Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

USER’S GUIDE116 CyberSWITCHThese environments include an on-node database and a variety of off-node, central authenticationdatabases. The on-node database contains a list of valid devices that can access the networkresources connected to the CyberSWITCH. This list of valid devices is configured and storedlocally. A central database allows a network with more than one CyberSWITCH to access onedatabase for device authentication. Supported central authentication databases for device levelsecurity include: VRA Manager, and RADIUS.U SER L EVEL D ATABASESIf user level security or multi-level security has been chosen, then the next phase of securityconfiguration involves enabling an off-node user level authentication database, and thenspecifying the Telnet port used to access that database. User level security is only available throughan off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.OFF- NODE S ERVER I NFORMATIONIf an off-node authentication server has been chosen for device or user level security, then the nextphase of security configuration requires that these servers are appropriately configured in thesystem.The SecureFast Virtual Remote Access Manager (VRA Manager) is an off-node, central databasesupported by the CyberSWITCH. VRA Manager is installed on a Windows NT system that is localto the network. It operates with an SQL Server that can store data for thousands of users. A TCPconnection allows the CyberSWITCH to communicate with the VRA Manager.The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by theCyberSWITCH. RADIUS operates using two components: an authentication server and clientprotocols. The RADIUS Server software is installed on a UNIX-based system that is local to thenetwork. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,ultimately authenticating devices.The Terminal Access Controller Access Control System (TACACS) is a database supported by theCyberSWITCH. TACACS operates using two components: client code and server code. TACACSserver software is installed on a UNIX-based system connected to the CyberSWITCH network. Theclient protocols allow the system to communicate with the TACACS server, ultimatelyauthenticating devices.Access Control Encryption (ACE) is a database supported by the system. ACE operates using twocomponents: client code and server code. The ACE Server software is installed on a UNIX-basedsystem connected to the network. The client protocols allow the CyberSWITCH to communicatewith the ACE Server, ultimately authenticating users.N ETWORK LOGIN INFORMATIONThe last phase of security configuration involves configuring network login information. If you areusing User Level Security or Multilevel Security, you may customize banners and loginconfiguration to suit the needs of your particular installation. You may also specify the number oflogin attempts and password change attempts. Specific login elements, such as prompt order, forRADIUS and TACACS are defined here.