Radius Client Support, Radius client configuration | Netopia R910

Security 13-151

RADIUS Client Support

TheNetopia R910 implements a Remote Authentication Dial-In User Service (RADIUS) client (RFC 2138) and adds the ability to authenticate console conﬁguration access using a RADIUS server. This feature is strictly for console menu access authentication only, and is not intended for WAN connectivity access authentication.

Earlier routers use a local console authentication database consisting of between one and four user- name/password pairs. They require a user seeking console conﬁguration access to log in with a username and password when at least one username/password pair have been conﬁgured locally in the router. If no user- name/password pairs are deﬁned, a user seeking console conﬁguration access is given access without being required to log in.

TheR910 adds the ability to authenticate users seeking console conﬁguration access by using a remote authentication database maintained by a RADIUS server. It supports four security database modes:

■Local Only

■RADIUS only

■RADIUS then Local

■Local then RADIUS

RADIUS client configuration

To display the Security Options screen, from the Main Menu select System Conﬁguration, Security, then Security Options.

Main

Menu

System

Configuration

Security

Security Options

Security Options
Enable Dial-in Console Access:	Yes
Enable SmartStart/Web Server:	Yes
Enable Telnet Console Access:	Yes
Enable Telnet Access to SNMP Screens:	Yes
Console Access timeout (seconds):	600
Show Users...
Add User...
Delete User...
Advanced Security Options...
Password for This Screen (11 chars max):

Set up configuration access options here.

Image 151

Netopia R910 manual Radius Client Support, Radius client configuration

Contents

Netopia R910 Ethernet Router for DSL and Cable Modems Part Number Contents Iv User’s Reference Guide Contents Snmp Contents Index Chapter Introduction Features and capabilitiesOverview How to use this guide Obtaining information from the ISP Chapter Setting Up Internet ServicesDeciding on an ISP account DSL and cable modems With Network Address Translation Local LAN IP address information to obtainWithout Network Address Translation Find a location Chapter Making the Physical Connections What you need Identify the connectors and attach the cablesLine 1 port Your router on Netopia R910 Ethernet Router back panel ports 10 12 13 14 15 16 Netopia R910 Ethernet Router status lights Network Model Chapter Connecting to Your Local Area NetworkBefore After Readying computers on your local network Connecting to Your Local Area Network Power port Console port Connecting to an Ethernet network10Base-T Netopia R910 in a 10Base-T network User’s Reference Guide Hardware and operating system requirements Chapter Configuring TCP/IP Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows 95 or Static conﬁguration optional Conﬁguring TCP/IP on a Macintosh Computer Static conﬁguration optional Dynamic conﬁguration using MacIP optional Conﬁguring TCP/IP User’s Reference Guide Chapter Console-Based Management Snmp Simple Network Management Protocol. See Snmp on Connecting through a Telnet session Conﬁguring Telnet software Connecting a console cable to your router Mac ANSI, VT-100, or VT-200 Navigating through the console screens Easy Setup console screens Chapter Easy SetupAccessing the Easy Setup console screens Screen similar to the following Main Menu appears If your ISP supports Dhcp Quick Easy Setup connection pathIf your ISP doesn’t support Dhcp Main Menu appears WAN Ethernet Conﬁguration More Easy Setup options Previous Screen Next Screen IP Easy Setup Easy Setup Security Conﬁguration User’s Reference Guide WAN conﬁguration Chapter WAN and System Configuration System conﬁguration screens Navigating through the system conﬁguration screens System conﬁguration features Date and time IP setupFilter sets ﬁrewalls IP address serving Security Upgrade feature setConsole conﬁguration Snmp Simple Network Management Protocol Logging Installing the Syslog client Network Address Translation features Chapter IP Setup and Network Address Translation HOW NAT Works Using Network Address Translation To Main Menu Network Address Translation guideline Associating port numbers with nodes IP Setup Ethernet IP Address IP Setup and Network Address Translation Exports, Add Export, and Delete Export Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets IP Setup and Network Address Translation Static routes Viewing static routes Static Routes screen will appear Adding a static route Modifying a static route Rules of static route installationDeleting a static route Main Menu System Configuration IP Address Serving Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type User’s Reference Guide Chapter Virtual Private Networks VPN Transi t In t ern etwor k Summary Configuration Add Connection Profile Pptp configurationAbout Pptp Tunnels Chap User’s Reference Guide IP Proﬁle Parameters screen appears Encryption SupportMS-CHAP V2 and strong encryption About IPsec Tunnels Configuration Add Connection Proﬁle screen appears IPsec Encryption & Authentication Options IP Profile Parameters Following section Advanced IP Profile Options VPN Default Answer Profile VPN QuickView Interoperation with other featuresQuickView Virtual Private Networks VPN Dial-Up Networking for VPN Installing Dial-Up Networking Creating a new Dial-Up Networking profile Configuring a Dial-Up Networking profile Virtual Private Networks VPN Windows 95 VPN installation Installing the VPN ClientWindows 98 VPN installation Connecting using Dial-Up Networking About Atmp Tunnels Atmp configuration Pptp Commitcancel User’s Reference Guide Local WAN IP Address 0.0 Remote IP Address Pptp example on Atmp example on Allowing VPNs through a Firewall Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Chapter PPP over Ethernet Setup EN WAN Module Add Connection PPP Ethernet LAN Reconfiguration Quick View Quick View status overview Chapter Monitoring Tools Status lights General status General Statistics Statistics & Logs Physical Interface Event historiesNetwork Interface Device Event History WAN Event History Routing tables Scroll Down IP routing table Served IP Addresses System Information Snmp Snmp Setup screen Community strings Snmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receivers User’s Reference Guide Suggested security measures Chapter SecurityUser accounts Protecting the conﬁguration screens Protecting the Security Options screen Telnet access What’s a ﬁlter and what’s a ﬁlter set? About ﬁlters and ﬁlter setsHow ﬁlter sets work Filter priority ﬁlter’s actions How individual ﬁlters workﬁltering rule Who 513 Parts of a ﬁlterPort numbers 161 Aurp AppleTalk 387 Putting the parts together Other ﬁlter attributes Filtering example #1 Internet Control Message ProtocolTransmission Control Protocol User Datagram Protocol Filtering example #2 Design guidelines Working with IP ﬁlters and ﬁlter sets An approach to using ﬁltersDisadvantages of ﬁlters Adding a ﬁlter set Naming a new ﬁlter set Netopia R910 Router Input and output ﬁlters-source and destinationAdding ﬁlters to a ﬁlter set ADD this Filter NOW Cancel Deleting ﬁlters Viewing ﬁlter setsViewing ﬁlters Modifying ﬁlters Deleting a ﬁlter set Modifying ﬁlter setsSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations User’s Reference Guide ACK Bit Yes Firewall tutorial General ﬁrewall termsBasic IP packet components Basic protocol types Example TCP/UDP Ports Firewall design rulesFirewall Logic Logical and function Binary representationImplied rules This is an example of the Netopia IP ﬁlter set screen Filter basicsEstablished connections Example IP ﬁlter set screen Example network Example ﬁltersExample Example Example User’s Reference Guide Radius Client Support Radius client configuration Radius Server Secret Continue Cancel Continue Chapter Utilities and Diagnostics Start Ping Ping Receive return Ping packet Stop Ping Trace Route Telnet client Disconnect Telnet console session Factory defaultsTransferring conﬁguration and ﬁrmware ﬁles with Tftp Updating ﬁrmware Press Return. You will see the following dialog box Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁles Idle Do you want to send a saved configuration to your Netopia? Restarting the system Conﬁguration problems Appendix a Troubleshooting Network problems Console connection problems Power outages How to reset the router to factory defaults Environment proﬁle How to reach usTechnical support Before contacting Netopia Product information can be found in the following Online product informationOnline Technical Support User’s Reference Guide Appendix B Understanding IP Addressing What is IP?About IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Distributing IP addresses Example Working with a Class C subnetBackground 255.255.255.224 Technical note on subnet masking Dhcp address serving Netopia R910 Dhcp server characteristicsConﬁguration 255.255.255.0 MacIP serving Using address servingManually distributing IP addresses Tips and rules for distributing IP addresses Understanding IP Addressing B-181 Dhcp example Nested IP subnets Internet 0.0 C.1 WAN 3719 Packet header types Broadcasts User’s Reference Guide Network conﬁguration Appendix C Understanding Netopia NAT BehaviorBackground User’s Reference Guide Understanding Netopia NAT Behavior C-189 Router Netopia Understanding Netopia NAT Behavior C-191 Exported services Important notes Understanding Netopia NAT Behavior C-193 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-199 User’s Reference Guide Appendix F Technical Specifications and Safety Information Declaration for Canadian users Regulatory notices Telecommunication installation cautions Important safety instructionsBattery User’s Reference Guide Deﬁned B-180 Index Index-206 Index-207 SmartIP Index-208 Index-209