We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySierra Flanagan
Modified over 3 years ago
8950 AAA Overview
All Rights Reserved © Alcatel-Lucent 2007 2 | Introduction to 8950 AAA Module Objectives Supported platforms History 8950 AAA Features Standards Compliance & Awards
All Rights Reserved © Alcatel-Lucent 2007 3 | Introduction to 8950 AAA 8950 AAA A AAA (Authentication, Authorization & Accounting) software package Compliance with RADIUS and Diameter IETF RFCs pronounced Triple A Formerly known as: Vital AAA, and NavisRadius Based on Java Platform independent Flexible and extensible
All Rights Reserved © Alcatel-Lucent 2007 4 | Introduction to 8950 AAA 8950 AAA Evolution (I) FreeRadius 1.1 ©Livingston Ascend Access Control ©Ascend Ascend buys Livingston NavisRadius 1.3 Based on FreeRadius PortAuthority 2.1 ©Lucent Lucent buys Ascend NavisRadius 3.x With Java, multiplatform and new engine (PolicyFlow) NavisRadius 3.x With Java, multiplatform and new engine (PolicyFlow) 2000 1999 1992
All Rights Reserved © Alcatel-Lucent 2007 5 | Introduction to 8950 AAA 8950 AAA Evolution (II) NavisRadius 4.0 = NR3.2 + GUI enhancements NavisRadius 4.0 = NR3.2 + GUI enhancements 2001 NavisRadius 4.2 = Change in USS architecture + dictionary in XML NavisRadius 4.2 = Change in USS architecture + dictionary in XML NavisRadius 4.3->4.5 = Wi-Fi support (MD5, GTC, TLS, TTLS/PEAP, SIM, etc.) NavisRadius 4.3->4.5 = Wi-Fi support (MD5, GTC, TLS, TTLS/PEAP, SIM, etc.) VitalAAA 5.0 = Diameter support + HTTPS/SSH VitalAAA 5.0 = Diameter support + HTTPS/SSH 3/2006 12/2006 Alcatel merges with Lucent VitalAAA 5.1 = IPAMv2 + TACACS + Lawful Intercept VitalAAA 5.1 = IPAMv2 + TACACS + Lawful Intercept VitalAAA 5.2 = DHCPv6 + IPv6 MIBs + cron-based PF + EAP-FAST VitalAAA 5.2 = DHCPv6 + IPv6 MIBs + cron-based PF + EAP-FAST 4/2007 8950 AAA 6.0 = UUS2 + File Replication + WiMAX policy flow 8950 AAA 6.0 = UUS2 + File Replication + WiMAX policy flow 3/2008
All Rights Reserved © Alcatel-Lucent 2007 6 | Introduction to 8950 AAA AAA Components and communication ports aaa-cmd Policy Server + USS SMT/Config Server Plug-Ins Data I/O DHCP JDBC Password file etc. Data I/O DHCP JDBC Password file etc. Logical Flow and decision Making Utilities GUI GUI = SMT TCP:9020 UDP:1812, 1813, 3799 TCP:9023 Adm TCP:9097,9099 SNMP Ag. UDP: 9161 SNMP client Web Serv Browser (HTTP[S]) TCP: 9080 Other AAA servers TCP:3868 RADIUS Test Client Diam. Test Client telnet client ssh client TCP:9023 TCP:9022 SQL DB TCP: 9001 LDAP USS TCP: 9389 SQL client (SMT) LDAP/LDIF client Lawful Intercept Server TACACS+ Test Client TCP:49 TCP:9021
All Rights Reserved © Alcatel-Lucent 2007 7 | Introduction to 8950 AAA RADIUS / Diameter / TACACS+ PolicyServer Functionality Overview Processes authentication & accounting requests Invokes the method engine Starts the web server Starts the Telnet/SSH CLI servers Logs events USS+ IPAM Maintain port usage information Identify session limit violations Monitor user sessions May assigns IPs
All Rights Reserved © Alcatel-Lucent 2007 8 | Introduction to 8950 AAA Logical System View AAA Remote ISP Local AAA server #1 Local AAA server #2 Universal StateServer LDAP Directories or Database Servers NAS...... User PSTN the Internet
All Rights Reserved © Alcatel-Lucent 2007 9 | Introduction to 8950 AAA Management and Control Features 8950 AAA Server Management Tool (SMT) Graphical User interface (GUI) Provides server administration and statistics Local or Remote (via Configuration Server) Remote Management Via telnet/ssh and modifying configuration files Using the SMT With a Command Line Interface (CLI) All remote management traffic can be encrypted with SSH or SSL
All Rights Reserved © Alcatel-Lucent 2007 10 | Introduction to 8950 AAA PolicyFlow and PolicyAssistant PolicyFlow (PF) extensible plug-in software architecture enabling the construction of flexible AAA policies to be able to meet any AAA requirements you design exactly the processing steps you need, in the order you need them. PolicyAssistant (PA) Simplifies configuration, for small ISP or companies (predefined policy flow plus predefined provisioning) Handles 80% of simple configuration needs Otherwise, use PolicyFlow Has a graphical wizard to define policies Configuration Time What can be done PF PA
All Rights Reserved © Alcatel-Lucent 2007 11 | Introduction to 8950 AAA 8950 AAA Major Features (I) Storage of users profiles Local text files SQL server (local built-in (HSQL) or remote) LDAP server HTTP server RADIUS server (proxy RADIUS) Storage of accounting logs Local text files Allows definition of any file format (Classic, Delimited or Fixed) Remote servers Remote database (SQL) or RADIUS servers (proxy-RADIUS)
All Rights Reserved © Alcatel-Lucent 2007 12 | Introduction to 8950 AAA 8950 AAA Major Features (II) Proxy-RADIUS Ability to modify/add/remove any attribute sent/received from the remote server Secure external authentication in token card servers SecurID/ACE (RSA) SafeWord (Secure Computing) Time-of-Day restrictions And automatic calculation of Session-Timeout Wide EAP support EAP-MD5, EAP-GTC, EAP-LEAP, EAP-MsChapV2, EAP-TLS (and TTLS and PEAP), EAP-SIM/AKA, EAP-FAST Multiple Dictionaries To meet specific characteristics of each NAS or remote RADIUS server (when proxying)
All Rights Reserved © Alcatel-Lucent 2007 13 | Introduction to 8950 AAA 8950 AAA Major Features (III) Pre-authentication for dial-up SNMP support for statistics (v1, v2 & v3) Standard RFCs for RADIUS auth+acct (server and client): 4668, 4669, 4670, 4671 Built-in SQL database for users and accounting data storage
All Rights Reserved © Alcatel-Lucent 2007 14 | Introduction to 8950 AAA Troubleshooting facilities Complete customizable logging facilities per message area Conditional logging based on AAA attributes for specific users-name, realms, calling numbers, called numbers… Multiple logging levels Multiple places where logs can be sent (file, syslog, SNMP trap, …) Client Testing tools, with CLI and GUI To simulate the connection of any user from any NAS with any condition (any AAA AVP) RADIUS TestClient & NAS-simulator, TACACS+ TestClient Diameter TestClient
All Rights Reserved © Alcatel-Lucent 2007 15 | Introduction to 8950 AAA IP address assignment for users Local management by the NAS Simple built-in address manager USS-based advanced IP Address Manager (IPAM) With optional redundancy and High-Availability Pools can be defined without restarting the server Different pools can have overlapping IP addresses IPv4 addresses and IPv6 prefixes External DHCP server selecting any DHCP option for a pool selection DHCPRADIUSPPP [HA-]IPAM Simple Address Manager DHCP server Local in NAS
All Rights Reserved © Alcatel-Lucent 2007 16 | Introduction to 8950 AAA AAA protocol translator and proxy Any translation can be made between different protocols RADIUS TACACS+ RADIUS Diameter TACACS+ Diameter Due to the flexibility of the PolicyFlow language Can receive AAA information in any protocol, and can generate outgoing AAA packets in any protocol RADIUS Diameter TACACS+ RADIUS Diameter TACACS+ Translation Agent Proxy
All Rights Reserved © Alcatel-Lucent 2007 17 | Introduction to 8950 AAA Supported Platforms Server + SMT (GUI): Solaris SPARC & x86: from 2.7 to 2.10 HP-UX 11.0 Compaq/DEC TRU-64 UNIX RedHat Enterprise Linux Windows 2000, 2003 & XP MacOS: from 10.2 to 10.4 Java Virtual Machine (JRE, SDK or J2SE) J2SE 5.0
All Rights Reserved © Alcatel-Lucent 2007 18 | Introduction to 8950 AAA Universal StateServer (USS) = Session Manager Keeps a database of NAS and Port usage To maintain sessions information Maintains counters for resource usage: User Name Called Number (DNIS) Realm Arbitrary criteria: ISP Name, Department, Region, Affinity group, etc. May enforce limits on any of these counters Optionally, it can have redundancy (HA-USS) Optionally, the session and counters info can also be read via LDAP interface Optionally, it can assign dynamic IP addresses (IPAM)
All Rights Reserved © Alcatel-Lucent 2007 19 | Introduction to 8950 AAA Best Authentication Server & Security Product of the Year 8950 AAA awards (I) Network Computing Best Authentication Server, for 2 years in a row (2004 & 2005) Well-Connected Award for outstanding networking products and services. (2004) Overall Security product of the year (2005) from more than 27 security products in 9 different security categories. Editors Choice and Best Value for the Enterprise RADIUS servers. (2005) Best Authentication Server
All Rights Reserved © Alcatel-Lucent 2007 20 | Introduction to 8950 AAA 8950 AAA awards (II) 3GSM World Congress (2006) in Barcelona (Spain), Highly Commended Award for Innovation in GSM Roaming. by enabling a GSM operator to deliver a service that allows GSM mobile users to use their home broadband network to initiate and accept and roam between the home and GSM networks without dropping the call! *
All Rights Reserved © Alcatel-Lucent 2007 21 | Introduction to 8950 AAA Installed base 8950 AAA is deployed in over 4,000 service providers, enterprise and government networks around the world. Customers range from: small businesses and enterprises and universities offering remote dial-in and wireless access services, to government departments and agencies, wholesale operators selling ports to downstream customers, major wireless service providers, and global Internet service providers.
All Rights Reserved © Alcatel-Lucent 2007 22 | Introduction to 8950 AAA Standards Compliance (I) http:// 802.1x 1XEV-DO
All Rights Reserved © Alcatel-Lucent 2007 23 | Introduction to 8950 AAA RADIUS Standards Compliance (II)
All Rights Reserved © Alcatel-Lucent 2007 24 | Introduction to 8950 AAA RADIUS Standards Compliance (III)
Installation. All Rights Reserved © Alcatel-Lucent | Installation Module Objectives Installation Startup and process monitoring Uninstallation.
Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Chapter 1: Introduction to Scaling Networks
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
RADIUS What it is Remote Authentication Dial-In User Service A client/Server security Protocol Created by Livingston Enterprises Inc. An Internet.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Implementing Network Access Protection
Inter WISP WLAN roaming
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
The Server Management Tool (SMT). All Rights Reserved © Alcatel-Lucent | SMT Module Objectives SMT Overview and architecture How to start the SMT.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Computer Networks TCP/IP Protocol Suite.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
What’s New in Fireware XTM v11.9.1
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
All rights reserved © 2005, Alcatel Grid services over IP Multimedia Subsystem Antoine Pichot, Olivier Audouin, Alcatel GridNets ’06.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I IP ADDRESSING AND SUBNETS Derived From CCNA Network Fundamentals.
Module 11: Remote Access Fundamentals
Technical Overview July, 2004.
Module 5: Configuring Access for Remote Clients and Networks.
powerful network monitoring & management solution
What’s New in Fireware XTM v11.3.4
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
Back Office Support System(BOSS) of High Speed Internet Service Myeong Hwan Park
Module 8: Configuring Network Access Protection
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
© 2017 SlidePlayer.com Inc. All rights reserved.