Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SBR Carrier Core Features

 

Important features and benefits of SBR Carrier core include:

  • Centralized management of user access control and security simplifies access administration.

  • Flexible, powerful proxy RADIUS features enable you to easily distribute authentication and accounting requests to the appropriate RADIUS server for processing.

    • You have a choice of username format, and you can configure routing based on username decoration, Dialed Number Identification Service (DNIS), or specific attributes.

    • You can selectively modify attributes as proxy packets flow to and from Steel-Belted Radius Carrier.

    • You can specify groups of proxy target servers that handle proxy requests according to load-balancing or retry strategies—for the best performance and reliability.

  • External authentication features enable you to authenticate against multiple, redundant Structured Query Language (SQL) or Lightweight Directory Access Protocol (LDAP) databases according to configurable load balancing and retry strategies, ensuring the highest level of service delivery to your users.

  • Authentication against a local database enables employee access to the network.

  • Flexible authentication options enable you to use your existing OS-based authentication database and external SQL/LDAP databases for remote and WLAN user authentication.

  • Support for a wide variety of 802.1X-compliant access points and other network access servers ensures compatibility in your network environment.

  • You can control the time periods during which each user is allowed access. An access request is granted only during a user’s allowed access hours; otherwise it is refused, even if the user presents valid credentials.

  • You can configure Steel-Belted Radius Carrier by using Web GUI or LDAP (either programmatically or at the command line prompt).

  • You can define administrative access levels and apply them to user or group accounts on the server. Read, write, and read/write access can be applied selectively to various categories of configuration data.

  • Auto-restart enables Steel-Belted Radius Carrier to restart itself automatically if it experiences a shutdown.

  • Simple Network Management Protocol (SNMP) support enables you to centrally monitor Steel-Belted Radius Carrier from your SNMP console, in the same manner as you monitor other devices and services on your network. Steel-Belted Radius Carrier offers full SNMP support including SNMP traps and alarms.

  • High-performance operation ensures speedy Internet access, with minimal delay for customers.

  • Directed authentication and accounting features simplify the hosting of RADIUS services so Steel-Belted Radius Carrier can provide unique services for each of your customers. Incoming requests can be directed to specific authentication or accounting methods based on username decoration or DNIS.

3rd Generation Partnership Project (3GPP) Support

3rd Generation Partnership Project (3GPP) Support

3rd Generation Partnership Project (3GPP) support facilitates the management of mobile sessions and their associated resources through communication with a Gateway GPRS Support Node (GGSN). 3GPP support in Steel-Belted Radius Carrier is based on the specifications given in the Interworking between the Public Land Mobile Network (PLMN) supporting Packet Based Services and Packet Data Networks (PDN) documentation (TS 29.061), which is available at www.3GPP.org.

The 3GPP support in Steel-Belted Radius Carrier includes support of multiple Packet Data Protocol (PDP) contexts. In order to transmit or receive General Packet Radio Service (GPRS) data, a mobile station (MS) must activate a Packet Data Protocol context (PDP). The PDP context is a set of parameters that consists of all the information required for establishing an end-to-end data connection. Multiple PDP contexts enable a single MS to access multiple services simultaneously.

Native Support for Structured Attributes

Native Support for Structured Attributes

Steel-Belted Radius Carrier natively supports structured attributes that contain subattributes. Subattributes, like normal RADIUS attribute-value pair (AVPs), consist of the raw encoding of a type field (such as 1 for WiMAX-Release, within the WiMAX-Capability VSA) followed by a length value (such as 5) followed by the value of the attribute (such as 1.2).

Subattributes are values in a RADIUS packet that are not stored as a RADIUS AVP, or vendor-specific-attribute (VSA), but rather are packed with other subattributes into a RADIUS VSA. In a RADIUS packet, multiple RADIUS VSAs might contain subattributes. The RADIUS VSA, which consists of multiple subattributes, is sometimes referred to as a structured attribute because it contains structured data.

Earlier Steel-Belted Radius products, such as the SIM Server product and the Mobile IP Module (MIM), only interpreted AVPs and not the subattributes contained within the AVP. These earlier products included plug-ins that copied the subattributes from the AVP container and represented them in the RADIUS request as if they were received as separate AVPs. In the response, the RADIUS AVPs were reassembled from their contained subattribute values. This process was known as packet flattening and unflattening.

The dictionary mechanism of Steel-Belted Radius Carrier has been extended to allow for XML declaration of structured AVP contents. When an AVP with an associated structure definition is received, its internal subattribute values are automatically parsed and become available to any component within Steel-Belted Radius Carrier that processes RADIUS requests. Similarly, any subattribute values that are populated into the RADIUS response are formatted as part of the structured RADIUS AVP according to the same XML structure definition.

In Release 7.2 and lower-numbered releases of Steel-Belted Radius Carrier, if you used the packet flattening/unflattening method, we recommend that you migrate to using subattributes.

Adding NAS Location Information to Access-Requests

Adding NAS Location Information to Access-Requests

Steel-Belted Radius Carrier core provides an attribute handling feature that allows you to add network access server (NAS) location information to proxied Access-Request messages.

When a mobile device is outside the area of its provider, it roams by sending the request to a local foreign AAA (FAAA) server that is owned by another provider. Service providers might require the location of the mobile device requesting access to their network.

You can configure an Access-Request to include the location of the NAS through which the proxied request was processed. Because the NAS is geographically near the mobile device, it closely approximates the location of the mobile device.

For proxied requests, Steel-Belted Radius Carrier can perform a lookup to find a NAS location based on a particular attribute. Steel-Belted Radius Carrier can perform a query to find the value of the attribute that identifies the NAS location. The NAS location is then added to the Access-Request, which is sent to the service provider’s home AAA (HAAA) server.

Support for Additional EAP Authentication Protocols

Support for Additional EAP Authentication Protocols

The license for the Steel-Belted Radius Carrier core module includes support for the following EAP authentication protocols: TLS, TTLS, and PEAP. Before release 7.0 these authentication protocols required an additional license.

Statistics and Reporting Capabilities

Statistics and Reporting Capabilities

Steel-Belted Radius Carrier collects and displays summary statistics for authentication, accounting, and proxy forwarding transactions. You can also use statistics to see how long Steel-Belted Radius Carrier has been running and to display a list of the users currently connected through a NAS or tunnel.

Steel-Belted Radius Carrier also includes a user-configurable logging and reporting function that generates log files, which record session statistics for authentication and accounting. Accounting reports can be used for billing, system diagnosis, and usage planning. Using authentication reporting, you can control how and what Steel-Belted Radius Carrier logs and reports for authentication requests including successful authentications, authentication rejections, requests received from unknown clients, and requests that used invalid shared secrets.

You can also control dilutions and thresholds for Steel-Belted Radius Carrier events used to communicate failures, warnings, and other information.