there is some heavy flooding running in my network, i am using dmasoftlabd as a RADIUS server, the dmasoftlab is hosted on another network ,but due to flooding the network is getting down at that level that my radius server internet acess getting dropped, i guess LAN Card is getting hang, i try to ping google.com from radius machine then getting time out and try from out side to radius server and i am getting time out on thtat,
then i reboot radius server then it works for some time properly so can any one advice me best solution or option to run my network stable…
First of all you have to detect what kind of flooding is running on your network. Without knowing the nature of flood, it would be hard to pin point any issue. You have to protect your mikrotik routerOS with secure scripts, close all un necessary services like ssh , api, http etc. run TORCH and see what un necessary traffic is generating heavy traffic, un plug those infected users. Also having good quality manageable switches at major ends will prevent you from such flooding by auto shutting down the infect area. This is common in large cable.net environments.
For Radius machine, You can use IPTABLES to protect at minimum level. Configure IP tables to block all traffic except port 80 (which is used for Radius Web Interface) , Radius / mysql ports.
This way your radius will work much better in secure environment.
I personally recommend you place your Radius Server in DMZ (with different subnet) , means behind mikrotik to make it more secure, so only authenticated users can access it. (If you are providing refill , self register option for user, you can create an local account with access to radius only rights
Thank you for the response i setup iptables and now radius is not getting affected with so much of traffic also but now i am getting too much internal flooding in the network, can you please advice me how to detect those unwanted traffic and shape the traffic properly so that customer get better user experience .
As we found that huge traffic choking the switch and other equipments any time, so need some strong solution which can detect the internal attacks and find the attackers to remove them from network,… some suggested me IPS and IDS where i placed untangle but not work as they not passed PPPoE traffic from Bridge interface to WAN interface , so can any one advice me best solution which help to making network more stable & reliable