Filter
Top Products
4-70 MAX 6000/3000 Network Configuration Guide
Configuring Individual WAN Connections
Configuring bidirectional CHAP support
Consider the network in Figure 4-11:
Figure 4-11. Multiprovider network
During an outgoing call with bidirectional authentication, the MAX unit first recovers the
dialout profile. Once the call is brought up, the MAX unit needs to authenticate the called
party, in this case a Pipeline unit. The authentication decision must be made by the ISP’s
RADIUS server, requiring a second RADIUS lookup.
How to configure double RADIUS lookups
When you set up double RADIUS lookups, the dialout profile is split into two profiles—the
first-tier dialout profile and the second-tier user profile. The dialout profile contains all dialout
parameters needed to establish the outgoing call, and the user profile contains information for
authenticating the called device.
Consider the following first-tier dialout profile, configured for bidirectional CHAP
authentication:
pipe-pat-outUser-Password="ascend"
Service-Type=Outbound-User,
Framed-Protocol=PPP,
Framed-IP-Address=10.4.8.8,
Pipeline unit
MAX unit
Proxy
RADIUS
Ethernet PRI BRI
RADIUS
server #1
RADIUS
server #2
RADIUS
server #3
PSTN
ISP #1
ISP #2
ISP #3