Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
T-Mon SERVER CONNECTOR
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Philippe Hanset ANYROAM LLC
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Campus network situation in Belgrade Mara Bukvić.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
802.1x EAP Authentication Protocols
1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
What’s New in Fireware XTM v WatchGuard Training.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -
Client – Server Architecture A Basic Introduction Kathleen R. Murray, Ph.D. May 2002.
What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.
Windows 2003 and 802.1x Secure Wireless Deployments.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
G4 Control and Management Solution for Data- Centers and Computer Rooms.
AARNet Copyright 2010 Network Operations The eduroam project group
Stefan Thorvaldsson – What is a network? A network is two or more computer linked together so the are able to share resources. It could.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
Basic Concepts Introduction Objects Of The Data Hierarchy Objects Of The Monitoring System Mutual Roles Of Data Hierarchy Objects Other Concepts.
Implementing Network Access Protection
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.
Michal Procházka, Jan Oppolzer CESNET.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
Tools Menu and Other Concepts Alerts Event Log SLA Management Search Address Space Search Syslog Download NetIIS Standalone Application.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Wireless Authentication & 802.1X By Gareth Ayres.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
Based on work by DoIT Network Services, UW-Madison The Network and the Role of Tools January 6, 2006 Ron Kraemer, Deputy CIO.
802.1X in SURFnet 22 May 2003.
Configuring Network Access Protection
1350 TAC Training © 2000, Cisco Systems, Inc. Wireless Lab.
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
Organising of the NetIIS System Information System Monitoring System.
Workshop roaming services: eduroam / govroam
Peter Kurtz Manager, Network Operations Centre.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Introduction to Networking. What is a Network? Discuss in groups.
 Computer hardware refers to the physical parts of a computer and related devices. Internal hardware devices include motherboards, hard drives,
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
COMPUTER NETWORKS Quizzes 5% First practical exam 5% Final practical exam 10% LANGUAGE.
Connect communicate collaborate Impact of undesirable HTTP traffic on electrical power consumption in the ICT rooms Ivan Ivanovic - BUCC/AMRES EUNIS 2012.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Port Based Network Access Control
RADIUS infrastructure monitoring
Splunk log management Andrijana Todosijevic
Unit 27: Network Operating Systems
Networking and Security
Presentation transcript:

connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,

connect communicate collaborate eduroam in Serbia eduroam project in Serbia started at the end of 2009 Process of connecting AMRES institutions to eduroam service and installation of equipment started in 2010 AMRES applied for donation from NATO SPS NIG program (Networking Infrastructure Grant) with project “AMRES Access Infrastructure Establishment” and got donation in 2010 Academic Network of Serbia

connect communicate collaborate RP – Novi Sad RP – Belgrade FTLR RP – Kragujevac RP – Nis NATO donation enabled procurement of: 5 Cisco 5508 Wireless Controllers that are installed in 4 University computing centers 190 access points that have been installed in more than 80 AMRES member institutions in 17 cities eduroam in Serbia

connect communicate collaborate What is being monitored? eduroam monitoring system is incorporated into our in-house network monitoring system – NetIIS AMRES institutions network administrators are already using NetIIS in their every day technical activities Monitoring and reporting RADIUS servers (institutional RADIUS servers and Federation Top Level RADIUS – FTLR server) Network Access Infrastructure (wireless access points and controllers) Academic Network of Serbia

connect communicate collaborate NetIIS – Networking Information and Monitoring System NetIIS is web based networking information and monitoring system In NetIIS all object from external world are presented in easily understandable way Objects are hierarchically organized and presented by a tree folder location users and group of users groups device monitor alarm action Academic Network of Serbia

connect communicate collaborate NetIIS – Networking Information and Monitoring System Every institution has its own location in NetIIS infrastructure, under which eduroam folder is placed eduroam data and infrastructure elements that are being monitored are stored in that folder Academic Network of Serbia

connect communicate collaborate Monitoring and reporting : RADIUS servers Testing availability of a RADIUS server over the network Ping RADIUS server IP address Testing operability of RADIUS servers : eapol_test program from the wpa supplicant software is used Shell script on the NetIIS runs the eapol_test Eap-ttls and peap tunnels can be tested In case that some test fails, the alarm is being activated and mail notifications are send to the technical contacts of the corresponding institution Academic Network of Serbia

connect communicate collaborate Monitoring and reporting: RADIUS Ping Academic Network of Serbia

connect communicate collaborate NetIIS FTLR IdP RADIUS RP RADIUS Monitoring and reporting : RADIUS operability testing eap ttls IdP + FTLR eap ttls RP eap ttls IdP eap ttls Proxy

connect communicate collaborate eap-ttls Monitoring and reporting: RADIUS IdP NetIIS inst.ac.rs IdP RADIUS Operability of eap tunnel established directly to the IdP RADIUS server is tested eapol_test Academic Network of Serbia

connect communicate collaborate Monitoring and reporting: RADIUS IdP Radius Status and Delay graphs (period of 15 days) Academic Network of Serbia

connect communicate collaborate Monitoring and reporting: RADIUS IdP + FTLR Operability of eap tunnel established over the FTLR server to the IdP RADIUS server is tested eap-ttls eapol_test NetIIS FTLR Academic Network of Serbia inst.ac.rs IdP RADIUS

connect communicate collaborate Academic Network of Serbia Radius Status and Delay graphs (period of 15 days) Monitoring and reporting: RADIUS IdP + FTLR

connect communicate collaborate Operability of eap tunnel established over the institutional RADIUS sever and FTLR server to the monitor RADIUS server is tested RP RADIUS monitor RADIUS FTLR eap-ttls eapol_test NetIIS monitor.eduroam.ac.rs RADIUS Academic Network of Serbia Monitoring and reporting: RADIUS RP

connect communicate collaborate Academic Network of Serbia Radius Status and Delay graphs (period of 15 days) Monitoring and reporting: RADIUS RP

connect communicate collaborate The availability and operability of FTLR server are tested monitor RADIUS FTLR eapol_test NetIIS monitor.eduroam.ac.rs IdP RADIUS eap-ttls Academic Network of Serbia Monitoring and reporting: FTLR

connect communicate collaborate Usage statistics – eduroam usage monitor Total number of successfully authenticated users on given RP institution taken for: The same IdP institution – local users Other IdP institution from the same country – national users IdP institution from other countries – international users script 3 numbers radius.log SNMP RP RADIUS NetIIS eduroam usage monitor 3 numbers Academic Network of Serbia

connect communicate collaborate Academic Network of Serbia Usage statistics – eduroam usage monitor

connect communicate collaborate eduroam_usage monitor – local users Academic Network of Serbia Number of local users (period of 30 days)

connect communicate collaborate eduroam_usage monitor – national users Academic Network of Serbia Number of national users (period of 30 days)

connect communicate collaborate Academic Network of Serbia Number of international users (period of 30 days) eduroam_usage monitor – international users

connect communicate collaborate Usage statistics – Splunk software RP radius servers send syslog messages to splunk server which is used for making statistics For easier analysis, messages are formatted on RP radius servers using radius line log and syslog-ng Messages collected on splunk server:

connect communicate collaborate Number of AMRES user devices, on all AP in Belgrade

connect communicate collaborate Number of international user devices, on AP in Belgrade

connect communicate collaborate Monitoring and reporting – Access Points Ping Number of the connected users Academic Network of Serbia

connect communicate collaborate Monitoring and reporting – Wireless LAN Controllers Ping Number of DHCP clients: Bad alarm – more than 100 addresses are being used Good alarm – less than 100 addresses are being used Academic Network of Serbia

connect communicate collaborate Groups of monitors – Access Points Academic Network of Serbia

connect communicate collaborate Groups of monitors – Institutional RADIUS Servers Academic Network of Serbia

connect communicate collaborate Academic Network of Serbia Groups of monitors – FTLR

connect communicate collaborate Questions?

connect communicate collaborate Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.