Avaya Configuring RADIUS Manual do Utilizador

BayRS Version 14.00Part No. 308640-14.00 Rev 00September 19994401 Great America ParkwaySanta Clara, CA 95054Configuring RADIUS

308640-14.00 Rev 00xiPrefaceThis guide describes Remote Authentication Dial-In User Service (RADIUS) and what you do to start and customize RADIUS on

Configuring RADIUSxii308640-14.00 Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) Indicate that you ch

Preface308640-14.00 Rev 00xiiiAcronymsThis guide uses the following acronyms:separator ( > ) Shows menu paths. Example: Protocols > IP identifie

Configuring RADIUSxiv308640-14.00 Rev 00Hard-Copy Technical ManualsYou can print selected technical manuals and release notes free, directly from the

308640-14.00 Rev 001-1Chapter 1RADIUS OverviewRADIUS (Remote Authentication Dial-In User Service) enables Internet service providers (ISPs) to offer m

Configuring RADIUS1-2308640-14.00 Rev 00How RADIUS WorksAs networks grow to accommodate more users, network security and billing become more difficult

RADIUS Overview308640-14.00 Rev 001-3Figure 1-1 shows a sample network using RADIUS over a POTS (Plain Old Telephone Service) line and an ISDN (Integr

Configuring RADIUS1-4308640-14.00 Rev 00Configuring RADIUSTo configure the RADIUS server and client, follow these steps:1.Install the RADIUS server fi

RADIUS Overview308640-14.00 Rev 001-5Nortel Networks RADIUS ImplementationThe following Nortel Networks platforms can operate as RADIUS clients:• Acce

ii308640-14.00 Rev 00 Copyright © 1999 Nortel NetworksAll rights reserved. Printed in the USA. September 1999.The information in this document is subj

Configuring RADIUS1-6308640-14.00 Rev 00To enable RADIUS, you must specify the client’s Internet Protocol (IP) address. As the RADIUS client, the rout

RADIUS Overview308640-14.00 Rev 001-7Using RADIUS with Multilevel Access to the RouterSystem administrators and network operators can use RADIUS authe

Configuring RADIUS1-8308640-14.00 Rev 00Using RADIUS with a Dial ServiceTo use RADIUS authentication with a dial service, you must configure at least

RADIUS Overview308640-14.00 Rev 001-9Using RADIUS with Demand Circuit Groups (Site Manager only)When configuring a RADIUS client using Site Manager, S

Configuring RADIUS1-10308640-14.00 Rev 00Using RADIUS with IP UtilitiesTo use RADIUS authentication with an IP utility, you must configure the RADIUS

RADIUS Overview308640-14.00 Rev 001-11RADIUS AccountingYou configure RADIUS accounting on a slot-by-slot basis. Therefore, a call designated for a RAD

Configuring RADIUS1-12308640-14.00 Rev 00The unnumbered circuit interface eliminates the need for a unique circuit configuration for each remote user

RADIUS Overview308640-14.00 Rev 001-13Using RADIUS with a Dial ServiceTo use RADIUS accounting on the router, you must configure at least one of the t

Configuring RADIUS1-14308640-14.00 Rev 00Configuring a RADIUS ClientNortel Networks provides a script for configuring a RADIUS client on one, many, or

308640-14.00 Rev 002-1 Chapter 2Starting RADIUSRemote Authentication Dial-In User Service (RADIUS) defines a method of centralizing authentication and

308640-14.00 Rev 00iiiNortel Networks NA Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using t

Configuring RADIUS2-2308640-14.00 Rev 00Before You BeginBefore you enable RADIUS, do the following:1.Create and save a configuration file that has at

Starting RADIUS308640-14.00 Rev 002-3 Enabling RADIUSYou can use the BCC or Site Manager to enable RADIUS on the router. To help you visualize the con

Configuring RADIUS2-4308640-14.00 Rev 00Using the BCCTo enable RADIUS and configure the IP addresses for a RADIUS client and server:1.Start configurat

Starting RADIUS308640-14.00 Rev 002-5 Using Site ManagerUse the steps in the following sections to enable RADIUS on a router slot and configure the RA

Configuring RADIUS2-6308640-14.00 Rev 00Configure a RADIUS ServerUse the following steps to configure the IP address for a RADIUS server:6. Click on O

Starting RADIUS308640-14.00 Rev 002-7 Select a Protocol for RADIUS Authentication Use the following steps to select a protocol. Once you select a prot

Configuring RADIUS2-8308640-14.00 Rev 00Configuring Multiple RADIUS ClientsYou can use the script described in this section to configure a RADIUS clie

308640-14.00 Rev 003-1 Chapter 3Customizing the RADIUS Client ConfigurationThis chapter shows you how to change the parameter values to customize the

Configuring RADIUS3-2308640-14.00 Rev 00Using the BCCTo modify the RADIUS client’s IP address, navigate to the radius-client# prompt for the appropria

Customizing the RADIUS Client Configuration308640-14.00 Rev 003-3 Modifying the Authentication and Accounting ServicesThe default for both accounting

iv308640-14.00 Rev 004. Limitation of liability. IN NO EVENT WILL NORTEL NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY COST OF SUBSTITUTE PROCUREMENT;

Configuring RADIUS3-4308640-14.00 Rev 00To configure the RADIUS client to generate accounting requests for incoming calls only, navigate to the radiu

Customizing the RADIUS Client Configuration308640-14.00 Rev 003-5 Modifying the Protocol for RADIUS AuthenticationUse the following steps to modify th

Configuring RADIUS3-6308640-14.00 Rev 00Modifying the PPP Authentication ProtocolThe remote user identifies itself to the server using one of the PPP

Customizing the RADIUS Client Configuration308640-14.00 Rev 003-7 Removing RADIUS Authentication and AccountingYou can use either the BCC or Site Mana

Configuring RADIUS3-8308640-14.00 Rev 00Setting the Debug Message LevelThe debug message level determines how verbose the system is in reporting error

308640-14.00 Rev 004-1 Chapter 4Customizing the RADIUS Server ConfigurationThis chapter explains how to modify the RADIUS server configuration. The se

Configuring RADIUS4-2308640-14.00 Rev 00Modifying the Primary Server’s PasswordThe first server you configure is the primary server. You can have only

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-3 Modifying the Server ModeThe server mode tells the client how the server is configur

Configuring RADIUS4-4308640-14.00 Rev 00Designating Authentication and Accounting UDP PortsThe User Datagram Protocol (UDP) port is the logical port t

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-5 Using Site ManagerTo designate the UDP port numbers of the RADIUS server on which it

308640-14.00 Rev 00vContents PrefaceBefore You Begin ...

Configuring RADIUS4-6308640-14.00 Rev 00Modifying the Server Response TimeWhen the client sends an accounting or authentication request to the server,

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-7 Modifying the Number of Client Requests to the ServerYou can modify the number of ti

Configuring RADIUS4-8308640-14.00 Rev 00Using Site ManagerTo modify the number of client requests to the server:Site Manager ProcedureYou do this Syst

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-9 Configuring Alternate ServersIn addition to the primary server, you can configure on

Configuring RADIUS4-10308640-14.00 Rev 00Using Site ManagerTo configure an alternate server:Site Manager ProcedureYou do this System responds1. In the

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-11 Reconnecting to the Primary ServerWhen the primary server fails to respond to conne

Configuring RADIUS4-12308640-14.00 Rev 00Using Site ManagerTo try to reconnect to the primary server after a specified time period:Changing the Primar

Customizing the RADIUS Server Configuration308640-14.00 Rev 004-13 Using Site ManagerTo specify which server is the primary and which is the alternate

Configuring RADIUS4-14308640-14.00 Rev 00Removing a Server EntryYou can remove a server entry from the RADIUS configuration.Using the BCCTo remove a s

308640-14.00 Rev 00A-1Appendix ASite Manager ParametersThis appendix describes the Site Manager RADIUS parameters. You can display the same informatio

vi308640-14.00 Rev 00Chapter 2 Starting RADIUSBefore You Begin ...

Configuring RADIUSA-2308640-14.00 Rev 00You can also use the Technician Interface to modify parameters by issuing set and commit commands with the MIB

Site Manager Parameters308640-14.00 Rev 00A-3Server Configuration ParametersThe RADIUS Server Configuration window (Figure A-2) shows the current para

Configuring RADIUSA-4308640-14.00 Rev 00Parameter: Server IP AddressPath: Protocols > Protocols > Global Protocols > RADIUS > Edit ServerD

Site Manager Parameters308640-14.00 Rev 00A-5 Parameter: Auth. UDP PortPath: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 1645

Configuring RADIUSA-6308640-14.00 Rev 00Parameter: Response Timeout (seconds)Path: Protocols > Global Protocols > RADIUS > Edit ServerDefault

Site Manager Parameters308640-14.00 Rev 00A-7Protocol Parameters for RADIUS AuthenticationThe RADIUS Dial_In Protocol window (Figure A-3) shows the cu

Configuring RADIUSA-8308640-14.00 Rev 00Parameter: IP EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol &

Site Manager Parameters308640-14.00 Rev 00A-9Parameter: IPX EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Prot

308640-14.00 Rev 00B-1Appendix BMonitoring RADIUS Using theBCC show CommandsUse the BCC show commands to display configuration and statistical informa

308640-14.00 Rev 00viishow radius clients ... B-

Configuring RADIUSB-2308640-14.00 Rev 00Online Help for show CommandsTo display a list of command options, enter one of these commands at any BCC prom

Monitoring RADIUS Using the BCC show Commands308640-14.00 Rev 00B-3show radius alertsThe show radius alerts command displays problems with the RADIUS

Configuring RADIUSB-4308640-14.00 Rev 00show radius clientsThe show radius clients command displays information about the router’s RADIUS configuratio

Monitoring RADIUS Using the BCC show Commands308640-14.00 Rev 00B-5show radius servers generalThe show radius servers general command displays informa

Configuring RADIUSB-6308640-14.00 Rev 00show radius servers timersThe show radius servers timers command displays the time-setting information for the

Monitoring RADIUS Using the BCC show Commands308640-14.00 Rev 00B-7show radius stats accountingThe show radius stats accounting command displays all t

Configuring RADIUSB-8308640-14.00 Rev 00show radius stats authenticationThe show radius stats authentication command displays all the RADIUS statistic

308640-14.00 Rev 00C-1Appendix CConfiguration ExamplesThis appendix provides the following configuration examples for a router acting as a RADIUS clie

Configuring RADIUSC-2308640-14.00 Rev 00Configuring RADIUS AuthenticationThis example shows how to configure the router as a RADIUS authentication cli

Configuration Examples308640-14.00 Rev 00C-3Using the BCCTo enable RADIUS and configure the IP addresses for a RADIUS client and server:1.Start config

Configuring RADIUSC-4308640-14.00 Rev 00To configure the sample network, complete the following tasks:Site Manager ProcedureYou do this System respond

Configuration Examples308640-14.00 Rev 00C-5Use the following steps to select IP:Site Manager ProcedureYou do this System responds1. At the bottom of

Configuring RADIUSC-6308640-14.00 Rev 00Configuring RADIUS AccountingThis example explains how to configure the router as a RADIUS accounting client,

Configuration Examples308640-14.00 Rev 00C-7The next sections explain how to configure the sample network using the BCC and Site Manager.Using the BCC

Configuring RADIUSC-8308640-14.00 Rev 0010.To enable RADIUS accounting for the RADIUS client on slot 2, enter:radius-client/2# accounting enabled11.Na

Configuration Examples308640-14.00 Rev 00C-96. Click on an ISDN connector to assign a line to the pool, following these guidelines:• Site Manager does

Configuring RADIUSC-10308640-14.00 Rev 00To create a backup circuit, complete the following tasks: Refer to Configuring Dial Services for more informa

Configuration Examples308640-14.00 Rev 00C-11To enable RADIUS accounting, complete the following tasks: Site Manager ProcedureYou do this System respo

Configuring RADIUSC-12308640-14.00 Rev 00Configuring RADIUS Accounting and AuthenticationThis example explains how to configure the router as a RADIUS

Configuration Examples308640-14.00 Rev 00C-13The next sections explain how to configure the sample network using the BCC and Site Manager.Using the BC

308640-14.00 Rev 00ixFiguresFigure 1-1. Sample Network Using RADIUS ...1-3Figure 2-1. BCC H

Configuring RADIUSC-14308640-14.00 Rev 00To configure the RADIUS client and server, and enable RADIUS authentication and accounting on a router slot,

Configuration Examples308640-14.00 Rev 00C-15To select IP, complete the following tasks:Site Manager ProcedureYou do this System responds1. At the bot

308640-14.00 Rev 00D-1Appendix DVendor-Specific AttributesThis appendix shows the Nortel Networks vendor-specific attributes (VSAs) and the dictionary

Configuring RADIUSD-2308640-14.00 Rev 00Nortel Networks Vendor-Specific AttributesThe Nortel Networks vendor ID is 1584, as allocated by the Internet

Vendor-Specific Attributes308640-14.00 Rev 00D-3RADIUS Dictionary FileThis section lists the RADIUS dictionary file (bayrs.dct) for reference purposes

Configuring RADIUSD-4308640-14.00 Rev 00Attributes used with l2tpAttributes used with multi user accessATTRIBUTE Bay-Primary-DNS-Server Bay-VSA (54, i

308640-14.00 Rev 00Index-1Aaccess accept, 1-6access challenge, 1-6access reject, 1-6accounting. See RADIUS, accounting, 1-11Acct. UDP Port parameter,

Index-2308640-14.00 Rev 00Nnumbered IP addresses, 1-6OOSPF Enable parameter, A-8PparametersAcct. UDP Port, A-5Auth. UDP Port, A-5Bridge Enable, A-9Cli

308640-14.00 Rev 00Index-3Server Reset Timer parameter, A-6Slot Number parameter, A-7support, Nortel Networks, xivSystem 5000, 1-5Ttechnical publicati