Bay Networks Nautica RADIUS Reference Manual Download Page 122 | Manualshive

Page: 122 / 130

background image

T

UTORIAL

3-56

The CLAM will now only allow calls to be made to IPX host address’ on the
IPX Networks stored in its IPX Routing table. In reality this means that
outgoing calls will only be made to anything connected to Network
00FE0691, in this case the Accounts program running on the Novell Server.

Similarly the “Configure IPX SAP Menu” will have no entries in the table
initially. However the number of IPX SAPs in this table will change on the
establishment of a successful call to the Marlin on the HQ Backbone Network.
In actual fact one other IPS SAP should be added to this table as is shown
below.

36. When a successful call is made and all the IPX Routes and SAPs have

been learned type SAVE<CR> at the Command Line prompt. The word
SAVE will disappear after a few seconds and the message “Please use the
save command” will also disappear.

«
...
120
121
122
123
124
...
»

Summary of Contents for Nautica RADIUS

Page 1: ...Issue 1 0 MAN RADIUS REF RADIUS REFERENCE MANUAL Issue 1 0 ...

Page 2: ...e readable form without the prior written permission from Bay Networks The information contained in this manual is believed to be accurate however no responsibility is assumed by Bay Networks for its use nor for any infringements of patents or other rights of third parties resulting from its use All trademarks are acknowledged 1996 Scorpion Logic Ltd A Bay Networks company ...

Page 3: ...torial This chapter gives a step by step guide to the configuration of a sample Network It covers the configuration of the RADIUS Server the Network Access Server in this case a Nautica Marlin Router a small office Network and a mobile dial in user Chapter 3 Reference All RADIUS specific management structure and forms configuration parameters and status information are described in detail in this ...

Page 4: ...MAN RADIUS REF Issue 1 0 ...

Page 5: ...nd RADIUS 2 1 RADIUS Manager Menu Map 2 2 NAS Types 2 3 Configure NAS Types 2 3 NAS Device Types 2 4 NAS Units 2 5 Configure NAS Units 2 5 NAS Name 2 6 Quality Of Service 2 9 Grade of Service 2 10 Priority Timebands 2 11 Accounts 2 13 Account Information 2 14 Path Type 2 17 Multi Link Operation PPP or Nautica Paths 2 18 Multi Link Nautica PPP 2 19 Undistinguished OEM NAS Connections to RADIUS 2 20...

Page 6: ...g of an Incoming Connection 2 41 Example Event Log of an Outgoing Connection 2 44 Chapter 3 Tutorial Nautica RADIUS Tutorial 3 1 Overview of Sample Test Network 3 2 RADIUS Configuration Tutorial 3 4 RADIUS Installation 3 5 Configuration Procedure 3 6 RADIUS Manager Configuration 3 7 1 Configuring a NAS Type 3 7 2 Configuring a NAS Unit 3 8 3 Configuring the Quality Of Service QOS Option 3 10 4 Con...

Page 7: ...CONTENTS v ...

Page 8: ...CONTENTS vi ...

Page 9: ... Quality of Service facilities for both Intranet and Internet users alike ABOUT THIS MANUAL This reference Manual describes how Nautica RADIUS is installed and configured with the Nautica family of routers It should be used in conjunction with the relevant manuals for each Nautica unit you will be using If you wish to use Nautica RADIUS in conjunction with other manufacturers products then the rel...

Page 10: ... basis These include Financial Services University Campus Software Services and large companies providing remote office home and Intranet connections for many departments All of these network systems have a common theme Remote Access for the individual user or the Remote Branch Office whether via PSTN or ISDN RADIUS BACKGROUND RADIUS consists of two functions RADIUS Authentication and RADIUS Accou...

Page 11: ...tion configuration and a single database which many NAS devices can access without the need to hold the authentication information for all dial in Accounts at the NAS these Accounts can potentially run into several thousand The use of this central repository makes RADIUS more secure and more scaleable than systems based upon many distributed points RADIUS authenticates users through a series of co...

Page 12: ...button click means press and release once double click means press and release twice in quick succession drag means press the button and hold while moving the object contacted Menu Commands Menu Commands are in the form of Menu Name Menu command e g Select Edit Undo Button Names Button Names are in the form Button Name e g Select the OK button Key Names Key Names are in small capitals ESCAPE Key C...

Page 13: ...11 Where the typed input is variable then it will be in brackets e g Type Your IP Address Handy Hints These are designed to assist you during the process either as reminders or useful tips and will be in bold italic e g Note Always Save your configuration after a change Warnings The insertion of a 1 is a caution meaning failure to follow the procedure could result in a loss of data or connections ...

Page 14: ...ated hardware platform for up to 5 000 users is as follows Minimum 486 DX2 66MHz IBM compatible PC with 12 Mb RAM Ethernet Card SVGA 800 x 600 Monitor Keyboard Mouse SOFTWARE Microsoft Windows 95 TCP IP network software A Windows 95 installation program is included with Nautica RADIUS Note The addition of Nautica MicroManager an SNMP based Network Manager to this platform could provide an addition...

Page 15: ...nd remote installations A profile of the people and sites who are using intending to use the network A profile of the data flow to those sites A list of any predefined CHAP Secrets Nautica Passwords or User Password to be used during Authentication You are now ready to commence installing and configuring your Nautica RADIUS system We have also included a TUTORIAL chapter which configures the Nauti...

Page 16: ...tton 6 Follow the instructions given in the Setup Windows and amend any settings as necessary 7 When the Setup program is complete the Nautica RADIUS Window is displayed Double click the red RADIUS_M icon in the Nautica RADIUS Window This runs the RADIUS_M program 8 When the RADIUS Manager window appears click the Minimise Button This will place the RADIUS Manager Button on the Task Bar 9 Double c...

Page 17: ...gram This provides the configuration for the NASs and Users It also generates the User database as new users are configured The RADIUS Manager is generally only used when adding new User or NAS configurations or when making changes to existing Users and NASs As such it automatically reloads information changes to the RADIUS LST file when changes are made Other Files installed are CW3215 DLL BIDS45...

Page 18: ...INTRODUCTION 1 10 ...

Page 19: ...parameter and their available options The Reference section then follows describes the Menus and options provided by the RADIUS Server program It should be noted that an Account is almost equivalent to a Path on a Nautica Router and as a result all common variables use the same name It is recommended that a Marlin or CLAM Version 3 Router Reference Manual is read in conjunction with this RADIUS Re...

Page 20: ...autica RADIUS Manager Menu Map P riority Tim ebands G rade O f Service Q uality of S ervice M ulti Link Nautica M ulti link PP P Undistinguished P ath Type IP Path IP Networking IPX P ath IPX N etwroking S ession Param eters S ervice A ccount Inform ation Rem ote Accounts Account N A S D eviceTypes Configure N AS Types NA S Types NA S Nam e C onfigure N AS U nits N AS U nits K ey G enerator R AD I...

Page 21: ... This Menu describes the NAS Types available for configuration CONFIGURE NAS TYPES NAME This is the Name of the product type e g Marlin 3000 VOICE Are Analogue ports supported on the device DATA This selects the Data Port of the device EXTENDED Does the device support Nautica Extensions to RADIUS ...

Page 22: ...table highlight it and click the EDIT button to access the NAS DEVICE TYPE menu To Add an item in the table highlight it and click the ADD button to access the NAS DEVICE TYPE menu NAS DEVICE TYPES Complete the Form for each NAS device to be Added or Edited Type Name of Unit Select any other required options ...

Page 23: ...UNITS button to access the CONFIGURE NAS UNITS menu CONFIGURE NAS UNITS NAME This is the Name you wish to call the particular unit It will usually be the same as you input into the unit but can vary if you require it to do so IP ADDRESS This is the IP Address assigned to that particular NAS Unit ...

Page 24: ... enter the NAS Type you require before proceeding NO OF PORTS This is the number of ISDN channels available on the unit To Delete NAS Units from the configuration highlight the unit and click the DEL button To Edit NAS Units on the list highlight the unit and click the EDIT button to access the NAS NAME menu To Add NAS Units to the list click the ADD button to access the NAS NAME menu NAS NAME ...

Page 25: ...th a maximum size of 31 characters Note This Secret needs to be configured directly onto the NAS For Nautica it can be found on the Config RADIUS menu 1 1Note We would recommend that the SECRET string used differs from the NAS Names used and should not easily related This information should be stored in a secure place LSU CONNECTED To be completed click the box where a Nautica 8000LSU is being use...

Page 26: ...empts to reconnect the line after the Session Lifetime has expired the full RADIUS Authentication process is performed again USAGE LIMIT This timer in Hours and Minutes specifies the amount of time an Account can access the network on a per Day Week or Month basis Type Hours Mins Note Each time a Session is started the Usage Limit is decremented by the value of the Maximum Session Lifetime When th...

Page 27: ...Of Service applies PRIORITY This will indicate either High Medium Low Note If the NAS IP Address is set at 0 0 0 0 then it is part of a NAS Cluster connected through a Nautica 8000LSU Note Resources are allocated in accordance with this level of priority i e where Contention occurs Higher priority will be given first option on any resources To Add an item to the Quality of Service click the ADD bu...

Page 28: ...E OF SERVICE menu GRADE OF SERVICE NAME Complete the Name of the Service required NAS IP ADDRESS Enter the IP Address of the NAS Enter 0 0 0 0 if the NAS is part of a Nautica 8000LSU Cluster PRIORITY Click High Medium or Low Click the EDIT button or the ADD button to access the TIMEBANDS menu ...

Page 29: ...efines the start time of access to the Grade Of Service END TIME This defines the ending time for access to this Grade of Service MAX CHANNELS The Maximum number of ISDN channels available for this Grade of Service during that time period MIN CHANNELS The Minimum number of ISDN channels reserved for this Grade of Service during that time period Note A 0 indicates no channels are reserved ...

Page 30: ...ld be greater than one for Multi Link access Note Should you configure overlapping Grades of Service for Channels by mistake Nautica RADIUS operates with the Timeband having Priority Therefore once a Timeband has been entered its conditions with respect to the Grade of Service will operate until the Timeband is ended ...

Page 31: ... ACCOUNTS INFORMATION form This is a summary of the Remote Accounts information To Edit an entry highlight it and click the EDIT button to access the relevant function To Add an entry click the ADD button To Delete an entry highlight it and click the DELETE button ...

Page 32: ...fines the Remote Access Accounts by name NAME The Name of the remote Account It must be EXACTLY the same as that configured on the device itself i e CLAM System Name LOGIN Name or User Name on a Windows 95 PC Click on the NAME field and Type the Name of your PC or CLAM ...

Page 33: ... SECRET or USER PASSWORD PASSWORD Click the window and Type The Exact Password Note When typing Passwords they must be EXACTLY the same for both NAS Client and RADIUS including Upper Lower case ADDRESS ASSIGNMENT IP Addresses can be allocated on a dynamic basis from Nautica NASs using the ADDRESS POOLING facility on Nautica This is particularly useful when there is a high level of contention from ...

Page 34: ...c Address for each incoming client ADDRESS Type Specific Address to be allocated Only IF Specific was selected CLI This provides for checking of the ISDN or Telephone Number of the incoming call using the CLI Calling Line ID in USA standard output from the local exchange Note Due to regional variations please check that this facility has been enabled and operates for each incoming call prior to se...

Page 35: ...AP security Nautica Nautica Paths Recommended for all Nautica Nautica connections Undistinguished This filed allows Nautica RADIUS to be used in conjunction with other manufacturers systems which may not fully conform to either the RADIUS standard or operate link level protocols which vary from the standard PPP PAP CHAP Note Nautica Paths are proprietary to Nautica to Nautica connections They incl...

Page 36: ...nnection time It allows data to be transmitted across the first ISDN connection whilst the additional connections are being established and has the added benefit of allowing the use of data compression and dynamic load balancing using packet fragmentation and recombination MULTI LINK PPP This operates in standard ML PPP mode RFC1717 and 1990 and allows connectivity to any other vendors device supp...

Page 37: ...i Link channels available for this path DEMAND THRESHOLD Enter the percentage Link utilisation necessary to trigger an additional ISDN connection e g Type 70 IDLE THRESHOLD Enter the percentage Link utilisation necessary to trigger the termination of each additional ISDN connection e g Type 30 THRESHOLD PERIOD Enter the sampling period in seconds that should be used in order to determine whether b...

Page 38: ...REFERENCE 2 20 ...

Page 39: ... add the attributes of the OEM product Click the EDIT button to Edit the attributes of the OEM product ATTRIBUTE NUM Enter the attribute numbers provided by the OEM manufacturer in accordance with the RADIUS published specification Click on the required option to select the formatting of this field INTEGER STRING OCTET VALUE Type The Value of the Attributes in the Specification from the OEM ...

Page 40: ...REFERENCE 2 22 IP NETWORKING There are two options for this field Enabled Disabled To Add or Edit IP NETWORKING Select ENABLED then click EDIT Click on each relevant item in order to select it ...

Page 41: ... receives RIP broadcasts Note If RIP is disabled Static routes must be set up for each connection RIP TYPE RIP 1 Sets RIP 1 as the standard routing information update protocol RIP 1 COMPATIBLE Sets routing for RIP1 compatibility on the interface with RIP 2 addressing on the network This allows non standard subnet information to be passed onto those devices that can process it RIP 2 Sets the standa...

Page 42: ...ess of the remote unit in the window IP FILTER To Add a IP Filter for a path click the ADD button Note If no entry is made in these tables the entire network will be accessible to all Authenticated connections from the particular path If only one address or filter is entered that will be the limitation of access Note Filter pairs are treated on a Forward On Match basis and are only associated with...

Page 43: ...FERENCE 2 25 IPX NETWORKING Click the required option to select either ENABLED where Netware IPX SPX is to be routed DISABLED where IPX SPX is not required To Add or Edit an IPX Path click the EDIT button ...

Page 44: ...m the particular path If only one address or filter is entered that will be the limitation of access Note Filter pairs are treated on a Forward On Match basis and are only associated with the Account they are configured on while the Session is active To Add a IPX Filter for a path click the ADD button To Edit a IPX Filter for a path click the EDIT button To Delete a IPX Filter for a path click on ...

Page 45: ...ects all RIP and SAP frames ONLY to be used for static routes Send Only Only Sends RIPs and SAPs Except where specifically filtered Needs Static Routes to be established Listen Only Only accepts RIPs and SAPs does not broadcast them remotely Needs Static Routes to be established Send Listen Broadcasts and Receives RIPs an SAPs except those filtered above This allows automatic learning of the addre...

Page 46: ...e drop down menu the Quality of Service to be applied to this Account Note Only QOS entered into to the Grade Of Service are available SESSION PARAMETERS This allows additional restrictions to be added to an individual Quality of Service for accounts Note In the case of a mis configuration of overlapping time bands these restrictions will terminate at the Earliest configured time To Edit the SESSI...

Page 47: ...for a Session while a Session is live but may have the ISDN connection dropped The Default is 1 To insert an alternative click on the window and Type Number of Channels USAGE LIMIT The amount of Time in Hours and Minutes an Account can access the network over a given period of time To insert a period click on the window and Type Time in Hours To Select the period of measurement click on the drop d...

Page 48: ...ll Start Session End Call End Session PERIODIC This category allows the accounting of leased line services on a periodic basis rather than a call basis Enter the Interval in Seconds for posting the accounts collected on a Periodic Account Note having Configured Nautica RADIUS SAVE the Configuration ...

Page 49: ...e NAS Router Consequently connections will only be vetted when the RADIUS Server is up and running The RADIUS Server portion of Nautica RADIUS consists of a two part window The top half is the Status Window the bottom half is a rolling Event Log NAUTICA RADIUS SERVER MENU MAP RA DIUS S erver S ettings Configure File E vent Log Control E vent Log Q O S Status Device S tatus Account S tatus Account ...

Page 50: ... is the configuration file of the NAS clients and users It is usually called RADIUS LST SHARED FILE This is a second configuration file of NAS client and user accounts This can be a shared file and may be located on another machine DATABASE FILE This can be selected from the following two FORMAT choices ASCII ASCII file format Optimised Reserved for future use Do not Select ...

Page 51: ...s Therefore care must be taken to ensure that access to remotely sited RADIUS systems is via a cost effective connection system LOG ACCOUNTS Select this box to log accounts to your hard disc drive ACCOUNTING FILE This details where Accounts are stored by NAMES name of Account The default Accounting File Name string is shown below ACCOUNT 3 3s s s d CSV The default string will produce a set of sequ...

Page 52: ... reboot of the server will cause the sequence to restart from 1 Text2 use a decimal point followed by a text string to indicate the file format ACCOUNT RECORD Select the required format for the output of FORMAT Account records to an external processing device or program INTERPRETED CSV The specified information fields are extracted from the event log string and presented and stored in the correct ...

Page 53: ...s Rollover every 30 mins to a new file Every 1 2 6 12 or 24 hours Rollover every n hours to a new file Midnight Rollover at midnight to a new file Sunday Midnight Rollover at midnight every Sunday to a new file Note The frequency of Account collection should be set in relation to the level of network activity the location of the Nautica RADIUS Server compared with the Account processor and the imp...

Page 54: ...ly observing access activity Click on Eventlog and select from the menu Eventlog Freeze This freezes the Event Log so that it does not print events In a heavily used RADIUS Server site Freezing the Event Log can increase performance of the Server Eventlog Run The Default is for this to be set and the Event Log to Run Eventlog Save This allows the Event Log to be saved to a file specified in the Wi...

Page 55: ...splay from the Local Database Double click the Device to refresh the selected item with information currently held in the RADIUS Client Ports Total number of ports available on the Device In Use Total Number of channels or ports for leased lines in use on the Device Res d Number of channels reserved on the NAS due to live sessions or minimum access reservation levels Free Number of Free channels ...

Page 56: ... Name NAS This is the Name of the NAS using the QOS Res d This details how many channels are Reserved for that QOS In Use Details the number of Channels in Use Mn Ch Details the Minimum number of channels allowed Max Ch Details the Maximum number of channels allowed ...

Page 57: ...gh RADIUS and is refreshed by double clicking the top line of the screen Account The Account Name NAS IP Add The NAS IP Address that is being accessed by the Account Res d Number of channels reserved when a session is idle or being spoofed InUse Number of Channels actually in use by the Account ...

Page 58: ...d by double clicking the top line of the screen Allocated time can be increased by double clicking the appropriate Account Account Account Name Time Remaining Time remaining to use the Account Next Refresh Next Time Date Account Time is refilled ACCOUNT ROLLOVER Click the Account Rollover Menu Bar to select the periodicity of the creation of the follow on file ...

Page 59: ... A record consists of a number of fields separated by commas If there is no information for a variable nothing is placed in that variables field This produces variable length records The length of the record being primarily dependant on the Record Type i e Open Close Session Start Session Stop and Periodic An example of an Account Record is shown on the next page The breakdown of the message forma...

Page 60: ...Type RADIUS Client Name Authentication Method ACC 07 31 96 10 58 22 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 CC000008 1 3 CC000008CC000009 1 1 1 0 0 0 0 0 0 01923123456 ISDN number Duration in seconds Packets Out non idle Packets In Bytes Out Bytes In User to RADIUS Client IP address requesting connection Protocol requesting connection Direction of connection Connections Channels Reserved Connection ...

Page 61: ...ed Nautica Key OK WATFORD_CLAM Passwords are OK SEC 07 31 96 10 58 22 Access Accept NAS HQ_MARLIN Account WATFORD_CLAM CLI 01923123456 t 28596 Welcome t time in sec this access is valid ACC 07 31 96 10 58 22 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 CC000008 3 0 CC0000080 1 0 This session has started ACC 07 31 9610 58 22 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 CC000008 1 3 CC000008CC000009 1 1 1 0 0 0 0...

Page 62: ... 0 0 78 55 3 2 20 The second incoming connection has finished ACC 07 31 96 11 02 27 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 CC000008 4 0 CC0000080 0 0 0 0 115 92 4 3 243 Ten minutes later the session closes The RADIUS server can optionally be configured to output the Event Log in the Interpreted Comma Separated Variables format This restricts the amount of information given but is easier to read Aga...

Page 63: ...ccount WATFORD_CLAM ACC 07 31 96 14 54 07 0 SessOpen 00000005 0 HQ_MARLIN 10 0 0 1 218 0 1 WATFORD_CLAM SEC Access Request NAS HQ_MARLIN Account WATFORD_CLAM SEC 07 31 96 14 54 09 Matched Nautica Key OK WATFORD_CLAM SEC 07 31 96 14 54 09 Access Accept NAS HQ_MARLIN Account WATFORD_CLAM CLI t 18351 ACC 07 31 96 14 54 09 0 ConnOpen 00000005 00000006 HQ_MARLIN 10 0 0 1 WATFORD_CLAM 123456 0 0 0 0 0 A...

Page 64: ...RLIN 1 000000B4 3 0 000000B40 0 0 The session has started SEC Access Request NAS HQ_MARLIN Account WATFORD_CLAM The connection is being made SEC 07 31 96 11 21 58 Matched Nautica Key OK WATFORD_CLAM Password OK SEC 07 31 96 11 21 58 Access Accept NAS HQ_MARLIN Account WATFORD_CLAM CLI t 28353 Go ahead ACC 07 31 96 11 21 58 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 000000B4 1 3 000000B4000000B5 1 1 2 2...

Page 65: ...REFERENCE 2 47 End of connection ACC 07 31 96 11 25 02 0 WATFORD_CLAM 10 0 0 1 2 HQ_MARLIN 1 000000B4 4 0 000000B40 0 0 0 0 108 107 4 4 183 The session finishes ...

Page 66: ...REFERENCE 2 48 ...

Page 67: ...orial Remote Access from a CLAM to a Nautica NAS Remote Access from a Single PC User to a Nautica NAS Outgoing Call Security via RADIUS IP Connectivity IP Filtering via RADIUS IPX Connectivity IPX Filtering via RADIUS IPX SAP Filtering via RADIUS Bandwidth on Demand Quality Of Service ...

Page 68: ...TUTORIAL 3 2 OVERVIEW OF SAMPLE TEST NETWORK The following tutorial explains how to configure both the Routers and the RADIUS Security Server associated with the Network shown below ...

Page 69: ...he other is a Sales Ledger package running on internal Network Number 12345678 The remote office LAN consists of PC s and workstations that require to connect to both the UNIX host and the Novell Accounts package on the H Q LAN The remote LAN has an IP address of 192 168 0 0 and a subnet mask of 24 255 255 255 0 Access to the H Q LAN is provided by a Nautica CLAM Router and an ISDN BRI line The IP...

Page 70: ...nager programs are already running or have ever ran in the past you may only need to amend the existing RADIUS configuration to suit your new requirements If you need to add additional NAS types NAS units Quality Of Service profiles or an Accounts then follow the relevant section in the tutorial Also included at the end of the tutorial are instructions on how to configure the Nautica Routers used ...

Page 71: ...utton 3 Click the Run option 4 Type A Setup exe in the Open box 5 Click the OK Button 6 Follow the instructions given in the Setup Windows and amend any settings as necessary 7 When the Setup program is complete the Nautica RADIUS Window is displayed Double click the red RADIUS_M icon in the Nautica RADIUS Window 8 When the RADIUS Manager window appears click the Minimise Button This will place th...

Page 72: ... e the Units IP Address 3 Before an Account can be configured the NAS Types and the NAS Units must already have been defined 4 The Quality Of Service Grades are used to control the availability of the connection 5 An Account contains parameters relating to an individual Dial In user or to a Remote Office LAN connected via Leased or Dial In circuits It is also used to allocate the security and to p...

Page 73: ...tton on the RADIUS Manager Toolbar The Configured NAS Types RADIUS clients window should appear 3 Click the ADD Button to add a new NAS Device type to the list or select an existing NAS type and click the EDIT Button to edit the configuration of the NAS Device type selected 4 Add a new NAS Device type by entering a meaningful name in the Name box Enter MARLIN in the Name Box 5 Enable or disable th...

Page 74: ...DIUS Manager Window is not already displayed on the screen click the RADIUS Manager Button on the Task Bar 2 Click the NAS units Button on the RADIUS Manager Toolbar The Configured NAS units RADIUS clients window should appear 3 Click the ADD Button to add a new NAS unit name to the list or select an existing NAS unit name and click the EDIT Button to edit the configuration of the NAS unit name se...

Page 75: ...sly 7 Alter the Number of Ports in accordance with the associated NAS Router s capabilities For this example the Number of Ports should be set to 6 as a 6 channel PRI module is installed in the Marlin located on the HQ backbone network ISDN ports only should be taken into consideration do not include any WAN ports 8 If the associated NAS Router is connected to a Nautica 8000 LSU then click the LSU...

Page 76: ...ity Of Service section in this manual 11 Click the OK Button to return you to the Configured NAS units window when you have configured the appropriate options for this NAS unit 12 Click the Save Button to save all changes made to the NAS units profiles 13 Close the Configured NAS units window by clicking the Close Button The RADIUS Manager RADIUS LST window should now be displayed 3 Configuring th...

Page 77: ...er set in the Account Users Grade of Service profile 7 To add a Timeband to the new Grade of Service profile click the Add Button If no Timebands are configured for a Grade of Service all connection requests will rejected when the particular Grade of Service is in operation 8 Set the Start Time by double clicking the Start Time Box and entering the appropriate time in 24 hour clock format Enter a ...

Page 78: ...selected Grade of Service profile by double clicking the Max per Account Box and entering the appropriate number of channels Enter a value of 2 in the Max per Account Box 13 To select which day s in the week you want this Timeband to be active click the appropriate box es under in the Days of the Week Box For this example select Monday M Tuesday T Wednesday W Thursday Th and Friday F 14 Click the ...

Page 79: ...imeband information to be added is as follows Start Time 09 00 Start Time 18 00 Start Time 00 00 End Time 18 00 End time 24 00 End Time 24 00 MaxChans 6 MaxChans 6 MaxChans 6 MinChans 0 MinChans 0 MinChans 1 Max per Acc 1 Max per Acc 2 Max per Acc 2 Days MTWThF Days MTWThF Days SaSu Once you have configured all the Timebands for the selected Grade of the Grade of Service window should be as shown ...

Page 80: ... Close the Grade of Service window by clicking the OK Button Once you have completed the Grade of Service information submit the changes by clicking the OK Button The Quality of Service window should be as shown below ...

Page 81: ...ADD Button to add a new Account profile to the list or select an existing Account and click the EDIT Button to edit the configuration of the Account Name selected 4 To allocate a new Account Name enter a meaningful name in the Name box In this instance enter the Name WATFORD_CLAM The NAS unit Name entered here must correspond exactly with the associated remote Router s Name as configured in the Ro...

Page 82: ...on parameter is set to CHAPPassword or UserPassword then the appropriate password must be entered in the Password Box In this instance enter 123 in the Password Box Do not use leading 0 s zero s when entering a value into the Account Password Box when using Nautica keys or numbers for PAP passwords The value entered in the Account Password Box must match the Outgoing PAP Password CHAP Secret or Se...

Page 83: ...ption Box is you wish to allow bridging on the line between the NAS Router and the remote Account User Do not select this option for this example 16 Select the Max Multi link ports Box and enter the maximum number of ISDN B Channels that this Account User is allowed to use while connecting to the NAS Router Enter 2 in the Max Multi link ports Box The Max Multi link value entered is the maximum num...

Page 84: ... this Account User s Path by clicking the appropriate circle In this instance select Disable We will use static IP routes on this Path 22 Select a value for the RIP Type to be used on this Account User s Path by clicking the appropriate circle In this instance select RIP1Compatible Please note that a RIP Type has to be selected even if the RIP Operation parameter is set to Disable 23 To add a Stat...

Page 85: ...he other IP address of the filter pair In this instance enter 192 168 0 0 24 for IP Address1 Mask and 10 0 0 2 32 for IP Address2 Mask Note in the above example we are only allowing those packets coming from the UNIX Host 10 0 0 2 to Network 192 168 0 0 24 to create outgoing calls on the ISDN line to the remote office The IP Filters work on a Forward on Match principle Anything that doesn t match ...

Page 86: ...it Button to the right of the IPX Networking Box This will reveal IPXPath window 32 To add a Static IPX Route which is associated with the Account Users Path click the Add Button to the right of the IPX Static Routes Table This will reveal the Remote IPX Network window Click the IPX Static Routes Add Button 33 To enter a Static IPX Route double click the IPX Network Box and enter the required IPX ...

Page 87: ...that doesn t match the Address configured in the IPX Filters Table is discarded Source and Destination IPX Network addresses on all packets entering the NAS Router on any port destined for the remote Account User are checked for a match before forwarding For more information on IPX Filtering refer to the Marlin Router Reference Manual 37 Click the OK Button to submit the IPX Filter pair The IPXPat...

Page 88: ...Filtering refer to the Marlin Router Reference Manual 40 Click the OK Button to submit the IPX SAP Filter information The IPXPath window should now be displayed 41 Select a value for RIP SAP Operation on this Account User s Path by clicking the appropriate circle In this instance select Send Only This will send SAP broadcasts to the remote Account Users Router but will not listen to any SAP broadc...

Page 89: ...re Allowed and Disallowed Select Allowed 44 To enter the Telephone number to use to dial the remote Account User if the Outgoing Call option is set to Allowed click the Tel Box and enter the appropriate ISDN number of the remote Account User For this example enter 01923123456 in the Tel Box 45 Click the down arrow on the right hand side of the Service Box The options revealed are a list of all con...

Page 90: ...er once the session has started unless there are not enough unused channels to fulfil this requirement in this instance as many channels as possible will be reserved A reservation of 1 implies that one channel will be reserved for the Account User if the line drops due to inactivity and he will automatically get connected next time he brings the line up i e he will always get a connection and shou...

Page 91: ... remote Account User is connected to the NAS Router via a Leased Line In this instance accounting of leased line services on a periodic basis should be performed rather than on a call by call basis 52 If the Accounting option is set to Periodic a value must be entered into the Intervals s Box This is done by clicking the Intervals s Box and entering the required accounting reporting period in seco...

Page 92: ...TUTORIAL 3 26 The Account Information window should now be exactly the same as that shown at the top of the next page ...

Page 93: ... Name selected 56 To allocate a new Account Name enter a meaningful name in the Name box In this instance enter the Name PPP_PC The NAS unit Name entered here must correspond exactly with Name associated with the remote PC i e the unit name or unit Id allocated to the PC when configuring the PC s PPP stack 57 Select the Inactivity Box Enter a value of 600 seconds This sets the session inactivity t...

Page 94: ...64 Click the down arrow on the right hand side of the Path Type Box The options revealed are PPP Nautica and Undistinguished Select PPP for this Account User as it is a PC using an Integral TA and a PPP stack 65 Click the Edit Button to the right of the Path Type Box This will reveal the Multi link PPP Path window 66 Leave the Bridge Unrouted Data Box blank 67 The Bridge Unrouted Data should never...

Page 95: ...IP Networking Box The options revealed are Enabled and Disabled Select Enabled 71 Click the Edit Button to the right of the IP Networking Box This will reveal IPPath window 72 Select a value for RIP Operation on this Account User s Path by clicking the appropriate circle In this instance select Disable As the roving PC User is effectively part of the main HQ backbone LAN and he is not a Router the...

Page 96: ... enter the required IP address of one of filter pair then double click the IP Address2 Mask Box and enter the required IP address of the other IP address of the filter pair In this instance enter 255 255 255 254 32 for IP Address1 Mask and 10 0 0 2 32 for IP Address2 Mask Note in the above example we are allowing any user which has been assigned an IP Address by the NAS Router done by using the va...

Page 97: ... hand side of the Outgoing Calls Box The options revealed are Allowed and Disallowed Select Disallowed 81 Leave the Outgoing Call Tel Box Blank Click the down arrow on the right hand side of the Service Box The options revealed are a list of all configured Quality of Service Profiles and one called Default For this example again select SILVER Note that we have used the same Quality of Service prof...

Page 98: ...ton to the right of the Service Box This will reveal Session Parameters window 83 Leave the Maximum Session Lifetime value at its default setting of 7200 seconds 84 Leave the Reserved Channels for the Session setting at 0 85 Leave the Usage Limit value and the hours value at their default settings of 0 00 and none respectively ...

Page 99: ...dow should now be exactly the same as that shown below 87 Click the OK Button to submit the Session Parameters The Account Information window should now be displayed 88 Set the Accounting option to Standard 89 Leave the Intervals s Box blank ...

Page 100: ...utton to submit the Account Information The Remote Accounts window should now be displayed as shown below 91 Click the Save Button to save all changes made to the Remote Account profiles 92 Click the Close Button to submit the Remote Accounts information The RADIUS Manager RADIUS LST window should now be displayed ...

Page 101: ... connection disconnection information is shown in the lower of the two windows on the RADIUS Server display The top window is used to show the current QOS Status Device Status Account Status and the Account Allocation of the RADIUS Server The information displayed in the Status window is selected by clicking the Status Option on the RADIUS Server Menu Bar and clicking on the desired option When th...

Page 102: ...t Care should be exercised as the ISDN connector socket and the Manager connector socket are both RJ45 2 Connect a VT100 terminal or a PC running a communications program in the active window if using a MACintosh or a PC running Windows Windows95 or Windows NT that emulates a VT 100 terminal via one of the cable adapters supplied to the Marlin Manager socket 3 Connect the local LAN via a suitable ...

Page 103: ...mpt The Update System Parameters form should now be displayed 10 Change the Name parameter from NoConfig to HQ_MARLIN 11 Change the IPX Routing parameter from NO to YES Note that IP Routing is YES i e enabled by Default but IPX Routing is NO i e disabled by Default 12 For security reasons it is advisable that the Unit Password be changed from the default of PASSWORD to something else Note that the...

Page 104: ...onds and the message Please use the save command will also disappear 18 Type CO PA CR at the Command Line prompt The Configure Paths Menu should now be displayed with the LAN01 Path highlighted 19 Type ED CR at the Command Line prompt The Update Path Form should now be displayed 20 Change the IPAddr Mask parameter from 1 1 1 1 to 10 0 0 1 8 21 Set the IPX Mode to 802 3 22 Change the IPX Network 80...

Page 105: ...ave command will also appear in the middle of the fifth line up from the bottom of the screen 24 Type SAVE CR at the Command Line prompt The word SAVE will disappear after a few seconds and the message Please use the save command will also disappear The Configure Paths Menu should now be exactly the same as that shown below ...

Page 106: ...7 Change the Security Server Password from null to PASSWORD This must match the entry in Authentication Box of the NAS Name window in the appropriate NAS unit 28 Change the Security Server Service Quality parameter from NO to YES 29 Change the Accounts Server IP Address from 0 0 0 0 to 10 0 0 3 30 Change the Accounts Server Password from null to PASSWORD This must match the entry in Authentication...

Page 107: ...Command Line prompt The word SAVE will disappear after a few seconds and the message Please use the save command will also disappear 38 Type CO IP CR at the Command Line prompt The Configure IP Routes Menu should now be displayed with the IP Route with Id equal to 1 highlighted 39 Type AD S CR at the Command Line prompt The Update IP Route Form should now be displayed 40 Change the IP Address para...

Page 108: ...ervice profile expires and either there is a gap in between the Timebands or the new Timeband is such that no channels are available on the NAS Router for the establishment of a Path i e they have been pinched by a higher priority user at the particular time in question or the Session Usage Limit has been exceeded or the Session Maximum Lifetime has been exceeded If the Path and Routing informatio...

Page 109: ... 50 Change the Path parameter from LAN01 to VirtualPath A Static IPX Route to the RADIUS Server has now been configured The operation described above for IP packets is now repeated but IPX Network Address are used instead of IP Address 51 Submit the changes by pressing Control E The Main Menu should now be displayed The message Please use the Save command will also appear in the middle of the fift...

Page 110: ...roadcasts the IPX Networks learned via the broadcasts will be added to the table Eventually the Configure IPX Routes Menu should now be similar to that shown below Initially the Configure IPX SAP Menu table will be empty But as the Novell Server on the HQ Backbone LAN transmits its IPX SAP broadcasts the SAPs learned via the broadcasts will be added to the table Eventually the Configure IPX SAP Me...

Page 111: ...1717 53 Type CO DEV CR at the Command Line The Device Management Menu should now be displayed with the device MARLIN highlighted Highlight the ISDN device s i e line s that the Roving User will dial in on In this Example the device ISDN PRI 54 Type ED CR at the Command Line this should now display the Update Device Form 55 Select the PPP Profile parameter Change this from Custom to Standard CHAP 5...

Page 112: ... further ISDN Devices need to be configured No other changes to the Marlin s configuration is required Note however that the number of items in the Configure IPX Route Menu the Configure Paths Menu and the Configure IP Routes Menu will change on the establishment of a successful call to the CLAM on the remote office network or to the roving PC User The following Menus shown below are produced when...

Page 113: ...TUTORIAL 3 47 Configure IPX Routes Menu Note no change to this screen from that shown previously Configure IP Routes Menu ...

Page 114: ...0000000A 1 1 1 0 0 0 0 0 0 0 01923123456 SEC Access Request NAS HQ_MARLIN Account PPP_PC SEC 08 01 96 11 35 11 Matched CHAP Password OK PPP_PC SEC 08 01 96 11 35 11 Access Accept NAS HQ_MARLIN Account PPP_PC CLI 01506876098 t 23090 ACC 08 01 96 11 35 11 0 PPP_PC 10 0 0 0 1 2 HQ_MARLIN 1 0000000B 3 0 0000000B0 0 0 ACC 08 01 96 11 35 11 0 PPP_PC 10 0 0 1 2 HQ_MARLIN 1 0000000B 1 3 0000000B0000000C 0...

Page 115: ...he CLAM 1 Place the 2 way RJ45 adapter in the LAN Manager port at the rear of the unit Care should be exercised as the ISDN connector socket the LAN Manager connector socket and the phone socket if fitted are all RJ45 2 Connect a VT100 terminal or a PC running a communications program in the active window if using a MACintosh or a PC running Windows Windows95 or Windows NT that emulates a VT 100 t...

Page 116: ...ipt The Command Line should now display Enter Command 10 Type CO SY CR at the Command Line prompt The Update System Parameters form should now be displayed 11 Change the Name parameter from NoConfig to WATFORD_CLAM 12 Change the IPX Routing parameter from NO to YES Note that IP Routing is YES i e enabled by Default but IPX Routing is NO i e disabled by Default 13 For security reasons it is advisab...

Page 117: ... PA CR at the Command Line prompt The Configure Paths Menu should now be displayed with the LAN01 Path highlighted 17 Type ED CR at the Command Line prompt The Update Path Form should now be displayed 18 Change the IPAddr Mask parameter from 1 1 1 1 to 192 168 0 1 24 19 Change the IPX NetworkEtherII parameter from 00000000 to 00DADD1E 20 Change the IPX Mode from 802 3 to EtherII if using Version 1...

Page 118: ... of the fifth line up from the bottom of the screen 22 Type SAVE CR at the Command Line prompt The word SAVE will disappear after a few seconds and the message Please use the save command will also disappear 23 Type AD N CR at the Command Line prompt An Update Path Form of Type NauticaRouter will be displayed The Name parameter will also be blank 24 Change the Name parameter from null to HQ_MARLIN...

Page 119: ...hat shown below As can be seen from Configure Paths Menu above the only Paths destinations the CLAM Router knows about is its local LAN LAN01 and the Marlin located on the HQ Backbone Network HQ_MARLIN 28 Submit the changes by pressing Control E The Main Menu should now be displayed The message Please use the Save command will also appear in the middle of the fifth line up from the bottom of the s...

Page 120: ...isplayed 32 Change the IP Address parameter from 0 0 0 0 to 10 0 0 2 32 A Static IP Route has now been configured The CLAM will now only allow calls to be made when connections to the UNIX Host i e 10 0 0 2 are requested No other outgoing calls should be attempted to any other IP Address 33 Change the Path parameter from LAN01 to HQ_MARLIN 34 Submit the changes by pressing Control E The Main Menu ...

Page 121: ...LAM s configuration is required Note however that the Configure IPX Route Menu will only have one IPX Route initially the local IPX Network assigned in the LAN01 Path However the number of IPX Routes in this table will change on the establishment of a successful call to the Marlin on the HQ Backbone Network In actual fact three other Routes should be added to this table when a call has been succes...

Page 122: ...ure IPX SAP Menu will have no entries in the table initially However the number of IPX SAPs in this table will change on the establishment of a successful call to the Marlin on the HQ Backbone Network In actual fact one other IPS SAP should be added to this table as is shown below 36 When a successful call is made and all the IPX Routes and SAPs have been learned type SAVE CR at the Command Line p...

Page 123: ...lling In this instance enter HQ_MARLIN in the Name Box 5 Click the Down Arrow to the right of the Select a modem Box A list of modems TAs configured on the PC will now appear Select the appropriate modem from the list 6 Click the Configure Button The Selected Modem Properties sheet should now be displayed 7 On the General page of the Selected Modem Properties sheet set the appropriate Port and Max...

Page 124: ...Tab The Options page should now be displayed within the Selected Modem Properties sheet 17 Select the appropriate options on Connection Control Dial Control and Status Control as required 18 Click the OK Button on the Selected Modem Properties sheet The Make New Connection form should now be displayed 19 Click the Next Button 20 Enter the appropriate Area Code Telephone Number and Country Code for...

Page 125: ...ties sheet 29 Click the OK Button on the the Selected Modem Properties sheet The HQ_MARLIN sheet should now be displayed 30 Click the Server Type Button The Server Types sheet should now appear 31 Select the options as appropriate In this example select a Dial Up server Type of PPP Windows 95 Windows NT 3 5 Internet the Log on to network advanced option and an Allowed network protocol of TCP IP Th...

Page 126: ...Settings sheet should appear 33 Select the options as appropriate In this example select Server assigned IP address Server assigned name sever addresses and Use default gateway on remote network The TCP IP Settings sheet should be the same as that displayed below ...

Page 127: ... displayed 37 Double click the HQ MARLIN icon The Connect To sheet should now appear 38 Enter the appropriate settings in the User name and Password Box In this example use a User name of PPP_PC and a Password of CHAPPC 39 Click the Save password Box 40 Check that the Phone number and the Dialing from information displayed is correct The Connect To sheet should be the same as that shown at the top...

Page 128: ...43 Click the OK Button on the Dialing Properties sheet The Connect To sheet should now be displayed 44 Click the Connect Button If everything has been setup correctly you should now be able to successfully connect to the HQ Backbone Network via the Nautica Router HQ_MARLIN ...

Page 129: ...TUTORIAL 3 63 ...

Page 130: ...TUTORIAL 3 64 ...

Reviews:

No comments

Related manuals for Nautica RADIUS

FLASH MX 2004 - FLASH LITE AUTHORING GUIDELINES FOR THE I-MODE...

Brand: MACROMEDIA Pages: 48

Brand: Omron Pages: 2

AltiContact Manager Version 5.0

Brand: Altigen Pages: 542

Brand: Billion Pages: 18

Brand: Extreme Networks Pages: 376

Brand: Avermedia Pages: 97

CLUSTER SUITE 4.7 - CLUSTER LVM ADMINISTRATORS

Brand: Red Hat Pages: 108

Vox Continental

Brand: Hollow Sun Pages: 9

K2-AVID TRANSFER MANAGER

Brand: GRASS VALLEY Pages: 2

Brand: GRASS VALLEY Pages: 2

Brand: FieldServer Pages: 8

Brand: FieldServer Pages: 19

Spectra nTier File Migrator

Brand: Spectra Logic Pages: 92

18507-051452-9325 - UPG ARCH DESKTOP 2007

Brand: Autodesk Pages: 104

BoilerNet Interface Controller II

Brand: IBC Pages: 52

Brand: QMS Pages: 50

BREEZE-FOR MEETING PRESENTERS

Brand: MACROMEDIA Pages: 96

Scarbee MM-Bass

Brand: Native Instruments Pages: 39

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands