Professional Documents
Culture Documents
Module Objectives
Supported platforms History
8950 AAA
A AAA (Authentication, Authorization & Accounting) software package
Compliance with RADIUS and Diameter IETF RFCs pronounced Triple A
Based on Java
Platform independent
Flexible and extensible
FreeRadius 1.1
Livingston
1992 Ascend buys Livingston
NavisRadius 1.3
Based on FreeRadius
NavisRadius 3.x
With Java, multiplatform and new engine (PolicyFlow) 2000
PortAuthority 2.1
Lucent
VitalAAA 5.1
= IPAMv2 + TACACS + Lawful Intercept 12/2006
VitalAAA 5.0
= Diameter support + HTTPS/SSH 3/2006
NavisRadius 4.0
= NR3.2 + GUI enhancements
NavisRadius 4.2
= Change in USS architecture + dictionary in XML
NavisRadius 4.3->4.5
= Wi-Fi support (MD5, GTC, TLS, TTLS/PEAP, SIM, etc.)
2001
SMT/Config Server
Plug-Ins
Data I/O DHCP JDBC Password file etc. Logical Flow and decision Making Other AAA servers
telnet client
ssh client
Adm
Browser (HTTP[S])
Policy Server +
USS
Utilities
Lawful Intercept Server
TCP: 9389
Functionality Overview
Processes authentication & accounting requests Invokes the method engine Starts the web server Starts the Telnet/SSH CLI servers Logs events Maintain port usage information Identify session limit violations Monitor user RADIUS / sessions USS+ May assigns IPs Diameter /
TACACS+ PolicyServer
7 | Introduction to 8950 AAA
IPAM
User
PSTN
. . .
AAA Remote ISP Local AAA server #2 LDAP Directories or Database Servers
Remote Management
Via telnet/ssh and modifying configuration files Using the SMT With a Command Line Interface (CLI) All remote management traffic can be encrypted with SSH or SSL
9 | Introduction to 8950 AAA
All Rights Reserved Alcatel-Lucent 2007
PF
PA
Configuration Time
you design exactly the processing steps you need, in the order you need them.
PolicyAssistant (PA)
Simplifies configuration, for small ISP or companies (predefined policy flow plus predefined provisioning) Handles 80% of simple configuration needs
Otherwise, use PolicyFlow
Remote servers
Remote database (SQL) or RADIUS servers (proxy-RADIUS)
Time-of-Day restrictions
And automatic calculation of Session-Timeout
Multiple Dictionaries
To meet specific characteristics of each NAS or remote RADIUS server (when proxying)
12 | Introduction to 8950 AAA
All Rights Reserved Alcatel-Lucent 2007
Troubleshooting facilities
Complete customizable logging facilities
per message area Conditional logging based on AAA attributes
for specific users-name, realms, calling numbers, called numbers
Multiple logging levels Multiple places where logs can be sent (file, syslog, SNMP trap, )
server
Local in NAS
15 | Introduction to 8950 AAA
[HA-]IPAM
All Rights Reserved Alcatel-Lucent 2007
Supported Platforms
Server + SMT (GUI):
Solaris SPARC & x86: from 2.7 to 2.10 HP-UX 11.0 Compaq/DEC TRU-64 UNIX RedHat Enterprise Linux Windows 2000, 2003 & XP
May enforce limits on any of these counters Optionally, it can have redundancy (HA-USS) Optionally, the session and counters info can also be read via LDAP interface Optionally, it can assign dynamic IP addresses (IPAM)
18 | Introduction to 8950 AAA
All Rights Reserved Alcatel-Lucent 2007
Editors Choice and Best Value for the Enterprise RADIUS servers. (2005)
*
20 | Introduction to 8950 AAA
All Rights Reserved Alcatel-Lucent 2007
Installed base
8950 AAA is deployed in over 4,000 service providers, enterprise and government networks around the world. Customers range from:
small businesses and enterprises and universities
offering remote dial-in and wireless access services, to
wholesale operators selling ports to downstream customers, major wireless service providers, and
global Internet service providers.
1XEV-DO
http://
802.1x