ZyXEL Communications 2 Plus 16.1 Authentication Server Overview, 16.1.2 RADIUS, 16.1.1 Local User Database, 16.1.3 Types of RADIUS Messages

Authentication Server

This chapter discusses how to configure the ZyWALL’s authentication server feature.

16.1 Authentication Server Overview

A ZyWALL set to be a VPN extended authentication server can use either the local user database internal to the ZyWALL or an external RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) server for an unlimited number of users. The ZyWALL uses the same local user database for VPN extended authentication.

16.1.1 Local User Database

By storing user profiles locally on the ZyWALL, your ZyWALL is able to authenticate users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.

16.1.2 RADIUS

The ZyWALL can use a RADIUS server to authenticate an unlimited number of users. RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:

•Authentication

Determines the identity of the users.

•Authorization

Determines the network services available to authenticated users once they are connected to the network.

•Accounting

Keeps track of the client’s network activity.

RADIUS is a simple package exchange in which the ZyWALL acts as a message relay between the client and the network RADIUS server.

16.1.3 Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the ZyWALL and the RADIUS server for user authentication:

• Access-Request

	323
ZyWALL 2 Plus User’s Guide	323