7. Administration (continued)
7.3.4 ANMS
The Advanced Network Management Settings (ANMS) page allows you to set up login authorization management from an external source. From this screen, administrators can set up remote management via RADIUS and/or LDAP/S, and set up the access port and MAC address for the
RADIUS Settings
To allow authorization for a RADIUS server, do the following:
1.Check the Enable checkbox.
2.Fill in the Primary RADIUS Server IP and access Port, and the Alternate RADIUS Server IP and access Port.
3.In the Timeout (seconds) field, set the time in seconds that the
KVM waits for a reply from the RADIUS server before it times out.
4.In the Retries field, enter the number of times you want the KVM to try and reconnect with the RADIUS server before it gives up.
5.In the Shared Secret field, key in the character string that you want to use for authentication between the KVM and the RADIUS Server.
6.On the RADIUS server, set the access rights for each user according to the information in the table:
Character | Description |
|
|
C | Gives the corresponding account administrator privileges. |
WGives the corresponding account access to the KVM switch via the Windows browser and
JGives the corresponding account access to the KVM switch via the Java browser and
LGives the corresponding account access to the log server on the Web Management Interface.
VGives the corresponding account
PN/xxxx | Denies the corresponding account access to a port. |
|
|
SN/xx | Denies the corresponding account access to a station. |
|
|
PV/xxxx | Gives the corresponding account |
| port. |
|
|
SV/xx | Gives the corresponding account |
| station. |
|
|
PF/xxxx | Gives the corresponding account full access to a port. |
|
|
SF/xx | Gives the corresponding account full access to a station. |
RADIUS Server access rights examples are given in the following table:
RADIUS |
|
Access |
|
Rights | Description |
CThe corresponding account has administrator access to the KVM.
W, J, L | The corresponding account can access the system |
| via the Windows and Java browser and |
| applications, and can access the log server on the Web |
| Management Interface. |
|
|
PN/0102 | The corresponding account is denied access to port 2 on |
| station 1. |
|
|
PF/A | The corresponding account is given full access to all |
| ports on the installation. |
|
|
SV/02 | The corresponding account is given |
| station 2. |
Note: Characters are not case sensitive. Characters are comma delimited.
ANMS – LDAP/S
To allow authentication and authorization via LDAP/S, do the following:
1.Check the Enable LDAP Authentication checkbox.
2.Select LDAP or LDAPS.
3.Determine whether to enable authorization or not.
•If the Enable Authorization checkbox is checked, the LDAP/S server directly returns a ‘permission’ attribute and authorization for the account that is logging in. With this selection, the LDAP schema must be extended.
•If the Enable Authorization checkbox is not checked, the LDAP/S server indicates whether the account that is logging in is a member of the KVM Admin Group or not. If yes, the account has full access rights. If no, the account has user access rights (See the User Management section of this manual for details on account permissions).
4.Enter the appropriate IP address and access port for the LDAP or LDAPS server in the LDAP Server IP and Port fields. The default port number for LDAP is 389, and is 636 for LDAPS.
5.In the Timeout (Seconds) field, enter the time in seconds that the
KVM waits for an LDAP or LDAPS server reply before it times out.
6.Consult the LDAP/S administrator about the appropriate entry for the LDAP Administrator DN field. For example, the entry might look like this:
IP,dc=tripplite,dc=com
7.In the LDAP Admin Password field, key in the LDAP administrator’s password.
45