll need a few things ready before adding a host:

  • Host IP address - The IP that will send RADIUS requests (make sure it's static)
  • A policy - Create one first if you haven't already
  • RADIUS secret - You'll create this, then configure the same secret on the device

Multiple IPs? Some devices send RADIUS requests from different IPs than their management interface. Check your device documentation or packet captures if you're unsure which IP to use.

Adding a Host

  1. Navigate to Hosts in the sidebar
  2. Click Add Host
  3. Fill in the host details:
    • Name - A friendly name (e.g., "Core Switch 1")
    • IP Address - The source IP for RADIUS requests
    • RADIUS Secret - Generate a strong one or create your own
    • Policy - Select which authentication policy to use
  4. Configure optional settings as needed
  5. Click Save

Host Settings Explained

Basic Settings

Name

A friendly identifier for this host. Use something descriptive like "Lobby-AP-01" or "DC1-Core-Switch" so you can easily identify it in logs and reports.

IP Address

The IP address this device will use when sending RADIUS packets. Warden uses this to identify which host is making a request. You can also use CIDR notation (e.g., 10.0.0.0/24) to match a range of addresses.

RADIUS Secret

A shared password between Warden and the host. This encrypts user passwords and authenticates the device. Use at least 16 random characters. The same secret must be configured on the network device.

  • Use the "Generate" button for a strong random secret
  • Copy-paste to avoid typos (the most common issue!)
  • Each host or host group should have a unique secret
Policy

Which authentication policy applies to this host. The policy defines identity providers, 2FA requirements, and response attributes.

2FA Settings

2FA Code Position

When users have 2FA enabled, where should they enter their code? Options:

  • Append - Password first, then code: MyP@ss123456
  • Prepend - Code first, then password: 123456MyP@ss
  • Inherit - Use the system or host group default

Advanced Settings

Description

Notes about this host - location, purpose, contact person. Useful for documentation.

Host Group

Optionally assign this host to a group. The host will inherit settings from the group unless overridden at the host level.

Enabled

Toggle off to stop accepting authentication requests from this host without deleting it.

After Adding a Host

Once you've added the host in Warden, configure your network device to use Warden as its RADIUS server:

  1. Set the RADIUS server IP to Warden's IP address
  2. Set the authentication port to 1812
  3. Set the accounting port to 1813 (if using accounting)
  4. Enter the exact same RADIUS secret you configured in Warden
  5. Set timeout to 30 seconds (60+ if using 2FA with push)
  6. Set retries to 3

Using 2FA with push notifications? Most devices default to 5-10 second timeouts, which isn't enough time for users to respond to push notifications. See our RADIUS timeout guide for recommended settings.

Bulk Import

Adding many hosts at once? Use the import feature:

  1. Click Import Hosts
  2. Download the CSV template
  3. Fill in your host data
  4. Upload and review

CSV Format

name,ip_address,radius_secret,policy,description
Switch-1,10.0.1.10,MySecretKey123!,default,Floor 1 switch
Switch-2,10.0.1.11,AnotherSecr3t!,default,Floor 2 switch

Testing Your Setup

After configuring both Warden and your network device:

  1. Try authenticating with a test user
  2. If it fails, open NAC Tracer to see what happened
  3. Check both Warden logs and your network device logs

Common Issues

No response from RADIUS server

  • Check firewall rules - port 1812/1813 UDP must be open
  • Verify the IP address matches what the device actually sends from
  • Make sure Warden is running and healthy

"Shared secret mismatch"

  • Copy-paste the secret directly - don't retype it
  • Watch for trailing spaces
  • Some devices have character limits on secrets

"Unknown host"

  • The IP address doesn't match any configured host
  • Check if the device is behind NAT
  • Verify the source IP in packet captures if needed

What's Next?

Back to Hosts Overview