1. Manuals
  2. Brands
  3. Bay Networks Manuals
  4. Software
  5. RADIUS
  6. Reference manual

Bay Networks RADIUS Reference Manual

Network access server
Hide thumbs Also See for RADIUS:
Table of Contents

Advertisement

Quick Links

Download this manual
R
ADIUS
R
M
EFERENCE
ANUAL
Issue 1.0
Issue 1.0
MAN-RADIUS-REF

Advertisement

Table of Contents
loading

Related Manuals for Bay Networks RADIUS

Summary of Contents for Bay Networks RADIUS

  • Page 1 ADIUS EFERENCE ANUAL Issue 1.0 Issue 1.0 MAN-RADIUS-REF...
  • Page 2 Bay Networks for its use, nor for any infringements of patents or other rights of third parties resulting from its use. All trademarks are acknowledged. 1996 Scorpion Logic Ltd. A Bay Networks company MAN-RADIUS-REF Issue 1.0...
  • Page 3 BOUT ANUAL Chapter 1 - Introduction This chapter gives an overview of the features of the RADIUS Server and provides an introduction to its features and facilities. Chapter 2 - Tutorial This chapter gives a step by step guide to the configuration of a sample Network.
  • Page 4 MAN-RADIUS-REF Issue 1.0...

  • Page 5: Table Of Contents

    Quality Of Service Grade of Service Priority Timebands Accounts Account Information Path Type Multi-Link Operation (PPP or Nautica Paths) Multi-Link Nautica/PPP Undistinguished (OEM NAS Connections to RADIUS) IP Networking RIP Operation RIP Type Static Route Tables IPX Networking Outgoing Call Support Service...
  • Page 6 Section …………………………………………….. Page Chapter 2 - Reference (cont.) Session Parameters Accounting RADIUS Server Nautica Radius Server Menu Map File RADIUS Server Settings Event Log Status Device Status QOS Status Account Status Account Allocation Account Rollover Event Log Window Breakdown of Account Records...
  • Page 7 ONTENTS...
  • Page 8 ONTENTS...

  • Page 9: Chapter 1 - Introduction

    Introduction NTRODUCTION Welcome to Nautica RADIUS Thank you for purchasing Nautica RADIUS as part of your remote access strategy. We believe you will be delighted with this product as it is easy to use, and provides unrivalled Security, Accounting and Quality of Service facilities for both Intranet and Internet users alike.

  • Page 10: Nautica Radius Features

    Accounting. It uses a client/server based security system designed in accordance with a model of distributed security recommended by the Network Access Server Working Group of the IETF. RADIUS has been submitted as an RFC to become an Internet standard, and has been adopted as the protocol and system of choice by most of the security product manufacturers.

  • Page 11: Theory Of Operation

    Accounts at the NAS (these Accounts can potentially run into several thousand). The use of this central repository makes RADIUS more secure and more scaleable than systems based upon many distributed points.
  • Page 12 OCUMENTATION ONVENTIONS Mouse-it Nautica RADIUS only makes use of the left mouse button. [click]-means press and release once. [double-click] - means press and release twice in quick succession. [drag] - means press the button and hold, while moving the object contacted.
  • Page 13 e.g. Press ESCAPE A comma between keys means the keys should be pressed in succession. e.g. Press SPACE What You Type Anything you should type is in italics. e.g. Type 123.456.111 Where the typed input is variable then it will be in brackets. e.g.

  • Page 14: What You Need

    ARDWARE Nautica RADIUS can be installed on any Windows ’95 platform. We strongly recommend that it is dedicated to the task of RADIUS to maintain security and performance across the network. The recommended dedicated hardware platform for up to 5,000 users is as follows: Minimum 486 DX2 66MHz, IBM compatible PC, with 12 Mb RAM.

  • Page 15: Knowledge

    RADIUS system. We have also included a T chapter, which UTORIAL configures the Nautica RADIUS Server in a standard remote access environment. We strongly recommend that you start off by configuring your RADIUS Server using this Tutorial first, then progress onto your own specific configuration.

  • Page 16: Radius Installation

    RADIUS I NSTALLATION The RADIUS Server and the RADIUS Manager suite of programs is provided on two 3.5" Floppy Disks. These are labelled “Disk 1” and “Disk 2”. 1. Place the 3.5" Floppy Disk labelled Disk 1 into the A Drive of the Windows 95 PC.
  • Page 17 NASs. As such it automatically reloads information changes to the RADIUS.LST file when changes are made. Other Files installed are: CW3215.DLL BC450RTL.DLL BWCC.DLL OWL250F.DLL If the RADIUS.LST file does not already exist one is automatically created when the RADIUS_M.EXE program is run. BIDS45.DLL BIDS45F.DLL BWCC32.DLL OWL250.DLL...

  • Page 18: Introduction

    NTRODUCTION 1-10...

  • Page 19: The Marlin Router And Radius

    Nautica Manual. For other manufacturer’s products please refer to the relevant manual and configure them accordingly. Note: Marlins configured for use with a RADIUS Server start with no Paths configured. All Paths are downloaded using the RADIUS protocol.

  • Page 20: Radius Manager Menu Map

    This generally also applies to other manufacturer’s products, where the RADIUS protocol will download the paths using the profiles input into RADIUS for that specific product. RADIUS M ANAGER Nautica RADIUS Manager Menu Map Q u a lity of S ervic e...

  • Page 21: Nas Types

    ONFIGURE YPES NAME VOICE DATA EXTENDED This is the Name of the product type e.g. Marlin 3000. Are Analogue ports supported on the device. This selects the Data Port of the device. Does the device support Nautica Extensions to RADIUS.

  • Page 22: Nas Device Types

    EFERENCE To Delete an item from the table, highlight it and [click] the DEL button. To Edit an item in the table, highlight it and [click] the EDIT button to access the NAS DEVICE TYPE menu. To Add an item in the table, highlight it and [click] the ADD button to access the NAS DEVICE TYPE menu.

  • Page 23: Nas Units

    NAS U NITS This window describes the Configured NAS Units available. [Click] the NAS UNITS button to access the CONFIGURE NAS UNITS menu. NAS U ONFIGURE NITS NAME IP ADDRESS This is the Name you wish to call the particular unit. It will usually be the same as you input into the unit, but can vary if you require it to do so.

  • Page 24: Nas Name

    TYPE Note: If the NAS DEVICE TYPE you require is not in the list, please revert back to the NAS DEVICE TYPE menu and enter the NAS Type you require before proceeding. NO OF PORTS To Delete NAS Units from the configuration, highlight the unit and [click] the DEL button.
  • Page 25 AUTHENTICATION Note: This Secret needs to be configured directly onto the NAS. For Nautica it can be found on the Config. RADIUS menu. Note: We would recommend that the SECRET string used differs from the NAS Names used and should not easily related. This information should be stored in a secure place.
  • Page 26 Maximum Session Lifetime is 10 mins. If an Account attempts to reconnect the line after the Session Lifetime has expired the full RADIUS Authentication process is performed again. USAGE LIMIT Note: Each time a Session is started the Usage Limit is decremented by the value of the Maximum Session Lifetime.

  • Page 27: Quality Of Service

    UALITY ERVICE [Click] the Quality Of Service button and access the Quality Of Service menu. Service Name PRIORITY Note: If the NAS IP Address is set at 0.0.0.0, then it is part of a NAS Cluster connected through a Nautica 8000LSU. Note: Resources are allocated in accordance with this level of priority, i.e.

  • Page 28: Grade Of Service

    To Edit an item, highlight the item, [click] the EDIT button and access the GRADE OF SERVICE menu. RADE OF ERVICE NAME NAS IP ADDRESS PRIORITY [Click] the EDIT button, or the ADD button to access the TIMEBANDS menu. 2-10 Complete the Name of the Service required.

  • Page 29: Priority Timebands

    RIORITY IMEBANDS Complete the form with your requirements: DAYS START TIME END TIME MAX CHANNELS MIN CHANNELS Note: A “0” indicates no channels are reserved. These are the days when this Grade of Service may be used. To Select, [click] on the selection.
  • Page 30 MAX PER ACCOUNT Note: Should you configure overlapping Grades of Service for Channels by mistake, Nautica RADIUS operates with the Timeband having Priority. Therefore once a Timeband has been entered, its conditions with respect to the Grade of Service will operate until the Timeband is ended.

  • Page 31: Accounts

    EFERENCE CCOUNTS [Click] the Accounts button to access the ACCOUNTS INFORMATION form. This is a summary of the Remote Accounts information. To Edit an entry, highlight it and [click] the EDIT button to access the relevant function. To Add an entry, [click] the ADD button. To Delete an entry, highlight it and [click]the DELETE button.

  • Page 32: Account Information

    CCOUNT NFORMATION The Account Information forms defines the Remote Access Accounts by name. NAME [Click] on the NAME field and Type the {Name of your PC or CLAM}. 2-14 The Name of the remote Account. It must be EXACTLY the same as that configured on the device itself.
  • Page 33 [Click] on AUTHENTICATION and Select {CHAP SECRET or USER PASSWORD}. PASSWORD Note: When typing Passwords, they must be EXACTLY the same for both NAS Client and RADIUS, including Upper/Lower case. ADDRESS ASSIGNMENT This is the default minimum time in seconds between allowed session timers.
  • Page 34 [Click] on the ADDRESS ASSIGNMENT field and select the required choice from the list: Don’t Care NAS Selects Specific ADDRESS Note: Due to regional variations, please check that this facility has been enabled and operates for each incoming call prior to setting it as a security level.

  • Page 35: Path Type

    Standard PPP or ML-PPP connections, using either PAP or CHAP security. Nautica Paths (Recommended for all Nautica-Nautica connections). This filed allows Nautica RADIUS to be used in conjunction with other manufacturers systems which may not fully conform to either the RADIUS...
  • Page 36 (PPP ULTI PERATION To allow multiple ISDN B-Channels to be combined into a single datastream (i.e. Multi-Linking), Nautica RADIUS provides two options: MULTI-LINK NAUTICA MULTI-LINK PPP To configure the options for Multi-Link Operation [click] the EDIT button. 2-18 AUTICA ATHS...

  • Page 37: Multi-Link Nautica/Ppp

    /PPP ULTI AUTICA COMPRESSION BRIDGE MAX MULTI-LINK PORTS Enter the maximum number of Multi-Link DEMAND THRESHOLD IDLE THRESHOLD THRESHOLD PERIOD [Click] to enable Data Compression on this path. [Click] to enable transparent bridging (option not available on version 3.xx Router software).
  • Page 38 EFERENCE 2-20...

  • Page 39: Undistinguished (Oem Nas Connections To Radius)

    VALUE RODUCT ONNECTIONS TO Select this item where another manufacturers’ NAS is to be used with Nautica RADIUS. Enter the attribute numbers provided by the OEM manufacturer in accordance with the RADIUS published specification. Type {The Value of the Attributes in the Specification from the OEM}.

  • Page 40: Ip Networking

    IP N ETWORKING There are two options for this field: Enabled Disabled To Add or Edit IP NETWORKING, Select ENABLED then [click] EDIT. [Click] on each relevant item in order to select it: 2-22...

  • Page 41: Rip Operation

    RIP O PERATION Select one of the options below:- DISABLED SEND ONLY LISTEN ONLY SEND & LISTEN Note: If RIP is disabled Static routes must be set up for each connection. RIP T RIP 1 RIP 1 COMPATIBLE RIP 2 RIP is disabled.

  • Page 42: Static Route Tables

    TATIC OUTE ABLES Static Route Tables are used to restrict access on an account by account basis. This feature will increase security by restricting access to resources and facilities on all of your network, parts of the network or to specific IP addresses only.

  • Page 43: Ipx Networking

    NETWORKING [Click] the required option to select either: ENABLED DISABLED To Add or Edit an IPX Path [click] the EDIT button. where Netware IPX/SPX is to be routed. where IPX/SPX is not required. 2-25...
  • Page 44 IPX STATIC ROUTES To Add an IPX Path [click] the ADD button. To Edit an IPX Path [click] the EDIT button. Insert the Address of the Remote Networks. IPX NET FILTER Note: If no entry is made in these tables, the entire network will be accessible to all Authenticated connections from the particular path.

  • Page 45: Outgoing Call Support

    To Add a IPX SAP Filter for a path [click] the ADD button. To Edit a IPX SAP Filter for a path [click] the EDIT button. To Delete a IPX SAP Filter for a path, [click] on the path to highlight it and [click] the DELETE button.

  • Page 46: Service

    [Click] the items required to make your selection from the drop-down menu. ALLOWED Type {Telephone or ISDN Number} in the window. DISALLOWED ERVICE Select from the drop-down menu the Quality of Service to be applied to this Account. Note: Only QOS entered into to the Grade Of Service are available. ESSION ARAMETERS This allows additional restrictions to be added to an individual Quality of...
  • Page 47 MAXIMUM LIFETIME To insert an alternative [click] on the window and Type {Time in Seconds}. RESERVED CHANNELS To insert an alternative, [click] on the window and Type {Number of Channels}. USAGE LIMIT To insert a period [click] on the window and Type {Time in Hours}. To Select the period of measurement, [click] on the drop-down menu and [click] the required choice from: Week...

  • Page 48: Accounting

    CCOUNTING [Click] on the option required:- STANDARD PERIODIC Note: having Configured Nautica RADIUS SAVE the Configuration. 2-30 Standard Accounting is by Start Call, Start Session, End Call, End Session. This category allows the accounting of leased line services on a periodic basis, rather than a call basis.

  • Page 49: Radius Server

    The RADIUS Server program provides the real time Authentication and Accounting functions described in Chapter 1. All Incoming and Outgoing connection requests to or from the main Network are directed to the RADIUS Server via the NAS Router. Consequently connections will only be vetted when the RADIUS Server is up and running.

  • Page 50: File

    To access the File form [click] on the File/Configure menu. This will allow the configuration of RADIUS Server Settings. RADIUS S ERVER ETTINGS LOCAL FILE SHARED FILE DATABASE FILE FORMAT ASCII Optimised 2-32 This is the configuration file of the NAS clients and users.
  • Page 51 Note: Both Files are loaded and viewed as one file by Nautica RADIUS when Authenticating and Authorising access. Where distributed RADIUS systems are used, the Shared File may be on a central RADIUS system to provide for mobile users requiring occasional access from remote parts of the network.
  • Page 52 this variable defines how the day of the week is displayed, a minus sign (-) forces left justification, the number before the decimal point is the minimum string length with the maximum following the decimal point. this variable outputs the date in U.S. format (mmdd). this variable outputs the time in hhmm format.
  • Page 53 Midnight Sunday Midnight Note: The frequency of Account collection should be set in relation to the level of network activity, the location of the Nautica RADIUS Server compared with the Account processor and the importance of accounting integrity. This details the frequency of delivery of Account information to an external device.

  • Page 54: Event Log

    VENT This details each event in the history of the Nautica RADIUS operation. There are few options to configure as this device is an aid to diagnosis of problems, and a means of directly observing access activity. [Click] on “Eventlog” and select from the menu:...

  • Page 55: Status

    [Double clicking] the top line of the screen will refresh all items in the display from the Local Database. [Double click] the Device to refresh the selected item with information currently held in the RADIUS Client. Ports In Use Res’d...

  • Page 56: Qos Status

    QOS S TATUS Service Res’d In Use Mn Ch Max Ch 2-38 This is the Quality of Service Name. This is the Name of the NAS using the QOS. This details how many channels are Reserved for that QOS. Details the number of Channels in Use. Details the Minimum number of channels allowed.

  • Page 57: Account Status

    CCOUNT TATUS This window shows the current status of Accounts connected through RADIUS, and is refreshed by [double clicking] the top line of the screen. Account NAS(IP Add) Res’d InUse The Account Name. The NAS IP Address that is being accessed by the Account.

  • Page 58: Account Allocation

    CCOUNT LLOCATION This window indicates the Accounts Logged on at any given time, and how much time each has left in their Account, and is refreshed by [double clicking] the top line of the screen. Allocated time can be increased by [double clicking] the appropriate Account. Account Time Remaining Next Refresh...

  • Page 59: Event Log Window

    An example of an Account Record is shown on the next page. The breakdown of the message format is also shown. The field values are listed below. Service Type: 2= Router. Authentication Method: 1=RADIUS, 2=Local. Record Type: 1=Open, 2=Close, 3=Session start, 4=Session stop, 5=Periodic. Port Type: 1=Ethernet, 2=WAN, 3=ISDN, 4=Frame Relay, 5=Modem.
  • Page 60 Protocol ID (in decimal) requesting connection: e.g. 2048==0x0800==IP. Date/Time in U.S. format recorded by RADIUS Server. Seconds waiting to send packet to Server from RADIUS Client. [ACC],07/31/96 10:58:22,0,WATFORD_CLAM,10.0.0.1,2,HQ_MARLIN,1, CC000008,1,3,CC000008CC000009,1,1,1,0,,0,0,0,0,0,01923123456, Connection ID (first half is Session ID). Port type. Record Type.
  • Page 61 Session ID (first 2 hex characters show the number of client start-ups). Example Event Log for an Incoming Connection. The remote user (Clam) is called WATFORD_CLAM the RADIUS Client(NAS)/Server is at HQ. Note: In the following paragraphs some lines have been wrapped in order to fit the page.
  • Page 62 [ACC],07/31/96 11:02:27,0,WATFORD_CLAM,10.0.0.1,2,HQ_MARLIN, 1,CC000008,4,0,CC0000080,0,0,0,0,,115,92,4,3,243, *Ten minutes later the session closes. The RADIUS server can optionally be configured to output the Event Log in the “Interpreted Comma Separated Variables” format. This restricts the amount of information given but is easier to read.
  • Page 63 EFERENCE [ACC],07/31/96 14:47:03,0,SessOpen,CC00000B,0,HQ_MARLIN (10.0.0.1),WATFORD_CLAM(),,,,, [ACC],07/31/96 14:47:03,0,ConnOpen,CC00000B,CC00000C, HQ_MARLIN(10.0.0.1),WATFORD_CLAM(01923123456),0,0,0,0,0 [ACC],07/31/96 14:47:24,0,ConnClose,CC00000B,CC00000C, HQ_MARLIN(10.0.0.1),WATFORD_CLAM(),20,36,37,1,1 [ROU],07/31/96 14:54:07,Route Setup (192.168.0.2): Best NAS = HQ_MARLIN, Requesting NAS = HQ_MARLIN, Account = WATFORD_CLAM [ACC],07/31/96 14:54:07,0,SessOpen,00000005,0, HQ_MARLIN(10.0.0.1.218.0.1),WATFORD_CLAM(),,,,, [SEC]Access-Request NAS=HQ_MARLIN Account=WATFORD_CLAM [SEC],07/31/96 14:54:09,Matched Nautica Key OK, WATFORD_CLAM [SEC],07/31/96 14:54:09,Access-Accept NAS=HQ_MARLIN, Account=WATFORD_CLAM,CLI=, t=18351 [ACC],07/31/96 14:54:09,0,ConnOpen,00000005,00000006,HQ_MARLIN (10.0.0.1),WATFORD_CLAM(123456),0,0,0,0,0...
  • Page 64 *We now attempt an outgoing connection via the user WATFORD_CLAM IP address 192.168.0.2:- [ROU],07/31/96 11:21:56,Route Setup (192.168.0.2): Best NAS = HQ_MARLIN, Requesting NAS = HQ_MARLIN, Account = WATFORD_CLAM *RADIUS has found a path to 192.168.0.2 via WATFORD_CLAM. [ACC],07/31/96 11:21:56,0,WATFORD_CLAM,10.0.0.1,2,HQ_MARLIN, 1,000000B4,3,0,000000B40,0,0, *The session has started. [SEC]Access-Request NAS=HQ_MARLIN Account=WATFORD_CLAM *The connection is being made.
  • Page 65 EFERENCE *End of connection. [ACC],07/31/96 11:25:02,0,WATFORD_CLAM,10.0.0.1,2, HQ_MARLIN,1,000000B4,4,0,000000B40,0,0,0,0,,108,107,4,4,183, *The session finishes. 2-47...
  • Page 66 EFERENCE 2-48...

  • Page 67: Chapter 3 - Tutorial

    The following scenarios are covered in this tutorial :- Remote Access from a CLAM to a Nautica NAS Remote Access from a Single PC User to a Nautica NAS Outgoing Call Security via RADIUS IP Connectivity IP Filtering via RADIUS...

  • Page 68: Overview Of Sample Test Network

    UTORIAL VERVIEW OF AMPLE ETWORK The following tutorial explains how to configure both the Routers and the RADIUS Security Server associated with the Network shown below.
  • Page 69 [255.0.0.0]. The main IP devices on the H.Q. LAN are a UNIX Host, with an IP address of 10.0.0.2, a RADIUS Server, with an IP address of 10.0.0.3, and a Nautica Marlin Router, with an IP address of 10.0.0.1. The Nautica Marlin Router provides access to the H.Q.

  • Page 70: Radius Configuration Tutorial

    UTORIAL The following tutorial assumes that neither the RADIUS Server or the RADIUS Manager programs have ever ran on the Windows 95 PC before. Please note that if the RADIUS Server and Manager programs are already running or have ever ran in the past you may only need to amend the existing RADIUS configuration to suit your new requirements.

  • Page 71: Radius Installation

    RADIUS I NSTALLATION If the RADIUS server is up and running skip this section and move onto the “RADIUS Configuration” section. The RADIUS Server and the RADIUS Manager suite of programs is provided on two 3.5" Floppy Disks. These are labelled “Disk 1”...

  • Page 72: Configuration Procedure

    Step 1 Configuration of the RADIUS Server. The NAS Type configuration relates to the Hardware capabilities of the NAS Router. NAS Units allow specific configuration parameters to be assigned and associated with each NAS Unit, i.e.

  • Page 73: Radius Manager Configuration

    ONFIGURATION The file RADIUS.LST holds the information database that the RADIUS Server will use to Authenticate Users. To start the RADIUS Server in default mode either delete this file, or if you want to keep the current configuration rename the file to something else.

  • Page 74: Configuring A Nas Unit

    Button. The “RADIUS Manager (RADIUS.LST)” window should now be displayed. Configuring a NAS unit. 1. If the RADIUS Manager Window is not already displayed on the screen [click] the RADIUS Manager Button on the Task Bar. 2. [Click] the NAS units Button on the RADIUS Manager Toolbar. The “Configured NAS units (RADIUS clients)”...
  • Page 75 NAS Router’s name [as configured in the Router’s System Parameters Form (obtained by typing CO SY<CR> on the command line)]. The “Name” configured here is used by the RADIUS Server Event Log to indicate which NAS Router the RADIUS Server is in communication with.

  • Page 76: Configuring The Quality Of Service (Qos) Option

    Button. The “RADIUS Manager (RADIUS.LST)” window should now be displayed. Configuring the Quality Of Service (QOS) Option 1. If the RADIUS Manager Window is not already displayed on the screen [click] the RADIUS Manager Button on the Task Bar. 3-10...
  • Page 77 2. [Click] the QOS Button on the RADIUS Manager Toolbar. The “Quality of Service” window should appear. 3. [Click] the ADD Button to add a new Grade of Service profile to the list, or select an existing Service and [click] the EDIT Button to edit the configuration of the Service Name selected.
  • Page 78 11. Set the minimum number of channels allowed by all Account Users during this Timeband (in the selected Grade of Service profile) by [double clicking] the “MinChannels” Box and entering the appropriate number of channels. Enter a value of 1 in the MinChannels Box. The number of channels reserved on the NAS Router, for the selected Grade of Service during this Timeband, is equal to the MinChannels value entered.
  • Page 79 For this tutorial we will assign multiple Timebands to the SILVER Grade of Service. To do this repeat sections 7) to 14) above each time an additional Timeband is to be added to the Grade of service. The additional Timeband information to be added is as follows :- Start Time 09:00...
  • Page 80 UTORIAL 15. Close the “Grade of Service” window by [clicking] the OK Button. Once you have completed the Grade of Service information submit the changes (by [clicking] the OK Button). The “Quality of Service” window should be as shown below. 3-14...

  • Page 81: Configuring The Accounts Option

    The “RADIUS Manager (RADIUS.LST)” window should now be displayed. Configuring the Accounts Option 1. If the RADIUS Manager Window is not already displayed on the screen [click] the RADIUS Manager Button on the Task Bar. 2. [Click] the Accounts Button on the RADIUS Manager Toolbar. The “Remote Accounts”...
  • Page 82 Inactivity timeout period, and he has not exceeded his Usage limits, he will have to go through the RADIUS Authentication process again. 6. [Click] the down-arrow on the right hand side of the Authentication Box. The options revealed are UserPassword, CHAPPassword or NoAuthentication.
  • Page 83 In this tutorial example it is assumed that ISDN line between the HQ and the Remote Clam at Watford has the CLI option enabled at both ends. 11. Enter the CLI assigned to the remote end of this Account User’s ISDN line.
  • Page 84 18. Close the “Multi-link Nautica Path” window by [clicking] the OK Button. The “Account Information” window should now be displayed. 19. [Click] the down-arrow on the right hand side of the IP Networking Box. The options revealed are Enabled and Disabled. Select “Enabled”. 20.
  • Page 85 24. To enter a Static IP Route [double click] the IP Address/Mask Box and enter the required IP address for the Static Route. In this instance enter 192.168.0.1/24. 25. [Click] the OK Button to submit the Static IP Route. The “IPPath” window should now be displayed.
  • Page 86 29. Close the “IPPath” window by [clicking] the OK Button. The “Account Information” window should now be displayed. 30. [Click] the down-arrow on the right hand side of the IPX Networking Box. The options revealed are Enabled and Disabled. Select “Enabled”. 31.
  • Page 87 34. [Click] the OK Button to submit the Static IPX Route. The “IPXPath” window should now be displayed. 35. To add an IPX Filter which is associated with the Account Users Path [click] the Add Button to the right of the IPX Filters Box. This will reveal the “IPX Net Filter”...
  • Page 88 The IPX SAP Filter works on a “Forward on Match” principle also. Anything that doesn’t match the IPX SAPs configured in the IPX SAP Filter table discarded before being passed onto the remote Account User. For more information on IPX SAP Filtering refer to the Marlin Router Reference Manual.
  • Page 89 The “IPXPath” window should now be exactly the same as that shown below. 42. Close the “IPXPath” window by [clicking] the OK Button. The “Account Information” window should now be displayed. 43. [Click] the down-arrow on the right hand side of the Outgoing Calls Box. The options revealed are Allowed and Disallowed.
  • Page 90 46. [Click] the Edit Button to the right of the Service Box. This will reveal “Session Parameters” window. 47. If you wish to alter the default Maximum (Session) Lifetime setting of 7200 seconds (2 hours) then [click] the Maximum Lifetime Box and enter the appropriate value.
  • Page 91 50. [Click] the OK Button to submit the Session Parameters. The “Account Information” window should now be displayed. 51. [Click] the down-arrow on the right hand side of the Accounting Box. The options revealed are Standard or Periodic. For this example select “Standard”.
  • Page 92 UTORIAL The “Account Information” window should now be exactly the same as that shown at the top of the next page. 3-26...
  • Page 93 53. [Click] the OK Button to submit the Account Information. The “Remote Accounts” window should now be displayed as shown below. 54. [Click] the SAVE Button to save all changes made to the Remote Account profiles. 55. [Click] the ADD Button to add a new Account profile to the list, or select an existing Account and [click] the EDIT Button to edit the configuration of the Account Name selected.
  • Page 94 59. Select the Password Box by [clicking] it. Enter CHAPPC in the Password Box. 60. [Click] the down-arrow on the right hand side of the Address Assignment Box. The options revealed are DontCare, NASSelects and Specific. Select “NASSelects”. 61. Leave the Address Box blank. 62.
  • Page 95 If the roving PC User has the ability to use Multlink PPP (RFC 1717) then the Ma. Multi_link ports option can be set to 2. If additional bandwidth on demand is required the Outgoing Call Parameters must be set accordingly. The “Multi-link PPP Path”...
  • Page 96 74. Leave the Static IP Route table Blank. No Static Routes are as the roving PC User is part of the main HQ IP Network. 75. To add an IP Filter which is associated with the roving PC Account Users Path [click] the Add Button to the right of the IP Filters Box.
  • Page 97 78. Close the “IPPath” window by [clicking] the OK Button. The “Account Information” window should now be displayed. 79. [Click] the down-arrow on the right hand side of the IPX Networking Box. The options revealed are Enabled and Disabled. Select “Disabled”. 80.
  • Page 98 necessarily be the case. Any Account User can use any predefined Quality of Service profile. 82. [Click] the Edit Button to the right of the Service Box. This will reveal “Session Parameters” window. 83. Leave the Maximum (Session) Lifetime value at its default setting of 7200 seconds.
  • Page 99 UTORIAL The “Session Parameters” window should now be exactly the same as that shown below. 87. [Click] the OK Button to submit the Session Parameters. The “Account Information” window should now be displayed. 88. Set the Accounting option to “Standard”. 89.
  • Page 100 Accounts” window should now be displayed as shown below. 91. [Click] the Save Button to save all changes made to the Remote Account profiles. 92. [Click] the Close Button to submit the Remote Accounts information. The “RADIUS Manager (RADIUS.LST)” window should now be displayed. 3-34...
  • Page 101 RADIUS Server Window is not already displayed on the screen [click] the “RADIU_S” Button on the Task Bar. All connection/disconnection information is shown in the lower of the two windows on the RADIUS Server display. The top window is used to show the current QOS Status, Device Status, Account Status and the Account Allocation of the RADIUS Server.
  • Page 102 ONFIGURING THE The following section assumes that the Marlin has not been previously configured, and boots up in the Default state when power is applied. If at any stage the stated result does not occur reference should be made to the relevant sections of either the Marlin Router Reference Manual or the Marlin Installation Guide.
  • Page 103 5. Plug the power lead into the Marlin. The front panel display of the Marlin should alternately display the unit name of “NoConfig” and an IP Address of “1.1.1.1” then the Tx and Rx activity on the local LAN. 6. Hit any key on the VT 100 Terminal, or on the PC keyboard. The “Enter Password”...
  • Page 104 16. Submit the changes by pressing Control E (i.e. the “Ctrl” Key and the E Key together). The Main Menu should now be displayed. The message “Please use the Save command” will also appear in the middle of the fifth line up from the bottom of the screen.
  • Page 105 23. Submit the changes by pressing Control E. The Main Menu should now be displayed. The message “Please use the Save command” will also appear in the middle of the fifth line up from the bottom of the screen. 24. Type SAVE<CR> at the Command Line prompt. The word SAVE will disappear after a few seconds and the message “Please use the save command”...
  • Page 106 As can be seen from “Configure Paths Menu” above the only Path (destination) the Marlin Router knows about is its local LAN (LAN01). This is because the RADIUS Server creates and deletes the relevant remote Account User path information as and when a connection is requested to or from (as is configured in the Account User profile) the remote Account User.
  • Page 107 The “RADIUS Configuration Parameters” form should now be exactly the same as that shown below. 36. Submit the changes by pressing Control E. The Main Menu should now be displayed. The message “Please use the Save command” will also appear in the middle of the fifth line up from the bottom of the screen.
  • Page 108 Network 192.168.0.0/24 will be again sent to the RADIUS Server. The RADIUS Server will then again decide if the outgoing is to be allowed or not, as before.
  • Page 109 49. Change the Ticks parameter from “1” to 14. 50. Change the Path parameter from “LAN01” to “VirtualPath”. A Static IPX Route to the RADIUS Server has now been configured. The operation described above for IP packets is now repeated but IPX Network Address’...
  • Page 110 UTORIAL Initially the “Configure IPX Routes Menu” table will only hold two entries, one for the local IPX Network (00B0BB1E) and one for the remote office IPX Network (00DADD1E) via the Path “VirtualPath”. But as the Novell Server on the HQ Backbone LAN transmits its IPX RIP broadcasts the IPX Networks learned via the broadcasts will be added to the table.
  • Page 111 Incoming PPP calls to a Router use the PPP Profile configured on the port the calls comes in on. Therefore it is necessary to set up the PPP Profile on all the ISDN ports to suit that of the Roving User. ISDN ports which have been allocated the same Telephone number must use the same PPP Profile.
  • Page 112 57. Type SAVE<CR> at the Command Line prompt. The word SAVE will disappear after a few seconds and the message “Please use the save command” will also disappear. 58. If further ISDN devices are to be configured then repeat steps 53) to 57) as appropriate.
  • Page 113 UTORIAL Configure IPX Routes Menu Note no change to this screen from that shown previously. Configure IP Routes Menu 3-47...
  • Page 114 The RADIUS Server Log File for the case when both remote units have successfully dialled in should be similar to the following :- [SEC]Access-Request NAS=HQ_MARLIN Account=WATFORD_CLAM [SEC],08/01/96 11:34:55,Matched Nautica Key OK,WATFORD_CLAM [SEC].08/01/96 11:34:55,Access-Accept NAS=HQ_MARLIN, Account=WATFORD_CLAM,CLI=01923123456, t=23106 [ACC],08/01/96 11:13:34:55,0,WATFORD_CLAM,10.0.0.1,2, HQ_MARLIN,1,00000009,3,0,000000090,1,0, [ACC],08/01/96 11:34:55,0,WATFOED_CLAM,10.0.0.1,2...

  • Page 115: Configuring The Clam Router At The Remote Office

    CLAM R ONFIGURING THE The following section assumes that the CLAM has not been previously configured, and boots up in the Default state when power is applied. If at any stage the stated result does not occur reference should be made to the relevant sections of either the CLAM Router Reference Manual or the CLAM Router Installation Guide.
  • Page 116 If the CLAM has a voice port then connect a telephone to the voice socket, via the RJ45 to RJ11 adapter if required. Plug the power lead into the CLAM. The LED on the top of the unit should be in the “Continuous - Green” state. Hit any key on the VT 100 Terminal, or on the PC keyboard.
  • Page 117 14. Submit the changes by pressing Control E (i.e. the “Ctrl” Key and the E Key together). The Main Menu should now be displayed. The message “Please use the Save command” will also appear in the middle of the fifth line up from the bottom of the screen.
  • Page 118 IPX Network and the IPX Network Address must be entered manually in the LAN01 Path manually. The “Update Path Form” should now be exactly the same as that shown below. 21. Submit the changes by pressing Control E. The Main Menu should now be displayed.
  • Page 119 25. Add the ISDN number(s) allocated to the PRI line connected to the Marlin at HQ. For this tutorial enter the number 01712469753 to the ISDN01 parameter field. 26. Change the SecureKey (EncrypionKey on V1 and V2) parameter from “0” to 123. 27.
  • Page 120 The “Configure Paths Menu” should now be exactly the same as that shown be at the top of the next page. 30. Type CO IP<CR> at the Command Line prompt. The “Configure IP Routes Menu” should now be displayed with the IP Route with Id equal to 1 highlighted.
  • Page 121 35. Type SAVE<CR> at the Command Line prompt. The word SAVE will disappear after a few seconds and the message “Please use the save command” will also disappear. The “Configure IP Routes Menu” should now be exactly the same as that shown below.
  • Page 122 The CLAM will now only allow calls to be made to IPX host address’ on the IPX Networks stored in its IPX Routing table. In reality this means that outgoing calls will only be made to anything connected to Network 00FE0691, in this case the Accounts program running on the Novell Server.

  • Page 123: Configuring The Roving User's P.c

    ONFIGURING THE OVING The following section assumes that the Windows 95 PC has had its TA card and associated drivers etc. installed correctly. [Double click] the “My Computer” icon. The “My Computer” window should appear. [Double click] the “Dial-Up Networking” icon. The “Dial-Up Networking”...
  • Page 124 11. Set the “Use FIFO Buffers”, the “Receive Buffer (Length)” and the Transmit Buffer (Length)” as appropriate. 12. [Click] the OK Button on the “Advanced Port Settings” sheet. The “[Selected Modem] Properties” sheet should now be displayed. 13. [Click] the Advanced Button on the “Connection” page. The “Advanced Connection Settings”...
  • Page 125 25. The “HQ_MARLIN” sheet should now be displayed as shown below. ISDN Terminal Adapter 26. Check the details in the various boxes are as required. 27. [Click] the Configure Button. 28. Check the details on the General, Connection and Options pages of the “[Selected Modem] Properties”...
  • Page 126 32. [Click] the “TCP/IP Settings” button. The “TCP/IP Settings” sheet should appear. 33. Select the options as appropriate. In this example select “Server assigned IP address”, “Server assigned name sever addresses” and “Use default gateway on remote network”. The “TCP/IP Settings” sheet should be the same as that displayed below.
  • Page 127 34. [Click] the OK Button on the “TCP/IP Settings” sheet. The “Server Types” sheet should now be displayed. 35. [Click] the OK Button on the “Server Types” sheet. The “HQ_MARLIN” sheet should now be displayed. 36. [Click] the OK Button on the “HQ_MARLIN” sheet. The “Dial-Up Networking”...
  • Page 128 UTORIAL 42. Check the details in the various boxes are as required. 43. [Click] the OK Button on the “Dialing Properties” sheet. The “Connect To” sheet should now be displayed. 44. [Click] the Connect Button. If everything has been setup correctly you should now be able to successfully connect to the HQ Backbone Network via the Nautica Router HQ_MARLIN.
  • Page 129 UTORIAL 3-63...
  • Page 130 UTORIAL 3-64...

This manual is also suitable for:

Nautica radius

Table of Contents