Chapter 6 - authorization, Authorization, Table 6-1 authorization – Tut Systems SMS2000 User Manual

Authorization

TUT Systems, Inc

Page 57 of 104

P/N 220-06288-20

Chapter 6 - Authorization

Authorization entails determining if a particular user has permission to use a service.

Authorization

The SMS2000 is capable of performing authorization by using an external server (OCS
or RADIUS) or by using onboard groups and rules. For details about using the OCS for
Authorization, see the OCS User’s Guide. For more information on RADIUS, see
Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these
functions in various configurations are described below.

Authorization

Table 6-1 shows how authorization is performed with no external server, with RADIUS,
and with the OCS.

Table 6-1 Authorization

Server Functionality
With No External
Server

No user authentication is possible. Groups and rules can be used to
authorize subscribers based on their MAC address, VLAN ID, SNMP
information, IP address, or any combination of these. For more information
on using groups and rules, see Chapter 10, “Service Creation using Groups
and Rules.”

With RADIUS

Authorization follows authentication as it does on a standard network
access server (NAS). Parameters include static IP and bandwidth.

With OCS

The OCS provides enhanced authorization functions based on user name,
physical port, MAC address, and more. Parameters include Stat IP, auth
required, and bandwidth.