Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 1600 12.2RADIUS Support, 12.3RADIUS Authentication, 12.2.1 About RADIUS, 12.2.2 Using RADIUS Authentication, 12.3.1 Installing a RADIUS Server

1 163

Download 163 pages, 3.27 Mb

Prestige 1600 Universal Access Concentrator

12.2RADIUS Support

This section shows you to configure user authentication and accounting using an external RADIUS server.

12.2.1 About RADIUS

RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share.

12.2.2 Using RADIUS Authentication

12.3RADIUS Authentication

Your Prestige has a built-in dial-up user list; however, the number of users that can be stored locally is limited due to memory constraints. If you have more users than what the Prestige can store locally, use an external RADIUS (Remote Authentication Dial-In User Service) server that provides authentication service for unlimited number of users.

12.3.1 Installing a RADIUS Server

To use RADIUS authentication, you need to have a UNIX or Windows NT machine on your network as the RADIUS server, as well as the RADIUS software itself.

You can obtain the RADIUS server software, along with documentation, at

http://www.livingston.com/Tech/FTP/pub-le-radius.shtml or ftp://ftp.livingston.com/pub/le/radius/

Follow the included instructions to install the software on your server.

After you install the server software, you will need to edit the dictionary file in the RADIUS configuration directory (usually /etc/raddb). Using any text editor, add the following lines to the dictionary file:

# Zyxel proprietary attributes
ATTRIBUTE	Zyxel-Callback-Option 192 int0eger
VALUE	Zyxel-Callback-Option None		0
VALUE	Zyxel-Callback-Option Optional		1
VALUE	Zyxel-Callback-Option Mandatory		2
# Callback	phone number source
ATTRIBUTE	Zyxel-Callback-Phone-Source	193	integer
VALUE	Zyxel-Callback-Phone-Source	Preconfigured 0
VALUE	Zyxel-Callback-Phone-Source	User	1

The message exchange of RADIUS authentication is shown next.

12-2	RADIUS Support

Contents

Page Prestige Universal Access Concentrator Copyright Disclaimer Trademarks ZyXEL Limited Warranty Customer Support When Contacting Customer Support Representative Table of Contents Page Page Page Page Page List of Figures Page Page Page List of Tables Page Preface About the Prestige Network Modules Configuring your Prestige About this Guide Related Documentation What is DSL SDSL (Symmetric DSL) ADSL (Asymmetric DSL) IDSL (ISDN DSL) DSL Comparison Chart Getting to Know Your Concentrator 1.1Overview of the Prestige Physical Dimensions Power Requirement Operating Environment 1.2Key Benefits 1.3Detailed Features of the Prestige Modular Architecture Configuration Types Network Interfaces Network Protocol Support Robust Security Features Internet Access Sharing Remote Software Upgrades 1.4Prestige 1600 and Prestige DSL Clients Page Prestige 1600 Applications 2.1Multi Purpose Concentrator 2.2Prestige 1600 Deployment Scenarios 2.2.1Deployed at a High-risefor High-SpeedInternet Access 2.2.2Campus Connectivity 2.2.3Deployed at ISPs and Other Service Providers 2.2.4Configuration Example One 2.2.5Configuration Example Two 2.2.6Configuration Example Three 2.2.7Configuration Example Four Initial Setup 3.1Initial Screen 3.1.1Password 3.2Navigating the SMT Interface 3.3SMT Menus At A Glance Page 3.3.1P1600 Main Menu - Primary 3.3.2Secondary and Standalone Main Menu 3.4Changing the System Password 3.5Resetting the Prestige 3.6General Setup 3.6.1DNS Server Address Figure 3-7Menu 1 - General Setup (Primary) Configuration Type Figure 3-8Menu 1 - General Setup (Secondary/Standalone) Table 3-3General Setup Fields Field Page WAN Port Setup 4.1Configuring The WAN Port For PPP over HDLC 4.2Configuring The WAN Port For Frame Relay 4.2.1Standards 4.2.2How To Configure The WAN Port For Frame Relay 4.3How To Configure Frame Relay for Internet Access 4.3.1Encapsulation 4.3.2DLCI 4.3.3CIR (Committed Information Rate) 4.3.4EIR (Excess Information Rate) 4.3.5How To Configure Frame Relay for Internet Access 4.4How To Configure Frame Relay For A Remote Node Figure 4-7Menu 11.1 - Remote Node Profile Figure 4-8Menu 11.4 - Remote Node Frame Relay Options Internet Access 5.1Introduction 5.1.1IP Address assignment Page 5.1.2Standalone IP Pool 5.2TCP/IP Parameters 5.2.1IP Address and Subnet Mask 5.2.2RIP Setup 5.2.3IP Multicast 5.3IP Policies 5.4TCP/IP Ethernet Setup 5.5Collecting Internet Account Information 5.6Internet Access using the Prestige 1600 Primary Figure 5-2Menu 4 - Internet Access Setup Table 5-4Internet Access Setup Menu Fields Observation Address Mapping Set below DSL Port Setup Figure 6-2DSL Port Setup Table 6-1DSL Port Setup Fields Option Yes/No IDSL 6.1Port Usage 6.1.1Example IDSL Port Setup 6.1.2User Authentication 6.1.3PAP/CHAP Page Remote Node Configuration 7.1Remote Node Setup Table 7-1Remote Node Profile Menu Fields for Leased Lines No (default) bring you to Menu 11.2 - Remote Node PPP Default 7.2Outgoing Authentication Protocol 7.3Editing PPP Options 7.4Edit IP Parameters Menu 11 - Remote Node Profile Table 7-3TCP/IP related fields in Menu 11.1 - Remote Node Profile Menu 11.3 - Remote Node Network Layer Options Table 7-4Remote Node TCP/IP Configuration Full Page Static Route 8.1.1Basics 8.1.2Static Route Setup Menu 12 - IP Static Route Setup Figure 8-2Menu 12 - IP Static Route Setup Figure 8-3Menu 12.1 - Edit IP Static Route Menu 12.1 - Edit IP Static Route Setup Table 8-1Edit IP Static Route Menu Fields Menu 12 - IP Static Route Setup Page Network Address Translation (NAT) 9.1Introduction 9.1.1NAT Definitions 9.1.2What NAT Does 9.1.3How NAT works 9.1.4NAT Mapping Types 9.1.5SUA (Single User Account) Versus NAT 9.2SMT Menus 9.2.1Applying NAT in the SMT Menus Figure 9-2Applying NAT for Internet Access Menu 11.3 - Remote Node Network Layer Options Figure 9-3Applying NAT to the Remote Node Table 9-2Applying NAT in Menus 4 & Full Feature: 9.2.2Configuring NAT 9.2.3Address Mapping Sets and NAT Server Sets: Figure 9-6SUA Address Mapping Rules Table 9-3SUA Address Mapping Rules Options/Example SUA Select Rule 9.2.4Ordering Your Rules Action Menu 15.1.1.1 - Address Mapping Rule Figure 9-8Editing an Individual Rule in a Set Table 9-5Menu 15.1.1.1 - configuring an individual rule Option/Example 9.3NAT Server Sets 9.3.1Multiple Servers behind NAT 9.3.2Configuring Inside Servers 9.4Examples 9.4.1Internet Access Only 9.4.2Example 2 - Internet Access with a Default Inside Server 9.4.3Example 3 - General Case Menu 15.1 - Address Mapping Sets Edit Type One-to-One Start IP 9.4.4NAT Unfriendly Application Programs 9.4.5Example 4 - Remote Management 9.4.6Applying NAT to the Ethernet Port Figure 9-19Ethernet SUA Figure 9-20Applying NAT on the LAN Port Menu 12 - IP Static Route Setup Page Filter Configuration 10.1About Filtering 10.2The Filter Structure of the Prestige Filter Set Execute Filter Rule Figure 10-2Filter Rule Process 10.3Configuring a Filter Set 10.3.1 Filter Rules Summary Menu 10.4Configuring a Filter Rule 10.5Filter Types and NAT 10.5.1 TCP/IP Filter Rule Figure 10-6Menu 21.1.1 - TCP/IP Filter Rule Table 10-4TCP/IP Filter Rule Menu Fields None/Less/Grea ter/Equal/Not Equal Yes/N/A If More is Yes, then Action Matched and Action Not Matched will be N/A Action Not Matched 10.5.2 Device Filter Rule Figure 10-8Menu 21.1.2 - Device Filter Rule Table 10-5Device Filter Rule Menu Fields Yes / N/A If More is Yes, then Action Matched and Action Not Matched will be N/A 10.6Applying a Filter 10.6.1 Ethernet traffic 10.6.2 Remote Node Filters 10.7Filter Example 10.7.1 Configuring a FTP_WAN Filter Rule Figure 10-11FTP_WAN Filter Configuration Figure 10-12Filter Rule Configuration Figure 10-13Filter Rule Configuration Figure 10-14FTP_WAN Filter Rules Summary Menu 11. 1 - Remote Node Profile Input Protocol Filter Set Figure 10-15Remote Node Profile Page SNMP Configuration 11.1About SNMP 11.2Supported MIBs 11.3SNMP Configuration 11.4SNMP Traps Page System Security 12.1Changing the System Password 12.2RADIUS Support 12.2.1 About RADIUS 12.2.2 Using RADIUS Authentication 12.3RADIUS Authentication 12.3.1 Installing a RADIUS Server 12.3.2 The Key Field 12.3.3 Adding Users to the RADIUS Database 12.3.4 RADIUS Server Configuration 12.4RADIUS Accounting Menu 24.3.2 - System Maintenance - External Server Figure 12-5Menu 24.3.2 - System Maintenance - Accounting Server Table 12-2Menu 24.3.3 System Maintenance - Accounting Server Fields Figure 12-6Examples of RADIUS Accounting Message Table 12-3Accounting Attributes Remote Management 13.1About Telnet 13.2Telnet Behind NAT 13.3Telnet Capabilities 13.3.1 Single Administrator 13.3.2 System Timeout 13.4Remote Management Through NAT 13.4.1 Procedure to Set Up NAT for Remote Management Figure 13-5Address Mapping Rule Summary Figure 13-6Apply the New NAT Set System Information and Maintenance 14.1System Status 14.1.1 WAN/LAN Status 14.1.2 DSL Port Status 14.1.3 Route Status 14.2System Information 14.2.1 Console Port Speed 14.3Log and Trace 14.3.1 Viewing Error Log 14.3.2 Syslog And Accounting 14.4Diagnostic 14.5Boot Module Commands 14.6Command Interpreter Mode 14.7Time and Date Setting Configuration & Firmware Maintenance 15.1Filenames Figure 15-1Internal and External Filenames Table 15-1Filenames Internal Filename FTP Command Example Filename 15.2Backup Configuration 15.2.1 Backup using FTP 15.2.2 Backup using TFTP 15.2.3 Backup using the Console Port 15.3Restore Configuration 15.3.1 Restore using FTP 15.3.2 Restore using TFTP 15.3.3 Restore using the Console Port 15.4Upload Firmware 15.4.1 Dual Firmware Block Structure 15.4.2 Upload Prestige Firmware using FTP 15.4.3 Example - Using the FTP command from the DOS Prompt 15.4.4 Upload Prestige Firmware using TFTP 15.4.5 Third Party TFTP Clients - General Commands 15.4.6 Upload Prestige Firmware via the Console Port 15.5Upload Prestige Configuration File 15.5.1 Upload Prestige Configuration File using FTP 15.5.2 Upload Prestige Configuration File using TFTP 15.5.3 Upload Prestige Configuration File using the Console Port Page Page IP Policy Routing 16.1Introduction 16.1.1 Benefits 16.1.2 Routing Policy 16.2IP Routing Policy Setup Figure 16-1Menu 25 - IP Routing Policy Setup Menu 25 - IP Routing Policy Setup Menu 25.1 - IP Routing Policy Summary Figure 16-2Menu 25 - IP Routing Policy Summary Table 16-1IP Routing Policy Summary Meaning Figure 16-3Menu 25.1.1 - IP Routing Policy 16.3Applying an IP Policy 16.3.1 Ethernet IP Policies 16.3.2 DSL IP Routing Policies 16.4IP Policy Routing Example Figure 16-6Example of IP Policy Routing Menu 25.1 - IP Routing Policy Figure 16-7IP Routing Policy Example Menu 25.1 - IP Routing Policy Setup Figure 16-8IP Policy Routing Figure 16-9Applying IP Policies Troubleshooting 17.1Problems Starting Up the Prestige 17.2Problems With the xDSL Port 17.3Problems with the WAN Port 17.4Problems with the LAN Interface 17.5Problems Connecting to a Remote Node or ISP 17.6General Instructions CI Commands Page Page DSL related CI Commands IP related CI Commands Page Page Ethernet Related CI Command Glossary Page Page Page Page Page Index