Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 626 / 944 Scroll up to view Page 621 - 625

Chapter 39 AAA Server

ZyWALL USG 50 User’s Guide

626

Timeout

Specify the timeout period (between 1 and 300 seconds) before the

ZyWALL disconnects from the RADIUS server. In this case, user

authentication fails.

Search timeout occurs when either the user information is not in the

RADIUS server or the RADIUS server is down.

Key

Enter a password (up to 15 alphanumeric characters) as the key to be

shared between the external authentication server and the ZyWALL.

The key is not sent over the network. This key must be the same on the

external authentication server and the ZyWALL.

Group

Membership

Attribute

A RADIUS server defines attributes for its accounts. Select the name and

number of the attribute that the ZyWALL is to check to determine to

which group a user belongs. If it does not display, select user-defined

and specify the attribute’s number.

This attribute’s value is called a group identifier; it determines to which

group a user belongs. You can add

ext-group-user

user objects to

identify groups based on these group identifier values.

For example you could have an attribute named “memberOf” with values

like “sales”, “RD”, and “management”. Then you could also create a

ext-

group-user

user object for each group. One with “sales” as the group

identifier, another for “RD” and a third for “management”.

OK

Click

OK

to save the changes.

Cancel

Click

Cancel

to discard the changes.

Table 193

Configuration > Object > AAA Server > RADIUS > Add (continued)

LABEL

DESCRIPTION

Page 627 / 944

ZyWALL USG 50 User’s Guide

627

C

HAPTER

40

Authentication Method

40.1

Overview

Authentication method objects set how the ZyWALL authenticates wireless, HTTP/

HTTPS clients, and peer IPSec routers (extended authentication) clients. Configure

authentication method objects to have the ZyWALL use the local user database,

and/or the authentication servers and authentication server groups specified by

AAA server objects. By default, user accounts created and stored on the ZyWALL

are authenticated locally.

40.1.1

What You Can Do in this Chapter

•

Use the

Configuration > Object > Auth. Method

screens (

Section 40.2 on

page 628

) to create and manage authentication method objects.

Finding Out More

See

Section 7.5.3 on page 124

for an example of how to set up user

authentication using a radius server.

40.1.2

Before You Begin

Configure AAA server objects (see

Chapter 39 on page 617

) before you configure

authentication method objects.

40.1.3

Example: Selecting a VPN Authentication Method

After you set up an authentication method object in the

Auth. Method

screens,

you can use it in the

VPN Gateway

screen to authenticate VPN users for

establishing a VPN connection. Refer to the chapter on VPN for more information.

Follow the steps below to specify the authentication method for a VPN connection.

1

Access the

Configuration > VPN > IPSec VPN > VPN Gateway

>

Edit

screen.

2

Click

Show Advance Setting

and select

Enable Extended Authentication

.

Page 628 / 944

Chapter 40 Authentication Method

ZyWALL USG 50 User’s Guide

628

3

Select

Server Mode

and select an authentication method object from the drop-

down list box.

4

Click

OK

to save the settings.

Figure 361

Example: Using Authentication Method in VPN

40.2

Authentication Method Objects

Click

Configuration > Object > Auth. Method

to display the screen as shown.

Note: You can create up to 16 authentication method objects.

Figure 362

Configuration > Object > Auth. Method

The following table describes the labels in this screen.

Table 194

Configuration > Object > Auth. Method

LABEL

DESCRIPTION

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Object

References

Select an entry and click

Object Reference

s to open a screen that shows

which settings use the entry. See

Section 11.3.2 on page 230

for an

example.

#

This field displays the index number.

Method Name

This field displays a descriptive name for identification purposes.

Page 629 / 944

Chapter 40 Authentication Method

ZyWALL USG 50 User’s Guide

629

40.2.1

Creating an Authentication Method Object

Follow the steps below to create an authentication method object.

1

Click

Configuration > Object > Auth. Method

.

2

Click

Add

.

3

Specify a descriptive name for identification purposes in the

Name

field. You may

use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first

character cannot be a number. This value is case-sensitive. For example,

“My_Device”.

4

Click

Add

to insert an authentication method in the table.

5

Select a server object from the

Method List

drop-down list box.

6

You can add up to four server objects to the table. The ordering of the

Method

List

column is important. The ZyWALL authenticates the users using the

databases (in the local user database or the external authentication server) in the

order they appear in this screen.

If two accounts with the same username exist on two authentication servers you

specify, the ZyWALL does not continue the search on the second authentication

server when you enter the username and password that doesn’t match the one on

the first authentication server.

Note: You can NOT select two server objects of the same type.

Method List

This field displays the authentication method(s) for this entry.

Add icon

Click

Add

to add a new entry.

Click

Edit

to edit the settings of an entry.

Click

Delete

to remove an entry.

Table 194

Configuration > Object > Auth. Method (continued)

LABEL

DESCRIPTION

Page 630 / 944

Chapter 40 Authentication Method

ZyWALL USG 50 User’s Guide

630

7

Click

OK

to save the settings or click

Cancel

to discard all changes and return to

the previous screen.

Figure 363

Configuration > Object > Auth. Method > Add

The following table describes the labels in this screen.

Table 195

Configuration > Object > Auth. Method > Add

LABEL

DESCRIPTION

Name

Specify a descriptive name for identification purposes.

You may use 1-31 alphanumeric characters, underscores(_), or dashes

(-), but the first character cannot be a number. This value is case-

sensitive. For example, “My_Device”.

Add

Click this to create a new entry. Select an entry and click

Add

to create a

new entry after the selected entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Move

To change a method’s position in the numbered list, select the method

and click

Move

to display a field to type a number for where you want to

put it and press [ENTER] to move the rule to the number that you typed.

The ordering of your methods is important as ZyWALL authenticates the

users using the authentication methods in the order they appear in this

screen.

#

This field displays the index number.

Method List

Select a server object from the drop-down list box. You can create a

server object in the

AAA Server

screen (see

Chapter 39 on page 617

for

more information).

The ZyWALL authenticates the users using the databases (in the local

user database or the external authentication server) in the order they

appear in this screen.

If two accounts with the same username exist on two authentication

servers you specify, the ZyWALL does not continue the search on the

second authentication server when you enter the username and

password that doesn’t match the one on the first authentication server.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share