Month: March 2013

If you have one network card (NIC) inside your computer, everything is working fine and your computer can speak IPv6 to all others in the local network.

On the other side!

If you are one of those guys (strange networking guys who run strange labs on their big PCs), having more NICs inserted in their machine? In that case, your PC will have two or more network interfaces and every one of them will have the same network identifier fe80:0000:0000:0000. If you go back to networking fundamentals, you will remember that a host (or router) with more interfaces cannot have two of them with IP addressing from the same subnet.

Why?

If you want to ping the address fe80::5c9f:bc10:bb38:63ec from your computer and your computer has two NICs with addresses fe80::1111:1111:a000:0001 and fe80::5555:5555:5555:1111. Out of what interface will the ping exit the computer? Hm, on both? Only on random one? This is not going to work.

In short RADIUS means Remote Authentication Dial-In User Service server or proxy.  Is used for centralised accounting, authorisation and most of all, authentication. This technology will help you control who will be able to connect to your network and who will not be granted the access.

It can control the access for all sorts of networks, wireless, VPN, dial-up, direct device to device like router to router connections, basically wherever you put it the middle of communication he can do the control.

There is also RADIUS proxy configuration where proxy only receives and accepts the connection requests but for the decision making it will be connected to other server who will do the RADIUS role.

There are two major ways to deploy radius server and that are:

• Deployment of FreeRADIUS server on UNIX servers. This is by many network engineers basically a best daemon which implements radius protocol and makes your UNIX server a RADIUS enabled server.
• Deployment of IAS role – Internet Authentication Service on Windows Server machine will allow you to make your Windows Server machine respond to RADIUS requests and act as a real RADIUS server. It includes some AD stuff implemented in so it will be able to authenticate the users from Active Directory domain. Which is his biggest advantage over UNIX deployment of course if you have AD deployed in you organization, and you have surely.

RADIUS server connects to user account database which is Active Directory in Windows Server or some normal user database in UNIX. Can be normal SQL table with users in it and can checks access credentials. If the user is authorized to access some network that is secured with RADIUS, he will authorize the access for that user and writes a log of the user entrance to the network.

Components of a RADIUS infrastructure

As you will see here, there are two kinds of IPv6 address autoconfiguration. One of them is the old and well know way to automatically configure IP address from IPv4 world, DHCP. The other way to make the autoconfiguration in IPv6 world in a new, and really interesting way, as it leaves the hosts the ability to make the autoconfiguration by themselves without the need to communicate to anybody else on the network.

IPv6 is meant for various purposes but one main purpose it serves is that it makes the life of the network administrators easier, especially when it comes to dealing with vast address space provided by IPv6. IPv6 address number is fairly bigger than IPv4. In order to make things work out of the box, automatic address configuration was created.

As a result, an IPv6 host can configure for itself complete or part of the address settings automatically, which depends on the type and method it uses for autoconfiguration. The method types include:

• Stateful autoconfiguration
• Stateless autoconfiguration using EUI-64 addressing process (SLAAC)