See Supported Platforms for more information.
The following group of features offers exceptional value to both service providers and enterprises.
Support for multiple authentication methodsProxy RADIUS functionality (based on realms, DNIS, or user characteristics)
- The PolicyFlow AAA programming language
- New PolicyAssistant for a simple form based configuration that meets the needs of 80% of AAA applications.
- LDAP interface
- SQL (JDBC) Interface
- Text file support for existing RADIUS implementations as well as standard delimited files.
- Syslog logging
- Graphical user interfaces (GUIs) for server administration and user records
- New test client with a graphical interface.
- Graphical RADIUS "perfmeter" to monitor system loading, rejects, etc.
- DHCP address pool assignment
- Expanded Universal State Server (USS) with unlimited session counters
- Allow Lists, Stop Lists and Access Control Lists (ACL) based on any RADIUS attribute
- The most flexible accounting in the business. Session records can be saved to: Flat files with fixed or variable record length and custom formats . one file for all, one file per realm, etc.; Databases, remote servers (proxy)
Proxy RADIUS authentication enables the authentication of users whose profiles are on other RADIUS servers. In a proxy situation, the server forwards access-request packets to a remote RADIUS server, which authenticates the user and responds. 8950 AAA can forward the authentication request to the specific RADIUS server based on the user.s realm, the number dialed, or information retrieved from a local user record. Proxy RADIUS support also provides a basis for implementing roaming and shared services.External security authentication based on SecurID/ACE and Axent/Defender DSS token card servers
*With the addition of the User State Server (USS), proxy connections can be held to preset limits. Limits can be based on a user, dialed number, realm, or arbitrary groupings.8950 AAA supports security token products from RSA Inc. (SecurID/ACE server) and the Axent Defender server. This feature enables remote-access providers to provide additional services to corporate customers who need token card-based security for their users. The selection of card type and security server address can be determined on a realm or per-user basis.Integrated runtime SQL database for authentication profiles and accounting recordsTime-of-day restrictions8950 AAA also includes an embedded runtime SQL database, the Hypersonic SQL database, for authentication and accounting. This database includes predefined tables for authentication and accounting, including a GUI for account maintenance. The resulting benefits include better scalability and improved performance, because access to the database is faster.
Access can be restricted based on days of the week and times of day. This allows service providers to control when a user can connect, and additional services can be based on this capability. For example, service options may allow access only during off-peak hours on weekdays and any time on weekends.User session limits and group session limits, 8950 AAA-USS8950 AAA includes the Universal StateServer (USS), a tool that can track the state ofExpanded PolicyFlow logic
user connections and limit the number of simultaneous connections a user, group, or wholesale customer.s users can make. With the USS, service providers can create user groups based on user account information, Dialed Number (DNIS), or user realm.then assign each of the groups a specific number of ports to which they can connect. Three additional limit counters are included to allow setting of POP, local, and global limits on a per-ISP basis.
Extensions to the accounting flow allow the actual pool count and USS test status (pool available or not) to be recorded in each accounting record. This enables advanced call-rating billing features and powerful statistical analysis of system loading, especially at peak hours.A new data-mapping function allows data to be read from a wide range of supported external sources and saved in internal attributes. These attributes can, in turn, be used to direct logical flow and provide test values and parameter settings for following plug-ins. Data mapping also allows full editing of attributes in any processing stream, including proxy (both outbound and inbound). Attributes can be added, deleted, and replaced as desired.DHCP-managed global IP address pools
A powerful .branching. command allows for arbitrary execution paths based on the values of attributes and internal variables.8950 AAA supports IP address allocation from DHCP servers. IP address pools can be defined with actual address assignment made by DHCP, and these addresses can be assigned to users anywhere on the network. 8950 AAA uses RFC-standard DHCP servers for management of global IP pools. This feature provides valuable address management benefits to service providers by allowing more than one NAS to share common centralized address pools.
8950 AAA also supports DHCP extensions, allowing DNS entries to be dynamically created and deleted.