Zte ZXR10 2928E - Page 113

To Next Page

To Previous Page

Chapter4ServiceConguration

lTheauthenticationsystemisgenerallynetworkequipmentthatsupportsthe

IEEE802.1xprotocol,forexample,theswitch.Correspondingtotheportsofdifferent

subscribers(theportscouldbephysicalportsorMACaddress,VLAN,orIPaddress

oftheuserequipment),theauthenticationsystemhastwologicalports:controlled

portanduncontrolledport.

1.Theuncontrolledportisalwaysinthestatethatthebidirectionalconnectionsare

available.ItisusedtotransfertheEAPOLframesandcanensurethattheclient

canalwayssendorreceivetheauthentication.

2.Thecontrolportisenabledonlywhentheauthenticationispassed.Itisusedto

transferthenetworkresourceandservices.Thecontrolledportcanbecongured

asbidirectionalcontrolledorinputcontrolledtomeettherequirementofdifferent

applications.Ifthesubscriberauthenticationisnotpassed,thissubscribercannot

visittheservicesprovidedbytheauthenticationsystem.

3.ThecontrolledportanduncontrolledportintheIEEE802.1xprotocolarelogical

ports.Therearenosuchphysicalportsontheequipment.TheIEEE802.1x

protocolsetsupalocalauthenticationforeachsubscriberthatothersubscribers

cannotuse.Thus,therewillnotbesuchaproblemthattheportisusedbyother

subscribersaftertheportisenabled.

lTheauthenticationserverisgenerallyaRADIUSserver.Thisservercanstorea

lotofsubscriberinformation,suchasVLANthatthesubscriberbelongsto,CAR

parameters,priority,subscriberaccesscontrollist,andsoon.Aftertheauthentication

ofasubscriberispassed,theauthenticationserverwillpasstheinformationof

thissubscribertotheauthenticationsystem,whichwillcreateadynamicaccess

controllist.Thesubsequentowofthesubscriberwillbemonitoredbytheabove

parameters.TheauthenticationsystemcommunicateswiththeRADIUSserver

throughtheRADIUSprotocol.

RADIUSisaprotocolstandardusedfortheauthentication,authorization,andexchange

ofcongurationdatabetweentheRadiusserverandRadiusclient.

RADIUSadoptstheClient/Servermode.TheClientrunsontheNAS.Itisresponsible

forsendingthesubscriberinformationtothespeciedRadiusserverandcarryingout

operationsaccordingtotheresultreturnedbytheserver.

TheRadiusAuthenticationServerisresponsibleforreceivingthesubscriberconnection

request,verifyingthesubscriberidentity,andreturningthecongurationinformation

requiredbythecustomer.ARadiusAuthenticationServercanserveasaRADIUS

customerproxytoconnecttoanotherRadiusAuthenticationServer.

TheRadiusAccountingServerisresponsibleforreceivingthesubscriberbillingstart

requestandsubscriberbillingstoprequest,andcompletingthebillingfunction.

TheNAScommunicateswiththeRadiusServerthroughRADIUSpackets.Attributesinthe

RADIUSpacketsareusedtotransferthedetailedauthentication,authorization,andbilling

information.Theattributesusedbythisswitchareprimarilystandardattributesdenedin

therfc2865,rfc2866,andrfc2869.

TheEAPprotocolisusedbetweentheswitchandthesubscriber.Threetypesofidentity

authenticationmethodsareprovidedbetweentheRADIUSservers:PAP ,CHAP,and

4-67

SJ-20120409144109-002|2012-07-02(R1.0)ZTEProprietaryandCondential

Main Page

Zte ZXR10 2928E - Page 113

Table of Contents

Related product manuals