Lucent Technologies 6000 Network Router User Manual


  Open as PDF
of 586
 
Configuring Individual WAN Connections
Configuring bidirectional CHAP support
MAX 6000/3000 Network Configuration Guide 4-71
Framed-IP-Netmask=255.255.255.0,
Ascend-Dial-Number=90492386067,
Ascend-Data-Svc=Switched-64K,
Ascend-Send-Auth=Send-Auth-CHAP,
Ascend-Send-Secret="passin",
Ascend-Bi-Directional-Auth=Bi-Directional-Auth-Required,
Ascend-Recv-Name="pipe-pat",
Ascend-Route-IP=1
To enforce the second RADIUS lookup, the dialout profile name (pipe-pat-out in this
example) must be different from the name of the called device in the user profile. The
Ascend-Recv-Name attribute specifies the name of the called device, in this case pipe-pat.
In the following second-tier user profile, called partys name is pipe-pat and the
receive-password is pass.
pipe-patUser-Password="pass"
Service-Type=Outbound-User,
Ascend-Route-IP=1"
You can disable the double RADIUS lookup by naming the dialout profile with the peers
name and by omitting the Ascend-Recv-Name attribute. Use the User-Name attribute to
rename the profile (in this case to pipe-pat):
pipe-pat-outUser-Password="ascend"
User-Name="pipe-pat",
Service-Type=Outbound-User,
Framed-Protocol=PPP,
Framed-IP-Address=10.4.8.8,
Framed-IP-Netmask=255.255.255.0,
Ascend-Dial-Number=90492386067,
Ascend-Data-Svc=Switched-64K,
Ascend-Send-Auth=Send-Auth-CHAP,
Ascend-Send-Secret="passin",
Ascend-Bi-Directional-Auth=Bi-Directional-Auth-Required,
Ascend-Receive-Secret="pass",
Ascend-Route-IP=1
Message sequence during an outgoing call using two RADIUS lookups
A call using two RADIUS lookups passes through the follow messaging sequence:
1 The MAX unit requests a dialout profile from RADIUS.
2 RADIUS sends the dialout profile to the MAX unit.
3 The MAX unit makes an ISDN call to the remote device.
4 The ISDN call is connected.
5 The MAX unit and the called party perform LCP exchanges.
6 The called party sends a challenge request to the MAX unit.
7 The MAX unit responds with a challenge response.
8 The called party informs the MAX unit about whether the first level of authentication has
been successful.
 previous next