Bay Networks Radius Bedienungsanleitung Seite 7

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 10
  • Inhaltsverzeichnis
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 6
Following authentication in the AAA
transaction is authorization.Along with the
authentication information that the user
includes as part of a
RADIUS request,the
RAS also passes information about the type
of connection the user is trying to establish.
The
RADIUS server uses this information
either to further authorize the user and issue
an accept,or to deny access based upon
disallowed conditions and issue a reject.
Authorization is controlled by the users
profile residing in the
RADIUS server’s data-
base.Each profile lists two types of
RADIUS-
standard attributes:check-list attributes and
return-list attributes.Vendor-Specific
Attributes are commonly used variants of
RADIUS-standard check-list and return-list
attributes and represent proprietary vendor
extensions to the
RADIUS protocol.
Check-list Attributes
Check-list attributes define a set of require-
ments for the connection.During the
authentication transaction,the
RAS must
send attributes to the
RADIUS server that
match the check-list; if they don’t match,the
RADIUS server will issue a reject even if the
user can be authenticated.By including
appropriate attributes in the check-list,a
variety of rules could be enforced.For exam-
ple,only certain users might be permitted
to either use
ISDN connections,or to dial in
to a particular
RAS.Or,Caller ID could be
used to validate a user against a list of legal,
originating phone numbers.
Return-list Attributes
Return-list attributes are attributes that the
RADIUS server sends back to the RAS once
authentication is successful.The return-list
defines additional parameters that the
RAS
should assign to the connection,typically as
part of
PPP negotiations.
For example,specific users could be
assigned either a particular
IP addresses,an
IP address from a dynamically allocated pool
of
IP addresses,or IPX network numbers.
Other attributes could include
IP header
compression enabling/disabling,or a time
limit could be assigned to the connection.
Vendor-Specific Attributes
A
RADIUS server may use Dictionary files
to establish vendor-specific check-list and
return list attribute values in environments
where the remote access equipment is
from a variety of vendors.The Dictionary file
contains vendor-specific,proprietary items
which may be set for a particular vendor’s
RAS equipment.The RADIUS server differ-
entiates between various vendors
RAS
equipment.Its Dictionary files provide
communications between various makes
of remote access servers.This provides an
open and adaptive solution,embracing
whatever
RAS products the subscriber has
implemented,while allowing the subscriber
to fulfill application needs where the
RADIUS
standard does not yet provide coverage.
RADIUS Authorization
3Com
ACC
ADC Kentrox
Ascend
Bay Networks
Check Point
Cisco
Compatible Systems
Digi International
DEC
Gandalf
IBM
Lantronix
LeeMah
Livingston
Motorola
Kasten Chase
Penril
Perle
Raptor Systems
Secure Computing
Shiva
US Robotics
Xyplex
Table 1 Vendors Supporting RADIUS
Table 1: RADIUS provides full support to remote
access equipment from vendors which conform
to the RADIUS standard.
6 White Paper RADIUS Security Technology
Seitenansicht 6
1 2 3 4 5 6 7 8 9 10

Kommentare zu diesen Handbüchern

Keine Kommentare