Authentication Server; Authentication Server Overview; Local User Database; Radius - ZyXEL Communications ZYWALL P1 User Manual

C
H A P T E R
This chapter discusses how to configure the ZyWALL's authentication server feature.

15.1 Authentication Server Overview

A ZyWALL set to be a VPN extended authentication server can use either the local user
database internal to the ZyWALL or an external RADIUS (Remote Authentication Dial In
User Service) server for an unlimited number of users. The ZyWALL uses the local user
database for VPN extended authentication.

15.1.1 Local User Database

By storing user profiles locally on the ZyWALL, your ZyWALL is able to authenticate users
without interacting with a network RADIUS server. However, there is a limit on the number of
users you may authenticate in this way.

15.1.2 RADIUS

The ZyWALL can use an external RADIUS server to authenticate an unlimited number of
users. A RADIUS server enables user authentication, authorization and accounting. RADIUS
is based on a client-sever model that supports authentication and accounting, where access
point is the client and the server is the RADIUS server. The RADIUS server handles the
following tasks among others:
• Authentication
Determines the identity of the users.
• Accounting
Keeps track of the client's network activity.
RADIUS user is a simple package exchange in which your ZyWALL acts as a message relay
between the user and the network RADIUS server. See RFC 2138 and RFC 2139 for more on
RADIUS.
15.1.2.1 Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
ZyWALL P1 User's Guide

Authentication Server

15
265