Chapter 34 Object
ZyWALL ATP Series User’s Guide
646
Key
Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the Zyxel Device.
The key is not sent over the network. This key must be the same on the external authentication
server and the Zyxel Device.
Change of
Authorization
The external RADIUS server can change its authentication policy and send CoA (Change of
Authorization) or RADIUS Disconnect messages in order to terminate the subscriber’s service.
Select this option to allow the Zyxel Device to disconnect wireless clients based on the
information (such as client’s user name and MAC address) specified in CoA or RADIUS
Disconnect messages sent by the RADIUS server.
Server Address
Enter the IP address or Fully-Qualified Domain Name (FQDN) of the RADIUS accounting server.
Accounting Port
Specify the port number on the RADIUS server to which the Zyxel Device sends accounting
information. Enter a number between 1 and 65535.
Backup Server
Address
If the RADIUS server has a backup accounting server, enter its address here.
Backup
Accounting Port
Specify the port number on the RADIUS server to which the Zyxel Device sends accounting
information. Enter a number between 1 and 65535.
Key
Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the Zyxel Device.
The key is not sent over the network. This key must be the same on the external authentication
server and the Zyxel Device.
Maximum Retry
Count
At times the Zyxel Device may not be able to use the primary RADIUS accounting server.
Specify the number of times the Zyxel Device should reattempt to use the primary RADIUS
server before attempting to use the secondary RADIUS server. This also sets how many times the
Zyxel Device will attempt to use the secondary RADIUS server.
For example, you set this field to 3. If the Zyxel Device does not get a response from the primary
RADIUS server, it tries again up to three times. If there is no response, the Zyxel Device tries the
secondary RADIUS server up to three times.
If there is also no response from the secondary RADIUS server, the Zyxel Device stops
attempting to authenticate the subscriber. The subscriber will see a message that says the
RADIUS server was not found.
Enable
Accounting
Interim Update
This field is configurable only after you configure a RADIUS accounting server address. Select
this to have the Zyxel Device send subscriber status updates to the RADIUS server at the interval
you specify.
Interim Interval
Specify the time interval for how often the Zyxel Device is to send a subscriber status update to
the RADIUS server.
Timeout
Specify the timeout period (between 1 and 300 seconds) before the Zyxel Device disconnects
from the RADIUS server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the RADIUS server or the
RADIUS server is down.
NAS IP Address
Type the IP address of the NAS (Network Access Server).
NAS Identifier
If the RADIUS server requires the Zyxel Device to provide the Network Access Server identifier
attribute with a specific value, enter it here.
Case-sensitive
User Names
Select this if you want configure your username as case-sensitive.
Table 277 Configuration > Object > AAA Server > RADIUS > Add (continued)
LABEL
DESCRIPTION