Operation, administration, and maintenance (OAM) features 2-127

The Access-Request is submitted to the RADIUS server through the network. If no response is returned within a length of time, the request is re-sent a number of times.

Once the RADIUS server receives the request, it validates the sending network processor. If the network processor is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user entry in the database contains a list of requirements which must be met to allow access for the user.

’Access-Reject’

If any condition is not met, the RADIUS server sends an "Access-Reject" response indicating that this user request is invalid.

’Access-Accept’

Transactions between the network processor and RADIUS server are authenticated through the use of a server shared secret. Users must provision on the RADIUS server, the user’s UPC level (OM3000_UPC) and the idle time out period (Idle-Timeout). These values are returned to the gateway network processor, which is then forwarded to the network element, in the Access-Accept message from the RADIUS server. At this point, the user is granted access to the network element or network processor.

There is one RADIUS shared secret that is separately provisionable: the server shared secret. The user enters a user name and password, and the RADIUS protocol authenticates.

Users are able to provision on the NPx:

a primary RADIUS server’s IP address and port number (on the gateway network processor)

a secondary RADIUS server’s IP address and port number (on the gateway network processor)

the primary and secondary server shared secret (on the gateway network processor)

timeout period for each RADIUS server (on the gateway network processor)

state of the RADIUS feature (enabled / disabled) (on the gateway network processor)

— RADIUS feature must be enabled prior to enabling CSA feature.

state of the CSA feature (enabled / disabled) (on the gateway network processor and the network element)

alternate login method on the gateway network processor

Planning and Ordering Guide—Part 1 of 2 NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004

Page 164 Page 166
Page 165
Image 165
Nortel Networks 3500, NTRN10AN manual ’Access-Reject’, ’Access-Accept’
Page 164 Page 166
Top Page Image Contents