Upgrade Guide - Juniper Networks
Contents
1. Browser Internet Explorer version 6 0 or later You will also need a standard Ethernet cable and a switch hub or an Ethernet crossover cable to establish a network connection between the administration PC and the Steel Belted Radius Appliance Pre Upgrade Checklist m 9 Steel Belted Radius Appliance Upgrade Guide Connect the Ethernet port on the administration PC to the LAN 1 Ethernet port on the Steel Belted Radius Appliance You can use standard Ethernet cables and a hub switch or a crossover Ethernet cable to connect to the two devices Configuring the Administration PC You must configure the administration PC to communicate with the Steel Belted Radius Appliance Configuring a Network Address The following procedure which describes how to configure a TCP IP address on the administration PC assumes that the administration PC is running the Windows 2000 operating system If you are running another version of the Windows operating system consult the user manual on configuring network TCP IP settings The interface for configuring TCP IP properties is similar for all Windows operating systems 1 From the Start menu choose Settings gt Network and Dialup Connections 2 Right click the Local Area Connection icon and select Properties The Local Area Connection Properties dialog Figure 7 opens Figure 7 Local Area Connection Properties Dialog Local Area Connection Properties General Advanced Connect us2. israup Management Network Configuration Radius Advanced SSL Certificate Update Log User Management 3 When the Computer Name field appears record the name of your system in Table 2 on page 4 Figure 5 Recording the Computer Name Modify Settings Computer Name Enter System Name Here Gathering Domain Information 1 Run NEWS 2 Choose Configuration Domain Management Figure 4 5 When the domain fields Figure 6 appear record your domain information in Table 2 on page 4 Gathering Network Information m 3 Steel Belted Radius Appliance Upgrade Guide Figure 6 Recording Domain Information Member Of Domain workGroup Domain Enter Domain Mame Here Mame Domain Administration Account gt Password Record Your Network Settings Use Table 2 to document the settings for your network Table 2 File Checklist Setting Your Information Location of the radiusbackup cab file Appropriate Certificates if applicable Computer Name Domain to Join Domain Administrator logon name Domain Administrator password Workgroup name Workgroup Administrator user name Workgroup Administrator password Local Administrator logon password Prepare Your Installation CDs An ISO file contains the complete disk image of an ISO 9660 file system including data files and filesystem files If you download a Steel Belted Radius ISO file from Juniper
3. Juniper Networks Steel Belted Radius Appliance Upgrade Guide Release 5 4 July 2007 Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number SBR TD AUPGR54 Revision 03 Copyright 2007 Juniper Networks Inc All rights reserved Printed in USA Steel Belted Radius Juniper Networks the Juniper Networks logo are registered trademark of Juniper Networks Inc in the United States and other countries Raima Raima Database Manager and Raima Object Manager are trademarks of Birdstep Technology All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners All specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Revision History Date Description 17 May 2007 Initial draft of Steel Belted Radius Appliance 5 4 x Upgrade Guide 18 July 2007 Updated screenshots and edited text M07718 Table of Contents Chapter 1 Chapter 2 About This Guide V Deroke VOU MB COU abeam AcBincaty acct cinch iA Strabone taf aeo haan uite isst ofer Ld V Ud MT V Related DOCUMEN UON vosmet ee epa oue Rer dep Etpa M ABL RAN DAE anni aie V COntacitie C ennieal SUD DOLE uides Oud
4. Steel Belted Radius Appliance Upgrade Guide Figure 18 Entering the Appliance Serial Number powered by NEVES Appliance Setup Wizard Welcome to the Network Engines Setup Wizard This will guide you through the setup process for setting up the Network Engines Web Agent Serial Number Scan in the Serial Number MNG Save Serial Number 7 When the Setup Wizard Password window Figure 19 opens enter the administrator password for the device in the New Password field and enter the identical password in the Confirm new password field Passwords must be at least eight characters in length and must contain a mix of uppercase and lowercase letters digits and non alphanumeric characters Figure 19 Specifying a Device Password Ju powered by n NEVES METWO zard Password Enter a new password for the Administrator user Passwords must meet the following requirements e Must be at least 8 characters long Cannot contain all or part of the account name Must contain characters from three of the following four categories Upper case characters 4 2 Oo Lower case characters a z o Digits 0 3 Man alphanumeric For example L or 95 Next Page gt gt Copyright c 2004 Network Engines Inc Canton Massachusetts All Rights Reserved 8 After you have entered the device password twice click Next Page 20 m Initial Steel Belted Radius Appliance Connection Chapter 2 Upgrading
5. aut files configure how Steel Belted Radius interoperates with a backend data store for the purpose of looking up user information Use the following checklist to identify the authentication files that have been customized for your installation If your aut file has a different name use the line to record the name of the file If you have other aut files list each one separately Ldapauth aut Sqlauth aut Peapauth aut Securidauth aut Sidalt aut Tlsauth aut Ttlsauth aut Uniport aut Ep e pe ape esp qne Qe E Winauth aut Server Certificates Files The pfx file stores your server certificate Use the following checklist to identify the certificate files that has been customized for your installation If your pfx file has a different name use the line to record the name of the file Your Corp pfx Trusted CA Root Certificates The der file stores your trusted CA root certificate Use the following checklist to identify the root certificate file that has been customized for your installation If your der file has a different name use the line to record the name of the file If you have other der files list each one separately Your Corp der EAP Configuration File The eap file configures EAP helper information Use the following checklist to identify the EAP helper files that has been customized for your installation If your eap file has a different name use the line to record the name of the f
6. Date and Time Set Domain Management Group Management Network Configuration SSL Certificate Update Log User Management 3 When the Advanced Radius Configuration window appears click the Logs and Accounting Logs entries to display the system log and accounting log files Logs iciradiussservice s Name Date Size Dperations 20070509 l0g 05 09 07 20 36 53 14 KB View Download Delete 20070517 Jog 05 17 07 17 29 23 5 KB View Download Delete sbrsetuptool log 5 09 07 19 09 33 1 KB View Download Delete system log 05 17 07 17 25 09 i1 KB View Download Delete Accounting Logs 4 Click the Delete link for each log file you want to delete After you stop Steel Belted Radius you should archive and delete or just delete any log and act files that you do not need to minimize the size of the archive file 12 m Deleting or Moving Logging and Accounting Files Chapter 2 Upgrading the Appliance Backing Up the Steel Belted Radius Directory This section describes how to back up the directory containing your Steel Belted Radius files to a cab archive file before you upgrade the Steel Belted Radius Appliance Er NOTE Before you back up your Steel Belted Radius directory verify that pop ups are enabled in your web browser Refer to your web browser help or documentation for information on how to enable pop ups To back up your Steel Belted Radius directory to an archive cab file 1 Use NEWS to co
7. Belted Radius Database m 15 Steel Belted Radius Appliance Upgrade Guide 3 Click Select All Figure 15 Figure 15 Clicking the Select All Button Select items then press OF to select export file RAS Clients Profiles Proxies Tunnels Other Data OF Cancel Select All X Gen eee 4 Click OK 5 Specify the directory in which you want to save the rif or xml backup file Figure 16 Record the path to the backup file After you upgrade your Steel Belted Radius software you will convert the rif file to an XML file format 16 m Exporting Your Steel Belted Radius Database Chapter 2 Upgrading the Appliance Figure 16 Specifying a Backup Directory v4 and v5 Versions Export To AML File Save In 3 amp pplianceUpgrade oe t My Recent Documents Desktop n LA Save in Sy SomeDirectory h t E Ez 7 hy Computer t w File name IFilen ame Miu Network P Save as type Radius Information Files rif Cancel E Upgrading Steel Belted Radius After you have backed up your Steel Belted Radius directory to a cab file and exported your Steel Belted Radius database to a rif or xml file you are ready to upgrade the Steel Belted Radius Appliance You will need Administrative privileges for the network and a monitor keyboard and mouse for this step in the upgrade process A CAUTION The upgrade process for the Steel Belted Radius Appliance
8. Disconnect Connect M Status e Statistics i Renn hint rnnnartarn When a login dialog appears enter your username in the Username field and your password in the Password field Figure 24 Configuring License Key Information m 25 Steel Belted Radius Appliance Upgrade Guide 26 a Figure 24 Entering Access Information Log Into server x Username Jacdrministratar Passyyord Eers L1 cancel 4 Choose File License Figure 25 Figure 25 Choosing File License E Steel Belted Radius File Panel Web Help Server Port Import Export Page Setup t Print Exit Adres Dil 5 When the Add a License for Server dialog opens enter your existing Steel Belted Radius version 4 x license key and your version 5 x upgrade license key in the License String field Figure 26 Click OK when you are finished Figure 26 Choosing File gt License Add a License for Server 1 X License string h 234 1234 1234 1234 1234 Cancel 6 Restart Steel Belted Radius See Restarting Steel Belted Radius on page 50 for information on how to restart Steel Belted Radius Importing Your Configuration Information After you have added your Steel Belted Radius version 5 x license you are ready to import the Steel Belted Radius database information you exported previously 1 Run SBR Administrator 2 Log into the Steel Belted Radius Appliance 3 Choose File gt Import Im
9. Radius Administration Guide describes how to configure and administer the Steel Belted Radius server software The Steel Belted Radius Reference Guide describes the configuration files and settings used by Steel Belted Radius Contacting Technical Support B Contacting Technical Support For technical support contact Juniper Networks at support juniper net or at 1 888 314 JTAC in the United States or 408 745 9500 outside the United States Check our website http www juniper net for additional information and technical notes When you are running SBR Administrator you can choose Web Steel Belted Radius User Page to access a special home page for Steel Belted Radius users When you call technical support please have the following information at hand Your Steel Belted Radius product edition and release number Information about the server configuration and operating system including any OS patches that have been applied For licensed products under a current maintenance agreement your license or support contract number Question or description of the problem with as much detail as possible Any documentation that can help resolve the problem such as error messages memory dumps compiler listings and error logs Chapter 1 Preparing to Upgrade This chapter consists of checklists and forms designed to help a network administrator gather the information required to upgrade a Steel Belted Radius Appliance If y
10. in step 6 above in the Preferred DNS server field 9 Do not enter anything in the Default gateway field 10 Click OK to close the TCP IP Properties dialog 11 Click OK to close the Local Area Connection Properties window 12 If you are running Windows 2000 with Service Pack 4 0 proceed to the Initial Steel Belted Radius Appliance Connection on page 19 If the administration PC is using an operating system other than Windows 2000 with Service Pack 4 0 reboot the computer to put the configured IP address into effect Configuring the Administration PC m 11 Steel Belted Radius Appliance Upgrade Guide Deleting or Moving Logging and Accounting Files If you don t need your logging yyyymmad log and accounting yyyymmad act files for auditing or other purposes you should delete them before backing up your Steel Belted Radius directory to make the backup faster and the resulting file smaller 2 NOTE If you have many log act files you can configure Steel Belted Radius to delete the files for you automatically Refer to Tips and Tricks on page 32 for information on how to remove a large number of files during an overnight rollover A NOTE Older versions of NEWS may not support the Delete function If this applies to you skip this procedure To remove Log and Accounting files 1 Use NEWS to connect to the Steel Belted Radius Appliance 2 Select Configuration Radius Advanced gt Configuration
11. 9ffc17378c02c78ea1521a99b0 SBR GEE 542 CD 3 ISO 415 O57efb2f64a38eb1654c48ed5351bfc5 SYS FNK400 000 Enterprise Edition SBREE 542W2K CD_1 ISO 603 4883833233e20edae8cf3cf7afba7 7 6cf A SBR EE 542 W2K CD_2 IS0 508 ea1ef69ba439dce191c7533c2ba48ebb SYS FNK400 500 Global Enterprise SBR GE 542 W2K CD_1 ISO 603 cc436c9016afa5bb50bb1e8c5030058f ORDI RENON SBR GE 542 W2K CD_2 ISO 508 Oc874dfc00ac126d38b5c42a445e75c4 2 Use any application capable of burning a raw ISO CD image such as K3b Nero Burning ROM or Roxio Easy CD Creator to record the iso file on a recordable CD When you record a raw ISO image to a CD the recording application interprets the ISO image as a complete CD image and extracts the directories and files in the image to the CD R For best results you should record your installation CD at a low speed 4X or 8X 3 Verify that your new installation CD R was recorded correctly Insert the CD R into your computer and display its contents If the CD R was recorded correctly you should not see the iso file used to record the CD R Instead you should see a list of files and directories Prepare Your Installation CDs m 5 Steel Belted Radius Appliance Upgrade Guide File Replacement Checklists Before you upgrade your Steel Belted Radius Appliance you must identify the Steel Belted Radius configuration files You can use the configuration files modification dates to identify which files may have been customized If
12. Belted Radius Appliance Upgrade Guide 5 When the File Download window Figure 12 opens click Save Figure 12 Saving the radiusbackup cab File File Download x P Some files can harm your computer IF the file information below E looks suspicious or vou do not Fully trust the source do not open ar save this file File name radiusbackup cab File type winzip File From Would vau like to open the file or sawe it to your computer Open ses Cancel Mare Infa M Always ask before opening this type of file 6 Specify the directory in which you want to save the radiusbackup cab file and click OK After you save the radiusbackup cab file you are ready to export your Steel Belted Radius database Exporting Your Steel Belted Radius Database You use the SBR Administrator to export your Steel Belted Radius database to an archive file m If your Steel Belted Radius Appliance is running software version 4 x you will export your Steel Belted Radius database to a RADIUS Interchange Format rif file which you must convert to XML before importing into your upgraded Appliance m If your Steel Belted Radius Appliance is running software version 5 x you will export your Steel Belted Radius database to an XML file To export your Steel Belted Radius database 1 Run SBR Administrator and connect to your Steel Belted Radius server Figure 15 14 m Exporting Your Steel Belted Radius Database Zi Chapter 2 Upgrad
13. Networks you must copy each ISO file to a recordable CD as an image and then use the CDs to install the Steel Belted Radius software on your Steel Belted Radius Appliance or to re image the device back to an unconfigured state 4 NOTE The application you use to create the installation CD must be capable of recording raw ISO images If you copy the ISO image as a file to CD R the Steel Belted Radius Appliance will not read the contents of the images To create your installation CD ROM 1 Download the ISO files appropriate for your Steel Belted Radius Appliance from the Steel Belted Radius User webpage http www juniper net customers support products aaa 802 sbr user jsp 4 W Record Your Network Settings Chapter 1 Preparing to Upgrade Table 3 identifies the ISO files you need to download for each model and edition of the Steel Belted Radius Appliance Use the MD5 hash value for each file to confirm that the file is complete and correct Table 3 Steel Belted Radius ISO Files File Size Model Number Software Edition ISO Files MB MD5 Hash SYS G JNP500 000 Enterprise Edition SBREEE 542 CD_1 1SO 603 7c22d7aaf88bc25ffb966daa95750706 SEEN Ete SBR EEE 542 CD 2 ISO 599 016efd1f9a835026880be2b6f3504ec3 SBR EEE 542 CD 3 ISO 415 cc8040c3c4cb1d046b9143ea57657384 SYS G JNP 500 500 Global Enterprise SBR GEE 542 CD 1 ISO 603 8d75eb9b955932bd6e563f5bbdba1ad8 SYS G JNP Etude d SBR GEE 542 CD 2 ISO 599 b9a549
14. VE Data dh usto ene aN aN SIEEN vi Preparing to Upgrade 1 Edupmenpehece NIS cc susct taie Let ota eset thie tues eios table Aud uta dated teaeahiaas 1 Gathering Network In OrmatoN e ot enia cowl EEA tan A l Gathering IP Configuration TOLOPIPIBC DES cst eat Got nde t ER Ones l Gathering System Name IMLOnmnalO tii oae CEPR Rp HO Ete IO pU CIN 3 Gathering Domain TOT Da OD ad op edd vie CHO Td eden op ERR 3 Record YOUR NCULWOIK SEINE S oscuro d Has poe ete pa ERAS Lt 4 Prepare rour Iistallauorr CDS s oom de tov oO a Ud bead oceans 4 Eieeplacendent C nec IPSIS xs ore E tt RN MA Sc dt ad dil at 6 General COMMOURAMO Mi FES ciae ana nib be bcn E ais qp oth 6 Dicuona FIE cem I DM Sheath ata Na hn Once ohana ada 6 AUTENC On Ele Sues tas tm Earn nt frre ony io Do sU aoa EM 7 SENET COPMMCALCS NCS vac het inten ths rosea a Denisa aa Valin wee enamels 7 Trusted CASBOOL CCELIIIC AUCs o beh ip Sat ra aa e rt ah ati re ed et ibtd 7 EADPCOnNSUEQUOELUBIS sate ae emet e t cte tuat aedurtostue dest qttedietd 7 SOGUEID Auten canon FIle S cinerariae Set nGer tu Pues fetal deside antes 8 Directed Realm C Ontig UFAEIO MCE ICS teer tensis oae bu eite OA 8 Proxy Rean COMMOUT ATOM PIE S arrer aaa tegeret p tertie ent 8 I2HCPZROOLICORIBUEIHODL BIG e tu tiatubutte t eadein bump tame dtes 8 Attribute PoobconHeguratori PIC sie rie e RM p im EE nd debated 8 Upgrading the Appliance 9 Pre Jp ao oa CREC MU a ae mT eee nn peer oR eC en eer 9 CODD CHO Eve 7G Sth aon PE ia E OA e
15. a different name use the line to record the name of the file Pool dhc Attribute Pool Configuration File 8 m File Replacement Checklists The rr files store information used for attribute pool configuration Use the following checklist to identify the rr files that have been customized for your installation If your rr file has a different name use the line to record the name of the file Acme rr Chapter 2 Upgrading the Appliance Pre Upgrade Checklist Before you Start upgrading the Steel Belted Radius Appliance verify that the follow tasks have been completed and that all required equipment and information is at hand Required hardware is available see Equipment Checklist on page 1 Steel Belted Radius CD ROM is available see Prepare Your Installation CDs on page 4 Upgrade license information is available Device and network information has been recorded correctly Person performing the upgrade has the appropriate access permissions The upgrade process for the Steel Belted Radius Appliance should take 1 2 hours to complete Connecting the Administration PC You must use a Windows PC or laptop as an administration workstation to configure the Steel Belted Radius Appliance The administration PC must meet the requirements listed in Table 4 Table 4 Administration PC Requirements Operating system B Windows 2000 B Windows 2005 B Windows XP Networking Standard Ethernet port
16. a erede ta 2 COMMOUTING The AoTIRISECACTOD PO asc eno are oct uae e utn ates 10 Contieurhe a NCIWOT RAIL ESS ccitins a tud itera A n isrpi eese 10 Deleting or Moving Logging and Accounting Files iate ttt ed tances 12 backmg Up the teebBelted R di s Directory sda se stents ale ema gt tans 15 Exporting YoUrcsteebbelied Radi s DOraDSE occaotqpr cremate mugen 14 Upgrade SteebBelteg POIalllsiesiastetedbesuc siete E A 17 Initial Steel Belted Radius ADDIanceC ohne BOPIassesksemente eum em ups 19 Conmeuring Bostmarueund Bona eN S erran e c Me heresim etes 25 BER LO SM E CONV ELSTON perceit iert tien atate utate deutet audi ERES 24 Configuring License Key TAT OMA ON deutet taki o tastrenett te ar ese en ibd tamus 25 Irpording ToU COTHgg IFOEIOF T pO PETITIO Pls ct drea euteetreyn bed e pE 26 mporine Your Combe BEOHOTTDI O S ecce tavit nde tone detenta teamed tette 28 Steel Belted Radius Appliance Upgrade Guide Ixespartime Stee Bened ACIS iei s iiec ccnay tautum pete se Rab ubi ids 30 Stoppirie the SteekBelted Radius SEVICE sac esa e es mne uU NS DE 30 Starting tne Steel Beller Radius SEVICE cocoa endet tu a bes i es 30 Shutting Down the Steelkbelted Radius ADDHARICO xke pa edo adobe pb eos 31 jo Sc e MAE GIOI E T E A RR 32 peregre Multiple LoS FleS eiretie avt emassa deese Mus en eem tat 52 About This Guide This document describes how to upgrade a Steel Belted Radius Appliance which is a standalone RADIUS server in a rack mountable devic
17. ame and a workgroup membership Note that you cannot configure the Steel Belted Radius Appliance to belong to both a domain and a workgroup To configure hostname and domain information 1 Run the NEWS interface 2 Choose Configure gt Network Domain 1 When the Domain window Figure 22 opens enter a system name that conforms to your network environment in the Appliance Name field Figure 22 Domain Window JUNI PET m power TWORK are Monitor Maintenance Current Settings Appliance Name WEI APPLIANCE Workgroup Name WORKGROUP Modify Settings Appliance Mame NEIFAPPLIANCE Member Of Domain 9 WorkGroup Workgroup WORKGROUP Name fe Enter The Name Of A Person With Permission To Join TE Password DO OE Domain User Password Accept Changes Copyright c 2004 Network Engines Inc Canton Massachusetts All Rights Reserved 2 Specify a domain or workgroup for the Steel Belted Radius Appliance If you want to join the Steel Belted Radius Appliance to a domain a Click the Domain radio button b Enter the appropriate domain name in the Domain field c Enter the user name for the domain administrator in the Name field d Enter the password for the domain administrator in the Password field Configuring Hostname and Domain Settings m 23 Steel Belted Radius Appliance Upgrade Guide If you want to specify a workgroup membership for the Steel Belted Radius Appliance a Click the Workgroup radio b
18. ays before your scheduled upgrade 1 Run SBR Administrator and log into your Steel Belted Radius Appliance 2 Click Reports in the Sidebar and click the Settings tab The Settings panel Figure 36 appears Figure 36 Configuration Panel Steel Belted Radius Global Enterprise Edition S6R APPLIANCE File Panel Web Help Steel Belted Radius Refresh Oo gir Current Sessions Auth Logs Locked Accounts settings Server Connection e RADIUS Clients e Users Profiles Proxy Targets Tunnels Address Pools Administrators Authentication Policies Replication Statistics e LIH Daye to keep server log file S88 3 Enter a value of 1 in the Days to keep server log file field This will automatically remove any log or act file older than one day 32 m Tips and Tricks
19. cannot be reversed After you complete these steps you cannot recover information from the Steel Belted Radius Appliance Make sure your archive files have been created and are stored in a safe location before proceeding 1 Connect the monitor keyboard and mouse to the Steel Belted Radius Appliance You may have to uncap the monitor port on the back of the Appliance by removing a plate with two screws before you can connect the monitor 2 Insert CD 1 into the CD ROM drive on the Steel Belted Radius Appliance Upgrading Steel Belted Radius m 17 Steel Belted Radius Appliance Upgrade Guide Reboot the Steel Belted Radius Appliance a Inthe NEWS interface choose Shutdown gt Shutdown or Reboot gt Shutdown b When the Power Controls window opens enter your administrator password in the Password field c Click the Reboot button d When you are prompted to confirm you want to reboot the Steel Belted Radius Appliance click OK Depending on what software version you are running on the Steel Belted Radius appliance a time indicating how long the reboot will take may appear When the Steel Belted Radius Appliance reboots press the Delete key on the keyboard connected to the device to enter the System BIOS Navigate to the BOOT menu in the System BIOS and verify that the first boot device listed is CD ROM Navigate to the Advanced gt Advanced Chipset Control panel in the System BIOS and change the SATA Mode set
20. ce in the IP Address field 12 Enter the subnet mask for your network in the NetMask field 13 Enter the gateway router IP address in the Gateway field 14 Enter the IP addresses for your primary and secondary DNS nameservers in the Primary DNS and Secondary DNS fields 15 If your network is running the Windows Internet Naming Service WINS enter the IP addresses for your primary and secondary WINS servers in the Primary WINS and Secondary WINS fields 16 Click Next Page 17 If you want to configure the GigE1 port enter the appropriate settings in the GigE1 tab on the Setup Wizard Adapters window Figure 21 Figure 21 Specifying Configuration Settings for the GigE1 Adapter ni i awered XJ u n i per amp tom Bolted Radios Appliance A AAA HET WORK nfigure Operations Radius Setup Wizard Adapters Enter the IP information for the GigEO network adapter Summary GIgEO GigE1 Adapter GigE1 Enabled Mac Address 00 30 48 43 77 75 Type IP Address NetMask Gateway o Primary DNS o C Display WINS fields Show Advanced IP Settings Enable NetBIOS over TCP IP Advanced NIC Settings NexPage 22 m Initial Steel Belted Radius Appliance Connection Chapter 2 Upgrading the Appliance Configuring Hostname and Domain Settings In typical situations you must configure a hostname and a domain for a Steel Belted Radius Appliance In some situations you must configure a hostn
21. e to Release 5 4 x of the Steel Belted Radius software Before You Begin Audience This manual assumes that you have installed the Steel Belted Radius Appliance and have previously configured the Steel Belted Radius software For information on how to install the Steel Belted Radius hardware refer to the Steel Belted Radius Appliance Hardware Setup Guide For information on how to configure the Steel Belted Radius software refer to the Steel Belted Radius Appliance Configuration Setup Guide This manual is intended for network administrators responsible for implementing and maintaining authentication authorization and accounting services This manual assumes that you are familiar with the NEWS program which is used to configure the Steel Belted Radius Appliance hardware This manual also assumes you are familiar with general RADIUS Remote Authentication Dial In User Service and networking concepts and the specific environment in which you are installing Steel Belted Radius Related Documentation The following documents supplement the information in this manual Steel Belted Radius Documentation Please review the Release Notes that accompanies your Steel Belted Radius software for late breaking information not available in this manual Before You Begin B V vi Steel Belted Radius Appliance Upgrade Guide In addition to this manual the Steel Belted Radius documentation includes the following manuals The Steel Belted
22. h is used by Steel Belted Radius v4 x to XML format which is used by Steel Belted Radius v5 x To convert your rif files copy rif2xml exe to the directory in which you saved your exported rif file and then run the rif2xml exe tool 1 Choose Start gt Run Chapter 2 Upgrading the Appliance Enter CMD and press ENTER Navigate to the directory that holds your rif file and the rif2xml exe tool Execute the following command to run the rif2xml exe tool rif2xml exe rif file rif output xml where rif file rif is the name of your rif archive file and output xml is the name of the converted XML file you want to save When you see a message similar to the following close the DOS window end of input RIF file Configuring License Key Information This section describes how to add one or more license keys to the Steel Belted Radius server software running on the Steel Belted Radius Appliance Jl d eT Run SBR Administrator Log into the Steel Belted Radius Appliance Select the Remote button Figure 25 and enter the IP address of the Steel Belted Radius Appliance in the Remote field Figure 23 Logging Into the Steel Belted Radius Appliance Fie Panel Web Help ER Steel Belted Radius PRU Radius server selection aBrverz e radius Clients e Users e Frotiles e Proxy Targets Tunnels e Address Pools e dministrators Authentication Policies Local Remote Erter Appliance IP here
23. ile Tlsauth eap File Replacement Checklists m 7 Steel Belted Radius Appliance Upgrade Guide SecurlD Authentication Files The sdconf rec file configures how Steel Belted Radius interoperates with RSA SecurID You must archive the sdconf rec file if you use RSA SecurID Sdconf rec Directed Realm Configuration Files The dir files store information used for directed authentication These files should be listed in the proxy ini file Use the following checklist to identify the directed realm configuration files that have been customized for your installation If your dir files have different names use the lines to record the name of the file RealmName1 dir RealmName2 dir RealmName3 dir Proxy Realm Configuration Files The pro files store information used for proxy realm authentication These files should be listed in the proxy ini file Use the following checklist to identify the proxy realm authentication configuration files that have been customized for your installation If your pro files have different names use the lines to record the name of the files Realm1 pro Realm2 pro Realm3 pro DHCP Pool Configuration File The dhc files store information used for Dynamic Host Configuration Protocol DHCP allocation of IP addresses Use the following checklist to identify the DHCP authentication configuration files that have been customized for your installation If your dhc file has
24. ing EJ Broadcom 440 10 100 Integrated C This connection uses the following items 12 QoS Packet Scheduler Netvork Monitor Driver W Internet Protocol TCP IP ill Install Uninstall Description Allows your computer to access resources on a Microsoft network Show icon in notification area when connected Notify me when this connection has limited ar na connectivity 3 Select Internet Protocol TCP IP 4 Click Properties 10 nm Configuring the Administration PC Chapter 2 Upgrading the Appliance The TCP IP Properties window Figure 8 opens Figure 8 TCP IP Properties Dialog Internet Protocol TCP IP Properties p General rau can get P settings assigned automatically if pour network supports this capability Uthenvise you need to ask your network administrator Far the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 172 158 1 11 Subnet mask 255 255 0 Use the following DNS server addresses Preferred DNS server 152 168 1 11 Alternate DHS server EE 5 Click the Use the following IP address radio button 6 Enter 192 168 1 n in the IP address field substitute a number in the range 1 254 other than 10 which is the default host address for the Steel Belted Radius Appliance for n in the IP address you enter 7 Enter 255 255 255 0 in the Subnet mask field 8 Enter the IP address you used
25. ing the Appliance Figure 13 Connecting to Your Steel Belted Radius Server Version 4 x C Steel Belted Radius Administrator Bl x File Help z Radius server selection C RAS Clients f Local Remote IP of Remote Syster Disconnect C Users C Profiles EE Proxy Mot connected C Tunnels C P Pools C Ex Pools C Access C Configuration C Statistics Figure 14 Connecting to Your Steel Belted Radius Server Version 5 x Steel Belted Radius Global Enterprise Edition FUMKAPPLIANCE File Panel Web Help E Steel Betted Radius RADIUS server selection RADIUS Clients rss Users am Frotles Remote 192 168 4110 Proxy Targets Tunnels d e Q Administrators Authentication Policies Replication Statistics server started 2007 05 17 at 17 34 28 Reports Platform Windows NT Workstation v5 0 Auta confiquring server IPv4 addresses Configured server IP address 192 158 1 10 Evaluation period will expire an 2007 06 08 Licensed for Global Enterprise Edition Licensed for up ta 10 directed realms Proxy status Extended proxy enabled Bound to address 192 158 1 10 port 1646 Bound to address 192 158 1 10 part 1813 Bound to address 192 158 1 10 part 1645 Bound to address 192 158 1 10 part 1812 Custom authentication method Windows Domain Group Custom authentication method Windows Domain User Choose File gt Export Exporting Your Steel
26. k an adapter name below to configure Connected Adapter Description IP Address Type eS Local rea Connfigtion Intel R PRO 1 000 MT Network Connection 172 16 2 210 Static IP Record the network settings displayed for Network Interface Card NIC 1 in Table 1 Figure 3 Recording Network Configuration Information i Enable NetBIOS over TCP IP MOTE To join an NT 4 0 domain Net Adapter Local Area Coi lac Address 00 30 48 43 27 88 Type static iP IP Address 23 23 31 NetMask 266 255 0 0 Gateway 12312301 Primary DNS 23422031 O O Secondary DNS is Repeat steps 5 4 for Network Interface Card NIC 2 Table 1 Network Information Setting Your Information NIC 1 IP Address NIC 1 Net Mask NIC 1 Gateway NIC 1 Primary DNS NIC 1 Secondary DNS NIC 1 WINS NIC 1 NetBIOS setting NIC 2 IP Address Chapter 1 Preparing to Upgrade Table 1 Network Information continued Setting Your Information NIC 2 Net Mask NIC 2 Gateway NIC 2 DNS Primary NIC 2 DNS Secondary NIC 2 WINS NIC 2 NetBIOS setting System Name Domain Name Domain Login Domain Password Gathering System Name Information To gather system name information 1 Run NEWS 2 Choose Configuration gt Domain Management Figure 4 Figure 4 Choosing Configuration gt Domain Management guration Date and Time Set Domain Management
27. nk and navigating to the directory in which you stored your customized copy Figure 31 File Upload Dialog NEWS Microsoft Internet Explorer File upload account ini Click Browse to select the local file which will be uploaded to replace account ini Upload file C FileSavel account ini Browse LIplaad Cancel 5 After you upload a file click the View link for that file Figure 32 and verify the correct file was uploaded Figure 32 Verifying an Uploaded Configuration File General Configuration c sradiussservice Name Date Size Operations access Inl 08 31 05 15 41 14 2 KB View Download Upload account ini 11 04 05 11 05 50 2KB wiew Download Upload admin ini 06 31 05 15 41 14 2 KB Vi Download Upload E NEWS F Microsoft Internet Explorer This file defines accounting options for the ASCII corma delimited AC z tile produced by the Steel Belted Radius server z The supported options for each section of the ACCOUNT INI file are de z below 6 When you finish uploading customized configuration files restart Steel Belted Radius For more information see Restarting Steel Belted Radius on page 50 Importing Your Configuration Files m 29 Steel Belted Radius Appliance Upgrade Guide Restarting Steel Belted Radius To restart Steel Belted Radius you must stop the service and then start it Stopping the Steel Belted Radius Service 1 Use NEWS to connect to the Steel Belted Radius A
28. nnect to the Steel Belted Radius Appliance 2 Choose Configuration gt Radius Advanced Figure 9 Figure 9 Choosing Configuration gt Radius Advanced gt Configuration Date and Time Set Domain Management Group Management Network Configuration SSL Certificate Update Log User Management 3 Click the Backup Configuration button Figure 10 Figure 10 Clicking the Backup Configuration Button Backup Restore Configuration Files To backup the entire Radius configuration to your local system click Backup Configuration All configuration files will be packaged up and downloaded to your system The Steel Belted Radius service wil be temporarily stopped during this operation Backup Configuration To restore the Radius configuration from a previous backup package enter the restore package filename then click Restore Configuration All configuration files wil be overwritten The Steel Belted Radius service wil be temporarily stopped during this operation Browse Restore Configuration 4 When you are prompted to stop the Steel Belted Radius service Figure 11 click OR Figure 11 Stopping the Steel Belted Radius Service Microsoft Internet Explorer l x iin The Steel Belted Radius service will be stopped temporarily while Files are packaged up For backup Click OK to continue ar CAMCEL to cancel the backup operation Cancel Backing Up the Steel Belted Radius Directory m 13 Steel
29. ou use the following checklists and forms to gather configuration and network information before you start upgrading the Steel Belted Radius Appliance you should be able to complete the upgrade process smoothly in about an hour Equipment Checklist Use the following checklist to document that you have the equipment required for the Steel Belted Radius Appliance upgrade on hand Administration PC Windows laptop recommended Hub and Cat 5 Ethernet cable or crossover Ethernet cable Power Cables Steel Belted Radius installation CDs may require access to CD ROM writer and recordable CD Rs if you download ISO images Monitor keyboard and mouse for the Steel Belted Radius Appliance Gathering Network Information Perform the following procedures to gather information about your network settings Use Table 1 on page 2 to record the settings for your network Gathering IP Configuration Information 1 Run NEWS 2 Choose Configuration Network Configuration Figure 1 Equipment Checklist m 1 Steel Belted Radius Appliance Upgrade Guide 2 m Gathering Network Information Figure 1 Displaying Network Configuration Information gt Configuration Date and Time Set Domain Management Croup Management Network Contiguratian Radius Advanced SSL Certificate Update Log User Management When the adapter list Figure 2 appears click an adapter name to display its Settings Figure 2 Adapter List Clic
30. porting Your Configuration Information Chapter 2 Upgrading the Appliance 4 When the Import from XML File dialog Figure 27 opens select your configuration file and click Open Figure 27 Import from XML File Dialog Import From XML File Look in E SomeDirectory m 4 ES upgrade ES History Des kto p My Documents im My Computer jam i piae L File name in x Files of type XML Files Cancel bly Metwoark pu Open az read only 5 When the Import window Figure 28 opens click the Select All button to indicate you want to import all the settings you exported previously Figure 28 Import Dialog Select items then press OK to select import file e When imported items are found in the database O Skip E Replace Select w 6 Use the Skip and Replace radio buttons to specify whether you want Steel Belted Radius to skip or replace an item if a duplicate entry is found during import Importing Your Configuration Information m 27 Steel Belted Radius Appliance Upgrade Guide 7 Click OK to import the Steel Belted Radius configuration settings from the XML file Importing ee Finishing reports settings import Importing Your Configuration Files After you have imported your Steel Belted Radius configuration settings you must import your customized configuration files Refer to File Replacement Checklists on page 6 to see which files you need to impor
31. ppliance 2 Choose Operations gt Advanced Operations gt Start and Stop Services gt Operations Advanced Operations Edit Host File Logout Shutdown or Reboot Start stop Services 3 When the list of services appears click the Steel Belted Radius link Figure 33 Figure 33 Choosing Services gt Start and Stop Services Ju puuirti Filii Spiel uv 54 C3 Steel Belted S Steel Belted Radius 4 When the Steel Belted Radius page opens click the Stop Service button After you click the Stop Service button the Status icon turns black Refresh stop Service Service Mame Steel Bel Radius Description Steel Belted Radius Status Started Starting the Steel Belted Radius Service 1 Use NEWS to connect to the Steel Belted Radius Appliance 2 Choose Operations gt Advanced Operations gt Start and Stop Services gt Operations Advanced Operations Edit Host File Logout Shutdown or Reboot Start Stop Services 5 When the list of services appears click the Steel Belted Radius link 4 When the Steel Belted Radius page opens click the Start Service button After you click the Start Service button Steel Belted Radius restarts and reads its configuration files 30 m Restarting Steel Belted Radius Chapter 2 Upgrading the Appliance Shutting Down the Steel Belted Radius Appliance l 2 5 Use NEWS to connect to the Steel Belted Radius Appliance Choose Shutdown gt Shutdown or Reboot En
32. t To upload configuration files 1 Use NEWS to connect to the Steel Belted Radius Appliance 2 Choose Configuration gt Radius Advanced Figure 29 Figure 29 Choosing Configuration gt Radius Advanced gt Configuration Date and Time Set Domain Management Group Management Network Configuration SSL Certificate Update Log User Management 3 Click the Upload link for each file you want to upload Figure 30 Figure 30 Uploading Configuration Files to the Appliance General Configuration c sradiussservice Name Date Size Operations access Ini 06 31 05 16 41 14 z KB View Download Upload account ini 11 04 05 11 05 50 2 KB View Download a admin ini 06 31 05 15 41 14 z KB View Download Upload authlog ini 06 31 05 16 41 14 4 KB View Download Upload N CAUTION Take care to upload the right files to Steel Belted Radius Uploading overwriting the wrong file can cause Steel Belted Radius to stop functioning If you require more information contact Juniper Technical Support 28 m Importing Your Configuration Files Chapter 2 Upgrading the Appliance 4 When a popup window Figure 31 prompts you to browse for the file you want to upload navigate to the file you want to upload For example if you modified the account ini file to record only RADIUS attributes specific to your environment you would upload your copy of account ini overwriting the default version of the file by clicking the Upload li
33. ter the administrator password in the Password field and specify the shutdown option you want to use Figure 34 Click Reboot to reboot the Appliance Figure 34 Shutting Down the Steel Belted Radius Appliance Password ae Options C Force Applications To Quit Force Applications To Quit Only If They Are Hung Da Not Force Applications Ta Quit Action Reboot Shutdown the operating system then automatically reboot th p i When you are prompted to confirm you want to reboot the Appliance click OK The Power Controls window Figure 35 counts down the time until the server is rebooted Figure 35 Counting Down to Shutdown den 7CPCLPEGREGSN LEN COAHULECLPEGN erm T Fhirinn REGN CLP 2 Ltrs Wir tr F oo TF Powe r Co nt ro i S Shutdown or reboot the applian The Appliance Is Rebooting Please Standby You willbe automatically reconnected in minutes Time Remaining 117 At this point the upgrade for your Steel Belted Radius Appliance should be complete NOTE If you modified the number of days Steel Belted Radius retains logging and accounting files to purge old files you should restore its previous value after the upgrade is complete Shutting Down the Steel Belted Radius Appliance m 31 Steel Belted Radius Appliance Upgrade Guide Tips and Tricks Deleting Multiple Log Files If you have a large number of log or act log files that you do not want perform the following procedure two d
34. the Appliance 9 When the Setup Wizard Adapters window Figure 20 opens enter IP address information for the management NIC You should retrieve this information from the records you made in Table 1 on page 2 NOTE After you configure IP address information for the management NIC on the Steel Belted Radius Appliance you will need to modify the settings on your administration PC to use the same TCP IP subnet to re connect to the Steel Belted Radius Appliance Refer to Configuring the Administration PC on page 10 for information on how to specify TCP IP settings on your administration PC Figure 20 Specifying Configuration Settings for the GigEO Adapter te owered J u i per Stc Boited KEadius Appliance Ae NETWORK Setup Wizard Adapters Enter the IP information for the GigEO network adapter Summary GigEO GigE1 Adapter GigEO Enabled amp amp Mac Address 00 30 48 43 77 74 Type IP Address NetMask Gateway o Primary DNS o Primary WINS Secondary DNS o Secondary WINS 1270 0 Display WINS fields Show Advanced IP Settings Enable NetBIOS over TCP IP Advanced MIC Settings j Nea Page gt gt 10 Use the Type list to select the type of address Static IP you want the Steel Belted Radius Appliance to use Initial Steel Belted Radius Appliance Connection m 21 Steel Belted Radius Appliance Upgrade Guide 11 Enter the IP address for the Steel Belted Radius Applian
35. ting from RAID to IDE 18 m Upgrading Steel Belted Radius NOTE If you do not change the SATA mode setting from RAID to IDE the Steel Belted Radius will fail to restart properly 7 8 Navigate to Exit and press Enter for Save amp Exit Setup When you are prompted to confirm that you want to SAVE to CMOS and EXIT enter Y and press Enter to continue When you receive a WARNING window press any key to start the Ghost re imaging process The Ghost re imaging process restores the Steel Belted Radius Appliance to a non configured state and then installs the new Steel Belted Radius image When system instructs you to do so insert CD 2 and for ROHS systems CD 3 into the CD ROM drive The Steel Belted Radius Appliance reboots itself when the Ghost Re imaging Process finishes running After the Steel Belted Radius Appliance reboots itself the SysPrep process applies new Settings installs the NEWS system and hardens the Steel Belted Radius Appliance operating system The Steel Belted Radius Appliance may reboot itself several times while the SysPrep process is running Chapter 2 Upgrading the Appliance Initial Steel Belted Radius Appliance Connection 1 If necessary turn on the Steel Belted Radius Appliance The power button is located behind the bezel on the front of the Steel Belted Radius Appliance Pull the bezel forward tilt down and remove the packing foam inside the bezel The power button is the last but
36. ton on the right 2 Confirm the connection link lights next to the network ports on the Steel Belted Radius Appliance are lit 5 Launch Internet Explorer v6 0 on the administration PC Disregard any error message that indicates the browser is not connected to the Internet 4 Enter https 192 168 1 10 3886 in the Address field of the browser to connect to the Steel Belted Radius Appliance You must use https instead of http to specify this is a secure connection 5 When the Security Alert dialog Figure 17 opens click Yes Figure 17 Security Alert Dialog Security Alert E x changed by others However there is a problem with the site s 5 Information you exchange with this site cannot be viewed or em security certificate fuk The security certificate was sued by a company you have not chosen to trust View the certificate to determine whether wou want bo trust the certifying authority e The security certificate date is valid 5 The name on the security certificate iz invalid or does not match the name af the site Do unu want to proceed Yes View Certificate 6 When the Appliance Setup Wizard window Figure 18 opens enter the serial number for your Steel Belted Radius Appliance which is a number that starts with NNG on the back of the Appliance in the Scan in the Serial Number field click Save Serial Number and then click Next Page Initial Steel Belted Radius Appliance Connection m 19
37. utton b Enter the appropriate workgroup in the Workgroup field c Enter the user name for the workgroup administrator in the Name field d Enter the password for the workgroup administrator in the Password field 3 Click Accept Changes 4 Reboot the Steel Belted Radius Appliance a Inthe NEWS interface choose Shutdown gt Shutdown or Reboot gt Shutdown b When the Power Controls window opens enter your administrator password in the Password field c Click the Reboot button d When you are prompted to confirm you want to reboot the Steel Belted Radius Appliance click OK Depending on what software version you are running on the Steel Belted Radius appliance a time indicating how long the reboot will take may appear RIF to XML Conversion E NOTE If your Steel Belted Radius Appliance is running software version 5 x you can ignore this section 24 m RIF to XML Conversion If your Steel Belted Radius Appliance is running software version 4 x you will need to convert the rif archive file created when you export the Steel Belted Radius database described in Exporting Your Steel Belted Radius Database on page 14 To convert the rif file you must run the rif2xml exe tool which is installed in the C Radius Admin directory on the administration PC when you install the SBR Administrator application The rif2xml exe tool converts archive files stored in RADIUS Interchange Format rif whic
38. you are not certain which files you need to archive contact Juniper Networks Technical Support For a complete explanation of these files please refer to the Steel Belted Radius Reference Guide Use the checklists that follow to identify which files you need to merge after upgrading General Configuration Files Dictionary Files 6 m File Replacement Checklists The ini files configure operational settings in Steel Belted Radius Use the following checklist to identify the files that have been customized for your installation access ini eap ini account ini events ini admin ini filter ini authReport ini lockout ini authReportAccept ini proxy ini authReportBadSharedSecret ini radius ini authReportUnknownClient ini redirect ini authReportReject ini securid ini authlog ini servtype ini blacklist ini spi ini bounce ini tacplus ini ccagw ini update ini E pop op ES ES E S ASTE ESE EE Jed classmap ini vendor ini LI LI LI LI LI LI LI LI LI LI LI LI LI LI dhcp ini The dct files configure how Steel Belted Radius interoperates with a remote access server RAS or network access server NAS Use the following checklist to identify the dictionary files that have been customized for your installation If your dct files have different names use the lines to record the name of the files Specialt dct Special2 dct Special3 dct Chapter 1 Preparing to Upgrade Authentication Files The
Download Pdf Manuals
Related Search