Radius Authentication Validity; Radius Server Timeout - Teledyne QMultiFlex-400 Installation And Operating Handbook

QMultiFlex-400™ Installation and Operating Handbook
The standard RADIUS Access-Accept response from the RADIUS server
can have an optional field added to it in order to distinguish between
administrator and view-only user login authorisation. This involves the
addition of a vendor-specific attribute using an SMI network management
private enterprise code of 64534 (to denote Teledyne Paradise Datacom),
which is one of a range reserved for private use. A vendor-specific attribute
named 'Access-Level' is used, where a value of 0 equates to 'Modem
Administrator' and a value of 1 equates to 'Modem User' (view-only). If the
modem receives an Access-Accept response with no Access-Level
attribute, or with an Access-Level value that is not supported, then the
modem will default to administrator access being granted. The full
specification of this attribute of the Access-Accept response is as follows:

6.2.11.4 RADIUS Authentication Validity

Range: 5 to 60 minutes; step size: 1 minute
Description: Controls the period between automatic re-authentication of the
connection to the RADIUS server. This is done in the background and no
user intervention is necessary unless the connection to the RADIUS
server has failed, when the user may be prompted to log in again using
the fallback RADIUS server (or standard modem log in if no RADIUS
server is available).

6.2.11.5 RADIUS Server Timeout

Range: 1 to 60 seconds; step size: 1 second
Description: Controls the timeout when connecting to the RADIUS server. Two
attempts will be made before reverting to use the fallback RADIUS
server. If the fallback server connection attempts also fail then, the user
will be presented with the standard (non-RADIUS) login prompt.
a. Type: (one byte) value 0x1A - indicates a vendor-specific
attribute.
b. Length: (one byte) value 0x09 – indicates the entire
vendor-specific attribute field is nine bytes in length.
c. Vendor ID: (four bytes) 0x0000FC16 – indicates Paradise
private-use.
d. Vendor type: (one byte) value 0x01 – indicates the
vendor-specific attribute is 'Access-Level'.
e. Vendor length: (one byte) value 0x03 – indicates the
remainder of the vendor-specific attribute field following
the Vendor ID is three bytes in length.
f. Vendor data: (one byte) value 0='Modem Administrator';
value 1='Modem User' – indicates the authorised login
access level.
Table 6-30 RADIUS Authentication Validity
Table 6-31 RADIUS Server Timeout
6-35