Zte ZXR10 5250 Series

To Next Page

To Previous Page

Chapter5ServiceConguration

lTheclientsystemisauserterminalsysteminstalledwiththeclientsoftware.A

subscriberoriginatestheIEEE802.1xprotocolauthenticationprocessthroughthis

clientsoftware.Tosupporttheport-basednetworkaccesscontrol,theclientsystem

mustsupporttheExtensibleAuthenticationProtocolOverLAN(EAPOL).

lTheauthenticationsystemisnetworkequipmentthatsupportstheIEEE802.1x

protocol.Correspondingtotheportsofdifferentsubscribers(theportscanbe

physicalportsorMACaddress,VLAN,orIPaddressoftheuserequipment),the

authenticationsystemhastwologicalports:controlledportanduncontrolledport.

1.Theuncontrolledportisalwaysinthestatethatthebidirectionalconnectionsare

available.ItisusedtotransfertheEAPOLframesandcanensurethattheclient

canalwayssendorreceivetheauthentication.

2.Thecontrolportisenabledonlywhentheauthenticationispassed.Itisusedto

transferthenetworkresourceandservices.Thecontrolledportcanbecongured

asbidirectionalcontrolledorinputcontrolledtomeettherequirementofdifferent

applications.Ifthesubscriberauthenticationisnotpassed,thissubscribercannot

visittheservicesprovidedbytheauthenticationsystem.

3.ThecontrolledportanduncontrolledportintheIEEE802.1xprotocolarelogical

ports.Therearenosuchphysicalportsontheequipment.TheIEEE802.1x

protocolsetsupalocalauthenticationchannelforeachsubscriberandother

subscriberscannotuseit.Thus,preventingtheportfrombeingusedbyother

subscribersaftertheportisenabled.

lTheauthenticationserverisaRADIUSserver.Thisservercanstorealotof

subscriberinformation,suchastheVLANthatthesubscriberbelongsto,CAR

parameters,priority,andsubscriberaccesscontrollist.Aftertheauthentication

ofasubscriberispassed,theauthenticationserverwillpasstheinformationof

thissubscribertotheauthenticationsystem,whichwillcreateadynamicaccess

controllist.Thesubsequentowofthesubscriberwillbemonitoredbytheabove

parameters.TheauthenticationsystemcommunicateswiththeRADIUSserver

throughtheRADIUSprotocol.

RADIUSisaprotocolstandardusedfortheauthentication,authorization,andexchange

ofcongurationdatabetweentheRadiusserverandRadiusclient.

RADIUSusestheClient/Servermode.TheClientrunsontheNAS.Itisresponsible

forsendingthesubscriberinformationtothespeciedRadiusserverandcarryingout

operationsaccordingtotheresultreturnedbytheserver.

TheRadiusAuthenticationServerisresponsibleforreceivingthesubscriberconnection

request,verifyingthesubscriberidentity,andreturningthecongurationinformation

requiredbythecustomer.ARadiusAuthenticationServercanserveasaRADIUS

customerproxytoconnecttoanotherRadiusAuthenticationServer.

TheRadiusAccountingServerisresponsibleforreceivingthesubscriberbillingstart

requestandsubscriberbillingstoprequest,andcompletingthebillingfunction.

TheNAScommunicateswiththeRadiusServerthroughRADIUSpackets.Attributesin

theRADIUSpacketsareusedtotransferthedetailedauthentication,authorization,and

billinginformation.

5-71

SJ-20131111172707-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Main Page

Zte ZXR10 5250 Series - Page 119

Table of Contents

Other manuals for Zte ZXR10 5250 Series

Related product manuals