Rumah> Produk> Software > AAA Management Software>

RG-SAM+ Security Accounting Management System

Ruijie RG-SAM+ is a proven comprehensive authentication and accounting system based on RADIUS. The RG-SAM+ has served more than 20 million users in 1168++ universities over the past 14 years. The RG-SAM+ has integrated with most of the available authentication modes including 802.1X, Web, PPPoE, IPoE and remote VPN access. This platform also supports access control, unified network access/egress access control, gateway and flattened authentication modes. The RG-SAM+ hence offers remarkable flexibility for users to formulate the best solution to meet their needs.

With the single unified authentication platform, the RG-SAM+ fully supports access control, accounting/billing, log management, and unified external interfaces for all the authentication methods. Users benefit from both minimum investment costs and advanced management efficiency by the “ONE Network, ONE Authentication Platform” design.

The RG-SAM+ outperforms alternative products in terms of user experience and simplified operation. Through a user-centric model, the system delivers simpler, clearer and smarter network experiences. The RG-SAM+ empowers higher education institutes to operate in a more flexible manner with open and standard protocols, and a wide selection of operating policies to use.



Lebih banyak+

Superior User Experience

User-centric Design

The RG-SAM+ understands what users are looking for - a system that is simple and easy-to-use. With the User-Centric design, the new system focuses on user experience, removes unnecessary content, and provides a user-friendly one-page overview dashboard. 

RG-SAM+ Management Dashboard

User-friendly PC & Mobile Authentication View

Useful Info Page on Successful Authentication

Hassle-Free Authentication Experience

The RG-SAM+ supports the PEAP based on 802.1X and Web authentication for seamless authentication. User is only required to login once then able to enjoy automatic login in the future without all the tedious repeated login procedure again. 

The system will automatically reconnect at the background when the connection is dropped. In addition, no client or agent installation is required regardless of where the users are and what end devices they are using for network access. The user identity control is also preceded by high performance hardware to guarantee the smooth user experience. 

Guest also can access the Internet or network through Easy Guest QR-Code Access method. With this method, guests can login to the network and Internet by scanning a QR code or enter an Invitation Wi-Fi Code without relying on the administrator to authorize it manually. This is very useful for large event or public area.

These 2 unique authentication methods will greatly improve the user experience and reduce many unnecessary administrator workload.

Simple Unique Authentication Method

Adaptive Self-service 

The self-service component of RG-SAM+ will improve with time - learning and adapting to users’ habits - and display the most useful information. The system enhances the self-service experience with the highly recognizable icons and buttons, and a friendly style to encourage active user interaction. The RG-SAM+ delivers a truly self-service platform for every user. 

The RG-SAM+ provides simple and clear user online details. By using the self-help network service, a user can query the personal online details and personal account flow. Then, the user can be clear about the consumption and the system manager needs to do much less work.

For authorized staff, they also can generate an easy guest access code by themselves before hosting a meeting.

RG-SAM+ Self-service Interface

Generate Guest Access through Self-service


Simplified Operation

Openness and Compatibility

In order to help customer achieve “No Dependency, Freedom in Brand Selection”, the RG-SAM+ is based on industry’s standardized design and technology for seamless integration. The RG-SAM+ provides standardized protocols and an open interface for integration with 3rd-party devices. Hence, the product is not brand-specific to enable easy deployment of new devices in the late implementation stage. 

Switch: Any models supporting RFC2865/2866/3576/China Mobile Portal protocol specifications V2

Wireless: Any models supporting RFC2865/2866/3576/China Mobile Portal protocol specifications V2

BRAS: Any models supporting RFC2516/RFC2865/RFC2866/RFC3576, RFC1541/RFC2865/RFC2866/RFC3576/ China Mobile Portal protocol specifications V2

LDAP: LDAP protocol

Open API: Webservice interface (e.g. One-card Access)

Open Wired + Wireless Authentication Architecture

Unified Gateway Authentication (Network Flattening)

In Ruijie Simplistic Campus Networks Solutions, the RG-SAM+ can work with Ruijie RG-N18000 gateway core which acts as Unified Gateway, helps to “flatten” and simplify the network architecture; while the RG-SAM+ helps on the user access management consolidation. The RG-SAM+ also supports mainstream BRAS devices from Huawei, ZTE, Juniper, etc. The authentication gateway is maintained at an upper level and is independent from any access devices or brands for simplified operation.

●Support PPPoE of mainstream BRAS devices: Huawei ME60, ZTE M6000 and T600, Juniper MX series and E series

●Support IPoE of mainstream BRAS devices: Huawei ME60, ZTE M6000 and T1200, Juniper E series

Practical Identity Management/Authentication Solution for Campus

Unified Authentication Component

The RG-SAM+ is a very flexible solution, it can integrate with Ruijie Simplistic Campus Network (SCN)’s component such as Ruijie RG-RSR77-X gateway, RG-N18000 with MSC line card, RG-ACE application gateway to achieve an end-to-end Unified Egress Solutions with authentication, accounting and billing features. These hardware and software can combine together to enhance the overall performance and reliability.

When combine with Unified Gateway Solutions, the RG-SAM+ enables more simple, secure and efficient way such as user isolation method which is able to achieve adequate network protection result with simplified architecture, management and flexible policy control. The latest RG-SAM+ version is built to provide a better online user experience with minimum effort in authentication.

Modular SCN Solution Components for RG-SAM+

Flexible & Refined Policy Management

The RG-SAM+ handles the many different policy requirements with ease: management target variety, access mode flexibility, billing complexity and service policy combination.

The refined policy management enables the higher education institutes to manage the operation centrally, and to offer refined management services for users from different zones.

The RG-SAM+ provides a series of unique solutions with respect to by-area management and elaborate management that use IP subnet /VLAN/Port ID management to ease the location policy management. Each solution can be applied independently, and these solutions have associated features. These associated features help combine these solutions freely. Hence, this meets the IT O&M requirements of colleges. The RG-SAM+ can easily deal with diversity of management objects, flexibility of access modes, complexity of accounting, and combination of service policies.

The system guarantees the network users with highly personalized services:

●Zone management: zone division, service customization, user grouping

●Multiple access modes and flexible billing modes as the solution core

●Access modes: 802.1X, Web, PPPoE, IPoE, VPN

●Billing modes: Periodic billing, traffic-based billing, time-based billing and various user-defined billing modes

Users can flexibly define the zone, access and billing modes based on the actual demands. Accordingly to the service nature, the system supports implementation of one billing policy under an access mode of a designated area. In other words, it can deliver a set of customized services to a certain group of users.

The RG-SAM+ also provides visible star-map containing information of online user distribution and amount. User star map shows all the wired and wireless users on a campus map with user visual density indication to help administrator understand the user behavior for future project planning.

Zone-based Refined Management

Online User Distribution Star-Map

On-demand Accounting/Billing Policy

The RG-SAM+ is preset with a number of accounting/billing policies to quickly adapt to general scenarios. Such include monthly billing policy, daily billing policy, duration-based billing policy and traffic-based policy.

The administrator can tailor detailed billing rules. The RG-SAM+ enables policy customization to offer a wide array of possible billing modes. New billing modes can be customized to adapt to the actual deployment environment. The RG-SAM+ offers authentication modes with fees charging/billing and “virtually” charges with accounting for statistic purpose. The RG-SAM+ hence offers a total billing management solution that best fits the users’ special needs.

From Cost Center to Strategy Asset with Accounting/Billing Policy

High Availability

Ruijie RGAC clustering solution deploys two servers for mutual backup. When one server fails, the other can take over without any manual interference for unparalleled services resiliency. The clustering solution guarantees the RG-SAM+ with outstanding usability and continuity.

In the event of master device failure, all the SAM+ services will be unaffected to ensure normal operation. The users can thereby handle emergency events with ease. The guaranteed services include authentication, billing, management, self-help and 3rd-party interface services (e.g. One-card Access).

Flexible Deployment Modes

The RG-SAM+ offers 3 flexible deployment modes (Egress, Transparent and L2/L3 Gateway) depending on user requirement and their future network planning.

Flexible Deployment Modes




  • Support L2 bridge deployment design
  • Support hardware bypass option
  • No impact on existing network


  • No changes after the distribution layer
  • No changes on current topology
  • Additional mirroring device

L2/L3 Gateway

  • Unified authentication and core switch function
  • Support L2/L3 SCN architecture and reduce TCO
  • Less equipment
  • Simplified architecture
  • Easy maintenance

Comparison of Different Deployment Modes


Product Specifications



User Authentication

Support multi-service unified authentication through variety of access methods such as wired, wireless, 802.1X, PPPoE, VPN, Web, and gateway or egress access. The same user also can access different services based on different needs and requirement.

Support MAC Address Bypass (MAB) authentication for devices which cannot support IEEE 802.1x protocol.

Support credential (username, password) security encryption and management through https, MS-CHAPv2, PEAP.

Access Control

Support comprehensive authentication policy management with at least the combination of who, how, what, where and when information criteria.

Support account binding with IP, MAC, access switch IP, port though wired access; support account binding with the user MAC, AP MAC binding, SSID, wireless switches IP through wireless access.

Support restriction control on users’ static IP or dynamic IP access method.

Support flexible control of the access periods such by day / week / holiday time or customized duration. Different access time interval control to allow the users access the network or internet with different independent policy.

Support region / zone policy control according to user's IP and NAS IP, this can prevent specific area to have internet access

Seamless Authentication

Support seamless authentication for 802.1x, Web-Authentication and Wireless access. The registered user is only required to login once and the authentication system will able to recognize and allow the user to login to network without any username / password input in the future whenever the user access the network / wireless in the authenticated zone.

Support seamless authentication based on location.

Support seamless authentication with different accounting/billing policy.

Support wireless and dot1x seamless authentication with LDAP encrypted mode.

Support seamless authentication for certain hardware equipment through MAC address.

Support flexibility option for user to enable or disable the seamless authentication when necessary.

Authentication Performance

Support high availability clustering technology (RG-AC), effectively solve the performance limitations of single server failover with high-speed services synchronization to ensure high availability and flexible scalability. At the same time, high availability clustering technology enables synchronization of information between multiple servers can support cross-regional roaming account, disaster recovery and continuous system operation.

MAC authentication performance: 2500/sec

IPOE performance: 1000/sec

Support external captive portal for better performance and resiliency.

Support web portal performance monitoring.

Big Data Operation

Support 10 million online details queries.

Support 50,000 user export.


Egress Bandwidth and Quota Policy

(Required to interact with N18K/MSC, RSR77, ACE or compatible gateway)

Support quota management feature that will intelligently identify the user traffic destination so that quota management will only be applied to Internet access but not the intranet or LAN access for the each individual user at the same time.

Administrator has an option to put the user account in suspend mode or automatically switch to lowest fair usage policy if that particular user has reached the quota threshold.

Support different bandwidth according to user.

Support 100K online users bandwidth policy.

Support by user or by IP bandwidth policy.

User Management

Support number of device limitation can be authenticated per user and allow user to automatic register the device on the first successful login access.

Support unified user management such as user info viewing / management, detail log by username, online user statistic, access control, user notification, website redirection, online / offline log, MAC/IP binding control and other comprehensive features to help administrator manage the authentication system easily.

Provide the functions of flexible account pre-opening and account pre-destroyed. These will automatically achieve a large group of user such as students graduated from campus to reduce administrator workload and improve productivity. This also helps to save investment by release the user count.

Support powerful log function. This function enables record and query of the RADIUS service logs, system logs, manager operation logs such as password changes, user Web self-help logs, and bill server logs, and this is helpful for audit. Working with the RG-elog, the RG-SAM+ provides analysis and inquiry functions based on user’s NAT log and URL log.

Support flexible authority customization. Hierarchical management must be available and support up to 3 levels of authorized management and menu access.

Support customized inquiry. Different administrators can have their own inquiries and their recent inquiry search can be saved for future use.

Support batch management operations such as batch modification of user information, batch information importing, batch information modification, batch binding and unbinding functions to reduce the workload of the administrator and prevent human error during the data entry process.

Support batch user information import through flexible import policy. All the import activities will be logged.


Support automatic user blocking function based on customization policy.


Support an option to blacklist user with customize notification message and flexibility effective periods such as range of date, time, or permanent.

Accounting Policy

Support web authentication accounting / billing policy by month, duration, or traffic usage.

Support flexible accounting / billing such as by day, month, traffic usage, duration, customized period, or customized rule such as accounting / billing exception for a week.

Support policy management by area / location and service classification by area. Different users in different areas may access to different services. For example, in the reading area and student hostel area, a student can use different access services and proper accounting policies with the same account.

Support option to enable authentication mode with fees charging / billing and virtual fee charging with accounting for statistic purpose.

Account Management

Account management, account flow management, manual account login, account / billing report management.

Operation Management

Support visible star-map containing information of online user distribution and amount.

Support online user management, online user analysis, online usage ranking, detailed online management, network repair management, log management, wireless roaming management, and the system can generate the operational reports automatically.

Support intelligent maintenance functions such as automatically monitor, maintain and backup database files and operation status to reduce manual workload as well as minimize the risk of data lost.

Support at least 3 months’ comprehensive logs for security audit purposes. The log must contain the username, MAC, IP address, login date and time, network access devices, switch port, AP Mac, SSID, gateway IP, internet usage, internet log and other details to prove the end-to-end track record of user activities.

With the powerful data export function, the RG-SAM+ can output all reports in the Excel format. This facilitates double-check of data outside the system and provides data for other systems or units.

Self-service Portal

Support customizable self-service platform which users can self-register, bind / unbind devices, change password, check quota, change plan, refer to FAQ and report a problem to reduce the administrator workload.

Support guest account set up on self-service platform. Authorized staff can authenticate guest by enabling temporary internet access for the guest with predefined policy such as maximum number of guest allow, maximum internet usage period and default redirect page after login. This also allows the administrator to trace the guest activities responsible by that particular staff.

User Monitoring

Must support user star map that enables to show all the wired and wireless users on a campus map with user visual density indication to help administrator understand the user behavior for future project planning.

Support dynamic real-time graphs or charts to show the current online user number, online user location, online user by regional distribution, access method and other information.

Guest Management

Must support easy guest authentication methods such as SMS and verification code.

Support QR code authentication so that guests can login to the network and internet by scanning a QR code without relying on the administrator to authorize it manually.


Support 3rd-party RADIUS authentication integration.

3rd-party Integration

Support Microsoft Windows Active Directory (AD) domain integration, including seamless Single-Sign-On integration for a complete 802.1X authentication and Windows AD authentication.

Support the integration with LDAP server to obtain user identity information to achieve unified authentication.

Support rich interfaces for further development such as the digital campus one-card system.

Support standard web service interface based on SOAP protocol, other application can get user information such as user ID, group, user real name, online status through the web service interface.

End Point Compatibility

Support the latest Windows, Mac desktops and support for Apple, Android mobile device platforms.

Support dual stack IPv4/IPv6 protocol.

Support device-based portal page and automatic screen fit feature for various screen resolution mobile device platform.

Hardware Configuration


Recommended Configuration (SAM Server)


Based on registered user amount, RAM recommendation as following:

<10,000 users, 4G

10,000-50,000 users, 16G

50,000-100,000 users, 32G

Hard Disk

500G recommended


Intel Xeon E5630 2.53GHz, 4 Core*4

Recommended Configuration (Web Portal Server)


32G or Above

Hard Disk

500G recommended


CPU E7-4807 @1.87GHz 1.86GHz (4 CPU)

Network Interface Card

Intel® 82576NS Gigabit Ethernet Controller*8 (NIC cluster)

Software Configuration


Recommended Configuration (SAM Server)

Operation System

Windows Server 2008 R2 Enterprise Edition SP1 X64


SQLServer 2008 R2 Enterprise Edition SP1 X64

Recommended Configuration (Web Portal Server)

Operation System

Windows Server 2012 Standard R2


Microsoft SQL Server 2012 (SP1)




RG-SAM Plus Int. Base

SAM Plus Base platform, a standard AAA server, support 802.1X

License and Optional Accessories

RG-SAM Plus Int. License-1000

SAM Plus License for 1000 registered user

RG-SAM Plus Int. License-5000

SAM Plus License for 5000 registered user

RG-SAM Plus Int. License-10000

SAM Plus License for 10000 registered user

RG-SAM Plus Int. Portal Component

Portal component for SAM Plus, provide Web based authentication

RG-SAM Plus Int. Base HA License

HA License for SAM Plus Base, provide HA function based on two sets of SAM Plus Base

RG-SAM Plus Int. Portal Component HA License

HA License for SAM Plus Portal component, provide HA function based on two sets of SAM Plus Portal component

RG-SAM Plus Int. Self-Service Component

Self-service license for SAM Plus, provide self-service platform for end user

RG-SAM Plus Int. SMS Component

Provide SMS server docking function to do SMS based authentication, need to work with Portal component

RG-SAM Plus Int. Visualization Component

Provide operation visualization function for SAM plus, such as end user star map


Ruijie Software product Standard Maintenance Service
Including bug fix, software upgrade for 1 year and implementation support


Ruijie software product Customization development service
(By Man-day)


Ruijie software system integration service for SAM plus docking to other system such as Windows AD, etc.
(By Man-day)


Ruijie Networks