TMS zl Management and Configuration Guide ST.1.2.100916
2-66
Initial Setup in Routing Mode
Modify Management Settings
■ To authenticate operator users, the RADIUS server requires a policy that
meets these criteria:
• It selects RADIUS requests according to any of the attributes shown
in Table 2-13; again, the group to which operators belong is a common
choice for the criteria.
Note Again, it is best practice to add Service-Type = NAS-Prompt-User to the
selection criteria for the management access policy.
Note that you must not add other attributes (such as NAS-Port-Type)
to the selection conditions, or the requests will not be connected. If
you use a wizard to create the policy, and the wizard adds non-
supported attributes, you must delete them.
• It sets the following AVP for the connection: Service-Type = NAS
Prompt.
Table 2-13. RADIUS Attributes Sent in Management Access RADIUS Request
Set the High Availability VLAN
Even if you do not plan to configure the module for high availability (HA), you
should change the HA VLAN from the default to prevent unwanted multicast
or broadcast traffic from occupying the firewall’s resources.
If you do plan to configure the module for HA, first configure the module’s
other settings, then configure HA. See Chapter 8: “High Availability.”
If you to not plan to configure the module for HA, complete the following steps:
1. Access the host switch CLI and create a VLAN that is not used in your
network. Do not assign the switch an IP address on this VLAN, and do not
assign any switch ports to the VLAN.
Attribute Value
Username Username submitted in the log in window
Password Password submitted in the log in window
Calling-Station-ID User’s IP address
NAS-Identifier NAS Identifier configured for the module when you
specified the RADIUS server
NAS-IP-Address Module IP address on the TMS VLAN that connects
to the RADIUS server
Service-Type NAS-Prompt-User