Before ISP Innovations
After ISP Innovations
Radius stands for "Remote Authentication Dial In User Service", and it is
used to authenticate users for Internet Access, and also Newsgroups and
For most of it's long history, it required administrators to type into
extremely "sensitive" text files (sensitive because one typo can bring
down the whole service for all users).
The ISP Innovations "Radius Control Panel" allows system
administrators to quickly diagnose problems, and verify the system and
As an new option, SQL (& other) Databases can now be used instead of text
And "radius abusers",
(spammers), can be automatically disconnected when certain criteria are
- RADIUS changes are made by people typing into text files, with no "history" of what changed, or was added
- These changes must be made by a "qualified technician", otherwise, if a mistake is made (e.g., a comma in the wrong place), then RADIUS for the whole ISP could stop working, causing *all* services to grind to a halt, (users cannot even send email to alert the ISP, as they have no Internet connectivity)
- Even with qualified technicians, typos are possible, which can cause serious problems
- The person doing the configuration is not necessarily aware of failures in new configuration
- The new functionality has to be either verified a with second (time-consuming) step, or is not verified
- Some functionalities may not be being used, due to inexperienced users
- RADIUS configurations are rarely "archived"
- RADIUS changes do not cause notifications to Administrator
- RADIUS configuration can be time-consuming
- If multiple RADIUS servers are required, keeping them "in-sync" can be
very complicated, and many times not possible.
- A "Radius Abuser" (e.g. a spammer) can make the system slow for all
users, and not be detected until many days after the fact, when the logs are
- Getting a "report" of what users were logged in during what
times, and for how long, with monthly totals is not a "provided service", and
can be problematic, especially with multiple radius servers
- If customers call complaining they cannot log in, there is
(usually) no way to check what happened, i.e. to see:
- Is the Radius system working?
- If so, does that user's particular "Username & Password" combination
- If so, what "Username & Password" combination did the customer try at
- The last entry can tell you:
- Did the customer's computer even try to login?
- If so, did it use the correct username and password?
- If so, what happened?
- RADIUS changes are made by a program, with 0% failure rate, and "history" of what changed
- Anyone can make RADIUS changes
- Typos are not possible
- The system "checks for errors", and makes them obvious to user if they exist
- The new functionality is automatically verified by the system, i.e. the new users "Login", and "Password" are verified to work right then and there.
- All complex RADIUS functionalities are made available by System
- Each new RADIUS configuration is archived, (before and after) with date of change, and who did it.
- Each change to RADIUS configuration causes changes to be emailed to Administrator
- RADIUS configuration is very quick, usually taking seconds
- Multiple RADIUS servers are supported, and are always perfectly in-sync
- "Radius Abusers" (e.g. spammers) can be detected in real-time, and
immediately disconnected. These abuses can be logged, and appropriate
action can be taken later (an increase in billing, or suspension of
- The ISP Innovations "Radius Control Panel" can generate monthly User
Invoices, show usage patterns, and more.
- If customers call complaining they cannot log in, there are two ways
to help them out:
- There is an interface where you can look up their username and
see all their login attempts, and see:
- if they typed an incorrect password,
- and if so, what they typed.
- The system has a "real-time" password verifier, which verifies that:
- the radius service is working
- That particular username/password combination works
DHCP (The "Dynamic Host Configuration Protocol") is the System which
hands out IP numbers to computers when they start up, and thereby
"auto-configures" them for Internet access.
THE "DHCP daemon" (dhcpd) is the program which accomplishes this, and it
keeps "leases", which show which computers are using which IP, and when
the "lease expires".
- The DHCP daemon (dhcpd) keeps leases, which are the records of what computer gets what IP, so that when that computer is turned off, and then turned back on, it typically gets the same IP number.
The leases are typically kept in a "leases file", which is a simple text
file, which dhcpd updates many times per second. Because of this frequent updating, it is hard to see what is happening, especially if problems arise. Dhcpd also keeps logs, but these logs do not reflect every lease written, or 're-written' by dhcpd.
- The ISP Innovations "DHCP-Viewer" allows the ISP to see these previously
- A snapshot of what customer has been assigned what IP
- A view of what Mac Address each customer is using, and what IP it is
- Which customers are using more than one IP
- Which customers have more than one lease for any specific IP
- Which customers have more than one Mac Address
- A view of changes to the dhcp leases file, one by one.
- The "DHCP-Viewer" does this via two methods:
- Monitoring the changes to the leases file every minute
- Monitoring the DHCP log file.
- This "DHCP Database" offers the ISP many advantages to
- Diagnose hard to spot problems if or when they occur
- Immediately spot & identify abusers
- Keep an ongoing record of lease file modifications, which are