User manual

ManualsBrandsRaritan ManualsNetworkingIPR-M1

APPENDIX B: RADIUS SERVER SETTINGS 65

RADIUS Attributes Generated by IP-Reach

IP-Reach sends the following RADIUS attributes to the RADIUS server with each access request:

ATTRIBUTE DATA

USER-NAME The user name entered at the login screen.

USER-PASSWORD In PAP mode, the encrypted password entered at the login screen.

CHAP-PASSWORD In CHAP mode, the CHAP protocol response computed from the password and the

CHAP challenge data.

NAS-IP-ADDRESS IP-Reach’s IP Address

NAS-IDENTIFIER If the IP-Reach unit’s name, entered at the IP-Reach Admin Console on the Network

Configuration screen, is left to the default name “IP-Reach,” then the identifier will

simply be “IP-Reach”. If another name is entered as an alternative to the default name

“IP-Reach,” then the identifier will be

“IP-Reach.<name>” where <name> represents the alternative name entered on the

Network Configuration screen.

NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET (15) for network

connections.

NAS-PORT Always 0.

STATE If this request is in response to a ACCESS-CHALLENGE, the state data from the

ACCESS-CHALLENGE packet will be returned.

PROXY-STATE If this request is in response to a ACCESS-CHALLENGE, the proxy state data from the

ACCESS-CHALLENGE packet will be returned.

IP-Reach sends the following RADIUS attributes to the RADIUS server with each accounting request:

ATTRIBUTE DATA

SESSION-TYPE Either START (1) for log in or STOP (2) for log out.

SESSION-ID A string containing a unique session name. The name is in the format of “<NAS-

IDENIFIER>:<user IP address>:<number>” where <NAS-IDENTIFER> is the string

from the NAS-IDENTIFIER attribute, <user IP address> is the IP address of the user’s

remote PC, and <number> is a unique sessions number. Example: “IP-

Reach:192.168.1.100:122”

USER-NAME The user name entered at the login screen.

NAS-IP-ADDRESS IP-Reach’s IP Address

NAS-IDENTIFIER If the IP-Reach unit’s name, entered at the IP-Reach Admin Console on the Network

Configuration screen, is left to the default name “IP-Reach,” then the identifier will

simply be “IP-Reach”. If another name is entered as an alternative to the default name

“IP-Reach,” then the identifier will be “IP-Reach.<name>” where <name> represents the

alternative name entered on the Network Configuration screen.

NAS-PORT-TYPE The value ASYNC (0) for modem connections and ETHERNET (15) for network

connections.

NAS-PORT Always 0.

FILTER-ID Any FILTER-ID attributes returned by the RADIUS server during authentication will be

sent in each accounting request.

CLASS Any CLASS attributes returned by the RADIUS server during authentication will be sent

in each accounting request.

ACCT-

AUTHENTIC

How the user was authenticated. Either RADIUS (1) if the user was authenticated by the

RADIUS server or LOCAL (2) if the user was authenticated by IP-Reach’s built-in user

name database.

TERMINATE-

CAUSE

If this is a STOP request, the reason the user was terminated. Either USER_REQUEST

(1), LOST_SERVICE (3), SESSION_TIMEOUT (5), or ADMIN_RESET (6).