Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Radius Preso - OpenLoop.com

advertisement 
RADIUS
Sunil Vallamkonda
Apr. 15, 2008
RADIUS presentation by Sunil
Vallamkonda
1
What is AAA ?
• Authentication
• Authorization
• Accounting
RADIUS presentation by Sunil
Vallamkonda
2
Authentication
• Verify a person’s or machine’s declared
identity.
• Mechanisms: passwords, PKI.
• Key aspect is Trust relationships between
servers.
RADIUS presentation by Sunil
Vallamkonda
3
Authorization
• Rules or templates on what a
authenticated user can do on a system.
• Dial up user requests can be one link or
multiple.
RADIUS presentation by Sunil
Vallamkonda
4
Accounting
• Measures and tracks resources a user
accesses.
• Include time, amount of data, session
statistics, resource utilization etc.
• Logs sent and analyzed for billing, security
servers.
RADIUS presentation by Sunil
Vallamkonda
5
RADIUS presentation by Sunil
Vallamkonda
6
RADIUS presentation by Sunil
Vallamkonda
7
RADIUS presentation by Sunil
Vallamkonda
8
Properties
•
•
•
•
•
•
•
Client/server model
UDP based
Hop by hop security
Stateless
Uses MD5 for password hiding.
A-V pairs
PAP/CHAP via PPP
RADIUS presentation by Sunil
Vallamkonda
9
Packet format
•
•
•
•
•
•
•
•
ACCESS-REQUEST (1)
ACCESS-RESPONSE (2)
ACCESS-REJECT (3)
ACCESS-CHALLENGE (11)
ACCOUNTING-REQUEST (4)
ACCOUNTING-RESPONSE (5)
STATUS-SERVER (12)
STATUS-CLIENT (13)
RADIUS presentation by Sunil
Vallamkonda
10
RADIUS Packet
• Header : Code (1), Identifier (1), length
(2), Authenticator (16), payload
• Code: as above
• Identifier: used to perform auto linking of
initial requests and subsequent replies.
• Length: valid range: 20 – 4096.
• Authenticator: used to conceal passwords
using one way MD5. Request (random
number) / Response authenticators.
RADIUS presentation by Sunil
Vallamkonda
11
Packet formats
RADIUS presentation by Sunil
Vallamkonda
12
Packet formats
RADIUS presentation by Sunil
Vallamkonda
13
Access-Request/Accept Packet
RADIUS presentation by Sunil
Vallamkonda
14
Access-Reject
RADIUS presentation by Sunil
Vallamkonda
15
Example
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.1
NAS-Identifier = "hp-e-its-dev8021x-sw1"
User-Name = "user"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-14-38-fb-94-3e"
Calling-Station-Id = "00-18-8b-1f-ea-c3"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "700" EAP-Message =
0x0201000a016163323231 Message-Authenticator =
0x5128a826dfedf51040215eb6fef398df
RADIUS presentation by Sunil
Vallamkonda
16
Authentication methods
• PAP: Password Authentication Protocol
(MD5/XOR).
• CHAP: Challenge Access protocol:
password is never sent on wire.
• PAP is preferred sometimes in cases
where authorization must travel outside
the realm of control
RADIUS presentation by Sunil
Vallamkonda
17
RADIUS presentation by Sunil
Vallamkonda
18
The CHAP 3-way handshake
RADIUS presentation by Sunil
Vallamkonda
19
CHAP Security
RADIUS presentation by Sunil
Vallamkonda
20
Protocol Structure - CHAP: Challenge Handshake Authentication Protocol
Configuration Option for CHAP
8
Type
16
Length
32
Authentication-Protocol
40bit
Algorithm
•Type - 3
•Length - 5
•Authentication-Protocol - C223 (Hex) for CHAP
•Algorithm The Algorithm field is one octet and indicates the authentication method to be
used.
One CHAP packet is encapsulated in the Information field of a PPP data link layer frame
where the protocol field indicates type hex c223.
The structure of the CHAP packet is shown in the following illustration.
RADIUS presentation by Sunil
Vallamkonda
21
8
Code
16
Identifier
32bit
Length
Variable
Data . . .
•Code - Identifies the type of CHAP packet. CHAP codes are assigned as follows:
•Challenge
•Response
•Success
•Failure
•Identifier - Aids in matching challenges, responses and replies.
•Length - Length of the CHAP packet including the Code, Identifier, Length and Data
fields.
•Data - Zero or more octets, the format of which is determined by the Code field.
•For Success and Failure, the data field contains a variable message field which is
implementation dependent.
RADIUS presentation by Sunil
Vallamkonda
22
Using RADIUS and CHAP
RADIUS presentation by Sunil
Vallamkonda
23
RADIUS presentation by Sunil
Vallamkonda
24
Realm
• Identifiers placed before or after values
normally contained in User-Name attribute
for server to identify which server to
contact.
• Examples: prefix realm such as @, \,/ as
CSI\john.
• Suffix realms as: james@itmm
RADIUS presentation by Sunil
Vallamkonda
25
Hints
• RADIUS can be setup to handle service
authorizations based on hints.
• To controls resources needed to provision
service for client
• Example: specific IP address, IP pool.
• If NAS cannot allocate, service is
disconnected.
• Can be temporary, optional or extra
characteristics.
RADIUS presentation by Sunil
Vallamkonda
26
Attributes
•
•
•
•
•
•
•
•
•
•
•
Describe a property of type of service.
RADIUS attributes vs VSA.
RADIUS attribute types (RFC):
INT (4, 32 bit unsigned), ENUM(4, 32 bit unsigned), IPADDR (4, 32bit) , STRING (1-253, variable), DATE (4, 32-bit unsigned), BINARY
(1,1 bit).
Examples:
INT: 6, 256
ENUM: 3 = callback-login, 4 = callback-Framed.
STRING: “Charlotte”, “San Jose”
IPADDR: 0x1954ff8e
DATE: 0x00000a
BINARY: 1
RADIUS presentation by Sunil
Vallamkonda
27
Attributes - example
Standard: Example – call back-number
Number: 19
Length: 3 or more octets
Value: String
Allowed in: Access-Request, Access-Accept
Prohibited in: Access-Reject, Access-Challenge
Maximum Iterations: 1
Presence in packet: not required
RADIUS presentation by Sunil
Vallamkonda
28
Dictionary
• Server machines has a way of relating
which attribute corresponds to which
attribute number and expected type.
• Example:
• Attribute-Name: User-Name, Type: String
• Attribute-Name: NAS-IP-ADDR, Type:
IPADDR
• Attribute-Name: Service-Type, Type:
ENUM
RADIUS presentation by Sunil
Vallamkonda
29
Vendor-Specific Attribute Format
Byte
Value
Description
1
26
Vendor-specific attribute type per RFC 2865
2
(4 * sizeof (BYTE)) +
(2 * sizeof (DWORD))
This is the length in bytes of the full attribute
specification beginning with attribute type
(byte 1), should come out to 12 if each byte
size = 1.
3-6
5263
Vendor-ID value.
7
1
Vendor data type; 1 indicates bandwidth kbps
value.
8
(2 * sizeof (BYTE)) +
sizeof (DWORD)
This is the length in bytes of the vendorspecific portion of the attribute specification
starting with vendor-specific attribute data
type, should come out to 6 if each byte size =
1.
9-12
9-12
Actual bandwidth kbps value (ulong).
RADIUS presentation by Sunil
Vallamkonda
30
AVP pattern
RADIUS presentation by Sunil
Vallamkonda
31
Accounting
• Client/Server model.
• Extensible: proxy, defined and qualified by
AVPs.
• Packet: Accounting-Request Start/Stop.
• Accounting- Response.
• RFC 2139
RADIUS presentation by Sunil
Vallamkonda
32
Accounting packet
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The following example displays two accounting records in a detail file.
Tue Jul 30 14:48:18 1996
Acct-Session-Id = "35000004"
User-Name = "bob"
NAS-IP-Address = 172.16.64.91
NAS-Port = 1
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Login-User
Login-Service = Telnet
Login-IP-Host = 172.16.64.25
Acct-Delay-Time = 0
Timestamp = 838763298
Acct-Input-Octets = 22
Acct-Output-Octets = 187
Acct-Terminate-Cause = Host-Request
RADIUS presentation by Sunil
Vallamkonda
33
RADIUS Access-Request Accounting Packet
Attribute
Description
User-Name
Name entered by the end user to authenticate against the RADIUS server via NAS
User-Password
Password entered by the end user to authenticate against the RADIUS server and
access the Internet via NAS.
Acct-Session-ID
The unique Session ID assigned to each NAS end user session. This value is used
to identify all authentication and accounting messages generated for a single user
session.
NAS-IP-Address
Contains either the IP address of the NAS external NIC or the IP address entered in
the WEBconfig Server web page as the NAT IP Address.
NAS-Identifier
Contains the NAS Identifier value entered in the WEBconfig Server web page. If no
value is entered in this field, NAS will not include this attribute in the RADIUS
Access-Request packet.
NAS-Port
See "NAS-Port Mapping" below.
NAS-Port-Type
5 indicates Virtual.
Framed-Protocol
1 indicates PPP.
Framed-IP-Address
IP address of client computer (PC) connecting to the Internet.
RADIUS presentation by Sunil
Vallamkonda
34
RADIUS Accounting Packets
Attribute
Description
Acct-Status-Type
1: Indicates a Start Accounting-Request packet—Requests that a message be sent when the user
gains access.
2: Indicates a Stop Accounting-Request packet—Requests that a message be sent at regular
intervals, as configured.
3: Indicates an Interim-Update Accounting-Request packet—Requests that a message be sent when
the end user disconnects.
User-Name
Name entered by the end user to authenticate against the RADIUS server and access the Internet via
NAS.
Acct-Session-ID
The unique Session ID assigned to each NAS end user session. This value is used to identify all
authentication and accounting messages generated for a single user session.
NAS-IP-Address
Contains either the IP address of the NAS external NIC or the IP address entered in the WEBconfig
Server web page as the NAT IP Address.
NAS-Identifier
Contains the NAS Identifier value entered in the WEBconfig Server web page. If no value is entered in
this field, NAS will not include this attribute in the RADIUS Access-Request packet.
NAS-Port
See "NAS-Port Mapping" below.
NAS-Port-Type
5: Indicates Virtual.
Framed-Protocol
1: Indicates PPP.
Framed-IP-Address
IP address of the client (PC) connecting to the Internet through BBSM.
Vendor-Specific
Attribute containing the bandwidth kbps value that the end user selects when requesting Internet
access. This attribute is only sent to RADIUS accounting servers if the user-selected bandwidth feature
is enabled. See the "Vendor-Specific Attribute Byte Format" section below for information on how this
attribute is formatted.
RADIUS presentation by Sunil
Vallamkonda
35
Accounting Start
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Acct-Session-Id = "2400020E"
User-Name = "Pbob“
NAS-IP-Address = 172.16.1.21
NAS-Port = 12
NAS-Port-Type = ISDN
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Called-Station-Id = "5551111“
Calling-Station-Id = "5105552222“
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 172.16.93.1
Acct-Delay-Time = 0
Timestamp = 838763356
RADIUS presentation by Sunil
Vallamkonda
36
Accounting Stop
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Acct-Session-Id = "2400020E"
User-Name = "Pbob"
NAS-IP-Address = 172.16.1.21
NAS-Port = 12
NAS-Port-Type = ISDN
Acct-Status-Type = Stop
Acct-Session-Time = 7177
Acct-Authentic = RADIUS
Acct-Input-Octets = 14994
Acct-Output-Octets = 90862
Called-Station-Id = "5551111"
Calling-Station-Id = "5105552222"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 172.16.93.1
Acct-Delay-Time = 0
Timestamp = 838763378
RADIUS presentation by Sunil
Vallamkonda
37
Ports
• Authentication: udp/1812
• Accounting: udp/1813
RADIUS presentation by Sunil
Vallamkonda
38
Implementations
•
•
•
•
•
•
•
Livingston
GNU
FreeRADIUS
Cistron
Radiator
Alepo
Juniper: Steel Belt.
RADIUS presentation by Sunil
Vallamkonda
39
Performance
•
•
•
•
•
•
•
Logons per second
Logoffs per second
Rejects per second
Reject cause threshold
Total packets per second per interface
Load average
Memory, disk usage
RADIUS presentation by Sunil
Vallamkonda
40
EAP
• Extensible Authentication Protocol
• Used over links running on PPP
• Authentication schemes such as public
key, smart cards, OTP, Kerberos etc. are
supported over PPP when EAP is used.
• RADIUS includes 2 new attributes: EAPMessage and Message-Authenticator.
RADIUS presentation by Sunil
Vallamkonda
41
EAP architecture
User EAP Authentication Protocol (PAP, CHAP, MS-CHAP, etc.)
Inner Application Extension to TLS
TLS
EAP - TTLS
EAP
Carrier Protocol (PPP, EAPOL, RADIUS, etc)
RADIUS presentation by Sunil
Vallamkonda
42
User protocol : EAP layering
User EAP Authentication Protocol (MD-Challenge, etc.)
EAP
Inner Application extension to TLS
TLS
EAP - TTLS
EAP
RADIUS
by Sunil
Carrier Protocol
(PPP,presentation
EAPOL, RADIUS,
Diameter, etc)
Vallamkonda
43
802.1x
RADIUS presentation by Sunil
Vallamkonda
44
Port based authentication
• Why is it called "port"-based
authentication? The Authenticator deals
with controlled and uncontrolled ports.
Both the controlled and the uncontrolled
port are logical entities (virtual ports), but
use the same physical connection to the
LAN (same point of attachment).
RADIUS presentation by Sunil
Vallamkonda
45
Port based Auth
RADIUS presentation by Sunil
Vallamkonda
46
contd
• Figure port: The authorization state of the
controlled port.
• Before authentication, only the uncontrolled port
is "open". The only traffic allowed is EAPOL; see
Authenticator System 1 on figure port. After the
Supplicant has been authenticated, the
controlled port is opened, and access to other
LAN resources are granted; see Authenticator
System 2 on figure port.
• 802.1X plays a major role in the new IEEE
wireless standard 802.11i.
RADIUS presentation by Sunil
Vallamkonda
47
WEP
• Wired Equivalent Privacy (WEP), which is part of the
original 802.11 standard, should provide confidentiality.
Unfortunately WEP is poorly designed and easily
cracked. There is no authentication mechanism, only a
weak form of access control (must have the shared key
to communicate).
• As a response to WEP broken security, IEEE has come
up with a new wireless security standard named 802.11i.
802.1X plays a major role in this new standard.
•
RADIUS presentation by Sunil
Vallamkonda
48
802.11
•
The new security standard, 802.11i, which was ratified in June 2004, fixes all
WEP weaknesses. It is divided into three main categories:
•
Temporary Key Integrity Protocol (TKIP) is a short-term solution that fixes all
WEP weaknesses. TKIP can be used with old 802.11 equipment (after a
driver/firmware upgrade) and provides integrity and confidentiality.
•
Counter Mode with CBC-MAC Protocol (CCMP) [RFC2610] is a new protocol,
designed from ground up. It uses AES [FIPS 197] as its cryptographic
algorithm, and, since this is more CPU intensive than RC4 (used in WEP and
TKIP), new 802.11 hardware may be required. Some drivers can implement
CCMP in software. CCMP provides integrity and confidentiality.
•
802.1X Port-Based Network Access Control: Either when using TKIP or CCMP,
802.1X is used for authentication.
In addition, an optional encryption method called "Wireless Robust
Authentication Protocol" (WRAP) may be used instead of CCMP. WRAP was the
original AES-based proposal for 802.11i, but was replaced by CCMP since it
became plagued by property encumbrances. Support for WRAP is optional, but
CCMP support is mandatory in 802.11i.
802.11i also has an extended key derivation/management.
•
•
RADIUS presentation by Sunil
Vallamkonda
49
802.1x
• 802.1X takes advantage of an existing authentication
protocol known as the Extensible Authentication Protocol
(EAP [RFC 2284]). 802.1X takes EAP, which is written
around PPP, and ties it to the physical medium, be it
Ethernet, Token Ring or wireless LAN. EAP messages
are encapsulated in 802.1X messages and referred to as
EAPOL, or EAP over LAN.
• 802.1X authentication for wireless LANs has three main
components: The supplicant (usually the client software);
the authenticator (usually the access point); and the
authentication server (usually a Remote Authentication
Dial-In User Service server, although RADIUS is not
specifically required by 802.1X).
RADIUS presentation by Sunil
Vallamkonda
50
RADIUS presentation by Sunil
Vallamkonda
51
8021.X and RADIUS
• Remote Authentication Dial-In User Service (RADIUS) is
defined in [RFC2865] (with friends), and was primarily
used by ISPs who authenticated username and
password before the user got authorized to use the ISP's
network.
• 802.1X does not specify what kind of back-end
authentication server must be present, but RADIUS is
the "de-facto" back-end authentication server used in
802.1X.
• There are not many AAA protocols available, but both
RADIUS and DIAMETER [RFC3588] (including their
extensions) conform to full AAA support. AAA stands for
Authentication, Authorization, and Accounting (IETF's
AAA Working Group
RADIUS presentation by Sunil
Vallamkonda
52
EAP methods
• EAP-MD5: MD5-Challenge requires
username/password, and is equivalent to the PPP CHAP
protocol [RFC1994]. This method does not provide
dictionary attack resistance, mutual authentication, or
key derivation, and has therefore little use in a wireless
authentication enviroment.
• Lightweight EAP (LEAP): A username/password
combination is sent to a Authentication Server (RADIUS)
for authentication. Leap is a proprietary protocol
developed by Cisco, and is not considered secure. Cisco
is phasing out LEAP in favor of PEAP. Ref:
http://lists.cistron.nl/pipermail/cistron-radius/2001September/002042.html
RADIUS presentation by Sunil
Vallamkonda
53
EAP- methods (contd)
• EAP-TLS: Creates a TLS session within EAP,
between the Supplicant and the Authentication
Server. Both the server and the client(s) need a
valid (x509) certificate, and therefore a PKI. This
method provides authentication both ways. EAPTLS is described in [RFC2716].
• EAP-TTLS: Sets up a encrypted TLS-tunnel for
safe transport of authentication data. Within the
TLS tunnel, (any) other authentication methods
may be used. Developed by Funk Software and
Meetinghouse, and is currently an IETF draft.
RADIUS presentation by Sunil
Vallamkonda
54
Methods (contd)
• Protected EAP (PEAP): Uses, as EAP-TTLS, an
encrypted TLS-tunnel. Supplicant certificates for
both EAP-TTLS and EAP-PEAP are optional,
but server (AS) certificates are required.
Developed by Microsoft, Cisco, and RSA
Security, and is currently an IETF draft.
• EAP-MSCHAPv2: Requires
username/password, and is basically an EAP
encapsulation of MS-CHAP-v2 [RFC2759].
Usually used inside of a PEAP-encrypted tunnel.
Developed by Microsoft, and is currently an IETF
draft.
RADIUS presentation by Sunil
Vallamkonda
55
RADIUS presentation by Sunil
Vallamkonda
56
RADIUS presentation by Sunil
Vallamkonda
57
Authentication methods
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Authentication methods
The following authentication types are some of the methods which are
supported by the server
Clear-text password in local configuration file (PAP)
Encrypted password in local configuration file
CHAP
MS-CHAP
MS-CHAPv2
authentication to a Windows Domain Controller (via ntlm_auth and winbindd)
Proxy to another RADIUS server
System authentication. (usually through /etc/passwd )
PAM (Pluggable Authentication Modules)
LDAP (PAP only)
PAM (PAP only)
CRAM
Perl program
Python program
SIP Digest (Cisco VOIP boxes)
RADIUS presentation by Sunil
Vallamkonda
58
Contd (methods)
•
•
•
•
•
A locally executed program. (like a CGI program.)
Netscape-MTA-MD5 encrypted passwords
Kerberos authentication
X9.9 authentication token (e.g. CRYPTOCard)
EAP, with embedded authentication methods
– EAP-MD5,
– Cisco LEAP,
– EAP-MSCHAP-V2 (as implemented by Microsoft),
– EAP-GTC,
– EAP-SIM,
– EAP-TLS,
– EAP-TTLS, with any authentication protocol inside of the TLS
tunnel,
– EAP-PEAP, with tunneled EAP
RADIUS presentation by Sunil
Vallamkonda
59
server attributes
• Append attributes to the request
• Re-write any attribute of the request
• Proxy or replicate the request to another RADIUS server,
based on any criteria, not just '@realm'.
• Choose an authentication method to use for this user.
• Administer users by groups
• Implement time of day access restrictions
• Execute a local program
• Limit the number of simultaneous logins by the user
RADIUS presentation by Sunil
Vallamkonda
60
Typical server configuration
•
•
•
•
•
•
•
•
•
•
•
Attributes which have a given value
Attributes which do not have a given value
Attributes which are in the request (independent of their value)
Attributes which are not in the request
String attributes which match a regular expression
Integer attributes which match a range (e.g. <, >, <=, >=)
Source IP address of the request. This can be different than the
NAS-IP-Address attribute
Group of NAS boxes. (These may be grouped based on Source IP
address, NAS-IP-Address, or any other configuration)
User-Name
a DEFAULT configuration
multiple DEFAULT configurations
RADIUS presentation by Sunil
Vallamkonda
61
Databases
•
•
•
•
•
•
•
•
•
•
•
Oracle
Informix
Sybase
mSQL
MySQL
Microsoft SQL including versions 6.5, 7 and 2000
ODBC
Interbase
SAP
PostgreSQL
SQLite
RADIUS presentation by Sunil
Vallamkonda
62
Authorization methods
•
•
•
•
•
•
•
•
•
•
•
Local files
Local DB/DBM database
LDAP
A locally executed program. (like a CGI program.)
Perl program
Python program
MySQL DB
PostgreSQL DB
Oracle SQL DB
any IODBC SQL DB
IBM's DB2
RADIUS presentation by Sunil
Vallamkonda
63
Accounting methods
•
•
•
•
•
Local 'detail' files
Local 'wtmp' and 'utmp' files
Proxy to another RADIUS server
Replicate to one or more RADIUS servers
SQL (Oracle, MySQL, PostgreSQL,
Sybase, IODBC, etc)
RADIUS presentation by Sunil
Vallamkonda
64
Tools
• Users in LDAP database
• Users and Groups in SQL database (MySQL or
PostgreSQL)
• Create, test, delete, change personal information, check
accounting and change dialup settings for a user
• Accounting Report Generator
• Bad Users facility to keep a record of users creating
problems
• Online finger facility , Test radius server
• Online Usage Statistics
• Perl, Python
• Configufration GUI
RADIUS presentation by Sunil
Vallamkonda
65
Other features
• Can optionally act as a TACACS+ server,
converting TACACS+ requests into
RADIUS requests
• Optional tunnelling of Radius requests
using SOAP over HTTP or HTTPS for
improved security.
• SNMP support for the IETF Radius Server
MIB: gather server stats with SNMP
RADIUS presentation by Sunil
Vallamkonda
66
Features (contd)
• Web reports for usage analysis users
sessions details. Allows your
administrators and customers to see
usage information on a web page and drill
down to connection details.
• Block authentication according to time of
day and day of week, and force
disconnection at the end of valid time
blocks.
RADIUS presentation by Sunil
Vallamkonda
67
Token based
•
•
•
•
Encotone telID
RSA SecurID
Safeword
VASCO Digipass
RADIUS presentation by Sunil
Vallamkonda
68
Platforms
• Solaris
• Unix including Linux (Red Hat, Debian, Mandrake,
SuSE, Lindows, Slackware, Ubuntu etc on Intel, Sparc,
PPC, HP-PA etc), Solaris (Intel and Sparc), FreeBSD,
NetBSD, SunOS, AIX, IRIX, SCO Open Server, Digital,
HP-UX, etc
• Windows 95, 98, NT, 2000, ME, XP, 2003, etc.
• Mac OS9, Mac OS X.
• Novell Open Enterprise Server (NetWare) 6.5
• VMS
RADIUS presentation by Sunil
Vallamkonda
69
Third-party
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Billing packages: Platypus, Emerald, Billmax, interbiller, Jet-ISP billing,
Optigold ISP.
NAS: Alcatel DANA
Altiga
Apple AirPort
Ascend (all models)
Assured Access X1000
Bay including RAC8000 and Annex Server 5399
Breezecom
Cisco routers and NAS's
Cisco Aironet AP340 and AP350 wireless Access Points
Cisco SSG and SESM
Computone
Enterasys SS2200, SSR8000 SSR8600
Ericsson ACC
Ericsson GSN
GRIC AimTraveler
RADIUS presentation by Sunil
Vallamkonda
70
VSA
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
USR/3COM
Cisco (including VOIP)
Nortel CVX 4-byte Vendor Specific Attributes, including the Vendor Specific boolean data type.
Ascend
Breezecom with broken VSA's
Bay
Shiva
ACC
Microsoft
Shasta
Springtide
Altiga
Redcreek
Unisphere
Extreme
KarlNet
Colubris
Level3
3GPP2
DTag (Deutsche Telekom)
Nomadix
Redback 64bit integers
RADIUS presentation by Sunil
Vallamkonda
71
References
•
•
•
•
•
•
•
•
2139/2866 (accounting)
2138/2865 (RADIUS)
2548 (MS-VSA)
2882(NAS)
2869 (Extensions)
3162 (v6)
3579 (EAP)
3580 (802.1x)
RADIUS presentation by Sunil
Vallamkonda
72
References (contd)
• http://tools.ietf.org/wg/eap/draft-funk-eapttls-v1-01.txt
• http://www.microsoft.com/technet/commun
ity/columns/cableguy/cg0702.mspx
• http://www.oreillynet.com/pub/a/wireless/2
002/10/17/peap.html
• http://www.wifiplanet.com/tutorials/article.php/3073201
RADIUS presentation by Sunil
Vallamkonda
73
Future
• Diameter: RFC3588
• IPv6 and RADIUS: RFC3162
Contact: sunil_vall@yahoo.com
RADIUS presentation by Sunil
Vallamkonda
74
Related documents
Area of circles To calculate the area of a circle, we use the formula
Area of circles To calculate the area of a circle, we use the formula
9.2 - Area of Regular Polygons Day 2
9.2 - Area of Regular Polygons Day 2
Differentiation revision Show that the function is never decreasing
Differentiation revision Show that the function is never decreasing
NOTES: Math 114: Circle Format, Completing the
NOTES: Math 114: Circle Format, Completing the
Chain Rule Application Questions
Chain Rule Application Questions
Constructions.1
Constructions.1
Rational Equations:
Rational Equations:
Download
advertisement