On-Demand Connections
2-4
PortMaster Configuration Guide
On-Demand Connections
The PortMaster establishes on-demand connections in the following way:
•
When the PortMaster receives packets going to an on-demand location that is
suspended (not currently active), it dials out to that location if a line is available.
•
If idle timers expire on a connection, the connection is brought down, freeing the
port for other uses.
•
At regular intervals, packet queues are checked for dial-out locations configured for
multiline load balancing to determine if more bandwidth is needed. If it needs more
bandwidth, the PortMaster dials out on an additional port and adds that port to the
existing interface.
•
When users dial in, they are authenticated and provided with their configured
service.
PortMaster Security Management
The PortMaster provides security through the user table, or if configured, RADIUS
security. When a dial-in user attempts to authenticate at the login prompt, or via PAP or
CHAP authentication, the PortMaster refers to the entry in the user table that
corresponds to the user. If the password entered by the user does not match, the
PortMaster denies access with an “Invalid Login” message. If no user table entry exists
for the user and port security is off, the PortMaster passes the user on to the host
defined for that port using the selected login service. In this situation, the specified host
is expected to authenticate the user.
If port security is on and the user was not found in the user table, the PortMaster
queries the RADIUS server if one has been configured. If the username is not found in
the user table, port security is on, and no RADIUS server is configured in the global
configuration of the PortMaster, access is denied with an “Invalid Login” message. If the
RADIUS server is queried and does not respond within 30 seconds (and neither does the
alternate RADIUS server), access is denied with an “Invalid Login” message.
If security is set to
off
, any username that is not found in the user table is sent to the
port’s host for authentication and login. If security is set to
on
, the user table is checked
first. If the username is not found and a RADIUS server is configured, RADIUS is
consulted. When you are using RADIUS security, you must use the
set security
S0
command to set security to
on
.
Summary of Contents for PortMaster
Page 16: ...Contents xvi Configuration Guide for PortMaster Products...
Page 26: ...Subscribing to PortMaster Mailing Lists xxvi PortMaster Configuration Guide...
Page 32: ...Basic Configuration Steps 1 6 PortMaster Configuration Guide...
Page 114: ...Configuring WAN Port Settings 6 12 PortMaster Configuration Guide...
Page 128: ...Configuring Login Users 7 14 PortMaster Configuration Guide...
Page 158: ...Restricting User Access 9 16 PortMaster Configuration Guide...
Page 168: ...Configuring Ports for Modem Use 10 10 PortMaster Configuration Guide...
Page 222: ...Frame Relay Subinterfaces 13 16 PortMaster Configuration Guide...
Page 236: ...Troubleshooting a Synchronous V 25bis Connection 14 14 PortMaster Configuration Guide...
Page 252: ...Using ISDN for On Demand Connections 15 16 PortMaster Configuration Guide...
Page 264: ...Using ISDN for Internet Connections 16 12 PortMaster Configuration Guide...
Page 276: ...Configuration Steps for Dial In Access 17 12 PortMaster Configuration Guide...
Page 286: ...Configuration Steps for Shared Device Access 18 10 PortMaster Configuration Guide...
Page 296: ...Troubleshooting a Leased Line Connection 19 10 PortMaster Configuration Guide...
Page 310: ...B 4 PortMaster Configuration Guide...
Page 352: ...Command Index Command Index 6 PortMaster Configuration Guide...