Nortel Networks NTRN10AN, 3500 manual Time s Server, ’Access-Request’

2-126Operation, administration, and maintenance (OAM) features

•The minimum timeout is one second. However, the minimum timeout per request is also one second. So it will take at most three seconds for RADIUS authentication to complete for each server.

’Access-Request’

When a network processor is configured to use RADIUS, all users of that network processor or the network element must present authentication information to the network processor. Once the network processor has obtained such information, it will create an "Access-Request" if the authentication mode was provisioned as Centralized. The network processor acting as the RADIUS gateway sends the following four parameters to the RADIUS server:

•NAS IDENTIFIER. This is the TID of the network element or network processor a user is trying to log into.

•NAS IP ADDRESS. This is the IP address of the network processor serving as the RADIUS gateway.

•user ID

•password (encrypted)

The password is encrypted through a server shared secret. The server shared secret is the key for decrypting the password, and must be provisioned separately on the network processor (through Site Manager or TL1) and on the RADIUS server.

Note 1: The user need only provide a user name and password. See Password management on page 2-135for information on password restrictions.

Note 2: There is no requirement for the user account of the RADIUS server to exist on any of the network elements or network processor.

Note 3: The server shared secret can be between 8 and 20 alphanumeric characters. To maintain case sensitivity when you provision the secret through TL1, you must enclose the secret in double quotes (“). The double quotes are not included in the length of the secret.

OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004