Tut Systems SMS2000

Authentication

TUT Systems, Inc Page 53 of 104 P/N 220-06288-20

• Support RADIUS ports 1812 and 1813 for RADIUS request and accounting ports

(per official RADIUS assigned ports)

• Support Session-Timeout attribute

• Support Idle-Timeout attribute

• Set the NAS type parameter

Note: RADIUS packages are available for all major Linux distributions.

When you communicate with the RADIUS server, use a shared secret of your choosing

to:

• Authenticate the SMS2000 with the RADIUS server.

• Verify responses returned from the RADIUS server to the SMS2000.

Note: The auth add radius command does not automatically assume that the

same RADIUS server (with the same name and secret) is used for accounting,

you must configure it with these settings using the acct add command.

Command:

auth add radius server[:auth_port[:acct_port]] secret secret [retrans=times] [retrans-

primary-only=times] [timeout=seconds] [deadtime=minutes] [alias]

Syntax Description

Syntax Description

Server IP address or hostname of the RADIUS server

Secret Password to authenticate the SMS2000 with a RADIUS server

Auth_port Optional TCP/UDP UDP port on which to contact the RADIUS

server for RADIUS authentication requests. Default is 1812

Acct_port Optional TCP/UDP port on which to contact the RADIUS server

for RADIUS accounting requests. Default is 1813

Retrans=times Optional parameter indicating the number of retransmissions to a

RADIUS server with no response. The total number of

transmissions is retrans plus one.

retrans-primary-

only=times

Optional parameter indicating the number of retransmissions to the

primary RADIUS server before simultaneously trying backup and

primary servers. Must be less than retrans. The total number of

transmissions is the to the primary only before contacting backup

servers is retrans-primary-only plus one

timeout=seconds Optional parameter indicating the total number of seconds to wait

after transmitting a request to this RADIUS server without a

response.

deadtime=minutes Optional parameter indicating the number of minutes after a

RADIUS server fails to respond to an initial RADIUS request and

retrans retries before attempting to use that server again. After

failing to respond, a RADIUS server will be DEAD this number of

minutes.

Contents

Main Page SMSUsers Guide Contents Page Page Page Page List of Tables List of Figures Preface Audience Documentation available for this Release Related Documentation IntelliPOP 5000 Tutorials Chapter1 - Introduction Subscriber Management Features Page Subscriber Management Components SMS2000 OCS Page Chapter 2 - Getting Started The User Interface Style Conventions Cursor Movement Chapter 3 - Initial Configuration Establishing a Connection with the SMS2000 Establishing a Connection Via a Serial Interface Establishing a Connection Via Telnet Page Initial Configuration Changing Your Password Setting the Quick Configuration Setting the Hostname Disabling Authentication Saving the Configuration Rebooting the System Verifying the Configuration Chapter4 - System Administration Configuration E-Mail Settings Setting the Default Configuration E-mail Mailing the Current Configuration Configuration and System File Tools Committing Configuration Changes Automatically Committing Configuration Changes Disabling Automatic Configuration Changes Saving a Configuration Loading a Configuration File Restoring a Previous Configuration Restoring the Default Configuration Configuring SMTP Setting the SMTP Server Deleting the SMTP Server Setting the SMTP ID Configuring NTP Setting the Timezone Configuring the NTP server Setting the Time Configuring SNMP Polling Enabling SNMP Polling Testing to See if SNMP Polling will Work Disabling SNMP Polling Connectivity and Testing Traceroute Testing Connectivity System Tools Setting Specialized System Options Defining Ports Setting and Deleting Static Ports Disconnecting a Session on a Port Event Tracking Setting the Syslog Server Displaying Log Messages System Administration Tools Displaying Version Information Exiting the Management Session Rebooting the System Changing a Password Displaying Control Keys SNMP Management SNMP Agent SNMP System Contact snmp system-contact system-contact-string SNMP System Location SNMP Community SNMP Trap Recipient Troubleshooting Tools System Information Tools Setting the System Information Dump Setting a Software Watchdog Subscriber Connectivity Commands Setting the ARP Failure Limit Setting the ARP Polling Period Upgrades Page Verifying a Successful Upgrade Returning to an Older Firmware Version Loading Another Image Page Chapter 5 - Authentication Configuring the Command Server Setting the Command Server for OCS Interaction Deleting the Command Server Authentication Adding the OCS as the Authentication Server Deleting an Authentication Server Testing Authentication Disabling Authentication Setting the Authentication Interval Bypassing Authentication HTTP Request Throttle Setting the HTTP Request Throttle Deleting the HTTP Request Throttle Allow-Nets Setting an Allow-Net Deleting an Allow-Net Automatic Redirection URLs Setting the Automatic Redirection URL Deleting the authok Page Authentication with RADIUS Adding a RADIUS Server Page Set NAS port type parameter show status radius Testing Authentication on the RADIUS Server Configuring a RADIUS SSL Back Channel Chapter 6 - Authorization Authorization Chapter 7 - Accounting Accounting Sending Accounting Messages to a Syslog Server Radius Accounting Configuration Sending Accounting Messages to a RADIUS Server Deleting a RADIUS Accounting Server Configuring Accounting Parameters Chapter 8 - Provisioning Chapter 9 - Billing Billing Chapter 10 - Service Creation Using Groups and Rules Groups Adding a Group Deleting a Group Setting the Active Group Context Subscribers that Cannot Support Authentication Setting Maximum Users Per Port SMS2000 Rules Adding a Rule Deleting a Rule Rule Expression Components IP Address MAC Address VLAN SNMP-INFO The NOT Operator The AND Operator The OR Operator Parenthesis Using Rule Priorities Chapter 11 - IP Addressing IP Addressing Plug and Play With NAT Static Routable Addresses DHCP Pools Static Non-Routable Addresses IP Multicasting Configuring a Control Network for Additional Client IP Addresses Understanding 1to1 and 1to1 Unique IP Types Configuring IP Types Source-Nets Setting a Source-Net Deleting a Configured Source-Net DHCP Creating DHCP Pools Removing a DHCP Assignment DNS Setting the DNS Server Address Static Routes Adding Routes Chapter 12 - Printing Setting up the LPR Host Chapter 13 - Using SMS2000 with a RADIUS Server Configuring RADIUS Obtaining the RADIUS Server Software Adding the SMS2000 as a Client on the RADIUS Server Adding Users to the RADIUS Server Configuring Service Parameters Using Real IP Addresses RADIUS Ports SMS2000 NAS File SMS2000 Status Attributes and Statistics RADIUS Attributes Sent in Accounting Messages RADIUS Attributes Sent In Access- Request Packets RADIUS Attributes Received in Access- Accept Packets Using Both RADIUS and OCS Authentication Setting Traffic Shaping Deleting Traffic Shaping Chapter 14 - SMS2000 and Property Management Systems (PMS) Setting the PMS Server Protocol Modes TTY MODE ACK-NAK MODE ENQ-ACK-NAK MODE Chapter 15 - Customizing SMS2000 Web Authentication with RADIUS Loading and Deleting Customized Web Pages Files For Groups Loading Web Pages or Files Path Components Image Links Upgrading Deleting Web Pages or Files Customizing Web Pages Preserving the Web Form Size For Web Pages and External Links Web Page Redirection Active Page Components Viewing Customizations Chapter 16 - Configuring Web Proxy Settings Web Proxy Settings Setting the WPAD CURL Setting the WPAD Timeout Web Proxy Server Enable Proxy Server Support Disable Proxy Server Support Viewing Proxy Server Support Status Adding TCP Proxy Ports Deleting TCP Proxy Ports Viewing TCP Proxy Ports Chapter 17 - SMS2000 Troubleshooting SMS2000 Troubleshooting Procedures Table 17-3 provides valuable information for troubleshooting the SMS2000. Table 17-3 SMS2000 Troubleshooting Procedures Subscriber Connection: SNMP Polling xxx-xxx Multiple frames opened in browser Unable to do credit card billing Verify OCS screens off- line Appendix A - RADIUS Access-Accept Dictionary File RADIUS Attributes in Access-Accept Packets Page Page Page Appendix B - Technical Assistance and Customer Support Appendix C - SMS2000 Limited Warranty Hardware Limited Warranty Limitations of Warranty Exclusive Remedies Assistance FCC Radio Frequency Interference Statement Electrical Safety Advisory Tut Systems, Inc., Customer Service Department