Table of Contents

Glossary

A circuit-switched communication path intended to carry 3.1 KHz audio in each direction.

Address Resolution Protocol is the TCP/IP protocol that translates an Internet address into the hardware address of a network interface card.

Asynchronous Transfer Mode is a virtual circuit, fast packet technology. Traffic of all kinds (data, voice, video) is divided into 53-byte cells and conducted over very high speed media.

Adaptive Time Out is the time that must elapse before an acknowledgment is considered lost. After a time out, the sliding window is partially closed and the ATO is backed off.

A connection or attempted connection between two terminal end points on a PSTN or ISDN; for example, a telephone call between two modems.

Challenge Authentication Protocol is a PPP cryptographic challenge/response authentication protocol in which the cleartext password is not passed in the clear over the line.

Calling Line ID indicates to the receiver of a call, the phone number of the caller.

Cable Modem is usually a modem with an RF (cable) interface on one side and an Ethernet interface on the other. A cable modem might also have a telephone interface for "telco return," which is used when only downstream capability exists in the cable plant.

Control messages are exchanged between LAC, LNS pairs, and operate in-band within the tunnel protocol. Control messages govern aspects of the tunnel and sessions within the tunnel.

Cable Systems Group is a billing systems company.

Customer Service Representative is the person you call to activate your account.

Channel Service Unit/Data Service Unit isolates your network from your exchange carrier's network. It also receives the timing, low-level framing information, and data passed from the termination point. CSU/DSUs are specific to the general circuit type.

Directory Access Protocol is a heavyweight protocol that runs over a full OSI stack and requires a significant amount of computing resources to run.

Dial Use is an end-system or router attached to an on-demand PSTN or ISDN, which is either the initiator or recipient of a call.

Digital Channel is a circuit-switched communication path that is intended to carry digital information in each direction.

Dialed Number Information String is an indication to the receiver of a call as to what phone number the caller used to reach it.

Extensible Authentication Protocol is a framework for a family of PPP authentication protocols, including cleartext, challenge/response, and arbitrary dialog sequences.

Frame Relay is a cost-effective, lightweight, many-to-many, medium-speed, virtual network, link-layer technology.

Field Technician is someone who installs your cable modem in your house.

Integrated Services Digital Network enables synchronous PPP access.

Internet Service Provider is a company that provides Internet connectivity.

High-level Data Link Control is both a point-to-point and multiparty link-layer technology. HDLC provides reliable, acknowledged transfer across dedicated links.

LAC is a device attached to one or more PSTN or ISDN lines capable of PPP operation and of handling the L2TP protocol. The LAC needs only to implement the media over which L2TP is to operate to pass traffic to one or more LNSs. It may tunnel any protocol carried within PPP.

Local Area Network consists of all of the components that create a system up to a router. These components include cables, repeaters, bridges, and software up to the network layer.

Lightweight Directory Access Protocol provides a standard way for Internet clients, applications, and WWW servers to access directory information across the Internet such as user names, e-mail addresses, security certificates, and other contact information.

Logical Link Control is an interface that defines several common interfaces between higher-level protocols (for example, IP) and the networks they ride upon (for example, Ethernet, Token Ring, and others).

An LNS operates on any platform capable of PPP termination. The LNS handles the server side of the L2TP protocol. Since L2TP relies only on the single media over which L2TP tunnels arrive, the LNS may have only a single LAN or WAN interface, yet still be able to terminate calls arriving at any LAC's full range of PPP interfaces (async, synchronous ISDN, V.120, etc.).

Multiple System Operators are typically cable companies that provide Internet access for regional independent operators.

Network Access Server is a device providing temporary, on-demand network access to users. This access is point-to-point using PSTN or ISDN lines. A NAS operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers.

In PPTP terminology, this is referred to as the PPTP Access Concentrator (PAC). In L2TP terminology, the NAS is referred to as the L2TP Access Concentrator (LAC).

Network Control Protocol is responsible for negotiating the protocol-specific particulars of the point-to-point protocol (PPP) link.

In order to provide for the routing of RADIUS authentication and accounting requests, the UserID field used in PPP and in the subsequent RADIUS authentication and accounting requests, known as the Network Access Identifier (NAI), may contain structure. This structure provides a means by which the RADIUS proxy locates the RADIUS server that is to receive the request. This same structure may also be used to locate the tunnel end point when domain-based tunneling is used.

Open Data Base Connectivity is a standard supported by Microsoft and is in general use. ODBC drivers for specific types of data files, including database files, spreadsheet files, and text fields, are available from Microsoft Corporation.

Password Authentication Protocol is a simple PPP authentication mechanism in which a cleartext username and password are transmitted to prove identity.

The contents of a request packet.

Point of Presence is the dial-in point or connection point for users connecting to an ISP.

Packet Processing Delay is the amount of time required for each peer to process the maximum amount of data buffered in their offered receive packet window. The PPD is the value exchanged between the LAC and LNS when a call is established. For the LNS, this number should be small. For an LAC supporting modem connections, this number could be significant.

Point-to-Point Protocol is a multiprotocol and includes UDP, Frame Relay PVC, and X.25 VC.

A collection of one or more attributes that describe how a user should be configured; for example, a profile may contain an attribute whose value specifies the type of connection service to provide the user, such as PPP, SLIP, or Telnet. Profiles can be set up for a specific user or can be shared amongst users.

Public Switched Telephone Network enables async PPP through modems.

A given Quality of Service level is sometimes required for a given user being tunneled between an LNS-LAC pair. For this scenario, a unique L2TP tunnel is created (generally on top of a new SVC) and encapsulated directly on top of the media providing the indicated QOS.

Remote Authentication Dial In User Service. The RADIUS protocol provides a method that allows multiple dial-in Network Access Server (NAS) devices to share a common authentication database.

A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response that is returned. A RADIUS server can act as a proxy client to other RADIUS servers.

The RADIUS dictionary passes information between a script and the RADIUS server, or between scripts running on a single packet.

In order to provide for the routing of RADIUS authentication and accounting requests, a RADIUS proxy may be employed. To the NAS, the RADIUS proxy appears to act as a RADIUS server, whereas to the RADIUS server the proxy appears to act as a RADIUS client.

A server that is responsible for receiving user connection requests, authenticating the user, and then returning all of the configuration information necessary for the client to deliver the service to the user.

Remote Access Services. See RADIUS Client.

A server that has been registered with the user interface, which can later be referenced as a proxy client or as the method to perform a service; for example, a remote RADIUS server can be specified to act as a proxy client.

RADIUS EXtension allows you to write C and C++ programs to affect the behavior of Cisco Access Registrar.

The ability to connect to a NAS that is not your normal POP (Point of Presence) and have the Access-Request redirected to your normal RADIUS server. The ability to use any one of multiple Internet server providers, while maintaining a formal, customer-vendor relationship with only one.

A network device that connects multiple network segments and forwards packets from one network to another. The router must determine how to forward a packet based on addresses, network traffic, and cost.

A table that lists all of the possible paths data can take to get from a source to a destination. Depending on how routers are configured, they may build their tables dynamically by trading information with other routers, or they may be statically configured in advance.

Round-Trip Time is the estimated round-trip time for an Acknowledgment to be received for a given transmitted packet. When the network link is a local network, this delay will be minimal (if not zero). When the network link is the Internet, this delay could be substantial and vary widely. RTT is adaptive; it adjusts to include the PPD (Packet Processing Delay) and whatever shifting network delays contribute to the time between a packet being transmitted and receiving its acknowledgment.

Service Access Points (source and destination) identify protocols from which a packet has come and to which a packet must be delivered.

Instructions that are run in the context of a RADIUS client/server session. Scripts can be specified for servers, clients, vendors, and services. A script can be used as an incoming script, an outgoing script, or both. Incoming scripts are executed during the Access-Request portion of a dial-in session. Outgoing scripts are executed during the Access-Accept portion of a dial-in session. Scripts are referenced within the User Interface by name. Scripts can be source code for a scripting language or a binary file.

A means of specifying the method to use to perform a function. A service can be specified for the following functions: authentication, authorization, accounting, and authentication-authorization. For example, a service can specify that authentication be performed using the local database, or a service can specify that accounting be supported by logging information to a file.

Three default services are referenced by the server configuration and when processing scripts. They are Default Authentication Service, Default Authorization Service, and Default Accounting Service. Each service has a type and (if it is using remote servers) an ordered list of servers to use.

Each service provided by the NAS to a dial-in user constitutes a session, with the beginning of the session defined as the point where service is first provided and the end of the session defined as the point where service is ended. Depending on NAS support capabilities, a user may have multiple sessions in parallel or in series.

Used to authenticate transactions between the client and the RADIUS server. The shared secret is never sent over the network.

An IP dial-up network whose use is shared by two or more organizations. Shared use networks typically implement distributed authentication and accounting in order to facilitate the relationship amongst the sharing parties.

RADIUS discards the packet without further processing. The server logs an error, including the contents of the silently discarded packet, and records the event in a statistics counter.

Serial Line Internet Protocol is TCP/IP over direct connections and modems, which allows one computer to connect to another or to a whole network.

Switched Multimegabit Data Service is a high-speed Metropolitan-Area Networking technology that behaves like a LAN.

SubNetwork Access Protocol is used when a SAP definition does not exist for the encapsulated user data protocol.

Secure Socket Layer is the protocol defined by Netscape that is used for encryption and authentication between two Internet entities. It uses public/private key certificates instead of shared secrets.

Switched Virtual Circuit is an L2TP-compatible media on top of which L2TP is directly encapsulated. SVCs are dynamically created, permitting tunnel media to be created dynamically in response to desired LNS-LAC connectivity requirements.

A service that lets you log in to a system over a network just as though you were logging in from a remote character terminal attached to the system. It is commonly used to provide an Internet service that is exactly the same as the one you would get if you dialed into the system directly with a modem.

A tunnel is defined by an LNS-LAC pair. The tunnel carries PPP datagrams between the LAC and the LNS; many sessions can be multiplexed over a single tunnel. A control connection operating in band over the same tunnel controls the establishment, release, and maintenance of sessions and of the tunnel itself.

A server that terminates a tunnel. In PPTP terminology, this is known as the PPTP Network Server (PNS). In L2TP terminology, this is known as the L2TP Network Server (LNS).

The list of users registered for dial-in access.

The UserRecord contains all the information that needs to be accessed at runtime about a particular user. This enables it to be read in one database operation in order to minimize the cost of authenticating the user. The UserRecord is stored as an encrypted string in the MCD database, because it contains the user's password, amongst other things.

Users are represented by entities in specific UserLists. See User Record.

Each NAS has a vendor associated with it. A vendor may specify attributes for the NAS that are not part of the standard specification.

Virtual Private Network is a way for companies to use the Internet to securely transport private data.

A reliable public data network technology consisting of private virtual circuits, virtual calling, and per-packet charging.

Defines the Directory Access Protocol (DAP) for clients to use when contacting directory servers. DAP is a heavyweight protocol that runs over a full OSI stack and requires a significant amount of computing resources to run.

Posted: Thu Aug 19 08:17:04 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.