ZyXEL Communications 2 Plus User Manual

ZyWALL 2 Plus User’s Guide

This chapter discusses how to configure the ZyWALL’s authentication server feature.

A ZyWALL set to be a VPN extended authentication server can use either the local user 
database internal to the ZyWALL or an external RADIUS (Remote Authentication Dial In 
User Service, RFC 2138, 2139) server for an unlimited number of users. The ZyWALL uses 
the same local user database for VPN extended authentication.

By storing user profiles locally on the ZyWALL, your ZyWALL is able to authenticate users 
without interacting with a network RADIUS server. However, there is a limit on the number of 
users you may authenticate in this way.

The ZyWALL can use a RADIUS server to authenticate an unlimited number of users. 
RADIUS is based on a client-server model that supports authentication, authorization and 
accounting. The access point is the client and the server is the RADIUS server. The RADIUS 
server handles the following tasks:

• Authentication 

Determines the identity of the users.

• Authorization

Determines the network services available to authenticated users once they are connected 
to the network.

• Accounting

Keeps track of the client’s network activity. 

RADIUS is a simple package exchange in which the ZyWALL acts as a message relay 
between the client and the network RADIUS server. 

The following types of RADIUS messages are exchanged between the ZyWALL and the 
RADIUS server for user authentication:

• Access-Request