RAD-Series RADIUS Server Version 7.1



Similar documents
RAD-Series RADIUS Server Version 7.3

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published:

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

SBR Enterprise Series Steel-Belted Radius Servers

Aradial Enforcer / AAA Features & capabilities

Cisco Secure Access Control Server 4.2 for Windows

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Product Description. Product Overview DATASHEET

Steel-Belted Radius. Product Description. Product Overview DATASHEET

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Aradial Converged VOIP Billing Overview

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Design and Implementation Guide. Apple iphone Compatibility

Particularities of security design for wireless networks in small and medium business (SMB)

Authentication, Authorization and Accounting (AAA) Protocols

Application Note Secure Enterprise Guest Access August 2004

VPN. Date: 4/15/2004 By: Heena Patel

NCP Secure Enterprise Management Next Generation Network Access Technology

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Framework 8.1. External Authentication. Reference Manual

Application Note User Groups

Microsoft Windows Server System White Paper

Cisco RV 120W Wireless-N VPN Firewall

D-View 7 Network Management System

Data Sheet. NCP Secure Enterprise Management. General description. Highlights

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Network Access Security It's Broke, Now What? June 15, 2010

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

AAA & Captive Portal Cloud Service TM and Virtual Appliance

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

802.1x in the Enterprise Network

Cisco Secure Control Access System 5.8

Network Security and AAA


Network Access Control ProCurve and Microsoft NAP Integration

Wireless VPN White Paper. WIALAN Technologies, Inc.

Evolving Network Security with the Alcatel-Lucent Access Guardian

802.1X Client Software

EPICenter Network Management Software

QuickSpecs. Models. Features and Benefits Mobility. ProCurve Wireless Edge Services zl Module. ProCurve Wireless Edge Services zl Module Overview

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

Cisco Prime Optical. Overview

NXC5200/ NWA5000-N Series Wireless LAN Controller/ a/b/g/n Managed Access Point

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

HP Intelligent Management Center User Access Management Software

HIPAA Compliance and Wireless Networks

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

HP PCM Plus v3 Network Management Software Series Overview

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

7.1. Remote Access Connection

vwlan External RADIUS 802.1x Authentication

Unified Services Routers

Portal Authentication Technology White Paper

Cloud Management. Overview. Cloud Managed Networks

How To Test An Eap Test On A Network With A Testnet (Networking) On A Pc Or Mac Or Ipnet (For A Network) On An Ipnet Or Ipro (For An Ipro) On Pc Or Ipo

Enterprise Wireless LAN. Key Features. Benefits. Hotspot/Service Gateway Series

Unified Services Routers

EPICenter Network Management Software

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

Secure Networks for Process Control

Reduce Enterprise Mobility Costs, Increase Remote Access Security. connectivity quicklink mobility

HP E-PCM Plus Network Management Software Series

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

IBM CICS Transaction Gateway for Multiplatforms, Version 7.0

Cisco RV220W Network Security Firewall

High-performance VoIP Traffic Optimizer Client Solution

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

Managing Wireless Clients with the Administrator Tool. Intel PROSet/Wireless Software 10.1

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Cisco RV220W Network Security Firewall

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

PATROL Console Server and RTserver Getting Started

Cisco Application Networking Manager Version 2.0

VLANs. Application Note

Network Access Control and Cloud Security

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Oracle Net Services for Oracle10g. An Oracle White Paper May 2005

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

Developing Network Security Strategies

WiFiLAN Cloud. Wifi soft Solutions

APPENDIX 3 LOT 3: WIRELESS NETWORK

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Lecture 3. WPA and i

Niagara IT Manager s Guide

Using IEEE 802.1x to Enhance Network Security

Network Access Control and Cloud Security

The MOST Affordable HD Video Conferencing. Conferencing for Enterprises, Conferencing for SMBs

Improving Network Efficiency for SMB Through Intelligent Load Balancing

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Using RADIUS Agent for Transparent User Identification

Transcription:

RAD-Series RADIUS Server Version 7.1 Highly Customizable RADIUS Server for Controlling Access & Security in Wireless & Wired Networks Interlink Networks RAD-Series Authentication Authorization, and Accounting (AAA) RADIUS Servers provide standards-based access control and security for mixed access networks including 802.11 Wireless LAN (WLAN), mobile, and wired networks. The RAD- Series servers enable carriers, Internet Service Providers, and fully networked enterprises to centrally manage the AAA functions for their network users. Because of its high customizability and advanced user features, RAD-Series is ideal for system integrators and OEMs of network equipment. RAD-Series is widely installed, provides high performance, and is highly scalable and modular. The server supports RADIUS, the current standard protocol for AAA, and emerging wireless LAN authentication standards with a set of sophisticated capabilities required to manage the business aspects of network access. A unique feature of the RAD-Series is that it supports user-developed plug-in modules. Plug-ins can be used to influence the authentication and authorization decision-making process, modify incoming or outgoing packets, or call any external AAA services. Runs on Red Hat Linux and SUN Solaris Servers Wi-Fi Protected Access (WPA) Compliant Strong 802.1x Authentication Carrier-Class Reliability and Agility Based on the widely deployed and proven Merit RADIUS server architecture, RAD-Series provides a fault -tolerant, scalable, higher-performance solution. Server scalability supports millions of users and delivers high-performance AAA transaction rates of up to 950 authentications per second. Provides reliability with failover, load balancing, and redundancy features. Supports LDAP and Active Directory databases, allowing you to maintain a single, centralized user database for all applications. Optimized for mixed-vendor environments and for use with any remote access device. Wireless LAN Security RAD-Series centralizes the management of all network access, including wireless LAN access, allowing you to more easily control users and secure the information being transmitted. Whether you are extending your current network to include WLAN, or are deploying a new WLAN, RAD-Series provides all of the additional security required for both wireless and wired connections. Support for the WPA Security Specification: In Enterprise applications, WPA specifies that wireless LANs be used with an 802.1x compatible RADIUS authentication server (such as RAD-Series) to centralize the management and secure the network. RAD-Series is compliant with the WPA security standard. March 2006 Page 1 of 5

Complete Extensible Authentication Protocol (EAP) Support: Supports 802.1xcompliant authentication protocols EAP-MD5, Cisco LEAP, EA P-TLS, EAP-TTLS, EAP-PEAP. Multi-Vendor Compatibility: Works with wireless access points and switches from vendors such as Cisco, Intel, 3Com, Symbol, Agere, Avaya, Enterasys, D-Link, Proxim, Linksys and other industry leading security solutions and platforms. Supports Multiple Access Technologies: Dial Broadband Managed VPN Mobile wireless Enterprise WLAN WLAN Hotspots Versatile Service Delivery You can easily define user profiles to assign a set of connection attributes to any user or group of users. User profiles can be standardized across different types of network access equipment and networks, allowing the delivery of the appropriate level of authorization to each individual user, regardless of where they are or how they are connected. Supports multiple services: dial, wholesale dial, broadband, managed VPN, mobile wireless, enterprise WLAN, and WLAN hotspots. Supports 802.11 wireless LAN authentication using 802.1x compliant methods. Supports delivery of wholesale, outsourcing, and roaming services by proxy RADIUS. Interoperates with any other RFC compliant RADIUS server to easily distribute authentication and accounting. System Integrator/OEM-Specific Customization Features: Interlink Networks offers several customization features or toolkits which allow system integrators and OEMs to differentiate their products, add value to their solutions, and re-brand the AAA server and components. The customization options for RAD-Series include: Programmable Finite State Machine (FSM) The core FSM engine drives the processes of handling RADIUS requests. These sequential processes can be expanded or modified by changing the FSM table without any recoding or recompiling of the engine. The RAD-Series comes with several predefined FSM tables from which to choose. Modular Server Architecture Allows Total Customization Application Programming Interfaces (APIs) Authentication API. Used to internally develop extensions to the core RADIUS architecture, you can to build custom plug-in modules for unique authentication, authorization, or accounting methods, and modify the internal processing engine. For example, you can: Authenticate users stored in any data source, including off-theshelf and proprietary databases Track and control usage based on unique billing systems Implement highly customized authorization schemes Add support for unique network access hardware User Interface (UI) API An Interlink Networks Exclusive Feature. Included in the server module, this critical branding feature allows OEMs and system integrators to build custom UIs and other server management applications tailored to the varied needs of their enduser customers. The API provides a consistent interface to the server s configuration and data files, regardless of how or where the information is stored. Allows easy migration and upgrades to new server versions by acting as an abstraction layer between the external interfaces and the core RADIUS functionality. Simplifies product localization or internationalization. March 2006 Page 2 of 5

MAJOR ADVANTAGE: POLICY Allows Complex Policy Decisions Based on RADIUS Attribute Value Pairs / Combinations & Boolean Operations Policy, part of the user Authorization process, is a set of rules to administer, manage, and control access to network resources. Policies are written to accomplish specific tasks such as to set limits and access restrictions, or to output accounting data to billing programs. Interlink s allows you to easily define and enact custom policies using patented decision files. Our flexible policymaking capabilities can solve virtually any problem that would traditionally require custom programming. You can modify how authentication requests are handled and control how services are delivered and logged using simple text files with Boolean expressions. Documentation Re-branding This package replaces the Interlink Networks company name throughout the documentation, white papers, and data sheets with your company name and branding. Interlink Networks RAD-Series RADIUS Servers have been successfully integrated and re-branded by major system integrators and OEMs of networking equipment worldwide. user FEATURES: RAD-Series RADIUS Description Authentication Methods Choose your preferred authentication method PAP, CHAP and MS-CHAP WPA-Compliant Wireless LAN authentication support for: Data Sources Flat File (users file/realm file) Password Authentication Protocol, Challenge Handshake Authentication Protocol, and Microsoft s version of CHAP. EAP-MD5, GTC, LEAP, TLS, TTLS, PEAP (Cisco and MS versions). Store user data and profiles in many places/ways Uses flat files stored internally with server. Supports all authorization features without requiring an external database or directory. Ideal for small to medium applications. UNIX User (Password File) Uses standard existing password files for UNIX systems. UNIX via Password File: RADIUS Proxy Authentication & Accounting LDAP Active Directory Authorization Features Simple RADIUS Policy EXAMPLE: Uses extended data sources for UNIX systems: NIS, shadow password, HP security, etc. Inherited automatically through support for UNIX passwords. Forwards authentication & accounting requests to remote server. Needed for any roaming relationship or large multi-server application. Accesses user profiles in LDAP directories. Standard access, reaches many different LDAP implementations. Includes Interlink schema extensions to support simple authorization policies. Allows authentication against Microsoft directories via LDAP. Policy Decisions & Criteria Allows or denies network access based on specific attribute values. Sets basic session configuration parameters based on Reply items stored in the user profile. This powerful configuration engine allows you to develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. Authorize across any set of independent parameters: -System parameters: time/day/date -Edge device parameters: port #, IP address. -User-specific information: user, group, role Allows conditional replies for: -Differentiated connection services -Additional security measures March 2006 Page 3 of 5

Authorization Reply Items Idle Time-Out Session Time-Out Limits IP Address Assignment Attribute Pruning (filters response AVPs) Attribute Mapping QoS IP Filter Compulsory Tunnels Wireless VLANs Extensibility Features VSA Definitions and RADIUS Dictionary Extensibility Programmable Finite State Machine Software Developer s Toolkit RFC Compliance Here are some of the outputs possible from the server, which can direct a NAS to take specific action or set specific service levels. Controls length of idle-time for user sessions. Disconnects inactive (idle) sessions left typing up network resources. Limits length of user sessions. Assigns IP address from either static addresses or addresses relayed from DHCP. Can choose not to pass some data elements to NAS after user has been approved. Example: Server only sends AV pairs appropriate to what the particular NAS supports. For legacy NAS devices: provides backwards compatibility for early NASs that did not implement vendor specific attributes complaint with the RADIUS RFCs. Sets throughput or bandwidth by user. Uses named filters to limit which protocols are allowed, and/or where user can go. Forces VPN tunnels. VLANs are used to build boundaries to protect sensitive data while enabling access to role-based network resources. Authenticate and assign users to the correct VLAN based on organization unit, application, role, or any other logical grouping. Tools to create extensions to the server. Dictionary contains VSAs for most major networking equipment vendors. In text file format, it can easily be extended to add vendors and their VSAs to support new vendor-proprietary features without a software upgrade. Makes it possible to redefine the authorization and accounting processes by modifying the finite state machine tables, without recoding or recompiling the engine. Allows the creation of custom plug-in modules to interface with third party databases, execute custom authentication protocols and algorithms, custom logging, request/response processing, and customization of the user interface. Allows you to develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. Complaint with the following RADIUS standards and extensions: Complaint RFCs RFC 2284, 2548, 2619, 2621, 2716, 2809, 2865, 2866, 2867, 2868, 2869, 3579, 3580, 3748 Accounting Proxy Accounting Browser View of Accounting Logs (by date, port, user) Predefined & Customizable Logging Formats Accounting On/Off Packet Support Allows accounting records to be forwarded from one RADIUS server to another. Important in roaming or multi-server applications. View log data from the Server Manager. Generates accounting call detail records (CDRs) in Livingston and MERIT formats. Signals NAS start-up or shut-down management. Management Web-based Server Administration Remote Monitoring Configuration file generation Session & Event Logging Simplifies the set up and maintenance of multiple servers from any Web browser. User profiles and server operation, including status and key statistics, can be configured and monitored remotely. Supports remote monitoring of server status and key statistics. Remotely view access activity and detect authentication problems. Configuration files can be generated via the graphical user interface, command line interface, or scripts. Logs all events to provide extensive audit trails for troubleshooting or security. Supports Merit and Livingston standard for detailed session logging. March 2006 Page 4 of 5

Simultaneous Access Control SNMP Support DHCP Relay Support Operational Features High Speed Processing Performance Load Balance and Failover across LDAP Server Platforms Solaris Red Hat LINUX Red Hat Enterprise Linux Concurrency management allows configuring user or realm for simultaneous sessions. Supports standard RADIUS Server MIBs for authentication and accounting. Scales beyond one RADIUS server with same IP pool. Allocates IP addresses for pools managed by DHCP server. Performance and Reliability Performance measured in thousands of authentications per second depending on hardware configuration. Supports backup LDAP directories with RAD-Series handling failover. Runs on: 8 and 9 on Sun Solaris/SPARC hardware. 7.2, 7.3, and 8.0 on Intel hardware. ES Release 3.0 on Intel hardware. Interlink Networks, LLC. 2500 Packard Rd., Suite 202 Ann Arbor, MI 48104 Sales: +1 (734) 821-1238 Fax: +1 (734) 821-1235 www.interlinknetworks.com Copyright 2001-2006 Interlink Networks, LLC. All Rights Reserved. The information contained within this document is subject to change without notice. Interlink Networks does not guarantee information accuracy. RAD-Series, Interlink Networks, and the Interlink Networks logo are trademarks of Interlink Networks, LLC. All other brand or product names may be trademarks of their respective owners. March 2006 Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information