Using SMS with RADIUS Server

If no connect information is provided, connect information defaults to that specified for the default group (called “*” or “star”). This information can be specified at the SMS2000. If no bandwidth management is specified at the SMS2000, then users without “Connect-Info” parameters have no bandwidth limits.

Using Real IP Addresses

Subscribers can use real Internet routable IP addresses when connected to the SMS2000 and authenticated via RADIUS. The easiest way to do this is to configure the default group with the static IP type in SMS, providing an optional DHCP pool of real IP addresses available via DHCP.

If only a few users are going to connect using static IP addresses which are not configured via DHCP, while the rest of your users will be NATed, use the “Framed-IP- Addr” attribute to indicate the expected address in the user’s entry.

If the subscriber’s PC is configured with the given address, the SMS2000 passes traffic through directly to the subscriber once the subscriber is authenticated without using NAT. If the subscriber’s PC is configured for DHCP or is configured with the wrong IP address, the SMS2000 will NAT the subscriber as normal.

For example:

Postel Password = “Postel”

Framed-IP-Address = “18.181.0.29”

Connect-Info = “3000000/1000000”

When Postel connects to the SMS2000, he will initially be NAT-ed and redirected to the SMS2000’s RADIUS login page. After properly authenticating himself with his user name and password, the SMS2000 will check his PC’s IP address against the one returned via RADIUS. If they match, the SMS2000 will pass traffic from Postel directly through itself, without using NAT. If they don’t, Postel will be NATed. Also note that Postel is limited to 3Mbps upstream and 1Mbps downstream. The use of static IP addressing is independent of the quality of service parameters. They may or may not be included together in any subscriber’s entry.

RADIUS Ports

The official assigned RADIUS ports are 1812 for authentication and 1813 for accounting. A typical /etc/services file shows the RADIUS ports this way:

radius

1812/tcp

 

# radius

radius

1812/udp

 

# radius

radius-acct

1813/tcp

radacct

# radius Accounting

radius-acct

1813/udp

radacct

# radius Accounting

SMS2.3.5 and earlier used ports 1645 and 1646. Any SMS that currently has a RADIUS server configured will retain ports 1645 and 1646 when upgrading to SMS2.3.6.

By default, any new RADIUS configuration with SMS2.3.6 will use ports 1812 and 1813, unless the systems administrator specifies another set of ports.

TUT Systems, Inc

Page 79 of 104

P/N 220-06288-20

Page 79
Image 79
Tut Systems SMS2000 manual Using Real IP Addresses, Radius Ports