RADIUS stands for Remote Authentication Dial in User Service. It is used to authenticate remote users. Instead of authenticating users at individual RAS server, we pass a request to central server (RADIUS server), and let the authentication happen there.
All RAS servers pass authentication requests to this central server (RADIUS server) that is doing the authentication. It is authenticating users based on Active Directory. It is also doing reporting, so it is doing .accounting and authentication. With RADIUS authentication will takes place at a central location. Now there is no need to maintain a local database of users for each RAS server. When ever authentication needed RAS server forwards query to RADIUS server.
Accounting means we keep tracking who is connected, how long, why they failed to
connect etc., the information is all centralized here.
By centralizing accountability and authentication we are doing our RAS servers
as dumb devices. So when RAS server fails then there is no need to worry about the 100 or 1000 accounts we manually created on the RAS server, so that we can authenticate. All you need to do is swap out this device with another and configure it to pass the authentication to RADIUS server.
Note: Terminology wise the central server is RADIUS server. Clients for RADIUS are RAS servers.
Thursday, April 1, 2010
What is VPN?
VPN stands for Virtual Private Network. By using public media we are
establishing a private secure connection. To communicate through VPN we use PPTP
(Point to Point Tunneling Protocol) or L2TP (Layer2 Tunneling Protocol).
Most cases we use L2TP because this is more secure. The only one case that we
use PPTP is only when we are trying to use VPN through a NAT server, another reason to use is if don’t have windows clients that have capability to establish L2TP VPN
connection.
establishing a private secure connection. To communicate through VPN we use PPTP
(Point to Point Tunneling Protocol) or L2TP (Layer2 Tunneling Protocol).
Most cases we use L2TP because this is more secure. The only one case that we
use PPTP is only when we are trying to use VPN through a NAT server, another reason to use is if don’t have windows clients that have capability to establish L2TP VPN
connection.
What are Unicast, Multicast, and Broad cast?
Unicast: Just from one computer to one computer.
Multicast: Those who ever register for a particular multicast group to those only.
Broadcast: To all the computers.
Multicast: Those who ever register for a particular multicast group to those only.
Broadcast: To all the computers.
What are the functionalities of RRAS?
Supports IP + IPX routing
Supports numerous interface types
IP filters
Integrates with active directory
Supports standard routing protocols
· RIP version 1 or version 2 (Routing information protocol)
· OSPF
· IGMP ( Internet Group Management Protocol)
This is for multicasting. Ex: Video conference sent to more people at a
time.
Supports numerous interface types
IP filters
Integrates with active directory
Supports standard routing protocols
· RIP version 1 or version 2 (Routing information protocol)
· OSPF
· IGMP ( Internet Group Management Protocol)
This is for multicasting. Ex: Video conference sent to more people at a
time.
How to increase or decrease tomb stone interval?
By default tomb stone interval is 60 days. You can increase or decrease the tomb stone interval. You can decrease till 2 days. You can increase as much as you want.
To decrease tomb stone interval we use ADSI edit.
To decrease tomb stone interval we use ADSI edit.
Who is responsible to assign Public IP address?
The responsible organization to assign IP address is IntetNIC (Internet Network
Information Centre). This organization assigns public IP address to all individuals or organizations. But you can take IP address from ISP’s (Internet Service Providers), because ISP’s buys a pool IP addresses from InterNIC and then sells to others.
Note: Tracrt command traces the root (path) for which we are connecting.
Pathping is combination of tracert and ping. It displays path and some other information.
Note: When DNS stops you will see the event ID is 2.
When DNS starts you will see the event ID is 3.
When GC is enabled you will see the event ID 1119 on that particular server.
When time synchronization enabled you can see event ID’s 35 and 37.
Information Centre). This organization assigns public IP address to all individuals or organizations. But you can take IP address from ISP’s (Internet Service Providers), because ISP’s buys a pool IP addresses from InterNIC and then sells to others.
Note: Tracrt command traces the root (path) for which we are connecting.
Pathping is combination of tracert and ping. It displays path and some other information.
Note: When DNS stops you will see the event ID is 2.
When DNS starts you will see the event ID is 3.
When GC is enabled you will see the event ID 1119 on that particular server.
When time synchronization enabled you can see event ID’s 35 and 37.
Wednesday, March 31, 2010
What IAS does for us?
Internet Authentication server gives us RADIUS server. RADIUS stands for Remote
Authentication Dial in User Server, RADIUS is an industry standard.
Note: an IP address is assigned to every device that you want access on the network, and each have unique IP address. A client, server, every interface of router, printer and all devices on the network should have an IP address to communicate in the network.
Note: In class C address we have 254 clients for each subnet.
In class B address we have approximately 65,534 hosts per subnet.
In class A address we have millions of hosts per subnet.
Numbers can range from 0-255, but x.x.x.0 is used for identifying network and
x.x.x.255 is used for broadcasting, so we use the numbers from 1-254.
Note: The portion between two firewalls is called screened subnet, in corporate network we call it as DMZ (De Militarized zone).
Authentication Dial in User Server, RADIUS is an industry standard.
Note: an IP address is assigned to every device that you want access on the network, and each have unique IP address. A client, server, every interface of router, printer and all devices on the network should have an IP address to communicate in the network.
Note: In class C address we have 254 clients for each subnet.
In class B address we have approximately 65,534 hosts per subnet.
In class A address we have millions of hosts per subnet.
Numbers can range from 0-255, but x.x.x.0 is used for identifying network and
x.x.x.255 is used for broadcasting, so we use the numbers from 1-254.
Note: The portion between two firewalls is called screened subnet, in corporate network we call it as DMZ (De Militarized zone).
Subscribe to:
Posts (Atom)