DX Unified Infrastructure Management

  • Private Community
Back to discussions
Expand all | Collapse all

Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

  • 1.  Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 19, 2018 05:53 AM

    Can we setup RADIUS(Remote Authentication Dial-In User Service) monitoring through UIM.
    What are the possibilities for this or alternatives.
    Details on RADIUS here: Configuring RADIUS - Cisco 
    Also can we utilize spectrum in any way?



  • 2.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Broadcom Employee
    Posted Nov 19, 2018 06:16 AM

    If RADIUS offer mib that you find it useful for your monitoring requirement, some of UIM snmp probes might help.

     



  • 3.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 19, 2018 08:33 AM

    From the doc page provided:

    RADIUS is a distributed client/server system that secures networks against unauthorized access.

     

    Based on that, before advice can be given details are needed of exactly what you want to monitor.



  • 4.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 20, 2018 06:14 AM

    Here is a little detail of what we are planning.

    Every time a PC authenticates to the network, the RADIUS server must contact a Domain Controller.

     If for some reason the connection is lost between the RADIUS server and the domain controller, users will no more be able to get on the network. The switches and the Wi-Fi controllers will however not be able to know this, since the RADIUS server is still up and running, and answers requests to the ports 1812 and 1813. It just replies with a Auth_Fail message. So the network equipment will never know that something is wrong.

    Instead we need a system like shown below, where a monitoring system is sending a real RADIUS request to the RADIUS server, where it validates a username and password that end with Auth_OK. So we can raise an alarm, if the corp domain is not accessible. It is not possible to monitor the RADIUS server it self for Auth_Fail messages, as they happen all the time when users or machines fail authentication.



  • 5.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Broadcom Employee
    Posted Nov 20, 2018 06:23 AM

    Thanks for details. What would you like to monitor ?



  • 6.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 20, 2018 06:37 AM

    monitoring system should be able to send a  request to the RADIUS server, where it validates a username and password that end with Auth_OK and alerts when Auth_Fail.
    This username and password will strictly be for monitoring purpose only.



  • 7.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Broadcom Employee
    Posted Nov 20, 2018 06:44 AM

    Thanks a lot for detailed. It looks there is no out-of-the box solutions in UIM probes.



  • 8.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 20, 2018 08:46 AM

    Hi Yu,

     

    Thanks for feedback.
    Any possible workaround to address the requirement?

     

    Regards

    Abhishek



  • 9.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted Nov 20, 2018 09:01 AM

    'monitoring system should be able to send a  request to the RADIUS server, where it validates a username and password'

    If this is something done in a browser then perhaps the e2e can be used to accomplish this. 

    e2e_appmon (E2E Application Response Monitoring) - CA Unified Infrastructure Management Probes - CA Technologies Documen… 



  • 10.  Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Broadcom Employee
    Posted Nov 20, 2018 08:01 PM

    I was also wondering e2e as well, but not sure since e2e is authentication checker for a browser but not for an application.



  • 11.  RE: Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Posted May 04, 2020 01:30 AM

    Hi!

    We would like to do the same, and as I noticed Solarwinds seems to have some solution for that, I would like to know if DX-IM have that sort of capability either.
    I do not see a "radius"-Probe or any other mention of Radius anywhere.

    Does someone have any advice for me or some clues?

    cheers

    Matthias


    Original Message


  • 12.  RE: Re: Possibility to setup RADIUS(Remote Authentication Dial-In User Service) monitoring?

    Broadcom Employee
    Posted May 04, 2020 09:52 AM
    UIM currently has no out of the box probe for Radius, but you request device certification for the snmpcollector probe and/or in the meantime, you could monitor Radius via SNMP using the snmpget probe with the appropriate RADIUS MIBs, e.g., RADIUS-AUTH-SERVER-MIB.html, etc. and/or as mentioned previously, e2e_appmon.

    Steve

    ------------------------------
    Support Engineer
    Broadcom
    US
    ------------------------------

    Original Message