ZyXEL Communications 100 Series, 200 Series AAA Server, 39.1 Overview, 39.1.2RADIUS Server Overview, 39.1.1 Directory Service (AD/LDAP) Overview

39

AAA Server

39.1 Overview

You can use a AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA Server screens to create and manage objects that contain settings for using individual AAA servers or groups of AAA servers. You use AAA server objects in configuring authentication method objects (see Chapter 40 on page 635).

39.1.1 Directory Service (AD/LDAP) Overview

LDAP/AD allows a client (the ZyWALL) to connect to a server to retrieve information from a directory. A network example is shown next.

Figure 461 Example: Directory Service Client and Server

The following describes the user authentication procedure via an LDAP/AD server.

1A user logs in with a user name and password pair.

2The ZyWALL tries to bind (or log in) to the LDAP/AD server.

3When the binding process is successful, the ZyWALL checks the user information in the directory against the user name and password pair.

4If it matches, the user is allowed access. Otherwise, access is blocked.

39.1.2RADIUS Server Overview

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate a large number of users from a central location.