Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual

Also see for CyberSWITCH 5500: Quick start Manual

Contents

Central Site Remote Access Switch 209CONFIGURING O FF - NODE S ERVER I NFORMATIONRADIUS ServerCSM AUTHENTICATION S ERVER CONFIGURATION ELEMENTSTCP P ORT NUMBERThe TCP port number used by CSM. Note that you can assign a device-defined port number, butthat the CSM TCP port number must be entered identically on both the CyberSWITCH and CSM.CSM AUTHENTICATION S ERVER B ACKGROUND INFORMATIONWhen a remote site calls a CyberSWITCH, it sends its identification (such as the system name) anda password (or challenge). The system then sends the data in a message to CSM on a TCPconnection. CSM will find the device in its database, searching for the system name (if provided)or the Ethernet address for Combinet Proprietary Protocol (CPP) devices. After finding the device,the password or challenge is verified, and configuration information about the device is sent to thesystem.Before allowing data to be sent to the newly-connected device, the system will again query CSM,this time to verify if the call is acceptable. CSM checks against various configuration settings to seeif the call is to be allowed.RADIUS S ERVERYou may use the RADIUS Server as an Authentication Server, an Accounting Server, or both. Referto the following sections for details on configuring these off-node servers.CONFIGURING A RADIUS A UTHENTICATION SERVERNotes: In order for the CyberSWITCH to reference a RADIUS Server, ensure the following:• IP Routing must be enabled. If you try to enable the RADIUS Server before IP routinghas been enabled, an error message will be displayed.• The appropriate LAN network interface(s) must be configured to represent the local IPnetwork.• The appropriate WAN network information must be configured for each type ofremote device configured that will connect to the system.• The system must have a valid route to the RADIUS Server. This route can be via adirectly connected network interface or via a static route. If the RADIUS Server has adirect physical connection to the network, the appropriate network interface must thenbe configured for that connection. If the RADIUS Server has no direct physicalconnection to the network, then a static route needs to be configured to establish aroute, with one exception: if the router connecting the system to the RADIUS Serversupports RIP, no static route is needed. If there are multiple CyberSWITCHes at onesite, it is more convenient to maintain all of the static route information for thesesystems on a central RADIUS Server. The static routes then do not need to beduplicated on all of the Cabletron systems. This is done by enabling the “IP Routes viaRADIUS” feature available under CFGEDIT’s IP Information Menu, and including aFramed Route attribute for each system’s RADIUS device entry.