Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual

Also see for CyberSWITCH 5500: Quick start Manual

Contents

Central Site Remote Access Switch 217CONFIGURING O FF - NODE S ERVER I NFORMATIONDynamic Device OptionU SING M ANAGE M ODEoffnodeAllows you to change current settings for off-node server options. You may use this commandto enable and configure the dynamic device option.DYNAMIC DEVICE CONFIGURATION ELEMENTSD EVICE N AMEA 1 to 17-character, user-specified name. Any name may be entered. For dynamic devices, thisname will not be used, but it must be entered to allow for creation of a device.PAP P ASSWORDThis password (a string of 1 to 12 ASCII characters) is used by PPP line protocol for PAPauthentication. For dynamic devices, this password is not used unless the OutboundAuthentication flag for the default device is enabled; but, either the password or secret is requiredregardless of the setting of the outbound authentication flag.CHAP S ECRETThis field (a string of 1 to 17 ASCII characters) is used by PPP line protocol for CHAPauthentication. For dynamic devices, this secret is not used unless the Outbound Authenticationflag for the default device is enabled; but, either the password or secret is required regardless of thesetting of the outbound authentication flag.O UTBOUND A UTHENTICATIONSince the main focus of this feature is not to require device-level authentication, the OutboundAuthentication flag is disabled by default. However, if you would like to add additional security,you can enable outbound authentication for the default device. If this is the case, all terminal usersdialing into the CyberSWITCH will need to pass user-level authentication, and configure theirremote machines (i.e., Win95 dialup client) with:• a user name that matches the name they will use for user-level security, and• a password that matches the password/secret defined for the default device.In this situation, everyone will have the same password/secret, but different names.For more information on these and other device-level configuration elements, refer to On-nodeDevice Database Configuration Elements.BACKGROUND I NFORMATIONTerminal Mode connections require both device-level + user-level security configurations.However, if you have a large number of users dialing in, you may not want to create an on-node orCSM database with devices for all possible users. If device-level authentication is not necessary,you can satisfy the device-level configuration requirement with the dynamic device option. Thisoption allows the dynamic creation of devices, based on an authenticated user name, and with thedevice parameters associated with a “default” device. This “default” device is configured as partof the off-node server configuration. Configuration consists of enabling the dynamic device option,then specifying a PAP password or CHAP secret for the default device.Once the dynamic device option is enabled, all terminal users dialing in will be given the sameconfiguration parameters (such as IP enabled or disabled, etc.).