Splynx Radius server

Splynx ISP framework consists of different sub-systems. One of the framework’s leading and most essential parts is the Splynx Radius server: PPPoE, DHCP, IPoE, Hotspot, Wireless, or Static IP/MAC authentication. Splynx solution also provides smart bandwidth management, billing, and other useful features.

Splynx Radius server is used to perform AAA tasks.

  • Authentication – networking equipment checks over the Radius server if the login/password of the connecting device or user is correct. If it matches with an entry in the Radius server, the device or user can access the equipment or get the service.
  • Authorization – defines which actions are allowed for the user or device and its privilege level.
  • Accounting – statistics of the usage of the Internet or information about what was done on equipment.

1. Administrative AAA

1.1. Authentication

With Splynx you can set up administrator access to equipment to check their credentials over the Radius server database.

If their username/password is correct, they will be able to log in to the equipment. If not, they will not get access. This is a very convenient approach compared to local login.

Imagine you hire a new administrator and, in one case, you need to update hundreds of routers, APs, and switches to create a local login everywhere. In another case, you give a new hire one common login/password but must remember to change those credentials when a person leaves the company.

The best-case scenario is to connect all networking devices to the Radius server and verify administrator login using Radius protocol.

1.2. Authorization

Authorization means that different levels of access can be implemented. Some administrators can change the configurations. Some can only view and read config.

1.3. Accounting

Splynx stores information on when the network unit was accessed by an administrator and what was done there.

Check out the tutorials on how to configure admin login using Radius Splynx server on different platforms:

  1. Mikrotik: Radius admin login to Mikrotik routers
  2. Administrative login to Cisco devices

2. Customer’s AAA

Splynx Radius server supports different ways of customers’ central authentication in the network of Internet providers. It always depends on the topology of an ISP and the technology that they decide to use. Access technologies are widely used, their advantages and disadvantages are described below:

  1. PPPoE is easy to maintain and implement. Customer on CPE device setups username and password and all networking settings CPE receive from PPPoE NAS (Network Access Server). PPPoE also provides encryption if needed and accounting for getting statistics of usage. There were issues with MTU in the past, but the main vendors fixed these issues.
  2. IPoE (or DHCP) is based on the client’s MAC address. It also can be linked to the port of switch where a customer is connected (DHCP option 82). Several vendors don’t provide accounting capability (Mikrotik routers).
  3. Wireless Authentication. When an ISP has a wireless network, it needs to maintain access of CPE devices to its Access Points. For this purpose, several wireless authentication methods are used, such as a password inside TDMA protocols or wireless access lists.
  4. Hotspot is used when a customer has to enter their username and password on the webpage before using the Internet. Many hotspot networks allow free limited access and charge customers for additional usage or advanced plans.
  5. Static IP addressing. Some ISPs don’t have central authentication management and set up static IP addresses for CPE devices. With the Mikrotik RouterOS platform, Splynx can manage even customers who have static IPs in Vlan per customer or direct IPv4 connection. Also, Splynx can take out statistics from Mikrotik routers for such customers.

More in Network management

Network management

Hardware Backup & Change Management in Splynx

Maintaining network stability and reliability is paramount for both ISPs and their valued customers. To address this, Sp...

Network management bandwidth management

Bandwidth management in Splynx

As a local ISP business owner, ensuring efficient bandwidth management is crucial for maintaining customer satisfaction ...

Network management Splynx network management

Streamlining network management: A closer look at Splynx’s capabilities

Efficient network management is essential for ISPs to deliver reliable and high-quality services to their customers. Wit...

Network management Network topology failover server

Overview of RADIUS failover server

One of the methods used to authorize Internet services in Splynx is the RADIUS protocol. More details about the Splynx R...

Network management Below is the topology sample that depicts the captured flow of how Splynx and NetFlow accounting work.

How to configure NetFlow accounting in Splynx

Learn how to configure NetFlow accounting to to bring usage data into Splynx.

Network management Hotspot add-on in Splynx 4.0

Hotspot add-on in Splynx 4.0

The Hotspot add-on was built to help businesses from low-income communities grow and earn more.

Network management How to configure Juniper Radius

Juniper Radius configuration with variables

This article is the second part of the Juniper MX Radius configuration tutorial.

Network management How to configure Radius Juniper MX

How to configure Radius Juniper MX

Juniper Networks is one of the leading vendors producing networking equipment. Together with Cisco, Juniper defines wher...

Network management Mikrotik ipv6 configuration

How to configure Mikrotik IPv6

This blog post describes how to configure the Mikrotik router to act as a PPPoE server with IPv6 enabled.

Network management How to configure Cisco IOS XR Radius in Splynx

How to configure Cisco IOS XR Radius (ASR 9000 series)

We've implemented PPPoE Radius authentication on Cisco one of the most powerful BRASes ASR 9000, that runs the IOS XR op...

Find out how Splynx helps ISPs grow

Learn more