Zte ZXR10 5250 Series - Figure 5-20 Using PAP Mode for Identity Authentication

To Next Page

To Previous Page

ZXR105250SeriesCongurationGuide

TheEAPprotocolisusedbetweentheswitchandthesubscriber.Threetypesofidentity

authenticationmethodsareprovidedbetweentheRADIUSservers:PAP ,CHAP ,and

EAP-MD5.Anyofthemethodscanbeusedaccordingtodifferentserviceoperation

requirements.

lPasswordAuthenticationProtocol(PAP)

PAPisasimpleplaintextauthenticationmode.NASrequiresthesubscriberto

providetheusernameandpasswordandthesubscriberreturnsthesubscriber

informationintheformofplaintext.Theservercheckswhetherthissubscriber

isavailableandwhetherthepasswordiscorrectaccordingtothesubscriber

congurationandreturnsdifferentresponses.Thisauthenticationmodefeatures

poorsecurityandtheusernameandpasswordtransferredmaybeeasilystolen.

FortheprocessofusingthePAPmodeforidentityauthentication,seeFigure5-20.

Figure5-20UsingPAPModeforIdentityAuthentication

lChallengeHandshakeAuthenticationProtocol(CHAP)

CHAPisanencryptedauthenticationmodeandavoidsthetransmissionoftheuser’s

realpassworduponconnectionsetup.NASsendsarandomlygeneratedChallenge

stringtotheuser.TheuserencryptstheChallengestringbyusingtheuser’s

passwordandMD5algorithmandreturnstheusernameandencryptedChallenge

string(encryptedpassword).

TheserverusestheuserpassworditstoresandtheMD5algorithmtoencryptthe

Challengestring.ThenitcomparesthisChallengestringwiththeencryptedpassword

oftheserverandreturnsaresponseaccordingly.

FortheprocessofusingtheCHAPmodeforidentityauthentication,seeFigure5-21.

5-72

SJ-20131111172707-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Other manuals for Zte ZXR10 5250 Series