Authentication Server; Authentication Server Overview; Local User Database; Radius - ZyXEL Communications ZyWALL 2 Plus User Manual
Interned security appliance
Hide thumbs
Also See for ZyWALL 2 Plus:
- User manual (678 pages) ,
- Quick start manual (137 pages) ,
- Firmware release notes (43 pages)
Table of Contents
Advertisement
C
H A P T E R
This chapter discusses how to configure the ZyWALL's authentication server feature.
16.1 Authentication Server Overview
A ZyWALL set to be a VPN extended authentication server can use either the local user
database internal to the ZyWALL or an external RADIUS (Remote Authentication Dial In
User Service, RFC 2138, 2139) server for an unlimited number of users. The ZyWALL uses
the same local user database for VPN extended authentication.
16.1.1 Local User Database
By storing user profiles locally on the ZyWALL, your ZyWALL is able to authenticate users
without interacting with a network RADIUS server. However, there is a limit on the number of
users you may authenticate in this way.
16.1.2 RADIUS
The ZyWALL can use a RADIUS server to authenticate an unlimited number of users.
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS
server handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are connected
to the network.
• Accounting
Keeps track of the client's network activity.
RADIUS is a simple package exchange in which the ZyWALL acts as a message relay
between the client and the network RADIUS server.
16.1.3 Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the ZyWALL and the
RADIUS server for user authentication:
• Access-Request
ZyWALL 2 Plus User's Guide
Authentication Server
16
323
Advertisement
Chapters
Table of Contents
Troubleshooting
