Tut Systems SMS2000 manual Using Rule Priorities

Page 68

Service Creation Using Groups and Rules

Using Rule Priorities

Each rule has a numeric priority; the smaller the number, the greater the priority. When assigning a group to a new session, the SMS2000 first looks at all rules with priority 1. If it finds any matching rule, it stops and uses the group for that rule. If it does not find any matching rule, it goes on to rules with priority 2, and so on.

Managers can use multiple rules in conjunction with one another to provide unique service offerings. For example, a manager has a client named Geraldo in an MCU setting. He is connected through an MDU Lite on port 1. He has a web server at ip 123.123.123.5, and an e-mail server at 123.123.123.6, both of which require a static IP address with no authentication. He also has 13 employees, each of whom is running a PC with DHCP, and would like to have them receive a real IP address.

The manager can enter the following commands:

SMS2000% group add gerstat

Active group is “gerstat”

SMS2000% auth off

SMS2000% iptype static

SMS2000% set rule gerstat5 1 ip=123.123.123.5 and snmp-info=123.123.123.123-001-001

SMS2000% set rule gerstat6 1 ip=123.123.123.6 and snmp-info=123.123.123.123-001-001

SMS2000% group *

Active group is “*”

SMS2000% group add gerdhcp

Active group is “gerdhcp”

SMS2000% auth off

SMS2000% dhcp-pool gerpool 123.123.123.7 123.123.123.20 255.255.255.0

SMS2000% iptype DHCP

SMS2000% set rule gerdhcp 2 snmp-info=123.123.123.123-001-001

Any device that connected through 123.123.123.123-001-001 matches the “gerdhcp” rule.

However, since that rule has a priority 2, which is lower than both “gerstat5” and “gerstat6,” those other rules will be checked first. Since both Geraldo’s web server and e- mail server have an IP in one of those rules, they will be placed in the “gerstat” group, which has a more restrictive membership, but allows devices to have a static IP.

TUT Systems, Inc

Page 68 of 104

P/N 220-06288-20

Image 68
Contents TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring Smtp Configuring NTPConfiguring Snmp Polling Connectivity and TestingAuthentication Configuring the Command Server AuthenticationAuthentication with Radius AuthorizationUsing Rule Priorities Configuring RadiusGroups SMS2000 RulesUsing Both Radius and OCS Authentication Web Proxy SettingsSMS2000 Troubleshooting Procedures SMS2000 Status Attributes and StatisticsList of Figures Radius Attributes in Access-Accept PacketsList of Tables Preface AudienceDocumentation available for this Release Related DocumentationSubscriber Management Features IntroductionIntroduction Subscriber Management Components Subscriber Management ComponentsSMS2000 OCSIntroduction Getting Started User InterfaceAccessing Help for Commands For example restore config web original-confi gIfconfig portnumber ipaddress /masklen Style ConventionsCursor Movement Cursor Motion KeystrokesInitial Configuration Click ConfigureEstablishing a Connection with the SMS2000 Establishing a Connection Via a Serial InterfaceEstablishing a Connection Via Telnet Initial Configuration Setting the Quick Configuration Initial ConfigurationChanging Your Password Saving the Configuration Setting the HostnameDisabling Authentication Reboot Rebooting the SystemVerifying the Configuration System Administration Configuration E-Mail SettingsSetting the Default Configuration E-mail Set config-mailrecipient@SMTPserver SMTPserverConfiguration and System File Tools Mailing the Current ConfigurationDeleting the Configuration E-mail Committing Configuration ChangesAutomatically Committing Configuration Changes Disabling Automatic Configuration ChangesCommit auto Commit noautoRestoring a Previous Configuration Saving a ConfigurationLoading a Configuration File Configuring Smtp Restoring the Default ConfigurationSetting the Smtp Server Deleting the Smtp ServerConfiguring NTP Setting the Smtp IDSetting the Timezone Set smtpid on offConfiguring Snmp Polling Configuring the NTP serverSetting the Time Enabling Snmp PollingSnmp-pollmacaddress Testing to See if Snmp Polling will WorkDisabling Snmp Polling Connectivity and Testing Testing ConnectivitySetting Specialized System Options System ToolsSetting and Deleting Static Ports Defining PortsLeftrighthelp ? Port-definition mixed tut vlanDisconnecting a Session on a Port Setting the Syslog ServerEvent Tracking Displaying Log MessagesExiting the Management Session System Administration ToolsDisplaying Version Information Changing a Password Displaying Control KeysPasswd KeysSnmp Management Snmp AgentSnmp System Contact Snmp System LocationSnmp Community Snmp Trap RecipientTroubleshooting Tools System Information ToolsSMS2000% snmp delete trap-recipient Show snmp trap-recipientSubscriber Connectivity Commands UpgradesSetting the ARP Failure Limit Setting the ARP Polling PeriodUpgrading from Tut Systems’ Website Archiving SMS2000 Firmware and distributing it from a ServerLoading Another Image Verifying a Successful UpgradeReturning to an Older Firmware Version System Administration Authentication AuthenticationConfiguring the Command Server Setting the Command Server for OCS InteractionDeleting the Command Server Adding the OCS as the Authentication ServerDeleting an Authentication Server Testing AuthenticationAuth add web url secret secret cmd-serv Auth onSetting the Authentication Interval Bypassing AuthenticationAuth off forcedweb authokurl blockall Auth interval minutes offSetting the Http Request Throttle Http Request ThrottleAllow-Nets Deleting the Http Request ThrottleSetting an Allow-Net Set allow-netipaddress netmask dns-nameSetting the Automatic Redirection URL Automatic Redirection URLsDeleting an Allow-Net Set authok urlAuthentication with Radius Deleting the authokAdding a Radius Server Delete authokCommand Syntax DescriptionUsage Guidelines Example DefaultDefault retrans-primary-only is Set nas-port-type Set NAS port type parameterSet nas-port-type integer Testing Authentication on the Radius Server Configuring a Radius SSL Back ChannelShow status radius Show status radius ExampleAuthorization AuthorizationAuthorization Server FunctionalitySending Accounting Messages to a Syslog Server AccountingAccounting Radius Accounting Configuration Configuring Accounting ParametersSending Accounting Messages to a Radius Server Deleting a Radius Accounting ServerProvisioning ProvisioningBilling BillingService Creation Using Groups and Rules GroupsAdding a Group Group add groupname noinherit inherit groupnameSetting the Active Group Context Subscribers that Cannot Support AuthenticationSetting Maximum Users Per Port Deleting a GroupSMS2000 Rules Adding a RuleDeleting a Rule Set rule rulename groupname priority rulestringRule Expression Components IP AddressMAC Address Ip=ipaddress ,netmaskTut=ipaddress-linenum*-portnum Not OperatorVlan=vlanida-vlanidb Operator Or OperatorParenthesis Expression and expressionUsing Rule Priorities Plug and Play With NAT IP AddressingIP Addressing Static Routable Addresses Dhcp PoolsStatic Non-Routable Addresses IP MulticastingUnderstanding 1to1 and 1to1 Unique IP Types Configuring IP TypesIptype default NAT static Dhcp 1to1 1to1Unique Setting a Source-Net Deleting a Configured Source-NetSource-Nets Set source-netstartaddress endaddress subnet-maskSetting the DNS Server Address Creating Dhcp PoolsRemoving a Dhcp Assignment Dhcp-server release macaddressStatic Routes Deleting the DNS Server AddressAdding Routes Set dns add ipaddressSet lpr hostname off queuename maxpages maxbytes Setting up the LPR HostPrinting Obtaining the Radius Server Software Using SMS2000 with a Radius ServerConfiguring Radius Adding Users to the Radius Server Configuring Service ParametersAdding the SMS2000 as a Client on the Radius Server Using Real IP Addresses Radius PortsRadius Attributes Sent in Accounting Messages SMS2000 Status Attributes and StatisticsSMS2000 NAS File Radius Attributes Received in Access- Accept Packets Using Both Radius and OCS AuthenticationRadius Attributes Sent In Access Request Packets Setting Traffic Shaping Deleting Traffic ShapingShape xbps/rbps Shape xbps/rbps deleteSetting the PMS Server SMS2000 and Property Management Systems PMSProtocol Modes TTY ACK-NAK ENQ-ACK-NAKENQ-ACK-NAK Mode Customizing SMS2000 Web Authentication with Radius Loading and Deleting Customized Web PagesFiles For Groups Loading Web Pages or FilesImage Links Load web url defaultsPath Components Customizing Web Pages UpgradingDeleting Web Pages or Files Preserving the Web FormSize For Web Pages and External Links Web Page RedirectionReference Active Page ComponentsViewing Customizations Configuring Web Proxy Settings Web Proxy SettingsSetting the Wpad Curl Setting the Wpad TimeoutWeb Proxy Server Show proxy-ports Set proxy-ports portDelete proxy-ports port SMS2000 Troubleshooting SMS2000 Troubleshooting ProceduresSnmp Polling Multiple frames openedBrowser Unable to do credit cardVerify OCS screens off LineAppendix a Radius Access-Accept Dictionary File Radius Attributes in Access-Accept PacketsAppendix Appendix TUT Systems, Inc 100 Appendix B Technical Assistance and Customer Support Technical SupportInternet Telephone Equipment Return and RepairAppendix C SMS2000 Limited Warranty Hardware Limited WarrantyLimitations of Warranty Exclusive RemediesElectrical Safety Advisory Tut Systems, Inc., Customer Service DepartmentAssistance FCC Radio Frequency Interference StatementTUT Systems, Inc 104