TA 544 User Manual/61200704L1-1A

Page 32 of 68

Security

This menu is used to set up the authentication parameters needed to authenticate PPP connection.

Authentication

The method used for authenticating the PPP peer is selected here. The possible values are:

NONE (DEF)

RADIUS

PPP

Radius Server

No attempt is made to authenticate the PPP peer.

The TA 544 will act as a RADIUS client and authenti- cate the PPP peer using the RADIUS server. The RA- DIUS server parameters must be set up properly for this to work.

The PPP profile is used to authenticate the PPP peer.

The parameters for the RADIUS server are configured in this menu. The RADIUS server can be used for authenticating a PPP peer (if defined under SECURITY/AUTHENTICATION) and for Telnet server ses- sions.

Primary Server

This is the IP address of the first RADIUS server that the TA 544 should attempt to communicate with when authenticating a PPP peer.

Secondary Server

This is the IP address of the back-up RADIUS server that the TA 544 should attempt to communicate with when the primary server does not respond.

UDP Port

This is the UDP port that the TA 544 should use when communicating with the RADIUS server. The default is 1645, which is the commonly used port.

Secret

The RADIUS server and TA 544 share this text string. It is used by the RADIUS sever to authenticate the TA 544, the RADIUS client. The factory default is not to use a secret.

Retry Count

This is the number of times the TA 544 should send a request packet to the RADIUS server without a response before giving up. If the number of attempts to communicate with the primary server is equal to the retry count, the secondary server (if defined) is tried. If the secondary server does not respond within the retry count, the PPP peer (or Telnet session) is not authenticated and is dropped. The default is 5.

PPP

The PPP peer can be authenticated using three standard methods:PAP (Password Authentication Proto- col), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP link in a readable format. Care must be taken not to allow highly sensitive passwords to become com- promised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually impossible to determine the password. EAP has other capabilities which allow more flexibility than CHAP.

TA 544 User Manual

© 2001, ADTRAN, Inc.

Page 31 Page 33
Page 32
Image 32
ADTRAN TA 544 user manual Security
Page 31 Page 33
Top Page Image Contents