Splynx ISP framework consists of different sub-systems. One of the main and most important parts of framework is Splynx Radius server. PPPoE, DHCP, IPoE, Hotspot, Wireless or Static IP/MAC authentication. Splynx solution also provides smart bandwidth management and other useful features.
Splynx Radius server is used to perform AAA tasks.
Authentication – Networking equipment perform check over Radius server if login/password of connecting device or user is correct. If it matches with entry in Radius server, device or user is able to access the equipment or get the service.
Authorization – defines which actions are allowed for user or device and it’s privilege level.
Accounting – statistics of usage of Internet or information about what was done on equipment.
1. Administrative AAA.
Authentication: With Splynx you can setup that when administrator accesses equipment, his credentials will be checked over Radius server database.
If his username/password is correct, he will be able to login to equipment. If not, he will not get access. This is very convenient approach comparing to local login.
Imagine when you hire new administrator and you need to update hundreds of routers, APs and switches to create him local login everywhere.
Or you can give hime one common login/password, but when person leaves the company, you should change that credentials everywhere.
Better is to connect all networking devices to Radius server and verify administrator login using Radius protocol.
Authorization: means that different levels of access can be implemented. Some administrators can change the configurations, some can only view and read config.
Accounting: Splynx stores information of when the network unit was accessed by administrator and what was done there.
Below are tutorials showing how to configure admin login using Radius Splynx server on different platforms :
2. Customer’s AAA.
Splynx Radius server supports different ways of customers’ central authentication in the network of Internet provider. It always depends on topology of an ISP and technology that he decides to use. Access technologies are widely used and their advantages and disadvantages are described below:
PPPoE – easy to maintain and implement. Customer on CPE device setups username and password and all networking settings CPE receives from PPPoE NAS (Network Access Server). Also provides encryption if needed and accounting for getting statistics of usage. Had issues with MTU in past, but in last years these issues were fixed by main vendors.
IPoE (or DHCP) – DHCP is based on MAC address of client. Also can be linked to port of switch were customer is connected (DHCP option 82). In several vendors don’t provide accounting capability (Mikrotik routers).
Wireless Authentication – when ISP has a wireless network, he needs to maintain access of CPE devices to his Access Points. For this purpose several wireless authentication methods are used, such as a password inside TDMA protocols or wireless access-lists.
Hotspot – customer has to enter his username and password on the webpage before using the Internet. Many hotspot networks allow free limited access and then charge customers for addtional usage or advanced plans.
Static IP addressing – some ISPs don’t have central management of authentication and setup static IP addresses to CPE devices. With Mikrotik RouterOS platform Splynx can manage even customers who’s got static IPs in Vlan per customer or plain IPv4 connection. Also Splynx can grab statistics from Mikrotik routers for such customers.
Below are manuals for different types of user authentication in Splynx ISP Framework :