Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

Small Office Remote Access Switch 129C ONFIGURING SYSTEM O PTIONS AND I NFORMATIONSystem OptionsNote: If a system is brought on line with a device that has a required Calling Line Id that is aduplicate of another device’s Calling Line Id, and no other type of authentication is used,a warning message is logged at initialization. Every attempt to connect the devicethereafter will result in an error message being logged and the call being rejected.PAP PASSWORD SECURITYPAP Security provides a method for the Device to identify itself to the system using a 2-wayhandshake. If PAP Password Security is enabled, and a PAP Password has been configured for theDevice, the following holds true:• After the initial connection is made, the Device Name and Password are repeatedly sent by theremote device to the system. The system will look up the received Device Name in the DeviceList.• If the Device Name is not found, the call is disconnected.• If the Device Name is found the system will validate the password.• If the password does not match, the call will be disconnected.• If PAP Password Security is enabled, and a PAP Password has not been configured for the De-vice, Password validation is not performed.CHAP CHALLENGE SECURITYAn authentication phase between the remote device and the system begins with sending a CHAPchallenge request to the remote device. The CHAP request contains a string of bytes known as thechallenge value, which is changed on each challenge. Using the hash algorithm associated withCHAP, the remote device transforms the challenge value plus its secret into a response value. Theremote device sends this output of the hash function, along with its symbolic name, to the systemin a CHAP response.Within the Device Table entry for each remote device which will be authenticated via CHAP, thesystem maintains the remote device’s secret. The name in the remote device’s CHAP response isused to locate the Device Table entry, and consequently the secret used by the remote device. Usingthe same hash function, the system computes the expected response value for the challenge withthat secret. If this matches the response value sent by the remote device, a successful authenticationhas occurred. The system can optionally be configured to repeat the CHAP challenge processperiodically throughout the life of the connection. An invalid response to a CHAP challenge at anytime is deemed a security violation, which causes a switched link to be released.PAPAuthenticationCHAPAuthenticationBridge MACAddressAuthenticationCalling Line IdAuthenticationYes No No OptionalDuplicates allowed forthese Devices.No Yes No OptionalDuplicates allowed forthese Devices.No No Yes OptionalDuplicates allowed forthese Devices.No No No RequiredDuplicates not allowed.