9 802.1x overview, 1 introduction to radius, 1 types of radius messages – ZyXEL Communications 5 Series User Manual

ZyWALL 5/35/70 Series User’s Guide

200

Chapter 10 Wireless LAN

10.9 802.1x Overview

The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using the local
user database internal to the ZyWALL (authenticate up to 32 users) or an external RADIUS
server for an unlimited number of users.

10.9.1 Introduction to RADIUS

A RADIUS (Remote Authentication Dial In User Service) server enables user authentication,
authorization and accounting. RADIUS is based on a client-sever model that supports
authentication and accounting, where access point is the client and the server is the RADIUS
server. The RADIUS server handles the following tasks among others:

• Authentication

Determines the identity of the users.

• Accounting

Keeps track of the client’s network activity.

RADIUS user is a simple package exchange in which your ZyWALL acts as a message relay
between the wireless station and the network RADIUS server. See RFC 2138 and RFC 2139
for more on RADIUS.

10.9.1.1 Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

• Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The
access point sends a proper response from the user and then sends another Access-
Request message.

The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:

• Accounting-Request