CSV File
On listing pages, you can download a CSV (Comma-separated values) file which contains the list of elements by clicking the "Export as CSV" button on each page.
You can edit the exported CSV file with a tool like text editor and import it again as authentication data on the System Management > Database Management page.
Data Format
Character Encoding
The character code of the CSV files downloaded from each list page and the text of Authentication Data CSV file downloaded from the System Management > Database Management page is "UTF-8".NoteWhen you upload a CSV file to AT-RADgate, make sure that the file is encoded in UTF-8 if it contains non US-ASCII characters (If the file only contains US-ASCII characters, it is already in UTF-8 because US-ASCII is a subset of UTF-8 by its definition). If you upload the file in the encoding other than UTF-8, the upload fails with an error message.
Data Format
This section explains the format of the data contained in the CSV file.| Format | Examples | Description |
|---|---|---|
| "Reserved Words" | endpoints | A string enclosed in double quotes (" ") indicates that the string itself can be set in this column. Multiple words separated by a pipe (|) indicate that this column can contain any of them. |
| Numerical Value | 100 | Numeric Value expressed in decimal. If there are restrictions on the values that can be set, this is stated in parentheses. |
| Identifier | device1 | A string to identify specific data. Spaces, tab characters, and the following symbols cannot be used. ~ ! # $ % ^ & ’ * = + [ ] { } \ | ; |
| Identifier List | student teacher guest | Identifier List separated by a space character. Each token, separated by a space character, follows the syntax for an identifier. |
| JSON | {“mac” |
A list of key-value type parameters such as "key=value" separated by semicolons (;). |
| MAC Address | aa aa-bb-cc-00-00-10 aabb.cc00.0010 aabbcc000010 |
MAC Address. The following formats are supported (both uppercase and lowercase): xx xx-xx-xx-xx-xx-xx xxxx.xxxx.xxxx xxxxxxxxxxxx |
| IPv4 Address | 192.168.0.1 | IPv4 Address. |
Display example
Items separated by commas (,) are explained in the order of "#1" (column A) and "#2" (column B) from the beginning. The length (number of columns) varies depending on the policy.User policy
Here is an example of a User policy:Add or update User policy
To add or update a User policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "+" | (Cannot be omitted) | Specifies the operation that is applied to this row. The "+" indicates that the data on this line should be added to the authentication policy database. If a policy with the same Name value is already registered, this line overwrites the existing policy. "-" indicates that the specified policy should be deleted from the authentication policy database. "#" indicates a comment line and is ignored. |
| #2 | B | Type | "users" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | No duplication | (Cannot be omitted) | User account name. Used for User policy identification and supplicant authentication. |
| #5 | E | Encrypted Password | String | − | (No value) | Encrypted password. Used for supplicant authentication. This column is included in the CSV file exported from AT-RADgate.NoteDo not manually edit this column. |
| #6 | F | Password | String (Max 63 characters) | − | (No value) | Plaintext password. Used for supplicant authentication. If you want to set the password manually, enter the password column in this column. |
| #7 | G | Full Name | String (Max 63 characters) | − | (Empty string) | User's full name. It is not used for supplicant authentication, only as a hint to the network administrator. |
| #8 | H | (reserved) | − | − | − | This column is reserved for future use. |
| #9 | I | Access Level | Integer (0-15) | − | (No value) | An integer representing the access level. 0 indicates deny access, other values indicate allow access. The larger the value, the stronger the authority granted. |
| #10 | J | (reserved) | − | − | − | This column is reserved for future use. |
| #11 | K | Tags | Identifier List (Max 255 characters) | − | (No value) | Tag List separated by a space character. Tags are used to group the supplicants to which this policy applies and help in applying Supplicant Profile to multiple supplicants at once. |
| #12 | L | Note | String (Max 63 characters) | − | (Empty string) | Description of this policy. It is not used for supplicant authentication, only as a hint to the network administrator. |
Deleting User policy
To delete a User policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "-" | (Cannot be omitted) | Specifies the operation that is applied to this row. "-" indicates that the specified policy should be deleted from the authentication policy database. |
| #2 | B | Type | "user" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | No duplication | (Cannot be omitted) | User account name. Used to find the policy to delete. |
Endpoint policy
Here is an example of Endpoint policy:Add or update Endpoint policy
To add or update Endpoint policies, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "+" | (Cannot be omitted) | Specifies the operation that is applied to this row. The "+" indicates that the data on this line should be added to the authentication policy database. If a policy with the same MAC Address value is already registered, this line overwrites the existing policy. "-" indicates that the specified policy should be deleted from the authentication policy database. "#" indicates a comment line and is ignored. |
| #2 | B | Type | "endpoints" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | MAC Address | MAC Address | No duplication | (Cannot be omitted) | MAC Address. Used for Endpoint policy identification and supplicant authentication. |
| #5 | E | Device Name | Identifier (Max 63 characters) | − | (No value) | Device Name. You can assign the same name to multiple Endpoint policies. Endpoint policies with the same name represent a single device with multiple network interfaces. This value is also used to link the Supplicant Profile with the Endpoint policy. |
| #6 | F | Access Level | Integer (0-15) | − | (No value) | An integer representing the access level. 0 indicates deny access, other values indicate allow access. The larger the value, the stronger the authority granted. |
| #7 | G | (reserved) | − | − | − | This column is reserved for future use. |
| #8 | H | Tags | Identifier List (Max 255 characters) | − | (No value) | Tag List separated by a space character. Tags are used to group the supplicants to which this policy applies and help in applying Supplicant Profile to multiple supplicants at once. |
| #9 | I | Note | String (Max 63 characters) | − | (Empty string) | Description of this policy. It is not used for supplicant authentication, only as a hint to the network administrator. |
Deleting Endpoint policy
To delete an Endpoint policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "-" | (Cannot be omitted) | Specifies the operation that is applied to this row. "-" indicates that the specified policy should be deleted from the authentication policy database. |
| #2 | B | Type | "endpoints" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | MAC Address | MAC Address | − | (Cannot be omitted) | MAC Address. Used to find the policy to delete. |
NAS / RADIUS Proxy policy
Here is an example of NAS / RADIUS policy:Add or update NAS / RADIUS Proxy policy
To add or update a NAS / RADIUS Profile policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "+" | (Cannot be omitted) | Specifies the operation that is applied to this row. The "+" indicates that the data on this line should be added to the authentication policy database. If a policy with the same IP Address value is already registered, this line overwrites the existing policy. "-" indicates that the specified policy should be deleted from the authentication policy database. "#" indicates a comment line and is ignored. |
| #2 | B | Type | "nas" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | IP Address | IPv4 Address | No duplication | (Cannot be omitted) | NAS IP Address. Used for NAS / RADIUS policy identification and NAS authentication. |
| #5 | E | Encrypted Key | String | − | (No value) | Encrypted pre-shared key. Used for NAS authentication. This column is included in the CSV file exported from AT-RADgate.NoteDo not manually edit this column. |
| #6 | F | Key | String (Max 63 characters) | − | (No value) | Plaintext pre-shared key. Used for NAS authentication. If you want to set the pre-shared key manually, enter the plaintext pre-shared key in this column. |
| #7 | G | Name | Identifier (Max 63 characters) | No duplication | (No value) | NAS name. It is not used for NAS authentication, only as a hint to the network administrator. |
| #8 | H | Profile | Identifier (Max 63 characters) | − | (No value) | The name of the profile that applies to this policy. |
| #9 | I | Tags | Identifier List (Max 255 characters) | − | (No value) | Tag List separated by a space character. Tags are used to group the supplicants to which this policy applies and help in applying Supplicant Profile to multiple supplicants at once. |
| #10 | J | Note | String (Max 63 characters) | − | (Empty string) | Description of this policy. It is not used for supplicant authentication, only as a hint to the network administrator. |
Deleting NAS / RADIUS Proxy policy
To delete a NAS / RADIUS Profile policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "-" | (Cannot be omitted) | Specifies the operation that is applied to this row. "-" indicates that the specified policy should be deleted from the authentication policy database. |
| #2 | B | Type | "nas" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | IP Address | IPv4 Address | − | (Cannot be omitted) | NAS IP Address. Used to find the policy to delete. |
NAS Profile policy
Here is an example of NAS Profile policy:Add or update NAS Profile policy
To add or update a NAS Profile policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "+" | (Cannot be omitted) | Specifies the operation that is applied to this row. The "+" indicates that the data on this line should be added to the authentication policy database. If a policy with the same Name value is already registered, this line overwrites the existing policy. "-" indicates that the specified policy should be deleted from the authentication policy database. "#" indicates a comment line and is ignored. |
| #2 | B | Type | "nas_profiles" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | No duplication | (Cannot be omitted) | NAS Profile name. Used to identify a NAS Profile and apply it to a NAS policy. |
| #5 | E | Note | String (Max 63 characters) | − | (Empty string) | Description of this policy. It is not used for supplicant authentication, only as a hint to the network administrator. |
| #6 | F | (reserved) | − | − | − | This column is reserved for future use. |
| #7 | G | (reserved) | − | − | − | This column is reserved for future use. |
| #8 | H | (reserved) | − | − | − | This column is reserved for future use. |
| #9 | I | Properties | JSON | − | − | The settings that are applied in this NAS Profile. This value is formatted as JSON. For information about the parameters you can set for this column, refer to Parameters for Property column. |
Parameters for Property column
| Parameter name | Format | limitation | Default value | Description |
|---|---|---|---|---|
| authDevice | "true" | "false" | − | − | Device authentication settings. If this value is "true", device authentication is performed by MAC Address in addition to user name authentication. |
| authMac | "true" | "false" | − | − | MAC authentication settings. If this value is "true" and a MAC Address is stored in the User-Name attribute of a received authentication message, endpoint authentication is performed using the MAC Address instead of user authentication. |
Deleting NAS Profile policy
To delete a NAS Profile policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "-" | (Cannot be omitted) | Specifies the operation that is applied to this row. "-" indicates that the specified policy should be deleted from the authentication policy database. |
| #2 | B | Type | "nas_profiles" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | − | (Cannot be omitted) | NAS Profile name. Used to find the policy to delete. |
Supplicant Profile policy
Here is an example of Supplicant Profile policy:Add or update Supplicant Profile policy
To add or update Supplicant Profile policies, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "+" | (Cannot be omitted) | Specifies the operation that is applied to this row. The "+" indicates that the data on this line should be added to the authentication policy database. If a policy with the same Name value is already registered, this line overwrites the existing policy. "-" indicates that the specified policy should be deleted from the authentication policy database. "#" indicates a comment line and is ignored. |
| #2 | B | Type | "supplicant_profiles" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | No duplication | (Cannot be omitted) | Supplicant Profile name. Used to identify the Supplicant Profile. |
| #5 | E | Priority | Integer (0-15) | − | 7 | The priority at which this profile applies. Profiles with smaller values are applied preferentially. |
| #6 | F | Reason | String (Max 63 characters) | − | (Empty string) | Reason for this rule. |
| #7 | G | Note | String (Max 63 characters) | − | (Empty string) | Description of this policy. It is not used for supplicant authentication, only as a hint to the network administrator. |
| #8 | H | Action | "pass" | "drop" | "isolate" | "notice" | − | (Cannot be omitted) | The action to be applied to devices that match this rule. Here's what each action actually does: pass: Allows the packets sent by the supplicant to pass through. drop: Discards the packet sent by the supplicant. isolate: Forwards packets sent by the supplicant to the specified VLAN segment. notice: outputs an event log indicating that this profile has been applied to the supplicant. |
| #9 | I | Conditions | JSON | − | No conditions (matches all supplicants) | The criteria for a supplicant to match this profile. This value is formatted as JSON. A profile with this value empty matches all supplicants. For information about the parameters you can set for this column, refer to Parameters for Condition Columns. |
| #10 | J | Properties | JSON | − | (No value) | The settings to apply to supplicants that match this profile. This value is formatted as JSON. For information about the parameters you can set for this column, refer to Parameters for Property column. |
Parameters for Condition Column
| Parameter name | Format | limitation | Default value | Description |
|---|---|---|---|---|
| deviceRegistered | "true" | "false" | − | (No value) | The enrollment status of the device. If this value is "true", the device's MAC Address matches the supplicant registered in Endpoint policy. If this value is "false", the device's MAC Address matches the supplicant unregistered in Endpoint policy. |
| deviceMac | MAC Address | − | (No value) | MAC Address Condition. If this parameter is set, then a supplicant with a MAC Address equal to this value is matched. |
| deviceName | Identifier (Max 63 characters) | − | (No value) | Device name criteria. If this parameter is set, then a supplicant with a device name equal to this value is matched. The supplicant device name is set in Endpoint policy. |
| accessLevel | String | − | (No value) | The Access Level Condition. You can set the value in the form of a single number or a number range. The format of a number range consists of two numbers joined by "..". For example, "3..5" means the numbers from 3 to 5. Either of the numbers on either end can be omitted; for example, "..8" means a number less than or equal to 8, and "7.." means a number greater than or equal to 7. If the value of this condition and the supplicant's access level match, the supplicant matches this condition. |
| tags | String | − | (No value) | Tag Condition expression. If this parameter is set, then supplicants with a tag with this value is matched. If you set multiple tags separated by a space character, such as "cat fox", then supplicants that have all of those tags are matched. |
Parameters for Property column
| Parameter name | Format | limitation | Default value | Description |
|---|---|---|---|---|
| vlan | Identifier (Max 63 characters) | − | (No value) | The name or ID of the VLAN segment to which the supplicant connects. |
| filterIds | String Array | − | (No value) | The ID of the packet filter to be applied to the supplicant. The packet filter must be pre-configured on the NAS. You can specify multiple IDs. |
| filterRules | String Array | − | (No value) | The packet filter to be applied to the supplicant. Unlike filterIds, you can specify the filtering rule itself. |
Deleting Supplicant Profile policy
To delete Supplicant Profile policy, upload a CSV file containing authentication policy data formatted with the following rules:| Number | Column Name | Field Name | Format | limitation | Default value | Description |
|---|---|---|---|---|---|---|
| #1 | A | Operator | "+" | "-" | "#" | Always "-" | (Cannot be omitted) | Specifies the operation that is applied to this row. "-" indicates that the specified policy should be deleted from the authentication policy database. |
| #2 | B | Type | "supplicant_profiles" | − | (Cannot be omitted) | Data type. Indicates the data type of this row. |
| #3 | C | Version | Numerical Value | Always "1" | (Cannot be omitted) | CSV format version. Indicates the format version used in this row. Current version is "1". |
| #4 | D | Name | Identifier (Max 63 characters) | − | (Cannot be omitted) | Supplicant Profile name. Used to find the policy to delete. |
01 Oct 2025 12:51