2010-3Q: SIMPLer: Radius Server Integration
Note: Complete Radius Integration description can be found in document #12 under:
1. Solution Overview
A feature has been added that allows a SIMPLer operator to integrate with equipment / networks supporting RADIUS (Remote Authentication Dial In User Service) based AAA servers. Radius is a networking protocol providing centralized Authentication, Authorization, and Accounting (AAA) management information services for computers to connect and use a network service.
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
The solution is based on a freeRADIUS software release which is a de facto standard for majority of current RADIUS server deployments. Every SIMPLer server has a freeRadius instance installed on it and will listen for authentication requests on port 1812 and accounting data on port 1813. Note that only the host specified in the NAS table will be allowed to use the SIMPLer server embedded RADIUS services.
SIMPLer software can also interface with external freeRADIUS database giving a full flexibility when integrating. In some cases operator may prefer to use his own freeRADIUS server as to some specific configuration set on the server. In such case the only thing required from SIMPLer perspective would be a remote access to radius database. Both postgreSQL and MySQL is supported (other interfaces can be added if required).