Owners manual
45
7. Administration
(
continued
)
7.3.4 ANMS
The Advanced Network Management Settings (ANMS) page allows
you to set up login authorization management from an external source.
From this screen, administrators can set up remote management via
RADIUS and/or LDAP/S, and set up the access port and MAC address
for the Windows-based log server.
RADIUS Settings
To allow authorization for a RADIUS server, do the following:
1. Check the Enable checkbox.
2. Fill in the Primary RADIUS Server IP and access Port, and the
Alternate RADIUS Server IP and access Port.
3. In the Timeout (seconds) field, set the time in seconds that the
KVM waits for a reply from the RADIUS server before it times out.
4. In the Retries field, enter the number of times you want the KVM
to try and reconnect with the RADIUS server before it gives up.
5. In the Shared Secret field, key in the character string that you want to
use for authentication between the KVM and the RADIUS Server.
6. On the RADIUS server, set the access rights for each user
according to the information in the table:
Character Description
C Gives the corresponding account administrator privileges.
W Gives the corresponding account access to the KVM
switch via the Windows browser and non-browser
applications.
J Gives the corresponding account access to the KVM
switch via the Java browser and non-browser applications.
L Gives the corresponding account access to the log server
on the Web Management Interface.
V Gives the corresponding account view-only access to all
ports on the KVM switch.
PN/xxxx Denies the corresponding account access to a port.
SN/xx Denies the corresponding account access to a station.
PV/xxxx Gives the corresponding account view-only access to a
port.
SV/xx Gives the corresponding account view-only access to a
station.
PF/xxxx Gives the corresponding account full access to a port.
SF/xx Gives the corresponding account full access to a station.
RADIUS Server access rights examples are given in the following table:
RADIUS
Access
Rights Description
C The corresponding account has administrator access to
the KVM.
W, J, L The corresponding account can access the system
via the Windows and Java browser and non-browser
applications, and can access the log server on the Web
Management Interface.
PN/0102 The corresponding account is denied access to port 2 on
station 1.
PF/A The corresponding account is given full access to all
ports on the installation.
SV/02 The corresponding account is given view-only access to
station 2.
Note: Characters are not case sensitive. Characters are comma
delimited.
ANMS – LDAP/S
To allow authentication and authorization via LDAP/S, do the
following:
1. Check the Enable LDAP Authentication checkbox.
2. Select LDAP or LDAPS.
3. Determine whether to enable authorization or not.
• If the Enable Authorization checkbox is checked, the LDAP/S
server directly returns a ‘permission’ attribute and authorization
for the account that is logging in. With this selection, the LDAP
schema must be extended.
• If the Enable Authorization checkbox is not checked, the LDAP/S
server indicates whether the account that is logging in is a
member of the KVM Admin Group or not. If yes, the account
has full access rights. If no, the account has user access rights
(See the User Management section of this manual for details on
account permissions).
4. Enter the appropriate IP address and access port for the LDAP or
LDAPS server in the LDAP Server IP and Port fields. The default
port number for LDAP is 389, and is 636 for LDAPS.
5. In the Timeout (Seconds) field, enter the time in seconds that the
KVM waits for an LDAP or LDAPS server reply before it times out.
6. Consult the LDAP/S administrator about the appropriate
entry for the LDAP Administrator DN field. For example, the
entry might look like this: cn=LDAPAdmin,ou=B022-U08-
IP,dc=tripplite,dc=com
7. In the LDAP Admin Password field, key in the LDAP administrator’s
password.