Table of Contents
Advertisement
Chapter 4 - RASFinder Software
attributes or any other custom attributes on the Radius Security Server. The Enable RADIUS option
enables communication between the Radius server and the RASFinder. Enable Accounting option
activates the accounting features which allow the Radius server to track the number of bytes sent
and received, login and logout times, port number, etc. The Allow Call If Security Server Down
feature can be used when the Remote User Data Base Utility is used as a backup database to the
Radius security services. The Assign Remote Address Using RADIUS feature enables the Radius
server to take over the addressing scheme of the WAN ports on the RASFinder.
The Shared Secret is an entry that must be obtained from the Radius network administrator and must
be the same as is used on the Radius security server. The RADIUS Primary Server Address is the IP
address of the Radius security server and in our typical RAS application, this address is 192.168.2.6.
If one or more backup Radius servers are used in your network, then their IP addresses need to be
entered in the Backup Server Address 1, 2, and/or 3 fields.
The Attribute Values Group at the bottom of the Radius Setup dialog box needs to have the value for
each of the three attributes and two services filled in.
The three new attributes are vendor-specific attributes and may have to be added to the Radius
server dictionary. The first attribute is Callback-Delay with a value of 224. The Radius server is set up
with a delay time for calling back the remote user. The Roaming-Callback attribute has a value of 225.
This attribute specifies a telephone number of where a remote user can be called back if he/she is
not at their usual telephone number provided in their user profile. The remote user would have to give
that new phone number to the Radius network administrator so the RASFinder will know that the
remote user is at a different phone from the one in their user profile.
The Protocol Permissions Attribute has a value of 226 and the values associated with the attribute
are "1" for IP, "2" for IPX, and "3" for Spanning Tree.
The Inbound User Service Type Attribute has a value of "10" and an associated value of "6". This
attribute enables the remote user to have inbound access to the network only; in other words, this
attribute adds inbound access to the remote user's profile.
The Shell User Service Type Attribute has a value of "11" and also an associated value of "6".
After these new attributes are added to the Radius server and the user profile is established, a
remote user (in our typical RAS application with Radius, Remote User 1, for example) could call into
the RASFinder and identify themselves by their user name and password. Remote User 1, in our
typical application, can initiate a dialup session by entering their User name and password in the
Dial-Up Networking (My Connection) dialog box and the phone number of the WAN port on the
RASFinder that User 1 is going to be connected to. In this application, remote user 1 could dial 716-
5565 to connect to WAN port number one on the RASFinder.
At this point, Remote User 1 has access to the services on the LAN. For instance, if he/she wanted to
print a report, it could be sent to the printer and printed out as if Remote User 1 was on the local area
network.
MTASR3-200
36
Advertisement
Table of Contents
