ADTRAN 1200070L1 User Manual

Chapter 3: Terminal Menu Operation and Structure

58

Express XL/XLT User Manual

61200.070L1-1

Radius Server/Retry Count

Write security: 1; Read security: 2
This is the number of times the Express XL/XLT should send a request packet
to the RADIUS server without a response before giving up. If the number of
attempts to communicate with the primary server is equal to the retry count,
the secondary server (if defined) is tried. If the secondary server does not re-
spond within the retry count, the PPP peer (or Telnet session) is not authenti-
cated and is dropped. The default is 5.

Security/PPP

Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods: PAP (Pass-
word Authentication Protocol), CHAP (Challenge Handshake Protocol) and
EAP (Extensible Authentication Protocol). The strength of the authentication
is determined in the order EAP, CHAP, followed by PAP, where EAP is the
strongest and PAP is the weakest. PAP is a clear-text protocol, which means
it is sent over the PPP link in a readable format. Care must be taken not to al-
low highly sensitive passwords to become compromised using this method.
CHAP and EAP use a one-way hashing algorithm which make it virtually im-
possible to determine the password. EAP has other capabilities which allow
more flexibility than CHAP.

The following selections are possible:

PAP, CHAP or EAP

(def) - The Express XL/XLT will ask for EAP

during the first PPP LCP negotiation and allow the PPP peer to

negotiate down to CHAP or PAP.

CHAP or EAP

- The Express XL/XLT will ask for EAP during the

first PPP LCP negotiation and allow the PPP peer to negotiate

down to CHAP but not PAP.

EAP

- The Express XL/XLT will only allow EAP to be negotiated.

If the PPP peer is not capable of doing EAP, then the connection

will not succeed.