Welcome to weblogs.com.pk Sign in | Join | Help

RADIUS

I have been involved in a work that revolves around RADIUS, Remote Authentication Dial In User Service; one of the oldest protocols in the ISP industry. This protocol is used for AAA, Authentication, Authorization and Accounting.

 

RADIUS in simple is set of grammar to define attributes and their possible values, a format of packet in which multiple attributes are passed and a handshake type protocol for the communication that occurs between RADIUS server and NAS, Network Access Server at different levels in the session.

 

NAS can be a typical PC with a modem (RRAS on Windows for instance), analog access servers that supports multiple modem, the modern day access servers for PRIs (the signaling system TELCOs use), the wireless access point, the Subscriber Management Systems (SMS) used in Broadband ISPs or VPN servers (PPTP, PPPoE Servers).

 

Whenever I think, “phew, we are done with RADIUS, it’s of no new use, let’s move on with something else” soon we discover its new use J Read on!

 

CISCO is offering NetFlow, they call it, Network Accounting Technology, which maintains records of IP network traffic and answers questions of “who”, “what”, “where”, “when” and “how”. I am eager, when my organization (ISP) will start using it. It will be fun to work with it!

 

Published Saturday, January 15, 2005 6:38 PM by khurram

Comments

# re: RADIUS

Sunday, January 16, 2005 10:02 AM by Masood Ahmad
I have been worked with netflow for generating traffic graphs. I will suggest better to use ip nbar instead netflow.
When you will start netflow process on router sometimes you will see the usage of CPU may be more than 70%.
OR
Router has insufficient or excessively fragmented memory to enable netflow.

According to CISCO theory,CPU usage for router should be less than 50%. I think CISCO people still have to do many things with netflow or may be they are going to replace netflow with ip nbar.
It may also be undesirable to enable netflow when there are multiple ingress interfaces and only one egress interface on the router because netflow accounting is done on the ingress path. In this case, it is better to enable IP accounting on the lone egress interface.
Before starting NetFlow process, be ready to face hurldes like shown below.

1.Provides inbound traffic analysis only.
2.An increase in network traffic along the path between the configured routers and the NetFlow collectors.
3.A less significant increase in network traffic along the path between the NetFlow collectors and the management/reporter console.
4.Only IP traffic is supported.


I will suggest better to use RMON2 :)

# re: RADIUS

Wednesday, February 2, 2005 3:45 PM by selfTruehttp:
I have no trouble tracking outgoing traffic with netflow. What makes you think it can't do that?

The amount of traffic between the router(s) and the netflow collectors is very small, compared with the overall network traffic. It's simply not a problem. Also, the management console is just a web app running on the collector.
New Comments to this post are disabled