Lucent Technologies PortAuthorityTM RADIUS Server Family Release 2.1 Feature Description Powerful, Flexible Access Policy Management Multi-Platform Support. Written in Java, PortAuthority RADIUS server software is supported on the Java Runtime Engine (JRE) version 1.16 on Microsoft Windows NT Server 4.0 Service Pack 3, and on the JRE version 1.17 on Sun Solaris 2.51, 2.6, and 2.7. High performance. PortAuthority has performed up to 95 authentications or 20 AAA executions per second on a Sun Ultra 5 SPARC workstation. Easy replacement of existing servers. PortAuthority is compatible with Lucent Technologies RADIUS server v1.16, can read its configuration files, and can write the same accounting file format. Completely extensible plug-in architecture. Based on a well-documented API, PortAuthority uses plug-in modules for both accounting and authentication processing. Existing customer modules can be easily integrated to provide custom features. Additional plug-ins can be written in Java or most other computer languages. Powerful Accounting Output. Flexible accounting plug-ins support both the classic RADIUS accounting file format as well as the Lucent Kenan Arbor billing system. PolicyFlowSM architecture. The unique architecture of PortAuthority allows the network operator to create highly specific authentication and account processing policies. Complex processes, such as searching through files and remote data sources for user records, can be easily configured. Powerful branching on "Success" and/or "Failure" enables the operator to create policy flows to meet virtually any logical structure. Policy flow selection can be based on realm, DNIS, calling station ID (ANI), network access server (NAS) group or user name. PolicyFlow accounting. In addition to controlling authentication, a policy flow can be developed to handle accounting record processing as well. For example, a policy flow could forward (or "proxy") an accounting record to a remote ISP and also keep a local copy, or perform an insertion into a structured query language (SQL) database. Easy support for multiple name spaces. By attempting to match both names and passwords instead of just user names, PortAuthority allows you to provide customers with their first choice of a user name instead of accepting something with a machine-language flavor like fred18543. Superior technical support and service. Lucent NetCare® offers a comprehensive selection of 24x7 and 8x5 support options. Field support is also available. Control and Management Features Internal server statistics support. PortAuthority supports a large sub-set of the draft RADIUS server authentication and accounting management information bases (MIBs). Built-in command line interface (CLI) and hypertext transfer protocol (HTTP) and Telnet servers. Remote management and monitoring are available through three password-controlled interfaces. The HTTP server also supports a simplified common gateway interface (CGI) allowing execution of specific server-side programs. Configuration syntax checking. The PortAuthority "lint" filter checks for improper syntax and other errors and aids in configuration and troubleshooting. Powerful test client (NAS emulator). This feature allows you to create complex test scenarios for authentication (local and proxy) and accounting configurations. An easy-to-configure test client determines server response and policy flow behavior. Scripts can be created and saved for later use. Extensive logging features. PortAuthority provides extensive logging features, including a choice of local file or UNIX syslog facilities. Flexible troubleshooting and debugging features. Debug information can be output as fully decoded packets in hexadecimal and ASCII formats to ease complex troubleshooting cases. PortAuthority can also log both successful and failed logins to provide full monitoring capabilities. User name stoplist. PortAuthority allows you to control access attempts by problem users or on suspended accounts. Access attempts can be directly refused or allowed and logged. Multi-Vendor Support NAS groups. Network access servers (NAS) can be placed in arbitrary groups based on Hardware or software characteristics and business logic needs. PolicyFlow controlled by NAS groups. .The NAS group information can be used to determine how access requests should be processed. Proxy forwarding and local user file selection can be based on the NAS group that received the user call. Multiple dictionary support. NAS groups can be used to select appropriate RADIUS dictionaries for both local and proxy authentication. Non-standard packet discard capability. PortAuthority server software can be configured to discard packet types that are not RFC (request for comment)-compliant or used in your environment. Authentication and Session Management Features Access control through UNIX password file contents. User access can be denied to users based on their UNIX Group ID (GID) or shell. Strong LDAP support. The LDAP plug-in supports two modes of operation: "retrieve full user record from the LDAP server" and "use LDAP for authentication only." These two modes can be flexibly configured to meet virtually any authentication/access control situation with ease.