This is also true for the MAX4000. > The Max4000 seems to also check that the IP address of the remote site > is corresponding to what is indicated in the Radius profile... The MAX4000 will only do this when you enable the function: Ethernet->Answer->Assign Adrs=Yes Ethernet->Mod Config->Pool only=Yes Otherwise, it will accept the IP address requested by the remote system. Check out "Requiring that a caller accept an IP address from the MAX" in the RADIUS Supplement of the MAX documentation. > As this check is performed by the radius database, this might indicate that > some parameters are not transmitted to the Radius by the TNT... Actually you are wrong - the check is *not* performed by the RADIUS server. In RADIUS, Authentication (verifying username and password) always takes place before authorization (configuring the interface) whether it is done via the terminal server or via PAP/CHAP. In PPP, authentication must be successful before the NCP negotiations start. This means that there is no way for the TNT (or MAX or ...) to pass over the IP address in the RADIUS Access-Request. There is a section of documentation for the TNT similar to that found for the MAX - "Requiring that a caller accept an IP address from the MAX TNT". Briefly [look it up for the full text]: To specify that the MAX TNT try to assign an IP address to a calling device, set Assign- Address=Yes in the IP-Answer subprofile of the Answer-Defaults profile. The MAX TNT asks the device to accept an assigned address. The address can be a static address or a dynamic address. ... To require a calling station to accept an IP address from the MAX TNT, set Must-Accept-Address-Assign=Yes in the IP-Global profile. This setting requires the calling station to accept the static address you specify (in a Connection profile or RADIUS user profile), or a dynamic address. If the calling station rejects the assignment, the MAX TNT ends the call. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg09355.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG></LI> <UL> <LI><EM>From</EM>: Paul Rolland <rol@oleane.net></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg09353.html">(ASCEND) E1 pricing</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg09350.html">Re: (ASCEND) LAN security error</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg09344.html">(ASCEND) TNT : weakness in authentication process</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg09355.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail27.html#09349"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd190.html#09349"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>