Using SMS with RADIUS Server
TUT Systems, Inc
Page 79 of 104
P/N
220-06288-20
If no connect information is provided, connect information defaults to that specified for
the default group (called “*” or “star”). This information can be specified at the
SMS2000. If no bandwidth management is specified at the SMS2000, then users without
“Connect-Info” parameters have no bandwidth limits.
Using Real IP Addresses
Subscribers can use real Internet routable IP addresses when connected to the SMS2000
and authenticated via RADIUS. The easiest way to do this is to configure the default
group with the static IP type in SMS, providing an optional DHCP pool of real IP
addresses available via DHCP.
If only a few users are going to connect using static IP addresses which are not
configured via DHCP, while the rest of your users will be NATed, use the “Framed-IP-
Addr” attribute to indicate the expected address in the user’s entry.
If the subscriber’s PC is configured with the given address, the SMS2000 passes traffic
through directly to the subscriber once the subscriber is authenticated without using
NAT. If the subscriber’s PC is configured for DHCP or is configured with the wrong IP
address, the SMS2000 will NAT the subscriber as normal.
For example:
Postel Password = “Postel”
Framed-IP-Address = “18.181.0.29”
Connect-Info = “3000000/1000000”
When Postel connects to the SMS2000, he will initially be NAT-ed and redirected to the
SMS2000’s RADIUS login page. After properly authenticating himself with his user
name and password, the SMS2000 will check his PC’s IP address against the one
returned via RADIUS. If they match, the SMS2000 will pass traffic from Postel directly
through itself, without using NAT. If they don’t, Postel will be NATed. Also note that
Postel is limited to 3Mbps upstream and 1Mbps downstream. The use of static IP
addressing is independent of the quality of service parameters. They may or may not be
included together in any subscriber’s entry.
RADIUS Ports
The official assigned RADIUS ports are 1812 for authentication and 1813 for accounting.
A typical /etc/services file shows the RADIUS ports this way:
radius 1812/tcp
# radius
radius 1812/udp
# radius
radius-acct 1813/tcp radacct
# radius Accounting
radius-acct 1813/udp radacct
# radius Accounting
SMS2.3.5 and earlier used ports 1645 and 1646. Any SMS that currently has a RADIUS
server configured will retain ports 1645 and 1646 when upgrading to SMS2.3.6.
By default, any new RADIUS configuration with SMS2.3.6 will use ports 1812 and
1813, unless the systems administrator specifies another set of ports.