SlideShare a Scribd company logo
www.glcnetworks.com
Integrating radius with
GLC webinar, 21 september 2017
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
1
www.glcnetworks.com
Agenda
● Introduction
● Radius
● Radius on RouterOS
● GLC radius
● Demo
● Q & A
2
www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● An Indonesian company
● Located in Bandung
● Areas: Training, IT Consulting
● Mikrotik Certified Training Partner/Consultant/Distributor
● Ubiquiti Certified Trainer/Consultant
● RedHat Certified Trainer
3
www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new
year with solaris OS)
● As a sharing event with various
topics: linux, networking, wireless,
database, programming, etc
● Regular schedule: every 2 weeks
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/main/sc
hedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
4
www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user (since 1999), Mikrotik user (since 2007),
ubnt user (since 2011)
● Certified Trainer (Mikrotik, Ubiquiti, Redhat)
● Certified Consultant
● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
● Personal website: http://achmadjournal.com
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5
www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
6
www.glcnetworks.com
RADIUS
7
www.glcnetworks.com
What is RADIUS?
● Remote Authentication Dial-In User
Service (RADIUS)
● Client/server protocol
● Is used for AAA (authentication,
authorization, accounting)
● Created by Livingston (now owned by
Lucent)
● de facto industry standard used by a
number of network product companies
and is a proposed IETF standard.
● RFC 2865
● RFC 2866 (RADIUS accounting)
8
www.glcnetworks.com
RADIUS implementation
● Consist of:
○ Radius server
○ NAS (Network Access Server). usually has 2
interfaces:
■ To radius server
■ To user
● Using UDP protocol
● Can be used with many technology at
NAS: (hotspot, pptp, pppoe, etc)
9
RADIUS
server
NAS
NAS NAS
www.glcnetworks.com
AAA security
• Authentication: only registered user can
access the network. Could be
– What you know: username and password
– What you have: token, sms
– What you are: retina scan, fingerprint
• Authorization: define rights of a user
– Access control
– Data access control
– Restriction
– Type of Service
• Accounting: recording of what user is
doing (useful for billing/reporting)
– Traffic volume
– Online time
– Session
– Log: login, logout
10
www.glcnetworks.com
RADIUS benefits
● An open and scalable solution
● Broad support by a large vendor base
● Easy modification
● Centralised AAA
● Separation of security and communication processes
● Adaptable to most security systems
● Workable with any client device that supports the protocol
● Very simple client implementation
11
www.glcnetworks.com
Radius softwares
● Freeradius (open source) → the radius engine only (without user interface)
● GLC radius (freeradius + web interface)
● User manager (mikrotik product)
● Blablabla radius (usually consist of freeradius + web interface)
12
www.glcnetworks.com
Radius on RouterOS
13
www.glcnetworks.com
Mikrotik services that can be supported by radius
● PPP
○ Provide authentication of PPPOE, PPTP, SSTP,
etc
● Hotspot
○ Provide authentication of hotspot user
● DHCP
○ To allow registered MAC address only
● Login
○ Provide authentication to access mikrotik devices
● Wireless
○ To allow registered MAC address accessing our
network
14
www.glcnetworks.com
Configure RouterOS to query radius manager
● Service: define services supported by
radius manager
● Server address: IP address of Radius
server
● Secret: secret word defined by radius
manager
15
www.glcnetworks.com
Configure GLC radius to allow NAS query
● NAS name: name your your NAS
● IP address: IP address of your
NAS (usually IP address on the
interface that points to radius
server)
● Type: NAS type. E.g. mikrotik
● Secret: secret word that is used
by both NAS and radius server
● API username: username on
RouterOS for API access
● API password: password for API
user on RouterOS
16
www.glcnetworks.com
Note: proprietary features
● Radius specification allows specific implementation of vendor
● Proprietary features -> the NAS from vendor X has feature Y, which can be
activated if the radius server is from vendor X too
● Sometimes it's not open to public
● See vendor dictionary/attributes
17
pic: arubanetworks.com
www.glcnetworks.com
GLC radius
18
www.glcnetworks.com
GLC radius software
● Based on freeradius, MySQL, PHP
● Recommended to run on linux
● Unlimited user (can support 10000+ user)
● Support prepaid, postpaid
● Stable -> it works well
● Support voucher system
19
www.glcnetworks.com
Configuration on GLC radius (create services)
● Create service on GLC radius
● Its recommended to use table
● List of services that you sell to your customer
20
Service
name
Quota (MB) Online
time
datarate Price (USD)
download upload total download upload
bronze 5GB 10mbps 5
silver 10GB 10mbps 10
gold 15GB 10mbps 15
unlimited 2mbps 20
www.glcnetworks.com
Configuration on GLC radius (create user)
● Username
● Account type
● Password
● IP address mode CPE
○ NAS pool
○ IP pool (pool on radius manager)
○ Static IP
● Simultaneous user
● Service:
○ Bronze / silver / gold
21
www.glcnetworks.com
GLC radius in action
● We can monitor user status (online / offline)
● GLC radius will create queue on RouterOS automatically for each user based
on their service
22
www.glcnetworks.com
Simultaneous user on quota
● Example: an account has 4 simultaneous usage, with max download quota of
400MB.
● 4 devices connected using same account, and each device download 100MB
in 10 minutes.
● This means
○ each 4 devices will reduce the quota simultaneously. 4 x 100MB = 400MB
○ Therefore, In 10 minutes, quota is empty, and account will be expired
23
www.glcnetworks.com
Simultaneous user on data rate
● Example: an account has 4 simultaneous usage, with data rate of 10mbps
● 4 devices connected using same account
● In traditional radius manager:
○ each device will get 10 mbps
○ If all devices are active simultaneously, total consumption of data rate is 10 x 4 = 40mbps
● In GLC radius, we can do:
○ each 4 devices will be grouped as one
○ Therefore each device will get 10mbps / 4 = 2.5 mbps
○ total consumption of data rate is 10mbps
24
www.glcnetworks.com
Benefits of GLC radius
● Supports API -> which can create custom data rate
● Supports voucher based access
● Supports topup
● Support pool and address-list -> this is important!! E.g. sharing the speed of
simultaneous user
● Support prepaid and postpaid
● Etc
If you are interested, please send email: contact@glcnetworks.com
25
www.glcnetworks.com
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
26
www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: “GLC networks”
● Slide: http://www.slideshare.net/r41nbuw
● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg
● Stay tune with our schedule
27

More Related Content

More from Achmad Mardiansyah

Wireless CSMA with mikrotik
Wireless CSMA with mikrotikWireless CSMA with mikrotik
Wireless CSMA with mikrotik
Achmad Mardiansyah
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
Achmad Mardiansyah
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
Achmad Mardiansyah
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
Achmad Mardiansyah
 
Mikrotik fasttrack
Mikrotik fasttrackMikrotik fasttrack
Mikrotik fasttrack
Achmad Mardiansyah
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpath
Achmad Mardiansyah
 
Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quickset
Achmad Mardiansyah
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NAT
Achmad Mardiansyah
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotik
Achmad Mardiansyah
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on Mikrotik
Achmad Mardiansyah
 
IPv6 on Mikrotik
IPv6 on MikrotikIPv6 on Mikrotik
IPv6 on Mikrotik
Achmad Mardiansyah
 
Mikrotik metarouter
Mikrotik metarouterMikrotik metarouter
Mikrotik metarouter
Achmad Mardiansyah
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
Achmad Mardiansyah
 
Mikrotik the dude
Mikrotik the dudeMikrotik the dude
Mikrotik the dude
Achmad Mardiansyah
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
Achmad Mardiansyah
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
Achmad Mardiansyah
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
Achmad Mardiansyah
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
Achmad Mardiansyah
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
Achmad Mardiansyah
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]
Achmad Mardiansyah
 

More from Achmad Mardiansyah (20)

Wireless CSMA with mikrotik
Wireless CSMA with mikrotikWireless CSMA with mikrotik
Wireless CSMA with mikrotik
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
 
Mikrotik fasttrack
Mikrotik fasttrackMikrotik fasttrack
Mikrotik fasttrack
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpath
 
Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quickset
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NAT
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotik
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on Mikrotik
 
IPv6 on Mikrotik
IPv6 on MikrotikIPv6 on Mikrotik
IPv6 on Mikrotik
 
Mikrotik metarouter
Mikrotik metarouterMikrotik metarouter
Mikrotik metarouter
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
 
Mikrotik the dude
Mikrotik the dudeMikrotik the dude
Mikrotik the dude
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]
 

Recently uploaded

制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 

Recently uploaded (20)

制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 

Integrating radius with mikrotik

  • 1. www.glcnetworks.com Integrating radius with GLC webinar, 21 september 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
  • 2. www.glcnetworks.com Agenda ● Introduction ● Radius ● Radius on RouterOS ● GLC radius ● Demo ● Q & A 2
  • 3. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner/Consultant/Distributor ● Ubiquiti Certified Trainer/Consultant ● RedHat Certified Trainer 3
  • 4. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  • 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user (since 1999), Mikrotik user (since 2007), ubnt user (since 2011) ● Certified Trainer (Mikrotik, Ubiquiti, Redhat) ● Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  • 6. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  • 8. www.glcnetworks.com What is RADIUS? ● Remote Authentication Dial-In User Service (RADIUS) ● Client/server protocol ● Is used for AAA (authentication, authorization, accounting) ● Created by Livingston (now owned by Lucent) ● de facto industry standard used by a number of network product companies and is a proposed IETF standard. ● RFC 2865 ● RFC 2866 (RADIUS accounting) 8
  • 9. www.glcnetworks.com RADIUS implementation ● Consist of: ○ Radius server ○ NAS (Network Access Server). usually has 2 interfaces: ■ To radius server ■ To user ● Using UDP protocol ● Can be used with many technology at NAS: (hotspot, pptp, pppoe, etc) 9 RADIUS server NAS NAS NAS
  • 10. www.glcnetworks.com AAA security • Authentication: only registered user can access the network. Could be – What you know: username and password – What you have: token, sms – What you are: retina scan, fingerprint • Authorization: define rights of a user – Access control – Data access control – Restriction – Type of Service • Accounting: recording of what user is doing (useful for billing/reporting) – Traffic volume – Online time – Session – Log: login, logout 10
  • 11. www.glcnetworks.com RADIUS benefits ● An open and scalable solution ● Broad support by a large vendor base ● Easy modification ● Centralised AAA ● Separation of security and communication processes ● Adaptable to most security systems ● Workable with any client device that supports the protocol ● Very simple client implementation 11
  • 12. www.glcnetworks.com Radius softwares ● Freeradius (open source) → the radius engine only (without user interface) ● GLC radius (freeradius + web interface) ● User manager (mikrotik product) ● Blablabla radius (usually consist of freeradius + web interface) 12
  • 14. www.glcnetworks.com Mikrotik services that can be supported by radius ● PPP ○ Provide authentication of PPPOE, PPTP, SSTP, etc ● Hotspot ○ Provide authentication of hotspot user ● DHCP ○ To allow registered MAC address only ● Login ○ Provide authentication to access mikrotik devices ● Wireless ○ To allow registered MAC address accessing our network 14
  • 15. www.glcnetworks.com Configure RouterOS to query radius manager ● Service: define services supported by radius manager ● Server address: IP address of Radius server ● Secret: secret word defined by radius manager 15
  • 16. www.glcnetworks.com Configure GLC radius to allow NAS query ● NAS name: name your your NAS ● IP address: IP address of your NAS (usually IP address on the interface that points to radius server) ● Type: NAS type. E.g. mikrotik ● Secret: secret word that is used by both NAS and radius server ● API username: username on RouterOS for API access ● API password: password for API user on RouterOS 16
  • 17. www.glcnetworks.com Note: proprietary features ● Radius specification allows specific implementation of vendor ● Proprietary features -> the NAS from vendor X has feature Y, which can be activated if the radius server is from vendor X too ● Sometimes it's not open to public ● See vendor dictionary/attributes 17 pic: arubanetworks.com
  • 19. www.glcnetworks.com GLC radius software ● Based on freeradius, MySQL, PHP ● Recommended to run on linux ● Unlimited user (can support 10000+ user) ● Support prepaid, postpaid ● Stable -> it works well ● Support voucher system 19
  • 20. www.glcnetworks.com Configuration on GLC radius (create services) ● Create service on GLC radius ● Its recommended to use table ● List of services that you sell to your customer 20 Service name Quota (MB) Online time datarate Price (USD) download upload total download upload bronze 5GB 10mbps 5 silver 10GB 10mbps 10 gold 15GB 10mbps 15 unlimited 2mbps 20
  • 21. www.glcnetworks.com Configuration on GLC radius (create user) ● Username ● Account type ● Password ● IP address mode CPE ○ NAS pool ○ IP pool (pool on radius manager) ○ Static IP ● Simultaneous user ● Service: ○ Bronze / silver / gold 21
  • 22. www.glcnetworks.com GLC radius in action ● We can monitor user status (online / offline) ● GLC radius will create queue on RouterOS automatically for each user based on their service 22
  • 23. www.glcnetworks.com Simultaneous user on quota ● Example: an account has 4 simultaneous usage, with max download quota of 400MB. ● 4 devices connected using same account, and each device download 100MB in 10 minutes. ● This means ○ each 4 devices will reduce the quota simultaneously. 4 x 100MB = 400MB ○ Therefore, In 10 minutes, quota is empty, and account will be expired 23
  • 24. www.glcnetworks.com Simultaneous user on data rate ● Example: an account has 4 simultaneous usage, with data rate of 10mbps ● 4 devices connected using same account ● In traditional radius manager: ○ each device will get 10 mbps ○ If all devices are active simultaneously, total consumption of data rate is 10 x 4 = 40mbps ● In GLC radius, we can do: ○ each 4 devices will be grouped as one ○ Therefore each device will get 10mbps / 4 = 2.5 mbps ○ total consumption of data rate is 10mbps 24
  • 25. www.glcnetworks.com Benefits of GLC radius ● Supports API -> which can create custom data rate ● Supports voucher based access ● Supports topup ● Support pool and address-list -> this is important!! E.g. sharing the speed of simultaneous user ● Support prepaid and postpaid ● Etc If you are interested, please send email: contact@glcnetworks.com 25
  • 26. www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 26
  • 27. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 27