Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

USER’S GUIDE130 CyberSWITCHThe above process applies to the system’s authentication of the remote device. It is also possible thatthe remote device may wish to authenticate the system itself, a desire that is also negotiated duringthe LCP initialization of the link. Enabling CHAP via configuration also permits the system to agreeto be authenticated via CHAP during LCP negotiation. In the same manner that each remote devicehas a name and secret, the system itself is configured with a system-wide name and secret that areused to respond to CHAP challenges.Note: When both CHAP and PAP are enabled, the system will request the CHAP protocol first.If the remote device agrees to CHAP, then the secret that is configured for the device mustmatch the one that the remote device uses. If the remote device agrees to PAP then thepasswords must match. If only one of either PAP or CHAP is enabled, the system will insiston that protocol only. If the remote device does not support the enabled protocol, thedevice will not be allowedBRIDGE MAC ADDRESS SECURITYIf bridging is enabled, you have the option of enabling Bridge Ethernet Address Security. BridgeMAC Address Security may also be enabled if IP routing through a Virtual WAN interface isenabled. This security option allows you to configure specific Bridge Ethernet Addresses and anoptional password on a per device basis. When Bridge Ethernet Address security is enabled, theSystem will look up the received Ethernet address in the Device List. If the address is not found,the call is disconnected. If the address is found and the corresponding device entry is configuredwith a password, the System will validate the password. If the password is not valid, the call willbe disconnected.IP HOST ID SECURITYTo enable IP Host Id Security, you must first enable IP routing. IP Host Id Security provides addedsecurity through device validation. At connection establishment time, the Device sends anunencrypted IP Host identifier over the WAN to the System. The System looks up the Device basedon the received IP Host identifier. If the identifier is found in the Device List, the call is accepted.Otherwise the call is disconnected.SYSTEM O PTIONS BACKGROUND I NFORMATIONWhen a remote device connects, the CyberSWITCH negotiates the required authentication. Inorder for the remote device to be properly authenticated, the CyberSWITCH must have theappropriate authentication enabled. If the CyberSWITCH does not have the authenticationrequired by the remote device enabled, the remote device will not be authenticated and the call willbe disconnected.The possible security options that can be enabled include:• Calling Line Id• IP Host Id• Bridge Ethernet Address• PAP• CHAP