USER’S GUIDE126 CyberSWITCHDEVICE AND USER L EVEL B ACKGROUND I NFORMATIONMulti-level security (device and user level) provides you with increased security options for yournetwork. This feature supports device level security for all remote devices. User-levelauthentication can be performed on top of device level authentication for IP, IPX, AppleTalk andbridge users. Only users configured for user level authentication will be required to do so. Refer tothe following illustration of a sample IP network configured for multilevel security.The network security level has been configured for both device level and user level security.Certain remote devices, such as Ollie, are able to dial-in and are only authenticated at the devicelevel. However, remote devices, such as Sparky, are configured in the device level database to beauthenticated at the user level as well as at the device level.For example, Scally is using the PC on the LAN attached to Sparky, a CSX150. Scally needs todownload some files off of the Service Server, which is on the LAN connecting to Zoe, a CSX150.Upon initiation of Scally’s call, device level authentication begins. Zoe checks its on-node devicedatabase to see if Sparky is a valid device, and whether its IP address and password are also valid.If valid, Zoe allows the connection, however a data filter is placed on the connection. This filter onlyallows Telnet session traffic to flow over the connection between Zoe and Sparky. User levelauthentication begins when Scally telnets to the IP address 1.1.1.1, port 7003, which is the portassigned to the ACE server. Zoe sends the user level login prompt to Scally’s PC. Once Scallycompletes the login and password information, Zoe relays this data to the ACE Server. If Scally isa valid user in the ACE database and provides the correct login and password, Zoe removes therestrictive filter so he may access the Service Server, or any other system on that LAN. Now thatScally has been properly authenticated, any users on his LAN may access the systems attached toZoe. For example, while Scally is downloading files, Simon could boot up his PC and access theInternet without going through the authentication processISDNAce ServerInternetServiceServerCSX1501.1.1.1sys name: Zoe1.1.1.2Device Tablename: Sparkyname: OllieCSX150sys name: SparkyDevice Tablename: ZoeCSX150sys name: OllieDevice Tablename: ZoeScallyPCPCSimonPC