On-demand connections, Portmaster security management – Lucent Technologies PortMaster User Manual
Page 36
On-Demand Connections
2-4
PortMaster Configuration Guide
On-Demand Connections
The PortMaster establishes on-demand connections in the following way:
•
When the PortMaster receives packets going to an on-demand location that is
suspended (not currently active), it dials out to that location if a line is available.
•
If idle timers expire on a connection, the connection is brought down, freeing the
port for other uses.
•
At regular intervals, packet queues are checked for dial-out locations configured for
multiline load balancing to determine if more bandwidth is needed. If it needs more
bandwidth, the PortMaster dials out on an additional port and adds that port to the
existing interface.
•
When users dial in, they are authenticated and provided with their configured
service.
PortMaster Security Management
The PortMaster provides security through the user table, or if configured, RADIUS
security. When a dial-in user attempts to authenticate at the login prompt, or via PAP or
CHAP authentication, the PortMaster refers to the entry in the user table that
corresponds to the user. If the password entered by the user does not match, the
PortMaster denies access with an “Invalid Login” message. If no user table entry exists
for the user and port security is off, the PortMaster passes the user on to the host
defined for that port using the selected login service. In this situation, the specified host
is expected to authenticate the user.
If port security is on and the user was not found in the user table, the PortMaster
queries the RADIUS server if one has been configured. If the username is not found in
the user table, port security is on, and no RADIUS server is configured in the global
configuration of the PortMaster, access is denied with an “Invalid Login” message. If the
RADIUS server is queried and does not respond within 30 seconds (and neither does the
alternate RADIUS server), access is denied with an “Invalid Login” message.
If security is set to off, any username that is not found in the user table is sent to the
port’s host for authentication and login. If security is set to on, the user table is checked
first. If the username is not found and a RADIUS server is configured, RADIUS is
consulted. When you are using RADIUS security, you must use the
set security S0 command to set security to on.