ZyXEL Communications P-334WT Informations techniques télécharger pdf (Page 201)

● Using External RADIUS Authentication Server

In addition to the internal authentication server inside ZyXEL AP, you can use external RADIUS authentication server to centrally

manage the user account profile. RADIUS is based on a client-server model that supports authentication, authorization and accounting.

The wireless AP is the client and the server is the RADIUS server.

The authenticator includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication

Protocol (EAP) frames and interacting with the authentication server. When the authenticator receives EAPOL frames and relays them

to the authentication server, the Ethernet header is stripped and the remaining EAP frame is re-encapsulated in the RADIUS format.

The EAP frames are not modified or examined during encapsulation, and the authentication server must support EAP within the native

frame format. When the authenticator receives frames from the authentication server, the server’s frame header is removed, leaving the

EAP frame, which is then encapsulated for Ethernet and sent to the supplicant.

When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames between the supplicant

and the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch port becomes authorized.

The specific exchange of EAP frames depends on the authentication method being used. The figure below shows a message exchange

initiated by the client using the MD5 Challenge authentication method with a RADIUS server.

1 2 ... 196 197 198 199 200 201 202 203 204 205 206 ... 294 295

Pas de commentaire

ZyXEL Communications P-334WT Informations techniques Page 201