[Top] [Table Of Contents] [Prev] [Next] [Index]
13 out of 25 total pages
 

Users   10


  This chapter describes how to use the command line interface to configure the PortMaster to authenticate dial-in users. The configuration settings are stored in the user table. Detailed command definitions follow a command summary table.

  Note ¯ Whenever possible, especially if you have 100 or more users, you should use RADIUS for user authentication rather than the user table. To use RADIUS, see
Chapter 3, "Global Settings," and the RADIUS for UNIX Administrator's Guide and RADIUS for Windows NT Administrator's Guide.

  The user table enables the PortMaster to authenticate and provide operational parameters on a user-by-user basis.
  You can use the command line interface to create, edit, and delete four kinds of users:
 
 

       Displaying User Information

  To display information about your user configuration, use the following commands:
 

       Summary of User Commands

  The commands in Table 10-1 configure the PortMaster to authenticate dial-in users. The User Type  column in the table denotes commands for login users(L) and network users or netusers (N). RADIUS can also be used to authenticate dial-in users; however, the PortMaster consults its own user table first.

  Table 10-1 User Configuration Commands 

 
  User Type    Command Syntax         
 N  add netuser Username [password Password]  - see page 10-3
 L  add user Username [password Password]  - see page 10-4
 L/N  delete user Username  - see page 10-4
 L/N  save user  - see page 10-5
 N  set user Username address|destination assigned|negotiated|Ipaddress  - see page 10-5
 N  set user Username compression on|off  - see page 10-6
 N  set user  Username  crossbar-ip  Ipaddress   - see page 7-5
 L/N  set user Username dialback|callback Locname|String|none  - see page 10-7
 L  set user Username host default|prompt|Ipaddress  - see page 10-8
 L/N  set user Username idle Number [minutes|seconds]  - see page 10-8
 L/N  set user Username ifilter [Filtername]  - see page 10-9
 N  set user Username ipxnet Ipxnetwork  - see page 10-10 
 N  set user Username local-ip-address Ipaddress  - see page 10-11
 N  set user Username map Hex  - see page 10-12
 L/N  set user Username maxports Number  - see page 10-13
 N  set user Username mtu MTU  - see page 10-13
 N  set user Username netmask Ipmask  - see page 10-14
 N  set user Username ofilter [Filtername]  - see page 10-15
 L/N  set user Username password Password  - see page 10-16
 N  set user Username protocol slip|ppp|x75-sync  - see page 10-16
 N  set user Username rip on|off|broadcast|listen|v2 {broadcast|multicast|on|v1-compatibility}  - see page 7-17

  L/N

 set user Username route-filter incoming|outgoing [Filtername]  - see page 7-8
 L  set user Username service netdata|portmaster|rlogin|telnet [Tport]  - see page 10-17
 L/N  set user Username session-limit Minutes  - see page 10-18
 L/N  show table user  - see page 10-18
 L/N  show user Username  - see page 10-19
 
 

       User Commands

  These commands configure the user table of the PortMaster.

  Note ¯ Set  commands can use user  and netuser  interchangeably, except that you cannot use set netuser  for a login user. The add  command requires add netuser  for network users and add user  for login users.

 
 

       add netuser

  This command adds an entry to the user table for a network user.

  add netuser Username [password Password]

 
 Username  Network username of 1 through 8 characters.
 Password  Network user password of 0 through 16 characters.

  A network user must be added to the user table before other netuser parameters can be configured. You cannot add network users with blank network usernames.
 

       add user

  This command adds an entry to the user table for a login user. Optionally, the user password can be added at the same time.

  add user Username [password Password]

 
 Username  Login username of 1 through 8 characters. Usernames cannot begin with a quotation mark (") or a question mark (?).
 Password  Login user password of 0 through 16 characters.

  A user must be added to the user table before other user parameters can be configured.
 

       delete user

  This command deletes a user or network user, password, and associated information from the user table.

  delete user Username

 
 Username  Username of a login user or network user.

 

       save user

  This command writes any changes in the user table to the nonvolatile RAM of the PortMaster.

  save user

  The save all  command can also be used.
 

       set user address|destination

  This command sets the IP address of the network user.

  set user Username address|destination assigned|negotiated|Ipaddress

 
 Username  Name of a network user.
 address|destination  Keywords address and destination are synonyms and generate the same result.
 assigned  The PortMaster assigns a temporary IP address for this user from the assigned pool.
 negotiated  This option is valid only for PPP sessions. The PortMaster attempts to learn the IP address of the remote host by IP Control Protocol (IPCP) negotiation.
 Ipaddress  Uses the specified IP address, or hostname with a maximum of 39 characters. If Ipaddress  is 0.0.0.0, the PortMaster does not use IP for this user.

  Address 255.255.255.255 is the same as negotiated . Address 255.255.255.254 is the same as assigned .
 

       set user compression

  This command sets Van Jacobson TCP/IP header compression and Stac LZS data compression for a network user.

  set user Username compression on|off

 
 Username  Name of a network user.
 on  Enables compression. The PortMaster tries to negotiate both Van Jacobson and Stac LZS compression. This is the default.
 off  Disables compression.

  Van Jacobson TCP/IP header compression can be used for SLIP and PPP connections. With SLIP, both sides need to be configured identically. For PPP connections, the PortMaster supports both bidirectional and unidirectional compression.
 

       set user dialback

  This command sets the callback telephone number for a callback login user, or the location for a callback network user.

  set user Username dialback|callback Locname|String|none

 
 Username  Username of a login user or network user.
 dialback|callback  Keywords dialback and callback are synonyms and generate the same result.
 Locname  Network user location name that is in the location table. Locname  must be between 1 and 12 characters in length.
 String  Login user callback telephone number--a maximum of 32 characters.
 none  Disables callback for this user, who then becomes a normal login or network user.

  To set callback for a login  user, enter the string of characters that follows the Hayes-compatible ATDT  command to return the user's call. If you enter a telephone number, the user is changed to a callback login user.
  To set a callback for a network  user, enter the name of the location--already in the location table--to which the PortMaster establishes a network connection back to the user.
 

       set user host

  This command indicates the login host for the login user.

  set user Username host default|prompt|Ipaddress

 
 Username  Username of a login user.
 default  Connects the user to the default host for the serial port.
 prompt  Allows the user to select a host (by IP address or name) to begin a login session.
 Ipaddress  Connects the user to the specified IP address, or 39-character hostname.

  The login host parameter defines the host to which the user is connected. If you set the user login host in the user table, prompts are displayed in the following order:

  login:

  prompt:

  host:

  Setting the IP address to 0.0.0.0 sets the host to the default.
 

       set user idle

  This command sets the length of time the line can be idle--in both directions--before the PortMaster disconnects the user.

  set user Username idle Number [minutes|seconds]

 
 Username  Name of a user.
 idle Number  Timeout value from 0 to 240. The default value is 0.
 minutes  Sets the idle time in minutes. This is the default.
 seconds  Sets the idle time in seconds.

  If the idle time value is set to 0, the idle timer is disabled. If the value is set to 2 seconds or a longer interval, the user is disconnected after there is no traffic for the designated time.
  You can set user idle timeout in the user table using this command, or you can use the RADIUS Idle-Timeout attribute. The RADIUS attribute is specified in seconds, but when greater than 240 seconds it is rounded up to minutes by the PortMaster.

  Note ¯ The idle time special value of 1 second applies only to asynchronous ports that have modem control turned on with the set  S0 cd on  command. Ports that are in the command state--with an administrator logged on--are not timed out with the special value of 1 second.

 

       set user ifilter

  This command sets the input packet filter for packets entering the PortMaster on the interface established by the network user.

  set user Username ifilter [Filtername

 
 Username  Name of a user.
 Filtername  Input filter name. The maximum is 15 characters.
]

  When an input packet filter is specified, all packets received from the serial interface are evaluated against the rule set for this filter, which has been defined and is in the filter table. Only packets that are permitted by this filter are allowed to enter the PortMaster.
  When a valid access control filter from the filter table is set for a login user, it restricts the hosts that the user can log in to as follows:

  1. The user logs in and specifies a host.

  2. The host address is compared against the access filter.

  3. If the address is permitted by the filter, the connection is established; otherwise, the connection is denied.

  You remove the filter by entering the command without a filter name.
 

       set user ipxnet

  This command sets the IPX network number for the user's network connection.

  set user Username ipxnet Ipxnetwork

 
 Username  Name of a network user.
 Ipxnetwork  Number of IPX network to be used for a serial link--a 32-bit hexadecimal value.

  The PPP protocol must be used with IPX. If you set the IPX network number to OXFFFFFFFE, the PortMaster dynamically assigns an IPX network for the user by using an address from the assigned pool as an IPX network number.
 

       set user local-ip-address

  This command allows a network user to assert a local IP address on a PortMaster asynchronous or ISDN dialout port for a numbered IP network.

  set user Username local-ip-address Ipaddress

 
 Username  Name of a network user.
 Ipaddress  IP address. A hostname is not accepted.

  Use this command only when a unique IP subnet is required for a point-to-point network connection--when both ends of the connection require an IP address.
  This function is not available in RADIUS.
 

       set user map

  This command sets the PPP asynchronous map to replace nonprinting ASCII characters found in the data stream.

  set user Username map Hex

 
 Username  Name of a network user.
 Hex  A 32-bit hexadecimal number. The default is 0x00000000.

  The PPP protocol supports the replacement of nonprinting ASCII data in the PPP stream. These characters are not sent through the line, but instead are replaced by a special set of characters that the remote site interprets as the original characters. The PPP asynchronous map is a bit map of characters that must be replaced. The lowest-order bit corresponds to the first ASCII character NUL and so on. Most environments must use the default. This command does not apply to the Serial Line Internet Protocol (SLIP).
  The command set user Username map 0 disables the asynchronous mapping.
 

       set user maxports

  This command, if set, limits the number of network dial-in ports the user can use on the PortMaster for Multilink V.120, Multilink PPP, and asynchronous multiline load-balancing.

  set user Username maxports Number

 
 Username  Name of a user.
 Number  Number between 0 and 95.

  If the number of dial-in ports is left unconfigured, port limits are not imposed and PortMaster multiline load-balancing, Multilink V.120, and Multilink PPP sessions are allowed. You can also set the dial-in port limit using the RADIUS Port-Limit attribute.
 

       set user mtu

  This command sets the size of the maximum transmission unit (MTU) for the network user.

  set user Username mtu MTU

 
 Username  Name of a network user.
 MTU  MTU value from 100 to 1500 bytes.

  The MTU value defines the largest frame or packet that can be sent, without fragmentation. A packet that exceeds this value is automatically fragmented if IP, or discarded if IPX. PPP connections have a maximum MTU of 1500 bytes, and SLIP connections have a maximum of 1006 bytes.
 

       set user netmask

  This command defines the netmask of the user's system on the remote end of the connection.

  set user Username netmask Ipmask

 
 Username  Name of a network user.
 Ipmask  IP netmask in dotted decimal notation.

  Enter the netmask number in dotted decimal notation. For more information, see the section on netmasks in the PortMaster 4 Configuration Guide.
  set user-netmask - page 7-11
 

       set user ofilter

  This command sets the output packet filter for packets leaving the PortMaster on the interface established by this dial-in network user.

  set user Username ofilter [Filtername

 
 Username  Name of a network user.
 Filtername  Output filter name. The maximum is 15 characters.
]

  When an output packet filter is specified, packets being sent to the serial interface are evaluated against the rule set for this filter, which has been defined and is in the filter table. Only packets that are permitted by this filter are allowed to leave the PortMaster.
  You remove the filter by entering the command without a filter name.

  Note ¯ This command does not apply to login users.

 

       set user password

  This command sets the password for a login user or network user.

  set user Username password Password

 
 Username  Username of a login user or network user.
 Password  User password of 0 through 16 characters.

  As shown in the example, the password is not displayed by any of the responses to a set  or show  command.
 

       set user protocol

  This command sets the transport protocol for a network user.

  set user Username protocol slip|ppp|x75-sync

 
 Username  Name of a network user.
 slip  SLIP protocol. This is the default.
 ppp  PPP protocol.
 x75-sync  X.75 protocol.

  If a nonzero IP address is set for a network user using PPP, IP is routed. If a nonzero IPX network is set for the user, IPX is routed.
  set C0 network dialin - page 5-23
 

       set user service

  This command selects the login service for the login user.

  set user Username service netdata|portmaster|rlogin|telnet [Tport]

 
 Username  Name of a login user.
 netdata  Uses a netdata  connection (TCP clear channel).
 portmaster  Uses the PortMaster login service to connect to in.pmd  on login host. This is the default.
 rlogin  Uses the rlogin  protocol to connect to the login host.
 telnet  Uses Telnet to connect to the login host.
 Tport  Designated TCP port on the host, a 16-bit number from
1 through 65535. The default is 23.

 

       set user session-limit

  This command sets the maximum length of a session permitted before the PortMaster disconnects the user.

  set user Username session-limit Minutes

 
 Username  Name of a user.
 Minutes  Session limit in minutes, any value from 0 to 240.
The default is 0.

  You can set the user session limit in the user table using this command, or you can use the RADIUS Session-Timeout attribute. The RADIUS attribute is specified in seconds, but is rounded up to minutes by the PortMaster.
 

       show table user

  This command shows the current users in the user table.

  show table user

 

       show user

  This command shows the configuration of the specified user.

  show user Username

 
 Username  Username of 1 through 8 characters.

 

[Top] [Table Of Contents] [Prev] [Next] [Index]
13 out of 25 total pages
spider@livingston.com
Copyright © 1999, Lucent Technologies. All rights reserved.