To Next Page

To Previous Page

Chapter4ServiceConguration

lTheauthenticationsystemisgenerallynetworkequipmentthatsupportsthe

IEEE802.1xprotocol,forexample,theswitch.Correspondingtotheportsofdifferent

subscribers(theportscouldbephysicalportsorMACaddress,VLAN,orIPaddress

oftheuserequipment),theauthenticationsystemhastwologicalports:controlled

portanduncontrolledport.

1.Theuncontrolledportisalwaysinthestatethatthebidirectionalconnectionsare

available.ItisusedtotransfertheEAPOLframesandcanensurethattheclient

canalwayssendorreceivetheauthentication.

2.Thecontrolportisenabledonlywhentheauthenticationispassed.Itisusedto

transferthenetworkresourceandservices.Thecontrolledportcanbecongured

asbidirectionalcontrolledorinputcontrolledtomeettherequirementofdifferent

applications.Ifthesubscriberauthenticationisnotpassed,thissubscribercannot

visittheservicesprovidedbytheauthenticationsystem.

3.ThecontrolledportanduncontrolledportintheIEEE802.1xprotocolarelogical

ports.Therearenosuchphysicalportsontheequipment.TheIEEE802.1x

protocolsetsupalocalauthenticationforeachsubscriberthatothersubscribers

cannotuse.Thus,therewillnotbesuchaproblemthattheportisusedbyother

subscribersaftertheportisenabled.

lTheauthenticationserverisgenerallyaRADIUSserver.Thisservercanstorea

lotofsubscriberinformation,suchasVLANthatthesubscriberbelongsto,CAR

parameters,priority,subscriberaccesscontrollist,andsoon.Aftertheauthentication

ofasubscriberispassed,theauthenticationserverwillpasstheinformationof

thissubscribertotheauthenticationsystem,whichwillcreateadynamicaccess

controllist.Thesubsequentowofthesubscriberwillbemonitoredbytheabove

parameters.TheauthenticationsystemcommunicateswiththeRADIUSserver

throughtheRADIUSprotocol.

RADIUSisaprotocolstandardusedfortheauthentication,authorization,andexchange

ofcongurationdatabetweentheRadiusserverandRadiusclient.

RADIUSadoptstheClient/Servermode.TheClientrunsontheNAS.Itisresponsible

forsendingthesubscriberinformationtothespeciedRadiusserverandcarryingout

operationsaccordingtotheresultreturnedbytheserver.

TheRadiusAuthenticationServerisresponsibleforreceivingthesubscriberconnection

request,verifyingthesubscriberidentity,andreturningthecongurationinformation

requiredbythecustomer.ARadiusAuthenticationServercanserveasaRADIUS

customerproxytoconnecttoanotherRadiusAuthenticationServer.

TheRadiusAccountingServerisresponsibleforreceivingthesubscriberbillingstart

requestandsubscriberbillingstoprequest,andcompletingthebillingfunction.

TheNAScommunicateswiththeRadiusServerthroughRADIUSpackets.Attributesinthe

RADIUSpacketsareusedtotransferthedetailedauthentication,authorization,andbilling

information.Theattributesusedbythisswitchareprimarilystandardattributesdenedin

therfc2865,rfc2866,andrfc2869.

TheEAPprotocolisusedbetweentheswitchandthesubscriber.Threetypesofidentity

authenticationmethodsareprovidedbetweentheRADIUSservers:PAP ,CHAP,and

4-67

SJ-20120409144109-002|2012-07-02(R1.0)ZTEProprietaryandCondential

Model	ZXR10 2952E
Category	Switch
Jumbo Frame	9K
Weight	4.5 kg
Storage Temperature	-40°C to 70°C
Operating Humidity	10% to 90% non-condensing
Storage Humidity	5% to 95% non-condensing
Dimensions	440 mm x 44 mm x 300 mm
Power Supply	AC 100-240V, 50/60Hz
VLAN	4K VLAN
Operating Temperature	0°C to 45°C

Zte ZXR10 2952E User Manual

Table of Contents

Questions and Answers:

Zte ZXR10 2952E Specifications

Related product manuals