Cisco Cisco Access Registrar 3.5 User Manual
Page 73
Glossary
GL-7
Cisco Access Registrar 3.5 Concepts and Reference Guide
OL-2683-02
Service
A means of specifying the method to use to perform a function. A service can be specified for the
following functions: authentication, authorization, accounting, and authentication-authorization. For
example, a service can specify that authentication be performed using the local database, or a service
can specify that accounting be supported by logging information to a file.
Services
Three default services are referenced by the server configuration and when processing scripts. They are
Default Authentication Service, Default Authorization Service, and Default Accounting Service. Each
service has a type and (if it is using remote servers) an ordered list of servers to use.
Session
Each service provided by the NAS to a dial-in user constitutes a session, with the beginning of the
session defined as the point where service is first provided and the end of the session defined as the
point where service is ended. Depending on NAS support capabilities, a user may have multiple
sessions in parallel or in series.
SHA-1
Secure Hash Algorithm; a hashing algorithm that produces a 160-bit digest based upon the input. The
algorithm produces SHA passwords that are irreversible or prohibitively expensive to reverse.
Shared Secret
Used to authenticate transactions between the client and the RADIUS server. The shared secret is never
sent over the network.
Shared Use
Network
An IP dial-up network whose use is shared by two or more organizations. Shared use networks typically
implement distributed authentication and accounting in order to facilitate the relationship amongst the
sharing parties.
Silently Discard
RADIUS discards the packet without further processing. The server logs an error, including the
contents of the silently discarded packet, and records the event in a statistics counter.
SLIP
Serial Line Internet Protocol is TCP/IP over direct connections and modems, which allows one
computer to connect to another or to a whole network.
SMDS
Switched Multi-megabit Data Service is a high-speed Metropolitan-Area Networking technology that
behaves like a LAN.
SSHA
Netscape’s (iPlanet) enhancement of the SHA-1 algorithm which includes salted password data.
SNAP
SubNetwork Access Protocol is used when a SAP definition does not exist for the encapsulated user
data protocol.
SSL
Secure Socket Layer is the protocol defined by Netscape that is used for encryption and authentication
between two Internet entities. It uses public/private key certificates instead of shared secrets.
SVC
Switched Virtual Circuit is an L2TP-compatible media on top of which L2TP is directly encapsulated.
SVCs are dynamically created, permitting tunnel media to be created dynamically in response to
desired LNS-LAC connectivity requirements.
S