Avaya P333R-LB Installation And Configuration Manual page 56

Chapter 8 User Authentication
Authentication Request to the RADIUS server in an attempt to authenticate the user
remotely. If the user name and password are authenticated, then the RADIUS server
responds to the switch with an Authentication Acknowledgement that includes
information on the user's privileges ('administrator', 'read-write', or 'read-only'),
and the user is allowed to gain access to the switch. If the user is not authenticated,
then an Authentication Reject is sent to the switch and the user is not allowed access
to the switch's embedded management.
The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard
(RFC 2138) client/server security protocol. Security and login information is stored
in a central location known as the RADIUS server. RADIUS clients such as the P330,
communicate with the RADIUS server to authenticate users.
All transactions between the RADIUS client and server are authenticated through
the use of a "shared secret" which is not sent over the network. The shared secret is
an authentication password configured on both the RADIUS client and its RADIUS
servers. The shared secret is stored as clear text in the client's file on the RADIUS
server, and in the non-volatile memory of the P330. In addition, user passwords are
sent between the client and server are encrypted for increased security.
42 Avaya P333R-LB User's Guide