Tut Systems SMS2000 Chapter 6 - Authorization

Authorization

TUT Systems, Inc Page 57 of 104 P/N 220-06288-20

Chapter 6 - Authorization

Authorization entails determining if a particular user has permission to use a service.

Authorization

The SMS2000 is capable of performing authorization by using an external server (OCS

or RADIUS) or by using onboard groups and rules. For details about using the OCS for

Authorization, see the OCS User’s Guide. For more information on RADIUS, see

Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these

functions in various configurations are described below.

Authorization

Table 6-1 shows how authorization is performed with no external server, with RADIUS,

and with the OCS.

Table 6-1 Authorization

Server Functionality

With No External

Server

No user authentication is possible. Groups and rules can be used to

authorize subscribers based on their MAC address, VLAN ID, SNMP

information, IP address, or any combination of these. For more information

on using groups and rules, see Chapter 10, “Service Creation using Groups

and Rules.”

With RADIUS Authorization follows authentication as it does on a standard network

access server (NAS). Parameters include static IP and bandwidth.

With OCS The OCS provides enhanced authorization functions based on user name,

physical port, MAC address, and more. Parameters include Stat IP, auth

required, and bandwidth.

Contents

Main Page SMSUsers Guide Contents Page Page Page Page List of Tables List of Figures Preface Audience Documentation available for this Release Related Documentation IntelliPOP 5000 Tutorials Chapter1 - Introduction Subscriber Management Features Page Subscriber Management Components SMS2000 OCS Page Chapter 2 - Getting Started The User Interface Style Conventions Cursor Movement Chapter 3 - Initial Configuration Establishing a Connection with the SMS2000 Establishing a Connection Via a Serial Interface Establishing a Connection Via Telnet Page Initial Configuration Changing Your Password Setting the Quick Configuration Setting the Hostname Disabling Authentication Saving the Configuration Rebooting the System Verifying the Configuration Chapter4 - System Administration Configuration E-Mail Settings Setting the Default Configuration E-mail Mailing the Current Configuration Configuration and System File Tools Committing Configuration Changes Automatically Committing Configuration Changes Disabling Automatic Configuration Changes Saving a Configuration Loading a Configuration File Restoring a Previous Configuration Restoring the Default Configuration Configuring SMTP Setting the SMTP Server Deleting the SMTP Server Setting the SMTP ID Configuring NTP Setting the Timezone Configuring the NTP server Setting the Time Configuring SNMP Polling Enabling SNMP Polling Testing to See if SNMP Polling will Work Disabling SNMP Polling Connectivity and Testing Traceroute Testing Connectivity System Tools Setting Specialized System Options Defining Ports Setting and Deleting Static Ports Disconnecting a Session on a Port Event Tracking Setting the Syslog Server Displaying Log Messages System Administration Tools Displaying Version Information Exiting the Management Session Rebooting the System Changing a Password Displaying Control Keys SNMP Management SNMP Agent SNMP System Contact snmp system-contact system-contact-string SNMP System Location SNMP Community SNMP Trap Recipient Troubleshooting Tools System Information Tools Setting the System Information Dump Setting a Software Watchdog Subscriber Connectivity Commands Setting the ARP Failure Limit Setting the ARP Polling Period Upgrades Page Verifying a Successful Upgrade Returning to an Older Firmware Version Loading Another Image Page Chapter 5 - Authentication Configuring the Command Server Setting the Command Server for OCS Interaction Deleting the Command Server Authentication Adding the OCS as the Authentication Server Deleting an Authentication Server Testing Authentication Disabling Authentication Setting the Authentication Interval Bypassing Authentication HTTP Request Throttle Setting the HTTP Request Throttle Deleting the HTTP Request Throttle Allow-Nets Setting an Allow-Net Deleting an Allow-Net Automatic Redirection URLs Setting the Automatic Redirection URL Deleting the authok Page Authentication with RADIUS Adding a RADIUS Server Page Set NAS port type parameter show status radius Testing Authentication on the RADIUS Server Configuring a RADIUS SSL Back Channel Chapter 6 - Authorization Authorization Chapter 7 - Accounting Accounting Sending Accounting Messages to a Syslog Server Radius Accounting Configuration Sending Accounting Messages to a RADIUS Server Deleting a RADIUS Accounting Server Configuring Accounting Parameters Chapter 8 - Provisioning Chapter 9 - Billing Billing Chapter 10 - Service Creation Using Groups and Rules Groups Adding a Group Deleting a Group Setting the Active Group Context Subscribers that Cannot Support Authentication Setting Maximum Users Per Port SMS2000 Rules Adding a Rule Deleting a Rule Rule Expression Components IP Address MAC Address VLAN SNMP-INFO The NOT Operator The AND Operator The OR Operator Parenthesis Using Rule Priorities Chapter 11 - IP Addressing IP Addressing Plug and Play With NAT Static Routable Addresses DHCP Pools Static Non-Routable Addresses IP Multicasting Configuring a Control Network for Additional Client IP Addresses Understanding 1to1 and 1to1 Unique IP Types Configuring IP Types Source-Nets Setting a Source-Net Deleting a Configured Source-Net DHCP Creating DHCP Pools Removing a DHCP Assignment DNS Setting the DNS Server Address Static Routes Adding Routes Chapter 12 - Printing Setting up the LPR Host Chapter 13 - Using SMS2000 with a RADIUS Server Configuring RADIUS Obtaining the RADIUS Server Software Adding the SMS2000 as a Client on the RADIUS Server Adding Users to the RADIUS Server Configuring Service Parameters Using Real IP Addresses RADIUS Ports SMS2000 NAS File SMS2000 Status Attributes and Statistics RADIUS Attributes Sent in Accounting Messages RADIUS Attributes Sent In Access- Request Packets RADIUS Attributes Received in Access- Accept Packets Using Both RADIUS and OCS Authentication Setting Traffic Shaping Deleting Traffic Shaping Chapter 14 - SMS2000 and Property Management Systems (PMS) Setting the PMS Server Protocol Modes TTY MODE ACK-NAK MODE ENQ-ACK-NAK MODE Chapter 15 - Customizing SMS2000 Web Authentication with RADIUS Loading and Deleting Customized Web Pages Files For Groups Loading Web Pages or Files Path Components Image Links Upgrading Deleting Web Pages or Files Customizing Web Pages Preserving the Web Form Size For Web Pages and External Links Web Page Redirection Active Page Components Viewing Customizations Chapter 16 - Configuring Web Proxy Settings Web Proxy Settings Setting the WPAD CURL Setting the WPAD Timeout Web Proxy Server Enable Proxy Server Support Disable Proxy Server Support Viewing Proxy Server Support Status Adding TCP Proxy Ports Deleting TCP Proxy Ports Viewing TCP Proxy Ports Chapter 17 - SMS2000 Troubleshooting SMS2000 Troubleshooting Procedures Table 17-3 provides valuable information for troubleshooting the SMS2000. Table 17-3 SMS2000 Troubleshooting Procedures Subscriber Connection: SNMP Polling xxx-xxx Multiple frames opened in browser Unable to do credit card billing Verify OCS screens off- line Appendix A - RADIUS Access-Accept Dictionary File RADIUS Attributes in Access-Accept Packets Page Page Page Appendix B - Technical Assistance and Customer Support Appendix C - SMS2000 Limited Warranty Hardware Limited Warranty Limitations of Warranty Exclusive Remedies Assistance FCC Radio Frequency Interference Statement Electrical Safety Advisory Tut Systems, Inc., Customer Service Department