Home » RAD-Series RADIUS Server Features
RAD-Series RADIUS Server Features
RADIUS Authentication Methods
| RADIUS Authentication Methods | Choose Your Preferred RADIUS Authentication Protocol Method |
| PAP, CHAP and MS-CHAP | Password Authentication Protocol, Challenge Handshake Authentication Protocol, and Microsoft’s version of CHAP. |
| WPA-Compliant Wireless LAN authentication support for: | EAP-MD5, LEAP, TLS, TTLS, PEAP-GTC, & PEAP-MSCHAPv2. EAP-SIM and EAP-AKA optional. |
| EAP-SIM (optional module) |
Full support for EAP-SIM RFC 4186 including Pseudonyms and Fast Re-authentication. Support for local Authentication Center (AuC) functionality using user secrets (Ki) from any data store and administrator definable A3/A8 algorithms. 3GPP Milenage A3/A8 algorithm reference implementation. |
Data Sources
| Data Sources | Store user data and profiles in many places/ways |
| Flat File (users file/realm file) | Uses flat files stored internally with RADIUS server. Supports all authorization features without requiring an external database or directory. Ideal for small to medium applications. |
| UNIX User (Password File) | Uses standard existing password files for UNIX systems. |
| UNIX via Password File: | Uses extended data sources for UNIX systems: NIS, shadow password, HP security, etc. Inherited automatically through support for UNIX passwords. |
| RADIUS Proxy Authentication & Accounting | Forwards RADIUS authentication & accounting requests to remote server. Needed for any roaming relationship or large multi-server application. |
| RSA ACE Server | Support for RSA SecurID token cards |
| LDAP | Accesses user profiles in LDAP directories. Standard access, reaches many different LDAP implementations including Microsoft Active Directory. Includes Interlink schema extensions to support simple authentication policies. Includes load balancing and fail-over capabilities. |
| Active Directory | Allows authentication against Microsoft Active Director Server via LDAP. |
RADIUS Authorization Features
| RADIUS Authorization Features | RADIUS Authorization Policy Decisions & Criteria |
| Simple RADIUS Policy | Allows or denies network access based on specific RADIUS attribute values. Sets basic session configuration parameters based on Reply items stored in the user profile. |
| Advanced Policy Engine (optional module) |
This powerful configuration engine allows you to develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. |
| EXAMPLE: | Authorize across any set of independent parameters:
Allows conditional replies for:
|
RADIUS Authorization Reply Items
| RADIUS Authorization Reply Items | Some of the outputs possible from the RADIUS server, which can direct a NAS to take specific action or set specific service levels |
| Idle Time-Out | Controls length of idle-time for user sessions. Disconnects inactive (idle) sessions left typing up network resources. |
| Session Time-Out Limits | Limits length of user sessions. |
| IP Address Assignment | Assigns IP Address from either static addresses or addresses relayed from DHCP. |
| Attribute Pruning (filters response AVPs) | Can choose not to pass some data elements to NAS after user has been approved. Example: Server only sends AV pairs appropriate to what the particular NAS supports. |
| Attribute Mapping | For legacy NAS devices: provides backwards compatibility for early NASs that did not implement vendor specific attributes compliant with the RADIUS RFCs. |
| QoS | Sets throughput or bandwidth by user. |
| IP Filter | Uses named filters to limit which protocols are allowed, and/or where user can go. |
| Compulsory Tunnels | Forces VPN tunnels. |
| Wireless VLANs | VLANs are used to build “boundaries” to protect sensitive data while enabling access to role-based network resources. Authenticate and assign users to the correct VLAN based on organization unit, application, role, or any other logical grouping. |
RADIUS Software Extensibility Features
| Extensibility Features | Tools to create extensions to the RADIUS server |
| VSA Definitions and RADIUS Dictionary Extensibility | Dictionary contains VSAs for most major networking equipment vendors. In text file format, it can easily be extended to add vendors and their VSAs to support new vendor-proprietary features without a software upgrade. |
| Programmable Finite State Machine | Makes it possible to redefine the authorization and accounting processes by modifying the finite state machine tables, without recoding or recompiling the engine. |
| RADIUS Software Developer’s Toolkit (optional module) |
Allows the creation of custom plug-in modules to interface with third party databases, execute custom authentication protocols and algorithms, custom logging, request/response processing, and customization of the user interface. |
| Advanced Policy Engine (optional module) |
Develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. |
RADIUS Protocol RFC Compliance
| RADIUS RFC Compliance | Compliant with the following RADIUS protocol standards & extensions: |
| Compliant RADIUS Protocol RFCs | RFC 2284, 2548, 2619, 2621, 2716, 2759, 2809, 2865, 2866, 2867, 2868, 2869, 3579, 3580, 3748, 4186 |
RADIUS Accounting
| RADIUS Accounting | RADIUS Accounting Capabilities |
| Proxy Accounting | Allows accounting records to be forwarded from one RADIUS server to another. Important in roaming or multi-server applications. |
| Browser View of Accounting Logs (by date, port, user) | View log data from the Server Manager. |
| Predefined & Customizable Logging Formats | Generates accounting call detail records (CDRs) in Livingston and MERIT formats. |
| Accounting On/Off Packet Support | Signals NAS start-up or shut-down management. |
RADIUS Server Management
| Management | RADIUS Server Management Capabilities |
| Web-based Server Administration | Simplifies the set up and maintenance of multiple RADIUS servers from any Web browser. User profiles and server operation, including status and key statistics, can be configured and monitored remotely. |
| Remote Monitoring | Supports remote monitoring of server status and key statistics. Remotely view access activity and detect authentication problems. |
| Configuration file generation | Configuration files can be generated via the graphical user interface, command line interface, or scripts. |
| Session & Event Logging | Logs all events to provide extensive audit trails for troubleshooting or security. Supports Merit and Livingston standard for detailed session logging. |
| Simultaneous Access Control (Concurrency Management) | Allows configuring user or realm for simultaneous sessions. |
| SNMP Support | Supports standard RADIUS server MIBs for authentication and accounting. |
| DHCP Relay Support | Scales beyond one RADIUS server with same IP pool. Allocates IP addresses for pools managed by DHCP server. |
Operational Features
| Operational Features | RADIUS Server Performance and Reliability |
| High Speed Processing Performance | Performance measured in thousands of authentications per second depending on hardware configuration. See RADIUS Server Performance Specifications |
| Load Balance and Failover across LDAP | Supports backup LDAP directories with RADIUS server handling failover. |
RADIUS Server Platforms
| Server Platform | RADIUS Server Performance and Reliability |
| Solaris | Solaris 8, 9, and 10 on Sun SPARC hardware. |
| Red Hat LINUXRed Hat Enterprise Linux | 7.2, 7.3, and 8.0 on Intel hardware.ES Release 3.0, 4.0 and 5.0 on Intel hardware. |