Configuration section | Patton electronic 29XX guide

Access Server Administrators’ Reference Guide	5 • Authentication

The Configuration section

The configuration section of the main Authentication screen (see figure 14) shows how the authentication method used by the RAS is configured.

Figure 14. Authentication main screen (Configuration section)

Validation (auValidation)

Selects how the access server will authenticate an incoming call. Select from:

•No Validation(0)—Select this to allow un-authenticated calls into the access server, and on to your LAN, using the default service.

•static Users(1)—Use the access server internal user database only to authenticate. Static users are simply users and passwords entered into the access server’s internal users database.

•radius Users(2)—Use RADIUS to authenticate and provision user services. RADIUS is a client-server sys- tem developed to manage the flexible requirements of remote dial-in users. The RADIUS protocol is speci- fied under RFC 2138 for authentication and RFC 2139 for accounting. RADIUS servers are available as freeware for most computer platforms and is an excellent method for managing user dial-in security. Any RADIUS entries will require an associated server to process authentication requests from the access server or the access server will reject users access. For more information about RADIUS, see RADIUS User Authen- tication, below.

•tacacs Users(3)—This feature is not currently available

•static Then RADIUS(4)—Check the internal user database first, if no match is found, then use RADIUS to authenticate and provision user services.

•static Then Tacacs(5)— Check the internal user database first, if no match is found, then use TACACS to authenticate and provision user services. Not currently implemented.

Note The following options apply only when using an external authentication server.

The Configuration section

34

Image 34

Patton electronic 29XX manual Configuration section, Validation auValidation

Contents

Remote Access Server Patton Electronics Company, Inc Contents Drop and Insert 138 Interfaces 178 Sync PPP 276 Contents Contents Audience Structure Typographical conventions used in this document General conventions Mouse conventions Chapter contents Introduction Introduction Logging into the HTTP/HTML Administration Pages HTTP/HTML and Snmp Object Format Saving HTTP/HTML Object Changes Home Introduction Home Operating Status Variables Immediate Actions Immediate Actions buttons Import/Export Export Configuration Import/Export main window Typical access server flash memory configuration data Import Configuration Alarms Sample alarm indication Displaying the Alarms window Total System AlarmsX alarmTotal Alarm Response Outputs Alarms Modify Response-Configuring the alarm response system Alarm Snmp Trap IP 2 alarmTrapIp1 Alarm Syslog Priority syslogAlarmPriorityAlarm Snmp Trap IP 1 alarmTrapIp0 Alarm Snmp Trap IP 3alarmTrapIp2 Modify Alarms-Configuring alarm severity levels Modify Alarms settings window Authentication ID suID Validated via primary server auAuthenticationsValidPrimary Displaying the Authentication windowValidated authentications auAuthenticationsValidTotal Statistics section Primary server timeouts auPrimaryServerTimeouts Validated via static database auAuthenticationsValidStaticDenied authentications auAuthenticationsDenied Secondary server timeouts auSecondaryServerTimeouts Configuration section Validation auValidation Secondary Host Address auSecondaryHostAddress Timeout auTimeoutHost Address auHostAddress Host Port auHostPort Radius Packet Format auRadiusPacketFormat Accounting Enable auAccountingEnableAccounting Port auAcctPort Radius Session ID Size auRadiusRunningIdSize Setting Up Authentication Radius Session ID auRadiusRunningId Authentication Configuration screen Host Address auHostAddress Accounting Port auAcctPort Static User Authentication Adding Static Users Modify Static User Service Mask suServiceMask Service IP suServiceIPService Port suServicePort Filter ID suFilterId DAX Configuring the DAX Circuit Type daxClockMode Main Reference daxClockMainRef Fallback Reference daxClockFallbackRef DAX Clock Status alarm condition Clock Status daxClockFailure Dial Dial Dial Dial Phone Dial Introduction Call ID diactIndex Dial In main windowCall Sorting diPageSort ML ID diactMultiIndex Disconnect Reason diactTerminateReason State diactStateDuration diactSessionTime Modulation diactModulation Connect Speed diactTxSpeed Dial Modulations windowUsername diactUsername Connection Modulation diactModulation DSP Link diactDSPIndexTransmit Connection Speed diactTxSpeed Data Compression Protocol diactCompression Error Correction diactErrorCorrectionReceive Connection Speed diactRxSpeed Locally Initiated Renegotiates diactLocalRenegotiates Dial Telco window Dial Telco window Time Call Is/Was Active diactSessionTime WAN Link diactLinkIndexTime Slot diactSlotIndex Termination Reason diactTerminateReason Dial Protocol window Shared Unique ID diactMultiIndex IP Address diactIP LCP Authentication LCPAuthOptionsProtocol diactProtocol Port # on Remote Machine diactPort Remote-Local VJ Protocol Comprsn diIpRemoteToLocalCompProt Local-Remote VJ Protocol Comprsn diIpLocalToRemoteCompProtNext Hop diForceNextHop Dial In Details Dial In Details window Dial In Modify default window Dial In Modify window modify Login, Service, and DNS objects Login Technique diLoginTechnique Modify LoginIP Address Pool diIpPool Default Service diService Password Prompt diPasswordPromptModify Service Username Prompt diUsernamePrompt Modify Domain Name Server Failure Banner diFailureBanner Modify AttemptsSuccess Banner diSuccessBanner Modify Configuration Modify Maximum Time Modify Isdn Configuration 110 diV110Enable Modify V.92 Configuration Modify Modem Configuration V34diModemV34Enable V90diModemV90EnableK56flexdiModemK56Enable V32diModemV32Enable CarrierLossDuration diModemCarrierLossDuration Billing Delay diBillingDelayGuard Tone diModemGuardTone Answer Tone LengthdiModemAnswerToneLength Manage Dnis Window Direct0-No compression will be used Manage Dnis main window Dnis Entry Window Called Calling Number dnisPoolDesrcDialedNumber Dnis Profiles ID dnisIpProfileId Login Technique dnisProfileLoginTechniqueDnis Profiles Main Window IP Pool dnisProfileAssignedIpPool Telnet Mode dnisProfileTelnetMode Service Port dnisProfileServicePortService IP dnisProfileServiceIP Dovbs dnisProfileDOVBS Dnis Profile Entry Window Status dnisIpProfileStatusAdd a Dnis Profile IP Pool dnisProfileSAssignedIpPool Dovbs dnisProfileDOVBS Service Port dnisProfileServicePort IP Address Pool dnisIpPool Dnis IP Pools WindowID dnisIpPoolId Status dnisIpPoolStatus Dnis IP Pool Entry Window Dnis IP Pools Entry window Dial In User Statistics window User Statistics Call Identification, Session Call Identification Session Time Left In Session diactRemainingSession Termination Reason diactTerminateReason Dial Dial State at termination diactTerminateState PPP Statistics LCP Statistics Local Multilink Mrru diStatLcpLocalMRRU LCP Authentication LCPAuthOptionsRemote MRU diStatRemoteMRU Remote Multilink Mrru diStatLcpRemoteMRRU Transmit Frame Check Seq. Size diStatTransmitFcsSize Local-Remote AC Comprsn diStatLocalToRemoteACCompRemote-Local AC Comprsn diStatRemoteToLocalACComp Receive Frame Check Seq. Size diStatReceiveFcsSize Remote-Local VJ Protocol Comprsn diIpRemoteToLocalCompProt Operational Status diIpOperStatusLocal-Remote VJ Protocol Comprsn diIpLocalToRemoteCompProt Remote Max Slot ID diIpRemoteMaxSlotId Filters diStatIpFilterAtoJ Primary Domain Name Server diactPrimaryDNSSecondary Domain Name Server diactSecondaryDNS Phone Data Physical Layer Transmit Connection Speed diactTxSpeed Error Correction diactErrorCorrectionModulation Symbol Rate diactSymbolRate Receive Connection Speed diactRxSpeed Remote Initiated Renegotiates diactRemoteRenegotiates Locally Initiated Retrains diactLocalRetrainsRemote Initiated Retrains diactRemoteRetrains Dial Out Dial Out 105 106 Active Calls doActive Dial Out Main WindowCall Sorting doPageSort Call ID doactIndex Duration doactSessionTime User doactUsernameState doactState Disconnect Reason doactTerminateReason 109 Modulation doactModulation Dial Out Details windowSpeed doactTxSpeed Dial Out Modify window Dial Out Details window Password Prompt doPasswordPrompt TCP Type doServiceTypeLogin Technique doLoginTechnique TCP Port doTcpPort Login Attempts Allowed doAllowAttempts Failure Banner doFailureBanner Time to Login sec doLoginTimeout Maximum Session Time doSessionTimeoutMaximum Idle Time doIdleTimeout Call History Timeout min doLingerTime V21 doModemV21Enable Isdn doModemISDNEnableV22 doModemV22Enable Maximum Speed doModemMaxSpeed Carrier Loss Duration doModemCarrierLossDuration Minimum Speed doModemMinSpeedGuard Tone doModemGuardTone Retrain doModemRetrain Restrict Modification doModemRestrictMods Dial Out Locations WindowStatus locationstatus Add Location Maximum Session Time locationSessionTimeout Multilink locationConfigMultilinkIdle Timeout locationIdleTimeout Authentication Technique locationAuthTechnique View/Modify location details Dialing Locations Locations Link Dial Out Modem Profiles WindowAdd Modem Profile Profile ID modemProfileId RetrainmodemRetrain Guard Tone modemGuardToneCarrier Loss Duration modemCarrierLossDuration Compression modemCompression Status modemStatus Billing Delay modemBillingDelayDial Out User Statistics Window View modem profile Call ID doactIndex Password doactPasswordCall Identification Username doactUsername Wan Link doactLinkIndex Minutes until timeout doactRemainingIdleDsp Link doactDSPIndex Time Slot doactSlotIndex 126 Bad Controls doStatBadControls PPP StatisticsBad Address doStatBadAddresses Packets too long doStatPacketTooLongs Remote MRU doStatRemoteMRU Remote LCP Authentication doStatLcpAuthLocal MRU doStatLocalMRU Local Multilink Mrru doStatLcpLocalMRRU Local AC Compression doStatLocalToRemoteACComp Local PPP Protocol Compression doStatLocalToRemoteProtCompRemote PPP Protocol Compression doStatRemoteToLocalProtComp Remote AC Compression doStatRemoteToLocalACComp Octets Sent doactSentOctets Bad Packets doactErrorFramesNumber Called doactNumberDialed Octets Received doactReceivedOctets Tx Connection Speed doactTxSpeed Error Correction Protocol doactErrorCorrectionConnection Modulation doactModulation Rx Connection Speed doactRxSpeed An example section of dialout Callback Dial-in Modify Configuration Callback diCallbackConfig Dial-in Main Window Dial-in user waiting to be called back Callback Configuration suCallbackConfig Radius ConfigurationCallback phone number suCallbackNumber Accounting information Dialout Drop and Insert Drop and Insert main window Session Timeout drSessionTimeoutCall History Timeout drLingerTime Active Calls drActive How Drop and Insert works Using Drop and Insert Drop and insert diagram Digital Signal Processing DSP 152 DSP main window DSP Settings main window Instance #2 State dspStateSecond Instance #1 Use dspUsefirstInstance #2 Use dspUseSecond DSP PCM Capture DSP Connection PerformanceDSP Memory Capture DSP Debugging Events Connection Summaries DSP Connection Totals Remote-Reneg dspRemoteRenegotiates Reboot-A dspTotalRebootDueToFailsReboot-B dspTotalRebootDueToError Local-Retrain dspLocalRetrains DSP Status DSP information windowDesired State dspDesiredState Call Statistics Debug Statistics Ethernet Ethernet Main Window State boxEtherAState PrimaryIpMask boxEtherAPrimaryIpMask ConfigPrimaryIPAddress boxEtherAPrimaryIpAddress PrimaryIpFilters boxEtherAPrimaryIpFilters Ethernet Modify Window Ethernet Modify Window Alignment Errors dot3StatsAlignmentErrors Technique ConfigurationEthernet Statistics Other Errors dot3StatsInternalMacTransmitErrors FCS Errors dot3StatsFCSErrorsSQE Test Errors dot3StatsSQETestErrors Carrier Sense Errors dot3StatsCarrierSenseErrors Received Frames Too Long dot3StatsFrameTooLongs Other Received Errors dot3StatsInternalMacReceiveErrorsChip Set ID dot3StatsEtherChipSet Filter IP Defining a filter Modify Filter Name filterIpName Direction filterIpDirection Comparison filterIpSourceAddressCmp Action filterIpActionSource IP Address filterIpSourceIp Source Port Destination IPDestination Port Protocol filterIpProtocol Port filterIpDestinationPortTCP Established filterIpTcpEstablished An example of using a filter IP Filter showing default for dialout 168 169 Frame Relay Congestion frameEnableCongestion Frame Relay main window Frame Relay main window Link X frDlcmiIfIndex Hdlc Statistics on Link Dlmi Window MultiCast Service frDlcmiMulticast Signalling frDlcmiStateError Threshold N392 frDlcmiErrorThreshold Data Link Protocol frDlcmiAddress Bidirectional PollingfrDlc rDlcmiPollingBiDir Dlci windowLMI Interface frDlcmiInterface Polling Verification T392 frDlcmiPollingVerification Interface # FrameIPInterfaceNum Congestion frameEnableCongestionDlci frCircuitDlci State frCircuitState Interfaces Interfaces main window Number ifIndex Type ifType Admin Stat ifAdminStatusOperational Status ifOperStatus Interface Details Description ifDescr Physical Address ifPhysAddress Max Transfer Unit ifMTUSpeed ifSpeed Last Change ifLastChange Received and Discarded w/No Errs ifInDiscards Received Errored Packets ifInErrorsRequested Errored Packets ifOutErrors Received w/Unknown Protocol ifInUnknownProtos 184 16 IP 186 IP main window IP main window Discarded for Address Errors ipInAddrErrors Default Time-To-Live ipDefaultTTLDiscarded for Header Errors ipInHdrErrors Forwarding ipForwarding Forwarded Datagrams ipForwDatagrams Discarded w/No Errors ipInDiscardsReassembly Timeout ipReasmTimeout Discarded for Unknown Protos ipInUnknownProtos Modify TCP TCP main window Retransmit-Timeout Maximum tcpRtoMax Retransmit-Timeout Algorithm tcpRtoAlgorithmRetransmit-Timeout Minimum tcpRtoMin Established Resets tcpEstabResets TCP Details UDP Received udpInDatagrams Handling of Netbios UDP Broadcasts boxNetbiosUdpBridgingOthers Received with No Delivery udpInErrors Received With No Ports udpNoPorts Icmp Receive/Send Messages window Errors icmpInErrors, icmpOutErrorsBlock Icmp redirects boxBLockIcmpRedirects Total Received/Sent icmpInMsgs, imcpOutMsgs Times Exceeded icmpInTimeExcds, icmpOutTimeExcds Parameter Problems icmpInParmProbs, icmpOutParmProbsSource Quenchs icmpInSrcQuenchs, icmpOutSrcQuenchs Redirects icmpInRedirects, icmpOutRedirects Time Stamps icmpInTimestamps, icmpInTimestamps Addressing InformationEcho Replys icmpInReps, icmpOutReps Address Mask Requests icmpInAddrMasks icmpOutAddrMasks Entry Interface Index ipAdEntIfIndex Entry Reassembly Maximum Size ipAdEntReasmMaxSizeRouting Information Entry Subnet Mask ipAdEntNetMask Destination ipRouteDest Mask ipRouteMask Interface ipRouteIfIndex Gateway RouteGatewayCost RouteCost State RouteState Adding a static point-to-point route to a remote host Adding a point-to-point routeAdding a static routes to a remote network Forwarding table window Advanced… Type ipRouteType Next Hop ipRouteNextHopProtocol ipRouteProto Info ipRouteInfo IP Routing Destination windowRoute Destination ipRouteDest Address Translation Information Seconds Since Updated ipRouteAgeTag RouteTag Physical ipNetToMediaPhysAddress Interface ipNetToMediaEntryNet Address ipNetToMediaNetAddress Type ipNetToMediaType MFR Version 218 MFR Version 2 main window Line SignallingCountry lineSigCountry Interregister Signalling MFR Version 2-Modify MFR Version 2 Modify window 213 214 Interregister Signalling 216 A1010 A1111 A1212 A1313 A1414 A1515 218 RIP Version Responses Sent rip2GlobalQueries RIP Version 2 main windowRoute Changes Made rip2GlobalRouteChanges Address rip2IfConfAddress Receive rip2IfConfReceive Adding a RIP address Authentication Key rip2IfConfAuthKey RIP Version 2-ConfigurationAuthentication Type rip2IfConfAuthType Domain rip2IfConfDomain RIP Version 2 Statistics Sent Updates rip2IfStatSentUpdates Status rip2IfStatStatus Snmp Snmp window Snmp window Error Status Read Only snmpInReadOnlys ASN ParseErrors snmpInASNParseErrsError Status Too Big snmpInTooBigs Generated Errors snmpInGenErrs Out Get Requests snmpOutGetRequests Generated Errors snmpOutGenErrsAuthentication Failure Traps snmpEnableAuthenTraps Get Next Requests snmpOutGetNexts System System Snmp and Http System main windowVersion boxSnmpVersion Manufacturer Message Blocks Free boxHeapFreeSpace Operating System Heap MemoryTotal Size boxHeapSize Largest boxHeapLargestSpace Enclosure System Payable featuresInstallation Other Physical Location sysLocation System Services sysServicesWeb Settings boxBackgroundFlag Monitor Privilege boxMonitorPrivilege System-Modify window System-Modify window Enable Payable FeaturesboxFeatureEnableKey Buffer Size boxbuffersize System-Packet Holding Message BlocksNo. of Buffers boxbuffercount No. of Tasks Waited boxCountBufferTaskWait No. Free boxbuffersfreeNo. of Times UnavailableboxCountBufferUnavailable System Log System Log Main Window System Log main window Daemons System Log-ModifyPriority Min Priority for Flash Storage syslogFlashPriority Min Priority for Console RS-232 syslogConsolePriorityMin Priority for Snmp Trap Daemon syslogTrapPriority Min Priority for RAM SyslogTablePriority Unix Facility syslogUnixFacility Call Trace syslogCallTrace MaintenanceMaintain Flash Storage syslogFlashClear Time slTick System Log-Volatile MemoryMessage slMessage Time slfTick System Log-Non-Volatile MemoryWhat the System Log messages are telling you Message slfMessage T1/E1 Link Error Injection linkInjectError 263 Path Code Violations dsx1FarEndCurrentPCVs 271 T1/E1 Link Activity main window Link dsx1LineIndex T1/E1 Link Activity main windowType dsx1LineType Far End Alarm Failure Alarms PresentPhysical Line Alarms dsx1LineStatus Circuit ID dsx1CircuitIdentifier TS16 Alarm Indication Signal Failure Alarm Indication Signal AIS FailureLoss Of Signal Failure Loss Of Frame Failure Isdn Signaling Alarms linkSignalStatus Snmp MIB definition E1 TS16 AIS Time Elapsed dsx1TimeElapsed Line Status-ConfigurationValid Intervals dsx1ValidIntervals Line Interface Settings WAN Circuit Configuration-ModifyCircuit ID dsx1CircuitIdentifier Line Coding dsx1LineCoding Line Type dsx1LineTypeReceive Equalizer linkRxEqualizer Signal Mode dsx1SignalMode Yellow Alarm Format linkYellowFormatSignalling Settings Line Build Out linkLineBuildOut Test Settings Error Injection linkInjectError Loopback Config dsx1LoopbackConfigSend Code dsx1SendCode Channel channelIndex Line Status-Channel AssignmentDesired Function channelfunction Near End Line Statistics-Current CurrentState ChannelState Severely Errored Frame Seconds dsx1CurrentSEFSs Errored Seconds dsx1CurrentESsSeverely Errored Seconds dsx1CurrentSESs Line Errored Seconds dsx1CurrentLESs Near End Line Statistics-History Near End Line Statistics-Totals Line Errored Seconds dsx1TotalLESs Severely Errored Seconds dsx1TotalSESsSeverely Errored Frame Seconds dsx1TotalSEFSs Bursty ErroredSeconds dsx1TotalBESs Far End Line Statistics-Current Far End Line Statistics-History Line Errored Seconds dsx1FarEndIntervalLESs Severely Errored Seconds dsx1FarEndIntervalSESsSeverely Errored Frame Seconds dsx1FarEndIntervalSEFSs Bursty Errored Seconds dsx1FarEndIntervalBESs Far End Line Statistics-Totals Configuring Nfas Bursty Errored Seconds dsx1FarEndTotalBESsUsing Non-Facility Associated Signaling Nfas Degraded Minutes dsx1FarEndTotalDMs RAS hosts 1 Nfas group containing 3 PRIs Sync PPP Sync PPP WAN Circuit Configuration window Line Status-Channel Assignment PPP configuration PPP Main Window Default Settings Ip Address pppServiceIpAddressIp Mask pppServiceIpMask State pppActState Authentication Username pppDefaultAuthenticationUsername Authentication Technique pppDefaultAuthenticationTechniqueAuthentication Side pppDefaultAuthenticationSide Authentication Password pppDefaultAuthenticationPassword Link frDlcmiIfIndex Compression pppDefaultIpCompressionPPP Link Window Status framerelStatus Link Configuration Authentication Password pppAuthenticationPassword Authentication Side pppAuthenticationSideAuthentication Username pppAuthenticationUsername Security Level pppAccessLevel Bad Address pppStatBadAddresses Link Compression pppLinkCompressionAllow Magic Number Negotiation pppMagicNumber Bad Controls pppStatBadControls Peer-Local ACC Map pppStatPeerToLocalACCMap LCP AuthenticationpppStatLcpAuthACC Map pppStatLocalToPeerACCMap Local-Remote AC ComprsnpppStatLocalToRemoteACComp Receive Frame Check Seq. Size pppStatReceiveFcsSize Remote-Local AC Comprsn pppStatRemoteToLocalACCompTransmit Frame Check Seq. Size pppStatTransmitFcsSize Operational Status pppIpOperStatus Octets Sent pppActSentOctets Remote Max Slot ID pppIpRemoteMaxSlotIdLocal Max Slot ID pppIpLocalMaxSlotId Octets Received pppActReceivedOctets Modify Link Configuration Window Link Configuration Layer 2 Tunneling Protocol L2TP L2TP Configuration Static Authentication Radius Authentication L2TP Radius Authentication Configuration Example Cisco Configuration This will enable the use of tunnel authentication Contacting Patton Patton Electronics Company contact information About window License End User License Agreement Definitions Term WarrantyTitle Grant of License Appendix a Supported Radius Attributes Access-Accept Attributes Access-Request Attributes Access-Challenge Attributes Accounting-Start Attributes Accounting-Stop Attributes Appendix B MIB trees Model 2960 MIB Tree Structure Appendix C Technical Reference What Is RADIUS? Configuring a Radius serverRadius Client/Server Architecture Radius Services Radius Authentication Procedure Radius Standards RADIUS-Where Can I Get It? Radius Resources Configuring Radius Authentication Configuring RadiusOverview Authentication window Using Snmp with the Access Server Finding the Snmp Name Finding the branch where the Snmp parameter resides MIB tree for Model 2960 access server Configuring Non-Facility Associated Signaling Nfas Configuring Nfas Configuring Frame Relay Line Configuration WAN Channel Assignment main screen Configuring Frame Relay link parameters Configuring PVCs Configuring Permanent Virtual Circuits Click on Submit Query Configuring IP routing with a Frame Relay Link IP routing with Frame Relay example Link Status and the IP Forwarding Click Add Route Setting up a Dnis user profile Configuring DnisSetting up IP address pools by configuring Dnis Ip Pools Setting up a Dnis group Configuring a leased line/dedicated line connection Configuring the RAS Configuring the remote end using Microsoft Windows Modem properties window Under the Options tab set Redial attempts to a high number