Manuals / Netopia / Computer Equipment / Network Router

Netopia R910 manual RADIUS Client Support, RADIUS client configuration, Security

Models: R910

1 209

Download 209 pages 33.84 Kb

Page 151

RADIUS Client Support

Security 13-151

RADIUS Client Support

TheNetopia R910 implements a Remote Authentication Dial-In User Service (RADIUS) client (RFC 2138) and adds the ability to authenticate console conﬁguration access using a RADIUS server. This feature is strictly for console menu access authentication only, and is not intended for WAN connectivity access authentication.

Earlier routers use a local console authentication database consisting of between one and four user- name/password pairs. They require a user seeking console conﬁguration access to log in with a username and password when at least one username/password pair have been conﬁgured locally in the router. If no user- name/password pairs are deﬁned, a user seeking console conﬁguration access is given access without being required to log in.

TheR910 adds the ability to authenticate users seeking console conﬁguration access by using a remote authentication database maintained by a RADIUS server. It supports four security database modes:

■Local Only

■RADIUS only

■RADIUS then Local

■Local then RADIUS

RADIUS client configuration

To display the Security Options screen, from the Main Menu select System Conﬁguration, Security, then Security Options.

Main

Menu

System

Configuration

Security

Security Options

Security Options
Enable Dial-in Console Access:	Yes
Enable SmartStart/Web Server:	Yes
Enable Telnet Console Access:	Yes
Enable Telnet Access to SNMP Screens:	Yes
Console Access timeout (seconds):	600
Show Users...
Add User...
Delete User...
Advanced Security Options...
Password for This Screen (11 chars max):

Set up configuration access options here.

Image 151

Netopia R910 manual RADIUS Client Support, RADIUS client configuration, Security

Contents

User’s Reference Guide Netopia R910 Ethernet Router for DSL and Cable ModemsPart Number CopyrightPrinted Copies Chapter 2 - Setting Up Internet Services ContentsFeatures and capabilities How to use this guideAccessing the Easy Setup console screens Connecting a console cable to your routerChapter 7 - Easy Setup Easy Setup console screensInstalling the VPN Client DHCP NetBIOS OptionsVPN Default Answer Proﬁle Installing Dial-Up Networking12-109 The SNMP Setup screenTelnet access Chapter 12 - Monitoring ToolsConﬁguration problems Chapter 14 - Utilities and DiagnosticsFactory defaults Appendix A - TroubleshootingPower requirements Using address servingExported services Appendix F - Technical Speciﬁcations and SafetyOverview Features and capabilities“Features and capabilities” on page “How to use this guide” on page Chapter Introduction1-10 User’s Reference Guide How to use this guideDSL and cable modems Chapter Setting Up Internet ServicesSetting Up Internet Services Deciding on an ISP accountWithout Network Address Translation Local LAN IP address information to obtain2-12 User’s Reference Guide With Network Address TranslationMaking the Physical Connections “Identify the connectors and attach the cables” on pageChapter Making the Physical Connections Find a locationWhat you need Identify the connectors and attach the cables3-14 User’s Reference Guide your router” on page Netopia R910 Ethernet Router back panel portsMaking the Physical Connections 3-16 User’s Reference Guide Netopia R910 Ethernet Router status lights8 9 10 12 13 14 15 16 Network Model Chapter Connecting to Your Local Area NetworkConnecting to Your Local Area Network “Connecting to an Ethernet network” on page4-18 User’s Reference Guide Readying computers on your local networkAfter Application software TCP/IP stack Ethernet/EtherTalk Driver Your PC Connecting to Your Local Area Network10Base-T Connecting to an Ethernet network4-20 User’s Reference Guide The Netopia R910 in a 10Base-T network Connecting to Your Local Area NetworkThe Netopia R910 in a 10Base-T network with a hub 4-22 User’s Reference Guide “Hardware and operating system requirements” on page Chapter Configuring TCP/IPHardware and operating system requirements Conﬁguring TCP/IP5-24 User’s Reference Guide Conﬁguring TCP/IP on Windows 95 orDynamic conﬁguration recommended Conﬁguring TCP/IP Static conﬁguration optional5-26 User’s Reference Guide Conﬁguring TCP/IP on a Macintosh ComputerDynamic conﬁguration recommended Static conﬁguration optional Conﬁguring TCP/IP1. Go to the Apple menu. Select 5-28 User’s Reference Guide Dynamic conﬁguration using MacIP optionalConﬁguring TCP/IP 5-30 User’s Reference Guide Console-Based Management “Connecting through a Telnet session” on page“Connecting a console cable to your router” on page Chapter Console-Based ManagementFilter sets ﬁrewalls. See “About ﬁlters and ﬁlter sets” on page Connecting through a Telnet sessionUpgrade feature set. See “Upgrade feature set” on page 6-32 User’s Reference GuideConﬁguring Telnet software Connecting a console cable to your routerConsole-Based Management 6-34 User’s Reference Guide Navigating through the console screensEasy Setup Chapter Easy SetupEasy Setup console screens Accessing the Easy Setup console screens7-36 User’s Reference Guide See Appendix A, “Troubleshooting,” for more suggestionsEasy Setup Quick Easy Setup connection pathIf your ISP supports DHCP If your ISP doesn’t support DHCP7-38 User’s Reference Guide For more Easy Setup options see “More Easy Setup options” on pageWAN Ethernet Conﬁguration More Easy Setup optionsEasy Setup 7-40 User’s Reference Guide IP Easy SetupEasy Setup Easy Setup Security ConﬁgurationEasy Setup is now complete 7-42 User’s Reference Guide1. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice WAN and System Conﬁguration Chapter WAN and System Configuration“System conﬁguration features” on page WAN conﬁguration8-44 User’s Reference Guide System conﬁguration screensWAN and System Conﬁguration Navigating through the system conﬁguration screens8-46 User’s Reference Guide System conﬁguration featuresDate and time IP setupFilter sets ﬁrewalls IP address servingSecurity Upgrade feature setConsole conﬁguration SNMP Simple Network Management ProtocolWAN and System Conﬁguration Logging8-50 User’s Reference Guide Installing the Syslog client“Network Address Translation features” on page Chapter IP Setup and Network Address TranslationNetwork Address Translation features IP Setup and Network Address Translation192.168.1.100 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 9-52 User’s Reference GuideHOW NAT WORKS With NAT ISP 163.167.132.1 Without NAT or corporate intranet routerNote See “Associating port numbers with nodes” on page Using Network Address TranslationIP Setup and Network Address Translation 9-54 User’s Reference Guide Network Address Translation guideline Associating port numbers with nodesIP Setup and Network Address Translation IP setup 9-56 User’s Reference GuideIP Setup and Network Address Translation Exports, Add Export, and Delete Export 9-58 User’s Reference GuideSelect Add Export. The Add Exported Service screen appears CANCELSelect Service. A pop-up menu of services and ports appears IP Setup and Network Address Translation9-60 User’s Reference Guide IP subnetsFor example IP Setup and Network Address Translation9-62 User’s Reference Guide Static routespage IP Setup and Network Address Translation Viewing static routesAdding a static route 9-64 User’s Reference GuideIP Setup and Network Address Translation Rules of static route installationModifying a static route Deleting a static routeServe DHCP Clients Serve BootP Clients Serve Dynamic WAN Clients 9-66 User’s Reference GuideIP address serving Follow these steps to conﬁgure IP Address Serving IP Setup and Network Address Translation9-68 User’s Reference Guide IP Address PoolsNumerous factors inﬂuence the choice of served address. It is difﬁcult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been conﬁgured, and the clients involved have no prior address serving interactions, the Netopia R910 will generally serve the ﬁrst unused address from the ﬁrst address pool with an available address. The Netopia R910 starts from the pool on the ﬁrst row and continues to the pool on the last row of this screen IP Setup and Network Address Translation9-70 User’s Reference Guide DHCP NetBIOS OptionsIP Setup and Network Address Translation Select Release BootP Leases and press Return 9-72 User’s Reference GuideYou have ﬁnished your IP setup Virtual Private Networks VPN “VPN Default Answer Proﬁle” on page “VPN QuickView” on page“Installing the VPN Client” on page “About ATMP Tunnels” on page Chapter Virtual Private Networks VPNTransi t In t ern etwor k 10-74 User’s Reference GuideVirtual Private Networks VPN “About PPTP Tunnels” on page “About IPsec Tunnels” on page“About ATMP Tunnels” on page SummaryAbout PPTP Tunnels PPTP configuration10-76 User’s Reference Guide Virtual Private Networks VPN Note Proﬁles using PPTP do not offer a Telco Options screen10-78 User’s Reference Guide MS-CHAP V2 and strong encryption Encryption SupportVirtual Private Networks VPN About IPsec Tunnels Configuration10-80 User’s Reference Guide The Add Connection Proﬁle screen appears Virtual Private Networks VPN10-82 User’s Reference Guide Virtual Private Networks VPN IP Profile Parameters10-84 User’s Reference Guide Advanced IP Profile OptionsVirtual Private Networks VPN VPN Default Answer ProfileVPN QuickView Interoperation with other features10-86 User’s Reference Guide Proﬁle Name Lists the name of the Connection Proﬁle being used, if any Virtual Private Networks VPNDial-Up Networking for VPN Installing Dial-Up Networking10-88 User’s Reference Guide Virtual Private Networks VPN Creating a new Dial-Up Networking profile10-90 User’s Reference Guide Configuring a Dial-Up Networking profileVirtual Private Networks VPN 4. Click the TCP/IP Settings button10-92 User’s Reference Guide Installing the VPN ClientWindows 95 VPN installation Windows 98 VPN installationVirtual Private Networks VPN Connecting using Dial-Up NetworkingAbout ATMP Tunnels ATMP configuration10-94 User’s Reference Guide Virtual Private Networks VPN Note Proﬁles using ATMP do not offer a Telco Options screen10-96 User’s Reference Guide Virtual Private Networks VPN 10-98 User’s Reference Guide Allowing VPNs through a Firewall“PPTP example” on page “ATMP example” on page Virtual Private Networks VPN PPTP exampleDisplay/Change Input Filter screen 10-100 User’s Reference Guide 0.0.0.0 Virtual Private Networks VPN0.0.0.0 0.0.0.010-102 User’s Reference Guide ATMP exampleVirtual Private Networks VPN 0.0.0.0 10-104 User’s Reference Guide0.0.0.0 0.0.0.0PPP over Ethernet Chapter PPP over Ethernet11-106 User’s Reference Guide PPP over Ethernet PPP Ethernet LAN ReconfigurationConfiguration The Netopia R910 offers the ability for PPP to reconﬁgure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection11-108 User’s Reference Guide Quick View“Quick View status overview” on page “Statistics & Logs” on page Chapter Monitoring ToolsQuick View status overview Monitoring ToolsStatus lights General status12-110 User’s Reference Guide General Statistics Statistics & LogsMonitoring Tools Network Interface Event histories12-112 User’s Reference Guide Physical InterfaceDevice Event History WAN Event HistoryMonitoring Tools 12-114 User’s Reference Guide Routing tablesMonitoring Tools IP routing table12-116 User’s Reference Guide Served IP AddressesMonitoring Tools System InformationSNMP The SNMP Setup screen12-118 User’s Reference Guide Community strings SNMP trapsMonitoring Tools Modifying IP trap receivers Setting the IP trap receivers12-120 User’s Reference Guide Viewing IP trap receiversMonitoring Tools Deleting IP trap receivers12-122 User’s Reference Guide User accounts “Telnet access” on page “About ﬁlters and ﬁlter sets” on pageChapter Security Suggested security measuresProtecting the Security Options screen 13-124 User’s Reference GuideProtecting the conﬁguration screens Security Telnet access13-126 User’s Reference Guide About ﬁlters and ﬁlter setsWhat’s a ﬁlter and what’s a ﬁlter set? How ﬁlter sets worksend to next filter yes pass or discard? discard delete pass Filter prioritySecurity packet first filter match?A ﬁltering rule How individual ﬁlters work13-128 User’s Reference Guide A ﬁlter’s actionsSecurity Parts of a ﬁlterPort numbers Port number comparisonsOther ﬁlter attributes 13-130 User’s Reference GuidePutting the parts together Security Filtering example #113-132 User’s Reference Guide Design guidelinesFiltering example #2 Security An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Disadvantages of ﬁlters13-134 User’s Reference Guide Adding a ﬁlter setSecurity Naming a new ﬁlter setInput and output ﬁlters-source and destination 13-136 User’s Reference GuideAdding ﬁlters to a ﬁlter set Security 1. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effectModifying ﬁlters Viewing ﬁlter sets13-138 User’s Reference Guide Viewing ﬁltersSecurity Modifying ﬁlter setsDeleting a ﬁlter set A sample IP ﬁlter set13-140 User’s Reference Guide Security Possible modiﬁcations13-142 User’s Reference Guide Security Firewall tutorial General ﬁrewall termsBasic IP packet components Basic protocol typesFirewall Logic Firewall design rules13-144 User’s Reference Guide Example TCP/UDP PortsSecurity Binary representationLogical AND function Implied rulesExample IP ﬁlter set screen Filter basics13-146 User’s Reference Guide Established connectionsInternet Example ﬁltersIncoming Packet Filter NetopiaExample 13-148 User’s Reference GuideExample Example SecurityExample 13-150 User’s Reference Guide RADIUS Client Support RADIUS client configurationSecurity Local then RADIUS 13-152 User’s Reference GuideRADIUS Server Authentication Port RADIUS then LocalSecurity be unable to configure this device unless a Radius Server isAdvanced Security Options 13-154 User’s Reference Guide “Ping” on page “Trace Route” on page “Telnet client” on page Chapter Utilities and DiagnosticsUtilities and Diagnostics “Factory defaults” on page14-156 User’s Reference Guide PingUtilities and Diagnostics 14-158 User’s Reference Guide Trace RouteUtilities and Diagnostics Telnet client14-160 User’s Reference Guide Factory defaultsDisconnect Telnet console session Transferring conﬁguration and ﬁrmware ﬁles with TFTPGET CONFIG FROM SERVER SEND CONFIG TO SERVER Updating ﬁrmwareUtilities and Diagnostics GET WAN MODULE FIRMWARE FROM SERVER Config File Name14-162 User’s Reference Guide Downloading conﬁguration ﬁlesTransferring conﬁguration and ﬁrmware ﬁles with XMODEM Uploading conﬁguration ﬁlesUtilities and Diagnostics Updating ﬁrmware 14-164 User’s Reference GuideDownloading conﬁguration ﬁles Utilities and DiagnosticsUploading conﬁguration ﬁles 14-166 User’s Reference Guide Restarting the system“Conﬁguration problems” on page A-167 Appendix A TroubleshootingConﬁguration problems Troubleshooting A-167Local routing problems Console connection problemsNetwork problems Problems communicating with remote IP hostsTroubleshooting A-169 How to reset the router to factory defaultsPower outages Reset Switch SlotBefore contacting Netopia How to reach usTechnical support A-170 User’s Reference GuideOnline product information Troubleshooting A-171Online Technical Support A-172 User’s Reference Guide About IP addressing What is IP?“What is IP?” on page B-173 “About IP addressing” on page B-173 Appendix B Understanding IP AddressingB-174 User’s Reference Guide Subnets and subnet masksUnderstanding IP Addressing B-175 Example Using subnets on a Class C IP internetSubnet masks ISP Network B-176 User’s Reference GuideNetwork conﬁguration Customer Site ABackground Example Working with a Class C subnetDistributing IP addresses Understanding IP Addressing B-177B-178 User’s Reference Guide Technical note on subnet maskingDHCP address serving Netopia R910 DHCP server characteristicsConﬁguration Understanding IP Addressing B-179B-180 User’s Reference Guide Using address servingManually distributing IP addresses Tips and rules for distributing IP addressesUnderstanding IP Addressing B-181 B-182 User’s Reference Guide Nested IP subnetsA DHCP example Internet Understanding IP Addressing B-183B-184 User’s Reference Guide Packet header types BroadcastsUnderstanding IP Addressing B-185 B-186 User’s Reference Guide ISP Network Appendix C Understanding Netopia NAT BehaviorNetwork conﬁguration BackgroundC-188 User’s Reference Guide Workstation A Understanding Netopia NAT Behavior C-189Workstations C-190 User’s Reference GuideUnderstanding Netopia NAT Behavior C-191 Exported servicesC-192 User’s Reference Guide Important notesConﬁguration Understanding Netopia NAT Behavior C-193C-194 User’s Reference Guide SummaryBinary Conversion Table D-195 Appendix D Binary Conversion TableDecimal D-196 User’s Reference GuideDecimal BinaryFurther Reading E-197 Appendix E Further ReadingE-198 User’s Reference Guide Further Reading E-199 E-200 User’s Reference Guide Description Appendix F Technical Specifications and Safety InformationPower requirements Technical Speciﬁcations and Safety Information F-201F-202 User’s Reference Guide Regulatory noticesDeclaration for Canadian users Battery Important safety instructionsTechnical Speciﬁcations and Safety Information F-203 Telecommunication installation cautionsF-204 User’s Reference Guide Numerics IndexIndex-205 Index-206 Index-207 Index-208 13-131Index-209