ZyXEL Communications ISG50 User Manual
ISG50 User’s Guide
631
C
H A P T E R
4 8
AAA Server
48.1 Overview
You can use a AAA (Authentication, Authorization, Accounting) server to provide access control to
your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA
Server screens to create and manage objects that contain settings for using AAA servers. You use
AAA server objects in configuring ext-group-user user objects and authentication method objects
(see
your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA
Server screens to create and manage objects that contain settings for using AAA servers. You use
AAA server objects in configuring ext-group-user user objects and authentication method objects
(see
).
48.1.1 Directory Service (AD/LDAP)
LDAP/AD allows a client (the ISG50) to connect to a server to retrieve information from a directory.
A network example is shown next.
A network example is shown next.
Figure 420
Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
1
A user logs in with a user name and password pair.
2
The ISG50 tries to bind (or log in) to the LDAP/AD server.
3
When the binding process is successful, the ISG50 checks the user information in the directory
against the user name and password pair.
against the user name and password pair.
4
If it matches, the user is allowed access. Otherwise, access is blocked.
48.1.2 RADIUS Server
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to
authenticate users by means of an external server instead of (or in addition to) an internal device
authenticate users by means of an external server instead of (or in addition to) an internal device
ISG