Table of Contents
Advertisement
2
3
4
5
6
7
Configuring bidirectional CHAP in RADIUS
The following sections describe how to configure bidirectional CHAP in RADIUS. You can
use one of the following configurations:
•
•
•
•
Setting up bidirectional CHAP in RADIUS for incoming calls
You can configure selective bidirectional authentication by using CLID or DNIS
pre-authentication in a pseudo-user profile, and then specifying two passwords in the user
profile.
In the pseudo-user profile, specify CLID or DNIS authentication, and then set the
Ascend-Bi-Directional-Auth attribute to Bi-Directional-Auth-Allowed or
Bi-Directional-Auth-Required:
•
•
In the following pseudo-user profile, bidirectional authentication is required:
111886067 User-Password="Ascend-CLID", Service-Type=Framed-User
MAX 6000/3000 Network Configuration Guide
Set the Send Auth parameter to CHAP, MS-CHAP, or Cache-Token. If you specify any
other mode, bidirectional authentication does not take place, even if Bi-Dir Auth is set to
Allowed or Required.
Set the Bi-Dir Auth parameter to Required or Allowed. Required specifies that
bidirectional authentication must be carried out or the call is dropped. Allowed specifies
that authentication can be bidirectional. The MAX unit identifies the called device, and
the called device can identify the MAX unit, but the called device need not do so for the
call to be accepted.
Set the Send PW parameter to a text string specifying the password sent to the called
device during the authentication initiated by the MAX unit.
Set the Recv PW parameter to a text string specifying the password sent by the called unit
during the authentication initiated by the called unit.
Set the Recv Name parameter to a text string. The MAX compares the called party's name
against the value you specify. If the called party's name is different, the MAX tears down
the call. If you do not specify a value for Recv Name, the called party's name is compared
against the dialout profile name.
Exit the profile and, at the exit prompt, select the exit and accept option.
Setting up bidirectional CHAP for incoming calls
Setting up bidirectional CHAP for outgoing calls
Setting up selective bidirectional CHAP with callback
Setting up bidirectional CHAP for double RADIUS lookups in multiprovider networks
Bi-Directional-Auth-Allowed specifies that authentication can be bidirectional. The MAX
unit identifies the calling device. The system also allows the calling device to authenticate
the MAX unit, but this authentication is not mandatory. Therefore, if the calling device
does not authenticate the MAX unit, the MAX unit can still accept the call.
Bi-Directional-Auth-Required specifies that authentication must be bidirectional.
Ascend-Require-Auth=Require-Auth,
Ascend-Auth-Type=Auth-CHAP,
Ascend-Send-Auth=Send-Auth-CHAP,
Configuring Individual WAN Connections
Configuring bidirectional CHAP support
4-67
Advertisement
Chapters
Table of Contents
