Tut Systems SMS2000 Switch User Manual


 
Authorization
TUT Systems, Inc Page 57 of 104 P/N 220-06288-20
Chapter 6 - Authorization
Authorization entails determining if a particular user has permission to use a service.
Authorization
The SMS2000 is capable of performing authorization by using an external server (OCS
or RADIUS) or by using onboard groups and rules. For details about using the OCS for
Authorization, see the OCS User’s Guide. For more information on RADIUS, see
Chapter 13, “Using SMS2000 with a RADIUS Server.” Scenarios for performing these
functions in various configurations are described below.
Authorization
Table 6-1 shows how authorization is performed with no external server, with RADIUS,
and with the OCS.
Table 6-1 Authorization
Server Functionality
With No External
Server
No user authentication is possible. Groups and rules can be used to
authorize subscribers based on their MAC address, VLAN ID, SNMP
information, IP address, or any combination of these. For more information
on using groups and rules, see Chapter 10, “Service Creation using Groups
and Rules.”
With RADIUS
Authorization follows authentication as it does on a standard network
access server (NAS). Parameters include static IP and bandwidth.
With OCS
The OCS provides enhanced authorization functions based on user name,
physical port, MAC address, and more. Parameters include Stat IP, auth
required, and bandwidth.