Service Creation Using Groups and Rules | Tut Systems SMS2000

Service Creation Using Groups and Rules

Chapter 10 - Service Creation Using Groups and Rules

Groups are created on the SMS2000 in order to provide an easier way to manage multiple subscribers. Subscribers are placed into groups according to a set of rules. Rules may be configured directly on the SMS2000 through the command line interface or, more typically, are generated automatically by the OCS and downloaded to the SMS2000. Rules are a set of Boolean operators that compare a subscriber’s MACaddress, IP address, VLAN tag, and SNMP-reported origin (for Tut Systems’ Expresso GS/MDU Chassis media).

When a rule is matched, the subscriber is placed in the appropriate group. Rules also specify attributes such as IP addressing or traffic shaping parameters, which override the group defaults.

The SMS2000 can treat subscribers differently, depending on the group into which they are placed. By default, a single group is used for all subscribers, but additional groups can be added. Group membership controls the following attributes:

•DHCP pool selection

•Authentication and accounting server selection

•DNS server for queries

•Default traffic shaping parameters

Groups

Many configuration items, including authentication type, IP type, and shaping can be tied to groups. For example, if a manager had previously configured an SMS2000 to use RADIUS to authenticate users, but had a particular subscriber who wanted to use a NAT box which could not conduct RADIUS authentication, the manager might use a rule to place that particular box in a special group which did not require authentication.

Adding a Group

To add groups with specific characteristics, use this command:

group add groupname [noinherit inherit groupname]

For example, to add a group named custnat, type:

SMS2000% group add custnat

Note: The new group automatically becomes the new group context. Group specific commands affect the new group.

TUT Systems, Inc

Page 62 of 104

P/N 220-06288-20

Image 62

Tut Systems SMS2000 manual Service Creation Using Groups and Rules, Adding a Group

Contents

TUT Systems SMS2000 User Guide SMS2000 User’s Guide SMSUser’s Guide Contents Configuring Snmp Polling Configuring SmtpConfiguring NTP Connectivity and Testing Authentication with Radius Authentication Configuring the Command ServerAuthentication Authorization Groups Using Rule PrioritiesConfiguring Radius SMS2000 Rules SMS2000 Troubleshooting Procedures Using Both Radius and OCS AuthenticationWeb Proxy Settings SMS2000 Status Attributes and Statistics List of Figures Radius Attributes in Access-Accept PacketsList of Tables Documentation available for this Release PrefaceAudience Related Documentation Subscriber Management Features Introduction Introduction Subscriber Management Components Subscriber Management Components SMS2000 OCS Introduction Getting Started User Interface Ifconfig portnumber ipaddress /masklen Accessing Help for CommandsFor example restore config web original-confi g Style Conventions Cursor Movement Cursor Motion Keystrokes Establishing a Connection with the SMS2000 Initial ConfigurationClick Configure Establishing a Connection Via a Serial Interface Establishing a Connection Via Telnet Initial Configuration Setting the Quick Configuration Initial ConfigurationChanging Your Password Saving the Configuration Setting the HostnameDisabling Authentication Reboot Rebooting the SystemVerifying the Configuration Setting the Default Configuration E-mail System AdministrationConfiguration E-Mail Settings Set config-mailrecipient@SMTPserver SMTPserver Deleting the Configuration E-mail Configuration and System File ToolsMailing the Current Configuration Committing Configuration Changes Commit auto Automatically Committing Configuration ChangesDisabling Automatic Configuration Changes Commit noauto Restoring a Previous Configuration Saving a ConfigurationLoading a Configuration File Setting the Smtp Server Configuring SmtpRestoring the Default Configuration Deleting the Smtp Server Setting the Timezone Configuring NTPSetting the Smtp ID Set smtpid on off Setting the Time Configuring Snmp PollingConfiguring the NTP server Enabling Snmp Polling Snmp-pollmacaddress Testing to See if Snmp Polling will WorkDisabling Snmp Polling Setting Specialized System Options Connectivity and TestingTesting Connectivity System Tools Leftrighthelp ? Setting and Deleting Static PortsDefining Ports Port-definition mixed tut vlan Event Tracking Disconnecting a Session on a PortSetting the Syslog Server Displaying Log Messages Exiting the Management Session System Administration ToolsDisplaying Version Information Passwd Changing a PasswordDisplaying Control Keys Keys Snmp System Contact Snmp ManagementSnmp Agent Snmp System Location Snmp Community Snmp Trap Recipient SMS2000% snmp delete trap-recipient Troubleshooting ToolsSystem Information Tools Show snmp trap-recipient Setting the ARP Failure Limit Subscriber Connectivity CommandsUpgrades Setting the ARP Polling Period Upgrading from Tut Systems’ Website Archiving SMS2000 Firmware and distributing it from a Server Loading Another Image Verifying a Successful UpgradeReturning to an Older Firmware Version System Administration Authentication Authentication Deleting the Command Server Configuring the Command ServerSetting the Command Server for OCS Interaction Adding the OCS as the Authentication Server Auth add web url secret secret cmd-serv Deleting an Authentication ServerTesting Authentication Auth on Auth off forcedweb authokurl blockall Setting the Authentication IntervalBypassing Authentication Auth interval minutes off Allow-Nets Setting the Http Request ThrottleHttp Request Throttle Deleting the Http Request Throttle Setting an Allow-Net Set allow-netipaddress netmask dns-name Deleting an Allow-Net Setting the Automatic Redirection URLAutomatic Redirection URLs Set authok url Adding a Radius Server Authentication with RadiusDeleting the authok Delete authok Command Syntax Description Usage Guidelines Example DefaultDefault retrans-primary-only is Set nas-port-type Set NAS port type parameterSet nas-port-type integer Show status radius Testing Authentication on the Radius ServerConfiguring a Radius SSL Back Channel Show status radius Example Authorization AuthorizationAuthorization Server Functionality Sending Accounting Messages to a Syslog Server AccountingAccounting Sending Accounting Messages to a Radius Server Radius Accounting ConfigurationConfiguring Accounting Parameters Deleting a Radius Accounting Server Provisioning Provisioning Billing Billing Adding a Group Service Creation Using Groups and RulesGroups Group add groupname noinherit inherit groupname Setting Maximum Users Per Port Setting the Active Group ContextSubscribers that Cannot Support Authentication Deleting a Group Deleting a Rule SMS2000 RulesAdding a Rule Set rule rulename groupname priority rulestring MAC Address Rule Expression ComponentsIP Address Ip=ipaddress ,netmask Tut=ipaddress-linenum*-portnum Not OperatorVlan=vlanida-vlanidb Parenthesis OperatorOr Operator Expression and expression Using Rule Priorities Plug and Play With NAT IP AddressingIP Addressing Static Routable Addresses Dhcp Pools Static Non-Routable Addresses IP Multicasting Understanding 1to1 and 1to1 Unique IP Types Configuring IP TypesIptype default NAT static Dhcp 1to1 1to1Unique Source-Nets Setting a Source-NetDeleting a Configured Source-Net Set source-netstartaddress endaddress subnet-mask Removing a Dhcp Assignment Setting the DNS Server AddressCreating Dhcp Pools Dhcp-server release macaddress Adding Routes Static RoutesDeleting the DNS Server Address Set dns add ipaddress Set lpr hostname off queuename maxpages maxbytes Setting up the LPR HostPrinting Obtaining the Radius Server Software Using SMS2000 with a Radius ServerConfiguring Radius Adding Users to the Radius Server Configuring Service ParametersAdding the SMS2000 as a Client on the Radius Server Using Real IP Addresses Radius Ports Radius Attributes Sent in Accounting Messages SMS2000 Status Attributes and StatisticsSMS2000 NAS File Radius Attributes Received in Access- Accept Packets Using Both Radius and OCS AuthenticationRadius Attributes Sent In Access Request Packets Shape xbps/rbps Setting Traffic ShapingDeleting Traffic Shaping Shape xbps/rbps delete Setting the PMS Server SMS2000 and Property Management Systems PMS Protocol Modes TTY ACK-NAK ENQ-ACK-NAK ENQ-ACK-NAK Mode Files For Groups Customizing SMS2000 Web Authentication with RadiusLoading and Deleting Customized Web Pages Loading Web Pages or Files Image Links Load web url defaultsPath Components Deleting Web Pages or Files Customizing Web PagesUpgrading Preserving the Web Form Size For Web Pages and External Links Web Page Redirection Reference Active Page ComponentsViewing Customizations Setting the Wpad Curl Configuring Web Proxy SettingsWeb Proxy Settings Setting the Wpad Timeout Web Proxy Server Show proxy-ports Set proxy-ports portDelete proxy-ports port SMS2000 Troubleshooting SMS2000 Troubleshooting Procedures Browser Snmp PollingMultiple frames opened Unable to do credit card Verify OCS screens off Line Appendix a Radius Access-Accept Dictionary File Radius Attributes in Access-Accept Packets Appendix Appendix TUT Systems, Inc 100 Internet Telephone Appendix B Technical Assistance and Customer SupportTechnical Support Equipment Return and Repair Limitations of Warranty Appendix C SMS2000 Limited WarrantyHardware Limited Warranty Exclusive Remedies Assistance Electrical Safety AdvisoryTut Systems, Inc., Customer Service Department FCC Radio Frequency Interference Statement TUT Systems, Inc 104