TSIN02 - Internetworking

Similar documents
TSIN02 - Internetworking

TSIN02 - Internetworking

SNMP Simple Network Management Protocol

COSC 301 Network Management

TELE 301 Network Management

Network Management. Raj Jain Raj Jain. Washington University in St. Louis

Simple Network Management Protocol

Lecture 18: Network Management

Network Management. Stuart Johnston 08 November 2010

SNMP. Simple Network Management Protocol

Simple Network Management Protocol. Slide Set 8

RADIUS - QUICK GUIDE AAA AND NAS?

Network Management. Stuart Johnston 13 October 2011

A Brief Introduction to Internet Network Management. Geoff Huston

Computer Networks II, advanced networking

Part II. Raj Jain. Washington University in St. Louis

SNMP Basics BUPT/QMUL

Network Management System

SNMP Basics BUPT/QMUL

Outline. SNMP Simple Network Management Protocol. Before we start on SNMP. Simple Network Management Protocol

Chapter 9. introduction to network management. major components. MIB: management information base. SNMP: protocol for network management

Virtual Private Networks (VPNs)

Management Information Base

Chapter 23. Simple Network Management Protocol (SNMP)

Overview. RADIUS Protocol CHAPTER

SNMP and Network Management

SNMP and Network Management

Lecture 11: Introduction to Network Management

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

A device that bridges the wireless link on one side to the wired network on the other.

DC70 NETWORK MANAGEMENT DEC 2015

REMOTE AUTHENTICATION DIAL IN USER SERVICE

SNMP and Network Management

CHAPTER. Introduction

Network Management (NETW-1001)

CONTENT of this CHAPTER

TCP/IP THE TCP/IP ARCHITECTURE

Network System Services

The ABCs of SNMP. Info Sheet. The ABC of SNMP INTRODUCTION. SNMP Versions

SNMP. Simple Network Management Protocol

TCP/IP Protocol Suite and IP Addressing

NET311 Computer Networks Management Standards, Models and Language

Outline Network Management MIB naming tree, MIB-II SNMP protocol Network management in practice. Network Management. Jaakko Kotimäki.

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science and Technology. 16.

SNMP. Agenda. Network Management Basics SNMP. RMON SNMPv2 Product Examples L64 - SNMP. Simple Network Management Protocol. Basics SMI MIB.

Chapter 9 Network Management

Appendix C Software Specifications

Radius, LDAP, Radius, Kerberos used in Authenticating Users

RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values

HyperText Transfer Protocol. HTTP Commands. HTTP Responses

Diameter. Term Paper Seminar in Communication Systems. Author: Christian Schulze Student ID: Date: February 4, 2003 Tutor: Martin Gutbrod

L2TP Network Server. LNS Service Operation

Radius, LDAP, Radius used in Authenticating Users

ISO/OSI Model and Collision Domain NETWORK INFRASTRUCTURES NETKIT - LECTURE 1 MANUEL CAMPO, MARCO SPAZIANI

CS Efficient Network Management. Class 4. Danny Raz

Configuring RADIUS Servers

Terminal Services Commands translate lat

Network Management & Monitoring Introduction to SNMP

DHCP Server RADIUS Proxy

Configure SNMP. Understand SNMP. This chapter explains Simple Network Management Protocol (SNMP) as implemented by Cisco NCS 4000 series.

virtual-template virtual-template template-number no virtual-template Syntax Description

Structure of Management Information

Configuring Security for the ML-Series Card

Configuring SNMP. Information About SNMP CHAPTER

JacobsSNMP. Siarhei Kuryla. May 10, Networks and Distributed Systems seminar

Chapter 3. Basic Foundations: Standards, Models, and Language. Presented by: Dr. Baha Alsaify

Chapter 30 Network Management (SNMP)

Chapter 28 Network Management: SNMP Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values

Network Management (NETW-1001)

Addresses, Protocols, and Ports Reference

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

CompTIA Network+ Course

SNMP. Simple Network Management Protocol Philippines Network Operators Group, March Jonathan Brewer Telco2 Limited New Zealand

Implementing X Security Solutions for Wired and Wireless Networks

SNMP. Simple Network Management Protocol. Chris Francois CS 417d Fall 1998

Lecture 5: Foundation of Network Management

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

13. Internet Applications 최양희서울대학교컴퓨터공학부

Configuring SNMP. Understanding SNMP CHAPTER

IPsec NAT Transparency

Network Management & Monitoring Introduction to SNMP

Thomas Schmidt haw-hamburg.de. The RTP MIB. > Design of the RTP MIB > Application: Remote Multicast Monitoring

Network Management. Network Management: Goals, Organization and Functions

This chapter discusses configuration and use of the Remote Authentication Dial-In User Service (RADIUS) networking protocol on a BANDIT device.

products. OSI is an ISO Standard: OSI was officially adopted as an international standard by the International Organisation of Standards (ISO).

Configuring SNMP. Understanding SNMP CHAPTER

MCSA Guide to Networking with Windows Server 2016, Exam

Chapter 12 Network Protocols

APPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE

Brief Introduction to the Internet Standard Management Framework

Network control and management

, Network Management, Future

Network Layers. Standardization Cruelty 2009/08/12. (C) Herbert Haas

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Network Reference Models

06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS

Copyleft 2005, Binnur Kurt. Objectives

This is an introductory tutorial designed for beginners to help them understand the basics of Radius.

Transcription:

Lecture 10: SNMP and AAA Literature: Forouzan, chapter 23 RFC2881 RFC2905 RFC2903 Diameter next generation's AAA protocol by Håkan Ventura (handouts) 2004 Image Coding Group, Linköpings Universitet

Lecture 10: SNMP and AAA Outline: SNMP AAA introduction AAA in Network Access Servers DIAMETER, an AAA compliant protocol 2

Network management framework? Management Information Base (MIB) Structure of Management Information (SMI) SNMP Security and Administration ASN1 3

Why network management? Complex systems are difficult to manage. Too much happens in too many places. Information has to be pooled to be possible to overview. All large systems need to be managed systematically Industrial chemical processes Large organisations Electrical power system 4

Network management Device Management Checking the state of a device Changing configuration of a device Activating or turning of a device Monitoring a software Network Management Properties of the network as a whole 5

Examples of managing tasks Shutting down a network interface on a router Checking the speed of an Ethernet interface Monitoring the temperature on a switch, and sending a warning if it gets too high Checking the state of a webserver (the software) Collecting statistics about link usage 6

Infrastructure Managed devices contain objects whose data is gathered into a Management Information Base Agent Data Managing entity Data Agent Data Network Management Protocol Agent Data Data Agent Agent Data 7

SNMP at a glance Introduced in 1988 To meet the need for a standard for managing IP devices. Replaced SGMP Simple Gateway Management Protocol was used for managing Internet routers Latest version is v3 8

SNMP parts SMI Structure of Management Information The language for defining MIB objects MIB Management Information Base Defines a set of objects, similar to a database SNMP Application program that allows the manager to retrieve and store object values in agents, and agents to send alarm messages to the manager Security The main addition from v2 to v3 9

SMI Object Attributes Figure from Forouzan 10

SMI Naming A tree structure is the basis for SNMP naming Each tree node is described by dot-separated Root numbers/names ccitt(0) iso(1) joint(2) Org(3) internet(1) dod(6) 1.3.6.1.2.1 directory(1) mgmt(2) experimental(3) private(4) mib-2(1) sys(1) if(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) trans(11) snmp(12) i UdpIn Datagrams(1) UdpNo Ports(2) UdpIn Errors(3) UdpOut Datagrams(4) udptable(5) 11

SMI type and syntax Managed agents are heterogenous and may represent data in many different ways There is a need for a well-defined and machine-independent syntax Solution: ASN.1 Simple datatypes are offered (signed and unsigned integers, strings, etc) Structured types can be built from simple types 12

Abstract Syntax Notation One (ASN.1) ISO standard, defines data types in a machine independent way Intermediate format for communication between different machines Data in machine 1, represented in its internal representation Data in machine 2, represented in its internal representation Encoder Transmission in abstract, machine independent form Decoder 13

Data Types Figure from Forouzan 14

SMI Encoding - BER ASN.1 is not enough for transmission, since it makes an abstract definition of data types We need a standardized way of encoding data for transmission The solution for this is Basic Encoding Rules Tag-Length-Value 15

Encoding Format Tag 00 ASN.1 01 SMI extentions 10 context-specific 11 private (vendor specific) Format 0 Simple 1 - Structured Figure from Forouzan 16

Length Format Figure from Forouzan 17

Examples Figure from Forouzan 18

Management Information Base (v2) Each agent has its own MIB The collection of objects that are managed The objects are sorted into the groups under 1.3.6.1.2.1 (mib-2) Only leafs in the tree are accessible The objects are accessed using SNMP operations Lots of standard objects; and extended by vendor specific ones 19

MIB-2 Figure from Forouzan 20

UDP Group Figure from Forouzan 21

UDP Variables and Tables Figure from Forouzan 22

Indexes for UDP Table Figure from Forouzan 23

Lexicographic Ordering Figure from Forouzan 24

SNMP Operations Figure from Forouzan 25

SNMP PDU Format Figure from Forouzan 26

SNMP Message Format Figure from Forouzan 27

UDP Ports Figure from Forouzan 28

AAA Introduction Authentication Validate user identity. Authorization Check which services the user is allowed access to. Accounting Store information about use of a service, eg for billing purposes. 29

Authentication Validate the identity of a user Used for Access control Authorization decisions Account records 30

Authentication techniques Providing some credential that proves a claimed identity ID Smart card SIM Certificate Biometrics Password Public Secret Key pair 31

Authentication protocol Example: If A wants to contact B through the Internet, how can A prove his/her identity? 32

Authorization Policy Identity Current actions Outside state Allowing access to services to authenticated users 33

Accounting Tracking the usage of resources for Billing Management Planning Auditing 34

Protocols for AAA RADIUS TACACS COPS DIAMETER 35

Network Access Server A Network Access Server (NAS) is often the initial entry point to a network. A NAS is a gateway between the users and a network, supplying one or more ways to connect, eg.: Dial-up direct network access (eg. through SLIP or PPP) asynchronous terminal services (eg. telnet) tunneling 36

DIAMETER The Diameter Base Protocol is intended to provide an Authentication, Authorization and Accounting framework for applications such as network access and IP mobility. 37

DIAMETER Facilities The Diameter Base Protocol provides the following facilities: Delivery of attribute value pairs (AVPs) Capabilities negotiation Error notification Extensiability, through addition of new commands and AVPs Basic services necessary for applications, such as handling of user sessions or accounting The Diameter Base Protocol provides the minimum requirements needed for an AAA-protocol, as defined in RFC2989 38

DIAMETER Features All data delivered by the protocol is in the form of an AVP. These are used by the base protocol to support the following features: Transporting of user authentication information, for the purpose of enabling the Diameter server to authenticae the user. Transporting of service specific authorization information, between client and servers, allowing the peers to decide whether a user's access should be granted. Exchanging resource usage information, which may be used for accounting purposes, capacity planning etc. Relaying, proxying and redirecting of diameter messages through a server hierarchy. 39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback