Adtran 4110 Manual Do Utilizador
Chapter 3. Terminal Menu Operation and Structure
61200176L3-1
Express 4110/4120 User Manual
3-31
Radius Server/Retry Count
Write security: 1; Read security: 2
This is the number of times the Express 4110/4120 should send a request
packet to the RADIUS server without a response before giving up. If the
number of attempts to communicate with the primary server is equal to
the retry count, the secondary server (if defined) is tried. If the secondary
server does not respond within the retry count, the PPP peer (or Telnet
session) is not authenticated and is dropped. The default is 5.
packet to the RADIUS server without a response before giving up. If the
number of attempts to communicate with the primary server is equal to
the retry count, the secondary server (if defined) is tried. If the secondary
server does not respond within the retry count, the PPP peer (or Telnet
session) is not authenticated and is dropped. The default is 5.
Security/PPP
Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods: PAP
(Password Authentication Protocol), CHAP (Challenge Handshake Pro-
tocol) and EAP (Extensible Authentication Protocol). The strength of the
authentication is determined in the order EAP, CHAP, followed by PAP,
where EAP is the strongest and PAP is the weakest. PAP is a clear-text
protocol, which means it is sent over the PPP link in a readable format.
Care must be taken not to allow highly sensitive passwords to become
compromised using this method. CHAP and EAP use a one-way hashing
algorithm which makes it virtually impossible to determine the pass-
word. EAP has other capabilities which allow more flexibility than
CHAP.
(Password Authentication Protocol), CHAP (Challenge Handshake Pro-
tocol) and EAP (Extensible Authentication Protocol). The strength of the
authentication is determined in the order EAP, CHAP, followed by PAP,
where EAP is the strongest and PAP is the weakest. PAP is a clear-text
protocol, which means it is sent over the PPP link in a readable format.
Care must be taken not to allow highly sensitive passwords to become
compromised using this method. CHAP and EAP use a one-way hashing
algorithm which makes it virtually impossible to determine the pass-
word. EAP has other capabilities which allow more flexibility than
CHAP.
The following selections are possible:
PAP, CHAP, or EAP
(def)
The Express 4110/4120 will ask for
EAP during the first PPP LCP negotiation
and allow the PPP peer to negotiate
down to CHAP or PAP.
EAP during the first PPP LCP negotiation
and allow the PPP peer to negotiate
down to CHAP or PAP.
CHAP or EAP
The Express 4110/4120 will ask for
EAP during the first PPP LCP negotiation
and allow the PPP peer to negotiate
down to CHAP but not PAP.
EAP during the first PPP LCP negotiation
and allow the PPP peer to negotiate
down to CHAP but not PAP.
EAP
The Express 4110/4120 will only
allow EAP to be negotiated. If the PPP
peer is not capable of doing EAP, then
the connection will not succeed.
allow EAP to be negotiated. If the PPP
peer is not capable of doing EAP, then
the connection will not succeed.