InkBridge Networks

05/30/2026

RADIUS is the unsung hero of Zero Trust architecture.

For 30+ years, RADIUS has been quietly authenticating hundreds of millions of users daily, asking the critical Zero Trust question: "Who are you, really?" before allowing network access.

Zero Trust is built on the principle of "never trust, always verify." And verification begins with robust authentication, which is exactly what RADIUS provides:

• Identity confirmation at the network edge
• Contextual access decisions based on user attributes
• Consistent policy enforcement across environments
• Centralised authentication that scales with your organisation

Firewalls and fancy monitoring tools get the spotlight, but they're pointless if you can't trust who's accessing your network in the first place.

Zero Trust is a journey that starts with knowing who's knocking at your door. Get your authentication foundation right with proper RADIUS implementation, and you've taken the crucial first step toward a true Zero Trust architecture.

What's been your experience with authentication as part of your Zero Trust strategy?

05/29/2026

We're proud to share that our VP of Customer Experience & Product, Jana Sedivy, has received a WBA Contributor Award from the Wireless Broadband Alliance - recognised for her contributions to the Testing and Interoperability Working Group and her public outreach work advancing Passpoint technology.

Congratulations, Jana. Well deserved.

📸 Pictured with Bruno Tomas (CTO, WBA), Tiago Rodrigues (CEO, WBA), and Derek Peterson (CTO, Boingo / Chair, WBA).

05/28/2026

"Can FreeRADIUS work with Active Directory?"

We get this question on the regular. The short answer is YES, but it's not plug-and-play.

Here are the caveats for AD + FreeRADIUS integration:

❌ You can't connect them directly.
✅ You need Samba as an intermediary.

❌ Not all authentication protocols will work.
✅ CHAP, Digest, EAP-MD5, and EAP-SIM are off the table.

❌ Performance can suffer without optimisation.
✅ Session tickets can dramatically reduce AD load.

Active Directory's proprietary Microsoft tech creates some hurdles that catch teams off guard. But with the right architecture, you can absolutely make it work - we've done it countless times for universities and enterprises.

Our technical guide breaks it all down:

Yes, FreeRADIUS and Active Directory can work together, but they have constraints. This article explores the pros, cons, and setup implications.

05/28/2026

"Nine out of ten AI agents can be well-governed. The tenth can bring the whole thing down."

That was the agentic AI problem named in one sentence on the Broadband Breakfast Live panel at Mobile World Congress 2026. Our VP Jana Sedivy was there, and she's written about why AI regulation 2026 needs to catch up, fast.

https://www.inkbridgenetworks.com/blog/blog-10/agentic-ai-mwc-2026-185

05/27/2026

If you're running authentication infrastructure that's older than some of your engineers, we should probably talk.

At the Broadband Nation Expo, VP Jana Sedivy spoke with an ISP executive whose authentication system is 16 years old.

As BEAD funding drives subscriber growth and multi-gigabit speeds increase simultaneous authentication sessions, these legacy systems become operational liabilities.

The broadband industry is experiencing:
- New ISPs emerging through federal funding
- Existing providers expanding service areas
- Multi-gigabit deployments increasing authentication loads
- AI-driven network operations requiring modern, API-enabled platforms

Your network infrastructure is scaling. Is your authentication infrastructure keeping pace?

Our latest industry analysis examines seven trends reshaping broadband infrastructure in 2026, including why now is the time to evaluate your authentication, DHCP, and TACACS+ infrastructure:

https://www.inkbridgenetworks.com/blog/blog-10/broadband-industry-trends-171

05/26/2026

If you're running a roaming network, RADIUS accounting isn't an optional extra - it's the mechanism that settles who owes whom.

At last year's RADIUS Conference, Blair Bullock, AAA Systems Architect at Boldyn Networks, made the point clearly:

"RADIUS accounting in roaming is the principal mechanism for settlement and clearing between parties. Even if your service is settlement-free, you still must handle the accounting records."

In his session with Ryan Blossom, Systems Engineer at Single Digits, Blair walked through how proper correlation across all three As - authentication, authorisation, and accounting - gives you a complete picture of session state without ever touching the wireless LAN controller. Who's trying to connect. Who failed. Who's online right now. Which sessions have closed. All of it, from RADIUS messages alone.

This is the kind of session that makes RADIUS Conference worth blocking off the calendar for - practical content from the engineers running AAA at scale.

Join us on June 8 and 15, 2026. Register now: https://radiusconference.org

05/26/2026

We've responded to countless network breaches over my career. The pattern is almost always the same:

- Organisation spends millions on cutting-edge security tech.
- Admin uses default password, misunderstands configuration, or clicks phishing link.
- All that expensive tech becomes irrelevant.
- Everyone blames the tech, not the lack of training.

When I tell organisations to invest more in staff education, they push back: "Training doesn't scale!" or "People just forget!"

Yet somehow they're fine spending millions on hardware that's obsolete in three years and software that no one fully understands how to configure.

The cold reality: your authentication system is only as secure as the people administering it. A properly configured ten-year-old RADIUS server with well-trained staff is more secure than a state-of-the-art system managed by undertrained teams.

Yes, good security technology matters. But if your security budget allocates more than 70% to technology and less than 30% to training, you're optimizing for vendor sales cycles, not actual security.

05/25/2026

FreeRADIUS authenticates over 100 million users daily.

Cisco ISE doesn't come close.

Let that sink in: the open-source RADIUS server we created and maintain handles more authentication traffic than all commercial alternatives combined.

National telecommunications providers with 10-20 million subscribers? FreeRADIUS.

Fortune 50 companies authenticating every network port globally? FreeRADIUS.

Equipment vendors testing their switches and access points before release? They test against FreeRADIUS.

Yet when IT teams evaluate authentication infrastructure, Cisco ISE still appears on every shortlist by default because it's sold by a massive vendor with an enterprise sales team.

Here's what's actually happening in 2026:
✓ Organisations are discovering that "enterprise-grade" doesn't require enterprise pricing
✓ Per-user licensing that scales infinitely with growth makes less sense every year
✓ Vendor lock-in creates more risks than benefits
✓ Open standards and vendor neutrality beat proprietary ecosystems

We've published a comprehensive guide comparing Cisco ISE to the alternatives actually used at scale - including real pricing and honest feature comparisons.

Whether you choose FreeRADIUS with commercial support (from us or others), Aruba ClearPass, Microsoft NPS, or stay with Cisco ISE, you deserve to understand the complete landscape before making decisions that affect your infrastructure for the next decade.

Learn more here: https://www.inkbridgenetworks.com/blog/blog-10/cisco-ise-alternatives-comparison-guide-173

05/25/2026

Two weeks until I'm in Helsinki for the RADIUS Conference workshop, and I want to use this post for two things.

First, if you're going to TNC26, the RADIUS workshop is on Monday June 8 at Finlandia Hall as an official side event. €30 through the TNC side-meetings system. We're capping it around 25 seats and we're getting close. If you've been thinking about it, register today.

If you're not going to TNC26 but want to come to the workshop you can sign up for just our event - you'll find details on the RADIUS Conference website.

Second, if Helsinki isn't on the cards for you, the Virtual Speaker Series on June 15 is free and global. Full day, four tracks (ISP, Enterprise, General RADIUS, Educational), live Q&A, and yes, the recordings go out to registrants afterward.

https://radiusconference.org for both.

See some of you in Helsinki. The rest of you, I'll see online!

05/24/2026

A protocol introduced in 1991 still authenticates hundreds of millions of daily user connections in 2026. That isn't an accident, it's the result of a community that kept patching, extending, and arguing about RADIUS long after most people stopped paying attention.

But the last two years have been a wake-up call.

BlastRADIUS made it clear that "good enough" cryptography from another era isn't good enough anymore. RadSec is finally moving from "nice to have" to "you need this in production." And the conversations happening in the IETF right now about what RADIUS looks like next will shape the protocol for the next decade.

That's why we're running the RADIUS Conference again this year, with a stronger program than 2025:

• Bryan Lechner (HPE) on what enterprise customers are demanding from RADIUS in the cloud-and-zero-trust era
• Mark Grayson (Cisco Fellow) on how Wi-Fi, Passpoint, and OpenRoaming can facilitate emergency calling and priority communications during natural disasters and crises
• Karri Huhtanen and the Radiator team on operating RADIUS at carrier scale
• Eva Santos on why RadSec adoption is still chronically lagging (and what to do about it)
• Plus speakers from Internet2, the eduroam community, and several global service providers

Workshop: June 8, Helsinki (TNC26 side event)
Virtual Speaker Series: June 15, free, online

Details and registration at https://radiusconference.org. The virtual day costs you nothing but an afternoon. Worth it.