Lucent Technologies 6000 User Manual
Configuring Individual WAN Connections
Configuring bidirectional CHAP support
MAX 6000/3000 Network Configuration Guide
4-67
In the pseudo-user profile, specify CLID or DNIS authentication, and then set the
Ascend-Bi-Directional-Auth attribute to Bi-Directional-Auth-Allowed or
Bi-Directional-Auth-Required:
Ascend-Bi-Directional-Auth attribute to Bi-Directional-Auth-Allowed or
Bi-Directional-Auth-Required:
•
Bi-Directional-Auth-Allowed specifies that authentication can be bidirectional. The MAX
unit identifies the calling device. The system also allows the calling device to authenticate
the MAX unit, but this authentication is not mandatory. Therefore, if the calling device
does not authenticate the MAX unit, the MAX unit can still accept the call.
unit identifies the calling device. The system also allows the calling device to authenticate
the MAX unit, but this authentication is not mandatory. Therefore, if the calling device
does not authenticate the MAX unit, the MAX unit can still accept the call.
•
Bi-Directional-Auth-Required specifies that authentication must be bidirectional.
In the following pseudo-user profile, bidirectional authentication is required:
111886067 User-Password="Ascend-CLID", Service-Type=Framed-User
Ascend-Require-Auth=Require-Auth,
Ascend-Auth-Type=Auth-CHAP,
Ascend-Send-Auth=Send-Auth-CHAP,
Ascend-Bi-Directional-Auth=Bi-Directional-Auth-Required
In the user profile, Ascend-Send-Secret is set to the password sent to the called device during
the authentication initiated by the MAX unit:
the authentication initiated by the MAX unit:
Mike1
User-Password="passin"
Service-Type=Framed-User,
Ascend-Send-Secret="passout",
Framed-Protocol=PPP,
Framed-Address=111.5.1.1,
Framed-Netmask=255.255.255.255,
Ascend-Data-Svc=Switched-64K,
Ascend-Route-IP=Route-IP-Yes
Note that the Answer or Answer-Defaults profile must contain the desired bidirectional
authentication mode (None, Required, or Allowed). If CLID or DNIS pre-authentication is not
in use, the pseudo-user profile must be suppressed, and the second-tier user profile must
contain the Ascend-Bi-Directional-Auth attribute.
authentication mode (None, Required, or Allowed). If CLID or DNIS pre-authentication is not
in use, the pseudo-user profile must be suppressed, and the second-tier user profile must
contain the Ascend-Bi-Directional-Auth attribute.
Setting up bidirectional CHAP in RADIUS for outgoing calls
To configure a RADIUS dialout profile that makes use of bidirectional authentication, proceed
as follows:
as follows:
1
Set the User-Name parameter to the name of the called party, and User-Password to
ascend
ascend
.
2
Set the Ascend-Send-Auth parameter to Send-Auth-CHAP.
3
Set the Ascend-Send-Secret parameter to the text of the secret sent to the called device.
4
Set the Ascend-Receive Secret parameter to the text of the secret received from the called
device.
device.
5
Set the Ascend-Bi-Directional-Auth parameter to Bi-Directional-Auth-Allowed or
Bi-Directional-Auth-Required.
Bi-Directional-Auth-Required.
6
Set the Ascend-Recv-Name parameter to the name of the called party.
For example: