TA 544 User Manual
© 2001, ADTRAN, Inc.
TA 544 User Manual/61200704L1-1A
Page 32 of 68
Security
This menu is used to set up the authentication parameters needed to authenticate PPP connection.
Authentication
The method used for authenticating the PPP peer is selected here. The possible values are:
Radius Server
The parameters for the RADIUS server are configured in this menu. The RADIUS server can be used
for authenticating a PPP peer (if defined under
S
ECURITY
/A
UTHENTICATION
) and for Telnet server ses-
sions.
Primary Server
This is the IP address of the first RADIUS server that theTA 544 should attempt to communicate with
when authenticating a PPP peer.
Secondary Server
This is the IP address of the back-up RADIUS server that theTA 544 should attempt to communicate
with when the primary server does not respond.
UDP Port
This is the UDP port that the TA 544 should use when communicating with the RADIUS server. The
default is 1645, which is the commonly used port.
Secret
The RADIUS server and TA 544 share this text string. It is used by the RADIUS sever to authenticate
the TA 544, the RADIUS client. The factory default is not to use a secret.
Retry Count
This is the number of times the TA 544 should send a request packet to the RADIUS server without a
response before giving up. If the number of attempts to communicate with the primary server is equal
to the retry count, the secondary server (if defined) is tried. If the secondary server does not respond
within the retry count, the PPP peer (or Telnet session) is not authenticated and is dropped. The default
is 5.
PPP
The PPP peer can be authenticated using three standard methods:PAP (Password Authentication Proto-
col), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The
strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is
the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP
link in a readable format. Care must be taken not to allow highly sensitive passwords to become com-
promised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually
impossible to determine the password. EAP has other capabilities which allow more flexibility than
CHAP.
N
ONE
(
DEF
)
No attempt is made to authenticate the PPP peer.
R
ADIUS
The TA 544 will act as a RADIUS client and authenti-
cate the PPP peer using the RADIUS server. The RA-
DIUS server parameters must be set up properly for this
to work.
PPP
The PPP profile is used to authenticate the PPP peer.