Mac Authentication; Default User Idle Timeout - Colubris Networks CN3000 Administrator's Manual

Chapter 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Customizing CN3000 and customer settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 7
MAC The CN3000 can authenticate devices based on their MAC address. This is useful for
authenticating devices that do not have a web browser (cash registers, for example). It
authentication
can also be used to authenticate the CN300/CN320.
To make use of this feature you need to define a RADIUS user account for each device
as follows:
• username: Set this to the username you specified in the mac-address value string. If
• password: Set this to the password you specified in the mac-address value string. If
Important: The username and password are not encrypted for transmission so it is
important that the link with the RADIUS server is secure.
Colubris-AVPair value string
mac-address= address [, username [, password ]]
Where:
Example
Consider the scenario where several CN300/CN320s are installed with a CN3000. If the
CN300/CN320s are going to perform firmware upgrades from a remote web or FTP
server, they will need to log in to the public access network. By using MAC-based
authentication, this can easily be accomplished.
Default user idle Use this to set the default idle timeout for all customers whose RADIUS profile does not
contain a value for the RADIUS attribute idle-timeout .
timeout
Colubris-AVPair value string
default-user-idle-timeout= seconds
Where:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 160 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
no username is specified, set the account name to the MAC address of the device.
Use dashes to separate characters in the address. For example: 00-20-E0-6B-4B-44.
no password is specified, set this to the same password that is used for the user
account you defined for the CN3000 on the Security > Authentication page.
Parameter Description
Specify the MAC address of the device to authenticate. Use dashes
address
to separate characters in the address. Do not use colons (:). For
example: 00-20-E0-6B-4B-44.
Specify the username to associate with this MAC address.
username
Maximum 32 alphanumeric characters. The username field cannot
contain a comma.
Specify the password to associate with this MAC address.
password
Maximum 32 alphanumeric characters. The password field cannot
contain a comma.
Parameter Description
Specify the maximum amount of time a customer session can be
seconds
idle. Once this time expires, the session is automatically terminated.
A value of 0 means no timeout.