Splynx Radius server

Splynx ISP framework consists of different sub-systems. One of the framework’s leading and most essential parts is the Splynx Radius server: PPPoE, DHCP, IPoE, Hotspot, Wireless, or Static IP/MAC authentication. Splynx solution also provides smart bandwidth management, billing other useful features.

Splynx Radius server is used to perform AAA tasks.

  • Authentication – networking equipment checks over the Radius server if the login/password of the connecting device or user is correct. If it matches with an entry in the Radius server, the device or user can access the equipment or get the service.
  • Authorization – defines which actions are allowed for the user or device and its privilege level.
  • Accounting – statistics of the usage of the Internet or information about what was done on equipment.

1. Administrative AAA

1.1. Authentication

With Splynx you can set up administrator access to equipment to check their credentials over the Radius server database.

If their username/password is correct, they will be able to log in to the equipment. If not, they will not get access. This is a very convenient approach compared to local login.

Imagine you hire a new administrator and, in one case, you need to update hundreds of routers, APs, and switches to create a local login everywhere. In another case, you give a new hire one common login/password but must remember to change those credentials when a person leaves the company.

The best-case scenario is to connect all networking devices to the Radius server and verify administrator login using Radius protocol.

1.2. Authorization

Authorization means that different levels of access can be implemented. Some administrators can change the configurations. Some can only view and read config.

1.3. Accounting

Splynx stores information on when the network unit was accessed by an administrator and what was done there.

Check out the tutorials on how to configure admin login using Radius Splynx server on different platforms:

  1. Mikrotik: Radius admin login to Mikrotik routers
  2. Administrative login to Cisco devices

2. Customer’s AAA

Splynx Radius server supports different ways of customers’ central authentication in the network of Internet providers. It always depends on the topology of an ISP and the technology that they decide to use. Access technologies are widely used, their advantages and disadvantages are described below:

  1. PPPoE is easy to maintain and implement. Customer on CPE device setups username and password and all networking settings CPE receive from PPPoE NAS (Network Access Server). PPPoE also provides encryption if needed and accounting for getting statistics of usage. There were issues with MTU in the past, but the main vendors fixed these issues.
  2. IPoE (or DHCP) is based on the client’s MAC address. It also can be linked to the port of switch where a customer is connected (DHCP option 82). Several vendors don’t provide accounting capability (Mikrotik routers).
  3. Wireless Authentication. When an ISP has a wireless network, it needs to maintain access of CPE devices to its Access Points. For this purpose, several wireless authentication methods are used, such as a password inside TDMA protocols or wireless access lists.
  4. Hotspot is used when a customer has to enter their username and password on the webpage before using the Internet. Many hotspot networks allow free limited access and charge customers for additional usage or advanced plans.
  5. Static IP addressing. Some ISPs don’t have central authentication management and set up static IP addresses for CPE devices. With the Mikrotik RouterOS platform, Splynx can manage even customers who have static IPs in Vlan per customer or direct IPv4 connection. Also, Splynx can take out statistics from Mikrotik routers for such customers.

Check out these manuals for different types of user authentication in Splynx:

  1. Mikrotik: DHCP using Radius
  2. Mikrotik: PPPoE and other PPP tunnels using Radius
  3. Mikrotik: Hotspot with Radius
  4. Mikrotik: OpenVPN, Radius
  5. Mikrotik: Static IP addressing with API authentication/accounting
  6. Mikrotik: Local DHCP with Mikrotik API
  7. Ubiquiti: Wireless authentication with Radius
  8. Ubiquiti: PPPoE authentication on Edge Routers
  9. Cisco: PPPoE with Radius
  10. Cambium: Wireless Authentication via Radius
  11. Juniper: PPPoE with Radius server

 

More in Network Management

Network Management How to configure Juniper Radius

Juniper Radius configuration with variables

This article is the second part of the Juniper MX Radius configuration tutorial.

Network Management How to configure Radius Juniper MX

How to configure Radius Juniper MX

Juniper Networks is one of the leading vendors producing networking equipment. Together with Cisco, Juniper defines wher...

Network Management Mikrotik ipv6 configuration

How to configure Mikrotik IPv6

This blog post describes how to configure the Mikrotik router to act as a PPPoE server with IPv6 enabled.

Network Management How to configure Cisco IOS XR Radius in Splynx

How to configure Cisco IOS XR Radius (ASR 9000 series)

We've implemented PPPoE Radius authentication on Cisco one of the most powerful BRASes ASR 9000, that runs the IOS XR op...

Network Management How to configure Juniper Radius server in Splynx

How to configure Juniper Radius server (updated)

This is an updated version of the Radius server configuration with Juniper using variables for speed limitations.

Network Management How to configure Huawei NE (NetEngine) router Radius

How to configure Huawei NE (NetEngine) router Radius

We'll tackle the configuration of the Huawei NE20 and Huawei NE40 router with the Radius server. We will be using Splynx...

Network Management

IPv6 CPE and home routers support

This article shows examples of 3 different CPEs from 3 other vendors. We have selected IPv6 routers that are used in net...

Network Management

Splynx IPv6 support

Starting from the 3.0 version, Splynx has native IPv6 support. In this topic we will cover three main areas of IPv6 depl...

Network Management Huawei GPON configuration

Huawei GPON configuration

In this article, you can find useful commands that help during Huawei GPON configuration.

Network Management How to manage network in Splynx via Radius server and MikroTik API

How to manage network in Splynx via Radius server and MikroTik API

The core of the Splynx ISP Framework covers two important areas of ISP network management – AAA and bandwidth manageme...

Find out how Splynx helps ISPs grow

Learn more