Manuals / Patton electronic / Computer Equipment / Server

Patton electronic 29XX manual Authentication Configuration screen

Models: 29XX

1 326

Download 326 pages 58.53 Kb

Page 38

Access Server Administrators’ Reference Guide	5 • Authentication

(auValidation)” below), configure the additional parameters as shown in figure 17 to configure RADIUS parameters. See “Static User Authentication” on page 41 to set up Static users.

Figure 17. Authentication Configuration screen

Validation (auValidation)

Selects how the access server will authenticate an incoming call. Select from:

•No Validation(0)—Select this to allow un-authenticated calls into the access server, and on to your LAN, using the default service.

•static Users(1)—Use the access server internal user database only to authenticate. Static users are simply users and passwords entered into the access server’s internal users database.

•radius Users(2)—Use RADIUS to authenticate and provision user services. RADIUS is a client-server sys- tem developed to manage the flexible requirements of remote dial-in users. The RADIUS protocol is speci- fied under RFC 2138 for authentication and RFC 2139 for accounting. RADIUS servers are available as freeware for most computer platforms and is an excellent method for managing user dial-in security. Any RADIUS entries will require an associated server to process authentication requests from the access server or the access server will reject users access. For more information about RADIUS, see RADIUS User Authen- tication, below.

•tacacs Users(3)—This feature is not currently available

•static Then RADIUS(4)—Check the internal user database first, if no match is found, then use RADIUS to authenticate and provision user services.

•static Then Tacacs(5)— Check the internal user database first, if no match is found, then use TACACS to authenticate and provision user services. Not currently implemented.

Note The following options apply only when using an external authentication server.

Setting Up Authentication

38

Image 38

Patton electronic 29XX manual Authentication Configuration screen

Contents

Remote Access Server Patton Electronics Company, Inc Contents Drop and Insert 138 Interfaces 178 Sync PPP 276 Contents Contents Audience StructureTypographical conventions used in this document General conventionsMouse conventions Chapter contents IntroductionIntroduction Logging into the HTTP/HTML Administration Pages HTTP/HTML and Snmp Object FormatSaving HTTP/HTML Object Changes Home Introduction HomeOperating Status Variables Immediate Actions Immediate Actions buttonsImport/Export Export Configuration Import/Export main windowTypical access server flash memory configuration data Import Configuration Alarms Sample alarm indication Displaying the Alarms window Total System AlarmsX alarmTotalAlarm Response Outputs AlarmsModify Response-Configuring the alarm response system Alarm Snmp Trap IP 2 alarmTrapIp1 Alarm Syslog Priority syslogAlarmPriorityAlarm Snmp Trap IP 1 alarmTrapIp0 Alarm Snmp Trap IP 3alarmTrapIp2Modify Alarms-Configuring alarm severity levels Modify Alarms settings windowAuthentication ID suID Validated via primary server auAuthenticationsValidPrimary Displaying the Authentication windowValidated authentications auAuthenticationsValidTotal Statistics sectionPrimary server timeouts auPrimaryServerTimeouts Validated via static database auAuthenticationsValidStaticDenied authentications auAuthenticationsDenied Secondary server timeouts auSecondaryServerTimeoutsConfiguration section Validation auValidationSecondary Host Address auSecondaryHostAddress Timeout auTimeoutHost Address auHostAddress Host Port auHostPortRadius Packet Format auRadiusPacketFormat Accounting Enable auAccountingEnableAccounting Port auAcctPort Radius Session ID Size auRadiusRunningIdSizeSetting Up Authentication Radius Session ID auRadiusRunningIdAuthentication Configuration screen Host Address auHostAddress Accounting Port auAcctPort Static User Authentication Adding Static UsersModify Static User Service Mask suServiceMask Service IP suServiceIPService Port suServicePort Filter ID suFilterIdDAX Configuring the DAX Circuit Type daxClockModeMain Reference daxClockMainRef Fallback Reference daxClockFallbackRefDAX Clock Status alarm condition Clock Status daxClockFailureDial Dial Dial Dial Phone Dial Introduction Call ID diactIndex Dial In main windowCall Sorting diPageSort ML ID diactMultiIndexDisconnect Reason diactTerminateReason State diactStateDuration diactSessionTime Modulation diactModulationUsername diactUsername Dial Modulations windowConnect Speed diactTxSpeed Transmit Connection Speed diactTxSpeed DSP Link diactDSPIndexConnection Modulation diactModulation Data Compression Protocol diactCompression Error Correction diactErrorCorrectionReceive Connection Speed diactRxSpeed Locally Initiated Renegotiates diactLocalRenegotiatesDial Telco window Dial Telco windowTime Call Is/Was Active diactSessionTime WAN Link diactLinkIndexTime Slot diactSlotIndex Termination Reason diactTerminateReasonDial Protocol window Shared Unique ID diactMultiIndexIP Address diactIP LCP Authentication LCPAuthOptionsProtocol diactProtocol Port # on Remote Machine diactPortNext Hop diForceNextHop Local-Remote VJ Protocol Comprsn diIpLocalToRemoteCompProtRemote-Local VJ Protocol Comprsn diIpRemoteToLocalCompProt Dial In Details Dial In Details windowDial In Modify default window Dial In Modify window modify Login, Service, and DNS objectsIP Address Pool diIpPool Modify LoginLogin Technique diLoginTechnique Default Service diService Password Prompt diPasswordPromptModify Service Username Prompt diUsernamePromptModify Domain Name Server Success Banner diSuccessBanner Modify AttemptsFailure Banner diFailureBanner Modify Configuration Modify Maximum Time Modify Isdn Configuration 110 diV110EnableModify V.92 Configuration Modify Modem ConfigurationV34diModemV34Enable V90diModemV90EnableK56flexdiModemK56Enable V32diModemV32EnableCarrierLossDuration diModemCarrierLossDuration Billing Delay diBillingDelayGuard Tone diModemGuardTone Answer Tone LengthdiModemAnswerToneLengthManage Dnis Window Direct0-No compression will be usedManage Dnis main window Dnis Entry Window Called Calling Number dnisPoolDesrcDialedNumberDnis Profiles ID dnisIpProfileId Login Technique dnisProfileLoginTechniqueDnis Profiles Main Window IP Pool dnisProfileAssignedIpPoolTelnet Mode dnisProfileTelnetMode Service Port dnisProfileServicePortService IP dnisProfileServiceIP Dovbs dnisProfileDOVBSDnis Profile Entry Window Status dnisIpProfileStatusAdd a Dnis Profile IP Pool dnisProfileSAssignedIpPoolDovbs dnisProfileDOVBS Service Port dnisProfileServicePort IP Address Pool dnisIpPool Dnis IP Pools WindowID dnisIpPoolId Status dnisIpPoolStatusDnis IP Pool Entry Window Dnis IP Pools Entry windowDial In User Statistics window User Statistics Call Identification, SessionCall Identification Session Time Left In Session diactRemainingSession Termination Reason diactTerminateReasonDial Dial State at termination diactTerminateState PPP Statistics LCP StatisticsLocal Multilink Mrru diStatLcpLocalMRRU LCP Authentication LCPAuthOptionsRemote MRU diStatRemoteMRU Remote Multilink Mrru diStatLcpRemoteMRRUTransmit Frame Check Seq. Size diStatTransmitFcsSize Local-Remote AC Comprsn diStatLocalToRemoteACCompRemote-Local AC Comprsn diStatRemoteToLocalACComp Receive Frame Check Seq. Size diStatReceiveFcsSizeRemote-Local VJ Protocol Comprsn diIpRemoteToLocalCompProt Operational Status diIpOperStatusLocal-Remote VJ Protocol Comprsn diIpLocalToRemoteCompProt Remote Max Slot ID diIpRemoteMaxSlotIdFilters diStatIpFilterAtoJ Primary Domain Name Server diactPrimaryDNSSecondary Domain Name Server diactSecondaryDNS PhoneData Physical LayerTransmit Connection Speed diactTxSpeed Error Correction diactErrorCorrectionModulation Symbol Rate diactSymbolRate Receive Connection Speed diactRxSpeedRemote Initiated Retrains diactRemoteRetrains Locally Initiated Retrains diactLocalRetrainsRemote Initiated Renegotiates diactRemoteRenegotiates Dial Out Dial Out 105 106 Active Calls doActive Dial Out Main WindowCall Sorting doPageSort Call ID doactIndexDuration doactSessionTime User doactUsernameState doactState Disconnect Reason doactTerminateReason109 Speed doactTxSpeed Dial Out Details windowModulation doactModulation Dial Out Modify window Dial Out Details windowPassword Prompt doPasswordPrompt TCP Type doServiceTypeLogin Technique doLoginTechnique TCP Port doTcpPortLogin Attempts Allowed doAllowAttempts Failure Banner doFailureBannerTime to Login sec doLoginTimeout Maximum Session Time doSessionTimeoutMaximum Idle Time doIdleTimeout Call History Timeout min doLingerTimeV21 doModemV21Enable Isdn doModemISDNEnableV22 doModemV22Enable Maximum Speed doModemMaxSpeedCarrier Loss Duration doModemCarrierLossDuration Minimum Speed doModemMinSpeedGuard Tone doModemGuardTone Retrain doModemRetrainStatus locationstatus Dial Out Locations WindowRestrict Modification doModemRestrictMods Add Location Maximum Session Time locationSessionTimeout Multilink locationConfigMultilinkIdle Timeout locationIdleTimeout Authentication Technique locationAuthTechniqueView/Modify location details Dialing LocationsLocations Link Dial Out Modem Profiles WindowAdd Modem Profile Profile ID modemProfileIdRetrainmodemRetrain Guard Tone modemGuardToneCarrier Loss Duration modemCarrierLossDuration Compression modemCompressionStatus modemStatus Billing Delay modemBillingDelayDial Out User Statistics Window View modem profileCall ID doactIndex Password doactPasswordCall Identification Username doactUsernameWan Link doactLinkIndex Minutes until timeout doactRemainingIdleDsp Link doactDSPIndex Time Slot doactSlotIndex126 Bad Controls doStatBadControls PPP StatisticsBad Address doStatBadAddresses Packets too long doStatPacketTooLongsRemote MRU doStatRemoteMRU Remote LCP Authentication doStatLcpAuthLocal MRU doStatLocalMRU Local Multilink Mrru doStatLcpLocalMRRULocal AC Compression doStatLocalToRemoteACComp Local PPP Protocol Compression doStatLocalToRemoteProtCompRemote PPP Protocol Compression doStatRemoteToLocalProtComp Remote AC Compression doStatRemoteToLocalACCompOctets Sent doactSentOctets Bad Packets doactErrorFramesNumber Called doactNumberDialed Octets Received doactReceivedOctetsTx Connection Speed doactTxSpeed Error Correction Protocol doactErrorCorrectionConnection Modulation doactModulation Rx Connection Speed doactRxSpeedAn example section of dialout Callback Dial-in Modify Configuration Callback diCallbackConfigDial-in Main Window Dial-in user waiting to be called backCallback phone number suCallbackNumber Radius ConfigurationCallback Configuration suCallbackConfig Accounting information DialoutDrop and Insert Drop and Insert main window Session Timeout drSessionTimeoutCall History Timeout drLingerTime Active Calls drActiveHow Drop and Insert works Using Drop and Insert Drop and insert diagramDigital Signal Processing DSP 152 DSP main window DSP Settings main window Instance #2 Use dspUseSecond Instance #1 Use dspUsefirstInstance #2 State dspStateSecond DSP PCM Capture DSP Connection PerformanceDSP Memory Capture DSP Debugging EventsConnection Summaries DSP Connection Totals Remote-Reneg dspRemoteRenegotiates Reboot-A dspTotalRebootDueToFailsReboot-B dspTotalRebootDueToError Local-Retrain dspLocalRetrainsDesired State dspDesiredState DSP information windowDSP Status Call Statistics Debug Statistics Ethernet Ethernet Main Window State boxEtherAStatePrimaryIpMask boxEtherAPrimaryIpMask ConfigPrimaryIPAddress boxEtherAPrimaryIpAddress PrimaryIpFilters boxEtherAPrimaryIpFiltersEthernet Modify Window Ethernet Modify WindowEthernet Statistics Technique ConfigurationAlignment Errors dot3StatsAlignmentErrors Other Errors dot3StatsInternalMacTransmitErrors FCS Errors dot3StatsFCSErrorsSQE Test Errors dot3StatsSQETestErrors Carrier Sense Errors dot3StatsCarrierSenseErrorsChip Set ID dot3StatsEtherChipSet Other Received Errors dot3StatsInternalMacReceiveErrorsReceived Frames Too Long dot3StatsFrameTooLongs Filter IP Defining a filter Modify FilterName filterIpName Direction filterIpDirectionComparison filterIpSourceAddressCmp Action filterIpActionSource IP Address filterIpSourceIpDestination Port Destination IPSource Port TCP Established filterIpTcpEstablished Port filterIpDestinationPortProtocol filterIpProtocol An example of using a filter IP Filter showing default for dialout168 169 Frame Relay Congestion frameEnableCongestion Frame Relay main window Frame Relay main windowLink X frDlcmiIfIndex Hdlc Statistics on LinkDlmi Window MultiCast Service frDlcmiMulticast Signalling frDlcmiStateError Threshold N392 frDlcmiErrorThreshold Data Link Protocol frDlcmiAddressBidirectional PollingfrDlc rDlcmiPollingBiDir Dlci windowLMI Interface frDlcmiInterface Polling Verification T392 frDlcmiPollingVerificationInterface # FrameIPInterfaceNum Congestion frameEnableCongestionDlci frCircuitDlci State frCircuitStateInterfaces Interfaces main window Number ifIndexOperational Status ifOperStatus Admin Stat ifAdminStatusType ifType Interface Details Description ifDescrPhysical Address ifPhysAddress Max Transfer Unit ifMTUSpeed ifSpeed Last Change ifLastChangeReceived and Discarded w/No Errs ifInDiscards Received Errored Packets ifInErrorsRequested Errored Packets ifOutErrors Received w/Unknown Protocol ifInUnknownProtos184 16 IP 186 IP main window IP main windowDiscarded for Address Errors ipInAddrErrors Default Time-To-Live ipDefaultTTLDiscarded for Header Errors ipInHdrErrors Forwarding ipForwardingForwarded Datagrams ipForwDatagrams Discarded w/No Errors ipInDiscardsReassembly Timeout ipReasmTimeout Discarded for Unknown Protos ipInUnknownProtosModify TCP TCP main windowRetransmit-Timeout Maximum tcpRtoMax Retransmit-Timeout Algorithm tcpRtoAlgorithmRetransmit-Timeout Minimum tcpRtoMin Established Resets tcpEstabResetsTCP Details UDP Received udpInDatagrams Handling of Netbios UDP Broadcasts boxNetbiosUdpBridgingOthers Received with No Delivery udpInErrors Received With No Ports udpNoPortsIcmp Receive/Send Messages window Errors icmpInErrors, icmpOutErrorsBlock Icmp redirects boxBLockIcmpRedirects Total Received/Sent icmpInMsgs, imcpOutMsgsTimes Exceeded icmpInTimeExcds, icmpOutTimeExcds Parameter Problems icmpInParmProbs, icmpOutParmProbsSource Quenchs icmpInSrcQuenchs, icmpOutSrcQuenchs Redirects icmpInRedirects, icmpOutRedirectsTime Stamps icmpInTimestamps, icmpInTimestamps Addressing InformationEcho Replys icmpInReps, icmpOutReps Address Mask Requests icmpInAddrMasks icmpOutAddrMasksEntry Interface Index ipAdEntIfIndex Entry Reassembly Maximum Size ipAdEntReasmMaxSizeRouting Information Entry Subnet Mask ipAdEntNetMaskDestination ipRouteDest Mask ipRouteMaskInterface ipRouteIfIndex Gateway RouteGatewayCost RouteCost State RouteStateAdding a static routes to a remote network Adding a point-to-point routeAdding a static point-to-point route to a remote host Forwarding table window Advanced…Protocol ipRouteProto Next Hop ipRouteNextHopType ipRouteType Route Destination ipRouteDest IP Routing Destination windowInfo ipRouteInfo Tag RouteTag Seconds Since Updated ipRouteAgeAddress Translation Information Physical ipNetToMediaPhysAddress Interface ipNetToMediaEntryNet Address ipNetToMediaNetAddress Type ipNetToMediaTypeMFR Version 218 Country lineSigCountry Line SignallingMFR Version 2 main window Interregister Signalling MFR Version 2-Modify MFR Version 2 Modify window213 214 Interregister Signalling 216 A1010 A1111 A1212 A1313 A1414 A1515 218 RIP Version Responses Sent rip2GlobalQueries RIP Version 2 main windowRoute Changes Made rip2GlobalRouteChanges Address rip2IfConfAddressReceive rip2IfConfReceive Adding a RIP addressAuthentication Key rip2IfConfAuthKey RIP Version 2-ConfigurationAuthentication Type rip2IfConfAuthType Domain rip2IfConfDomainRIP Version 2 Statistics Sent Updates rip2IfStatSentUpdates Status rip2IfStatStatusSnmp Snmp window Snmp windowError Status Read Only snmpInReadOnlys ASN ParseErrors snmpInASNParseErrsError Status Too Big snmpInTooBigs Generated Errors snmpInGenErrsOut Get Requests snmpOutGetRequests Generated Errors snmpOutGenErrsAuthentication Failure Traps snmpEnableAuthenTraps Get Next Requests snmpOutGetNextsSystem System Version boxSnmpVersion System main windowSnmp and Http Manufacturer Message BlocksFree boxHeapFreeSpace Operating System Heap MemoryTotal Size boxHeapSize Largest boxHeapLargestSpaceEnclosure System Payable featuresInstallation OtherPhysical Location sysLocation System Services sysServicesWeb Settings boxBackgroundFlag Monitor Privilege boxMonitorPrivilegeSystem-Modify window System-Modify windowEnable Payable FeaturesboxFeatureEnableKey No. of Buffers boxbuffercount System-Packet Holding Message BlocksBuffer Size boxbuffersize No. of Times UnavailableboxCountBufferUnavailable No. Free boxbuffersfreeNo. of Tasks Waited boxCountBufferTaskWait System Log System Log Main Window System Log main windowPriority System Log-ModifyDaemons Min Priority for Snmp Trap Daemon syslogTrapPriority Min Priority for Console RS-232 syslogConsolePriorityMin Priority for Flash Storage syslogFlashPriority Min Priority for RAM SyslogTablePriority Unix Facility syslogUnixFacilityMaintain Flash Storage syslogFlashClear MaintenanceCall Trace syslogCallTrace Message slMessage System Log-Volatile MemoryTime slTick Time slfTick System Log-Non-Volatile MemoryWhat the System Log messages are telling you Message slfMessageT1/E1 Link Error Injection linkInjectError 263 Path Code Violations dsx1FarEndCurrentPCVs 271 T1/E1 Link Activity main window Type dsx1LineType T1/E1 Link Activity main windowLink dsx1LineIndex Far End Alarm Failure Alarms PresentPhysical Line Alarms dsx1LineStatus Circuit ID dsx1CircuitIdentifierTS16 Alarm Indication Signal Failure Alarm Indication Signal AIS FailureLoss Of Signal Failure Loss Of Frame FailureIsdn Signaling Alarms linkSignalStatus Snmp MIB definitionE1 TS16 AIS Valid Intervals dsx1ValidIntervals Line Status-ConfigurationTime Elapsed dsx1TimeElapsed Circuit ID dsx1CircuitIdentifier WAN Circuit Configuration-ModifyLine Interface Settings Receive Equalizer linkRxEqualizer Line Type dsx1LineTypeLine Coding dsx1LineCoding Signal Mode dsx1SignalMode Yellow Alarm Format linkYellowFormatSignalling Settings Line Build Out linkLineBuildOutTest Settings Send Code dsx1SendCode Loopback Config dsx1LoopbackConfigError Injection linkInjectError Desired Function channelfunction Line Status-Channel AssignmentChannel channelIndex Near End Line Statistics-Current CurrentState ChannelStateSeverely Errored Frame Seconds dsx1CurrentSEFSs Errored Seconds dsx1CurrentESsSeverely Errored Seconds dsx1CurrentSESs Line Errored Seconds dsx1CurrentLESsNear End Line Statistics-History Near End Line Statistics-Totals Line Errored Seconds dsx1TotalLESs Severely Errored Seconds dsx1TotalSESsSeverely Errored Frame Seconds dsx1TotalSEFSs Bursty ErroredSeconds dsx1TotalBESsFar End Line Statistics-Current Far End Line Statistics-History Line Errored Seconds dsx1FarEndIntervalLESs Severely Errored Seconds dsx1FarEndIntervalSESsSeverely Errored Frame Seconds dsx1FarEndIntervalSEFSs Bursty Errored Seconds dsx1FarEndIntervalBESsFar End Line Statistics-Totals Configuring Nfas Bursty Errored Seconds dsx1FarEndTotalBESsUsing Non-Facility Associated Signaling Nfas Degraded Minutes dsx1FarEndTotalDMsRAS hosts 1 Nfas group containing 3 PRIs Sync PPP Sync PPP WAN Circuit Configuration window Line Status-Channel AssignmentPPP configuration PPP Main WindowDefault Settings Ip Address pppServiceIpAddressIp Mask pppServiceIpMask State pppActStateAuthentication Username pppDefaultAuthenticationUsername Authentication Technique pppDefaultAuthenticationTechniqueAuthentication Side pppDefaultAuthenticationSide Authentication Password pppDefaultAuthenticationPasswordLink frDlcmiIfIndex Compression pppDefaultIpCompressionPPP Link Window Status framerelStatusLink Configuration Authentication Password pppAuthenticationPassword Authentication Side pppAuthenticationSideAuthentication Username pppAuthenticationUsername Security Level pppAccessLevelBad Address pppStatBadAddresses Link Compression pppLinkCompressionAllow Magic Number Negotiation pppMagicNumber Bad Controls pppStatBadControlsPeer-Local ACC Map pppStatPeerToLocalACCMap LCP AuthenticationpppStatLcpAuthACC Map pppStatLocalToPeerACCMap Local-Remote AC ComprsnpppStatLocalToRemoteACCompReceive Frame Check Seq. Size pppStatReceiveFcsSize Remote-Local AC Comprsn pppStatRemoteToLocalACCompTransmit Frame Check Seq. Size pppStatTransmitFcsSize Operational Status pppIpOperStatusOctets Sent pppActSentOctets Remote Max Slot ID pppIpRemoteMaxSlotIdLocal Max Slot ID pppIpLocalMaxSlotId Octets Received pppActReceivedOctetsModify Link Configuration Window Link ConfigurationLayer 2 Tunneling Protocol L2TP L2TP Configuration Static AuthenticationRadius Authentication L2TP Radius AuthenticationConfiguration Example Cisco ConfigurationThis will enable the use of tunnel authentication Contacting Patton Patton Electronics Company contact information About windowLicense End User License Agreement DefinitionsTerm WarrantyTitle Grant of LicenseAppendix a Supported Radius Attributes Access-Accept Attributes Access-Request AttributesAccess-Challenge Attributes Accounting-Start AttributesAccounting-Stop Attributes Appendix B MIB trees Model 2960 MIB Tree Structure Appendix C Technical Reference Radius Client/Server Architecture Configuring a Radius serverWhat Is RADIUS? Radius Services Radius Authentication Procedure Radius StandardsRADIUS-Where Can I Get It? Radius ResourcesOverview Configuring RadiusConfiguring Radius Authentication Authentication window Using Snmp with the Access Server Finding the Snmp NameFinding the branch where the Snmp parameter resides MIB tree for Model 2960 access server Configuring Non-Facility Associated Signaling Nfas Configuring NfasConfiguring Frame Relay Line ConfigurationWAN Channel Assignment main screen Configuring Frame Relay link parameters Configuring PVCsConfiguring Permanent Virtual Circuits Click on Submit QueryConfiguring IP routing with a Frame Relay Link IP routing with Frame Relay exampleLink Status and the IP Forwarding Click Add RouteSetting up a Dnis user profile Configuring DnisSetting up IP address pools by configuring Dnis Ip Pools Setting up a Dnis groupConfiguring a leased line/dedicated line connection Configuring the RASConfiguring the remote end using Microsoft Windows Modem properties windowUnder the Options tab set Redial attempts to a high number