In this webinar, we started the discussion from the introduction of radius, AAA concept, and typical RADIUS implementation. We then move forward on example configuration on NAS (to connect to radius), radius server (to allow NAS query the RADIUS server), creating services on radius server, and last create account on radius server. At the end of presentation, we discuss about the benefits of using GLC radius compared to traditional radius server. The recording is available on youtube (GLC Networks Channel): https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg

1. www.glcnetworks.com
Integrating radius with
GLC webinar, 21 september 2017
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
1

2. www.glcnetworks.com
Agenda
● Introduction
● Radius
● Radius on RouterOS
● GLC radius
● Demo
● Q & A
2

3. www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● An Indonesian company
● Located in Bandung
● Areas: Training, IT Consulting
● Mikrotik Certified Training Partner/Consultant/Distributor
● Ubiquiti Certified Trainer/Consultant
● RedHat Certified Trainer
3

4. www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new
year with solaris OS)
● As a sharing event with various
topics: linux, networking, wireless,
database, programming, etc
● Regular schedule: every 2 weeks
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/main/sc
hedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
4

5. www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user (since 1999), Mikrotik user (since 2007),
ubnt user (since 2011)
● Certified Trainer (Mikrotik, Ubiquiti, Redhat)
● Certified Consultant
● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
● Personal website: http://achmadjournal.com
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5

6. www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
6

7. www.glcnetworks.com
RADIUS
7

8. www.glcnetworks.com
What is RADIUS?
● Remote Authentication Dial-In User
Service (RADIUS)
● Client/server protocol
● Is used for AAA (authentication,
authorization, accounting)
● Created by Livingston (now owned by
Lucent)
● de facto industry standard used by a
number of network product companies
and is a proposed IETF standard.
● RFC 2865
● RFC 2866 (RADIUS accounting)
8

9. www.glcnetworks.com
RADIUS implementation
● Consist of:
○ Radius server
○ NAS (Network Access Server). usually has 2
interfaces:
■ To radius server
■ To user
● Using UDP protocol
● Can be used with many technology at
NAS: (hotspot, pptp, pppoe, etc)
9
RADIUS
server
NAS
NAS NAS

10. www.glcnetworks.com
AAA security
• Authentication: only registered user can
access the network. Could be
– What you know: username and password
– What you have: token, sms
– What you are: retina scan, fingerprint
• Authorization: define rights of a user
– Access control
– Data access control
– Restriction
– Type of Service
• Accounting: recording of what user is
doing (useful for billing/reporting)
– Traffic volume
– Online time
– Session
– Log: login, logout
10

11. www.glcnetworks.com
RADIUS benefits
● An open and scalable solution
● Broad support by a large vendor base
● Easy modification
● Centralised AAA
● Separation of security and communication processes
● Adaptable to most security systems
● Workable with any client device that supports the protocol
● Very simple client implementation
11

12. www.glcnetworks.com
Radius softwares
● Freeradius (open source) → the radius engine only (without user interface)
● GLC radius (freeradius + web interface)
● User manager (mikrotik product)
● Blablabla radius (usually consist of freeradius + web interface)
12

13. www.glcnetworks.com
Radius on RouterOS
13

14. www.glcnetworks.com
Mikrotik services that can be supported by radius
● PPP
○ Provide authentication of PPPOE, PPTP, SSTP,
etc
● Hotspot
○ Provide authentication of hotspot user
● DHCP
○ To allow registered MAC address only
● Login
○ Provide authentication to access mikrotik devices
● Wireless
○ To allow registered MAC address accessing our
network
14

15. www.glcnetworks.com
Configure RouterOS to query radius manager
● Service: define services supported by
radius manager
● Server address: IP address of Radius
server
● Secret: secret word defined by radius
manager
15

16. www.glcnetworks.com
Configure GLC radius to allow NAS query
● NAS name: name your your NAS
● IP address: IP address of your
NAS (usually IP address on the
interface that points to radius
server)
● Type: NAS type. E.g. mikrotik
● Secret: secret word that is used
by both NAS and radius server
● API username: username on
RouterOS for API access
● API password: password for API
user on RouterOS
16

17. www.glcnetworks.com
Note: proprietary features
● Radius specification allows specific implementation of vendor
● Proprietary features -> the NAS from vendor X has feature Y, which can be
activated if the radius server is from vendor X too
● Sometimes it's not open to public
● See vendor dictionary/attributes
17
pic: arubanetworks.com

18. www.glcnetworks.com
GLC radius
18

19. www.glcnetworks.com
GLC radius software
● Based on freeradius, MySQL, PHP
● Recommended to run on linux
● Unlimited user (can support 10000+ user)
● Support prepaid, postpaid
● Stable -> it works well
● Support voucher system
19

20. www.glcnetworks.com
Configuration on GLC radius (create services)
● Create service on GLC radius
● Its recommended to use table
● List of services that you sell to your customer
20
Service
name
Quota (MB) Online
time
datarate Price (USD)
download upload total download upload
bronze 5GB 10mbps 5
silver 10GB 10mbps 10
gold 15GB 10mbps 15
unlimited 2mbps 20

21. www.glcnetworks.com
Configuration on GLC radius (create user)
● Username
● Account type
● Password
● IP address mode CPE
○ NAS pool
○ IP pool (pool on radius manager)
○ Static IP
● Simultaneous user
● Service:
○ Bronze / silver / gold
21

22. www.glcnetworks.com
GLC radius in action
● We can monitor user status (online / offline)
● GLC radius will create queue on RouterOS automatically for each user based
on their service
22

23. www.glcnetworks.com
Simultaneous user on quota
● Example: an account has 4 simultaneous usage, with max download quota of
400MB.
● 4 devices connected using same account, and each device download 100MB
in 10 minutes.
● This means
○ each 4 devices will reduce the quota simultaneously. 4 x 100MB = 400MB
○ Therefore, In 10 minutes, quota is empty, and account will be expired
23

24. www.glcnetworks.com
Simultaneous user on data rate
● Example: an account has 4 simultaneous usage, with data rate of 10mbps
● 4 devices connected using same account
● In traditional radius manager:
○ each device will get 10 mbps
○ If all devices are active simultaneously, total consumption of data rate is 10 x 4 = 40mbps
● In GLC radius, we can do:
○ each 4 devices will be grouped as one
○ Therefore each device will get 10mbps / 4 = 2.5 mbps
○ total consumption of data rate is 10mbps
24

25. www.glcnetworks.com
Benefits of GLC radius
● Supports API -> which can create custom data rate
● Supports voucher based access
● Supports topup
● Support pool and address-list -> this is important!! E.g. sharing the speed of
simultaneous user
● Support prepaid and postpaid
● Etc
If you are interested, please send email: contact@glcnetworks.com
25

26. www.glcnetworks.com
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
26

27. www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: “GLC networks”
● Slide: http://www.slideshare.net/r41nbuw
● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg
● Stay tune with our schedule
27