ZyXEL Communications NXC5200 User Manual page 426

Chapter 30 AAA Server
A user logs in with a user name and password pair.
1
The NXC tries to bind (or log in) to the LDAP/AD server.
2
When the binding process is successful, the NXC checks the user information in
3
the directory against the user name and password pair.
If it matches, the user is allowed access. Otherwise, access is blocked.
4
RADIUS Server
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular
protocol used to authenticate users by means of an external server instead of (or
in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS authentication allows you to validate a
large number of users from a central location.
Figure 195 RADIUS Server Network Example
ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works
with the One-Time Password (OTP) feature. Purchase a NXC OTP package in order
to use this feature. The package contains server software and physical OTP tokens
(PIN generators). Do the following to use OTP. See the documentation included on
the ASAS' CD for details.
Install the ASAS server software on a computer.
1
Create user accounts on the NXC and in the ASAS server.
2
Import each token's database file (located on the included CD) into the server.
3
Assign users to OTP tokens (on the ASAS server).
4
Configure the ASAS as a RADIUS server in the NXC's Configuration > Object >
5
AAA Server screens.
Give the OTP tokens to (local or remote) users.
6
426
NXC5200 User's Guide