User guide

Remote Authentication

4. AccountingPort.Thedefaultaccountingportis1813;changeas

required.

5. Timeout(inseconds).Thedefaulttimeoutis1second;changeas

required.ThetimeoutisthelengthoftimetheKXII‐101waitsfora

responsefromtheRADIUSserverbeforesendinganother

authenticationrequest.

6. Retries.Thede

faultnumberofretriesis3;changeasrequired.Thisis

thenumberoftimestheKXII‐101willsendanauthentication

requesttotheRADIUSserver.

7. GlobalAuthenticationType.Choosefromamongtheoptionsinthe

drop‐downlist:

 PAP.WithPAP,passwordsaresentasplaintext.PA

Pisnot

interactive;theusernameandpasswordaresentasonedata

packageonceaconnectionisestablished,ratherthantheserver

sendingaloginpromptandwaitingforaresponse.

 CHAP.WithCHAPauthenticationcanberequestedbythe

serveratanytime.CHAPprovidesmoresec

uritythanPAP.

Returning User Group Information via RADIUS

WhenaRADIUSauthenticationattemptsucceeds,theKXII‐101device

determinesthepermissionsforagivenuserbasedonthepermissionsof

theuserʹsgroup.

YourremoteRADIUSservercanprovidetheseusergroupnamesby

returninganattribute,implementedasaRADIUSFILTER‐ID.The

FILTER‐IDshouldbef

ormattedasfollows:

Raritan:G{GROUP_NAME}

whereGROUP_NAMEisastring,denotingthenameofthegroupto

whichtheuserbelongs.

RADIUS Communication Exchange Specifications

TheKXII‐101unitsendsthefollowingRADIUSattributestoyour

RADIUSserver:

Attribute Data

Access‐Request(1)

NAS‐Port‐Type(61) VIRTUAL(5)fornetworkconnections.