Manualshelf

User`s guide

ManualsBrandsAPC ManualsComputer equipmentAP9630
31323334353637383940
37UPS Network Management Card 2 User’s Guide
1. Add the IP address of the NMC to the RADIUS server client list (file).
2. Users must be configured with Service-Type attributes unless Vendor Specific Attributes (VSAs) are
defined. If no Service-Type attributes are configured, users will have read-only access (on the UI only).
See your RADIUS server documentation for information about the RADIUS users file, and
see the Security Handbook for an example.
3. VSAs can be used instead of the Service-Type attributes provided by the RADIUS server.
VSAs require a dictionary entry and a RADIUS user’s file. In the dictionary file, define the names for
the ATTRIBUTE and VALUE keywords, but not for the numeric values. If you change numeric values,
RADIUS authentication and authorization will not work. VSAs take precedence over standard
RADIUS attributes.
Configuring a RADIUS server on UNIX
®
with shadow passwords.
If UNIX shadow password files are used (/etc/passwd) with the RADIUS dictionary files, the following two
methods can be used to authenticate users:
If all UNIX users have administrative privileges, add the following to the RADIUS “user” file. To
allow only Device Users, change the APC-Service-Type to
Device.
DEFAULT Auth-Type = System
APC-Service-Type = Admin
Add user names and attributes to the RADIUS “user” file, and verify the password against /etc/passwd.
The following example is for users
bconners and thawk:
bconners Auth-Type = System
APC-Service-Type = Admin
thawk Auth-Type = System
APC-Service-Type = Device
Supported RADIUS servers.
FreeRADIUS and Microsoft IAS 2003 are supported. Other commonly available RADIUS applications might
work but have not been fully tested.
Firewall screen
Path: Configuration > Security > Firewall
Menuoption Descriptionofuse
Configuration
Enable or disable the overall firewall functionality. Any configured policy is also listed, even if
the firewall is disabled.
Active Policy
Select an active policy from the available firewall policies. The validity of policy is also listed
here.
Active Rules
When a Firewall is enabled (see Configuration above in this table), this lists the individual rules
that are being enforced by a current active policy. You can edit existing rules and add or delete
new rules here.
Create/Edit Policy Create a new policy or edit an existing one.
Load Policy Load a policy file (with a .fwl suffix) from a source external to this device.
Test Temporarily enforce the rules of a chosen policy, for a time that you specify.