Technical Reference; Vendor Specific Attribute - ZyXEL Communications XS1930-12F User Manual

Table 97 Advanced Application > AAA > AAA Setup (continued)
LABEL
Type
Active
Broadcast
Mode
Method
Apply
Cancel

25.5 Technical Reference

This section provides technical background information on the topics discussed in this chapter.

25.5.1 Vendor Specific Attribute

RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server
and a network access device (for example, the Switch). A company can create Vendor Specific
Attributes (VSAs) to expand the functionality of a RADIUS server.
The Switch supports VSAs that allow you to perform the following actions based on user authentication:
• Limit bandwidth on incoming or outgoing traffic for the port the user connects to.
• Assign account privilege levels (See the CLI Reference Guide for more information on account
privilege levels) for the authenticated user.
The VSAs are composed of the following:
• Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned
Numbers Authority). Zyxel's vendor ID is 890.
• Vendor-Type: A vendor specified attribute, identifying the setting you want to modify.
• Vendor-data: A value you want to assign to the setting.
Chapter 25 AAA
DESCRIPTION
The Switch supports the following types of events to be sent to the accounting servers:
• System – Configure the Switch to send information when the following system events occur:
system boots up, system shuts down, system accounting is enabled, system accounting is
disabled.
• Dot1x – Configure the Switch to send information when an IEEE 802.1x client begins a session
(authenticates through the Switch), ends a session as well as interim updates of a session.
Select this to activate accounting for a specified event type.
Select this to have the Switch send accounting information to all configured accounting
servers at the same time.
If you do not select this and you have two accounting servers set up, then the Switch sends
information to the first accounting server and if it does not get a response from the accounting
server then it tries the second accounting server.
The Switch supports two modes of recording login events. Select:
• start-stop – to have the Switch send information to the accounting server when a user begins
a session, during a user's session (if it lasts past the Update Period), and when a user ends a
session.
• stop-only – to have the Switch send information to the accounting server only when a user
ends a session.
RADIUS is the only method for recording System or Exec type of event.
Click Apply to save your changes to the Switch's run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Click Cancel to begin configuring this screen afresh.
XS1930 Series User's Guide
210