Page 1
TUT Systems SMS2000 User Guide TUT Systems, Inc Page 1 of 104 P/N 220-06288-20...
Page 2
This publication and the information herein is furnished AS IS, is subject to change without notice, and should not be construed as a commitment by Tut Systems. Tut Systems assumes no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind (expressed, implied, or statutory) with respect to this publication, and expressly disclaims any and all warranties of merchantability, fitness for particular purposes, and noninfringement of third-party rights.
Accessing Help for Commands ... 17 Cursor Movement ... 18 Chapter 3 - Initial Configuration ... 19 Establishing a Connection with the SMS2000... 19 Establishing a Connection Via a Serial Interface... 19 Establishing a Connection Via Telnet... 20 Initial Configuration ... 22 Changing Your Password ...
Page 5
Setting the ARP Failure Limit ... 41 Setting the ARP Polling Period... 41 Upgrades... 41 Upgrading from Tut Systems’ Website... 42 Downloading the SMS2000 Firmware from the Tut Systems' Website... 42 TUT Systems, Inc Page 5 of 104 P/N 220-06288-20...
Page 6
Archiving SMS2000 Firmware and distributing it from a Server... 42 Verifying a Successful Upgrade ... 43 Returning to an Older Firmware Version... 43 Loading Another Image ... 43 Chapter 5 - Authentication ... 45 Authentication ... 45 Configuring the Command Server... 46 Setting the Command Server for OCS Interaction...
Page 7
Adding Routes ... 75 Chapter 12 - Printing... 76 Setting up the LPR Host ... 76 Chapter 13 - Using SMS2000 with a RADIUS Server... 77 Configuring RADIUS ... 77 Obtaining the RADIUS Server Software ... 77 TUT Systems, Inc...
Page 8
Adding the SMS2000 as a Client on the RADIUS Server ... 78 Adding Users to the RADIUS Server ... 78 Configuring Service Parameters ... 78 Using Real IP Addresses... 79 RADIUS Ports ... 79 SMS2000 NAS File ... 80 SMS2000 Status Attributes and Statistics... 80 RADIUS Attributes Sent in Accounting Messages...
Preface This guides in this series provide detailed information and procedures that will allow you to communicate and interface with your SMS2000 and OCS products, complete basic system and network configuration, and manage your systems using system administration tools. For further information, use the release notes, frequently asked questions (FAQs), product and technology overviews, and troubleshooting tips in the support area of Tut Systems’...
Protocol (IP) based services to subscribers. The SMS2000 delivers powerful subscriber management features to service providers. The SMS2000 allows almost any type of in-building network infrastructure to be transformed into a robust public network, dramatically reducing configuration headaches, minimizing undesirable interactions between subscribers, and allowing the service provider to deliver a flexible suite of IP services over a common infrastructure.
Page 12
• IP multicast—Multimedia content can be delivered to subscribers. By using IGMP snooping, the SMS2000 facilitates multicast delivery. • PPTP passthrough—Point-to-point tunneling protocol can be used by subscribers even if the subscriber’s IP address is shared via NAT.
Introduction Subscriber Management Components The SMS2000 can interact with a number of external software and hardware components. Figure 1-1 shows the subscriber management components, which are described in SMS2000 Tutorials. Figure 1-1 Subscriber Management Components TUT Systems, Inc Page 13 of 104...
Introduction SMS2000 The SMS2000 consists of hardware and embedded software generally placed on a property to control public network access. The SMS2000 handles packet switching functions, traffic shaping, and address translations for a single property. The SMS2000 has a very small internal configuration database and stores no permanent data about users, policies, or billing information.
Page 15
Provides service offerings that are configurable by properties, room types, and rooms. • Is completely service provider customizable and brandable. The SMS2000 and OCS do not have to be connected to the same network. They can communicate with each other over the Internet. TUT Systems, Inc Page 15 of 104...
The command line interface (CLI) allows you configure your SMS2000 system. The interface looks the same whether you are communicating with the SMS2000 through the console port, a modem, or a telnet connection. Listed below are other things to consider when using the SMS2000 CLI: •...
Courier plain shows an example of information displayed on the screen. Boldface courier shows an example of information you must type. For example: sms2000% port-definition tut Ranges of numbers are separated by a dash (1 — 7). Slash separators, with no spaces are used in some commands,...
The command keystrokes are used to move the cursor around on the command line and within the command history buffer. The arrow keys can also be used for cursor movement. Navigation and cursor movement for the SMS2000 system is described in Table 2-2. Table 2-2 Cursor Motion Keystrokes Keystroke...
HyperTerminal folder. 5. Click the HyperTerminal icon. The Connection Description dialog box displays. 6. Enter a name (for example, SMS2000) and select an icon for the connection, then click OK. The Connect To dialog box displays. 7. Select Connect Using Direct to COM 1 or 2 (the COM port on this PC).
Perform the following steps to log on to the SMS2000: 1. Power up the SMS2000 when the system is finished rebooting (1 to 5 minutes). You will hear three consecutive beeps when ready. 2. From the Hyperterm Call menu, select Connect.
Page 21
Initial Configuration If you have not already done so, connect the PC to the SMS2000 subscriber port, by plugging one end of a cross-over Ethernet cable into the Ethernet port on the PC and the other end into the subscriber port on the back of the SMS2000.
Verify connectivity. Step 7 For advanced configuration information, see the SMS2000 User’s Guide. For information on using OCS with the SMS2000, see the OCS User’s Guide. Changing Your Password You are encouraged to change the initial configuration password, “manager,” after your initial login to the SMS2000.
Use the set hostname command to immediately change the host name at the command prompt. SMS2000 uses the specified host name when communicating with the OCS and as the SMS2000 command prompt. Each SMS2000 in a network should have a unique host name.
5. Press CTRL-C to stop the pinging. If the SMS2000 cannot ping these sites, try to ping a known external IP Address, check your configuration and the local network to verify that you have connectivity to the Internet.
[SMTPserver] For example, to configure the SMS2000 to send an e-mail with the new configuration file attached to ted@smith.com, using smith.com as the e-mail server, type: sms2000% set config-mail ted@smith.com mail.smith.com...
SMS2000 uses the server last configured with set config-mail. Once connected, the SMS2000 sends an e-mail message to the specified (or default - if none is entered) recipient. The message includes a brief explanation of why it was sent with the SMS2000 configuration file attached.
Some commands cannot be committed without saving and rebooting. Note: When one of these commands is issued, the SMS2000 displays a warning to the system administrator and disables the automatic commitment of commands. You can determine the state of the autocommit feature by checking its Note: value at the bottom of the show config screen.
Loading a Configuration File The command load config can be used for system recovery. If a SMS2000 fails and you have saved the old configuration file to an external server, you can use the set quick- config command to get the SMS2000 up and running and load config to restore the complete old configuration file.
It is recommended that you use a local SMTP server. For example, if you have a computer with an IP address in the same subnet as the SMS2000 that can send e-mail, use the SMTP server configured for your e-mail program.
SMS2000 with the true time. Using an NTP server ensures that the SMS2000 accurately time stamps data to other servers, such as syslog. If an NTP server is not configured, the SMS2000 (like many other devices) may experience clock drift and you may later need to reset the time.
The command set time changes the hardware clock on the SMS2000. Unlike other commands, set time changes the SMS2000 clock immediately. However, this change takes effect on the SMS2000 only after you reboot the system. This means that the set time function cannot be undone by exiting without saving.
SNMP server(s) for the location of a device with the specified MAC address. To test if the SMS2000 can perform an SNMP poll of the Expresso GS/MDU Chassis and MDU Lites that were last configured and saved, use this command: snmp-poll mac_address This example polls for a subscriber with the specified MAC address.
System Administration sms2000% delete snmp-poll 192.168.254.211 Connectivity and Testing Traceroute To use a standard network application that tracks the path a packet follows to arrive at a specified network destination, use this command: traceroute {ip_address|hostname} This example shows how traceroute is used for internal network verification.
Altering this setting is normally not necessary, even when using VLAN Note: switches in conjunction with Expresso GS/MDU Chassis or MDU Lites. To configure the type of addressing information used by the SMS2000 to identify unique subscriber ports, use this command: port-definition {mixed | tut | vlan}...
For example, to set port 800 to a static port with IP address 192.168.254.244 and subnet mask 255.255.255.255, type: sms2000% set port 800 static 192.168.254.224 Disconnecting a Session on a Port To disconnect a session on a port, use this command:...
Use the exit command to exit a management session. If you are using telnet, SMS2000 terminates the connection. If you have made configuration changes during the session, SMS2000 prompts you to save the unsaved changes, if you do not save them, the changes are lost. To exit the management session, use this command...
For example, to reboot the system, type: sms2000% reboot Changing a Password Use the password command to prevent unauthorized users from accessing the SMS2000. A bad password can dramatically reduce the system security of the Note: SMS2000. Please follow general password guidelines by including alpha, numeric, and other printable characters in a password that is at least seven characters long.
SNMP System Location To specify the SNMP System Location, type: snmp system-location system-location-string For example, SMS2000% snmp system-location “Basement 123 Any St, New York, NY 10001 USA” Note: Place the system location in quotes if it includes spaces TUT Systems, Inc...
{rw | ro} For example, to create a public community without restrictions: SMS2000% snmp add community public 0.0.0.0 Or, to limit the access to a particular Management IP address: SMS2000% snmp add community donttell 10.240.1.50...
Tut Systems’ Customer Support e-mail address: support@tutsys.com. To e-mail the status of the system to a specified address when SMS2000 has a fatal error, use this command: dump-info {recipient_@_server [recipient_server] | off} For example, to configure the e-mail address of Tut Systems’...
Subscriber Connectivity Commands Setting the ARP Failure Limit The SMS2000 periodically sends an unsolicited ARP request to clients from whom it has not received network traffic for a certain period of time. If a device does not respond to the specified number of requests, the SMS2000 assumes that it has been disconnected and closes the session with the device.
The complete URL for the latest build is on the Tut Systems web site. Note: 7. Log in to the SMS2000 and type in the load sys command that you obtained from the Tut Systems website. Downloading the SMS2000 Firmware from the Tut Systems' Website 1.
Representative. Returning to an Older Firmware Version The SMS2000 stores two firmware images. If the newer firmware image fails to start, the SMS2000 automatically boots from the older image. You can force the SMS2000 to boot the older image using the load sys command.
Page 44
System Administration new firmware because the SMS2000 will not boot the older firmware, it will continue to fail to boot the newer firmware upon each subsequent boot attempt. Always download the newer firmware again in the event of upgrade problems.
Authentication is the process of verifying the identity of a subscriber. Authentication The SMS2000 is capable of performing authentication by using an external server (OCS or RADIUS). For more information on using the OCS for authentication, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.”...
URL in the SMS2000 for network access. You can also configure the authentication server as a command server by entering the cmd-serv option of auth add web. This is required for the OCS.
For this example, the SMS2000 will be configured to authenticate using the OCS server at 192.168.254.249. The shared secret donttell will be used for mutual authentication between the SMS2000 and the OCS. The OCS is treated as a command server by periodically sending it requests for commands. Type: sms2000% auth add web http://192.168.254.249/pp/welcome.php3...
[forcedweb authok_url [blockall]] For example, to disable authentication for the current group, but send subscribers to the tutsys.com page, type: sms2000% auth off forcedweb http://www.tutsys.com Setting the Authentication Interval This is only used when authentication is turned off for the group and Note: forced web is enabled.
10 requests, and with requests available to that session at one request per second, use: sms2000% set http-request-throttle 10 1 If the subscriber generates 11 HTTP requests in less than one second, it is ignored. After using all available requests, only 1 request per second is handled and additional requests are ignored.
With the following DNS entries: www.notarealserver.com 192.168.1.1 dynamic.notasyndicate.com 192.168.254.254 The Internet service provider would then configure the SMS2000 as follows: 1. Set an allow-net for the first DNS server. sms2000% set allow-net 192.168.1.1 sms2000% set allow-net notarealserver.com 2. Set an allow-net for the second DNS server.
To set the URL used for network access after successful authentication, use this command: set authok url For example, to redirect subscribers to the Tut Systems home page after successful authentication or when subscribers use theirWeb browser for the first time if authentication is off, type: set authok http://www.tutsys.com...
Use the auth add radius command to configure a RADIUS server as the authentication server for the current group. When a subscriber connects to the SMS2000, he is automatically redirected to a login page, which requires a user name and password. This information is sent to the configured RADIUS server.
Page 53
• Authenticate the SMS2000 with the RADIUS server. • Verify responses returned from the RADIUS server to the SMS2000. The auth add radius command does not automatically assume that the Note: same RADIUS server (with the same name and secret) is used for accounting, you must configure it with these settings using the acct add command.
Page 54
Usage Guidelines Note Select a shared secret as you would a password. Example This example configures the SMS2000 to authenticate subscribers in the current group using the RADIUS server at 192.168.254.249. sms2000% auth add radius 192.168.254.249 secret donttell retrans=3 retrans-primary-only=1 timeout=10 deadtime=5...
Example This example displays the status of RADIUS servers on the system: sms2000% show status radius Testing Authentication on the RADIUS Server To test a RADIUS authentication server by querying the currently configured server, use...
Authorization entails determining if a particular user has permission to use a service. Authorization The SMS2000 is capable of performing authorization by using an external server (OCS or RADIUS) or by using onboard groups and rules. For details about using the OCS for Authorization, see the OCS User’s Guide.
Accounting entails the reporting of network resource usage. Accounting The SMS2000 is capable of performing accounting by using an external server (OCS, RADIUS, or Syslog). For more information on using the OCS for accounting, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.”...
RADIUS accounting can be configured to track the usage of subscribers, including time on, time off, and bandwidth used. To configure SMS2000 to send accounting messages to the specified RADIUS server, use this command: acct add radius radius_server secret secret For example, to add 192.168.254.249 as a RADIUS accounting server, type:...
Provisioning Chapter 8 - Provisioning The SMS2000 is capable of performing provisioning by using an external server (OCS or RADIUS) or internally using groups and rules. For more information on using the OCS to provision the SMS2000, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.”...
Billing is charging the subscriber money for using the service. Billing The SMS2000 is capable of performing billing by using an external server (OCS or RADIUS). For more information on using the OCS for billing, see the OCS User’s Guide.
Chapter 10 - Service Creation Using Groups and Rules Groups are created on the SMS2000 in order to provide an easier way to manage multiple subscribers. Subscribers are placed into groups according to a set of rules. Rules may be configured directly on the SMS2000 through the command line interface or, more typically, are generated automatically by the OCS and downloaded to the SMS2000.
Subscribers who must never be authenticated (such as Web servers) can be configured in one of the following ways: • Statically in the SMS2000 using the set port command. • Dynamically in the OCS using a static IP address service.
Service Creation Using Groups and Rules SMS2000 Rules The SMS2000 includes a mechanism called rules. Managers can use the rules directly to create configurations which are specific to their environment. Most configuration attributes for the SMS2000, including traffic shaping and subscriber ID information, are applied to groups.
MAC address 00:11:22:33:44:55. mac=00:11:22:*:*:* matches any unique computer/card with a MAC address whose first 3 digits are 00:11:22. For example, 00:11:22:33:44:55, or 00:11:22:FF:3D:09, or 00:11:22:DE:AD:BF. TUT Systems, Inc Page 65 of 104 P/N 220-06288-20...
VLAN When using a VLAN switch as a wiring solution, each VLAN effectively is treated as a “room,” similar to the “snmp-info” used with Tut Systems equipment (e.g., an MDU Lite or Expresso GS/MDU Chassis). Managers can write rules that affect one or many VLANs:...
Each rule has a numeric priority; the smaller the number, the greater the priority. When assigning a group to a new session, the SMS2000 first looks at all rules with priority 1. If it finds any matching rule, it stops and uses the group for that rule. If it does not find any matching rule, it goes on to rules with priority 2, and so on.
The SMS2000, unlike most network devices, can treat every client attached to the subscriber side of the network as if it were on a separate LAN. The SMS2000 can do this for all types of subscriber media, including Expresso GS/MDU Chassis and associated HomeRun, LongRun or EoVDSL line cards, MDU Lite, Ethernet, VLAN Ethernet, and wireless.
Ethernet side, if the subscriber media pass broadcasts between clients. The SMS2000 always responds to client DHCP requests. The SMS2000 can also respond with an IP address from a configured DHCP pool. If that pool is out of IP addresses, the SMS2000 will revert to using NATed addresses.
If the subscribers are on VLAN switches, the SMS2000 sends the query as a broadcast to each of the active VLANs. By snooping the response from subscribers, the SMS2000 tracks whether each individual client is requesting a multicast stream.
For example, to set a control-net network, type: sms2000% control-net 192.168.20.100 192.168.20.100 255.255.255.255 For example, to delete a control-net network, type: sms2000% control-net delete 192.168.20.100 192.168.20.100 255.255.255.255 Understanding 1to1 and 1to1 Unique IP Types Ip types 1to1 and 1to1 unique are helpful in responding to Digital...
Source nets are only used with IP types 1 to 1 and 1 to 1 unique. Note: The command set source-net configures a source-net. A source-net is a SMS2000 configured subnet to which subscriber connections are mapped when using the 1 to 1 and 1 to 1 unique IP types.
Note: separators). Setting the DNS Server Address DNS servers allow the SMS2000 to convert a name such as www.tutsystems.com to an IP address such as 208.186.133.55. You can configure multiple DNS servers by entering this command once for each server.
Static Routes Adding Routes The SMS2000 requires local routes for locally configured interfaces. Use set port to add these routes. The set port command can add a route while configuring the interface and setting up the port. Use the set port command to specify port types for all ports, set a port or a range of ports as static, dynamic, or disabled.
Printing Chapter 12 - Printing The Expresso Subscriber Management System (SMS2000) offers printing capabilities. Setting up the LPR Host To define the printing parameters, including the name of the LPR host and the maximum number of pages and bytes allowed per job, use this command: set lpr {hostname | off} [queuename maxpages maxbytes] For example, to set the printer host to the IP address 10.228.10.233, send all printing jobs...
Configuring RADIUS SMS2000 is designed to operate with standard RADIUS authorization and accounting services. SMS2000 contains a RADIUS client that functions as if the SMS2000 were a dial-in network access server. RADIUS authentication is an option instead of the OCS for network providers that already have RADIUS servers and databases.
Adding the SMS2000 as a Client on the RADIUS Server For the SMS2000 to be a RADIUS client, it must have an entry in your RADIUS server’s clients list. The location and format of this list is different for different RADIUS servers.
Framed-IP-Address = “18.181.0.29” Connect-Info = “3000000/1000000” When Postel connects to the SMS2000, he will initially be NAT-ed and redirected to the SMS2000’s RADIUS login page. After properly authenticating himself with his user name and password, the SMS2000 will check his PC’s IP address against the one returned via RADIUS.
SMS2000 NAS File While it is not required, a NAS file is available that allows your RADIUS server to decode some custom RADIUS accounting attributes from SMS2000. Please contact your Tut Systems representative for this file. SMS2000 Status Attributes and Statistics...
Using Both RADIUS and OCS Authentication Because the OCS in some ways manages the SMS2000, there can be only one OCS server configured on the SMS2000, and it must be for the default group. However, a RADIUS authentication server can be added to any group, and the OCS may be on or off for various groups.
The configuration parameters for traffic shaping that you set with the shape command apply to the active group. xbs is the maximum transmit rate (bits per second) from the SMS2000 to the subscriber. rbs is the maximum receive rate (bits per second) allowed for the subscriber.
Chapter 14 - SMS2000 and Property Management Systems (PMS) For hotels desiring PMS billing, the SMS2000 and the OCS can be configured to send billing records to the PMS. Both SMS2000 and the OCS are involved in PMS billing. The SMS2000 is physically connected to the PMS and handles the serial port line protocol to the PMS.
\n is the C program escape for LR (Line Feed), which is ASCII code 10 (0x0A). • SMS -> indicates that the SMS2000 sends this message. It is not a part of the message. The message format is based on the interface type. The format is slightly different for standard HOBIC as compared to GEAC.
The PMS has a limited time frame in which to respond with an ACK. The PMS may also NAK the message for any reason. It is treated as a transmission error and the message is sent again. After many tries, the SMS2000 gives up on this message and log it as an error in the OCS.
Tut Systems representative, or you may extract them using a web browser. By default, a set of web pages are created on the SMS2000 and presented to the user during authentication. These default pages can be left as is, or they can be customized for a particular property or group.
This directory is automatically given the same name as the active group. There is no need to reboot the SMS2000. When a new subscriber connects, the subscriber sees the new web page.
Instead they are placed in a separate directory which is created when the first customized page is loaded for the active group. For example, if a group called CUSTNAT is added to the SMS2000, and a customized web page is loaded for this group, a directory named CUSTNAT will be automatically created to hold customized web pages and images for this group.
Note: access without an authentication server. Configure the authfile.html without the form for the default group and point the SMS2000 to a bogus RADIUS server. Then use groups and rules to assign authorized subscribers to the other groups without authentication.
You are welcome to use this page when customizing your SMS2000. Active Page Components The SMS2000 has support for some limited active HTML components which are parsed and replaced before your web page is served. Some components should be used in pairs.
[off | on | on curl] This example loads the wpad.dat file onto the SMS2000 from the OCS server at IP address 10.228.10.233, then enables the wpad support. sms2000% load web http://10.228.10.233/wpad.dat...
Web Proxy Server Enable Proxy Server Support When enabled, the SMS2000 will autodetect proxy servers configured on subscribers. A subscriber may have a proxy server configured with any IP address, but the TCP port on which her proxy server is configured must be included in the set of ports configured on the SMS by the set proxy-ports command.
To add TCP ports to the set of TCP ports on which the SMS2000 listens for subscriber proxy connections, use this command: set proxy-ports [ port ]* For example, to add two ports to the set of TCP ports on which the SMS2000 listens for proxy server connections, type: sms2000% set proxy-ports 8080 3129...
SMS2000 Troubleshooting Chapter 17 - SMS2000 Troubleshooting SMS2000 Troubleshooting Procedures Table 17-3 provides valuable information for troubleshooting the SMS2000. Table 17-3 SMS2000 Troubleshooting Procedures Problem Area Network Connection: If communication problems exist between SMS2000 and the outside world (through the on-site router), verify the cabling is correct between the SMS2000 and the router.
Page 95
GS/MDU Chassis), verify that packets are being sent and received. Connect a PC directly to the subscriber port on the SMS2000 using a crossover cable. If using RADIUS, you can verify that it is operational by using the auth test command.
Page 96
SMS2000 Troubleshooting Problem Area Verify OCS screens off- line It is possible to reproduce the subscriber experience from any Web browser. This allows the custom screens from the OCS to be tested prior to deploying at a hotel TUT Systems, Inc...
Appendix Appendix A - RADIUS Access-Accept Dictionary File RADIUS Attributes in Access-Accept Packets The SMS2000 uses the attributes defined in the following dictionary file: #RADIUS #Remote Authentication Dial In User Service #Livingston Enterprises, Inc. #6920 Koll Center Parkway #Pleasanton, CA 94566 #Copyright 1992 Livingston Enterprises, Inc.
Tut Systems offers a comprehensive range of customer support services, including training, technical assistance, installation, and maintenance agreements. For further information and pricing on Tut Systems’ service products, see your sales representative. Internet You can find answers to the most common functionality, installation, and configuration questions on the Tut Systems website at http://www.tutsystems.com.
Tut Systems product documentation for a period of one (1) year from the date of shipment. Tut Systems will, at its option, either repair or replace products that prove to be defective. For warranty or repair, return this product to a service facility designated by the reseller in accordance with reseller instructions, which such instructions shall be in accordance with those set forth in Tut Systems Standard Terms and Conditions of Sale.
Telephone companies report that electrical surges, typically lightning transients, are very destructive to customer terminal equipment connected to AC power sources. Tut Systems, Inc., Customer Service Department Tut Systems, Inc. 5200 Franklin Drive Suite 100 Pleasanton, CA 94588 United States and Canada: Toll Free: (800) 998-4888.
Page 104
Appendix prior notice. Purchasers of Tut Systems’ products should make their own evaluation to determine the suitability of each product for their specific application. Tut Systems’ obligations regarding the use or application of its products shall be limited to those commitments to the purchaser set forth in its Standard Terms and Conditions of Sale for a delivered product.