What You Can Do with RADIUS Manager


What You Can Do with RADIUS Manager
RADIUS Manager to perform the authentication, authorization and accounting services required when customers use your terminal server or Network Access Server (NAS) to connect to BRM.

DMA Radius Manager is an easy to use RADIUS and DOCSIS provisioning system.
It is suitable for  ISPs,  Internet  cafes,  airports  and  other  places  where  public  Internet  access  is  available.
The system is running on Linux OS, utilizing a very stable
FreeRadius 2.x
RADIUS server with MySQL database backend.
The integrated software components ensure high stability and reliability.

RADIUS Manager Tasks
Authentication
Authorization
Accounting

Authentication
The user or machine sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials. The credentials are passed to the NAS device via the link-layer protocol – for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers or posted in an HTTPS secure web form.

In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol.

This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request may contain other information which the NAS knows about the user, such as its network address or phone number, and information regarding the user’s physical point of attachment to the NAS.

RADIUS server then returns one of three responses to the NAS
Access Reject
Access Challenge
Access Accept

Authentication-configuration-example

Authorization
Authorization attributes are conveyed to the NAS stipulating terms of access to be granted.When a client is configured to use RADIUS, any user of the client presents authentication information to the client. This might be with a customizable login prompt, where the user is expected to enter their username and password. Alternatively, the user might use a link framing protocol such as the Point-to-Point Protocol (PPP), which has authentication packets which carry this information.

The specific IP address to be assigned to the user
The address pool from which the user’s IP should be chosen
The maximum length of time that the user may remain connected
An access list, priority queue or other restrictions on a user’s access
L2TP parameters
VLAN parameters
Quality of Service (QoS) parameters

Drawing_Roaming_RADIUS

Accounting
When network access is granted to the user by the NAS, an Accounting Start (a RADIUS Accounting Request packet containing an Acct-Status-Type attribute with the value “start”) is sent by the NAS to the RADIUS server to signal the start of the user’s network access. “Start” records typically contain the user’s identification, network address, point of attachment and a unique session identifier.

Periodically, Interim Update records (a RADIUS Accounting Request packet containing an Acct-Status-Type attribute with the value “interim-update”) may be sent by the NAS to the RADIUS server, to update it on the status of an active session. “Interim” records typically convey the current session duration and information on current data usage.

img_radius_acct

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s