beautypg.com

Cisco Cisco Access Registrar 3.5 User Manual

Page 73

background image

Glossary

GL-7

Cisco Access Registrar 3.5 Concepts and Reference Guide

OL-2683-02

Service

A means of specifying the method to use to perform a function. A service can be specified for the
following functions: authentication, authorization, accounting, and authentication-authorization. For
example, a service can specify that authentication be performed using the local database, or a service
can specify that accounting be supported by logging information to a file.

Services

Three default services are referenced by the server configuration and when processing scripts. They are
Default Authentication Service, Default Authorization Service, and Default Accounting Service. Each
service has a type and (if it is using remote servers) an ordered list of servers to use.

Session

Each service provided by the NAS to a dial-in user constitutes a session, with the beginning of the
session defined as the point where service is first provided and the end of the session defined as the
point where service is ended. Depending on NAS support capabilities, a user may have multiple
sessions in parallel or in series.

SHA-1

Secure Hash Algorithm; a hashing algorithm that produces a 160-bit digest based upon the input. The
algorithm produces SHA passwords that are irreversible or prohibitively expensive to reverse.

Shared Secret

Used to authenticate transactions between the client and the RADIUS server. The shared secret is never
sent over the network.

Shared Use
Network

An IP dial-up network whose use is shared by two or more organizations. Shared use networks typically
implement distributed authentication and accounting in order to facilitate the relationship amongst the
sharing parties.

Silently Discard

RADIUS discards the packet without further processing. The server logs an error, including the
contents of the silently discarded packet, and records the event in a statistics counter.

SLIP

Serial Line Internet Protocol is TCP/IP over direct connections and modems, which allows one
computer to connect to another or to a whole network.

SMDS

Switched Multi-megabit Data Service is a high-speed Metropolitan-Area Networking technology that
behaves like a LAN.

SSHA

Netscape’s (iPlanet) enhancement of the SHA-1 algorithm which includes salted password data.

SNAP

SubNetwork Access Protocol is used when a SAP definition does not exist for the encapsulated user
data protocol.

SSL

Secure Socket Layer is the protocol defined by Netscape that is used for encryption and authentication
between two Internet entities. It uses public/private key certificates instead of shared secrets.

SVC

Switched Virtual Circuit is an L2TP-compatible media on top of which L2TP is directly encapsulated.
SVCs are dynamically created, permitting tunnel media to be created dynamically in response to
desired LNS-LAC connectivity requirements.

S