Zte ZXR10 2920 User Manual page 174

ZXR10 2920/2928/2952
Authentication
Server
Client/Server
Mode
Radius
Accounting
Server
Password
Authentication
Protocol (PAP)
160 Confidential and Proprietary Information of ZTE CORPORATION
(V1.0)
Access Switch User Manual （Volume I）
Controlled port and uncontrolled port in the IEEE 802.
protocol are logical ports.
equipment. IEEE 802.
authentication for each subscriber that other subscribers cannot
use. Thus, there will not be such a problem that the port is
used by other subscribers after port is enabled.
Authentication server is generally a RADIUS server.
server can store a lot of subscriber information, such as VLAN
that the subscriber belongs to,
subscriber access control list, and so on.
of a subscriber is passed,
information of this subscriber to authentication system, which
will create a dynamic access control list.
subscriber will
Authentication system
through RADIUS protocol.
RADIUS is a protocol standard used for the authentication,
authorization, and exchange of configuration data between the
Radius server and Radius client.
RADIUS adopts Client/Server mode.
responsible for sending subscriber information to specified
Radius server and carrying out operations according to the result
returned by the server.
Radius Authentication
subscriber connection request, verifying the subscriber identity,
and returning the configuration information required by the
customer. A Radius Authentication Server can serve as a
RADIUS customer
Authentication Server.
Radius Accounting Server is responsible for receiving the
subscriber billing start request and subscriber billing stop
request, and completing the billing function.
NAS communicates with Radius Server through RADIUS packets.
Attributes in RADIUS packets are used to transfer detailed
authentication,
Attributes used by this switch are primarily standard attributes
defined in rfc2865, rfc2866, and rfc2869.
EAP protocol is used between switch and subscriber.
types of identity authentication methods are provided between
the RADIUS servers: PAP,
methods can be used according to different service operation
requirements.
PAP is a simple plain text authentication mode.
subscriber to provide username and password and subscriber
returns subscriber information in the form of plain text.
checks whether this subscriber is available and whether
password is correct according to subscriber configuration and
returns different responses.
poor security and username and password transferred may be
easily stolen.
There are no such physical ports on
1x protocol sets up a local
CAR parameters,
authentication server will pass
be monitored by
communicates
Client runs on NAS.
Server is responsible
proxy to connect
authorization, and
CHAP, and EAP.
This authentication mode features
This
priority,
After authentication
Subsequent flow of
above parameters.
with RADIUS server
It is
for receiving
to another Radius
billing information.
Three
Any of the
NAS requires
Server
1x