Tut Systems SMS2000 - page 54

Authentication

TUT Systems, Inc Page 54 of 104 P/N 220-06288-20

Syntax Description

Alias Adding the alias parameter to the end of the auth add radius

command will configure the SMS to receive RADIUS response

packets from an IP address other that the IP address configured as

the RADIUS server.

Multiple RADIUS Servers

Default

Older versions of SMS used UDP port 1645 for RADIUS authentication requests and

1646 for RADIUS accounting requests by default.

New versions of SMS will continue to use those same ports for previously configured

RADIUS servers when upgraded from previous versions.

However, new RADIUS servers will be configured with port 1812 for RADIUS

authentication and port 1813 for RADIUS accounting by default.

The default retrans is 5.

The default retrans-primary-only is 2.

The default timeout is 30 seconds.

The default deadtime is 0 minutes (disabled)

Usage Guidelines

Note Select a shared secret as you would a password.

Example

This example configures the SMS2000 to authenticate subscribers in the current group

using the RADIUS server at 192.168.254.249.

sms2000% auth add radius 192.168.254.249 secret donttell

retrans=3 retrans-primary-only=1 timeout=10 deadtime=5

Alias IP address

If the RADIUS servers are configured with a virtual interface, the RADIUS response

packets will be transmitted to the SMS on a different interface than the request packet

was received. The SMS will reject the packets since it did not arrive with the expected

source IP address. Setting an alias IP address allows the SMS to receive the RADIUS

response from a different source IP. You must configure the alias IP parameter after

configuring the RADIUS server.

For example;

auth add radius 192.168.1.249 secret donttell

auth add radius 10.1.1.50 alias

The above two commands will cause the SMS to send the RADIUS request to

192.168.1.249 and receive the RADIUS response from both 192.168.1.249 and 10.1.1.50.

Contents

Main Page SMSUsers Guide Contents Page Page Page Page List of Tables List of Figures Preface Audience Documentation available for this Release Related Documentation IntelliPOP 5000 Tutorials Chapter1 - Introduction Subscriber Management Features Page Subscriber Management Components SMS2000 OCS Page Chapter 2 - Getting Started The User Interface Style Conventions Cursor Movement Chapter 3 - Initial Configuration Establishing a Connection with the SMS2000 Establishing a Connection Via a Serial Interface Establishing a Connection Via Telnet Page Initial Configuration Changing Your Password Setting the Quick Configuration Setting the Hostname Disabling Authentication Saving the Configuration Rebooting the System Verifying the Configuration Chapter4 - System Administration Configuration E-Mail Settings Setting the Default Configuration E-mail Mailing the Current Configuration Configuration and System File Tools Committing Configuration Changes Automatically Committing Configuration Changes Disabling Automatic Configuration Changes Saving a Configuration Loading a Configuration File Restoring a Previous Configuration Restoring the Default Configuration Configuring SMTP Setting the SMTP Server Deleting the SMTP Server Setting the SMTP ID Configuring NTP Setting the Timezone Configuring the NTP server Setting the Time Configuring SNMP Polling Enabling SNMP Polling Testing to See if SNMP Polling will Work Disabling SNMP Polling Connectivity and Testing Traceroute Testing Connectivity System Tools Setting Specialized System Options Defining Ports Setting and Deleting Static Ports Disconnecting a Session on a Port Event Tracking Setting the Syslog Server Displaying Log Messages System Administration Tools Displaying Version Information Exiting the Management Session Rebooting the System Changing a Password Displaying Control Keys SNMP Management SNMP Agent SNMP System Contact snmp system-contact system-contact-string SNMP System Location SNMP Community SNMP Trap Recipient Troubleshooting Tools System Information Tools Setting the System Information Dump Setting a Software Watchdog Subscriber Connectivity Commands Setting the ARP Failure Limit Setting the ARP Polling Period Upgrades Page Verifying a Successful Upgrade Returning to an Older Firmware Version Loading Another Image Page Chapter 5 - Authentication Configuring the Command Server Setting the Command Server for OCS Interaction Deleting the Command Server Authentication Adding the OCS as the Authentication Server Deleting an Authentication Server Testing Authentication Disabling Authentication Setting the Authentication Interval Bypassing Authentication HTTP Request Throttle Setting the HTTP Request Throttle Deleting the HTTP Request Throttle Allow-Nets Setting an Allow-Net Deleting an Allow-Net Automatic Redirection URLs Setting the Automatic Redirection URL Deleting the authok Page Authentication with RADIUS Adding a RADIUS Server Page Set NAS port type parameter show status radius Testing Authentication on the RADIUS Server Configuring a RADIUS SSL Back Channel Chapter 6 - Authorization Authorization Chapter 7 - Accounting Accounting Sending Accounting Messages to a Syslog Server Radius Accounting Configuration Sending Accounting Messages to a RADIUS Server Deleting a RADIUS Accounting Server Configuring Accounting Parameters Chapter 8 - Provisioning Chapter 9 - Billing Billing Chapter 10 - Service Creation Using Groups and Rules Groups Adding a Group Deleting a Group Setting the Active Group Context Subscribers that Cannot Support Authentication Setting Maximum Users Per Port SMS2000 Rules Adding a Rule Deleting a Rule Rule Expression Components IP Address MAC Address VLAN SNMP-INFO The NOT Operator The AND Operator The OR Operator Parenthesis Using Rule Priorities Chapter 11 - IP Addressing IP Addressing Plug and Play With NAT Static Routable Addresses DHCP Pools Static Non-Routable Addresses IP Multicasting Configuring a Control Network for Additional Client IP Addresses Understanding 1to1 and 1to1 Unique IP Types Configuring IP Types Source-Nets Setting a Source-Net Deleting a Configured Source-Net DHCP Creating DHCP Pools Removing a DHCP Assignment DNS Setting the DNS Server Address Static Routes Adding Routes Chapter 12 - Printing Setting up the LPR Host Chapter 13 - Using SMS2000 with a RADIUS Server Configuring RADIUS Obtaining the RADIUS Server Software Adding the SMS2000 as a Client on the RADIUS Server Adding Users to the RADIUS Server Configuring Service Parameters Using Real IP Addresses RADIUS Ports SMS2000 NAS File SMS2000 Status Attributes and Statistics RADIUS Attributes Sent in Accounting Messages RADIUS Attributes Sent In Access- Request Packets RADIUS Attributes Received in Access- Accept Packets Using Both RADIUS and OCS Authentication Setting Traffic Shaping Deleting Traffic Shaping Chapter 14 - SMS2000 and Property Management Systems (PMS) Setting the PMS Server Protocol Modes TTY MODE ACK-NAK MODE ENQ-ACK-NAK MODE Chapter 15 - Customizing SMS2000 Web Authentication with RADIUS Loading and Deleting Customized Web Pages Files For Groups Loading Web Pages or Files Path Components Image Links Upgrading Deleting Web Pages or Files Customizing Web Pages Preserving the Web Form Size For Web Pages and External Links Web Page Redirection Active Page Components Viewing Customizations Chapter 16 - Configuring Web Proxy Settings Web Proxy Settings Setting the WPAD CURL Setting the WPAD Timeout Web Proxy Server Enable Proxy Server Support Disable Proxy Server Support Viewing Proxy Server Support Status Adding TCP Proxy Ports Deleting TCP Proxy Ports Viewing TCP Proxy Ports Chapter 17 - SMS2000 Troubleshooting SMS2000 Troubleshooting Procedures Table 17-3 provides valuable information for troubleshooting the SMS2000. Table 17-3 SMS2000 Troubleshooting Procedures Subscriber Connection: SNMP Polling xxx-xxx Multiple frames opened in browser Unable to do credit card billing Verify OCS screens off- line Appendix A - RADIUS Access-Accept Dictionary File RADIUS Attributes in Access-Accept Packets Page Page Page Appendix B - Technical Assistance and Customer Support Appendix C - SMS2000 Limited Warranty Hardware Limited Warranty Limitations of Warranty Exclusive Remedies Assistance FCC Radio Frequency Interference Statement Electrical Safety Advisory Tut Systems, Inc., Customer Service Department