Tut Systems SMS2000 Switch User Manual


 
Authentication
TUT Systems, Inc Page 54 of 104 P/N 220-06288-20
Syntax Description
Alias
Adding the alias parameter to the end of the auth add radius
command will configure the SMS to receive RADIUS response
packets from an IP address other that the IP address configured as
the RADIUS server.
Multiple RADIUS Servers
Default
Older versions of SMS used UDP port 1645 for RADIUS authentication requests and
1646 for RADIUS accounting requests by default.
New versions of SMS will continue to use those same ports for previously configured
RADIUS servers when upgraded from previous versions.
However, new RADIUS servers will be configured with port 1812 for RADIUS
authentication and port 1813 for RADIUS accounting by default.
The default retrans is 5.
The default retrans-primary-only is 2.
The default timeout is 30 seconds.
The default deadtime is 0 minutes (disabled)
Usage Guidelines
Note Select a shared secret as you would a password.
Example
This example configures the SMS2000 to authenticate subscribers in the current group
using the RADIUS server at 192.168.254.249.
sms2000% auth add radius 192.168.254.249 secret donttell
retrans=3 retrans-primary-only=1 timeout=10 deadtime=5
Alias IP address
If the RADIUS servers are configured with a virtual interface, the RADIUS response
packets will be transmitted to the SMS on a different interface than the request packet
was received. The SMS will reject the packets since it did not arrive with the expected
source IP address. Setting an alias IP address allows the SMS to receive the RADIUS
response from a different source IP. You must configure the alias IP parameter after
configuring the RADIUS server.
For example;
auth add radius 192.168.1.249 secret donttell
auth add radius 10.1.1.50 alias
The above two commands will cause the SMS to send the RADIUS request to
192.168.1.249 and receive the RADIUS response from both 192.168.1.249 and 10.1.1.50.