User's Manual Part 1
SCP-LPS20x-011-012-01H December 20, 2004
52 ADC Telecommunications, Inc.
ON THE ACCESS CONTROLLER
Create static NAT mappings
To direct management traffic to the proper LPS-20x, you need to create static NAT mappings to redirect HTTPS
traffic to the new ports you defined on the LPS-20xs.
• Map traffic on port 5002 to IP address 192.168.1.2 and port 443.
• Map traffic on port 5003 to IP address 192.168.1.3 and port 443.
ON THE RADIUS SERVER
CONFIGURE THE ACCESS CONTROLLER PROFILE
MAC address authentication
For the LPS-20x to communicate with the remote management station, it must log into the public access network.
To accomplish this, use the MAC address attribute when creating the RADIUS profile for the access controller. This
attribute enables the access controller to authenticate devices based on their MAC address. For details, see the
access controller’s administrator’s guide.
Access list
In both scenario 1 and 2, it makes sense to protect access to the RADIUS server and management station. This is
done with an access list definition that blocks all traffic to 192.168.20.0 for scenario 1, and 192.168.30.0 for scenario
2.
However, to enable the LPS-20xs and the management station to communicate, you must create an additional
access list definition as follows:
• Scenario 1: Create an access list that permits HTTPS traffic to address 192.168.20.4.
This is the IP address of the management station. For example:
access-list=LPS-20x,ACCEPT,tcp,192.168.20.4,443
• Scenario 2: The list should permit HTTPS traffic to address 192.168.30.3.
This is the IP address of the management station inside the VPN tunnel.
access-list=LPS-20x,ACCEPT,tcp,192.168.30.3,443
CREATE A LPS-20X PROFILE
Define a RADIUS profile for the LPS-20xs. The profile should activate the access list that was defined in the access
controller profile. For example:
use-access-list=LPS-20x
CREATE A USER ACCOUNT FOR EACH LPS-20X
Define a RADIUS user account for each LPS-20x. Define a unique username and password for each device.