Basic SBR Carrier Configuration
Launching Web GUI
Launching Web GUI
To test whether the server can be accessed by a management workstation, launch the Web GUI.
To launch the Web GUI:
Open a browser connection to the SBR Carrier server you want to administer.
To administer a SBR Carrier server running on your local host, enter https://localhost:2909, where the port assignment of 2909 is the application’s default TCP port for administration connections.
To administer a SBR Carrier server running on a remote host, enter https://server:2909, where the port assignment of 2909 is the application’s default TCP port for administration connections. For example:https://192.168.24.15:2909/
Make sure that you access the Web GUI using HTTPS, instead HTTP.
The Login page (Figure 13) appears.
Consult Juniper Networks Technical Support for changing the port number. Using a non-default port may cause communication problems between Web GUI and the SBR Carrier server.
Enter your administrator username in the Username field.
Enter your login password in the Password field.
When you click Login, Web GUI establishes an HTTPS connection with the local or remote server. The Web GUI displays an error message if the connection cannot be established.
If a timeout occurs, verify that the SBR Carrier daemon is running on the target server and that it is listening on the administration port you entered in the URL; that the port is not blocked.
Web GUI verifies that the username you entered exists in the access.ini file. If the username is found, Web GUI validates the password you entered against a local or remote password database.
When you connect to a server, the Home page lists various features of the running server, such as version, platform on which it is running, IP address, available authentication methods, license information, and any initialization errors that might have occurred.
Configuring the Server
Configuring the Server
After you have installed the Steel-Belted Radius Carrier software on the server, have added the appropriate licenses, and can work with Web GUI, you can begin configuring the software. The specific steps you must perform depend on your network’s authentication and accounting needs.
The basic steps for configuring the Steel-Belted Radius Carrier environment include:
Configure each of your RADIUS client devices to communicate with your Steel-Belted Radius Carrier server. To do this, you must log in to each device and run its configuration interface.
Use the RADIUS Clients List page in Web GUI to configure the server to communicate with each RADIUS client. Details are in the Administering RADIUS Clients and Client Groups section of the SBR Carrier Administration and Configuration Guide.
If the clients use RADIUS Location Groups or IP Address Pools, each of those entities must exist before the clients are configured. See the sections on Administering RADIUS Location Groups and Administering Address Pools in the SBR Carrier Administration and Configuration Guide for instructions on setting these up.
Use the Users panel to identify the users or groups of users who are permitted to access the RADIUS clients.
Specify user attributes by selecting them in the Users panel or by creating user profiles in the Profiles dialog.
For more information, see the SBR Carrier Administration and Configuration Guide.
Steel-Belted Radius Carrier runs its own SNMP agent, but other SNMP agents run on most servers. In general, only one application can use a socket port; they are not shared resources.
During installation, the configure script prompts you for SNMP setup information, including an opportunity to specify a port other than the default 161 port that is usually in use by the Solaris SNMP agent.
If you already provided an alternate port during that setup step, you can skip the following procedure about how to change the port number, but remember to set your MIB browser to listen on the port you specified.
If you know that other agents already use port 161 but you did not specify an alternate during installation, change the Steel-Belted Radius Carrier port assignment by editing both radiusdir/snmp/conf/jnprsnmpd.conf and radiusdir/snmp/bin/testagent.sh. Remember to check your MIB browser to determine whether it also needs adjustment to communicate with the SBR Carrier server.
To change the port, edit the SBR Carrier SNMP configuration files listed in Table 20:
Table 20: SNMP Configuration Files
Stores settings for the Steel-Belted Radius Carrier SNMP agent.
Test script that verifies the Steel-Belted Radius Carrier SNMP agent is operating correctly.
Edit radiusdir/snmp/conf/jnprsnmpd.conf to change the port number.
The jnprsnmpd.conf file is self-documenting. For more information about this file, see the SBR Carrier Reference Guide.
The jnprsnmpd.conf file is very sensitive to stray white space and the order in which sections and parameters appear. Mistakes in this file can disable SNMP.
Make sure to make a backup copy of the file before making any changes.
While editing the file, do not to make any unnecessary changes. Follow the embedded examples as closely as possible.
When specifying networks, as in 172.28.68.0/24 in the com2sec mynetwork 172.28.68.0/24 public line, the trailing 32-x bits of the IP address must be zero as specified by the trailing /x notation. For example, 32-24=8 bits in this case.
Make the same port number change in radiusdir/snmp/bin/testagent.sh script, which is used to test the agent.
After making the change, restart either the Steel-Belted Radius Carrier server process or just its SNMP daemon.
If necessary, set up your SNMP browser to listen on the new port.
To verify that the jnprsnmpd SNMP agent functions, run the radiusdir/snmp/bin/testagent.sh script.
Refer to the SBR Carrier Administration and Configuration Guide for more information about configuring the SBR SNMP agent.