Skip to content

RADIUS Integration: Firewall & Network Setup

This page covers what you need before connecting a RADIUS client (VPN, firewall, etc.) to Mideye Server. It assumes Mideye Server is already installed and running — see the Pre-install Checklist and Installation Guides if you still need to set up the server.


Verify the following on the Mideye Server side:

  1. Mideye Server is installed and the Web Admin GUI is reachable.
  2. The database is connected and healthy — check /management/health (see Server Monitoring).
  3. Mideye Switch connectivity is confirmed (status UP in the health check) — unless running in Air-Gapped Mode.
  4. At least one authentication type is configured.

Open these ports between the RADIUS client and Mideye Server:

PortProtocolDirectionPurpose
1812UDPClient → Mideye ServerRADIUS authentication (default; configurable per RADIUS server)
1813UDPClient → Mideye ServerRADIUS accounting (optional)
3799UDPMideye Server → ClientRADIUS Disconnect Messages / CoA — only needed for Assisted Login with disconnect

If the RADIUS client supports RADSEC, you can use TLS-encrypted RADIUS instead of UDP:

PortProtocolDirectionPurpose
2083TCP/TLSClient → Mideye ServerRADSEC — disabled by default; requires CA-signed PEM certificates

RADSEC requires additional certificate configuration on both ends. See the Application Configuration reference for radsec.* settings.


Gather this information before configuring the integration:

SettingDescription
Mideye Server IP / hostnameThe address your RADIUS client will send authentication requests to.
RADIUS portDefault 1812. Must match the port configured in the RADIUS server in Mideye.
Shared secretA strong, random string configured identically on both the RADIUS client and in the RADIUS client entry in Mideye Server.
Authentication protocolPAP for most integrations. Use MS-CHAPv2 only when AD password changes are required (needs a Network Policy Server).
Timeout35 seconds recommended. See RADIUS Timeout for details.
Retries1 recommended.

Configure Mideye Server to accept the client

Section titled “Configure Mideye Server to accept the client”

In the Mideye Web Admin GUI, add a RADIUS client entry for the integrating device:

  1. Navigate to RADIUS → Clients.
  2. Add a new client with the device’s IP address and shared secret.
  3. Assign the client to a RADIUS server (listener).

For step-by-step instructions, see the RADIUS Clients reference.


Mideye Server must be able to resolve DNS if any of the following are in use: