Tut Systems SMS2000 manual Default retrans-primary-only is, Usage Guidelines Example

Page 54

Authentication

Syntax

Description

Alias

Adding the alias parameter to the end of the auth add radius

 

command will configure the SMS to receive RADIUS response

 

packets from an IP address other that the IP address configured as

 

the RADIUS server.

Multiple RADIUS Servers

Default

Older versions of SMS used UDP port 1645 for RADIUS authentication requests and 1646 for RADIUS accounting requests by default.

New versions of SMS will continue to use those same ports for previously configured RADIUS servers when upgraded from previous versions.

However, new RADIUS servers will be configured with port 1812 for RADIUS authentication and port 1813 for RADIUS accounting by default.

The default retrans is 5.

The default retrans-primary-only is 2.

The default timeout is 30 seconds.

The default deadtime is 0 minutes (disabled)

Usage Guidelines

Note Select a shared secret as you would a password.

Example

This example configures the SMS2000 to authenticate subscribers in the current group using the RADIUS server at 192.168.254.249.

sms2000% auth add radius 192.168.254.249 secret donttell retrans=3 retrans-primary-only=1 timeout=10 deadtime=5

Alias IP address

If the RADIUS servers are configured with a virtual interface, the RADIUS response packets will be transmitted to the SMS on a different interface than the request packet was received. The SMS will reject the packets since it did not arrive with the expected source IP address. Setting an alias IP address allows the SMS to receive the RADIUS response from a different source IP. You must configure the alias IP parameter after configuring the RADIUS server.

For example;

auth add radius 192.168.1.249 secret donttell auth add radius 10.1.1.50 alias

The above two commands will cause the SMS to send the RADIUS request to 192.168.1.249 and receive the RADIUS response from both 192.168.1.249 and 10.1.1.50.

TUT Systems, Inc

Page 54 of 104

P/N 220-06288-20

Image 54
Contents TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring Snmp Polling Configuring SmtpConfiguring NTP Connectivity and TestingAuthentication with Radius Authentication Configuring the Command ServerAuthentication AuthorizationGroups Using Rule PrioritiesConfiguring Radius SMS2000 RulesSMS2000 Troubleshooting Procedures Using Both Radius and OCS AuthenticationWeb Proxy Settings SMS2000 Status Attributes and StatisticsRadius Attributes in Access-Accept Packets List of TablesList of Figures Documentation available for this Release PrefaceAudience Related DocumentationSubscriber Management Features IntroductionIntroduction Subscriber Management Components Subscriber Management ComponentsSMS2000 OCSIntroduction Getting Started User InterfaceIfconfig portnumber ipaddress /masklen Accessing Help for CommandsFor example restore config web original-confi g Style ConventionsCursor Movement Cursor Motion KeystrokesEstablishing a Connection with the SMS2000 Initial ConfigurationClick Configure Establishing a Connection Via a Serial InterfaceEstablishing a Connection Via Telnet Initial Configuration Initial Configuration Changing Your PasswordSetting the Quick Configuration Setting the Hostname Disabling AuthenticationSaving the Configuration Rebooting the System Verifying the ConfigurationReboot Setting the Default Configuration E-mail System AdministrationConfiguration E-Mail Settings Set config-mailrecipient@SMTPserver SMTPserverDeleting the Configuration E-mail Configuration and System File ToolsMailing the Current Configuration Committing Configuration ChangesCommit auto Automatically Committing Configuration ChangesDisabling Automatic Configuration Changes Commit noautoSaving a Configuration Loading a Configuration FileRestoring a Previous Configuration Setting the Smtp Server Configuring SmtpRestoring the Default Configuration Deleting the Smtp ServerSetting the Timezone Configuring NTPSetting the Smtp ID Set smtpid on offSetting the Time Configuring Snmp PollingConfiguring the NTP server Enabling Snmp PollingTesting to See if Snmp Polling will Work Disabling Snmp PollingSnmp-pollmacaddress Setting Specialized System Options Connectivity and TestingTesting Connectivity System ToolsLeftrighthelp ? Setting and Deleting Static PortsDefining Ports Port-definition mixed tut vlanEvent Tracking Disconnecting a Session on a PortSetting the Syslog Server Displaying Log MessagesSystem Administration Tools Displaying Version InformationExiting the Management Session Passwd Changing a PasswordDisplaying Control Keys KeysSnmp System Contact Snmp ManagementSnmp Agent Snmp System LocationSnmp Community Snmp Trap RecipientSMS2000% snmp delete trap-recipient Troubleshooting ToolsSystem Information Tools Show snmp trap-recipientSetting the ARP Failure Limit Subscriber Connectivity CommandsUpgrades Setting the ARP Polling PeriodUpgrading from Tut Systems’ Website Archiving SMS2000 Firmware and distributing it from a ServerVerifying a Successful Upgrade Returning to an Older Firmware VersionLoading Another Image System Administration Authentication AuthenticationDeleting the Command Server Configuring the Command ServerSetting the Command Server for OCS Interaction Adding the OCS as the Authentication ServerAuth add web url secret secret cmd-serv Deleting an Authentication ServerTesting Authentication Auth onAuth off forcedweb authokurl blockall Setting the Authentication IntervalBypassing Authentication Auth interval minutes offAllow-Nets Setting the Http Request ThrottleHttp Request Throttle Deleting the Http Request ThrottleSetting an Allow-Net Set allow-netipaddress netmask dns-nameDeleting an Allow-Net Setting the Automatic Redirection URLAutomatic Redirection URLs Set authok urlAdding a Radius Server Authentication with RadiusDeleting the authok Delete authokCommand Syntax DescriptionDefault Default retrans-primary-only isUsage Guidelines Example Set NAS port type parameter Set nas-port-type integerSet nas-port-type Show status radius Testing Authentication on the Radius ServerConfiguring a Radius SSL Back Channel Show status radius ExampleAuthorization AuthorizationAuthorization Server FunctionalityAccounting AccountingSending Accounting Messages to a Syslog Server Sending Accounting Messages to a Radius Server Radius Accounting ConfigurationConfiguring Accounting Parameters Deleting a Radius Accounting ServerProvisioning ProvisioningBilling BillingAdding a Group Service Creation Using Groups and RulesGroups Group add groupname noinherit inherit groupnameSetting Maximum Users Per Port Setting the Active Group ContextSubscribers that Cannot Support Authentication Deleting a GroupDeleting a Rule SMS2000 RulesAdding a Rule Set rule rulename groupname priority rulestringMAC Address Rule Expression ComponentsIP Address Ip=ipaddress ,netmaskNot Operator Vlan=vlanida-vlanidbTut=ipaddress-linenum*-portnum Parenthesis OperatorOr Operator Expression and expressionUsing Rule Priorities IP Addressing IP AddressingPlug and Play With NAT Static Routable Addresses Dhcp PoolsStatic Non-Routable Addresses IP MulticastingConfiguring IP Types Iptype default NAT static Dhcp 1to1 1to1UniqueUnderstanding 1to1 and 1to1 Unique IP Types Source-Nets Setting a Source-NetDeleting a Configured Source-Net Set source-netstartaddress endaddress subnet-maskRemoving a Dhcp Assignment Setting the DNS Server AddressCreating Dhcp Pools Dhcp-server release macaddressAdding Routes Static RoutesDeleting the DNS Server Address Set dns add ipaddressSetting up the LPR Host PrintingSet lpr hostname off queuename maxpages maxbytes Using SMS2000 with a Radius Server Configuring RadiusObtaining the Radius Server Software Configuring Service Parameters Adding the SMS2000 as a Client on the Radius ServerAdding Users to the Radius Server Using Real IP Addresses Radius PortsSMS2000 Status Attributes and Statistics SMS2000 NAS FileRadius Attributes Sent in Accounting Messages Using Both Radius and OCS Authentication Radius Attributes Sent In Access Request PacketsRadius Attributes Received in Access- Accept Packets Shape xbps/rbps Setting Traffic ShapingDeleting Traffic Shaping Shape xbps/rbps deleteSetting the PMS Server SMS2000 and Property Management Systems PMSProtocol Modes TTY ACK-NAK ENQ-ACK-NAKENQ-ACK-NAK Mode Files For Groups Customizing SMS2000 Web Authentication with RadiusLoading and Deleting Customized Web Pages Loading Web Pages or FilesLoad web url defaults Path ComponentsImage Links Deleting Web Pages or Files Customizing Web PagesUpgrading Preserving the Web FormSize For Web Pages and External Links Web Page RedirectionActive Page Components Viewing CustomizationsReference Setting the Wpad Curl Configuring Web Proxy SettingsWeb Proxy Settings Setting the Wpad TimeoutWeb Proxy Server Set proxy-ports port Delete proxy-ports portShow proxy-ports SMS2000 Troubleshooting SMS2000 Troubleshooting ProceduresBrowser Snmp PollingMultiple frames opened Unable to do credit cardVerify OCS screens off LineAppendix a Radius Access-Accept Dictionary File Radius Attributes in Access-Accept PacketsAppendix Appendix TUT Systems, Inc 100 Internet Telephone Appendix B Technical Assistance and Customer SupportTechnical Support Equipment Return and RepairLimitations of Warranty Appendix C SMS2000 Limited WarrantyHardware Limited Warranty Exclusive RemediesAssistance Electrical Safety AdvisoryTut Systems, Inc., Customer Service Department FCC Radio Frequency Interference StatementTUT Systems, Inc 104