Table of Contents
Advertisement
• Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is
both a directory and a protocol for controlling access to a network. The directory consists of a
database specialized for fast information retrieval and filtering activities. You create and store
user profile and login information on the external server.
• RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used
to authenticate users by means of an external or built-in RADIUS server. RADIUS authentication
allows you to validate a large number of users from a central location.
Note: Because the NXC has an internal authentication database, you can create local
login accounts on it without needing to rely on an external authentication server.
The built-in authentication server supports PEAP/EAP-TLS/EAP-TTLS.
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the
directory structure reflects the geographical or organizational boundaries. The following figure
shows a basic directory structure branching from countries to organizations to organizational units
to individuals.
Figure 129 Basic Directory Structure
Root
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value pairs separated by
commas. The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique
name for entries that have the same "parent DN" ("cn=domain1.com, ou=Sales, o=MyCompany" in
the following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
NXC2500 User's Guide
Sprint
US
UPS
Japan
NEC
Countries (c)
Organizations
Sales
RD3
QA
CSO
Sales
RD
Organization Units
Unique
Common Name
(cn)
Chapter 21 AAA Server
229
Advertisement
Table of Contents
Troubleshooting
