Section 3, Configuration
MX2800 M13 Multiplexer User Manual
Usernames and passwords stored in the local user database are each limited to 11 ASCII characters.
Usernames and passwords authenticated via RADIUS may each have up to 63 ASCII characters.
When RADIUS authentication is disabled, safeguards are in place that will prevent an Admin-level user
from deleting all Admin-level accounts in the onboard user database. When RADIUS authentication is
enabled, an Admin-level user who was authenticated through RADIUS will be allowed to delete all of the
onboard accounts. This will be allowed to avoid some potential security concerns.
Safeguards will exist that will prevent certain combinations of options involving RADIUS and the local
user database that would effectively remove all means of accessing the MX2800 with Admin privileges.
The recovery mechanism for gaining access via the challenge password (ADTRANPLEASEHELP) is
supported regardless of whether the RADIUS authentication option is enabled or disabled. When a user
enters this password, the MX2800 issues a unique challenge sequence that requires a response provided by
ADTRAN Tech Support for access to the unit.
Local user accounts and passwords for the MX2800 are not case-sensitive. However, case is preserved for
both username and password when authenticating through RADIUS. The TL1 input message specification
limits the characters that may be sent as part of a TL1 command, unless the string is enclosed in double
quotes. This is important when RADIUS authentication is used for authenticating TL1 sessions. Passwords
or usernames with special characters must be placed in double quotes in the ACT-USER command. If
double quotes appear inside the TL1 username or password, each double quote character must be immedi-
ately preceded by the backslash character to avoid confusion with the double quotes surrounding the
username or password.
The MX2800 supports Challenge response messages from the RADIUS server regardless of whether the
login attempt is made via menus or TL1. If a Challenge response is received from the server, then the user
is prompted for additional information. The nature of this additional information is application-dependent.
When the Challenge response is received during an attempt to log in via TL1, then a PLNA TL1 response
is returned to the user and the Challenge message is provided in the TL1 comment field.
Server IP Address
This option sets the IP address of the server to be queried for authentication. The default value is a null IP
address. One IP address is supported.
This option sets the UDP port of the server. The default value is 1812.
This option sets a single privilege level that applies for all users that are granted access via remote authen-
tication. The possible values are
. The default value is
Refer to the appropriate MX2800 documentation for explanations of these privilege levels.
Shared Secret Visibility
This option sets the visibility of the Shared Secret value as displayed in the provisioning menu for
RADIUS authentication options. The possible values are
. When this option is set to
, the Shared Secret value is masked with asterisk characters. The default value is