Nortel Networks OPTera Metro 3500 User Manual
Page 165
Operation, administration, and maintenance (OAM) features 2-127
Planning and Ordering Guide—Part 1 of 2 NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004
The Access-Request is submitted to the RADIUS server through the network.
If no response is returned within a length of time, the request is re-sent a
number of times.
Once the RADIUS server receives the request, it validates the sending network
processor. If the network processor is valid, the RADIUS server consults a
database of users to find the user whose name matches the request. The user
entry in the database contains a list of requirements which must be met to allow
access for the user.
’Access-Reject’
If any condition is not met, the RADIUS server sends an "Access-Reject"
response indicating that this user request is invalid.
’Access-Accept’
Transactions between the network processor and RADIUS server are
authenticated through the use of a server shared secret. Users must provision
on the RADIUS server, the user’s UPC level (OM3000_UPC) and the idle time
out period (Idle-Timeout). These values are returned to the gateway network
processor, which is then forwarded to the network element, in the
Access-Accept message from the RADIUS server. At this point, the user is
granted access to the network element or network processor.
There is one RADIUS shared secret that is separately provisionable: the server
shared secret. The user enters a user name and password, and the RADIUS
protocol authenticates.
Users are able to provision on the NPx:
•
a primary RADIUS server’s IP address and port number (on the gateway
network processor)
•
a secondary RADIUS server’s IP address and port number (on the gateway
network processor)
•
the primary and secondary server shared secret (on the gateway network
processor)
•
timeout period for each RADIUS server (on the gateway network
processor)
•
state of the RADIUS feature (enabled / disabled) (on the gateway network
processor)
— RADIUS feature must be enabled prior to enabling CSA feature.
•
state of the CSA feature (enabled / disabled) (on the gateway network
processor and the network element)
•
alternate login method on the gateway network processor