Home  |   Contact Us  |   Customer Login  |   Partner Login

 
Solutions
Products
Customers
Services & Tools
Support & Training
Partners
News & Events
Company
Library
   Language   
Products Overview
Product Finder
Software Packages
DNSone
DNSone with Grid
IPAM WinConnect
用于认证的网络服务
提供 VitalQIP(NSQ) 服务的
   网络服务套件
提供VoIP服务的网络服务
   套件
Network Services Suite
Appliance Platforms
Infoblox-250
Infoblox-550
Infoblox-1050
Infoblox-1550/1552
Infoblox-2000
Technologies
Grid Technology
Infoblox NIOS
Virtual Appliances
NIOS Software & Modules
DNS Module
DHCP Module
IPAM Module
NAC Foundation Module
RADIUS Module
Grid Module
Base Services
How to Purchase
Evaluation Request
 
RADIUS Module
The Infoblox RADIUS module provides reliable and highly available authentication services for network devices and users. By merging standards-based RADIUS authentication services with Infoblox grid technology, extended enterprises now have the ability to distribute reliable, secure, nonstop authentication services throughout their organizations easily using Infoblox appliances.

802.1X is the industry standard for authenticating network access, and is the key element for ensuring security in wired and wireless networks and for enabling new security initiatives such as network access control (NAC). 802.1X requires three components: the supplicant, which is software on the client device; the network access device, which is typically a wireless access point or a wired switch; and an authentication server, which communicates with the network access device using RADIUS. With 802.1X, the authentication server becomes a key component of the network infrastructure. If the authentication server fails or becomes unreachable, all access to the network may be denied. As such, network authentication services must be deployed with the highest possible reliability, and the overall system design must be robust against the failure of servers or the WAN links among remote network access devices and centralized user directories.
FEATURES AND BENEFITS
Infoblox Grid Connector for Microsoft Active Directory: This application installs on a Microsoft Windows Server and replicates user credentials from an Active Directory store to the Infoblox grid master, which then replicates the data to appliances in the grid that have the RADIUS module enabled. If the WAN connection to a remote site goes down, the appliance at a remote site is still able to authenticate users trying to access the wireless network. The Grid Connector for Microsoft AD sends changes to the grid master on a periodic basis as determined by the administrator.

Local User Store:Provides RADIUS services based on users provisioned directly on the Infoblox Grid Master, without requiring connection to an Active Directory or LDAP user store.

Grid Replication of Credentials: User names and passwords are automatically and securely synchronized across all appliances in an Infoblox grid to ensure consistency of data and heightened real-time security.

PEAP/EAP-MS-CHAPv2 and Client Certificate (EAP-TLS) Authentication: The solution supports authentication methods used by the Microsoft built-in 802.1X supplicant which means no additional client software is required.

Automatic Support for Numerous Authentication Methods: The RADIUS module is automatically configured to support numerous popular authentication methods including: PAP, EAP-TLS, EAP-MS-CHAPv2, EAP-GTC, PEAP/EAP-MS-CHAPv2, PEAP/EAP-GTC, EAP-TTLS/ EAP-PAP, EAP-TTLS/EAP-MS-CHAP, EAP-TTLS/EAP-MS-CHAPv2, EAP-TTLS/EAP-GTC and client certificates. This greatly simplifies the deployment of RADIUS authentication services.

HA and Failover: The RADIUS module provides multiple levels of high availability. If the appliance at the remote site fails but the WAN link is still available, network access devices at the remote site can be configured to automatically fail over to the central RADIUS server. Also, appliances can be deployed in HA pairs for increased reliability at the remote site.

Generation of Self-Signed Certificates, CSRs, and Automatic Certificate Replication: Many authentication methods require the RADIUS server to have an X.509 certificate. The RADIUS module can generate a self-signed certificate for the RADIUS server which can simplify deployment. Certificate signing requests (CSRs) can also be created and sent to a certificate authority (CA) to sign the certificate and provide an added level of security for using client certificates. Client certificates can replace user names and passwords for authenticating clients (e.g. wireless laptops) connecting to a network that uses 802.1X authentication. Also, a single certificate can be shared by all of the RADIUS servers in an Infoblox grid, as the grid master can replicate the certificate to all appliances.

AVAILABILITY AND SOFTWARE PAckAGES
The RADIUS module is available in the software packages illustrated in the following chart:


RADIUS Technical Specifications

Authentication
Methods

• PAP – Password Authentication Protocol
• EAP – Extensible Authentication Protocol for 802.1x port-based authentication EAP-TLS, EAP-MS-CHAPv2, EAP-GTC
• PEAP – Protected Extensible Authentication Protocol for 802.1x port-based authentication PEAP/EAP-GTC, PEAP/ EAP-MS-CHAPv2 (authentication method natively supported by Microsoft Windows clients)
• EAP/TLS – Extensible Authentication Protocol Transport Layer Security, provides mutual authentication, requires client certificates
• EAP-TTLS/EAP-PAP, EAP-TTLS/EAP-MS-CHAP, EAP-TTLS/EAP-MS-CHAPv2, EAP-TTLS/EAP-GTC

User Databases

•Internal User Database
•Microsoft Active Directory (using the Infoblox Replication Agent for Active Directory)

 
© 2008 Infoblox Inc. All rights reserved. All registered trademarks are property of their respective owners. Privacy policy. Site Map.