Proactive System Management
An equally important part of maintaining a RADIUS implementation with the least downtime possible is keeping up with your system and examining it on a daily (or sometimes even more often) basis. There is a glut of monitoring tools on the market now, and there are as many freely available open source tools that can be had for the simple price of compilation and configuration. Most of these tools profile various metrics of your system in two key areas: service statistics and system statistics.
Service monitoring is designed to see two things: whether the service is functional, period, and then what kind of load under which the service is operating. The most effective way to test the first tenet is to have a packet generator send RADIUS packets emulating an incoming NAS connection. If a response is received from the RADIUS server, I know it’s operating. Beyond that, I want to see some statistics about the environment in which the service is being provided.
- Logons per second
This statistic measures the number of successful authentications (through counting the number of
Access-Acceptpackets) per second through your system. You can also monitor the start type of
Accounting-Requestpackets, although you lose the ability to see the reject ratio: how many requests were granted to every reject.
Look for: abnormally high counts for this statistic. This would indicate a general network problem that would disconnect a user. He’d then attempt to reconnect, sometimes ...