Comtech EF Data CDM-625A User Manual

CDM-625A Advanced Satellite Modem

MN-CDM625A

Appendix T

Revision 3

T–3

The authentication process, as shown here, permits use of the HTTP (Web Server) Interface for

remote M&C of the CDM-625A. This basic messaging sequence is the same for M&C access to

the CDM-625A over the Telnet user interface:

Step

Action

1

The User PC transmits the “HTTP GET” request.

2

Upon receiving the “HTTP GET” request, the CDM-625A checks whether the user has been authenticated. If

not, the CDM-625A returns “HTTP 401 Unauthorized” message to the User PC.

3

The User PC transmits the login credentials to the CDM-625A using the “HTTP GET” message.

4

The CDM-625A receives the login credentials and performs the following steps:

A. It validates the login credentials against the locally stored Admin credentials. If the credentials match,

the modem allows Read/Write access (including Admin configuration pages); it does not grant

RADIUS access.

B. If there is no match for the system user credentials, then the modem transmits the RADIUS: Access-

Request message to the Primary RADIUS Server.

C. If the Primary RADIUS Server is not available, then the modem transmits the RADIUS: Access-

Request message to the Secondary RADIUS Server.

D. If the Secondary RADIUS Server is not available, then the modem transmits the HTTP: Access

Denied message (error page) to the User PC.

5

The RADIUS Server, upon receiving the RADIUS:Access-Req message, authenticates the user credentials

and does one of the following:

A. It transmits the RADIUS: Access-Accept message with the appropriate user access level – e.g.,

Read-only or Read/Write.

B. It transmits the RADIUS:Access-Reject message upon credential mismatch.

C. It transmits the RADIUS: Access-Challenge for further validation.

6

The CDM-625A, upon receiving one of the above responses from the RADIUS server, then does one of the

following:

A. Upon receiving the RADIUS:Access-Accept message, it transmits the “HTTP 201 OK” message to

the User PC.

B. Upon receiving the RADIUS: Accept-Reject message, it transmits the “Access Denied” message to

the User PC.

C. Upon receiving the RADIUS: Access-Challenge message, it transmits the “PAP/CHAP challenge

response” message to the Radius Server.

7

Upon receiving the “HTTP 201 OK” message, the user can browse the CDM-625A HTTP (Web Server)

Interface pages.

Depending on the user access rights received from the RADIUS server, the CDM-625A

allows the user Read-only or Read-Write access to the interface.