User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)

381

382

383

384

385

386

387

388

389

390

Supported RADIUS Attributes Framed-IP-Address

D-3

D.1.2.1 Framed-IP-Address

Using this attribute is equivalent to setting the remote address range of a site to “undefined.” Two values

are available:

◆ 255.255.255.255 (0xFFFFFFFF) allows the user to choose and IP address

◆ 255.255.255.254 (0xFFFFFFFE) assigns the user an address from the SCS IP address pool

If an IP address pool is defined for the SCS and the incoming user asks for an address, one will be assigned

from the pool. If the user asks for a specific address, the user will be given the address, provided it is

available. In the absence of an address pool, the user will be given any address that he requests.

D.1.2.2 Filter-ID

The SCS renames filters by appending suffixes based on the filter type. For example, a filter named “dallas”

configured on the SCS will be renamed “dallas.in” (for an incoming filter), “dallas.out” (for an outgoing

filter), “dallas.idl” (for an idle timeout filter), and “dallas.st” (for a startup filter).

Note: The maximum filter name length is 12 characters, but should be limited to 8

characters to account for the added suffix.

To understand how the Filter-ID attribute works, imagine that user irvine is trying to make a PPP

connection using RADIUS authentication. When the connection is initiated, the SCS starts a copy of the

default site.

During the authentication phase, RADIUS looks in NVR for a site that has the same name as the user. If

RADIUS finds a match, this site becomes the base site. If the SCS does not find a match, RADIUS will use

a copy of the default site as the base site. RADIUS uses the attributes passed from the RADIUS server

during authentication to modify the base site.

If the Filter-ID attribute is present and has the value “irvine,” RADIUS examines NVR for a filter named

irvine.in. If it finds the filter, it uses that filter as the incoming filter for the site. If it doesn’t find the filter,

the incoming filter from the base site, if any, is used. If no incoming filter is defined for the base site, no

incoming filter is used. RADIUS then repeats the process for the other three filter types (outgoing, idle, and

startup). As long as RADIUS finds at least one filter matching the Filter-ID value, the connection will

succeed.

However, if the Filter-ID attribute is present and no filters are found matching the Filter-ID value, the

connection is refused. This prevents a potential security hole created when a user is allowed to connect

without the intended restrictions being enforced.

Note: Because startup filters only apply to outgoing sites, which RADIUS doesn’t

handle, there is no need to define a startup filter for a RADIUS user.

D.1.2.3 Login-IP-Host

If the Service-Type is Login or Callback-Login and the Login-Ip-Host value is not set or is set to 0.0.0.0,

the preferred Telnet host will be used. If the Service-Type is Login or Callback-Login and this value is set

to 255.255.255.255, the user will be prompted to enter the name of the host to use for the connection,

including normal SCS environment strings. If present, the Login-TCP-Port value will override the user-

entered environment.