ClearBox RADIUS Server In Deep

Enterprise version of ClearBox RADIUS server may boast many features needed in large environments with high demand for performance, scalability and failover.

ClearBox provides centralized authentication and administration for thousands and even millions of entities users and clients.

Main Features

Wireless Authentication

802.11 authentication is supported to provide access control to wireless routers, access points, hotspots in EAP/WPA-Enterprise/WPA2-Enterprise modes. Password-based PEAP (EAP-MS-CHAPv2) and certificate based EAP-TLS and PEAP (EAP-TLS) protocols are supported by most wireless clients and implemented in ClearBox.

Policy-based Configuration

Any RADIUS request may be processed in several ways depending on defined rules. Any request RADIUS attribute, sender address, user name pattern or even SQL dynamic query may be used to handle authentication and/or accounting request independently.

Say, "authenticate all request from against Active Directory, and use internal database for all other clients" scenario is available in several clicks.

Multiple Authentication Backends

Several independent authentication backends are supported. RADIUS requests may be authenticated against Active Directory/Windows domains, local Windows groups and accounts, LDAP directories, ClearBox internal user accounts database, any SQL-compliant data sources including SQL servers, Excel tables and even plain text files.


Full SQL Scripting

ClearBox allows to use SQL queries or stored procedures to control almost any aspect of request processing, such as authenticating it, logging authentication status, checking or adding RADIUS attributes in request or response.

SQL data sources may even be used to store ClearBox configuration: such meta-configuration allows to control the RADIUS server be external applications.

Advanced RADIUS Proxy

Besides simple forwarding RADIUS requests, ClearBox in proxy mode allows to modify both outgoing and incoming forwarded packets. Local authentication and accounting processing may be applied prior to forwarding. Load balanicng is available when forwarding is performed to several remote RADIUS servers.


ClearBox is shipped with many vendors-specific RADIUS attributes dictionaries (Cisco, Microsoft, Nomadix, Ascend, Motorola, Juniper, RuggedCom, Mikrotik, etc), and it can be extended with any vendor-specific attributes. Support for H323 Cisco and Quintum attributes is at the server core level.


Built-in User Accounts Management

You may add, modify, delete user accounts in the built-in database. Passwords, access policy, double logon prevention, MAC address authentication, restricted logon hours are managed via administrative interface. The database may be migrated easily to an external SQL server.

Multiple Accounting Consumers

ClearBox supports for logging acconting RADIUS records in several ways simultaneously. SQL data storages, plain files, remote RADIUS servers are all supported. Advanced techniques, like caching data in MS Message Queue, increase the system scalability and fault tolerance.

3rd Party Billing Systems Integration

ClearBox Server can be easily integrated with almost all SQL-based billing systems supporting RADIUS server authentication. Among them you can find DTH Billing and Customer Management by DTH Software. The system is suitable for ISP and VoIP billing and boasts many nice features.

RADREP by RADIUS Reporting, easy to use Windows GUI application which produces usage and billing reports from RADIUS accounting logs for organizational charge-back or internal billing purposes.