User manual
APPENDIX B: RADIUS SERVER SETTINGS 63
Appendix B: RADIUS Server Settings
This appendix discusses the RADIUS server and how it interacts with IP-Reach to accommodate IP-
Reach as a RADIUS client. For information on designating the IP-Reach unit itself as a RADIUS client,
see the Radius Configuration section in Chapter 4: Administrative Menus.
RADIUS Authentication Priority and Flowchart
When IP-Reach is configured to utilize RADIUS authentication, user login attempts are first checked
against IP-Reach’s internal username and password list. (At least one username/password pair, for the
“admin” user, must exist in the IP-Reach database). Should the login attempt fail and IP-Reach is
configured to utilize an external RADIUS server, IP-Reach then consults the RADIUS server for
completing authentication. This process flow is illustrated below.
LOGIN ATTEMPT
User Name & Password Entry
IP-Reach
Database
Username & Password
Profiles
Entered on
IP-Reach
by System Administrator
Match Found
Login Entry
(User Name & Password)
exactly matches a user profile
in the
IP-Reach
database
Match NOT Found
Login Entry (User Name & Password) does not
match any user profiles in the
IP-Reach database
IP-Reach
Database
Permissions Used
See Figure 54
–
User
Accounts Settings
Screen
Authentication
Request Sent To
RADIUS Serve
r
Query for matching
User Name and
Password
END OF AUTHENTICATION
Match NOT Found
Login Attempt Rejected
END OF AUTHENTICATION
A
cceptance
RADIUS Database Used
RADIUS Permission Authorization
Attributes are primary
Match Found
Login Entry (User Name & Password) exactly
matches a user profile in the RADIUS database
RADIUS
Accepts or
Challenges
Challenge
See Figure 75 & 76
END OF AUTHENTICATION
RADIUS Sends
Challenge Query
back to user
A
cceptance after Challenge
RADIUS Database Used
RADIUS Permission Authorization
Attributes are primary
END OF AUTHENTICATION
Challenge Response
Not Accepted
Login Attempt Rejected
END OF AUTHENTICATION