|
Authentication and Accounting Methods
Advanced RADIUS supports authentication and accounting
from livingston formatted text files and databases as
well. Supported database connections are ODBC, Oracle
and MySQL. Increased security by using encrypted password
in database or user's text profiles. Supported encryptions
are MD3, MD5, and TEXT (no encryption). Password authentication
from local system shadow file is also supported. You can
use Password-Authentication Protocol (PAP) or Challenge
Handshake Authentication Protocol (CHAP) for user-password
authentication type. Time-based authentication and authorization
of user is also supported. Fully configurable to use your
own choice check-reply attributes for authentication-authorization
and custom-attribute selection for accounting.
Flexible Session Handling
You can configure advanced radius to keep online user's
session or active sessions. An active session record may
be kept in database or in advanced radius internal structure.
Advanced RADIUS will use these active session records
to control simultaneous multi-sessions and for tracking
online user's status. Session records are kept temporary
by default, i.e., a session record of a user will be deleted
from this section when user disconnects or stops using
your service. you can configure advanced radius to store
these records in a permanent storage (database / accounting
log file) as well.
Realm based authentication
and accounting
Realm based authentication and accounting are supported.
A realm is selected by advanced radius from user-name@realm-name.
This 'realm-name' is used to handle authentication and
accounting request from this 'user-name' if realm in defined
in radius configurations otherwise a default authentication/accounting
handler will be used to process the request.
Best multi-vendor
and multiple-radius-client support
Advanced RADIUS may be deployed in a big network using
multiple-vendors equipment working as radius-clients.
You can use totally different handling of authentication,
authorization and accounting (AAA) for each of your NAS
equipments at a a same time with same server configurations.
Such a distributed handling of NAS equipments (radius
clients) with a centralized server provides great deal
of localized management and stability.
Configurable multi-session concurrency
control
You can allow/restrict multiple logins with same user
information. You can configure advanced radius to specify
a default maximum multi-session and/or user-specific multi-session
attribute. You need to configure advanced radius to specify
set of attributes, making a unique user-login. By default,
user's login name is the only attribute identifying multiple
sessions of same user.
CLI and MAC address based authentication
support
You can configure advanced radius to authenticate user
on his/her calling number and/or MAC address of user equipment
usually used for wireless authentication.
ANI, PIN and account based authentication
support
VoIP gateways from different vendors have some different
authentication schemes. For example, Cisco AS5300 has
two authentication policies for VoIP, i.e., pin system
and pin less system. Similarly Quintum gateways support
ANI authentication, PIN based authentication, Account
based authentication and mix of PIN and Account based
authentication.
You can configure advanced radius to work for any authentication
schemes like above for user's authentication. See your
gateways documentation for more information about such
policies.
Redundant/Backup CDR recording support
ARS can be configured to record Call Detil Records (CDR)
/ Accounting information in multiple databases/text-files
in redundant or backup fashion. In case of redundancy,
ARS will write records in all the configured accounting
handlers. In case of Back-up, it will write CDR information
in the first accounting handler only, but if it fails
(Due to database crashing, Input/Output errors or lost
connection to database) then subsequent accounting handler
will record the CDR.
Highly configurable to be integrated
with different billing softwares
Different ISP billing sofwares have different methods
of storing user information in database. Few billing softwares
use one record per table to store user information for
authentication by radius, while others use multiple records
in a table in attribute-value pair format. Advanced Radius
can easily be configured with such kind of billing softwares.
ARS has numerous installations with Advanced
ISP Billing System for Dialup/DSL/PPPoE services and
Advanced
VOIP Billing System for VoIP services.
Simultaneous Multi-Vendor gateway Support
Advanced Radius may be deployed in a network environment
where VoIP gateways or access servers from different vendors
are working on centralized authentication using radius
protocol. Advanced Radius may easily be configured to
fully serve all multi-vendor gateways with VSA support.
Configurable Logging
Advanced Radius supports multi-level logging for radius
server packet tracing. Low-level logging is very helpful
in identifying configuration errors, when radius is not
handling requests properly. Following are the log levels
in descending order:
| OFF |
No Debugging |
| SEVERE |
Only errors |
| WARNING |
Errors + warnings |
| INFO |
Information about Packets coming and going |
| DEBUG |
Debugging of RADIUS processing. Good for tracing
errors |
| ALL |
Intensive debugging |
Log output can be generated on console and/or text file.
A low log level has great impact on performance, so it
should only be used for testing purposes.
RADIUS Proxy & Roaming
Proxy and roaming service is also provided now. You can
use Advanced Radius as a forwarding proxy server to one
or more radius servers for load balancing and roaming
support. Addition of this feature makes it a good choice
for your large distributed network.
GUI for Configurations
Configuration of advanced radius made easier and quicker
by addition of a user friendly "Radius Configuration
Interface". [screenshot].
|
