ENAS User Documentation

Zeeshan Ali Khattak


        
     

Copyright © 2004 NorthWest Research

Abstract

This document is the user manual for the Ethernet Network Access Server (ENAS), a Radius-compatible access and bandwidth control box for all types of ethernets.

Table of Contents

Introduction
1. The Big Picture
The stand-alone Operation
A. CLI reference
Set of Commands
Sections
config
B. ENAS Radius Dictionary

Introduction

Ethernet Network Acess Server (ENAS) is an extraordinary solution for controling the access and bandwidth of users/machines on any ethernet-based network. The most distinctive feature of it being full compitability to the RADIUS protocol. This unique feature enables the existing dialup ISPs, who needs to move from dialup to ethernet to keep their existing billing-systems (with some minor changes).

Following is a list of the main features:

  • Mac-based User restrictions and bandwidth control

  • IP-based User restrictions

  • Asymetric bandwidth control

  • System-wide bandwidth control

  • Remote User Management through a seperate RADIUS server

  • Local User Management through a local user database

  • A Command Line Interface (CLI) for easy administeration of the system

  • No upper or lower limit on the number of users

Chapter 1. The Big Picture

Table of Contents

The stand-alone Operation

Depending upon the network and business model of your organisation, ENAS can be configured as a stand-alone device or in combination with a RADIUS server. The following diagram depicts a typical scenario:

A typical scenario

The stand-alone Operation

Appendix A. CLI reference

Table of Contents

Set of Commands
Sections
config

Set of Commands

  • show section

    Shows all varriables and their current values in the given section. Currently only one type of section exists: config.

  • set varriable value

    Assigns the given value to the given varriable of the config section except for the interfaceFEN_address and interfaceFEN_netmask varriables which can only be configured by the interfaceFEN commands.

  • interfaceFEN IP-Address IP-Network-Mask

    Assigns IP address and Network-Mask to the N'th ethernet interface.

  • adduser User-Name MAC-Address Min-Input-Speed Min-Output-Speed [IP-Address]

    Adds a new user with the given information in the local database.

  • deluser User-Name

    Deletes the given user from the local database.

  • userinfo [User-Name]

    Shows the information of the given user from the local database. If the User-Name is omitted, information of all users in the database is shown.

Sections

config

The config section is a set of varriables for altering various system-wide configurations. Following is a list of all varriables, along with their purpose:

  • server_port - The socket port at which a RADIUS client would send his login and logout requests. Generally, there may never be any need to change the default value.

  • stat_server - ENAS sends System and User statistics after every 30 seconds to the machine with the IP address specified by this varriable.

  • stat_port - The socket port at which ENAS should send the statistics.

  • interfaceFEN_address - The IP address of the Nth ethernet interface.

  • interfaceFEN_netmask - The Network-Mask of the Nth ethernet interface.

  • default_gateway - The IP Address of the default gateway.

  • session_timeout - The default session-timeout in seconds for Radius Users. Please consult the Radius RFCs for details.

  • idle_timeout - The default idle-timeout in seconds for Radius Users. Please consult the Radius RFCs for details.

  • min_input_speed - The default upload speed for Radius Users.

  • min_output_speed - The default download speed for Radius Users.

  • radius (true/false) - Wether or not to activate the Radius module.

  • local_db (true/false) - Wether or not to activate the Local User Database module.

  • auth_server - The IP address of the Radius Authentication server.

  • acct_server - The IP address of the Radius Accounting server.

  • auth_port - The socket port by which ENAS shall communicate with the Radius Authenication server.

  • acct_port - The socket port by which ENAS shall communicate with the Radius Accounting server.

  • auth_secret - The shared secret between ENAS and the Radius Authentication server. Please consult the Radius RFCs for details.

  • acct_secret - The shared secret between ENAS and the Radius Authentication server. Please consult the Radius RFCs for details.

  • auth_retries - The maximum number of repeated requests ENAS shall make to the Radius Authentication server before giving up.

  • acct_retries - The maximum number of repeated requests ENAS shall make to the Radius Accounting server before giving up.

  • auth_timeout - The ammount of time ENAS shall wait for a response from the Radius Authentication server.

  • acct_timeout - The ammount of time ENAS shall wait for a response from the Radius Accounting server.

  • system_input_speed - The bandwidth limitation on the overall bandwidth from the client-side network to the restricted network.

  • system_output_speed - The bandwidth limitation on the overall bandwidth from the restricted network to the client-side network.

Appendix B. ENAS Radius Dictionary

	
#
# dictionary.nwr
#		Dictionary for North West Research's Ethernet Acess and 
#		Bandwidth Manager.
#		Written by Zeeshan Ali <zak147@yahoo.com>
#
# Version:	@(#)dictionary.rwr  1.00  14-MAY-2004
#

VENDOR NWR 222

ATTRIBUTE	NWR-User-MAC			1	octets		NWR	
ATTRIBUTE	NWR-User-Min-Input-Speed	2	integer		NWR
ATTRIBUTE	NWR-User-Min-Output-Speed	3	integer		NWR
ATTRIBUTE	NWR-User-Max-Input-Speed	4	integer		NWR
ATTRIBUTE	NWR-User-Max-Output-Speed	5	integer		NWR