Colubris Networks CN3000 Administrator's Manual page 6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Table of Contents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Authentication advanced options .............................................................247
Client station settings ........................................................................247
Location-aware authentication ...........................................................248
Access controller shared secret .........................................................249
Access controller mode .....................................................................249
NOC authentication ............................................................................249
Access controller ports ......................................................................249
IPass settings ....................................................................................249
RADIUS profiles list .................................................................................250
RADIUS profiles.................................................................................250
RADIUS profile definition .........................................................................251
Profile name.......................................................................................251
RADIUS profile settings .....................................................................251
Primary RADIUS server .....................................................................252
Secondary RADIUS server .................................................................252
Firewall - Preset .......................................................................................253
Firewall - Custom .....................................................................................254
General settings .................................................................................254
Services .............................................................................................255
Stateful matching...............................................................................255
PPTP client ..............................................................................................256
Connection.........................................................................................256
Account..............................................................................................256
Network Address Translation (NAT) ...................................................257
IPSec policy list .......................................................................................258
IPSec security policy database...........................................................258
IPSec new policy......................................................................................259
Preconfigured settings.......................................................................259
General ..............................................................................................260
Peer ...................................................................................................261
Authentication method.......................................................................262
Security..............................................................................................262
Preconfigured settings.......................................................................263
Certificates ...............................................................................................264
[IPSec] Trusted CA certificates ..........................................................264
[IPSec] Manage CA certificates..........................................................265
[IPSec] Local certificate store ............................................................265
[IPSec] Manage local certificate.........................................................265
[IPSec] certificate revocation list .......................................................265
[IPSec] Manage certificate revocation list..........................................266
[SSL] Web Server Certificate .............................................................266
[SSL] View Web Server Certificate....................................................267
Users .......................................................................................................268
Local user list ....................................................................................268
Local config list........................................................................................269
Active attributes .................................................................................269
Local config attribute ...............................................................................270
Attribute .............................................................................................270
Access lists ........................................................................................270
Custom SSL certificate ......................................................................271
Configuration file ...............................................................................272
MAC authentication............................................................................272
Default user idle timeout ....................................................................273
Default user session timeout .............................................................273
Default user SMTP server ..................................................................274
Default user interim accounting update interval.................................274
Default user quotas............................................................................274
Default user idle timeout ....................................................................275
Default user SMTP server ..................................................................275
Default user session timeout .............................................................275
Default user one-to-one NAT..............................................................276
IPass login url....................................................................................276
Internal pages ....................................................................................276
External pages ...................................................................................277
Remote login page .............................................................................278
Placeholders ......................................................................................278
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOC authentication ............................................................................279
Management tool .....................................................................................280
Administrator authentication..............................................................280
Login override....................................................................................280
Web server.........................................................................................281
Security..............................................................................................281
SNMP ......................................................................................................282
Attributes ...........................................................................................282
Agent .................................................................................................283
Traps..................................................................................................283
Security..............................................................................................283
System time.............................................................................................284
System time.......................................................................................284
Satellites ..................................................................................................285
Satellites ............................................................................................285
Country ....................................................................................................286
Country ..............................................................................................286
Chapter 12
Building a cross-over cable
Wiring details...........................................................................................288
Chapter 13
The configuration file
Manually editing the config file ................................................................290
Retrieving/restoring the configuration file..........................................290
Configuration file structure ......................................................................291
Chapter 14
Sample setup - Backend software
Overview ..................................................................................................294
CAUTION............................................................................................294
Prerequisites......................................................................................294
Equipment setup......................................................................................295
Topology ............................................................................................295
About the components.......................................................................296
Step 1: Retrieve software .........................................................................297
Server 1 .............................................................................................297
Server 2 .............................................................................................297
Step 2: Install configure software on Server 1 .........................................298
Windows 2000...................................................................................298
Colubris backend archive ...................................................................298
Steel-Belted Radius............................................................................298
Apache ...............................................................................................299
Sample pages ....................................................................................300
PHP 4.2.3...........................................................................................301
MySQL...............................................................................................301
Configure the OBDC data source........................................................301
phpMyAdmin .....................................................................................303
Setting the path..................................................................................303
Start mysql ........................................................................................304
Test PHP ............................................................................................304
Create the sample RADIUS database .................................................304
Step 3: Configure Steel-Belted Radius on Server 1 ..................................305
Modify the default configuration files.................................................305
Start and connect to the server..........................................................305
Define a RAS client for the CN3000 ...................................................306
Create RADIUS profiles......................................................................308
Update the Steel-Belted Radius configuration....................................309
Step 4: Install web server certificates on Server 1 ...................................310
Install the public key certificate..........................................................310
Install the private key certificate.........................................................310
Verify the certificates .........................................................................310
287
289
293