ADTRAN L128 User Manual

Chapter 3: Terminal Menu Operation and Structure

58

Express L128/L128T User Manual

61202.070L1-1

Radius Server/Retry Count

Write security: 1; Read security: 2
This is the number of times the Express L128/L128T should send a request
packet to the RADIUS server without a response before giving up. If the num-
ber of attempts to communicate with the primary server is equal to the retry
count, the secondary server (if defined) is tried. If the secondary server does
not respond within the retry count, the PPP peer (or Telnet session) is not au-
thenticated and is dropped. The default is 5.

Security/PPP

Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods: PAP (Pass-
word Authentication Protocol), CHAP (Challenge Handshake Protocol) and
EAP (Extensible Authentication Protocol). The strength of the authentication
is determined in the order EAP, CHAP, followed by PAP, where EAP is the
strongest and PAP is the weakest. PAP is a clear-text protocol, which means
it is sent over the PPP link in a readable format. Care must be taken not to al-
low highly sensitive passwords to become compromised using this method.
CHAP and EAP use a one-way hashing algorithm which makes it virtually im-
possible to determine the password. EAP has other capabilities which allow
more flexibility than CHAP.

The following selections are possible:

PAP, CHAP, or EAP

(def) - The Express L128/L128T will ask for EAP

during the first PPP LCP negotiation and allow the PPP peer to

negotiate down to CHAP or PAP.

CHAP or EAP

- The Express L128/L128T will ask for EAP during the

first PPP LCP negotiation and allow the PPP peer to negotiate

down to CHAP but not PAP.

EAP

- The Express L128/L128T will only allow EAP to be negotiated.

If the PPP peer is not capable of doing EAP, then the connection

will not succeed.