Manuals / USRobotics / Computer Equipment / Switch

USRobotics NETServer/8, NETServer/16 manual Making NETServer talk to a Radius security server

Models: NETServer/16 NETServer/8

1 284

Download 284 pages 20.7 Kb

Page 270

Outbound-User

The RADIUS protocol defines this user type as a user on the local network who is using the modems to dial out (Similar to the NETServer’s host device dial out user). However, the RADIUS Outbound-User type is not defined on the NETServer. Do not use Outbound-Users in your RADIUS users file.

For authentication, the NETServer requires that host device dial out users be defined as login users who will be telnetted directly to a modem when they successfully log in. To add these users to RADIUS, define them as login-users.

Making NETServer talk to a RADIUS security server

This section assumes that RADIUS is already up and running on a workstation on your network.

1.Select the primary RADIUS security server:

set authentic <IP address>

2.Optional. Select the alternate RADIUS security server.

If your network has more than one RADIUS server, indicate which one will be considered the alternate server. If for some reason the primary server is unavailable, the NETServer will check with the alternate server.

set alternate <IP address>

3.Set the encryption key or secret.

This is the encryption key that the NETServer uses to encrypt user IDs and passwords and that the RADIUS server uses to decrypt them. The RADIUS server(s) must be set to the same encryption key or secret. The encryption key can be up to 15 characters long.

set secret <encryption key>

4.Save the changes. Use the following command:

save global

F-10 RADIUS

Image 270

USRobotics NETServer/8, NETServer/16 manual Making NETServer talk to a Radius security server

Contents

NETServer/8 NETServer/16 Page Table of Contents Network Dial-in Access Administrative Tools Reference Section Warranty and Service Limited Warranty Service and Support Technical SupportVii We welcome your suggestions for better documentation Viii Additional Software Enhancements Chapter OverviewWhat’s New with Release 3.1? Overview Accounting Servers Netmask TableIP Address Spoofing Accounting Server Support Radius Accounting and ANI/DNIS Multiple Name ServersRandomized Hosts Icmp Message Logging New Modem Port Features NETServer Overview IP Modem Sharing How do I get there from here? Administrative Utilities Security Chapter Basic Installation System Administrator RequirementsBasic Installation TCP/IP Reference Material Accessing the Command Line Getting Started Getting the LAN port up and running First step for IPX or IP/IPX networks Basic Installation IP Configuration You must also set the Broadcast Address. Type the following IPX Configuration Ethernet802.3 ethernet802.2 ethernet802.2II ethernetII Final Steps Recommended Global Configuration PasswordIP and IPX Default Gateways To set the IP gateway, type the following Name Service Save your work Basic Installation Chapter Configuration Overview How to Setup ApplicationsConfiguration Overview Where do I go from here? Application Section You can abbreviate commands Command LineCommands are not case sensitive Separate a parameter and its value by a space How to log out of the command line Reset any ports you have changedReboot when necessary Save your changes Quick Command Overview Overview of configurable tables Global ConfigurationHosts Table Location Table Initialization Script ConfigurationNet0 LAN Port Configuration Netmasks Table Packet Filter Table Port Configuration Port Type Snmp Configuration Routes Table User Table Configuration Overview Chapter IP Terminal Server Setup Terminal or Workstation SetupIP Terminal Server Setup NETServer Terminal Server Setup Overview Port Default Global DefaultUser Table Set the port type to User Login Terminal Server Detailed SetupConfiguring a Port Set the port’s security Pass-Thru Login Create default user settings for the port Port Default Login Service Optional Friendly Stuff Save sport # Configure the user Adding a Remote User to the User TableAdd the user to the User Table Login Service Configure for dialback use? IP Terminal Server Case Studies Example NETServer will use ports 6, 7, and 8 for this application Save your work and reset all the ports Example IP Terminal Server Setup Chapter Network Dial In Access Dial-in User SetupNetwork Dial In Access NETServer Setup for Network Dial-In Overview Prework Configuration NETServer Dial-In Detailed Setup Dialback Users on this Port? Save the changes to flash memory Create a new user Normal or dialback user? Add configuration information for the user This is the user’s IP subnet mask. Use the following command Option can be any one of the following IP Remote Access Case Study Configure the ports Create user table entries for the dial in users Create a user table entry for the dialback user Save your work and reset the ports Connecting to the NETServer IPX Remote Access Create User Table entries for the dial in users Setup for NETServer Routing Overview Chapter LAN-to-LAN RoutingLAN-to-LAN Routing IPX routing LAN-to-LAN Routing An Introduction to NETServer Routing NETServer Routing LAN-to-LAN Routing Static vs. Dynamic Routes How RIP Dynamically Builds the Routing Table How Packets are Routed Establishing Connections to Remote Gateways Routing Procedure PAP/CHAP Authentication PAP Password Authentication Protocol Chap Setup for the NETServer Chap Challenge Example LAN-to-LAN Routing Detailed Setup Configuring the Port Creating a Dial-Out Group Adding a Remote Device to the Location Table Create a new location table entrySet Required Location Parameters This is the remote device’s IP address Set location location name netmask netmask Dial Group Number Multiple lines for a single connection Maximum Ports Create a Dial Script Set location Chicago script 1 atds slot#\r Connect Adding the Remote Device to the User Table Create a User Table EntryTell the NETServer about the Remote Device Set user user name protocol ppp slip Set netuser user name compression on off LAN-to-LAN Routing Case Study Setting Up NETServer a Add netuser nsb password xyzabc Setting Up NETServer B Now, save your work and reset the ports Testing the Connection Connecting to NETServer a from NETServer B What If I Don’t Want to Use Chap Authentication? TCP/IP Modem Sharing Configure the port as a host deviceChapter Talking to the Modems Assign the modem a TCP port number Save your work and reset the port Turn modem control carrier detect off Implementing Security with Host Device Dial Out Configuring modems as Unix pseudo TTYs Talking to the Modems Add a New Initialization Script Modem Initialization ScriptsHow To Assign Text to an Initialization Script Use an Existing Initialization Script Delete an Initialization ScriptDisplaying an Initialization Script Default initialization string Initialization Script Example Sending AT commands to the modems Talking to the Modems Chapter Packet Filters Packet FiltersPacket Filters Types of Filters Packet Filters and the NETServer Input filters vs. Output filters Information Sources Adding Packet Filters Input filters vs. Output filters Filter Rule Format Rule TypeName Rule Number Permit or DenyOptions TCP/IP packet filtering Destination Address TCP and UDP parameters Standard Port Numbers TCP UDP Filtering RIP messages FTP Packet Filtering Client opens a control channel FTP Example Filtering Icmp packets Type Description IPX packet filtering IPX Rules Dsthost SAP Rule Options Delete a Packet Filter Rule Editing Packet FiltersEdit a Packet Filter Delete a Packet Filter View a Packet Filter View the Packet Filter Table Changing the command prompt Chapter Administrative ToolsConfiguring the !root account Root Access Telnet Access Port Manually Connecting to a Remote Site Dial CommandNslogin, Rlogin and Telnet Commands Troubleshooting Commands Viewing Debug messages Turn off the output console by typing the following Ifconfig MTU Ping Ptrace Traceroute Version Show command Show Show arp Show flash Show memory Show netconns Show netstat Show sap Show sessions Administrative Tools Chapter Command Reference Global ConfigurationCommand Reference View the Global Configuration Table Get helpSave Changes Assigned Address Default HostGlobal user parameters Connect Message Randomize Hosts Default Gateways Global routing parameters Default Route IP Address Spoofing Proxy ARP NetBIOS Packet PropagationPAP Authentication System Name Name Service ServiceServer name DNS Cache Reset Time-out Domain name Alternate Radius Server Radius securityPrimary Radius Server Radius Secret Radius Accounting Syslog Accounting Icmp Logging Delete a Host Hosts TableAdd a Host View the Hosts Table Add a Location to the Location Table Bring Up the List of CommandsLocation Table Change a Location’s Parameters Save Location Table Changes View the Location TableView a Particular Location Location Table Parameters Connection Type IP Address NetmaskIPX Network Protocol RoutingCompression Dial Group Maximum Ports Idle Time-out High Water Mark MTU PPP Async Map Output Filter Input FilterDial Script Send Reply LAN Port Net0 Configuration Reset the Network Interface Card View LAN Port Configuration LAN Port ParametersEthernet Status Configured Ethernet Media Interface Address Broadcast Address IPX Frame Type Set net0 ifilter filter name Delete a netmask Netmask TableAdd a netmask View the netmask table Save Port Configuration Change a Port’s Parameters To view all of the S-ports, use the following command View the Ports Table Idle Port is idle View an Individual Port User Login Determining a Port’s TypeHost Device Device Service Network Login Message Dial In Port ParametersLine Hangup Login Prompt Security Pass-Thru Login User Login Port Parameters Dialback DelayAutolog Name Host Login Service Terminal Type Hardwired Port Parameters IPX Network Number Set s0 netmask netmask NETServer sends RIP information across Databits Serial Communications ParametersPort Speed Stopbits Host Override ParityFlow Control Modem Control Routes Table Configuration Add a Route to the Routes TableChange a Route’s Information Delete a Routes Table Entry Save Routes Table ChangesView the IP Routes Table Viewing the IPX Routes Table Flag Parameter IP Parameters IPX Parameters Save the Snmp Table Changes Snmp TableDelete Snmp Hosts Enabling/Disabling Snmp Read Community Name Snmp Table ParametersView Snmp Table Write Community Name Read Hosts Write Hosts User Table Add a User to the User Table Save User Table Changes Change a User’s ParametersDelete a User View the User Table Login User Parameters Access FilterDialback Number Set user name service rlogin telnet netdata portmux Command Reference Network User Parameters Dialback IPX connections require the PPP protocol NETServer sends RIP information to the dial Set user filter name ofilter filter name Command Reference Appendix a Technical Specifications 16 port NETServer Hardware Maximum Input Power Power RequirementsMaximum Output Power Typical Input Power Technical Specifications A-3 External Serial Port Console Ethernet Network Interface Card 10Base-T 10Base-2 BNC SignalTechnical Specifications A-5 Isolated GND Technical Specifications Token Ring⎯STP Connector Technical Specifications A-7Token Ring Network Interface Card Token Ring⎯UTP Connector Technical Specifications A-9 NETServer Firmware SpecificationsAdministration Routing Support PPP Specific Features Industry Standards SupportClient Dial-up Support Technical Specifications A-11 Slip and PPP Client Software Support Technical Specifications IP Addressing Basics Appendix B Addressing SchemesIPX Addressing Basics Addressing Schemes B-1 Address Classes SubnettingAddressing Schemes Mask Binary Subnets Hosts Addressing Schemes B-3 Reserved Addresses Supernetting Advanced TCP/IP Addressing Schemes B-5 Cidr Each Supernet is treated as a single entity Addressing Schemes B-7 Step two Select a range of addresses for each supernet Addressing Schemes B-9 Supernetting and the NETServer Appendix C Software Download SDL Using a Direct Connection to a PCWhy Perform an SDL Software Download? Software Download C-1 Loading the Software Download SDL Program Make Backup Copies of the NETServer FirmwareSoftware Installation Starting SDL SDL Command Syntax Software Download C-3 Optional -d Parameter Filename Prefixes Entering SDL Mode Software Download C-5 From the Windows Management Software Upgrading NETServer Firmware Upgrading the Modem Firmware Software Download C-7 For the Isdn NETServer, the file names are Error Messages Software Download C-9 PC SDL program detected unknown command line argu- ments Software Download C-11 Invalid Control Word Software Download C-13 File you are trying to download is not a NETServer file Appendix D Boot Process Boot Process D-1 Boot Process Using Syslog Appendix E Syslog AccountingSyslog Accounting E-1 Syslog System Message Format Syslog System MessagesSpotting Unused Ports Syslog Accounting Syslog System Message Examples Syslog Accounting E-3 Someone has logged in as !root on port S16 Syslog Accounting E-5 Syslog Accounting Appendix F Obtaining Radius Security a Centrally Managed User Table Setting Up Radius User Table Entries Authentication Items Response Items Radius F-5 Framed-Netmask Radius F-7 User Types Radius F-9 Making NETServer talk to a Radius security server Chap authentication using Radius Radius accounting fields Acct-Delay-TimeRadius Accounting Acct-Status-Type Accounting Examples Acct-AuthenticAcct-Session-Time Radius Alphabetical Index Index Index Icmp MTU NIC PPP SAP Slip Index Index