Zte ZXR10 2900 Series

To Next Page

To Previous Page

Chapter7ServiceConguration

TheRadiusAccountingServerisresponsibleforreceivingthesub-

scriberbillingstartrequestandsubscriberbillingstoprequest,and

completingthebillingfunction.

TheNAScommunicateswiththeRadiusServerthroughRADIUS

packets.AttributesintheRADIUSpacketsareusedtotransfer

thedetailedauthentication,authorization,andbillinginformation.

Theattributesusedbythisswitchareprimarilystandardattributes

denedintherfc2865,rfc2866,andrfc2869.

TheEAPprotocolisusedbetweentheswitchandthesubscriber .

Threetypesofidentityauthenticationmethodsareprovidedbe-

tweentheRADIUSservers:PAP ,CHAP ,andEAP-MD5.Anyofthe

methodscanbeusedaccordingtodifferentserviceoperationre-

quirements.

�PAP(PasswordAuthenticationProtocol)

PAPisasimpleplaintextauthenticationmode.NASrequires

thesubscribertoprovidetheusernameandpasswordandthe

subscriberreturnsthesubscriberinformationintheformof

plaintext.Theservercheckswhetherthissubscriberisavail-

ableandwhetherthepasswordiscorrectaccordingtothesub-

scribercongurationandreturnsdifferentresponses.Thisau-

thenticationmodefeaturespoorsecurityandtheusername

andpasswordtransferredmaybeeasilystolen.

Figure72showstheprocessofusingthePAPmodeforidentity

authentication.

FIGURE72USINGPAPMODEFORIDENTITYAUTHENTICATION

�CHAP(ChallengeHandshakeAuthenticationProtocol)

CHAPisanencryptedauthenticationmodeandavoidsthe

transmissionoftheuser’srealpassworduponthesetupof

connection.NASsendsarandomlygeneratedChallengestring

totheuser .TheuserencryptstheChallengestringbyusing

theownpasswordandMD5algorithmandreturnstheuser-

nameandencryptedChallengestring(encryptedpassword).

CondentialandProprietaryInformationofZTECORPORATION173

Zte ZXR10 2900 Series - OAM