Chapter 3: Terminal Menu Operation and Structure

Radius Server/Retry Count

Write security: 1; Read security: 2

This is the number of times the Express L128/L128T should send a request packet to the RADIUS server without a response before giving up. If the num- ber of attempts to communicate with the primary server is equal to the retry count, the secondary server (if defined) is tried. If the secondary server does not respond within the retry count, the PPP peer (or Telnet session) is not au- thenticated and is dropped. The default is 5.

Security/PPP

Write security: 1; Read security: 2

The PPP peer can be authenticated using three standard methods: PAP (Pass- word Authentication Protocol), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP link in a readable format. Care must be taken not to al- low highly sensitive passwords to become compromised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually im- possible to determine the password. EAP has other capabilities which allow more flexibility than CHAP.

The following selections are possible:

PAP, CHAP, or EAP (def) - The Express L128/L128T will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP or PAP.

CHAP or EAP - The Express L128/L128T will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP but not PAP.

EAP - The Express L128/L128T will only allow EAP to be negotiated. If the PPP peer is not capable of doing EAP, then the connection will not succeed.

58

Express L128/L128T User Manual

61202.070L1-1

Page 75
Image 75
ADTRAN L128T user manual Radius Server/Retry Count, Security/PPP