![[Top]](../images/home.jpg)
![[Contents]](../images/contents.jpg)
![[Next]](../images/next.jpg)
![[Last]](../images/index.jpg)
- Ascend Customer Service
- Enabling Ascend to assist you
About This Guide
- What's new
- What you should know
- Documentation conventions
- Manual set
- Related publications
- Related RFCs
- Information about PPP connections
- Information about IPX routing
- Information about IP routers
- Information about OSPF routing
- Information about multicast
- Information about firewalls and packet filtering
- Information about general network security
- Information about external authentication
- ITU-T recommendations
- Related books
Chapter 1 Getting Acquainted with RADIUS
- What is RADIUS?
- How does RADIUS authentication work?
- How does RADIUS accounting work?
- What types of applications does RADIUS support?
- Simple RADIUS authentication and accounting
- RADIUS authentication and accounting with a backup server
- RADIUS with an external token-card server
- Using RADIUS to sign up new customers
- What files does RADIUS use?
- The dictionary file
- The clients file
- The users file
- Overview of RADIUS packet formats
- Using the RADIUS interface
- Understanding pseudo-user profiles
Chapter 2 Installing and Starting RADIUS
- Before you begin
- System requirements
- Configuring the MAX TNT
- Overview of RADIUS installation tasks
- Installing the RADIUS daemon
- Obtaining and compiling the RADIUS daemon
- Installing the Ascend RADIUS dictionary
- Creating and configuring the clients file
- Creating the users file
- Creating the log file
- Specifying the MAX TNT unit's name and IP address
- Specifying the RADIUS daemon's authentication port
- Installing RADIPAD for global IP pools
- Configuring the MAX TNT to use the RADIUS server
- Performing the required configuration steps
- Performing the optional configuration steps
- Configuring distinct ID sequences for packet IDs
- Specifying how the system behaves when User-Service (6) is not received
- Fine-tuning the interaction between the MAX TNT and RADIUS
- Specifying the duration of a RADIUS timeout
- Specifying the message resulting from a RADIUS timeout
- Configuring Vendor-Specific Attribute (VSA) support
- Specifying the manner in which the MAX TNT handles the User-Name
- Specifying whether to customize the User-Name string
- Using SNMP to specify the primary RADIUS server
- Configuring the MAX TNT for RADIUS client requests
- Performing the required steps for client requests
- Specifying the clients permitted to make RADIUS requests
- Specifying the shared secret
- Performing the optional steps for client requests
- Specifying the UDP port
- Specifying session key parameters
- Starting the RADIUS daemon
- Running the daemon with a flat ASCII users file
- Running the daemon with a UNIX DBM database
- Creating the executable files
- Creating the DBM database
- Starting the RADIUS daemon for a DBM database
Chapter 3 Reference to RADIUS Attributes
Chapter 4 Setting Up RADIUS Accounting
- Before you begin
- Overview of accounting configuration tasks
- Setting up system-wide RADIUS accounting values
- Performing required accounting configuration tasks
- Specifying system-wide accounting parameters on the MAX TNT
- Specifying the accounting port
- Specifying the accounting directory
- Performing optional accounting configuration tasks
- Generating RADIUS accounting IDs based on source port number
- Specifying the source for RADIUS accounting requests
- Specifying a timeout value
- Specifying a retry limit
- Specifying the interval for sending session reports
- Specifying the numeric base for the session ID
- Specifying the reset time
- Specifying whether to send Stop packets when authentication fails
- Specifying whether to send Stop packets with no user name
- Specifying whether to send a second RADIUS Accounting Start record
- Setting up accounting on a per-user basis
- Overview of per-user accounting attributes
- Specifying per-user accounting attributes
- Setting up accounting with dynamic IP addressing
- Classifying user sessions in RADIUS
- Using the Class attribute
- Using the Ascend-Number-Sessions attribute
- Generating periodic accounting requests
- Using SNMP to specify the primary accounting server
- Starting the RADIUS daemon with accounting enabled
- When using a flat ASCII file
- When using a UNIX DBM database
- Understanding accounting records
- What type of information appears in accounting records?
- Where are accounting records stored?
- What kinds of packets does RADIUS accounting use?
- Accounting Start packets
- Accounting Stop packets
- Non-accounting attributes in Start and Stop records
- Accounting attributes in Start records
- Accounting attributes in Stop records
- Accounting attributes in Failure-to-start records
- Proxy RADIUS accounting
- How proxy RADIUS accounting works
- Contents of the Stop record sent by proxy
- Sample accounting records
- A Pipeline 25 dialing into a MAX TNT
- A modem calling into a MAX TNT
- An immediate-modem dialout connection
- A Stop record sent by proxy
Chapter 5 Setting Up Call Logging
- Before you begin
- Understanding call logging
- Overview of call-logging configuration tasks
- Setting up system-wide call-logging values
- Performing required call-logging configuration tasks
- Specifying system-wide call-logging parameters on the MAX TNT
- Specifying the call-logging port
- Specifying the call-logging directory
- Performing optional call-logging configuration tasks
- Specifying a timeout value
- Specifying a retry limit
- Specifying the numeric base for the session ID
- Specifying the reset time
- Specifying whether to send Stop packets with no user name
- Setting up call logging with dynamic IP addressing
- Starting the RADIUS daemon with call logging enabled
- When using a flat ASCII file
- When using a UNIX DBM database
- Understanding call-logging records
- What type of information appears in call-logging records?
- Where are call-logging records stored?
- What kinds of packets does call logging use?
- Start packets
- Stop packets
- Non-call-logging attributes in Start and Stop records
- Call-logging attributes in Start records
- Call-logging attributes in Stop records
- Call-logging attributes in Failure-to-start records
- Sample call-logging records
- A Pipeline 25 dialing into a MAX TNT
- A modem calling into a MAX TNT
Appendix A Attribute and Parameter Cross Reference
- Parameters and analogous attributes
- Attributes and parameters in numerical order
- Attributes and parameters in alphabetical order
Appendix B Attribute and Packet Cross Reference
- Access-Request (1)
- Access-Accept (2)
- Access-Reject (3)
- Access-Password-Request (7)
- Access-Password-Ack (8)
- Access-Password-Reject (9)
- Access-Challenge (11)
- Access-Password-Expired (32)
- Ascend-Access-Event-Request (33)
- Ascend-Access-Event-Response (34)
- Ascend-Disconnect-Request (40)
- Ascend-Disconnect-Ack (41)
- Ascend-Disconnect-Nak (42)
- Ascend-Change-Filters-Request (43)
- Ascend-Change-Filters-Ack (44)
- Ascend-Change-Filters-Nak (45)
Appendix C Troubleshooting
- RADIUS authentication problems
- Isolating the problem to the RADIUS server
- Checking the RADIUS configuration and program files
- Checking the MAX TNT parameters
- Running the RADIUS daemon in debug mode
- Checking the log file
- Determining whether all users are failing authentication
- RADIUS accounting problems
- General accounting errors
- Duplicate or deleted records
- Backoff-queue error message
- Connect progress codes
- Disconnect cause codes
Appendix D Sample RADIUS Users File
Index
techpubs@ascend.com
Copyright © 1999, Ascend Communications, Inc. All rights
reserved.