Access Device
Access devices refer to the switches or access servers that work with the system for authentication. Only the access devices configured through the access device function can forward and receive the packets, so that the user authentication process can be completed.
Functions
Parameters
- Shared Key: Enter a shared key for communications between the server and the access device. The shared key on the server and the access device must be the same.
- Authentication Port: Used by the system to monitor the authentication packets. Make sure that the authentication port here is the same as that configured on the device side.
- Accounting Port: Used by the system to monitor the accounting packets. The accounting port must be the same as that configured on the device side, and it is used for free. The accounting port is used for RADIUS packets only.
- Service Type: Specifies the type of service supported by the access device. Currently, only LAN access service and device management service are available. If the service type is set to Unlimited, the device supports both LAN access and device management services. A device of the device management service type does not support LAN access service.
- Forcible Logout Type: Method for UAM to forcibly log out an endpoint user.
- Disconnect user: Instructs the NAS to disconnect the user.
- Shut down and bring up port: Instructs the NAS to shut down and bring up the port connecting to the user.
- Access Device Type: Select the access device vendor or standard protocol type(The standard protocol type requires the RADIUS server and client exchange packets according to RFC 2865, RFC 2866, or later.). You can select one of the pre-defined access device types, including Intelbras, 3COM, Huawei, Cisco, Ruijie, HP others, HP A series, Microsoft and Juniper, or select a user-defined type, which is defined in the Access Device Type.
- Service Group: Select a service group for the access device. The service group ensures privilege management of the access device. The administrators and maintainers can add the access device to one of the service groups to which they have the management privilege. The service group of the access device is not modifiable when you modify the access device configuration..
- Select/Add Manually: The way to add an access device. Select indicates that you can select devices managed by the system. Add Manually indicates that you will add the device manually.
- Device Name: Refers to the sysName of the device.
- Device IP: IP address of the device, which can be an IPv4 addresses or an IPv6 address.
- Start IP/End IP: The address range helps add multiple devices at one time. Or you can choose to set the start IP address only.
- Access Device Group: Specifies an access device group for an access device. One access device can belong to only one access device group.
- Mass Use Of Equipment To Escape: On the RADIUS server, batch change the status of the selected access devices to the escape status. After the server receives the RADIUS message from the access device in the escape state, it will not process it. The radius status on the device changes to block, and the device enters the escape mode.
- Cancel Equipment Escape In Batch: Restore the selected access device in the escape state to the normal state.
- SOAP Username/Password/Listening Port: Configure the SOAP parameters to be used by an HP device to verify the logoff operations. Make sure the SOAP settings are the same as those configured on the device.
- Limited to Platform Devices: When Limited to Platform Devices is displayed, only the access devices that already exist in the INC platform can be manually added to the access device list. When Not Limited to Platform Devices is displayed, access devices can be manually added to the list whether they exist in the INC platform or not.
- Deploy User-Notify Attribute:Select whether to enable the device to deploy configurations to endpoints through the User-Notify attribute. The deployed configurations enable the endpoints to perform tasks such as initiating security checks. As a best practice, enable this feature for Intelbras, Huawei, and 3Com devices, and disable it for Cisco, Ruijie, and some Huawei devices that are configured with the User-Notify attribute.
Precautions
- When you add an access device, configure the shared key as the authentication and accounting key configured on the device. Otherwise, the iNode client will fail to pass authentication and log in.
Related Topics