soffcec
asked on
Radius to authenticate DSL user.
I have DSLAM and I connect my DSL routers with DHCP.
Now I want my user to connect with PPP to authenticate.
My routeres accept both static ip Dhcp and PPP.
I have about 300 customer.
I want to use Windows 2003 or Windows 2012 as Radius server
Where is best to begin ?
Now I want my user to connect with PPP to authenticate.
My routeres accept both static ip Dhcp and PPP.
I have about 300 customer.
I want to use Windows 2003 or Windows 2012 as Radius server
Where is best to begin ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We connect our routers to DSLAM who is owned by third party company (TPC).
After we get dsl-sync our mode sends user information and password on the form user@domain.is
to the TPC's radius server who looks at the domanin name (domain.is) and sends the information to our Radius server who confirm the connection.
Our routers uses PPP to connect.
After we get dsl-sync our mode sends user information and password on the form user@domain.is
to the TPC's radius server who looks at the domanin name (domain.is) and sends the information to our Radius server who confirm the connection.
Our routers uses PPP to connect.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Síminn is the company I am going to buy DSL service from and they are going to host the LNS. I am the TSC ISP
Radius server
Who has access to TSC user database
Accept and answars authentications messages from LNS (Radius authentication)
Answars with IP@ for end user.
Accepts Radius Accounting messages from LNS for traceability.
L3 router
Connects with vrf LNS_TSC
Radius communication goes thru this connection and usertraffic to/from LNS
Routes to the Internet (vrf Internet at Símanum or thru others ISP's)
Radius server
Who has access to TSC user database
Accept and answars authentications messages from LNS (Radius authentication)
Answars with IP@ for end user.
Accepts Radius Accounting messages from LNS for traceability.
L3 router
Connects with vrf LNS_TSC
Radius communication goes thru this connection and usertraffic to/from LNS
Routes to the Internet (vrf Internet at Símanum or thru others ISP's)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will run DHCP server and allocate IP addresses to subscribers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I need every use to have static ip address.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I prefer to use only Windows server for the the radius. I am still not understanding all of this. Maybe it is better form to let the DSLAM provider assign the ip addresses.
We need to measure all foreign download usage of the subscriber and today we use his ip address to identify him.
We need to measure all foreign download usage of the subscriber and today we use his ip address to identify him.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would prefer Windows 2012 but I am more familiar with 2003. What do you recommend ?
Whatever you have on hand can be configured to do what you want/need.
It is easier to deal with setting something, rather than discussing the various options.
At this stage you want to use a windows platform for your radius setup.
I find the flexibility available in freeradius + mysql backend. is one thing,
There are many guides on line for whichever system you pick.
My guess you currently have a setup, but would like further control versus what you currently have from the DSLAM provider.
Once you start the configuration/setup process, you'll become more familiar with what is involved and thus have more practical information than can be conveyed in an abstract discussion.
The way the user/accounts need to be configured setup, etc. would guide you.
It is easier to deal with setting something, rather than discussing the various options.
At this stage you want to use a windows platform for your radius setup.
I find the flexibility available in freeradius + mysql backend. is one thing,
There are many guides on line for whichever system you pick.
My guess you currently have a setup, but would like further control versus what you currently have from the DSLAM provider.
Once you start the configuration/setup process, you'll become more familiar with what is involved and thus have more practical information than can be conveyed in an abstract discussion.
The way the user/accounts need to be configured setup, etc. would guide you.
ASKER
Ok. I will ask the DSL provider if he will make a dynamic pool in his LNS, that should take work off me. Am I right ?
ASKER
I ended up with using Windows 2012 NPS and it is working fine.
Start having a look at the report above. Especially the appendices.
Note that when you use PPPoE you have the option of either using a username and password configured on the modem, or you can use Agent Circuit Id that will be added by the DSLAM.