ADTRAN TA 544 user manual Security

Page 32

TA 544 User Manual/61200704L1-1A

Page 32 of 68

Security

This menu is used to set up the authentication parameters needed to authenticate PPP connection.

Authentication

The method used for authenticating the PPP peer is selected here. The possible values are:

NONE (DEF)

RADIUS

PPP

Radius Server

No attempt is made to authenticate the PPP peer.

The TA 544 will act as a RADIUS client and authenti- cate the PPP peer using the RADIUS server. The RA- DIUS server parameters must be set up properly for this to work.

The PPP profile is used to authenticate the PPP peer.

The parameters for the RADIUS server are configured in this menu. The RADIUS server can be used for authenticating a PPP peer (if defined under SECURITY/AUTHENTICATION) and for Telnet server ses- sions.

Primary Server

This is the IP address of the first RADIUS server that the TA 544 should attempt to communicate with when authenticating a PPP peer.

Secondary Server

This is the IP address of the back-up RADIUS server that the TA 544 should attempt to communicate with when the primary server does not respond.

UDP Port

This is the UDP port that the TA 544 should use when communicating with the RADIUS server. The default is 1645, which is the commonly used port.

Secret

The RADIUS server and TA 544 share this text string. It is used by the RADIUS sever to authenticate the TA 544, the RADIUS client. The factory default is not to use a secret.

Retry Count

This is the number of times the TA 544 should send a request packet to the RADIUS server without a response before giving up. If the number of attempts to communicate with the primary server is equal to the retry count, the secondary server (if defined) is tried. If the secondary server does not respond within the retry count, the PPP peer (or Telnet session) is not authenticated and is dropped. The default is 5.

PPP

The PPP peer can be authenticated using three standard methods:PAP (Password Authentication Proto- col), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP link in a readable format. Care must be taken not to allow highly sensitive passwords to become com- promised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually impossible to determine the password. EAP has other capabilities which allow more flexibility than CHAP.

TA 544 User Manual

© 2001, ADTRAN, Inc.

Image 32
Contents 1200704L1 4200704L3 Trademarks To the Holder of the ManualSafety Instructions Limited Product Warranty International Contact Information USA2001, ADTRAN, Inc Customer Service, Product Support Information, and Training Presales Inquiries and Applications SupportPost-Sale Support Repair and ReturnTraining Training 800 615-1176, extContents 2001, ADTRAN, Inc Figures 2001, ADTRAN, Inc Firmware Updates Terminal MenuVoice Over DSL Application Unpack and Inspect the Unit Mount the UnitSystem Info Bootcode Revision Part NumberSerial Number Firmware RevisionSystem Config Operating ModeNetwork Timing Mode Telnet AccessSnmp Menu Maint Port Menu Password ProtectInstructions for Changing Passwords Step Action Network Time Upgrade Firmware System UtilityConfig Transfer Ping Configuring WAN Settings ATM ConfigDslam Type Layer One InterfaceATM Stats Data ScramblingAP Receive Cell Errors AP Rx CellsAP Rx OAM Cells AP Receive Cells DiscardedDSL Rate Config Configuring the Router Configuration GlobalUse this menu to enter static routes to other networks Bridge Security Ethernet Ethernet MenuMAC Address WAN This is the network mask used for this interface Use this menu to configure IP settings When set to Y ES, only IP RIP updates are sent All incoming packets from the WAN are not Configuring the Router Status SessionARP cache Bridge TableConfiguring the Router Logs Network Log WrapView ClearConfiguring Voice Support Config Call ControlConfiguring Voice Support Status Gateway StatsPVC Stats Voice StatsManaging the Modules Modules Modules TableMode Managing the Modules V.35 SetupConfiguration Following settings are used for FRF5 Following settings are used for FRF8 Appendix A. Specifications and Features Network InterfaceATM Support Isdn InterfacesSecurity Features PowerManagement Options Serial DataPress Enter until a menu appears Appendix B. Updating TA 544 Firmware using XmodemUpdating Firmware via a Forced Download Updating Firmware via the Console Menus 2001, ADTRAN, Inc Appendix C. Updating TA 544 Firmware using Tftp Message Meaning Message Meaning Enu Path Left Pane Status Bar Ode Avigation H elpWindow Pane Navigation Right Window Pane NotationAdditional Terminal Menu Window Features Navigating Using the Keyboard KeysSession Management Keystrokes Getting Help Application Diagram Voice Turn Up Step Action Appendix F. RFC1483 Quick Start IP Routing WAN Appendix G. RFC1483 Quick Start IP Routing with NAT OptionsAppendix H. RFC1483 Quick Start Bridging Bridging Step ActionAppendix I. PPPoA Quick Start Guide