Tut Systems SMS2000 Using Real IP Addresses , RADIUS Ports

Using SMS with RADIUS Server

TUT Systems, Inc Page 79 of 104 P/N 220-06288-20

If no connect information is provided, connect information defaults to that specified for

the default group (called “*” or “star”). This information can be specified at the

SMS2000. If no bandwidth management is specified at the SMS2000, then users without

“Connect-Info” parameters have no bandwidth limits.

Using Real IP Addresses

Subscribers can use real Internet routable IP addresses when connected to the SMS2000

and authenticated via RADIUS. The easiest way to do this is to configure the default

group with the static IP type in SMS, providing an optional DHCP pool of real IP

addresses available via DHCP.

If only a few users are going to connect using static IP addresses which are not

configured via DHCP, while the rest of your users will be NATed, use the “Framed-IP-

Addr” attribute to indicate the expected address in the user’s entry.

If the subscriber’s PC is configured with the given address, the SMS2000 passes traffic

through directly to the subscriber once the subscriber is authenticated without using

NAT. If the subscriber’s PC is configured for DHCP or is configured with the wrong IP

address, the SMS2000 will NAT the subscriber as normal.

For example:

Postel Password = “Postel”

Framed-IP-Address = “18.181.0.29”

Connect-Info = “3000000/1000000”

When Postel connects to the SMS2000, he will initially be NAT-ed and redirected to the

SMS2000’s RADIUS login page. After properly authenticating himself with his user

name and password, the SMS2000 will check his PC’s IP address against the one

returned via RADIUS. If they match, the SMS2000 will pass traffic from Postel directly

through itself, without using NAT. If they don’t, Postel will be NATed. Also note that

Postel is limited to 3Mbps upstream and 1Mbps downstream. The use of static IP

addressing is independent of the quality of service parameters. They may or may not be

included together in any subscriber’s entry.

RADIUS Ports

The official assigned RADIUS ports are 1812 for authentication and 1813 for accounting.

A typical /etc/services file shows the RADIUS ports this way:

radius 1812/tcp # radius

radius 1812/udp # radius

radius-acct 1813/tcp radacct # radius Accounting

radius-acct 1813/udp radacct # radius Accounting

SMS2.3.5 and earlier used ports 1645 and 1646. Any SMS that currently has a RADIUS

server configured will retain ports 1645 and 1646 when upgrading to SMS2.3.6.

By default, any new RADIUS configuration with SMS2.3.6 will use ports 1812 and

1813, unless the systems administrator specifies another set of ports.