Chapter 3: Terminal Menu Operation and Structure
58 Express XL/XLT User Manual 61200.070L1-1
Radius Server/Retry Count
Write security: 1; Read security: 2
This is the number of times the Express XL/XLT should send a request packet
to the RADIUS server without a response before giving up. If the number of
attempts to communicate with the primary server is equal to the retry count,
the secondary server (if defined) is tried. If the secondary server does not re-
spond within the retry count, the PPP peer (or Telnet session) is not authenti-
cated and is dropped. The default is 5.
Security/PPP
Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods: PAP (Pass-
word Authentication Protocol), CHAP (Challenge Handshake Protocol) and
EAP (Extensible Authentication Protocol). The strength of the authentication
is determined in the order EAP, CHAP, followed by PAP, where EAP is the
strongest and PAP is the weakest. PAP is a clear-text protocol, which means
it is sent over the PPP link in a readable format. Care must be taken not to al-
low highly sensitive passwords to become compromised using this method.
CHAP and EAP use a one-way hashing algorithm which make it virtually im-
possible to determine the password. EAP has other capabilities which allow
more flexibility than CHAP.
The following selections are possible:
PAP, CHAP or EAP (def) - The Express XL/XLT will ask for EAP
during the first PPP LCP negotiation and allow the PPP peer to
negotiate down to CHAP or PAP.
CHAP or EAP - The Express XL/XLT will ask for EAP during the
first PPP LCP negotiation and allow the PPP peer to negotiate
down to CHAP but not PAP.
EAP - The Express XL/XLT will only allow EAP to be negotiated.
If the PPP peer is not capable of doing EAP, then the connection
will not succeed.