Zte ZXR10 2900E Series

To Next Page

To Previous Page

ZXR102900ESeriesCongurationGuide

physicalportsorMACaddress,VLAN,orIPaddressoftheuserequipment),the

authenticationsystemhastwologicalports:controlledportanduncontrolledport.

1.Theuncontrolledportisalwaysinthestatethatthebidirectionalconnectionsare

available.ItisusedtotransfertheEAPOLframesandcanensurethattheclient

canalwayssendorreceivetheauthentication.

2.Thecontrolportisenabledonlywhentheauthenticationispassed.Itisusedto

transferthenetworkresourceandservices.Thecontrolledportcanbecongured

asbidirectionalcontrolledorinputcontrolledtomeettherequirementofdifferent

applications.Ifthesubscriberauthenticationisnotpassed,thissubscribercannot

visittheservicesprovidedbytheauthenticationsystem.

3.ThecontrolledportanduncontrolledportintheIEEE802.1xprotocolarelogical

ports.Therearenosuchphysicalportsontheequipment.TheIEEE802.1x

protocolsetsupalocalauthenticationchannelforeachsubscriberandother

subscriberscannotuseit.Thus,preventingtheportfrombeingusedbyother

subscribersaftertheportisenabled.

lTheauthenticationserverisaRADIUSserver.Thisservercanstorealotof

subscriberinformation,suchastheVLANthatthesubscriberbelongsto,CAR

parameters,priority,andsubscriberaccesscontrollist.Aftertheauthentication

ofasubscriberispassed,theauthenticationserverwillpasstheinformationof

thissubscribertotheauthenticationsystem,whichwillcreateadynamicaccess

controllist.Thesubsequentowofthesubscriberwillbemonitoredbytheabove

parameters.TheauthenticationsystemcommunicateswiththeRADIUSserver

throughtheRADIUSprotocol.

RADIUSisaprotocolstandardusedfortheauthentication,authorization,andexchange

ofcongurationdatabetweentheRadiusserverandRadiusclient.

RADIUSusestheClient/Servermode.TheClientrunsontheNAS.Itisresponsible

forsendingthesubscriberinformationtothespeciedRadiusserverandcarryingout

operationsaccordingtotheresultreturnedbytheserver.

TheRadiusAuthenticationServerisresponsibleforreceivingthesubscriberconnection

request,verifyingthesubscriberidentity,andreturningthecongurationinformation

requiredbythecustomer.ARadiusAuthenticationServercanserveasaRADIUS

customerproxytoconnecttoanotherRadiusAuthenticationServer.

TheRadiusAccountingServerisresponsibleforreceivingthesubscriberbillingstart

requestandsubscriberbillingstoprequest,andcompletingthebillingfunction.

TheNAScommunicateswiththeRadiusServerthroughRADIUSpackets.Attributesin

theRADIUSpacketsareusedtotransferthedetailedauthentication,authorization,and

billinginformation.

TheEAPprotocolisusedbetweentheswitchandthesubscriber.Threetypesofidentity

authenticationmethodsareprovidedbetweentheRADIUSservers:PAP ,CHAP ,and

EAP-MD5.Anyofthemethodscanbeusedaccordingtodifferentserviceoperation

requirements.

lPasswordAuthenticationProtocol(PAP)

5-72

SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Main Page

Zte ZXR10 2900E Series - Page 120

Table of Contents

Other manuals for Zte ZXR10 2900E Series

Related product manuals