BMAS: 3Com Total Control Remote Access Server
(Last modified: 22Aug1998)
This document (2941236) is provided subject to the disclaimer at the end of this document.
Issue
The following is the process required to configure Novell Inc. "BorderManager Authentication Service 1.0" with a 3Com Inc. "Total Control Remote Access Server".
1. Install BorderManager Authentication Service 1.0 on the server which will be used as your Remote Authentication Dial-in User Service "RADIUS" server.
2. Using Nwadmin, create a Dial Access System object as per Novell TID 2929365.
3. In the TID, under the heading of Creating a Dial Access System object, step 7 through 8e, you must provide information having to do with the Total Control Hub.
4. Before you can create Clients for the Dial Access System object, you must know how many must be created. Examine the Total Control Remote Access Server configuration. If your Total Control Remote Access Server has only the NETServer card installed, only one client will be needed. If your Total Control Remote Access Server has a NETServer card and a Network Management card, you must create two clients.
5. The following port address will be used for the installation. Authentication is assigned to Port =1645 and Accounting is assigned to Port =1646 for the Total Control Remote Access Server.
Note: The "old" standard for RADIUS used UDP ports which weren't "officially registered" and so they conflict with another product (Datametrics). Most Access Server vendors are still using the original numbers, so we continue to support them (1645 = RADIUS Authentication and 1646 = RADIUS Accounting). The new standard (as listed in RFC 2138 and 2139) is 1812 = RADIUS Authentication and 1813 = RADIUS Accounting.
6. There are two methods for configuring the NETServer card, the first is to use the Windows-based NETServer Manager version 3.3.3 or above to configure the NETServer card and the second is to place commands at the command line to configure the card.
7. In the Windows-based NETServer Manager Login, select the RADIUS toolbar button. The RADIUS Configuration window will appear. In the security tab place in the IP address of the RADIUS server. Make sure the port address is 1645 (or 1812 as explained above). Now select the RADIUS Secret button and place in this window the RADIUS secret password that must be less that 15 characters.
8. Now select the Accounting tab. Again place the IP address of the RADIUS server. Make sure the port address is set for 1646 (or 1813). Now select the RADIUS Secret button and place in this window the RADIUS secret which must be less that 15 characters. Save the window information. Go to the toolbar and press the "Save to Nvram" icon button. Both RADIUS secrets must be the same.
9. The second method is to type the following lines in at the command line:
Show global (This command will be used to check the assigned IP address of the RADIUS server, and the port should be 1645 or 1812. The accounting IP should be the same RADIUS server IP address, but the port should be 1646 or 1813.)
Check the bottom of the Show global screen and make sure the Acct Authchk is on.
Set Authentic "RADIUS server IP address"
Set Accounting "RADIUS server IP address"
Set Secret "RADIUS server secret"
Set Acct_authchk "on"
Save "all"
Show "global" (check the values)
10. If a Network Manager card is installed in the Total Control Remote Access Server the following setup must be done to have accounting communication between the Total Control Remote Access Server and the Network Manager card.
Use a program such as Microsoft Hyper terminal and a cable supplied with the Total Control Chassis. Connect the RS232 cable to Channel 1 on the back of the Network Manager card. The baud rate is 9600 baud. A menu should appear. Select Item 7 to place the RADIUS secret for the Network Manager card. The secret must be the same as the Dial Access System's client secret. You must be careful about case sensitivity. The character length must be greater than 4 and less then 15 characters. Do a "Save to Nvram", select menu item 9 to save the RADIUS secret.
11. Now using the Windows-based Total Control Manager software, select the Network Manager card and select the pull-down menu Configure. Look for the next pull-down menu called "Programmed setting" and select the "logging group".
12. In the logging group, set the IP address of the RADIUS server in the Primary log server IP address field. The port address must be 1646 or 1813 in the Log Server's UDP port field.
13. The next and final setting is to enable "MD5 Calculations." Make sure that the set button followed by the OK buttons are Pushed.
14. Find the action commands, select software, and "Save to NVRAM".
This should complete the settings that are required to connect a Total Control Remote Access Server to a RADIUS server with the use of Authentication and Accounting.
document
| Document Title: | BMAS: 3Com Total Control Remote Access Server |
| Document ID: | 2941236 |
| Creation Date: | 18Aug1998 |
| Modified Date: | 22Aug1998 |
| Revision: | 1 |
| Novell Product Class: | Novell BorderManager Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.