RADIUS and WLAN Infrastructure Monitoring

Similar documents

Monitoring of RADIUS Infrastructure Best Practice Document

Belnet Networking Conference 2013

AMRES NOC Bojan Jakovljević. 8 th TF-NOC meeting, Athens 2013.

Splunk Log Management

Using Windows NPS as RADIUS in eduroam

Wi- Fi settings for Windows XP

Virtual Private Network (VPN)

Massey University Wireless Network - Client

Connecting to Secure Wireless (iitk-sec) on Fedora

RAD-Series RADIUS Server Version 7.1

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Wireless Network Configuration Guide

Particularities of security design for wireless networks in small and medium business (SMB)

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

MSC-131. Design and Deploy AirDefense Solutions Exam.

Case Study - Configuration between NXC2500 and LDAP Server

RAD-Series RADIUS Server Version 7.3

How To Set Up An Ipa 1X For Aaa On A Ipa 2.1X On A Network With Aaa (Ipa) On A Computer Or Ipa (Ipo) On An Ipo 2.0.1

Overview LANCOM Software Version 7.20 August , LANCOM Systems GmbH

Wireless Technology Seminar

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

How To Test An Eap Test On A Network With A Testnet (Networking) On A Pc Or Mac Or Ipnet (For A Network) On An Ipnet Or Ipro (For An Ipro) On Pc Or Ipo

ClickShare Network Integration

EAP300. Long Range Ceiling Mount Access Point PRODUCT OVERVIEW

EAP350. Long Range Ceiling Mount Access Point PRODUCT OVERVIEW

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

WS 2000 Wireless Switch. System Reference

OpenFlow-based authorization mechanism for Wi-Fi roaming systems

(d-5273) CCIE Security v3.0 Written Exam Topics

Error and Event Log Messages

Sample. Configuring the RADIUS Server Integrated with ProCurve Identity Driven Manager. Contents

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

A practical guide to Eduroam

Huawei WLAN Authentication and Encryption

EAP350 EAP350. Long Range Ceiling Mount Access Point PRODUCT OVERVIEW

ENC Enterprise Network Center. Intuitive, Real-time Monitoring and Management of Distributed Devices. Benefits. Access anytime, anywhere

Securing Cisco Network Devices (SND)

Developing Network Security Strategies

Implementing Security for Wireless Networks

Deploying and Configuring Polycom Phones in 802.1X Environments

FreeRADIUS server. Defining clients Access Points and RADIUS servers

Deploying iphone and ipad Virtual Private Networks

Cisco RV 120W Wireless-N VPN Firewall

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Centralized Cloud Firewall. Ivan Ivanovic BUCC/AMRES Tbilisi, December 2013.

IdentiFi and Eduroam Roaming Wireless Service Integration CONFIGURATION GUIDE

Network Interface Table of Contents

Securing Wireless LANs with LDAP

QuickSpecs. Models. Features and Benefits Mobility. ProCurve Wireless Edge Services zl Module. ProCurve Wireless Edge Services zl Module Overview

Configuring Eduroam in Windows Vista

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Extensible Authentication Protocol (EAP) Security Issues

Centralised web traffic filtering system

2.1.1 This policy and any future changes requires ratification by CAUDIT.

Lab Configuring LEAP/EAP using Local RADIUS Authentication

Cisco WAP4410N Wireless-N Access Point, PoE/Advanced Security

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

eduroam Network guide configuration for Microsoft Windows 7

Cisco RV220W Network Security Firewall

Edith Cowan University Information Technology Services Centre

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

CCIE Security Written Exam ( ) version 4.0

Connecting to the University Wireless Network

802.1X Client Software

Cisco RV220W Network Security Firewall

Cisco WAP4410N Wireless-N Access Point: PoE/Advanced Security. Cisco Small Business Access Points

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Controller Management

Movie Cube. User s Guide to Wireless Function

Product Summary RADIUS Servers

WLAN Information Security Best Practice Document

Windows XP User guide for wired network v1.1

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

govroam Web Interface User Guide

Mobility Task Force. Deliverable D. Inventory of 802.1X-based solutions for inter-nrens roaming

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Windows Vista: Connecting to the wireless network at Hood College

Course Content for Managing Cisco Wireless LANs (WMNGI 1.2) Duration : 4 Days

THE SNMP PROTOCOL THE SNMP REQUEST MIB SATELLAR 2DS/20DS SIMPLE NETWORK MANAGEMENT PROTOCOL SATELLAR MANAGEMENT WITH SNMP GET AND SET SMART RADIO

Configuring Settings on the Cisco Unified Wireless IP Phone 7925G

The Use of Mikrotik Router Boards With Radius Server for ISPs.

IDENTITY MANAGEMENT OF USERS IN eduroam

EAP300. Long Range Ceiling Mount Access Point PRODUCT OVERVIEW

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Microsoft Lync Certification Configuration Guide for WiNG 5.5

Ruckus Wireless ZoneDirector Command Line Interface

Transcription:

RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

eduroam in Serbia eduroam project in Serbia started at the end of 2009 Process of connecting AMRES institutions to eduroam service and installation of equipment started in 2010 AMRES applied for donation from NATO SPS NIG program (Networking Infrastructure Grant) with project AMRES Access Infrastructure Establishment and got donation in 2010

eduroam in Serbia RP Kragujevac RP Novi Sad RP Belgrade FTLR NATO donation enabled procurement of: 5 Cisco 5508 Wireless Controllers that are installed in 4 University computing centers 190 access points that have been installed in more than 80 AMRES member institutions in 17 cities RP Nis

What is being monitored? eduroam monitoring system is incorporated into our in-house network monitoring system NetIIS AMRES institutions network administrators are already using NetIIS in their every day technical activities Monitoring and reporting RADIUS servers (institutional RADIUS servers and Federation Top Level RADIUS FTLR server) Network Access Infrastructure (wireless access points and controllers)

NetIIS Networking Information and Monitoring System folder location users and group of users action NetIIS is web based networking information and monitoring system In NetIIS all object from external world are presented in easily understandable way Objects are hierarchically organized and presented by a tree alarm device monitor groups

NetIIS Networking Information and Monitoring System Every institution has its own location in NetIIS infrastructure, under which eduroam folder is placed eduroam data and infrastructure elements that are being monitored are stored in that folder

Monitoring and reporting : RADIUS servers Testing availability of a RADIUS server over the network Ping RADIUS server IP address Testing operability of RADIUS servers : eapol_test program from the wpa supplicant software is used http://deployingradius.com/scripts/eapol_test/ Shell script on the NetIIS runs the eapol_test Eap-ttls and peap tunnels can be tested In case that some test fails, the alarm is being activated and mail notifications are send to the technical contacts of the corresponding institution

Monitoring and reporting: RADIUS Ping

Monitoring and reporting : RADIUS operability testing NetIIS eap ttls Proxy FTLR eap ttls IdP + FTLR eap ttls IdP eap ttls RP RP RADIUS IdP RADIUS

Monitoring and reporting: RADIUS IdP Operability of eap tunnel established directly to the IdP RADIUS server is tested eapol_test eap-ttls test@inst.ac.rs NetIIS inst.ac.rs IdP RADIUS

Monitoring and reporting: RADIUS IdP Radius Status and Delay graphs (period of 15 days)

Monitoring and reporting: RADIUS IdP + FTLR Operability of eap tunnel established over the FTLR server to the IdP RADIUS server is tested eap-ttls eapol_test test@inst.ac.rs NetIIS FTLR inst.ac.rs IdP RADIUS

Monitoring and reporting: RADIUS IdP + FTLR Radius Status and Delay graphs (period of 15 days)

Monitoring and reporting: RADIUS RP Operability of eap tunnel established over the institutional RADIUS sever and FTLR server to the monitor RADIUS server is tested NetIIS monitor.eduroam.ac.rs RADIUS FTLR monitor RADIUS eapol_test eap-ttls test@monitor.eduroam.ac.rs RP RADIUS

Monitoring and reporting: RADIUS RP Radius Status and Delay graphs (period of 15 days)

Monitoring and reporting: FTLR The availability and operability of FTLR server are tested NetIIS monitor.eduroam.ac.rs IdP RADIUS monitor RADIUS eapol_test FTLR eap-ttls test@monitor.eduroam.ac.rs

Usage statistics eduroam usage monitor Total number of successfully authenticated users on given RP institution taken for: The same IdP institution local users Other IdP institution from the same country national users IdP institution from other countries international users 3 numbers radius.log SNMP script NetIIS eduroam usage monitor RP RADIUS 3 numbers

Usage statistics eduroam usage monitor

eduroam_usage monitor local users Number of local users (period of 30 days)

eduroam_usage monitor national users Number of national users (period of 30 days)

eduroam_usage monitor international users Number of international users (period of 30 days)

Usage statistics Splunk software RP radius servers send syslog messages to splunk server which is used for making statistics For easier analysis, messages are formatted on RP radius servers using radius line log and syslog-ng Messages collected on splunk server:

Number of AMRES user devices, on all AP in Belgrade

Number of international user devices, on AP in Belgrade

Monitoring and reporting Access Points Ping Number of the connected users

Monitoring and reporting Wireless LAN Controllers Ping Number of DHCP clients: Bad alarm more than 100 addresses are being used Good alarm less than 100 addresses are being used

Groups of monitors Access Points

Groups of monitors Institutional RADIUS Servers

Groups of monitors FTLR

Questions?

Thank you!