ADTRAN 600R Network Router User Manual


 
64200600L1#T-31A © 2002, ADTRAN, Inc. Page 35
Total Access 600R User Interface Guide (UIG)
Radius Server
The parameters for the RADIUS server are configured in this menu. The RADIUS server can be used
for authenticating a PPP peer (if defined under
S
ECURITY
/A
UTHENTICATION
) and for Telnet server ses-
sions.
PPP
The PPP peer can be authenticated using three standard methods: PAP (Password Authentication Proto-
col), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The
strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is
the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP
link in a readable format. Care must be taken not to allow highly sensitive passwords to become com-
promised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually
impossible to determine the password. EAP has other capabilities which allow more flexibility than
CHAP. The following selections are possible:
P
RIMARY
S
ERVER
This is the IP address of the first RADIUS server that the
Total Access 600R should attempt to communicate with when
authenticating a PPP peer. Default is
0.0.0.0
.
S
ECONDARY
S
ERVER
This is the IP address of the back-up RADIUS server that the 600R
should attempt to communicate with when the primary server does
not respond. Default is
0.0.0.0
.
UDP PORT
This is the UDP port that the 600R should use when communicating
with the RADIUS server. The default is
1645
, which is the commonly
used port.
S
ECRET
The RADIUS server and 600R share this text string. It is used by the
RADIUS sever to authenticate the 600R, the RADIUS client. The
factory default is not to use a secret.
R
ETRY
C
OUNT
(1-10)
This is the number of times the 600R should send a request packet to
the RADIUS server without a response before giving up. If the
number of attempts to communicate with the primary server is equal
to the retry count, the secondary server (if defined) is tried. If the
secondary server does not respond within the retry count, the PPP
peer (or Telnet session) is not authenticated and is dropped. The
default is
5
.
P
AP
, C
HAP
,
OR
E
AP
The 600R will ask for EAP during the first PPP LCP negotiation and
allow the PPP peer to negotiate down to CHAP or PAP.
C
HAP
OR
E
AP
(
DEF
)
The 600R will ask for EAP during the first PPP LCP negotiation and
allow the PPP peer to negotiate down to CHAP but not PAP.
E
AP
The 600R will only allow EAP to be negotiated. If the PPP peer is not
capable of doing EAP, then the connection will not succeed.