Ascend FAQ: RADIUS

Subject: 24. What's RADIUS? How can I use it?

RADIUS (Remote Access DIalup User Service) is a protocol written by Livingston and given away to the Internet community; Ascend has implemented it based on the Livingston code, and supports it in the Pipeline 400 and MAX units. To quote Livingston:

       RADIUS is a protocol by which users (and in some cases systems) are
       provided access to secure networks through a centrally managed server.
       Authentication is provided for a variety of services (login, dialback,
       SLIP, PPP, etc.).

The communications channel between a RADIUS client and server is UDP/IP, with messages acknowledged. The protocol is now being entered into the IETF standards track (not as an internet standard, just to document its existence).

The primary advantage in using RADIUS to authenticate incoming calls is that all user information is maintained offline, on a separate UNIX-based server. This server can accept authentication requests from many machines, which makes swapping out one dial-in network server for another much easier.

Virtually all information that could be maintained in a connection profile can be served via RADIUS. Profile attributes are entered in a flat ASCII database. Here's an example profile (my own, in fact, with some items changed):

ddl-pl50  Password = "xxxxxxx"
	User-Service = Framed-User,
	Framed-Protocol = PPP,
	Framed-Address = 10.10.10.1,
	Framed-Netmask = 255.255.255.0,
	Ascend-Data-Svc = Switched-64K,
	Ascend-Metric = 2,
	Ascend-Route-IP = Route-IP-Yes,
	Ascend-Link-Compression = Link-Comp-Stac,
	Ascend-Data-Filter = "ip in forward dstip 10.10.11.12/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.12.12/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.25.11/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.129.101/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.129.111/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.198.100/32",
	Ascend-Data-Filter = "ip in forward dstip 10.10.154.252/32",
	Ascend-Data-Filter = "ip in forward udp dstport = 53",
	Ascend-Data-Filter = "ip in forward tcp est",
	Ascend-Data-Filter = "ip in forward icmp",
	Ascend-Data-Filter = "ip out forward",
	Ascend-Idle-Limit = 240

Ascend provides a version of Livingston's radiusd source code (v.1.13) with a few modifications. This is available on the Ascend anonymous FTP site.

The UNIX daemon source code is radius.tar.Z (a ZIP'd version of the same files is radius.zip). A sample user database file is included.

Radius can be run in debug mode (radius -x). This provides a wealth of useful information about incoming calls, most helpful when resolving a problem.

Go to Previous Question

Go to Next Question

Go to Table of Contents