Tut Systems SMS2000 manual Authorization, Server Functionality

Page 57

Authorization

Chapter 6 - Authorization

Authorization entails determining if a particular user has permission to use a service.

Authorization

The SMS2000 is capable of performing authorization by using an external server (OCS or RADIUS) or by using onboard groups and rules. For details about using the OCS for Authorization, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these functions in various configurations are described below.

Authorization

Table 6-1 shows how authorization is performed with no external server, with RADIUS, and with the OCS.

Table 6-1 Authorization

Server	Functionality
With No External	No user authentication is possible. Groups and rules can be used to
Server	authorize subscribers based on their MAC address, VLAN ID, SNMP
	information, IP address, or any combination of these. For more information
	on using groups and rules, see Chapter 10, “Service Creation using Groups
	and Rules.”
With RADIUS	Authorization follows authentication as it does on a standard network
	access server (NAS). Parameters include static IP and bandwidth.
With OCS	The OCS provides enhanced authorization functions based on user name,
	physical port, MAC address, and more. Parameters include Stat IP, auth
	required, and bandwidth.

TUT Systems, Inc

Page 57 of 104

P/N 220-06288-20

Image 57

Contents TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring NTP Configuring SmtpConfiguring Snmp Polling Connectivity and TestingAuthentication Authentication Configuring the Command ServerAuthentication with Radius AuthorizationConfiguring Radius Using Rule PrioritiesGroups SMS2000 RulesWeb Proxy Settings Using Both Radius and OCS AuthenticationSMS2000 Troubleshooting Procedures SMS2000 Status Attributes and StatisticsRadius Attributes in Access-Accept Packets List of TablesList of Figures Audience PrefaceDocumentation available for this Release Related DocumentationIntroduction Subscriber Management FeaturesIntroduction Subscriber Management Components Subscriber Management ComponentsOCS SMS2000Introduction User Interface Getting StartedFor example restore config web original-confi g Accessing Help for CommandsIfconfig portnumber ipaddress /masklen Style ConventionsCursor Motion Keystrokes Cursor MovementClick Configure Initial ConfigurationEstablishing a Connection with the SMS2000 Establishing a Connection Via a Serial InterfaceEstablishing a Connection Via Telnet Initial Configuration Initial Configuration Changing Your PasswordSetting the Quick Configuration Setting the Hostname Disabling AuthenticationSaving the Configuration Rebooting the System Verifying the ConfigurationReboot Configuration E-Mail Settings System AdministrationSetting the Default Configuration E-mail Set config-mailrecipient@SMTPserver SMTPserverMailing the Current Configuration Configuration and System File ToolsDeleting the Configuration E-mail Committing Configuration ChangesDisabling Automatic Configuration Changes Automatically Committing Configuration ChangesCommit auto Commit noautoSaving a Configuration Loading a Configuration FileRestoring a Previous Configuration Restoring the Default Configuration Configuring SmtpSetting the Smtp Server Deleting the Smtp ServerSetting the Smtp ID Configuring NTPSetting the Timezone Set smtpid on offConfiguring the NTP server Configuring Snmp PollingSetting the Time Enabling Snmp PollingTesting to See if Snmp Polling will Work Disabling Snmp PollingSnmp-pollmacaddress Testing Connectivity Connectivity and TestingSetting Specialized System Options System ToolsDefining Ports Setting and Deleting Static PortsLeftrighthelp ? Port-definition mixed tut vlanSetting the Syslog Server Disconnecting a Session on a PortEvent Tracking Displaying Log MessagesSystem Administration Tools Displaying Version InformationExiting the Management Session Displaying Control Keys Changing a PasswordPasswd KeysSnmp Agent Snmp ManagementSnmp System Contact Snmp System LocationSnmp Trap Recipient Snmp CommunitySystem Information Tools Troubleshooting ToolsSMS2000% snmp delete trap-recipient Show snmp trap-recipientUpgrades Subscriber Connectivity CommandsSetting the ARP Failure Limit Setting the ARP Polling PeriodArchiving SMS2000 Firmware and distributing it from a Server Upgrading from Tut Systems’ WebsiteVerifying a Successful Upgrade Returning to an Older Firmware VersionLoading Another Image System Administration Authentication AuthenticationSetting the Command Server for OCS Interaction Configuring the Command ServerDeleting the Command Server Adding the OCS as the Authentication ServerTesting Authentication Deleting an Authentication ServerAuth add web url secret secret cmd-serv Auth onBypassing Authentication Setting the Authentication IntervalAuth off forcedweb authokurl blockall Auth interval minutes offHttp Request Throttle Setting the Http Request ThrottleAllow-Nets Deleting the Http Request ThrottleSet allow-netipaddress netmask dns-name Setting an Allow-NetAutomatic Redirection URLs Setting the Automatic Redirection URLDeleting an Allow-Net Set authok urlDeleting the authok Authentication with RadiusAdding a Radius Server Delete authokSyntax Description CommandDefault Default retrans-primary-only isUsage Guidelines Example Set NAS port type parameter Set nas-port-type integerSet nas-port-type Configuring a Radius SSL Back Channel Testing Authentication on the Radius ServerShow status radius Show status radius ExampleAuthorization AuthorizationAuthorization Server FunctionalityAccounting AccountingSending Accounting Messages to a Syslog Server Configuring Accounting Parameters Radius Accounting ConfigurationSending Accounting Messages to a Radius Server Deleting a Radius Accounting ServerProvisioning ProvisioningBilling BillingGroups Service Creation Using Groups and RulesAdding a Group Group add groupname noinherit inherit groupnameSubscribers that Cannot Support Authentication Setting the Active Group ContextSetting Maximum Users Per Port Deleting a GroupAdding a Rule SMS2000 RulesDeleting a Rule Set rule rulename groupname priority rulestringIP Address Rule Expression ComponentsMAC Address Ip=ipaddress ,netmaskNot Operator Vlan=vlanida-vlanidbTut=ipaddress-linenum*-portnum Or Operator OperatorParenthesis Expression and expressionUsing Rule Priorities IP Addressing IP AddressingPlug and Play With NAT Dhcp Pools Static Routable AddressesIP Multicasting Static Non-Routable AddressesConfiguring IP Types Iptype default NAT static Dhcp 1to1 1to1UniqueUnderstanding 1to1 and 1to1 Unique IP Types Deleting a Configured Source-Net Setting a Source-NetSource-Nets Set source-netstartaddress endaddress subnet-maskCreating Dhcp Pools Setting the DNS Server AddressRemoving a Dhcp Assignment Dhcp-server release macaddressDeleting the DNS Server Address Static RoutesAdding Routes Set dns add ipaddressSetting up the LPR Host PrintingSet lpr hostname off queuename maxpages maxbytes Using SMS2000 with a Radius Server Configuring RadiusObtaining the Radius Server Software Configuring Service Parameters Adding the SMS2000 as a Client on the Radius ServerAdding Users to the Radius Server Radius Ports Using Real IP AddressesSMS2000 Status Attributes and Statistics SMS2000 NAS FileRadius Attributes Sent in Accounting Messages Using Both Radius and OCS Authentication Radius Attributes Sent In Access Request PacketsRadius Attributes Received in Access- Accept Packets Deleting Traffic Shaping Setting Traffic ShapingShape xbps/rbps Shape xbps/rbps deleteSMS2000 and Property Management Systems PMS Setting the PMS ServerTTY ACK-NAK ENQ-ACK-NAK Protocol ModesENQ-ACK-NAK Mode Loading and Deleting Customized Web Pages Customizing SMS2000 Web Authentication with RadiusFiles For Groups Loading Web Pages or FilesLoad web url defaults Path ComponentsImage Links Upgrading Customizing Web PagesDeleting Web Pages or Files Preserving the Web FormWeb Page Redirection Size For Web Pages and External LinksActive Page Components Viewing CustomizationsReference Web Proxy Settings Configuring Web Proxy SettingsSetting the Wpad Curl Setting the Wpad TimeoutWeb Proxy Server Set proxy-ports port Delete proxy-ports portShow proxy-ports SMS2000 Troubleshooting Procedures SMS2000 TroubleshootingMultiple frames opened Snmp PollingBrowser Unable to do credit cardLine Verify OCS screens offRadius Attributes in Access-Accept Packets Appendix a Radius Access-Accept Dictionary FileAppendix Appendix TUT Systems, Inc 100 Technical Support Appendix B Technical Assistance and Customer SupportInternet Telephone Equipment Return and RepairHardware Limited Warranty Appendix C SMS2000 Limited WarrantyLimitations of Warranty Exclusive RemediesTut Systems, Inc., Customer Service Department Electrical Safety AdvisoryAssistance FCC Radio Frequency Interference StatementTUT Systems, Inc 104