2 subscribers, 1 authentication options – QTECH SmartEdge 600 Configuration User Manual

Page 6

Advertising
background image

Configuring Authentication, Authorization, and Accounting

1.1.2

Subscribers

Authentication of Point-to-Point Protocol (PPP) subscribers now includes
support for IPv4, IPv6, and dual-stack subscribers. Dual-stack subscribers run
both IPv4 and IPv6. For information on IPv6 subscribers, refer to Configuring
IPv6 Subscriber Services. Authentication requests do not indicate if a session
is single or dual stack, but authentication responses do indicate.

An IPv6 subscriber must be authorized through AAA before PPP negotiates
connectivity and ND processes packets. If a protocol is not authorized, PPP
does not negotiate that protocol with a client, even when the PPP negotiation
process is initiated by a client.

1.1.2.1

Authentication Options

By default, operating system configuration authenticates the subscriber. You
can also authenticate subscribers through database records on a RADIUS
server.

When the IP address or hostname of the RADIUS server is configured in the
operating system local context, global RADIUS authentication is performed.
That is, although the subscribers are configured in a nonlocal context, they are
authenticated through the RADIUS server configured in the local context. With
global RADIUS authentication, the RADIUS server returns the Context-Name
vendor-specific attribute (VSA), indicating the name of the particular context to
which subscribers are bound.

When the IP address or the hostname of the RADIUS server is configured in a
context other than the local context, context-specific RADIUS authentication is
performed. This means that only subscribers bound to the context in which the
RADIUS server’s IP address or hostname is configured are authenticated.

You can also configure the router to authenticate through a RADIUS server
configured in the nonlocal context, and then through a RADIUS server
configured in the local context, if the previous server is unavailable; else,
proceed to router configuration.

AAA includes the following Layer 2 Tunneling Protocol (L2TP) attribute-value
pairs (AVPs), RADIUS standard attributes, and vendor-specific attributes
(VSAs) provided by Ericsson in RADIUS Access-Request messages for L2TP
network server (LNS) subscribers that are authenticated using RADIUS:

Tunnel-Client-Endpoint (66)

Tunnel-Server-Endpoint (67)

Acct-Tunnel-Connection (68)

Tunnel-Assignment-ID (82)

Tunnel-Client-Auth-ID (90)

2

61/1543-CRA 119 1170/1 Uen L

|

2012-12-04

Advertising
This manual is related to the following products:

SmartEdge 100 Configuration

Popular Brands
Popular manuals