Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual

Also see for CyberSWITCH 5500: Quick start Manual

Contents

Central Site Remote Access Switch 195CONFIGURING D EVICE L EVEL DATABASESOn-node Device EntriesO UTBOUND A UTHENTICATIONThis parameter allows you to enable or disable PPP outbound authentication procedures. WhenPPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at bothends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH doesnot authenticate the remote device when dialing out. If enabled, the CyberSWITCH willauthenticate the remote device. Outbound authentication is required if a PPP device is associatedwith a frame relay virtual circuit and the virtual circuit name and device name do not match.U SER LEVEL A UTHENTICATIONThis parameter allows you to enable or disable user level authentication for this device. When userlevel authentication is enabled, the device is required to fulfill the necessary requirements of an off-node user level authentication server, such as RADIUS, ACE, or TACACS, after beingauthenticated at the device level.IP H OST I DENTIFIERThe IP Host Id is used to authenticate a device over the IP Host (RFC 1294) line protocol. A uniqueidentifier, 1 to 24 non-blank characters in length, it identifies the device. This identifier is exchangedand validated when the device connects to the system. This identifier must be identical to theidentifier configured on the device’s IP Host system. This field is only required when the IP routingoperating mode is enabled. The identifier entered here must be identical to the configured identifierfor the device’s remote IP Host device.BRIDGE ETHERNET ADDRESSThis address is used for authentication purposes on connections made over the HDLC Bridge lineprotocol. It is required if Bridge Ethernet Address Security is enabled.This is the MAC address of the remote bridge device. This value is passed to the system (in band)when a connection is established. The system will look up the incoming Bridge Ethernet Addressin the On-node Device Table. If the address is not included in the On-node Device Table, the systemwill reject the incoming call. If the address is included in the On-node Device Table, and thecorresponding device entry is not configured with a bridge password, the connection will beestablished. If the address is included in the On-node Device Table, and the corresponding deviceentry is configured with a bridge password, the system will validate the password beforeestablishing the connection.BRIDGE PASSWORDThis password is used by the HDLC Bridge line protocol. It is an unencrypted password value (astring of 1 to 12 characters) used as a secondary security check when Bridge Ethernet AddressSecurity is enabled. Its use is optional; however, if it is specified, it must be correct for theconnection to be allowed. This value is passed to the system (in band) when an incoming call isreceived. The system compares the incoming password with the value found in the On-nodeDevice Table. If the incoming password matches the associated On-node Device Table Bridgepassword, the connection is established. Otherwise, the system will reject the incoming call.This value is stored in the same location as the PAP password, so a change to one password affectsthe other.CALLING LINE IDENTIFIER (CLID)Applicable to ISDN connections only, and only when the CLID option is enabled. You can specifyeight CLIDs for each device entry. Each CLID for a given device must be unique. This is thetelephone number of the calling party that is connecting to the system. In some areas thisinformation is passed to the system on the ISDN incoming connection message. The system will