IP Routing
6-9
8000-A2-GB21-30
April 1998
Notes to the Authentication Server Administrator
If the authentication process is to be invoked as part of dynamic addressing, the
authentication request from the DSLAM must be in either RADIUS or XTACACS
format. The authentication server will receive an authentication request from the
Hotwire DSLAM before the end-user’s request for an address is relayed to the
DHCP server.
NOTE:
The IP source address for these requests will be the e1a interface IP address
associated with the domain.
The following sections describe the contents of the authentication request
message for a RADIUS authentication server and an XTACACS authentication
server.
RADIUS Authentication
If the authentication server is a RADIUS server, an Access-Request message will
have the following format:
H The user_name will be the end-user’s user ID as received by the DSLAM in
the type 0 client ID field of the DHCP request.
If the end-user request does not contain a user ID, the corresponding domain
name is used as the user_name.
H The password will always be Hotwire.
The passwords configured at the authentication server should not be set with
an expiration time.
H The NAS-IP will be the DSL card’s e1a address (gateway address)
associated with this domain.
H The NAS-PORT will be the port number that received the end-user’s request.
H The service type will be Authentication-Only.
H The RADIUS Secret value used for encryption is configured on the DHCP
Relay Server screen.
The authentication request is sent to UDP port 1812 (as specified in RFC 2138).
If an Access-Accept message is returned, the DHCP request is relayed to the
DHCP server.
