TUT Systems SMS2000 User Guide TUT Systems, Inc Page 1 of 104 P/N 220-06288-20
No part of this publication may be reproduced or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of the publisher. Information in this manual is furnished under license and may only be used in accordance with the terms of the software license. This publication and the information herein is furnished AS IS, is subject to change without notice, and should not be construed as a commitment by Tut Systems.
SMS User’s Guide ™ SMS Software Release 2.3.
Contents Contents ............................................................................................................................. 4 List of Tables.................................................................................................................................... 9 List of Figures .................................................................................................................................. 9 Preface............................................................
Disabling Automatic Configuration Changes .................................................................. 27 Saving a Configuration .................................................................................................... 28 Loading a Configuration File........................................................................................... 28 Restoring a Previous Configuration.................................................................................
Archiving SMS2000 Firmware and distributing it from a Server.................................... 42 Verifying a Successful Upgrade ...................................................................................... 43 Returning to an Older Firmware Version......................................................................... 43 Loading Another Image ................................................................................................... 43 Chapter 5 - Authentication .......................
Chapter 10 - Service Creation Using Groups and Rules............................................. 62 Groups............................................................................................................................................ 62 Adding a Group ............................................................................................................... 62 Deleting a Group..............................................................................................................
Adding the SMS2000 as a Client on the RADIUS Server ............................................... 78 Adding Users to the RADIUS Server .............................................................................. 78 Configuring Service Parameters ...................................................................................... 78 Using Real IP Addresses.................................................................................................. 79 RADIUS Ports ..................................
Appendix A - RADIUS Access-Accept Dictionary File ............................................... 97 RADIUS Attributes in Access-Accept Packets................................................................................ 97 Appendix B - Technical Assistance and Customer Support ..................................... 101 Technical Support ........................................................................................................................ 101 Internet ...................................
Preface This guides in this series provide detailed information and procedures that will allow you to communicate and interface with your SMS2000 and OCS products, complete basic system and network configuration, and manage your systems using system administration tools. For further information, use the release notes, frequently asked questions (FAQs), product and technology overviews, and troubleshooting tips in the support area of Tut Systems’ website http://www.tutsystems.
Introduction Chapter1 - Introduction Tut Systems’ Expresso Subscriber Management System (SMS2000)and Operation Center Software (OCS) offer a complete solution for delivering and controlling Internet Protocol (IP) based services to subscribers. The SMS2000 delivers powerful subscriber management features to service providers.
Introduction • Portal redirection—Clients can be directed to a “forced portal” for authentication or to deliver dynamic content. The service provider is able to control and differentiate network service better. • IP multicast—Multimedia content can be delivered to subscribers. By using IGMP snooping, the SMS2000 facilitates multicast delivery. • PPTP passthrough—Point-to-point tunneling protocol can be used by subscribers even if the subscriber’s IP address is shared via NAT.
Introduction Subscriber Management Components The SMS2000 can interact with a number of external software and hardware components. Figure 1-1 shows the subscriber management components, which are described in SMS2000 Tutorials.
Introduction SMS2000 The SMS2000 consists of hardware and embedded software generally placed on a property to control public network access. The SMS2000 handles packet switching functions, traffic shaping, and address translations for a single property. The SMS2000 has a very small internal configuration database and stores no permanent data about users, policies, or billing information.
Introduction “provisioning” and “outsourcing.” OCS can perform numerous billing functions. It can bill a subscriber’s credit card periodically (such as, monthly fixed service charges from an apartment dweller) or as services are delivered (such as a daily charge in a hotel room once a guest requests Internet service). OCS can handle billing through a credit card service bureau, or it can send its billing information to an SMS2000 connected via a serial interface to a hotel Property Management System (PMS).
Getting Started Chapter 2 - Getting Started Before beginning this chapter, you must have already installed your hardware, completed your cable and power connections, and successfully powered up your system following the instructions in the SMS2000 Quick Start Guide.
Getting Started Style Conventions To facilitate the proper interpretation of command syntax and parameters as you read this guide, we’ve applied style conventions to distinguish various elements of the commands, as well as to show how to use the commands. The style conventions used throughout this document are described in Table 2-1.
Getting Started Cursor Movement To save time, you can use the arrow keys on your keyboard to navigate between levels. The command keystrokes are used to move the cursor around on the command line and within the command history buffer. The arrow keys can also be used for cursor movement. Navigation and cursor movement for the SMS2000 system is described in Table 2-2.
Initial Configuration Chapter 3 - Initial Configuration You may configure the SMS2000 via a serial interface or a Telnet connection as described in the following sections. Establishing a Connection with the SMS2000 Establishing a Connection Via a Serial Interface Note: Verify you have installed the SMS2000 on a rack or shelf with air circulating above and below the SMS2000. Perform the following steps to configure the SMS2000 via a serial interface connection: 1.
Initial Configuration 11. Click OK. 12. Set the following parameters in the Settings tab: • Select Terminal keys. • From the Emulation pull-down menu, select Auto Detect. • Set Backscroll buffer lines to 500. 13. Click OK to close the dialog box. Note: To avoid cutting off a section of the display, set the window to full screen size. 14. To save this configuration for the future, select File/Save As and enter the name of the file for this configuration.
Initial Configuration If you have not already done so, connect the PC to the SMS2000 subscriber port, by plugging one end of a cross-over Ethernet cable into the Ethernet port on the PC and the other end into the subscriber port on the back of the SMS2000. Note: If you are not using a hub to connect to the subscriber port, you must use a crossover cable. To connect using a hub: 5. Plug one end of a straight-through Ethernet cable into the PC’s Ethernet port and the other into the hub. 6.
Initial Configuration Initial Configuration There are five steps required for the initial configuration of the SMS2000: 1. Step 1 Change the password for security purposes. 2. Step 2 Set the Quick Configuration. 3. Step 3 Change the system hostname to identify the system on the network. 4. Step 4 Disable authentication. 5. Step 5 Save the configuration. 6. Step 6 Reboot the system. 7. Step 7 Verify connectivity. For advanced configuration information, see the SMS2000 User’s Guide.
Initial Configuration This example resets the system configuration, setting the local IP address to 192.168.1.244 with a 24-bit subnet mask (255.255.255.0) and the default gateway is 192.168.1.1. There are two DNS servers; the first is 192.168.1.42, and the second is 192.168.1.1. sms2000% set quick-config 192.168.1.244/24 192.168.1.1 192.168.1.42 192.168.1.1 Setting the Hostname Use the set hostname command to immediately change the host name at the command prompt.
Initial Configuration for example, to save the current configuration, type: sms2000% save Rebooting the System In order for saved configuration changes to take effect, you must reboot the system. To force the system to shut down completely and then restart, use this command: reboot For example, to reboot the system, type: sms2000% reboot Verifying the Configuration 1. Login to the system. 2. Ping a known site. sms2000% ping www.yahoo.com 3. Press CTRL-C to stop the pinging. 4.
System Administration Chapter4 - System Administration This chapter describes the system administration activities and commands, including: • Configuration E-Mail Settings • Configuration and System File Tools • Configuring SMTP • Configuring NTP • Configuring SNMP Polling • Connectivity and Testing • System Tools • Event Tracking • System Administration Tools • Troubleshooting Tools • Subscriber Connectivity Commands • Upgrades Configuration E-Mail Settings Setting the Default Configuration E-mail Each
System Administration Mailing the Current Configuration The config-mail command mails the current configuration to the address specified. The SMS2000 uses the SMTP (Simple Mail Transfer Protocol) server specified by the e-mail address or SMTP-server command line parameter. If you enter config-mail with no parameters, the SMS2000 uses the server last configured with set config-mail. Once connected, the SMS2000 sends an e-mail message to the specified (or default - if none is entered) recipient.
System Administration Note: Some types of changes, including adding a static port with the set port command or resetting the system configuration with the set quick config command require that you reboot the SMS2000 before continuing.
System Administration Saving a Configuration After committing configuration changes to the running system, the save command is used to store the current configuration to a startup script, which is executed the next time the system boots.
System Administration sms2000% restore config Note: You must reboot the SMS2000 for the restored configuration to take effect. Restoring the Default Configuration To restore the SMS2000 to the default configuration (with no functions configured), use this command: set default For example, to reset the SMS2000 configuration to default, type: sms2000% set default Note: This command does not change the password.
System Administration delete smtp-server {server_name | ip_address} For example, to stop forwarding mail to the mail server 1.2.3.4, type: sms2000% delete smtp-server 1.2.3.
System Administration Configuring the NTP server To configure a network time protocol server for the SMS2000 to use when synchronizing its clock use the set ntp-server command. This command requires that you have already configured a time zone for the SMS2000 using the set timezone command. To configure an NTP (time) server using its hostname or IP address, use this command: set ntp-server {hostname | ip_address | off} For example, to set the network time server to 192.168.254.
System Administration MDU Lite (LongRun or HomeRun) for addressing information on new subscribers. The SMS2000 may use polling data from Expresso GS/MDU Chassis equipment to determine the room from which a subscriber is generating traffic. This data can then be used by the OCS or another server to tailor its response to the room and to determine the room number for hotel PMS billing. For example, the OCS can charge a different price for conference rooms than for suites at a hotel.
System Administration sms2000% delete snmp-poll 192.168.254.211 Connectivity and Testing Traceroute To use a standard network application that tracks the path a packet follows to arrive at a specified network destination, use this command: traceroute {ip_address|hostname} This example shows how traceroute is used for internal network verification. sms2000% traceroute 208.226.86.252 This example shows how traceroute is used to verify throughput of an external network (with active DNS).
System Administration {left|right}}[help | ?] For example, with system linetest on and the SMS2000 rebooted, the SMS2000 generates a broadcast to the subscriber Ethernet interface once per second. Installers should check for a blinking LED on a Long Run or Home Run adapter if they do not have diagnostic equipment.
System Administration To activate a port or range of ports as static or dynamic, or to deactivate one or more ports, use this command: set port port {[static [ip_address | ip_address netmask ip_mask | ip_address/masklen] [vlan vlan_id]] | dynamic | disable]} For example, to set port 800 to a static port with IP address 192.168.254.244 and subnet mask 255.255.255.255, type: sms2000% set port 800 static 192.168.254.
System Administration displog {on | off} For example, to enable the display of log messages in current telnet session window, type: sms2000% displog on For example, to disable the display of log messages in current telnet session window, type: sms2000% displog off System Administration Tools Displaying Version Information To display the release number, reboot count, system images, active system images, and port information, use the following command: version For example, to see version information, type:
System Administration For example, to reboot the system, type: sms2000% reboot Changing a Password Use the password command to prevent unauthorized users from accessing the SMS2000. Note: A bad password can dramatically reduce the system security of the SMS2000. Please follow general password guidelines by including alpha, numeric, and other printable characters in a password that is at least seven characters long. The default password is “manager”.
System Administration SNMP Management Beginning with SMS2.3.6, the SMS supports remote SNMP management. SNMP System Contact and System Location will be reported in the SNMP system OID. All SMS OIDs are read-only. An SNMP trap is sent to the trap-recipient when the SMS boots or reboots. By default, the SNMP agent is disabled.
System Administration To view SNMP System location information, type: SMS000$ show snmp system-location SNMP Community You can define up to five SNMP Communities with unique IP Addresses for access to MIB objects. To add an SNMP Community and Management IP, type: snmp add community community-name mgmt-address {rw | ro} For example, to create a public community without restrictions: SMS2000% snmp add community public 0.0.0.
System Administration To delete the SNMP trap recipient, type: SMS2000% snmp delete trap-recipient To view the SNMP trap recipient configuration, type: show snmp trap-recipient Troubleshooting Tools System Information Tools Setting the System Information Dump Use the dump-info command to e-mail the status of the system to a specified address when the SMS2000 has a fatal error.
System Administration Subscriber Connectivity Commands Setting the ARP Failure Limit The SMS2000 periodically sends an unsolicited ARP request to clients from whom it has not received network traffic for a certain period of time. If a device does not respond to the specified number of requests, the SMS2000 assumes that it has been disconnected and closes the session with the device. The set arp-fails command allows you to set the number of allowed failures.
System Administration Upgrading from Tut Systems’ Website 1. 2. 3. 4. 5. 6. Go to the Tut Systems website at http://www.tutsystems.com. On the Support pull-down menu, click "SMS/OCS". Click Downloads. Enter your Company's name and product serial number (as printed on your invoice) where required. If you purchased the product before 1-September-2000, or have purchased the product through a third party, please contact Customer Support. Click Login.
System Administration Verifying a Successful Upgrade 1. After the SMS2000 reboots, telnet to the SMS2000. Note If the new firmware fails to boot, the SMS2000 reloads the older firmware. 2. Login. Use the version command to verify that the release matches the upgrade version and the SMS2000 booted from the same location from which the new firmware was loaded. This example shows that the SMS2000 booted from hda2. sms2000% version Release: SMS/2.3.2b4 30Sept01 server: SMS/2.3.2b4 30Sept01 config: SMS/2.3.
System Administration new firmware because the SMS2000 will not boot the older firmware, it will continue to fail to boot the newer firmware upon each subsequent boot attempt. Always download the newer firmware again in the event of upgrade problems.
Authentication Chapter 5 - Authentication Authentication is the process of verifying the identity of a subscriber. Authentication The SMS2000 is capable of performing authentication by using an external server (OCS or RADIUS). For more information on using the OCS for authentication, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these functions in various configurations are described below.
Authentication Configuring the Command Server Setting the Command Server for OCS Interaction To set the command server for the OCS interaction, use this command: set cmd-serv ip_address For example, to set the command server to 10.228.10.251, type: sms2000% set cmd-serv 10.228.10.251 Note: This is normally not necessary if you use the auth add web command with the cmd-serv option when adding the OCS.
Authentication The auth add web command automatically adds an allow-net to the specified server so that subscribers can be redirected to the allow-net without being intercepted. For more information on allow-nets, see “Allow-Nets” on page 49. To add a Web server as the authentication server for the current group, use this command: auth add web url secret secret [cmd-serv] For this example, the SMS2000 will be configured to authenticate using the OCS server at 192.168.254.249.
Authentication A warning will appear. Note: You do not have to specifically enable authentication. Simply adding a Web or RADIUS server is sufficient. Disabling Authentication Use the auth off command to disable authentication for the current group. If you use the auth off command with the forcedweb option, when an unauthenticated subscriber first trys to access the Internet, the subscriber is automatically redirected to the specified Web page; for example, an ISP’s portal page.
Authentication HTTP Request Throttle Setting the HTTP Request Throttle Use the set http-request throttle command to configure a per-session throttle on the rate at which HTTP requests from that session are handled before authentication. A new session begins with max_requests requests enabled. Every request uses one from a pool of available requests until there are no requests available in the pool. Requests are allocated to the session at request_rate requests per second.
Authentication Setting an Allow-Net Note: When adding the OCS using the auth add web command an allow-net is automatically configured for you. An OCS server will always be added as an allow-net entry when you use an OCS authentication server. This allows the SMS2000 to redirect subscribers to the server before authentication. Other servers may also be required in your allow-net, such as www.authorize.
Authentication Deleting an Allow-Net To remove allow-net entries, use this command: delete allow-net [ip_address netmask | ip_address/masklen | dns-name | dnsname/masklen ] For example, to delete an allow-net starting at 192.168.254.128 with a 32-bit network mask, type: sms2000% delete allow-net 192.168.254.128/32 For example, to delete an allow-net for a dns name, type: sms2000% delete allow-net notarealserver.
Authentication SMS2000 can substitute subscriber information for replaceable parameters in the URL. For example, here the set authok command is shown using the secret as well as the blockall parameters, and a URL with parameters embedded in it which are handled during the redirect. sms2000% set authok http://www.myserver.com/mypath/myscript.
Authentication • Support RADIUS ports 1812 and 1813 for RADIUS request and accounting ports (per official RADIUS assigned ports) • Support Session-Timeout attribute • Support Idle-Timeout attribute • Set the NAS type parameter Note: RADIUS packages are available for all major Linux distributions. When you communicate with the RADIUS server, use a shared secret of your choosing to: • Authenticate the SMS2000 with the RADIUS server. • Verify responses returned from the RADIUS server to the SMS2000.
Authentication Syntax Alias Description Adding the alias parameter to the end of the auth add radius command will configure the SMS to receive RADIUS response packets from an IP address other that the IP address configured as the RADIUS server. Multiple RADIUS Servers Default Older versions of SMS used UDP port 1645 for RADIUS authentication requests and 1646 for RADIUS accounting requests by default.
Authentication The alias parameter can be combined with the multiple RADIUS servers to provide faulttolerant clustered RADIUS servers. RADIUS server configuration to support this is not covered by this documentation as server configurations can vary widely. Set NAS port type parameter Beginning with SMS2.3.6, the system administrator can set the NAS type parameter to any supported NAS type. If the NAS type parameter is not set, the default value of 5 will be used.
Authentication show status radius Shows the status of and configuration of RADIUS servers in the running system, including whether they are DEAD or ALIVE. If the RADIUS server is DEAD, the command will also indicate the number of minutes until it is alive again.
Authorization Chapter 6 - Authorization Authorization entails determining if a particular user has permission to use a service. Authorization The SMS2000 is capable of performing authorization by using an external server (OCS or RADIUS) or by using onboard groups and rules. For details about using the OCS for Authorization, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.
Accounting Chapter 7 - Accounting Accounting entails the reporting of network resource usage. Accounting The SMS2000 is capable of performing accounting by using an external server (OCS, RADIUS, or Syslog). For more information on using the OCS for accounting, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these functions in various configurations are described below.
Accounting Radius Accounting Configuration Sending Accounting Messages to a RADIUS Server Note: This command does not require that you have configured RADIUS authentication. When subscribers connect or disconnect, usage data can be sent to a RADIUS accounting server. RADIUS accounting can be configured to track the usage of subscribers, including time on, time off, and bandwidth used.
Provisioning Chapter 8 - Provisioning The SMS2000 is capable of performing provisioning by using an external server (OCS or RADIUS) or internally using groups and rules. For more information on using the OCS to provision the SMS2000, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these functions in various configurations are described below.
Billing Chapter 9 - Billing Billing is charging the subscriber money for using the service. Billing The SMS2000 is capable of performing billing by using an external server (OCS or RADIUS). For more information on using the OCS for billing, see the OCS User’s Guide. For more information on RADIUS, see Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these functions in various configurations are described below.
Service Creation Using Groups and Rules Chapter 10 - Service Creation Using Groups and Rules Groups are created on the SMS2000 in order to provide an easier way to manage multiple subscribers. Subscribers are placed into groups according to a set of rules. Rules may be configured directly on the SMS2000 through the command line interface or, more typically, are generated automatically by the OCS and downloaded to the SMS2000.
Service Creation Using Groups and Rules Deleting a Group To delete groups with specific characteristics, use this command: group delete groupname For example, to delete the group library, type: sms2000% group delete library Setting the Active Group Context Most configuration items are tied to the current group.
Service Creation Using Groups and Rules SMS2000 Rules The SMS2000 includes a mechanism called rules. Managers can use the rules directly to create configurations which are specific to their environment. Most configuration attributes for the SMS2000, including traffic shaping and subscriber ID information, are applied to groups. Subscribers are assigned to these groups through rules.
Service Creation Using Groups and Rules Rule Expression Components A rule expression tells when to apply a rule. The action for the rule is always to place the ession in a group. This group is specified either by group add groupname, or group goupname for an existing group, or by including the optional group name parameter on the ommand line. Expressions include IP addresses, subnets, MAC addresses, VLAN IDs, and SNMP nformation.
Service Creation Using Groups and Rules VLAN When using a VLAN switch as a wiring solution, each VLAN effectively is treated as a “room,” similar to the “snmp-info” used with Tut Systems equipment (e.g., an MDU Lite or Expresso GS/MDU Chassis). Managers can write rules that affect one or many VLANs: vlan=vlanida[-vlanidb] Where vlanida is a VLAN ID expressed as an integer greater than 1. vlanidb is an optional VLAN ID expressed as an integer greater than vlanida.
Service Creation Using Groups and Rules “not mac=00:11:22:33:44:55” applies the rule so long as the MAC address of the unit is not the given address. In other words, it applies to every computer in the world but one. The AND Operator The “AND” operator is used to group two or more expressions of any type so that the rule applies if both the expression on the left of the “AND” and the expression on the right of the “AND” are true. expression AND expression For example: “tut=123.123.123.
Service Creation Using Groups and Rules Using Rule Priorities Each rule has a numeric priority; the smaller the number, the greater the priority. When assigning a group to a new session, the SMS2000 first looks at all rules with priority 1. If it finds any matching rule, it stops and uses the group for that rule. If it does not find any matching rule, it goes on to rules with priority 2, and so on. Managers can use multiple rules in conjunction with one another to provide unique service offerings.
IP Addressing Chapter 11 - IP Addressing Tut Systems’ Expresso Subscriber Management System (SMS2000) and Operation Center Software (OCS) offer a complete solution for delivering and controlling Internet Protocol (IP) based services to subscribers.
IP Addressing Figure 11-1 Plug and Play with NAT Client A believes that it’s IP address is 38.1.43.32 and client B believes it’s IP address is 141.211.43.87. The SMS2000 will respond to each of these clients as their respective gateways, 38.1.43.1 and 141.211.43.1. By using Network Address Translation (NAT), each of these clients is actually sharing the SMS2000’s network-side address of 217.44.23.76. This capability is called “plug and play” since the SMS2000 is automatically adjusting to the client.
IP Addressing through DHCP that corresponds to a real address from one of the SMS2000’s DHCP pools. Note: Addresses in the DHCP pool must be in the same subnet as the SMS2000 or in a control-net. For example, sms2000% group add dhcpers sms2000% dhcp-pool mypool 192.168.0.100 192.168.0.110 255.255.255.0 lease 80 sms2000% iptype dhcp sms2000% set rule bob 1 mac=00:01:02:03:04:05 Static Non-Routable Addresses A fixed address can be assigned to a subscriber.
IP Addressing Configuring a Control Network for Additional Client IP Addresses Note: This command is only required when using DHCP or static IP addresses on a physical network with multiple IP subnets, and the administrator wants subscribers to be allocated DHCP or static addresses from these additional IP subnets.
IP Addressing For example, to set the IP type to DHCP, type: sms2000% iptype DHCP Source-Nets Setting a Source-Net Note: Source nets are only used with IP types 1 to 1 and 1 to 1 unique. The command set source-net configures a source-net. A source-net is a SMS2000 configured subnet to which subscriber connections are mapped when using the 1 to 1 and 1 to 1 unique IP types. For IP types 1to1 and 1to1Unique subscribers are each given one of the available IP addresses.
IP Addressing DHCP Creating DHCP Pools Subscribers who use protocols that are not NAT-friendly (including some gaming servers) or who use a dynamic DNS service to act as a Web server may want to have a non-NATed real DHCP address. Subscribers who want this service must have DHCP enabled on their local PCs. If they do not have DHCP enabled, they receive the normal NATed service and do not benefit from having a real IP address.
IP Addressing To specify the IP address of a DNS server and (optionally) add it for use in the active/current group, use this command: set dns [add] ip_address For example, to configure the SMS2000 to use 192.168.254.254 as a DNS server. sms2000% set dns 192.168.254.254 Note: Changing the DNS server(s) requires a reboot. Deleting the DNS Server Address To delete the DNS address for the current group, use this command: delete dns ip_address For example, to delete the DNS server with the IP address 192.168.
Printing Chapter 12 - Printing The Expresso Subscriber Management System (SMS2000) offers printing capabilities. Setting up the LPR Host To define the printing parameters, including the name of the LPR host and the maximum number of pages and bytes allowed per job, use this command: set lpr {hostname | off} [queuename maxpages maxbytes] For example, to set the printer host to the IP address 10.228.10.
Using SMS with RADIUS Server Chapter 13 - Using SMS2000 with a RADIUS Server SMS2000 can authenticate subscribers and send accounting messages using RADIUS. Beginning with the 2.3.6 release of SMS software, many RADIUS attributes and additional features have been added.
Using SMS with RADIUS Server Adding the SMS2000 as a Client on the RADIUS Server For the SMS2000 to be a RADIUS client, it must have an entry in your RADIUS server’s clients list. The location and format of this list is different for different RADIUS servers. Adding Users to the RADIUS Server RADIUS servers may include a list of specific users in a file, in a database, in an LDAP server, a remote RADIUS server, on the local system, or any combination of these.
Using SMS with RADIUS Server If no connect information is provided, connect information defaults to that specified for the default group (called “*” or “star”). This information can be specified at the SMS2000. If no bandwidth management is specified at the SMS2000, then users without “Connect-Info” parameters have no bandwidth limits. Using Real IP Addresses Subscribers can use real Internet routable IP addresses when connected to the SMS2000 and authenticated via RADIUS.
Using SMS with RADIUS Server Any port combination can be specified when configuring RADIUS servers. See page 53, Chapter 5, for details on using the auth add radius command. Check the /etc/services files on the RADIUS server and verify that the RADIUS server is set to use the same ports as the SMS. SMS2000 NAS File While it is not required, a NAS file is available that allows your RADIUS server to decode some custom RADIUS accounting attributes from SMS2000.
Using SMS with RADIUS Server RADIUS Attributes Sent In AccessRequest Packets The SMS2000 sends the following attributes in Access-Request packets. The RADIUS server may choose to ignore any or all of these. The RADIUS server may make its access response based on any or all of these.
Using SMS with RADIUS Server Setting Traffic Shaping The SMS2000 provides traffic shaping to limit the maximum bandwidth for a group of subscribers or a static port. The configuration parameters for traffic shaping that you set with the shape command apply to the active group. xbs is the maximum transmit rate (bits per second) from the SMS2000 to the subscriber. rbs is the maximum receive rate (bits per second) allowed for the subscriber.
SMS2000 and Property Management Systems Chapter 14 - SMS2000 and Property Management Systems (PMS) For hotels desiring PMS billing, the SMS2000 and the OCS can be configured to send billing records to the PMS. Both SMS2000 and the OCS are involved in PMS billing. The SMS2000 is physically connected to the PMS and handles the serial port line protocol to the PMS. The OCS builds the PMS messages and forwards changes to the SMS2000 for transfer to the PMS. Only one PMS can be configured per property.
SMS2000 and Property Management Systems Note: For more information on using the set pms-server command, see the SMS2000 Command Reference. Protocol Modes All PMS protocols (except Micros-Fidelio) work in one of three modes: • TTY • ACK-NAK • ENQ-ACK-NAK TTY provides best effort delivery, while ACK-NAK and ENQ-ACK-NAK provide reliable message delivery. TTY MODE In TTY mode, message delivery is best effort only. The SMS2000 sends the message to the PMS and does not look for any response.
SMS2000 and Property Management Systems That character is used to validate that the message was transmitted without errors. It is calculated by adding up all of the characters in the message proceeding it (except the STX and modulo the sum by 256). The PMS has a limited time frame in which to respond with an ACK. The PMS may also NAK the message for any reason. It is treated as a transmission error and the message is sent again.
Customizing SMS2000 Web Authentication with RADIUS Chapter 15 - Customizing SMS2000 Web Authentication with RADIUS This chapter describes how to work with and customize web pages on the SMS2000 when using RADIUS authentication. You can obtain the original web pages, for use in customizing, by contacting your Tut Systems representative, or you may extract them using a web browser. By default, a set of web pages are created on the SMS2000 and presented to the user during authentication.
Customizing SMS2000 Web Authentication with RADIUS If the modified page you are loading is the first customized page for a group, a new directory is created to store this and other modified files. This directory is automatically given the same name as the active group. There is no need to reboot the SMS2000. When a new subscriber connects, the subscriber sees the new web page. Note: SMS2000-based web page customization can only be done using SMS2000 with a RADIUS authentication server.
Customizing SMS2000 Web Authentication with RADIUS the location of the image is relative towhere the file is located. Since the default pages and their images reside in the same directory, the default pages load with no problem. When customizing web pages absolute paths to images such as 
can also be specified in the customized pages. These absolute paths contain the full path to the image.
Customizing SMS2000 Web Authentication with RADIUS
While these elements can be presented in any manner you choose, they must exist for the SMS2000 to properly parse the login form.Customizing SMS2000 Web Authentication with RADIUS
