Avaya Configuring RADIUS Manual de usuario

Configuring RADIUSPart No. 117385-B Rev 00March 1999BayRS Version 13.20Site Manager Software Version 7.20 BCC Version 4.20

117385-B Rev 00xi PrefaceThis guide describes Remote Authentication Dial-In User Service (RADIUS) and what you do to start and customize RADIUS on a B

Configuring RADIUSxii117385-B Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) Indicate that you choose

Preface117385-B Rev 00xiii AcronymsThis guide uses the following acronyms:separator ( > ) Shows menu paths. Example: Protocols > IP identifies t

Configuring RADIUSxiv117385-B Rev 00Bay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release notes free, direct

117385-B Rev 001-1 Chapter 1RADIUS OverviewRADIUS (Remote Authentication Dial-In User Service) enables Internet service providers (ISPs) to offer more

Configuring RADIUS1-2117385-B Rev 00The RADIUS server is a computer equipped with server software (for example, a UNIX workstation) that is located at

RADIUS Overview117385-B Rev 001-3 Configuring RADIUSTo configure the RADIUS server and client, follow these steps:1.Install the RADIUS server files. T

Configuring RADIUS1-4117385-B Rev 00Bay Networks RADIUS ImplementationThe following Bay Networks platforms can operate as RADIUS clients:• Access Node

RADIUS Overview117385-B Rev 001-5 To enable RADIUS, you must specify the client’s Internet Protocol (IP) address. As the RADIUS client, the router pas

ii117385-B Rev 00Bay Networks, Inc.4401 Great America ParkwaySanta Clara, CA 95054Copyright © 1999 Bay Networks, Inc.All rights reserved. Printed in t

Configuring RADIUS1-6117385-B Rev 00Using RADIUS with Multilevel Access to the RouterSystem administrators and network operators can use RADIUS authen

RADIUS Overview117385-B Rev 001-7 Using RADIUS with a Dial ServiceTo use RADIUS authentication with a dial service, you must configure at least one of

Configuring RADIUS1-8117385-B Rev 00Using RADIUS with Demand Circuit Groups (Site Manager only)When configuring a RADIUS client using Site Manager, Si

RADIUS Overview117385-B Rev 001-9 Using RADIUS with IP UtilitiesTo use RADIUS authentication with an IP utility, you must configure the RADIUS server

Configuring RADIUS1-10117385-B Rev 00An accounting session is the time during which the remote user communicates with the client. The session begins w

RADIUS Overview117385-B Rev 001-11 In addition to configuring unnumbered circuit interfaces, we recommend that you enable IP or IPX triggered updates

Configuring RADIUS1-12117385-B Rev 00Accepting Remote Users’ IP AddressesThe client accepts the IP address of a remote user only if the remote user is

117385-B Rev 002-1 Chapter 2Starting RADIUSRemote Authentication and Dial-In User Service (RADIUS) defines a method of centralizing authentication and

Configuring RADIUS2-2117385-B Rev 00Before You BeginBefore you enable RADIUS, do the following:1.Create and save a configuration file that has at leas

Starting RADIUS117385-B Rev 002-3 Enabling RADIUSYou can use the BCC or Site Manager to enable RADIUS on the router. To help you visualize the configu

117385-B Rev 00iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the accom

Configuring RADIUS2-4117385-B Rev 00Using the BCCTo enable RADIUS and configure the IP addresses for a RADIUS client and server:1.Start configuration

Starting RADIUS117385-B Rev 002-5 Using Site ManagerUse the steps in the following sections to enable RADIUS on a router slot and configure the RADIUS

Configuring RADIUS2-6117385-B Rev 00Configure a RADIUS ServerUse the following steps to configure the IP address for a RADIUS server:6. Click on OK to

Starting RADIUS117385-B Rev 002-7 Select a Protocol for RADIUS Authentication Use the following steps to select a protocol. Once you select a protocol

Configuring RADIUS2-8117385-B Rev 00Configuring Multiple RADIUS ClientsYou can use the script described in this section to configure a RADIUS client o

117385-B Rev 003-1 Chapter 3Customizing the RADIUS Client ConfigurationThis chapter shows you how to change the parameter values to customize the RADI

Configuring RADIUS3-2117385-B Rev 00Using the BCCTo modify the RADIUS client’s IP address, navigate to the radius-client# prompt for the appropriate s

Customizing the RADIUS Client Configuration117385-B Rev 003-3 Modifying the Authentication and Accounting ServicesThe default for both accounting and

Configuring RADIUS3-4117385-B Rev 00To configure the RADIUS client to generate accounting requests for incoming calls only, navigate to the radius-cl

Customizing the RADIUS Client Configuration117385-B Rev 003-5 Modifying the Protocol for RADIUS AuthenticationUse the following steps to modify the un

iv117385-B Rev 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, d

Configuring RADIUS3-6117385-B Rev 00Modifying the PPP Authentication ProtocolThe remote user identifies itself to the server using one of the PPP auth

Customizing the RADIUS Client Configuration117385-B Rev 003-7 Removing RADIUS Authentication and AccountingYou can use either the BCC or Site Manager

Configuring RADIUS3-8117385-B Rev 00Setting the Debug Message LevelThe debug message level determines how verbose the system is in reporting error mes

117385-B Rev 004-1 Chapter 4Customizing the RADIUS Server ConfigurationThis chapter explains how to modify the RADIUS server configuration. The server

Configuring RADIUS4-2117385-B Rev 00Modifying the Primary Server’s PasswordThe first server you configure is the primary server. You can have only one

Customizing the RADIUS Server Configuration117385-B Rev 004-3 Modifying the Server ModeThe server mode tells the client how the server is configured.

Configuring RADIUS4-4117385-B Rev 00Designating Authentication and Accounting UDP PortsThe User Datagram Protocol (UDP) port is the logical port that

Customizing the RADIUS Server Configuration117385-B Rev 004-5 Using Site ManagerTo designate the UDP port numbers of the RADIUS server on which it exp

Configuring RADIUS4-6117385-B Rev 00Modifying the Server Response TimeWhen the client sends an accounting or authentication request to the server, you

Customizing the RADIUS Server Configuration117385-B Rev 004-7 Modifying the Number of Client Requests to the ServerYou can modify the number of times

117385-B Rev 00vContents PrefaceBefore You Begin ...

Configuring RADIUS4-8117385-B Rev 00Using Site ManagerTo modify the number of client requests to the server:Site Manager ProcedureYou do this System r

Customizing the RADIUS Server Configuration117385-B Rev 004-9 Configuring Alternate ServersIn addition to the primary server, you can configure one or

Configuring RADIUS4-10117385-B Rev 00Using Site ManagerTo configure an alternate server:Site Manager ProcedureYou do this System responds1. In the Con

Customizing the RADIUS Server Configuration117385-B Rev 004-11 Reconnecting to the Primary ServerWhen the primary server fails to respond to connectio

Configuring RADIUS4-12117385-B Rev 00Using Site ManagerTo try to reconnect to the primary server after a specified time period:Changing the Primary an

Customizing the RADIUS Server Configuration117385-B Rev 004-13 Using Site ManagerTo specify which server is the primary and which is the alternate:Sit

Configuring RADIUS4-14117385-B Rev 00Removing a Server EntryYou can remove a server entry from the RADIUS configuration.Using the BCCTo remove a serve

117385-B Rev 00A-1 Appendix ASite Manager ParametersThis appendix describes the Site Manager RADIUS parameters. You can display the same information u

Configuring RADIUSA-2117385-B Rev 00You can also use the Technician Interface to modify parameters by issuing set and commit commands with the Managem

Site Manager Parameters117385-B Rev 00A-3 Server Configuration ParametersThe RADIUS Server Configuration window (Figure A-2) shows the current paramet

vi117385-B Rev 00Chapter 2 Starting RADIUSBefore You Begin ...

Configuring RADIUSA-4117385-B Rev 00Parameter: Server IP AddressPath: Protocols > Protocols > Global Protocols > RADIUS > Edit ServerDefau

Site Manager Parameters117385-B Rev 00A-5 Parameter: Auth. UDP PortPath: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 1645Opt

Configuring RADIUSA-6117385-B Rev 00Parameter: Response Timeout (seconds)Path: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 3O

Site Manager Parameters117385-B Rev 00A-7 Protocol Parameters for RADIUS AuthenticationThe RADIUS Dial_In Protocol window (Figure A-3) shows the curre

Configuring RADIUSA-8117385-B Rev 00Parameter: IP EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol >

Site Manager Parameters117385-B Rev 00A-9 Parameter: IPX EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protoco

117385-B Rev 00B-1 Appendix BMonitoring RADIUS Using theBCC show CommandsUse the BCC show commands to display configuration and statistical informatio

Configuring RADIUSB-2117385-B Rev 00Online Help for show CommandsTo display a list of command options, enter one of these commands at any BCC prompt:•

Monitoring RADIUS Using the BCC show Commands117385-B Rev 00B-3 show radius alertsThe show radius alerts command displays problems with the RADIUS con

117385-B Rev 00viiAppendix B Monitoring RADIUS Using the BCC show CommandsOnline Help for show Commands ...

Configuring RADIUSB-4117385-B Rev 00show radius clientsThe show radius clients command displays information about the router’s RADIUS configuration.Yo

Monitoring RADIUS Using the BCC show Commands117385-B Rev 00B-5 show radius servers generalThe show radius servers general command displays informatio

Configuring RADIUSB-6117385-B Rev 00show radius servers timersThe show radius servers timers command displays the time setting information for the RAD

Monitoring RADIUS Using the BCC show Commands117385-B Rev 00B-7 show radius stats accountingThe show radius stats accounting command displays all the

Configuring RADIUSB-8117385-B Rev 00show radius stats authenticationThe show radius stats authentication command displays all the RADIUS statistical i

117385-B Rev 00C-1 Appendix CConfiguration ExamplesThis appendix provides the following configuration examples for a router acting as a RADIUS client:

Configuring RADIUSC-2117385-B Rev 00Configuring RADIUS AuthenticationThis example shows how to configure the router as a RADIUS authentication client,

Configuration Examples117385-B Rev 00C-3 Using the BCCTo enable RADIUS and configure the IP addresses for a RADIUS client and server:1.Start configura

Configuring RADIUSC-4117385-B Rev 00To configure the sample network, complete the following tasks:Site Manager ProcedureYou do this System responds1.

Configuration Examples117385-B Rev 00C-5 Use the following steps to select IP:Site Manager ProcedureYou do this System responds1. At the bottom of the

Configuring RADIUSC-6117385-B Rev 00Configuring RADIUS AccountingThis example explains how to configure the router as a RADIUS accounting client, and

Configuration Examples117385-B Rev 00C-7 The next sections explain how to configure the sample network using the BCC and Site Manager.Using the BCCTo

Configuring RADIUSC-8117385-B Rev 0010.To enable RADIUS accounting for the RADIUS client on slot 2, enter:radius-client/2# accounting enabled11.Naviga

Configuration Examples117385-B Rev 00C-9 6. Click on an ISDN connector to assign a line to the pool, following these guidelines:• Site Manager does no

Configuring RADIUSC-10117385-B Rev 00To create a backup circuit, complete the following tasks: Refer to Configuring Dial Services for more information

Configuration Examples117385-B Rev 00C-11 To enable RADIUS accounting, complete the following tasks: Site Manager ProcedureYou do this System responds

Configuring RADIUSC-12117385-B Rev 00Configuring RADIUS Accounting and AuthenticationThis example explains how to configure the router as a RADIUS acc

Configuration Examples117385-B Rev 00C-13 The next sections explain how to configure the sample network using the BCC and Site Manager.Using the BCCTo

Configuring RADIUSC-14117385-B Rev 00To configure the RADIUS client and server, and enable RADIUS authentication and accounting on a router slot, comp

Configuration Examples117385-B Rev 00C-15 To select IP, complete the following tasks:Site Manager ProcedureYou do this System responds1. At the bottom

117385-B Rev 00ixFiguresFigure 1-1. Sample Network Using RADIUS ...1-2Figure 2-1. BCC Hiera

117385-B Rev 00D-1 Appendix DVendor-Specific AttributesThis appendix shows the Bay Networks vendor-specific attributes (VSAs) and the dictionary file

Configuring RADIUSD-2117385-B Rev 00Bay Networks Vendor-Specific AttributesThe Bay Networks vendor ID is 1584, as allocated by the Internet Assigned N

Vendor-Specific Attributes117385-B Rev 00D-3 RADIUS Dictionary FileThis section lists the RADIUS dictionary file (bayrs.dct) for reference purposes on

Configuring RADIUSD-4117385-B Rev 00Attributes used with l2tpAttributes used with multi user accessATTRIBUTE Bay-Primary-DNS-Server Bay-VSA (54, ipadd

117385-B Rev 00Index-1Aaccess accept, 1-5access challenge, 1-5access reject, 1-5accounting. See RADIUS, accounting, 1-9Acct. UDP Port parameter, A-5ac

Index-2117385-B Rev 00MMaximum Message Retry parameter, A-5MIB object ID, using, A-2multilevel access, 1-6Nnumbered IP addresses, 1-5OOSPF Enable para

117385-B Rev 00Index-3server configurationchanging the primary and alternate servers, 4-12changing the server mode, 4-3configuing alternate servers, 4

117385-B Rev 00v ART/CR0001A.EPS 1-2ART/Bcc0026a.eps 2-3ART/CR0002A.EPS C-2ART/CR0003A.EPS C-6ART/CR0004A.EPS C-12