ZyXEL Communications 2602HWNLI-D7A User Manual
Prestige 2602HWNLI-D7A Support Notes
All contents copyright (c) 2007 ZyXEL Communications Corporation.
118
Using External RADIUS Authentication Server
In addition to the internal authentication server inside ZyXEL AP, you can use external RADIUS authentication
server to centrally manage the user account profile. RADIUS is based on a client-server model that supports
authentication, authorization and accounting. The wireless AP is the client and the server is the RADIUS server.
authentication, authorization and accounting. The wireless AP is the client and the server is the RADIUS server.
The authenticator includes the RADIUS client, which is responsible for encapsulating and decapsulating the
Extensible Authentication Protocol (EAP) frames and interacting with the authentication server. When the
authenticator receives EAPOL frames and relays them to the authentication server, the Ethernet header is
stripped and the remaining EAP frame is re-encapsulated in the RADIUS format. The EAP frames are not
modified or examined during encapsulation, and the authentication server must support EAP within the native
frame format. When the authenticator receives frames from the authentication server, the server’s frame
authenticator receives EAPOL frames and relays them to the authentication server, the Ethernet header is
stripped and the remaining EAP frame is re-encapsulated in the RADIUS format. The EAP frames are not
modified or examined during encapsulation, and the authentication server must support EAP within the native
frame format. When the authenticator receives frames from the authentication server, the server’s frame
header is removed, leaving the EAP frame, which is then encapsulated for Ethernet and sent to the supplicant.
When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames
When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames