Request Demo
Features Use Cases About Documentation Contact Request Demo

Hosts Overview

Understanding network devices in Warden

What Are Hosts?

In Warden, a "host" is any network device that sends authentication requests. This includes:

  • Switches - For 802.1X wired authentication
  • Wireless Access Points - For WPA-Enterprise WiFi
  • Wireless Controllers - Centralized WiFi management
  • VPN Concentrators - For remote access authentication
  • Firewalls - For admin or user authentication
  • Network Access Control (NAC) devices - For posture assessment

Each host is configured with a RADIUS shared secret and assigned a policy that determines how authentication requests are handled.

How It Works

1
User connects
2
Host sends RADIUS request
3
Warden authenticates
4
Access granted/denied

Key Concepts

RADIUS Shared Secret

A password shared between Warden and the host. It encrypts sensitive data in RADIUS packets. Use a strong, unique secret for each host or host group.

Policy Assignment

Each host uses a policy that defines authentication rules - which identity providers to check, whether to require 2FA, and what RADIUS attributes to return.

Host Groups

Group similar hosts together to share settings. Instead of configuring 50 access points individually, create a group and configure once.

Host Identification

Warden identifies hosts by IP address. Make sure your hosts have static IPs or DHCP reservations so Warden can consistently identify them.

Hosts vs Host Groups

You can configure hosts individually or use host groups for efficiency:

Individual Hosts

  • Unique RADIUS secret per device
  • Device-specific settings
  • Fine-grained control
  • Best for: Core switches, firewalls, unique devices

Host Groups

  • Shared RADIUS secret for all members
  • Consistent settings across devices
  • Easier management at scale
  • Best for: Access points, edge switches, standard deployments

Hybrid approach: You can use both. Put standard devices in groups and configure critical infrastructure individually. Hosts can also override group settings when needed.

Common Setups

802.1X Wired Network

Each switch becomes a host. Users authenticating on switch ports are verified by Warden. VLAN assignments can be returned based on user groups.

WPA-Enterprise WiFi

Your wireless controller or individual access points connect to Warden. Users see a login prompt when connecting to the SSID, and Warden validates their credentials.

VPN Authentication

Your VPN concentrator queries Warden before granting remote access. This works great with 2FA - users enter their password and TOTP code together or separately.

Network Device Admin Access

Switches and routers can authenticate admin logins through Warden. This centralizes credentials and enables auditing of who accessed network equipment.

What's Next?

Back to Help Overview