Alcatel-Lucent 8950 AAA Скачать руководство пользователя страница 1

Страница: 1 / 476

Alcatel-Lucent

8950 AAA (Authorization, Authentication, Accounting)

User’s Guide | Release 6.0

365-360-001R6.0

ISSUE 1

DEC 2008

Содержание 8950 AAA

Страница 1: ...Alcatel Lucent 8950 AAA Authorization Authentication Accounting User s Guide Release 6 0 365 360 001R6 0 ISSUE 1 DEC 2008...

Страница 2: ...s of Alcatel Lucent All other trademarks are the property of their respective owners The information presented is subject to change without notice Alcatel Lucent assumes no responsibility for inaccura...

Страница 3: ...ew Purpose of the Server Management Tool 2 1 Starting the Server Management Tool 2 2 The Server Management Tool User Interface 2 4 3 Server Management Tool Command Set SMT menus and their commands 3 1...

Страница 4: ...ement Tool Understanding PolicyFlow the PolicyAssistant and the Policy Wizard 9 2 Installing the PolicyAssistant 9 2 Preparing to Create Your First Policy 9 3 Using the Policy Wizard 9 4 Understanding...

Страница 5: ...orts Panel 15 1 Part III Logging Tools Navigation Pane 16 Message Logging 8950 AAA Message Overview 16 1 Logging Tools 16 2 Server Log Messages 16 3 Log Channels 16 6 Log Channel Configuration Panel T...

Страница 6: ...he SMT User Files Panel 19 3 Creating an Attribute Set File 19 16 20 8950 AAA Dictionary Editor Accessing the Dictionary Editor Panel 20 1 Vendors Tab 20 2 Attributes Tab 20 4 Diameter Applications Ta...

Страница 7: ...files 23 3 Understanding Database SQL Tool 23 19 Managing Hypersonic Database Users 23 22 Part VII Other chapters 24 Server Diagnostics and Control Commands Server Diagnostics and Control 24 1 List of...

Страница 8: ...Contents v i i i 365 360 001R6 0 Issue 1 December 2008...

Страница 9: ...ur access criteria will be allowed access to a resource The 8950 AAA server provides this functionality within an extensible easy to use environment This manual introduces you to 8950 AAA through its...

Страница 10: ...on about installing 8950 AAA and general software and hardware requirements read the 8950 AAA Quick Start Guide If you are new to 8950 AAA the links below should help determine where to go first Ready...

Страница 11: ...the steps necessary to set up your 8950 AAA server clients and user profiles to process user requests for network access The manual is organized as follows Chapter 1 Introduction to 8950 AAA This sect...

Страница 12: ...scusses the process of configuring the 8950 AAA USSv2 functionality Chapter 11 Configuring 8950 AAA Operators This chapter provides information about defining administrator access to 8950 AAA It defin...

Страница 13: ...8950 AAA Data Dictionary and some of the terms that you will encounter when working with the 8950 AAA product Chapter 21 Managing files This chapter discusses 8950 AAA files and how to create and mana...

Страница 14: ...ute another value http server IP address or name where server IP address or name is the address of name of the 8950 AAA server italics Names of manuals or the first occurrence of a glossary term Refer...

Страница 15: ...pressions 2nd ed Jeffrey E F Friedl O Reilly Associates Inc July 2002 ISBN 0 59600 289 0 RADIUS Securing Public Access to Private Resources Jonathan Hassell O Reilly Associates Inc October 2002 ISBN 0...

Страница 16: ...er OR if you have not yet registered your 8950 AAA service contract contact LWS Support Channel 3 If you are evaluating 8950 AAA for purchase or need sales information or technical support but do not...

Страница 17: ...er Management Tool Command Set 3 1 Chapter 4 Managing 8950 AAA Servers 4 1 Chapter 5 Configuring 8950 AAA Client Properties 5 1 Chapter 6 Configuring 8950 AAA Realm Routing Table Properties 6 1 Chapte...

Страница 18: ...1 2 365 360 001R6 0 Issue 1 December 2008...

Страница 19: ...client might be a network access server NAS a Wi Fi access point or even a Web page 8950 AAA is a tool that promotes system integrity not only for the network server but also for the client server re...

Страница 20: ...ect to the RADIUS client A user profile contains information about a user that 8950 AAA uses to process a RADIUS request The information usually includes the user name and password and might include o...

Страница 21: ...and then returning configuration information necessary for the client to deliver service to the user The RADIUS client controls the access protocols that are used Within the protocol RADIUS Attributes...

Страница 22: ...in publicly available RADIUS servers SQL databases such as Oracle Sybase MySQL or the built in database An LDAP Lightweight Directory Access Protocol server or a server that supports LDAP queries for...

Страница 23: ...service that is a part of Windows 2000 Windows XP and Window 2003 Servers using an LDAP interface Windows SAM Windows Security Accounts Manager server that sits on top of the Windows 2000 Windows XP a...

Страница 24: ...RADIUS Terms Explained Introduction to 8950 AAA 1 6 365 360 001 R6 0 Issue 1 December 2008...

Страница 25: ...nfiguring and managing 8950 AAA servers It utilizes a graphical user interface or GUI that interfaces to the 8950 AAA server It can be used to manage all aspects of server operation The SMT also displ...

Страница 26: ...nd windows that provide the means to make server requests The following sections describe how to start the application and a basic overview of the GUI tools and commands Starting the Server Management...

Страница 27: ...aa smt Result The 8950 AAA SMT Window opens and the login panel appears as shown in Figure 2 2 Figure 2 2 SMT Login Panel 2 Enter the appropriate 8950 AAA User Name and Password Important This can be...

Страница 28: ...ect to the appropriate 8950 AAA server 5 Click Connect to connect to the mentioned host or 8950 AAA server Important Appropriate certificates are installed during the initial installation of 8950 AAA...

Страница 29: ...R6 0 Issue 1 December 2008 2 5 Figure 2 4 The SMT User Interface Default screen The main frame of the window located below the taskbar is called the Data pane The following screen shows an example of...

Страница 30: ...as tabs text fields buttons and panes Panels can be resized minimized and maximized within the SMT On the left side of the SMT window beneath the toolbar the Navigation pane lists 5 groups of configu...

Страница 31: ...tive panel Revert to Last Saved Restore changes that have been saved for active panel Reload Files Re read modified 8950 AAA files into the running 8950 AAA server Close Remove the active panel from t...

Страница 32: ...ive panel Use the Next Window command to activate and display other open panels Tile Horizontal Display a top down list of all open panels Tile Vertical Display all open panels from left to right Arra...

Страница 33: ...ns are available the name of the Policy Server Start Server Shutdown Server Restart Server Pause Server and Resume Server Show the status of the 8950 AAA Configuration server When the server is runnin...

Страница 34: ...rs asking if the changes should be saved If no panel is displayed then this option is not available Display a print panel box that provides print options for the user Reload the files in the current p...

Страница 35: ...a list of panel names categorized according to the functionality as shown in Figure 2 8 Displays System Information Displays SMT help Displays Technical Support File Packager window for gathering fil...

Страница 36: ...and each tool can be accessed by selecting the panel name The Navigation pane provides ease of use for the SMT user because it allows quick access to any of the listed panels Important Your navigatio...

Страница 37: ...erface 8950 AAA Server Management Tool Overview 365 360 001 R6 0 Issue 1 December 2008 2 13 Figure 2 9 SMT Data Pane without panels Figure 2 10 SMT Data Pane with panel SMT Log Pane SMT Data pane with...

Страница 38: ...are described in Table 2 3 SMT Server Log Pane The Server log pane appears at the bottom of the SMT user interface when you click on the Server Log tab in the screen The Server Log pane is used for d...

Страница 39: ...in the application The commands are described in Table 2 4 Table 2 4 SMT Server Pane Buttons Buttons Description Starts monitoring the Log files To pause the monitoring process Clears the SMT Server l...

Страница 40: ...The Server Management Tool User Interface 8950 AAA Server Management Tool Overview 2 16 365 360 001 R6 0 Issue 1 December 2008 E N D O F S T E P S...

Страница 41: ...sistant and lists a procedure on how to use the commands to install it The following topics are included in this chapter SMT menus and their commands SMT Menus As described in the section SMT Menu Bar...

Страница 42: ...ver select Server on the menu bar and then click Disconnect from Server As a result the GUI disappears from the screen except for the title bar and menu bar and is replaced by the 8950 AAA logo icon T...

Страница 43: ...values that were saved before any modifications were entered If the modifications have been saved then this command will not restore the fields to any previous values The Reload Files command provides...

Страница 44: ...aves the output to a PDF file created in the 8950 AAA run subdirectory The Save to Web Page HTML option saves the output to an HTML file created in the 8950 AAA run subdirectory The Print Preview opti...

Страница 45: ...mmands as well as server preferences and data pane management options To display the Edit menu select Edit on the menu bar Most of the commands on the Edit menu perform operations that are the same as...

Страница 46: ...ols display fonts font size and color schemes UI Theme Choice of color scheme used for SMT user interface appearance Use System Fonts Choose Yes to keep the default options Choose No to edit the requi...

Страница 47: ...of the main window Used for displaying messages and errors Show Tool Bar Show Pop up Tips Confirm Operations Specifies the questions that are asked throughout the SMT Confirm Server shutdown for the p...

Страница 48: ...the secure remote connections when the SMT is in Local Mode Choose No to not use the secure remote connections when SMT is in Local Mode File for Trusted Certificates Enter the filename that needs to...

Страница 49: ...various SMT panels You may select an attribute from the full dictionary attribute list labeled Attributes on the left side of the pane or enter your own attribute name in the custom attribute text bo...

Страница 50: ...s to find or find once again the word item you want to search Find The find message screen is shown in Figure 3 6 Find again Figure 3 6 Find Menu options Other Edit Menu Commands Under the Edit menu o...

Страница 51: ...Restore Windows control as shown in Figure 3 8 Figure 3 8 Panel Restore Button Clicking this control resizes the panel to its previous form Minimizing a panel converts it to an icon The Arrange Icons...

Страница 52: ...end of the table or list Clicking this button typically displays a panel to enter information Edit Edit data for an existing record Clicking this button typically displays a panel to enter informatio...

Страница 53: ...ate that data has been truncated Installing the PolicyAssistant and the Policy Flow Editor Installing PolicyAssistant You can choose to install and work on either the Policy Flow Editor or the Policy...

Страница 54: ...istant and click the Install Policy Flow button The following message appears Figure 3 11 SMT Policy Flow Installation warning message 4 Click Yes to continue Important If the Policy Flow Assistant is...

Страница 55: ...steps 2 In the PolicyAssistant panel click Install PolicyFlow to open the PolicyFlow Installation page The PolicyFlow Installation page is displayed as shown in Figure 3 10 3 Select Build Your Own Po...

Страница 56: ...and click the Install Policy Flow button A warning message as shown Figure 3 15 appears Figure 3 15 SMT Policy Flow already existing warning message 4 Click Yes to continue It will take a few seconds...

Страница 57: ...gured for your local environment and specific policy needs 8950 AAA allows the user to control the behavior of the 8950 AAA RADIUS server by setting configuration options The various configuration opt...

Страница 58: ...and clients The Server properties panel display 3 tabs as follows Policy Server Universal State Server Configuration Server Each of these tabs allow you to configure different types of interface Polic...

Страница 59: ...s of this panel Admin Interface Configuration Panel To go to the Admin Interface Configuration panel click on the Admin Interface option from the Policy Server data pane menu options on the left side...

Страница 60: ...When assigning a port to this interface make sure you do not have any conflicting services using this port Table 4 2 lists the configurable entities of this panel SSH Interface Configuration Panel To...

Страница 61: ...f this panel Table 4 3 SSH Interface Properties Configurable Properties Description SSH Address Specifies the address and port the server listens to default is 9022 and port number 0 means do not star...

Страница 62: ...to the RMI Registry Configuration panel click on the RMI Registry option from the Policy Server data pane menu options on the left side The RMI Registry Configuration panel is displayed as shown in Fi...

Страница 63: ...his panel SMT and Server Certificates Panel To go to the SMT and Server Certificates panel click on the Certificates option from the Policy Server data pane menu options on the left side The SMT and S...

Страница 64: ...Table 4 5 lists the configurable entities of this panel Lawful Intercept Properties Panel To go to the Lawful Intercept Properties panel click on the Lawful Intercept option from the Policy Server da...

Страница 65: ...rocess and receiving proper authorization from competent authorities Various countries have different rules with regards to lawful interception In the United states the law is known as CALEA in CIS co...

Страница 66: ...the SNMP clients to retrieve statistical information about request processing from the policy server through a Radius MIB If the SNMP address is set to a valid non zero address port combination the po...

Страница 67: ...2 C If enabled the policy server SNMP agent accepts version 2 C Allow SNMP Version 3 If enabled the policy server SNMP agent accepts version 3 SNMP Version 3 Engine ID This value must be globally uni...

Страница 68: ...sing this port This panel also specifies the configuration values for the built in Hypersonic database The Hypersonic database is no longer enabled by default It is only available for backward compati...

Страница 69: ...erby Severity Sets the level of the Derby messages that Derby will output to our logging system These messages are logged at the Derby log level in the AAA logging system Enable Driver Trace If enable...

Страница 70: ...this panel Radius Properties Panel To go to the RADIUS Properties panel click on the Radius Properties option from the Policy Server data pane menu options on the left side The Radius properties panel...

Страница 71: ...esses for authentication requests This value is a comma separated list of address port values If address is omitted it is assumed to be If the port is omitted it defaults to 1812 Default value is 1645...

Страница 72: ...ination of the Source IP Source Port and Packet Authenticator The default setting is true This property can be set on a per client basis in the Client properties Check Authenticators If enabled the po...

Страница 73: ...The Diameter properties panel specifies the configuration values for the Policy server when processing Diameter requests Response Cache Timeout When responding to the RADIUS requests the policy serve...

Страница 74: ...chine Timeout event as defined in RFC 3588 paragraph 5 6 during connection establishment with a remote peer As an example when an initiating peer attempts to connect to a remote peer in the Closed sta...

Страница 75: ...DICATION If Redirect Max Cache Time is less than this value the redirect indication is treated the same as a DONT CACHE Redirect Host Usage indication Default Advertised Redirect Cache Time Specifies...

Страница 76: ...e Terminal Access Controller Access Control System Plus TACACS Properties panel specifies the configuration values for the policy server TACACS service TACACS is a remote authentication protocol that...

Страница 77: ...iguration values that control how the policy server handles RADIUS attributes Place the mouse over each option to display how it is used by the server Table 4 13 lists the configurable entities of thi...

Страница 78: ...s the configuration values that control how the policy server handles RADIUS requests packets Place the mouse over each option to display how it is used by the server Table 4 14 lists the configurable...

Страница 79: ...the User Name attribute into the Base Name and Realm attributes Automatically Check Leftovers Yes or No option If enabled the policy server rejects a request if there are check items left to be check...

Страница 80: ...the configurable entities of this panel Timeout Properties Panel To go to the Timeout Properties panel click on the Timeouts option from the Policy Server data pane menu options on the left side The T...

Страница 81: ...meout Properties Panel Properties Configurable Properties Description Client Timeout Time in milliseconds to specify the amount of time the policy server will wait before it discards the requests This...

Страница 82: ...reflects the advanced configuration properties In most circumstances you will not need to change these values Default Challenge Timeout Default Challenge Timeout Duration with default timeunit in sec...

Страница 83: ...haracter set to use to encode string attributes in requests Cache Data File Specifies the file that contains the cache data when using the ReadCache and WriteCache plugins If specified the contents of...

Страница 84: ...tion option The Universal State Server properties tab is displayed as shown in Figure 4 18 Send Error Ratio Sets a simulated transmit error ratio for server When set to a non zero value RADIUS packets...

Страница 85: ...ists the configurable entities of this panel Table 4 18 Universal State Server Panel Properties Configurable Properties Description Accounting Start Timeout Specifies the time in milliseconds the Univ...

Страница 86: ...r should not appear in the values used to construct the key that is the NAS IP Address and NAS Port Session State Data File Specifies a file to store the session state information If specified the sta...

Страница 87: ...Configurable Properties Description Replication Role Specifies the role of the stateserver on this server Primary Address Specifies the host and address of the state server the embedded registry On t...

Страница 88: ...nicates with the primary state server Discovery Retries Specifies the number of times to attempt to find the primary state server Discovery Retry Time Specifies the time in milliseconds to wait betwee...

Страница 89: ...s of this panel Table 4 20 Universal State Server Replication panel Advanced tab properties Configurable Properties Description Minimum Update Threads Specifies the minimum number of worker threads pe...

Страница 90: ...that the Universal State Server counts Each attribute is either counted when an authentication packet is received or when an accounting start packet is received To specify that the attribute be counte...

Страница 91: ...he table that allows you to perform the actions specified in Table 4 21 Indices Panel To go to the Indices panel click on the Indices option from the Universal State Server panel menu options on the l...

Страница 92: ...ffects the performance and memory usage of the USS The Indices panel shows the existing Attributes in the Universal State Server in one side of the panel and allows you to select and add any of these...

Страница 93: ...2 panel properties Configurable Properties Description Replicated Server Timeout Specifies the amount of time the replication queue is kept active after a replicated server has gone down Heartbeat Ti...

Страница 94: ...Configuration Server tab in the Server Properties navigation option The Configuration Server panel is displayed as shown in Figure 4 24 Idle Ack Rate When remote ack rate per heartbeat interval drops...

Страница 95: ...anel specifies the properties used by the configuration server The configuration server is used by the Server Management Tool to configure a server from a remote location These properties are loaded e...

Страница 96: ...he address and port the server listens to default is 9021 and a port number of 0 means do not start SSH at all Registry Port Defines the port to be used when creating an RMI registry Normally an RMI r...

Страница 97: ...are included in this chapter Introduction Upon receiving a RADIUS request 8950 AAA must first determine that the request is from an authorized RADIUS client The source of the request is validated befo...

Страница 98: ...ot add entries for remote servers that will receive requests provided from the 8950 AAA server unless requests are also received directly from this remote server Using the SMT to Configure Clients Thi...

Страница 99: ...the other tabs like the Diameter Peers tab the TACACS Clients tab and the Client Classes tab to display information related to that screen The following sections in this chapter explain each of these...

Страница 100: ...tabs The Radius Client Properties tab that allows to add a record The Client Classes and Attributes tab that allows to select the required client option The Comment tab that allows to enter necessary...

Страница 101: ...ties Field Name Description Client IP Address or Host Specifies the Domain name IP Address range of IP addresses or a CIDR block of addresses Shared Secret Shared secret between Policy server and clie...

Страница 102: ...in requests Truncate Attributes at First NUL Yes or No option If enabled attributes are truncated at the first NUL found in the value If disabled the attribute values are not truncated This enables s...

Страница 103: ...tons 1 The Insert Row Wizard action button displays the Alcatel Lucent Clients dialog as displayed in Figure 5 5 Figure 5 5 The Lucent Clients Dialog Add record panel This panel allows you to select t...

Страница 104: ...u to perform the other required actions on the record s Using the Comment tab in Radius Client Properties panel The Comment tab is one of the tabs in the Radius Client Properties Panel This tab allows...

Страница 105: ...ng the Peer Properties tab to Add a record The Peer Properties tab allows you to add a record and enter information in the required fields as shown in Figure 5 7 Admin State The state of the diameter...

Страница 106: ...for the peer TLS Yes or No option Select Yes to encrypt the packets Dictionary Specifies the dictionary name to use for this client class definition Diameter Charset Specifies the default character se...

Страница 107: ...ributes from either a list of Predefined Client Class or allows you to add a Custom Client Class or allows you to select add the Attribute and value from the list 2 The other action buttons in this pa...

Страница 108: ...TACACS Client Properties tab to Add a record The TACACS Client Properties tab allows you to add a record and enter information in the required fields as shown in Figure 5 9 Shared Secret The secret k...

Страница 109: ...ties Panel This panel allows you to perform the following actions using the action buttons Insert a record Edit selected record Delete selected record Delete all records Make a copy of selected record...

Страница 110: ...Panel This tab allows you to add any comments about the TACACS Client Properties panel The Client Classes tab Client Classes tab The Client Classes tab displays information about Client Classes in di...

Страница 111: ...Properties tab is used to configure the properties of a Client Class The label on the right side indicates the value to be used if the client property is not specified These values are from the Serve...

Страница 112: ...specified is Delimiters for realm on right hand side List of characters that mean the realm is the right hand value and the user is the left hand value of the parsed user name This list should be a su...

Страница 113: ...ty is not specified These values are from the Server Properties panel Table 5 14 explains each of the fields and field descriptions that are displayed in the Protocol Specific tab Figure 5 14 The Clie...

Страница 114: ...e time specified in the corresponding timeout property If not enabled responses are not cached Response Cache Timeout When responding to RADIUS requests the Policy server can remember cache the respon...

Страница 115: ...actions using the action buttons Insert a record Edit selected record Delete selected record Delete all records Make a copy of selected record Move selected record up Move selected record down You ca...

Страница 116: ...ws you to specify an Product Family attribute and it s value Select the attribute then specify a value Use the description to help with the specifying the value Using the Comment tab in the Client Cla...

Страница 117: ...t type of the Diameter request to match Realm Route entries Once a match is found the request is routed locally proxied or redirected based on the Action in the entry Using the SMT to Configure Realm...

Страница 118: ...8950 AAA SMT Realm Routing Table panel The Realm Routing Table panel Figure 6 2 contains a menu bar that consists of a set of Action Buttons that appear at the top of the 8950 AAA Realm Routing Table...

Страница 119: ...record click on the action button The Route Entry panel is displayed as shown in Figure 6 4 This panel allows you to add a record and enter information in the required fields to the Realm Routing Tab...

Страница 120: ...he vendor specific application id for which this route entry is valid when combined with the application ID Valid values are any of the predefined from the list or a numeric value Type Specifies the t...

Страница 121: ...Configuration Server Using the SMT to retrieve files from a remote server This section describes how to configure a 8950 AAA to retrieve files from a remote server This is typically used to have one...

Страница 122: ...on panel Figure 7 2 contains two sections that consists of 2 sets of Action buttons that appear in the 8950 AAA Remote Configuration panel as shown in Figure 7 2 The action buttons that are in the top...

Страница 123: ...elected record Delete selected record Delete all records Make a copy of selected record Move selected record up Move selected record down You can perform any of the required actions using these action...

Страница 124: ...try to retrieve files for this entry Typically you would only specify one host However you can specify multiple hosts to be used to be used as fail over hosts Separate each host by a comma User Speci...

Страница 125: ...elete selected record Delete all records Make a copy of selected record Move selected record up Move selected record down Assigns a file format to the selected entry in the file table Click on this to...

Страница 126: ...Row Wizard click on the action button The File Selection Wizard panel is displayed as shown in Figure 7 9 Figure 7 8 File Entry Properties Field Name Description Remote File Specifies the name of the...

Страница 127: ...ber 2008 7 7 Figure 7 9 The File Selection Wizard panel This panel displays a list of the servers you have previously configured Select a server from the list and click Next to be able to select the R...

Страница 128: ...st of that will be added Select a file from the Remote File list and click the arrow buttons to add it to the Selected Files list You can also double click to add If the Configuration Server is not ru...

Страница 129: ...he 8950 AAA installation process If you see the PolicyAssistant in the Navigation Pane and do not see the PolicyFlow Editor then the PolicyFlow Editor is not installed The procedure for installing the...

Страница 130: ...e authorize users and deal with session accounting and information This is the second step you need to perform The top section which is the Method Dispatch section is used to determine how to route re...

Страница 131: ...played just below this section after another set of action buttons in the bottom section The PolicyFlow Files section has two action buttons as shown in Figure 8 3 Figure 8 3 PolicyFlow Editor Action...

Страница 132: ...igure 8 4 are in this section of the panel that are used to create and define the Method Dispatch properties Figure 8 4 PolicyFlow Editor Action buttons in the Method Configuration section These actio...

Страница 133: ...sections The first section that has two tabs the Method Configuration tab and the Advanced tab Both these tabs allow you to define the properties for the method configuration fields that are displayed...

Страница 134: ...igure 8 6 Method Configuration pane Advanced tabl Use the Control tab allows you to control the methods during the progress of plug in as shown in the Figure 8 6 Use the Method On Success of Control t...

Страница 135: ...e properties of the method chosen as shown in the Figure 8 7 Advanced tab allows you to specify additional properties of the some of the methods methods which have additional attributes as shown in th...

Страница 136: ...icy Flow Editor 8 8 365 360 001R6 0 Issue 1 December 2008 Figure 8 9 Method Configuration pane Success Msg tabl PolicyFlow Topics tab describes in general about the plug ins methods and the policyflow...

Страница 137: ...e requests to the PolicyFlows that are defined in the bottom section One set of action buttons as shown in Figure 8 11 are in the Method Dispatch section of the panel that are used to define the Metho...

Страница 138: ...12 This panel allows you to add or insert records to the Method Dispatch Properties Figure 8 12 PolicyFlow Editor Method Dispatch Properties panel The Method Dispatch Properties panel as shown in Figu...

Страница 139: ...d and displays the selected record details in the Method Dispatch Properties panel and allows you to change any details too if necessary and make a copy of that record 6 The Move selected record UP or...

Страница 140: ...Method Dispatch Section Using the 8950 AAA Policy Flow Editor 8 12 365 360 001R6 0 Issue 1 December 2008...

Страница 141: ...Wizard to create and access Policies The following topics are included in this chapter Understanding PolicyFlow the PolicyAssistant and the Policy Wizard 9 2 Installing the PolicyAssistant 9 2 Prepar...

Страница 142: ...o create policies and populate this table The first time you run the PolicyAssistant the table panel will not appear instead the Policy Wizard will start automatically so you can create your first pol...

Страница 143: ...is section chapter to toggle between these two functions If you elect to work with the Policy Assistant panel and take the necessary actions the Policy Assistant item is displayed in the Navigation pa...

Страница 144: ...res user profiles user source authenticates users authentication source applies access rules set session parameters and processes accounting data You must create a policy for each unique set these com...

Страница 145: ...the Policy Wizard Enter a Policy Name for this policy that is descriptive of the configuration that it represents A policy name helps you organize multiple policies Examples of good policy names migh...

Страница 146: ...t the Policy Wizard may require additional information later in the Policy Wizard The sections below provide additional information for the following supported user profile sources RADIUS User Files D...

Страница 147: ...AA technical support team Use the User Profiles panel under the Database Tools folder to manage the user profiles stored in the built in 8950 AAA database Important If you do not see the Database Tool...

Страница 148: ...e server Radius Server Proxy Use the RADIUS Server Proxy option if your users are stored in a remote server Proxy services allow a RADIUS server to forward a request received from a client to a second...

Страница 149: ...ernal Authentications Automatic Authentications EAP Authentication The actual options available in this panel are dependent on the choice you made for your user profile source Table 9 1 lists the opti...

Страница 150: ...matches with the passwords in the user request Passwords must be in Salted MD5 format MD4 Verifies the password in the user profile matches with the passwords in the user request Passwords must be in...

Страница 151: ...sed on UNIX platforms this option can be used to read users from a UNIX password style file on any platform RSA ACE Server SecurID Uses an RSA Ace Server to verify the one time password from a SecurID...

Страница 152: ...atically rejects the request Typically used to disable access for a Policy EAP Authentication EAP Authentications are typically used in conjunction with the Ethernet 802 1x standard Typical applicatio...

Страница 153: ...ation to be proxied to another server The panel describes each selection within the right pane If you choose to send accounting data to a database or proxy server the Policy Wizard helps you configure...

Страница 154: ...7 User Session and Policy Limits Panel in the Policy Wizard The User Session Limits setting sets the maximum number of concurrent sessions that a user may have The Policy Limits setting indicates the...

Страница 155: ...ed at the end of this chapter After completing these panels the Policy Wizard will display the Attributes Set for Policy panel This configuration option of the Policy Wizard enables you to assign attr...

Страница 156: ...on attributes also called check items stored in an attribute set or possibly a user s profile By including appropriate verification attributes in a policy a variety of rules can be enforced For exampl...

Страница 157: ...re commonly used as reply attributes Time Of Day Define allowed access times by day of week and or hour of day Time Of Day Wk0800 1700 Table 9 2 List of Attributes allowed in an Access Accept availabl...

Страница 158: ...trator Changing authorization checks and session provisioning can be accomplished by editing the attribute set This eliminates the need to edit numerous user profiles each time policy changes Reply Me...

Страница 159: ...ing storage for accounting data and setting session limits You should now see the Attribute Set for Policy panel as shown in Figure 9 10 Figure 9 10 Attribute Set Panel in the Policy Wizard If you do...

Страница 160: ...ing an attribute set the panel will be populated with information about the attribute set you chose Figure 9 11 Add or Edit Attribute Sets Panel 1 If you are defining a new attribute set enter a name...

Страница 161: ...those attributes that support data input entered from the keyboard Click Show All Attributes to display all attributes included in the server dictionary otherwise the list of attributes is limited to...

Страница 162: ...you can limit the session time to one hour select the Session Timeout attribute and enter 3600 in the Value field or identify a specific IP address pool from which addresses are assigned select the As...

Страница 163: ...Use the options in the Attribute Set Lookup Failure frame to define the action the PolicyAssistant should take in the event an Attribute Set cannot be found Such a failure might be caused by an error...

Страница 164: ...Lookup Failure frame 3 Click Attribute Set Name is defined in the User Profile to identify the user profile as a source for your attribute sets Use this option if your user profile source is one of t...

Страница 165: ...attribute set using the User Name attribute If the packet passes the Items to Verify checks in this case if the deactivation date is not exceeded the request is authorized and accepted 4 Click Next to...

Страница 166: ...tains four tabs that allows you to manage a selected policy Policy Selection Realm and DNIS Limits USS Settings Cisco PEAP Figure 9 16 Policy Assistant Panel Using the Policy Selection tab The Policy...

Страница 167: ...o select an attribute to the Rule and specify the value of it It also allows you to choose if the rule has to match all the conditions or just match any of the conditions and define the rule The Rule...

Страница 168: ...with the realm foo net and a user eileen gato com dials 555 1212 to connect to the network the 8950 AAA server treats the user as though they were in the foo net realm ignoring the gato com realm The...

Страница 169: ...er Access or Specific Limit If you choose Specific Limit provide the Limit Click OK The Realm or DNIS value you added will now be displayed in the main screen Figure 9 16 3 The Edit delete delete all...

Страница 170: ...r change the values of these fields appropriately and click on Save to save the changes Saving Your Policies How to save your policies This concludes the use of the PolicyAssistant to create policies...

Страница 171: ...d from the Auth Type attribute in the user s profile Tunneled EAP Defines tunneled EAP types that the PolicyAssistant can process if EAP tunneling is enabled Transports Defines password transport type...

Страница 172: ...Detect MD4 passwords EAP MS CHAP V2 Detection Automatically detect passwords stored separately from the user profile or using an external service for authentication EAP MS CHAP V2 NT password Detect N...

Страница 173: ...ords within Secure Computing SafeWord Server EAP Authentication Use information from EAP source as specified in Auth Type attribute EAP MDS Detect MDS passwords EAP TLS Detect TLS passwords EAP LEAP D...

Страница 174: ...MS CHAP Response Allow Plain Text Password MS CHAP transport MS CHAP2 Response Allow Plain Text Password MS CHAP2 transport Salted MD5 Password Allow Salted MD5 transport UNIX Linux DES Password Allo...

Страница 175: ...types by deselecting any check box that corresponds to a undesirable format type On the Authenticating Access Requests panel if you selected any option other than Allow Any of the Following then afte...

Страница 176: ...cember 2008 Figure 9 21 Advanced Authentications Options Tunneled EAP tab Options Transports tab option Click on the Transports tab and the following panel is displayed as shown in Figure 9 22 This di...

Страница 177: ...allow an attribute set name to be specified in the users profile By default this option is enabled to disable the Attribute Set name from being read from the user profile Attribute Sets click in the...

Страница 178: ...001R6 0 Issue 1 December 2008 User Profile is read first then the policy set is read If an attribute is defined in both Attribute Sets the first assignment read takes precedence That is the attribute...

Страница 179: ...within the network The Universal State Server version 2 USSv2 Configuration feature is an advanced feature of the USS feature The USSv2 is a brand new design and in many ways different from the USS fe...

Страница 180: ...o process the AAA request Use the StateServer section below to configure the types of resources you want to track Use the Replicated Server section to automatically serve a copy of the resource data i...

Страница 181: ...tons that are in the top section are used to configure State Servers The action buttons that are in the bottom section are used to configure the Replicated servers The Top set of action buttons are as...

Страница 182: ...iguration panel Figure 10 4 has two tabs the Properties tab and the Replication tab The Properties tab displays the properties of the StateServer Type that you decide to select For example if you sele...

Страница 183: ...ttom section are used to configure Replicated Servers The Top set of action buttons are as shown in Figure 10 3 and are as explained earlier Table 10 2 USSv2 StateServer Configuration Replication tab...

Страница 184: ...wn You can perform any of the required actions using these action buttons To Insert a record click on the action button The Replicated Server Configuration panel is displayed as shown in Figure 10 7 T...

Страница 185: ...ecifies the amount of time between heartbeat transmissions Heartbeat Skip Specifies the number of missing heartbeats before a connection to a replicated server is considered down Bucket Load Factor Sp...

Страница 186: ...USSv2 Configuration Configuring 8950 AAA USSv2 10 8 365 360 001R6 0 Issue 1 December 2008...

Страница 187: ...ors panel The following topics are included in this chapter Administering the 8950 AAA System Administrators for a 8950 AAA System 8950 AAA provides administrative security control over access to the...

Страница 188: ...or this user are stored in the Operators file Please refer to Operators Tab on page 5 for more information about Operators Universal State Server User This user is used for communication within the Hi...

Страница 189: ...n Figure 11 1 Figure 11 1 Navigation Pane 8950 AAA Operators option Result The 8950 AAA Operators panel is displayed as shown in Figure 11 2 Figure 11 2 Navigation Pane 8950 AAA Operators panel The 89...

Страница 190: ...server to communication internally See the tooltip for more information This specifies the Identifier like a user name used for authenticating communications between the various 8950 AAA scripts in t...

Страница 191: ...le 3 2 on page 12 In the 8950 AAA Operators Panel Figure 11 2 click on the Operators tab The 8950 AAA Operators Operators tab panel is displayed as shown in Figure 11 3 Administrator Password Indicate...

Страница 192: ...or control buttons on the top side of the panel Important Panel Control functions are described in Table 3 2 on page 12 In the 8950 AAA Operators Panel Figure 11 2 click on the SNMP V3 Users tab The 8...

Страница 193: ...e 11 4 8950 AAA Operators SNMP V3 Users tab panel 1 There are a set of action buttons on the top of this panel as shown in Figure 11 5 Figure 11 5 Action buttons panel 2 To add a record click the butt...

Страница 194: ...iption User Name The name of the user whose secret keys were used to possibly authenticate and encrypt the packet Security Transforms This indicates whether or not messages sent or received on behalf...

Страница 195: ...must specify an address and secret of the RADIUS server The RADIUS Authentication tab panel allows you to do this In the 8950 AAA Operators Panel Figure 11 2 click on the RADIUS Authentication tab The...

Страница 196: ...sed to authenticate System Operators The default is the RFC defined Authentication port on the local server 127 0 0 1 1812 Authentication Secret Specifies the shared secret used to authenticate System...

Страница 197: ...ing Operator properties 2 Enter the name for this System Operator in the User Name field 3 Enter a password in the Password field To hash a one way encryption the password click the encrypt button whi...

Страница 198: ...t No password is needed Crypt Authenticate passwords encrypted with the UNIX crypt algorithm Crypt DES Authenticate passwords encrypted with the DES algorithm Crypt MD5 Authenticate passwords encrypte...

Страница 199: ...ines the type of access this System Operator has to the objects To add an access rule perform the following steps From the Operator Properties panel Figure 11 8 on page 11 click the button that has or...

Страница 200: ...would match auth_methods and acct_methods You may also click the File Pattern button at the right of the field to select a commonly used name for the selected Access Type Select from the File Pattern...

Страница 201: ...e following field as shown in Figure 11 12 Enter a value for the Rule Pattern in the same way as described for File Pattern and Command Pattern Figure 11 12 Access Item Configuration Dialog Role Acces...

Страница 202: ...he list of rules Modifying a System Operator How to modify a System Operator The following procedure lists the steps for changing the attributes of a System Operator 1 From the Operators tab on the 89...

Страница 203: ...name Password or Authentication Type 4 Modify any rule by selecting it and double clicking on the rule or by clicking the Edit selected record action button that appears to the top of the list of acce...

Страница 204: ...Modifying a System Operator Configuring 8950 AAA Operators 11 18 365 360 001R6 0 Issue 1 December 2008...

Страница 205: ...n Simple Address Manager Panel The Simple Address Manager configures and manages the address pool It supports multiple pools Each pool in a Simple Address Manager contains a range of IP addresses Addr...

Страница 206: ...s Pool Configuration tab The Simple Address Manager panel with the Pool configuration tab selected is shown in Figure 12 4 selected A set of action buttons as shown in the Figure 12 4 are also present...

Страница 207: ...igure 12 4 This screen allows you to add records to the Address Pool Configuration Using the Pool Configuration tab to add a record The Pool Configuration panel allows you to add a record and enter in...

Страница 208: ...d Addresses tab Table 12 1 describes the different attributes properties of the leased IP address Click Refresh to update the table and Release the Selected Address to remove it from the list by sendi...

Страница 209: ...h pool Figure 12 7 Simple Address Manager Pool Statistics tab Table 12 2 describes details of the pool to which the leased IP address belongs Click Refresh to update the table E N D O F S T E P S Tabl...

Страница 210: ...Simple Address Manager Configuration Configuring Simple Address Manager 12 6 365 360 001R6 0 Issue 1 December 2008...

Страница 211: ...luded in this chapter USS Address Manager Configuration USS Address Manager Panel The USS Address Manager provides dynamic address pool management using the Universal State Server To display the USS A...

Страница 212: ...gure 13 3 are also present in the USS Address Monitor panel Figure 13 3 USS Address Manager Action Buttons These action buttons allow you to perform the following actions Insert a record Edit a record...

Страница 213: ...Manager panel click the Pool Configuration tab Click on the action button Pool Configuration panel is displayed as shown in Figure 13 2 This panel allows you to add or insert record to the Pool Confi...

Страница 214: ...of IP addresses On the Range panel click on the action button Enter Pool Range screen is displayed as shown in Figure 13 6 Figure 13 6 USS Address Manager Enter Pool Range Panell Select the required...

Страница 215: ...7 selected Figure 13 7 USS Address Manager Pool Selector Panell On the USS Address Manager panel click the Pool Selector tab Click on the action button Pool Configuration panel is displayed as shown...

Страница 216: ...USS Address Manager Pool Configuration Panell Enter the Pool Selector Name and select the required allocation scheme The pool name is displayed in the Pool Name field Click OK to add the record The re...

Страница 217: ...Collecting Navigation Pane Overview Purpose This part consolidates the chapters related to Configuration Tools in the SMT Navigation pane Contents This part includes the following chapters Chapter 14...

Страница 218: ...II 2 365 360 001R6 0 Issue 1 December 2008...

Страница 219: ...sted on the left Each group contains a list of statistics that you can enable To start the collecting select the desired group from the list on the left then enable the parts of the group you want to...

Страница 220: ...ervals for selected instances To display the Stats Collector panel use the SMT Navigation Pane and select Stats Collector under Stats Collecting as shown in Figure 14 1 Figure 14 1 Navigation Pane Sta...

Страница 221: ...nformation on Radius Acct Server and information on the variables for the Radius Acct Server Use the action buttons in the top of the right section to modify the contents of the statistical informatio...

Страница 222: ...lector information select the required entry in the desired group that you want to edit and click the Edit button The Collector Definition screen as shown in Figure 14 3 appears with the existing valu...

Страница 223: ...ies in the group Choose the required option The instance s will be disabled as selected 7 To change the interval time for the selected instance or for all the existing instances in the selected group...

Страница 224: ...Stats Collector Panel Stats Collector 14 6 365 360 001R6 0 Issue 1 December 2008...

Страница 225: ...ity to configure and generate reports from the statistical data collected by the 8950 AAA The Reports Configurator is the part of 8950 AAA that allows you to create reports for data collected by the 8...

Страница 226: ...appear at the top of the screen as shown in Figure 15 3 Figure 15 3 Configure Reports Panel Action buttons These action buttons allow you to perform the following actions Insert a record Edit selecte...

Страница 227: ...e field descriptions There are two sets of properties that you need to specify in this screen Table 15 1 Configure Reports Panel Properties Field Name Description Name The name of the Report Report Da...

Страница 228: ...ction button A confirmation dialog is displayed asking you to confirm to delete all the records Click Yes to delete all the records or click No to exit the action and come out of the dialog 6 To make...

Страница 229: ...ort in graphical format as shown in Figure 15 5 The Raw Sample Data tab shows the report in the sequenced format as shown in Figure 15 6 Figure 15 6 Report Panel Raw Sample Data tab 10 Click Run Repor...

Страница 230: ...The Configure Reports Panel Configuring Reports 15 6 365 360 001R6 0 Issue 1 December 2008...

Страница 231: ...er 2008 Part III Logging Tools Navigation Pane Overview Purpose This part consolidates the chapters related to Logging Tools in the SMT Navigation pane Contents This part includes the following chapte...

Страница 232: ...III 2 365 360 001R6 0 Issue 1 December 2008...

Страница 233: ...and writes messages for actions that occur during initial startup while running and while shutting down These messages have the basic form shown below Important The contents of log messages can be hig...

Страница 234: ...ific conditions are met These conditions may be tied to the occurrence of a small set of common request processing actions request accept request reject etc or to custom user defined conditions Log me...

Страница 235: ...following sections provide more information on the panels their components and their functionality Server Log Messages About Log Messages Select Server Log Messages from the Logging Tools section on t...

Страница 236: ...e message in the file Action buttons in the Server Log Messages section The Server Log Messages panel Figure 16 2 contains a set of Action buttons that appear in the top of the list of the server log...

Страница 237: ...ick on a selected record or select a record and click on the action button The Message Entry panel is displayed as shown in Figure 16 3 with the existing values This panel allows you to edit the conte...

Страница 238: ...n to provide a description of the channel For example LogToOracle access errors NOC Syslog Server etc Displaying Log Channel Information Select Log Channels from the Logging Tools section on the Navig...

Страница 239: ...in the list to display its configuration characteristics In Figure 16 4 there is only one item in the list The Log Channels panel contains a set of Action buttons that appear in the top of the list of...

Страница 240: ...wing the first screen of the configuration panel as shown in Figure 16 6 This screen prompts to enter the name of the Log Channel Figure 16 6 Log Channel Configuration Panel Channel name 2 Enter a Log...

Страница 241: ...Configuration Properties panel that allows you to define the properties is displayed as shown in Figure 16 8 The properties in this screen will appear as per the Output types selected in Figure 16 7 T...

Страница 242: ...of an alternate channel to use if an error is encountered while writing to this channel 8950 AAA cannot determine if a Syslog server is responding If syslog is your default output channel you might wi...

Страница 243: ...llowing message 2003 01 21 13 45 30 870 nr setup 8950 AAA Starting server initialization Format Area This checkbox controls whether 8950 AAA includes the log area in the log message The log area is th...

Страница 244: ...n MEDIUM Include a full description about the exception LONG Include a full description about the exception with a JAVA stacktrace Format Unchecked Exceptions Unchecked exception Error conditions for...

Страница 245: ...ure 16 9 Log Channel Configuration Panel Default and Error Channel Processing 5 You can choose to specify that this channel is the default channel The default channel is used when logging messages and...

Страница 246: ...uration is complete 7 Click Back to modify any values or Finish to return to the Log Channels panel 8 Click Save to store your channel configurations to the server Click Close to remove the panel Log...

Страница 247: ...this section shows the Properties and Advanced tab for each log channel destination output type with descriptions of each field Exec The Exec destination executes an external process Log data is writ...

Страница 248: ...ll continue to write to the same file There is an option to delete the contents of the file each time 8950 AAA is started The properties tab for this destination type is shown in Figure 16 12 Table 16...

Страница 249: ...with Size Based File Switching The 8950 AAA writes the log messages to a file 8950 AAA switches the log file it writes when a user specified file size is reached The contents of the 8950 AAA log file...

Страница 250: ...e prefix beginning portion of the log file name Important For more information please see Notes on the Naming of Time Based Files on page 21 Suffix Specifies the suffix ending portion of the log file...

Страница 251: ...his format with examples Naming of Size based files Format Using the example above suppose the file nractive log the currently open file is named If this file is switched January 1 2006 at noon then t...

Страница 252: ...terval There are 5 options for this field HOURLY The file is switched every hour The timestamp portion is in format yyyyMMddHH DAILY The file is switched every day The timestamp portion is in format y...

Страница 253: ...g URL http java sun com j2se 1 4 2 docs api java text SimpleDateFormat html HLR OmLog The HlrOmlog Channel cause the 8950 AAA server to inject log messages into the OMLOG subsystem This channel is a t...

Страница 254: ...to more than one output This can be used instead of using multiple channels with log rules The log message is sent to all listed channels The properties tab for this destination type is shown in Figur...

Страница 255: ...og messages to an SNMP version 1 management system The messages are sent as SNMP Traps The Properties tab is shown in Figure 16 18 The Advanced tab is shown in Figure 16 19 Table 16 10 Multiple Log Ou...

Страница 256: ...eration The operation to be performed Timeout Amount of time to wait for the response after which you can retry Retry The number of time you can retry SNMP V3 User Name The SNMP V3 user name SNMP V3 S...

Страница 257: ...le 16 12 Server Address Defines the host IP of the SNMP management system The Server Address is in format host port Example 127 0 0 1 162 Table 16 12 SNMP Trap Advanced tab fields Field Description Cl...

Страница 258: ...Important The use of the Database channel and the following discussion assumes you are familiar with SQL and general database issues have an SQL compliant database running on an assessable system and...

Страница 259: ...lumn Sequence value typically not used unless identity type columns are used in your database This is an optional field the data type is long Timestamp Column Column time that the log action occurred...

Страница 260: ...ges are actually received by the syslog server or if errors occur while the syslog server is processing the log messages Because of this the log channel defined in the On Error will only be used for e...

Страница 261: ...lds Field Name Description Server Address Defines the host IP of the syslog server The Server Address is in format host port Example 192 168 1 4 514 The default is 127 0 0 1 514 A Syslog server runnin...

Страница 262: ...OR and higher will be sent to the Syslog server The default is INFO Process Name Defines the application name of the messages sent to the syslog server Example 8950 AAA The default is NR Format Host N...

Страница 263: ...message The Trash destination is typically used for excluding certain log output by temporarily dropping output that results from a Log Rule For more information please refer to Log Rules on page 32 T...

Страница 264: ...ted wildcard pattern see note below used to indicate a program area 8950 AAA is divided into several program areas Each 8950 AAA program area performs a specific function For example accessing externa...

Страница 265: ...m Log Rules determine the Log Channel that is the destination of the log message Important The asterisk provides limited wildcard matching capabilities for Log Area and RADIUS Request Expressions It m...

Страница 266: ...ce cannot be selected when the 8950 AAA server is not running Startup Log Rules A set of Log Rules that are loaded automatically whenever 8950 AAA starts Other Log Rule set files Other sets of Log Rul...

Страница 267: ...27 This screen assists you in creating or editing a Log Rule Table 16 17 Parts of a Log Rule Log Rule Field Description Area 8950 AAA server program area for which this log rule is used Request Indic...

Страница 268: ...950 AAA Log Area to which this rule will apply Pick one of the following three options Match All Areas If selected this rule will apply in all 8950 AAA Log Areas Predefined Server Log Area Groups Prog...

Страница 269: ...in Radius with Expression Only those RADIUS requests that match the limited wildcard expression will be considered for logging Further logging will only occur at those times when the expression is va...

Страница 270: ...0 Log Rule Configuration Wizard Log Level Select a log level that will determine messages to be sent Only messages logged at this or a more severe level will be output Important Log Level Blither is t...

Страница 271: ...Expression Pattern Match indicates that only messages that contain the entered pattern are logged Important The following examples show Regular Expressions San Francisco abc def i The first example us...

Страница 272: ...finds a Log Rule that matches all of its criteria Log Area Expressions Log Level etc After a matching rule has been executed and the log messages have been sent to the appropriate Log Channels no addi...

Страница 273: ...r more items may be selected from the list as follows 16 When done click Next Result The Log Rule Configuration Summary panel appears as shown in Figure 16 34 Table 16 18 Log Channel Selection To sele...

Страница 274: ...isted in the Log Rule Set Display as shown in the example in Figure 16 35 Figure 16 35 Log Rule Configuration New Log Rule Reordering Log Rules Use the reorder buttons to arrange the order of the Log...

Страница 275: ...ules Click the Save As Startup Rules button to preserve the current set of Log Rules Click the Save As button to write the current set of Log Rules to a new file Click the Make Rule Set Active button...

Страница 276: ...Log Rules Message Logging 16 44 365 360 001R6 0 Issue 1 December 2008...

Страница 277: ...ing Tools Navigation Pane Overview Purpose This part consolidates the chapters related to Monitoring Tools in the SMT Navigation pane Contents This part includes the following chapters Chapter 17 Serv...

Страница 278: ...IV 2 365 360 001R6 0 Issue 1 December 2008...

Страница 279: ...ver Statistics There are two panels that are used for viewing activity of the 8950 AAA Server They are located under the SMT Navigation Area under Monitoring Tools They are The Server Statistics Panel...

Страница 280: ...sponses from the 8950 AAA server Requests and responses to 8950 AAA from other servers State Server USS activity PolicyFlow program execution To display the Server Statistics panel use the SMT Navigat...

Страница 281: ...essed Memory Usage on page 10 Amount of memory used by 8950 AAA and the Java Virtual Machine JVM Proxy Authentication on page 12 Counts percentages based on request status for Access Requests forwarde...

Страница 282: ...s As shown in Figure 17 3 authentication requests are categorized according to status or disposition Figure 17 3 Server Statistics Authentication Requests This screen displays two groups of columns la...

Страница 283: ...sents the average number of requests per second since the last server reset Table 17 3 Interval Values Column Description Requests Current value of the counter Ratio of count to total number of reques...

Страница 284: ...isplays a columnar information and a performance monitor graph organized in the same manner as the Authentication Request screen Duplicate The number of Access Request packets that matched another req...

Страница 285: ...t type 4 Responses The number of Accounting Acknowledgment packets sent Packet type 5 Dropped The number of Accounting Request packets that were dropped no response was sent Duplicate The number of Ac...

Страница 286: ...h in an organized manner Figure 17 5 Server Statistics Packet Statistics There are two columns The Total column displays count and time statistics for all requests and responses processed since the se...

Страница 287: ...onitoring diameter statistics It displays a columnar information and a performance monitor graph Figure 17 6 Server Statistics Diameter Statistics There are two columns Total and Interval which keeps...

Страница 288: ...Figure 17 7 shows the screen Table 17 7 Diameter Items Tabulated Items Diameter Item Description Requests In Number of request received by the diameter server Requests Out Number of requests sent by t...

Страница 289: ...nterval The screen also displays a graph showing the amount of memory usage vertical scale over time in update intervals horizontal scale The monitor can show total JVM memory size and the amount of m...

Страница 290: ...alues as follows The Total columns display statistics about all packet types received by other servers The Interval columns display disposition statistics for requests received during the last update...

Страница 291: ...an Access Reject Packet Type 3 being returned to the RADIUS client Dropped Access Request packets that resulted in the original request being dropped no response was sent to the client Timeouts Access...

Страница 292: ...l The columns are used in the same way as with authentication requests Categories of proxy accounting requests are described in Table 17 9 Table 17 9 Categories of Proxy Accounting requests Category D...

Страница 293: ...ta is expressed both in tabular form and through performance monitors one for proxy authentication requests and one for proxy accounting requests The screen contains two columns as follows Pending Req...

Страница 294: ...s or graphs that display the number of packet samples horizontal scale against wait time in seconds vertical scale Proxy Roundtrip Times This screen is used to track the time required for proxy authen...

Страница 295: ...stem initialization Interval Change Total time spent waiting for responses to proxy authentication and proxy accounting requests since the last interval update Each column contains an entry for proxy...

Страница 296: ...RADIUS requests that pertain to the particular port and client The performance monitor displays graphical data for monitoring up to three types of sessions Active Sessions Sessions that are currently...

Страница 297: ...described in Table 17 10 Requests The State Server Requests window is shown in the Figure 17 14 Table 17 10 State Server Sessions Tab properties Column Name Description Total Total number of sessions...

Страница 298: ...are described in Table 17 11 Replication The Replication screen displays the status of replicated sessions Table 17 11 State Server Request Tab properties Request Types Description Total Requests Amou...

Страница 299: ...ssions since the last interval update The categories of replication are described in the Table 17 12 The performance monitor displays the number of samples horizontal scale per count vertical scale Ta...

Страница 300: ...s the state change which occurred in the last interval Every session consists of three basic stages Active State Inactive State or Waiting for Start Figure 17 16 Server Statistics State Changes State...

Страница 301: ...e ability to monitor the methods that are called during PolicyFlow processing Methods are monitored in four ways as shown in Table 17 13 Table 17 13 Types of Methods Measurement Description Processing...

Страница 302: ...med in the Method Next control property Fail Method failed to complete its task and execution passed to the method if any named in the Method On Fail control property Error Method encountered an error...

Страница 303: ...nt One method invocation can produce entries in more than one column For example a method that results in a Time out also counts as an Error as well as being counted in the Total column The following...

Страница 304: ...0 001R6 0 Issue 1 December 2008 Methods auto Figure 17 18 Server Statistics Methods auto Methods aaa Figure 17 19 Server Statistics Methods aaa Screens that Monitor Internal Server Processing This sec...

Страница 305: ...code segment that can be executed simultaneously with other threads At any given time the 8950 AAA server executes multiple threads The Server Threads screen Figure 17 21 displays information about t...

Страница 306: ...Counters Indices Panel The Ports Counters panel monitors three properties of the 8950 AAA Universal State Server USS sessions counters and indices Table 17 16 Server Treads Attribute Description Name...

Страница 307: ...ons Counters Indices panel use the SMT Navigation Pane to select Sessions Counters Indices under Monitoring Tools as shown in Figure 17 22 Figure 17 22 Navigation Pane Sessions Counters Indices The Se...

Страница 308: ...in the Table 17 18 The Indices tab is shown in Figure 17 24 It displays a list of indices with which the USS has active sessions Select the index from the list and click Get Values to display the corr...

Страница 309: ...tors the address statistics of 8950 AAA Universal State Server USS The USS addresses are created and maintained by the USS The Address Pool is configured using the USS Address Manager panel USS Addres...

Страница 310: ...te Description Pool Name Name of the Pool Active State of the pool active or not Total Total addresses in the pool Free Number of free addresses in the pool Used Number of used addresses in the pool H...

Страница 311: ...t you will encounter when working with the 8950 AAA product The following topics are included in this chapter 8950 AAA LiveAdministrator 18 2 Accessing the LiveAdministrator Panel 18 2 General Info 18...

Страница 312: ...lay of server settings Modification of server settings Display server statistics Display and modify some stored data Pause and resume server operations Control logging operations Capture server settin...

Страница 313: ...nect to the Policy server Configuration server or to any other port Click the Disconnect button to disconnect from the server s or port General Info About General Information Select General Info optio...

Страница 314: ...se Information option to display the License information work area as shown in Figure 18 3 Version The Version number of 8950 AAA Server Management Tool SMT Host Name of host system Running Since Time...

Страница 315: ...veAdministrator panel Click the Connect button to connect to the Policy server Configuration server or to any other port Click the Disconnect button to disconnect from the server s or port System Info...

Страница 316: ...to memory Open a text file and paste the clipboard contents into the text file There are three buttons in the bottom of the panel Click the Close button to remove the LiveAdministrator panel Click the...

Страница 317: ...ick the Update Java Memory Stats button to refresh the displayed information Important Garbage collection is automatically managed by the Java Virtual Machine JVM You should normally not need to run g...

Страница 318: ...e read and cached at server initialization or when the file is first referenced If an open file has been modified it must be reloaded before 8950 AAA will see the changes Click the Reload button to up...

Страница 319: ...nnot execute shell scripts PERL scripts DOS batch files and so on However the LiveAdministrator panel is unable to determine the contents of a file from its name Therefore when you tell the LiveAdmini...

Страница 320: ...text file Properties About Properties Select Properties to display the corresponding work areas shown in Figure 18 8 This work area displays a list of server properties presently in effect and their...

Страница 321: ...the Edit button A dialog box appears in which modifications can be made To remove the selected entry click Remove button Important Decide carefully about removing an entry There is no confirmation re...

Страница 322: ...entry to the cache click the Add button To remove the selected entry click the Remove button To update the list of cache entries click the Refresh button Important Adding cache entries will only affec...

Страница 323: ...lows you to set the Activity State as required To set the Activity State to Down click the Set Down button To set the Activity State to Auto click the Set Auto button To set the Activity State to Up c...

Страница 324: ...ndow as shown in Figure 18 12 To display the Admin Commands window click the that is on the right side of the text field The Admin commands window is displayed as shown in Figure 18 12 After selecting...

Страница 325: ...of Figure 18 11 The Clear button removes all information from the text area window The History button displays a pop up window Figure 18 13 containing commands that have been entered through this int...

Страница 326: ...Advanced Using LiveAdministrator 18 16 365 360 001R6 0 Issue 1 December 2008...

Страница 327: ...nsolidates the chapters related to File Tools in the SMT Navigation pane Contents This part includes the following chapters Chapter 19 Creating and Managing User Profiles with Files 19 1 Chapter 20 89...

Страница 328: ...V 2 365 360 001R6 0 Issue 1 December 2008...

Страница 329: ...s usually done with Attribute Sets The information used in 8950 AAA for authentication and authorization may come from a single source or may contain data collected from several sources combined toget...

Страница 330: ...rofiles with user names as the index key are commonly referred to as user profiles while entries indexed by some other attribute are often referred to as attributes sets In 8950 AAA all user files are...

Страница 331: ...ser Files Panel The SMT User Files panel allows you to access and create user files and to create and maintain profiles for individual users The following steps illustrate how to create and edit user...

Страница 332: ...mply User Files and no file name is listed when the User Files panel is first opened no user file is loaded 2 If you have defined a user file using the PolicyAssistant then that file will be listed Cl...

Страница 333: ...all files in the run directory click the drop list at the top of the box and select All Files as illustrated in Figure 19 5 If you have standard RADIUS formatted user files that you have created using...

Страница 334: ...ppears as shown in Figure 19 7 Figure 19 7 New User Profile Dialog 2 Enter the User Name for this profile You must enter the user s name exactly as the user will enter it when logging on to your netwo...

Страница 335: ...esulting hashes match then the two passwords must have been the same Note that use of hashed passwords in a user s profile requires the use of the PAP Password Authentication Protocol in the PPP sessi...

Страница 336: ...ided for backwards compatibility with user files imported from older RADIUS servers If you set password hashing in Step 4 above the Authentication Type is preset for you do not change it Important Set...

Страница 337: ...ser Profiles with Files 365 360 001R6 0 Issue 1 December 2008 19 9 Figure 19 10 User Files List of User Names 3 Double click the user name that corresponds to the desired User Profile Result The User...

Страница 338: ...ides a list of attributes that you can use for all users using the same policy For example if all your users must dial the same access number you must enter the Called Station Id attribute in all your...

Страница 339: ...the format used by your local telephone company to send the information to your NAS The Description field which is below the Value field provides guidelines on the format for those attributes that su...

Страница 340: ...ecessary If you use the PolicyAssistant to create policies you can assign an attribute set that can provide the same functionality as reply attributes If a conflict occurs the attributes in the user s...

Страница 341: ...eply attributes for this user as depicted in Figure 19 14 Figure 19 14 User Profile Items Sent back to NAS 2 Click Insert a record to open the Attribute Properties dialog as shown in Figure 19 15 Figu...

Страница 342: ...keyboard Select the Show All Attributes checkbox to display all attributes included within the dictionary selected in the server profile Important To change the attributes that appear in this list se...

Страница 343: ...the session is limited in length to one hour Click OK to close this dialog and return to the User Files panel Figure 19 17 User Profile Panel with selected user profile Saving Changes to the User Pro...

Страница 344: ...r Files panel appears as depicted in Figure 19 18 Figure 19 18 SMT Navigation Pane and an empty User Files panel Note that the panel title is simply User Files and no file name is listed when the User...

Страница 345: ...ollowing topics are included in this chapter Accessing the Dictionary Editor Panel About accessing the Dictionary Editor Using the SMT select Dictionary Editor under File Tools from within the Navigat...

Страница 346: ...r Applications of 8950 AAA By default the details of the Vendors tab is displayed when the Dictionary Editor panel is opened The Dictionary Editor panel contains 3 tabs as follows Vendors Attributes D...

Страница 347: ...s tab panel as shown in Figure 20 2 The Vendors tab action buttons are as shown in Figure 20 3 Figure 20 3 Vendors tab Action buttons These action buttons allow you to perform the following actions In...

Страница 348: ...in the dictionary 3 The Delete selected record action button allows you to delete the selected vendor information 4 The Delete all records action button allows you to delete all the vendor records 5...

Страница 349: ...op of the 8950 AAA Dictionary Editor s Attributes tab panel as shown in Figure 20 5 The Attributes tab action buttons are as shown in Figure 20 6 Table 20 2 Dictionary Editor Attributes tab properties...

Страница 350: ...b Action buttons These action buttons allow you to perform the following actions Insert a record Edit selected record Delete selected record Delete all records Make a copy of selected record Move sele...

Страница 351: ...lues Overrides Aliases and Subattributes The Attribute tab is the default tab Table 20 2 explains the attributes of the Attribute panel Table 20 3 Dictionary Editor Attributes of Attributes tab Attrib...

Страница 352: ...nd allows you to edit the attribute information in the dictionary 3 The Delete selected record action button allows you to delete the selected attribute information 4 The Delete all records action but...

Страница 353: ...Diameter Applications tab click on the Diameter Applications tab in the Dictionary Editor panel The details about the Diameter Applications dialog or panel is displayed as shown in Figure 20 8 Figure...

Страница 354: ...actions Insert a record Edit selected record Delete selected record Delete all records Make a copy of selected record Move selected record up Move selected record down You can perform any of the requ...

Страница 355: ...cted record action button allows you to delete the selected application information 4 The Delete all records action button allows you to delete all the application information 5 The Make a copy of the...

Страница 356: ...Diameter Applications Tab 8950 AAA Dictionary Editor 20 12 365 360 001R6 0 Issue 1 December 2008...

Страница 357: ...ile Manager panel enables the user to perform a variety of operations on 8950 AAA files These operations include Create a new file Copy the contents of an existing file to a new file Edit the contents...

Страница 358: ...Pane File Manager Viewing File Attributes and File Content As shown in Figure 21 1 the File Manager panel displays the following attributes of a file Filename File size Date last modified NR Access Le...

Страница 359: ...ame File Description acct_methods The PolicyFlow to be executed for processing accounting requests You may also use the PolicyFlow editor in the SMT to manage this data auth pf The PolicyFlow to be ex...

Страница 360: ...operations A GUI editor is available in the SMT for managing this data You may also use the Log rule in SMT to manage this data method_dispatch Selects the initial method invoked for a RADIUS request...

Страница 361: ...may not be used at your location A GUI editor is available in the SMT for managing this data You may also use the User File Editor in the SMT to manage this data users templates Templates Attribute se...

Страница 362: ...r panel showing the contents of the selected file The file contents may be modified Click Open As to edit a file A pop up list appears with three editing selections asking the user how to edit the sel...

Страница 363: ...erty file which opens the file in a Property File Editor panel This GUI editor displays a set of properties and values Selecting a value and clicking the edit button or double clicking the property na...

Страница 364: ...le which opens the file in a User File panel This editor option opens a file as a user file and uses the 8950 AAA SMT User Files GUI editor to edit the file An example is shown in Figure 21 6 Figure 2...

Страница 365: ...Select a file you want to be renamed from the File Manager Panel Figure 21 1 and click Rename to name or change the name of an existing file The Rename File dialog appears Figure 21 8 requesting the n...

Страница 366: ...he user to use or perform the Tail action similar to the UNIX tail option on the 8950 AAA files When you perform the tail option on a selected file the standard output is put in this selected file at...

Страница 367: ...en an existing file from the list of 8950 AAA files 2 To open existing file s click Open Result The Configuration File List dialog is displayed as shown in Figure 21 12 Figure 21 12 Configuration File...

Страница 368: ...iles 21 12 365 360 001R6 0 Issue 1 December 2008 Figure 21 13 Tail Panel with opened file 4 You can Start or Stop Pause Clear or Close the tail Select the desired option 5 Select Close to close the ta...

Страница 369: ...all the root certificates as a trusted certificate authorities The following topics are included in this chapter Types of Certificates About Types of certificates The aaa cert tool generates three typ...

Страница 370: ...ent Client certificates are used by clients to authenticate themselves to 8950 AAA Client certificates are signed by a root certificate In order to sign the server certificate aaa cert needs access to...

Страница 371: ...le Content As shown in Figure 22 2 the Certificate File Manager panel displays the following attributes of a file File Name File Size Date last modified NR Access Level Figure 22 2 File Manager Panel...

Страница 372: ...asking the user how to edit the selected file The editing methods are Plain text file which opens the file in a Configuration File Editor panel This option provides a simple text editing window simil...

Страница 373: ...File Property file which opens the file in a Property File Editor panel This GUI editor displays a set of properties and values Selecting a value and clicking the edit button or double clicking the p...

Страница 374: ...ile User file which opens the file in a User File panel This editor option opens a file as a user file and uses the 8950 AAA SMT User Files GUI editor to edit the file An example is shown in Figure 22...

Страница 375: ...le you want to be renamed from the File Manager Panel Figure 22 2 and click Rename to name or change the name of an existing file The Rename File dialog appears Figure 22 8 requesting the new name of...

Страница 376: ...cate before you can create server or client certificates You only need to create one root certificate for your site If your application uses protocols such as EAP TTLS EAP PEAP etc you will need a Roo...

Страница 377: ...to validate certificates signed by this root Server Certificate Generates a key pair and a server certificate which can be used to identify a server The server certificate must be signed by a root ce...

Страница 378: ...to create a Certificate file in the 8950 AAA run directory Result The New Certificate dialog appears as shown in Figure 22 10 Table 22 3 Certificate Manager Types of Certificate Additional Properties...

Страница 379: ...Certificate Type Subject and Duration 3 Use this screen to specify the subject information about the certificate The fields Common Name and the Country are mandatory fields Also specify the length of...

Страница 380: ...gure 22 12 Figure 22 12 Root Certificate Type Certificate Complete 5 Click Finish to go back to the File Manager panel as shown in Figure 22 2 Creating a New File for the Server and Client Certificate...

Страница 381: ...ificate The fields Common Name and the Country are mandatory fields Also specify the length of time the certificate is valid and specify the advanced properties of the certificate Click Next Result Th...

Страница 382: ...fy the certificate files and passwords For the Root file and password enter the file name and password you specified when creating the root certificate Click Next Result The Server or Client Certifica...

Страница 383: ...l use its root certificate to sign the server certificate The certificate request contains extensions suitable for server authentication 1 Click the Create Certificate action button Result The New Cer...

Страница 384: ...Password dialog 4 Specify the password to use to encrypt the certificate request Optionally specify a file name to save the private key Click Next Result The Certificate Request Complete dialog is di...

Страница 385: ...ificate File is displayed as shown in Figure 22 20 Figure 22 20 View Existing Certificate Certificate File 3 Specify the name of the file of the certificate that you want to view The file must exist i...

Страница 386: ...ot Certificate and click Next 3 Enter a Common Name for your Root certificate for example MyRootCert 4 Enter your country if it is other than the US 5 Add any additional information and click Next 6 E...

Страница 387: ...certificate private key Important Record the password in a safe place You will need it to generate server and client certificates 10 Click Next 11 Enter the name of the root certificate file See Gener...

Страница 388: ...ficate authority and the encrypted private key matching the public key in the root certificate A password is used to encrypt the private key and protect it from public access Root certificates are sig...

Страница 389: ...t any prompt to exit the setup program Using Java version Java TM 2 Runtime Environment Standard Edition Sun Microsystems Inc Version 1 5 0 From C Program Files Java j2re1 5 0 8950AAA PolicyAssistant...

Страница 390: ...t_properties Copying File readme txt Copying File users Copying File users templates Copying File uss_counters Updating Server Properties Updating Security Properties Updating SMT Properties Setting U...

Страница 391: ...olicy PolicyName MyPolicy User Source UserFile Default AuthType EAP TLS Asserted Auth Type FALSE Connection Limit 1 Policy Limit 1 User Limit Scope Policy UserFileName users Proxy Acct Enabled FALSE U...

Страница 392: ...hallenge after 1953 ms Message Authenticator 60B6D929DFE86EE6C1BA69C0F267EFD9 State 1 Session Timeout 180 EAP Message Request EAP TLS 2 flags 20 S Sending a 0 byte message to the EAP TLS client Receiv...

Страница 393: ...T_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA compression_methods NULL Xmit Access Request User Name steve NAS IP Address 12...

Страница 394: ...2844835F197242365A832C2F5D4B7060E46C55C B session_id 4617932DD7F525296FCADC70844DD701 cipher_suite TLS_RSA_WITH_3DES_EDE_CBC_SHA compression_method NULL Certificate CertificateRequest ServerHelloDone...

Страница 395: ...ms Message Authenticator 136C3CE06532EB5D3787339DADEB32DC State 5 Session Timeout 180 EAP Message Request EAP TLS 6 flags 80 L msg length 51frag length 51 Sending a 51 byte message to the EAP TLS cli...

Страница 396: ...age Success 6 requests 6 access request 6 with State 5 without State 1 accounting request 0 other request 0 replies 6 access accept 1 with state 0 without state 1 access reject 0 access challenge 5 wi...

Страница 397: ...613F55C951DB46E298647818E8771E04392FEA91E62337C6315332A36C484 F6 2874 engine worker 9 Reply attribute dump Service Type Framed User Framed Protocol PPP Framed IP Address 192 168 10 6 Framed IP Netmask...

Страница 398: ...How to Configure for a TLS Demo Out of the Box 8950 AAA Certificate Manager 22 30 365 360 001R6 0 Issue 1 December 2008 E N D O F S T E P S...

Страница 399: ...Tools Navigation Pane Overview Purpose This part consolidates the chapter s related to Database Tools in the SMT Navigation pane Contents This part includes the following chapter s Chapter 23 Creating...

Страница 400: ...VI 2 365 360 001R6 0 Issue 1 December 2008...

Страница 401: ...n applies ONLY to the built in database If you are using a third party database consult the vendor s documentation about creating a database administrative user The built in database like any other da...

Страница 402: ...into the Database To launch the Database Tools click the Database button from the SMT toolbar that appears at the top of the SMT interface This is available in the row of buttons as displayed in Figur...

Страница 403: ...s This section discusses use of the built in 8950 AAA database for creating and managing user profiles for network users Important The Database Table Tool provides access to all tables in the built in...

Страница 404: ...ure 23 4 User Profiles Tool Panel options Understanding the User Profiles Tool Panel The User Profiles Tool panel contains the following sections A Table View that is a predefined presentation of data...

Страница 405: ...e 6 Opening the Database Table Tool To open the database table tool 1 Click the Database button and select the Database Table Tool option The Database Table Tool connection panel is displayed as shown...

Страница 406: ...Table is a database file that contains rows of information Each row in a table represents a record and each row contains one or more columns or fields The example 8950 AAA supported schema shown in th...

Страница 407: ...d the record is inserted at the end of the table or list Edit Edit the values for the selected record Delete Removes the selected row from the active table or view Delete All Removes all records from...

Страница 408: ...a cannot be used in your policies 8950 AAA supports a predefined database schema for storage of user profiles However it is possible for you to edit this schema to remove unneeded columns fields and r...

Страница 409: ...DB Table Too Insert Edit Record 2 Enter information into the required fields User Name User Realm Enter information into the non required fields as desired 3 Select OK or Cancel Click OK to accept the...

Страница 410: ...Revert to undo the modifications that have not been saved After selecting OK or Cancel return is made to the previous screen after selecting Revert the Insert Edit Record window continues to be displa...

Страница 411: ...ueness of the new record Modify any of the non required fields as desired 4 Select OK Cancel or Revert Click OK to accept the modified record data A confirmation prompt appears indicating that the tab...

Страница 412: ...o create filtering criteria The data will be used for a record search by matching field values within the existing table 3 Select OK Cancel or Revert Click OK to accept the filter Return is made to th...

Страница 413: ...isable the current filter perform the following steps 1 Click the Query all records action button Result The table with its original set of records appears Import User File This procedure allows you t...

Страница 414: ...lute directory path that may be typed within the field or selected using the browse button that follows the field Set the value of File Type by choosing one of the list items of this field as shown in...

Страница 415: ...o undo the modifications that have not been saved After selecting OK or Cancel return is made to the previous screen after selecting Revert the Import Information window continues to be displayed Conf...

Страница 416: ...Table Name for the table You may select a Table Name by clicking the folder button that appears after the Table Name field In this case a list of allowable table names is displayed as shown in Figure...

Страница 417: ...o determine the table columns to be displayed To do this select a name from the Table Columns list and click the Add button The name appears within the Selected Columns list To select all table column...

Страница 418: ...s Enable button This ensures that all records are queried and displayed as soon as you login to the database To prevent the display disable the checkbox by selecting No The remaining fields on this wi...

Страница 419: ...ck the Move Up button or click the Move Down button To delete all records click the Delete all records When done click Next on the Database Preferences window Result The Database Preferences window ap...

Страница 420: ...e SQL Tool connection panel is displayed as shown in Figure 23 21 Figure 23 21 Accessing the Database SQL Tool Panel 2 Select the appropriate DB Name enter a User Name and Password 3 Click Connect The...

Страница 421: ...on buttons Name Description Icon Execute Command Executes the SQL command that is typed in the SQL Command area of the Database SQL Tool panel The shortcut key F4 can also be used to execute the comma...

Страница 422: ...database users As pexplained earlier a database is used to hold different type of user profiles This section discusses use of the Hypersonic database for creating and managing user profiles for networ...

Страница 423: ...se Users connection panel is displayed as shown in Figure 23 24 Figure 23 24 Manage Hypersonic Database Users connection Panel 2 Specify appropriate Host IP Address Port User Name and Password 3 Click...

Страница 424: ...Managing Hypersonic Database Users Creating and Managing User Profiles with the Built in Database 23 24 365 360 001R6 0 Issue 1 December 2008...

Страница 425: ...ssue 1 December 2008 Part VII Other chapters Overview Purpose This part contains the other chapters related to SMT Contents This part includes the following chapter s Chapter 24 Server Diagnostics and...

Страница 426: ...VII 2 365 360 001R6 0 Issue 1 December 2008...

Страница 427: ...inistrator interface through the LiveAdministrator panel of the Server Management Tool From the LiveAdministrator panel click the Advanced option to access the RADIUS and state server commands You can...

Страница 428: ...epresent an appropriate value Arguments separated by a pipe symbol indicate that only one of the arguments can be used for each execution of the command cache The cache command is used to add count de...

Страница 429: ...dump key cache list Description Lists entries matching the key may use trailing wild cards Command Format cache list key cache load Description Loads the cache contents from a file Command Format cach...

Страница 430: ...up Description Backup for an internal derby database Command Format derby backup database directory derby connect Description Connect to derby database Command Format derby connect database derby crea...

Страница 431: ...mand Format derby info There are no arguments for this command derby list Description Lists internal derby databases Command Format derby list database timestamp derby login Description Cache security...

Страница 432: ...diagnostics Command Format diag chrono dump list engine active state stats fuse list method stats normal list stats queue list reset resetstats diag atfile dump Description Dumps the AtFileProperty In...

Страница 433: ...timer thread paranoia Command Format diag chrono kick There are no arguments for this command diag chrono list Description Lists the chronograph entries hi res timers Command Format diag chrono list T...

Страница 434: ...guments for this command diag field stats Description Lists the field statistics Command Format diag field stats There are no arguments for this command diag fuse The following section lists the diag...

Страница 435: ...ere are no arguments for this command notrim Specifies to include all statistics When not specified only statistics with non zero values are retrieved sort Specifies to sort the statistics by key name...

Страница 436: ...r arguments diag queue list Description Lists the queues Command Format diag queue list There are no arguments for this command diag queue reset Description Resets the queue content Command Format dia...

Страница 437: ...his command diag watch The following section lists the diag watch commands and their arguments diag watch list Description Lists the chronograph entries hi res timers Command Format diag watch list Th...

Страница 438: ...ts eap sim cache count Description Counts fast reauth entries by permanent username Command Format eap sim cache count permanent_user_name eap sim cache delete Description Deletes fast reauth entries...

Страница 439: ...rmat file close fileName file delete Description Deletes a file Command Format file delete fileName file list Description Lists files in the run directory Command Format file list There are no argumen...

Страница 440: ...Displays ipam leases matching the given IP address Command Format ipam lease selector address ipam pool Description Dumps ipam pool prefixes Command Format ipam pool pool name all used free filename j...

Страница 441: ...java memory There are no arguments for this command java properties Description Lists java properties Command Format java properties java thread dump Description Displays java lock information Comman...

Страница 442: ...mat java threads There are no arguments for this command java version Description Lists JVM version Command Format java version There are no arguments for this command login This command establishes i...

Страница 443: ...s for this command logrule delete Description Deletes a logging rule Command Format logrule delete num logrule insert Description Inserts a logging rule rule areaCondition itemCondition logLevel patte...

Страница 444: ...le load Description Loads logging rules from a file Command Format logrule load fileName logrule move Description Moves a logging rule Command Format logrule move num num logrule remove Description De...

Страница 445: ...r commands and their arguments peer auto Description Sets peer auto Command Format peer auto peerName peer down Description Sets peer down Command Format peer down peerName peer list Description Lists...

Страница 446: ...ommands and their arguments server kill Description forcibly terminates the server without any warning Command Format server kill There are no arguments for this command server pause Description Pause...

Страница 447: ...no arguments for this command server shutdown Description Performs an orderly server shutdown Command Format server shutdown There are no arguments for this command server status Description Displays...

Страница 448: ...exec filename session info Description Lists information about this session Command Format session info There are no arguments for this command stat This command displays output statistics variable D...

Страница 449: ...tats group list There are no arguments for this command stats inst list Description Lists instances of a group Command Format stats inst list group stats list Description Prints the statistics associa...

Страница 450: ...t stats var list group system This command displays a list of system properties Command Format system PROPERTY The following section lists the system commands and their arguments system hostaddr Descr...

Страница 451: ...ounts Description Displays output counter information Command Format uss counts counter attribute uss entry Description Lists a state database entry Command Format uss entry key key mod ev state compl...

Страница 452: ...uss load Description Restores a state database from a file Command Format uss load fileName uss naslist Description Lists the NASs Command Format uss naslist There are no arguments for this command u...

Страница 453: ...reset Description Resets state database statistics Command Format state stats reset There are no arguments for this command uss status Description Displays the state server replication state Command F...

Страница 454: ...om one or all entries Command Format uss2 entry list model key uss2 load Description Reloads session state from the given file key The key associated with the state entry to be stopped model Name of t...

Страница 455: ...ats model name uss2 node list Description Displays one or all nodes Command Format uss2 node list node name uss2 node stats Description Displays statistics of one or all nodes Command Format uss2 node...

Страница 456: ...resource There are no arguments for this command uss2 resource dump Description Displays selected or all data from one or all resources Command Format uss2 resource dump model name value uss2 resourc...

Страница 457: ...ostics and Control Commands 365 360 001R6 0 Issue 1 December 2008 24 31 uss2 save Description Saves all session state to thgiven file Command Format uss2 save model file E N D O F S T E P S model Name...

Страница 458: ...List of Server Commands Server Diagnostics and Control Commands 24 32 365 360 001R6 0 Issue 1 December 2008...

Страница 459: ...001R6 0 Issue 1 December 2008 Part VIII Appendix Overview Purpose This part contains the Appendix chapter s related to SMT Contents This part includes the following chapter s Chapter A Supplementary I...

Страница 460: ...VIII 2 365 360 001R6 0 Issue 1 December 2008...

Страница 461: ...n Web Interface To display the built in Web interface perform the following procedure 1 Open a browser window 2 Using the IP address of the 8950 AAA server set the URL field to the following http IP a...

Страница 462: ...lowing procedure to display the RADIUS server Admin interface 1 Using the IP address of the 8950 AAA server open a Telnet window using the following command telnet IP address 9023 Result A Telnet scre...

Страница 463: ...Use the following procedure to display the configuration server administration interface 1 Using the IP address of the 8950 AAA server open a Telnet window by executing the following command telnet I...

Страница 464: ...Displaying the Configuration Server Administration Interface Supplementary Information A 4 365 360 001 R6 0 Issue 1 December 2008 Figure A 3 Telnet Session Configuration Server Administration Address...

Страница 465: ...es and access the network ACCOUNTING Process of recording information about a user session ACCOUNTING REQUEST Request to the server for information in order to charge and track resource usage ACCOUNTI...

Страница 466: ...ministrator to a specific user account See NAI and REALM C CHAP Challenge Handshake Authentication Protocol CGI Common Gateway Interface a means of transferring data between a Web server and a CGI app...

Страница 467: ...manage text server preferences and the use of data panes F FQDN Fully Qualified Domain Name Identifier such as www vitalaaa com which is comprised of a host www and domain name vitalaaa com The domai...

Страница 468: ...make them available whether on the Internet or a corporate intranet LDAP DIRECTORY Authentication source used by LDAP directory service LIMITED WILDCARD Placing an asterisk only at the beginning or en...

Страница 469: ...a list of panel names used for displaying each SMT panel NUL A null character is a binary value with all its bits set to 0 It has a numeric value of 0 NULs can be used to mark the end of a character...

Страница 470: ...hentication and optionally authorization R RADIUS Acronym that stands for Remote Authentication Dial In User Services See RADIUS SERVER RADIUS DETAIL FILE Text file used for storing session and billin...

Страница 471: ...ER MENU List of SMT commands that manage server connections SHARED SECRET A character string specified on both a server and another device or server that establishes mutual identification A shared sec...

Страница 472: ...application for database commands and updates TOOLBAR Row of buttons used for invoking commands to a GUI based application U UI User Interface application This application is responsible for providin...

Страница 473: ...ers to any type of 802 11 network WINDOW MENU List of SMT commands that manage SMT panels WINDOWS SAM Windows Security Accounts Manager a user source supported by 8950 AAA WRITE COMMUNITY Character st...

Страница 474: ...Glossary GL 10 365 360 001R6 0 Issue 1 December 2008...

Страница 475: ...u 5 Collapse all 5 copy 5 cut 5 Expand all 5 find 5 find again 5 paste 5 Preferences 5 select all 5 External Authentications 9 F File Manager panel 1 H History 15 I Interval Change 11 J Java Database...

Страница 476: ...RADIUS servers 3 RADIUS User File 4 RADIUS User Files 6 reply attributes 1 Reply Items 1 rolled over file 19 run directory 2 run subdirectory 4 S Search by Typing 10 Server Connection 2 Server Managem...

Результаты поиска

Содержание 8950 AAA

Отзывы:

Похожие инструкции для 8950 AAA

Бренды по названию

Популярные бренды

Alcatel-Lucent 8950 AAA, Руководство пользователя

Результаты поиска

Содержание 8950 AAA

Отзывы:

Похожие инструкции для 8950 AAA

Бренды по названию

Популярные бренды