The unit needs to be given a static IP address (it does not use DHCP). Define the subnet mask, default gateway (which is the route off the network) and define the IP address of your DNS server. This DNS server will be used by the ACS to resolve names (like when the ACS sends an administrative email notification) and this address will be given to the dial in RAS users as the DNS they can use. Setup administrative email notification. Setup date and time via SNTP. The unit can be restarted from this menu as well.

The Modem Sharing method can be with or without an authentication process. Modem Sharing with authentication means a login prompt will be issued into the socket (to the user) when it is opened. Who (what) ever opened the socket must provide appropriate credentials before access is given to the modem. The database of user’s names and passwords the ACS will check against can be one of two choices. A local database (defined within the ACS) or a RADIUS database (defined in a RADIUS server external to the ACS).

The type of Telnet connection (mode) can be "Raw" (or not raw). A raw Telnet connection is one that does not respond to or use Telnet and RFC 2217 escape sequences (flags). When RAW is not used, packets of FF will be interpreted as escape flags. The escape routine includes a process of removing and replacing escape flags and subsequent characters normally intended for command and control function between Telnet hosts (RFC 2217 com port control via Telnet).

The TCP port (socket) number used by Telnet to access the modem is dependent on how the Modem Sharing Pool option is set. If this option is set to "pool", 6000 is used. All POTS modem ports set to pool (6000) must have the same exact Modem Sharing option (with or without authentication, etc). When a Telnet client on the LAN opens a connection to 6000, it is given the lowest numbered POTS modem port that is not in use. If this option (Modem Sharing Pool) is set to "non pool" then a specific 7000+ number is sequentially associated to each POTS modem (POTS modem 1 is assigned 7000, POTS modem 2 is assigned 7001 and so on incrementally through POTS modem 8 with 7007).

For RAS (dial in PPP) a second static IP address is needed. This address is for the dial in user (PPP peer). This address is defined in the Remote Host Address field. This address needs to be on the same subnet (network number) as that of the ACS.

The Authentication Type field in this menu only applies to RAS calls. When the type is set to Local, the ACS will look to match the credentials provided by the caller with credentials listed in the Local Users menu. Additionally, local users can be called back at a fixed pre-defined number that is entered\defined by the "administrator" at the time of setting up the local account or the client (PPP peer) can be called back at a variable (always changing number) that is entered by the "user" at the time of dialing in.

When the type is RADIUS, the ACS will send the credentials to the RADIUS Server that is defined in this menu.

RADIUS Accounting is a process that starts after successful RADIUS authentication. The ACS sends an accounting start packet to the accounting server defined in this menu. When the user disconnects, the ACS sends an accounting stop packet to the accounting server. RADIUS accounting summaries the time and date, duration, POTS port connected on and IP address given to the user, for this particular call. RADIUS Accounting does not track the amount or type of data of the session or the places the user communicates with.

The Secret is an encryption key used by both the RADIUS Server and RADIUS Client and so it must be the same alpha numeric string (including case) defined in both. The ACS implements MD5 encryption.

The RADIUS Server has to be listening on the same set of UDP ports that the RADIUS Client (ACS) is using.

Add local users when the Authentication Menu has the Authentication Type set to "Local" or when Modem Sharing is set with Local Authentication. Local users that are added will have dial in and dial out rights, but they will not have administrator rights.

If the IP address of the unit is unknown, from the serial command port on the back of the unit issue the command ifconfig.

If you do not know the HTTP admin account password, from the serial command port on the back of the unit issue the command "cat /var/config/cfgtxtfile" (without the quotes). Look for the "userid" and "password" values for the first entry (index 0) in the "phonebook" section near the top of the file.

The ACS system automatically initializes the MT5634SMIV92 Global modem after certain events. The user can also manually invoke the initialization of the modem from the Current Status menu when the modem is idle and there is not an active telnet connection.

AT &F E0 %T19,0,34 &D2 M0 S0=n +FCLASS=0

AT *H4 +VCID=n

The Modem Setup menu allows for the user to control the number of rings to answer on (S0=n), the Country Code (%T19,0,nn) and the displaying of caller id information (+VCID=n) for Modem Sharing applications. The modem initialization events are:

Upon system boot up (power up or unit reset).

After RAS call disconnects.

After Telnet connection is closed\terminated.

When the "Initialize Modem" button is pressed in the Current Status menu.

When the "Update" button is pressed in the Modem Setup menu.

The *Hn command controls the On-Hook Delay feature. This feature keeps the line busy (for the duration specified) after each disconnect event (on hook event). This is a safeguard while the system re-initializes for the next call.

*H0 = Feature Disabled (&f command sets *H0).

When the modem is being used via Modem Sharing access, the application using the modem is responsible for the modem’s configuration. Depending on the application, it may be appropriate to disable the *H delay (issue &f or *H0) before establishing calls.

PPP Link: PAP is the only supported PPP authentication protocol. PAP (a sub protocol of PPP) is used to communicate user credentials across the PPP link (between the PPP peer and the ACS). CHAP and MS-CHAP protocols are not supported. PPP session idle time is controlled by the "idle" parameter within the /var/config/options.ttyMU1x files. The default value is 600 seconds. This can only be changed by manually editing these files. The "maxconnect" parameter can also be added to this file in the same fashion (idle and maxconnect values are in seconds). Additionally, if the ACS is to inform the dial in client of a WINS server, add the parameter "ms-wins ipaddress" in the same fashion to the option files. Please Note: any subsequent changes made to the "IP Configuration" section of the Administration menu via the WEB interface will over write manually edited changes to these options files.

IP Networking: The Remote Host IP Addresses (traditionally referred to as the IP Pool) must be on the same network as that of the ACS address (the addresses must use the same network number). The ACS can not; route subnets, masquerade addresses (perform NAT), filter IP packets or implement user defined static routes. The PPP peer (remote host) must be configured to accept a server (ACS) assigned IP address. The ACS implements a "static IP address per POTS port" assignment method. Who ever dials into POTS port 1 will receive the IP address (Remote Host Address field in the Authentication menu) associated with POTS port 1. Whoever dials into POTS port 2 will receive the IP address associated with POTS port 2 and so. The ACS does not support RADIUS assigned IP addresses or DHCP assigned IP Addresses.

General RADIUS Notes: The RADIUS authentication process (protocol) involves Client and Server components. The ACS (be if for Modem Sharing or RAS applications) is a RADIUS Client. For all RADIUS implementations, the RADIUS Server must be configured with (informed of) the IP address of each RADIUS Client (ACS) it is to serve, along with an administrator defined encryption key (Secret password). This secret password is used by both the RADIUS Server and Client and so it must be the same alpha numeric value (including case) in both components. When the RADIUS Client makes an authentication request to the RADIUS Server, it encrypts the "user’s" password with the key (secret). When the RADIUS Server reads the authentication request, it decrypts the password using the secret value. The encryption protocol implemented by the ACS is standard RADIUS encryption MD5.

Trouble shooting an authentication problem solely by what the user encounters can be misleading and inefficient. Determine what the RADIUS Server reports (indicates) for the session.

If the RADIUS server shows the Access Request was Rejected, the ACS was not added to the clients file within the RADIUS server, the user is providing incorrect credentials, or the user doesn’t have appropriate rights (attribute mismatch). Additionally, depending on your RADIUS Server, if the shared secret (key) password is incorrect, the Access Request may be Ignored or Rejected by the RADIUS Server.

If the RADIUS server shows the Access Request was Accepted, but yet the dial up connection was disconnected, most likely then an attribute or attribute value contained within the Access Accept packet is not compatible with the ACS. This is most commonly related to the Framed IP value. The ACS does not support the peer determining it’s own address (RADIUS attribute value of 255.255.255.255)

If the RADIUS server doesn’t see the authentication request, the RADIUS client is not set to the same set of UDP ports as the RADIUS server, the RADIUS client is pointing to the wrong RADIUS server/IP address, or there is a network problem blocking or dropping the request (RADIUS uses UDP to communicate). No response to an Access Request is the same as receiving an Access Reject - the ACS will disconnect the call.

Dial Up Networking on the remote workstation: The properties applet usually has 5 tabs, with the "Security" and "Networking" tabs addressing the parameters of concern. The type of security must be "Typical" with "Allow Unsecured Password". This description of "typical" and "unsecured" refers to the PPP authentication protocol of PAP (which transfers the credentials as clear text). On the Networking tab, the TCP/IP component must be set to Obtain IP Address and DNS Automatically. The remaining TCP/IP parameters can be left at default. However for some of the options (depending on your network variables), if they are set incorrectly communication at a certain level may not work (like name resolution or routing issues).

IAS (Internet Authentication Service): There are many variables to IAS and it’s interaction with a Windows user database (Local Users or Active Directory) that go beyond the scope of this document (and beyond the control of an IAS Client). Additionally, even though IAS may already be installed and working with other clients (applications and appliances), this does not mean it’s settings and policies are appropriate when serving a new client (i.e. additional RAS gear).

IAS Clients Properties

IAS Policy Properties

Profile Settings:

When access to the modem is granted, an "OK" message is issued to the user/socket.

The ACS can not tell which application (on the workstation) is opening the TCP port/socket. Redirectors, telnet clients, and proprietary programs all appear the same to the ACS because they all need to use/follow TCP/IP to get to the modem in the ACS.

Telnet to the modem and issue AT commands, try to dial out. If responses to AT commands are encountered and the destination rings, the ACS and the phone line connected to it are working and acting appropriately.

When the ACS is configured for Modem Sharing with RADIUS Authentication, the user/s must have outbound rights (defined in your RADIUS server). Normally, the attribute of Service Type would be defined as "outbound".

If, from a Windows based computer the intention is to use the modem in the ACS as a TAPI resource (i.e. Dial Up Networking or other application using a modem listed in the Phone and Modems applet), a com port redirector program needs to be installed on the workstation and configured appropriately. The appropriate Multi-Tech modem choice (MT5634SMI-V92) needs to be manually assigned to the virtual com port created by the redirector. In most cases, the Phone and Modems applet can not auto detect a redirected modem solution, nor will it’s diagnostics feature be able to communicate with the modem. These is due to the behavior of the Phone and Modems applet. The com port created by the redirector will not be listed in the device manager, because it is not actually a piece of hardware within the PC.

Add 1 MCSI com port to your workstation (configure it and reboot the workstation). Multiple com ports can be installed and configured within the workstation, but only one MCSI2000 com port at a time can be active within the workstation. The properties of the MCSI com port should be:

Connect Time = 0

Direct (not MAG)

Use Line Defaults = Yes

Server IP address is that of the ACS

Protocol = Telnet

Port Number = 6000 or 700X depending on how the "pool" option is set in the ACS.

Authentication = No (unchecked).