Bay Networks Radius Reference guide

Type
Reference guide

This manual is also suitable for

Issue 1.0 MAN-RADIUS-REF
R
ADIUS
R
EFERENCE
M
ANUAL
Issue 1.0
MAN-RADIUS-REF Issue 1.0
All rights reserved. This document may not in whole or part be copied,
photocopied, reproduced, translated or reduced to any electronic medium or
machine readable form without the prior written permission from Bay
Networks.
The information contained in this manual is believed to be accurate,
however, no responsibility is assumed by Bay Networks for its use, nor for
any infringements of patents or other rights of third parties resulting from
its use.
All trademarks are acknowledged.
1996 Scorpion Logic Ltd. A Bay Networks company
Issue 1.0 MAN-RADIUS-REF
A
BOUT
T
HIS
M
ANUAL
Chapter 1 - Introduction
This chapter gives an overview of the features of the RADIUS Server and
provides an introduction to its features and facilities.
Chapter 2 - Tutorial
This chapter gives a step by step guide to the configuration of a sample
Network. It covers the configuration of the RADIUS Server, the Network
Access Server (in this case a Nautica Marlin Router), a small office
Network and a mobile dial-in user.
Chapter 3 - Reference
All RADIUS specific management structure and forms, configuration
parameters and status information are described in detail in this chapter.
MAN-RADIUS-REF Issue 1.0
C
ONTENTS
Section ……………………………………………… Page
v
Chapter 1 - Introduction
Welcome to Nautica RADIUS 1-1
About This Manual 1-1
Nautica Radius Features 1-2
RADIUS Background 1-2
Theory Of Operation 1-3
Document Conventions 1-4
What You Need 1-6
Hardware 1-6
Software 1-6
Knowledge 1-7
RADIUS Installation 1-8
Chapter 2 - Reference
Introduction 2-1
The Marlin Router and RADIUS 2-1
RADIUS Manager Menu Map 2-2
NAS Types 2-3
Configure NAS Types 2-3
NAS Device Types 2-4
NAS Units 2-5
Configure NAS Units 2-5
NAS Name 2-6
Quality Of Service 2-9
Grade of Service 2-10
Priority Timebands 2-11
Accounts 2-13
Account Information 2-14
Path Type 2-17
Multi-Link Operation (PPP or Nautica Paths) 2-18
Multi-Link Nautica/PPP 2-19
Undistinguished (OEM NAS Connections to RADIUS) 2-20
IP Networking 2-21
RIP Operation 2-22
RIP Type 2-22
Static Route Tables 2-23
IPX Networking 2-24
Outgoing Call Support 2-26
Service 2-27
C
ONTENTS
Section …………………………………………….. Page
vi
Chapter 2 - Reference (cont.)
Session Parameters 2-27
Accounting 2-28
RADIUS Server 2-29
Nautica Radius Server Menu Map 2-29
File 2-30
RADIUS Server Settings 2-30
Event Log 2-34
Status 2-35
Device Status 2-35
QOS Status 2-36
Account Status 2-37
Account Allocation 2-38
Account Rollover 2-38
Event Log Window 2-39
Breakdown of Account Records 2-39
Example Event Log of an Incoming Connection 2-41
Example Event Log of an Outgoing Connection 2-44
Chapter 3 - Tutorial
Nautica RADIUS Tutorial 3-1
Overview of Sample Test Network 3-2
RADIUS Configuration Tutorial 3-4
RADIUS Installation 3-5
Configuration Procedure 3-6
RADIUS Manager Configuration 3-7
1. Configuring a NAS Type 3-7
2. Configuring a NAS Unit 3-8
3. Configuring the Quality Of Service (QOS) Option 3-10
4. Configuring the Accounts Option 3-14
Configuring the Marlin Router on the HQ Backbone LAN 3-34
Configuring the CLAM Router at the Remote Office 3-47
Configuring the Roving User’s P.C. 3-55
C
ONTENTS
v
C
ONTENTS
vi
Introd
u
ction
1-1
I
NTRODUCTION
Welcome to Nautica RADIUS
Thank you for purchasing Nautica RADIUS as part of your remote access
strategy.
We believe you will be delighted with this product as it is easy to use, and
provides unrivalled Security, Accounting and Quality of Service facilities for
both Intranet and Internet users alike.
A
BOUT THIS
M
ANUAL
This reference Manual describes how Nautica RADIUS is installed and
configured with the Nautica family of routers. It should be used in
conjunction with the relevant manuals for each Nautica unit you will be using.
If you wish to use Nautica RADIUS in conjunction with other manufacturers’
products, then the relevant manuals for their products must also be available.
I
NTRODUCTION
1-2
N
AUTICA
RADIUS F
EATURES
Nautica RADIUS is an Authentication, Authorisation and Accounting system
based on the R.A.D.I.U.S. (Remote Authentication Dial In User Service)
standard which can be adapted to a broad range of different network
requirements of Enterprise, Internet Service Providers (ISPs), Telcos, Value
Added Networks (VANs), Intranets and other service operations. Such
networks may operate in a variety of environments such as:
Public companies providing access to networks for general or specific
usage, such as ISPs, financial information services and scientific
information services for example.
Private Networks for large organisations, where access is provided for
internal operational divisions and perhaps external trading companies
with security and on a chargeable basis. These include: Financial
Services, University Campus, Software Services and large companies
providing remote office, home and Intranet connections for many
departments.
All of these network systems have a common theme :- Remote Access, for the
individual user or the Remote Branch Office, whether via PSTN or ISDN.
RADIUS B
ACKGROUND
RADIUS consists of two functions, RADIUS Authentication and RADIUS
Accounting. It uses a client/server based security system designed in
accordance with a model of distributed security recommended by the Network
Access Server Working Group of the IETF. RADIUS has been submitted as
an RFC to become an Internet standard, and has been adopted as the protocol
and system of choice by most of the security product manufacturers. RADIUS
is rapidly gaining popularity as an open protocol and architecture with all the
key manufacturers of communications products, as it is both an easy and
efficient means of controlling and accounting for access to backbone
networks.
Introd
u
ction
1-3
T
HEORY
O
F
O
PERATION
RADIUS Authentication in a network acts as a distributed security system
which uses an authentication server to address the issues of Secure Access to
central services through dial-in devices called Network Access Servers
(NAS). By their nature, Dial-In devices are a point of vulnerability for a
network, since anyone can acquire the telephone or ISDN number of the
service, and with the appropriate calling device (such as a modem, ISDN TA
or personal Router), can attempt to gain access to the service.
RADIUS provides a secure mechanism by which NAS devices can
authenticate incoming calls at a central unit before allowing the Account
access to any part of the network. When an Account is granted access, the
RADIUS Server can configure the NAS to customise the services.
Distributed Security allows the separation of the communications process
from the user authentication. This allows a central point of authentication,
configuration, and a single database which many NAS devices can access
without the need to hold the authentication information for all dial-in
Accounts at the NAS (these Accounts can potentially run into several
thousand). The use of this central repository makes RADIUS more secure and
more scaleable than systems based upon many distributed points.
RADIUS authenticates users through a series of communications which take
place from Account (User) to NAS where the RADIUS Client resides, then
from RADIUS Client to RADIUS Server wher the Account Authentication is
processed. The results are then passed onto the RADIUS Client. This
separation of communication activity is another level of security preventing
access at any point to the network in order to maintain its integrity.
As with all standards, RADIUS includes the facility to add extended attributes
so that specific features of different manufacturers’ products may be
supported.
Additionally, RADIUS supports an Accounting mechanism, which records all
connection/disconnection events and bandwidth utilisation by each Account.
Accounting information is reliably delivered by the RADIUS protocol.
I
NTRODUCTION
1-4
Authentication and Accounting information is keyed using MD5 encryption
algorithms and cannot be modified in transit, since both NAS device and the
RADIUS server validate received packets.
D
OCUMENTATION
C
ONVENTIONS
Mouse-it
Nautica RADIUS only makes use of the left mouse button.
[click]-means press and release once.
[double-click] - means press and release twice in quick succession.
[drag] - means press the button and hold, while moving the object contacted.
Menu Commands
Menu Commands are in the form of Menu Name/Menu command.
e.g. Select Edit/Undo
Button Names
Button Names are in the form Button Name.
e.g. Select the OK button
Key Names
Key Names are in small capitals:
ESCAPE
.
Key Combinations and Sequences
A plus sign (+) between keys means press both keys at the same time.
Introd
u
ction
1-5
e.g. Press
ALT
+
ESCAPE
A comma between keys means the keys should be pressed in succession.
e.g. Press
ALT
,
SPACE
What You Type
Anything you should type is in italics.
e.g. Type 123.456.111
Where the typed input is variable then it will be in brackets.
e.g. Type {Your IP Address}
Handy Hints
These are designed to assist you during the process either as reminders or
useful tips and will be in bold italic.
e.g. Note: Always Save your configuration after a change.
Warnings
The insertion of a
1
is a caution meaning failure to follow the procedure
could result in a loss of data or connections.
I
NTRODUCTION
1-6
W
HAT YOU NEED
H
ARDWARE
Nautica RADIUS can be installed on any Windows ’95 platform. We strongly
recommend that it is dedicated to the task of RADIUS to maintain security and
performance across the network.
The recommended dedicated hardware platform for up to 5,000 users is as
follows:
Minimum 486 DX2 66MHz, IBM compatible PC, with 12 Mb RAM.
Ethernet Card.
SVGA (800 x 600) Monitor.
Keyboard.
Mouse.
S
OFTWARE
Microsoft
Windows
95.
TCP/IP network software.
A Windows 95 installation program is included with Nautica RADIUS.
Note: The addition of Nautica MicroManager (an SNMP based Network
Manager) to this platform could provide an additional window to the
network should you need it.
Introd
u
ction
1-7
K
NOWLEDGE
It is recommended that you have at least a basic knowledge of the following
technologies and User Account Information before commencement of
installation procedure
Windows 95.
TCP/IP Address structures.
TCP/IP Addresses for your Network.
If using Novell Netware, Novell IPX and Novell SPX Address structures
and how they apply to your network.
The ISDN Numbers for each of your local and remote installations.
A profile of the people and sites who are using/intending to use the network.
A profile of the data-flow to those sites.
A list of any predefined CHAP Secrets, Nautica Passwords or User Password
to be used during Authentication.
You are now ready to commence installing and configuring your Nautica
RADIUS system. We have also included a T
UTORIAL
chapter, which
configures the Nautica RADIUS Server in a standard remote access
environment. We strongly recommend that you start off by configuring your
RADIUS Server using this Tutorial first, then progress onto your own specific
configuration.
I
NTRODUCTION
1-8
RADIUS I
NSTALLATION
The RADIUS Server and the RADIUS Manager suite of programs is provided
on two 3.5" Floppy Disks. These are labelled “Disk 1” and “Disk 2”.
1. Place the 3.5" Floppy Disk labelled Disk 1 into the A Drive of the
Windows 95 PC.
2. Select the Start option on the Windows 95 Task Bar by placing the mouse
pointer over the “Start” Button and clicking the left mouse button.
3. [Click] the Run option.
4. Type A:\Setup.exe in the “Open” box.
5. [Click] the OK Button.
6. Follow the instructions given in the Setup Windows and amend any
settings as necessary.
7. When the Setup program is complete the “Nautica RADIUS” Window is
displayed. [Double-click] the red RADIUS_M icon in the “Nautica
RADIUS” Window. This runs the RADIUS_M program.
8. When the “RADIUS Manager” window appears [click] the Minimise
Button. This will place the RADIUS Manager Button on the Task Bar.
9. [Double click] the green RADIUS_S icon in the “Nautica RADIUS”
Window. This runs the RADIUS_S program
10. When the “RADIUS Server” window appears [click] the Minimise
Button. This will place the RADIUS Server Button on the Task Bar.
11. [Click] the Close Button on the “Nautica RADIUS” Window.
Introd
u
ction
1-9
N
AUTICA
RADIUS F
ILES
The Files you should now have installed on your hard drive are as follows:-
Two executable files :-
1) RADIUS_S.EXE
This is the Server program which communicates with the NAS RADIUS
Client software. It validates the users with the details stored in the
RADIUS.LST file, which is created when RADIUS_M is run.
2) RADIUS_M.EXE
This is the RADIUS Manager program. This provides the configuration for
the NASs and Users. It also generates the User database as new users are
configured. The RADIUS Manager is generally only used when adding new
User or NAS configurations or when making changes to existing Users and
NASs. As such it automatically reloads information changes to the
RADIUS.LST file when changes are made.
Other Files installed are:
CW3215.DLL BIDS45.DLL
BC450RTL.DLL BIDS45F.DLL
BWCC.DLL BWCC32.DLL
OWL250F.DLL OWL250.DLL
If the RADIUS.LST file does not already exist one is automatically created
when the RADIUS_M.EXE program is run.
I
NTRODUCTION
1-10
R
EFERENCE
2-1
I
NTRODUCTION
The Bay Networks RADIUS implementation is such that the RADIUS Server
functionality and the Account and NAS configuration are carried out using
separate executable programs, RADIUS_M.EXE and RADIUS_S.EXE. This
allows configuration changes to be made without having to halt the RADIUS
Server, providing continuous online network operation.
The initial and day to day configuration is carried out by the RADIUS_M
program (RADIUS Manager), while the actual RADIUS Server function of
Authentication, Access Control and Accounting is performed by the
RADIUS_S program.
The Reference Section is arranged in such a way that it guides the reader
through the RADIUS Manager Menus and gives a brief description of each
selectable parameter and their available options. The Reference section then
follows describes the Menus and options provided by the RADIUS Server
program.
It should be noted that an “Account” is almost equivalent to a “Path” on a
Nautica Router, and as a result all common variables use the same name. It is
recommended that a Marlin or CLAM Version 3 Router Reference Manual is
read in conjunction with this RADIUS Reference Manual to obtain an all
round understanding of the common variables used.
T
HE
M
ARLIN
R
OUTER AND
RADIUS
The Nautica family, particularly the Marlin need to be configured for
RADIUS operation prior to installation. To carry out this configuration,
please see the relevant section of the Nautica Manual.
For other manufacturer’s products please refer to the relevant manual and
configure them accordingly.
Note: Marlins configured for use with a RADIUS Server start with no Paths
configured. All Paths are downloaded using the RADIUS protocol.
R
EFERENCE
2-2
This generally also applies to other manufacturer’s products, where the
RADIUS protocol will download the paths using the profiles input into
RADIUS for that specific product.
RADIUS M
ANAGER
M
ENU
M
AP
Nautica RADIUS Manager Menu Map
Priority Timebands
Grade Of Service
Quality of Service
Multi-Link Nautica
Multi-link PPP
Undistinguished
Path Type
IP Path
IP Networking
IPX Path
IPX Netwroking
Session Parameters
Service
Account Information
Remote Accounts
Account
NAS DeviceTypes
Configure NAS Types
NAS Types
NAS Name
Configure NAS Units
NAS Units Key Generator
RADIUS MANAGER
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130

Bay Networks Radius Reference guide

Type
Reference guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI