Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

Small Office Remote Access Switch 147CONFIGURING D EVICE L EVEL DATABASESOn-node Device EntriesInformation, system secret. As opposed to a password, a CHAP Secret is not sent across the link, andtherefore is not susceptible to interception. Instead, a calculation is done on the packets transmittedbetween the two devices, and the results are compared to the shared CHAP Secret for validation.If the calculation’s results do not match the expected results, the connection is terminated.OUTBOUND AUTHENTICATIONThis parameter allows you to enable or disable PPP outbound authentication procedures. WhenPPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at bothends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH doesnot authenticate the remote device when dialing out. If enabled, the CyberSWITCH willauthenticate the remote device. Outbound authentication is required if a PPP device is associatedwith a frame relay virtual circuit and the virtual circuit name and device name do not match.USER LEVEL AUTHENTICATIONThis parameter allows you to enable or disable user level authentication for this device. When userlevel authentication is enabled, the device is required to fulfill the necessary requirements of an off-node user level authentication server, such as RADIUS, ACE, or TACACS, after beingauthenticated at the device level.IP HOST IDENTIFIERThe IP Host Id is used to authenticate a device over the IP Host (RFC 1294) line protocol. A uniqueidentifier, 1 to 24 non-blank characters in length, it identifies the device. This identifier is exchangedand validated when the device connects to the system. This identifier must be identical to theidentifier configured on the device’s IP Host system. This field is only required when the IP routingoperating mode is enabled. The identifier entered here must be identical to the configured identifierfor the device’s remote IP Host device.BRIDGE ETHERNET ADDRESSThis address is used for authentication purposes on connections made over the HDLC Bridge lineprotocol. It is required if Bridge Ethernet Address Security is enabled.This is the MAC address of the remote bridge device. This value is passed to the system (in band)when a connection is established. The system will look up the incoming Bridge Ethernet Addressin the On-node Device Table. If the address is not included in the On-node Device Table, the systemwill reject the incoming call. If the address is included in the On-node Device Table, and thecorresponding device entry is not configured with a bridge password, the connection will beestablished. If the address is included in the On-node Device Table, and the corresponding deviceentry is configured with a bridge password, the system will validate the password beforeestablishing the connection.BRIDGE PASSWORDThis password is used by the HDLC Bridge line protocol. It is an unencrypted password value (astring of 1 to 12 characters) used as a secondary security check when Bridge Ethernet AddressSecurity is enabled. Its use is optional; however, if it is specified, it must be correct for theconnection to be allowed. This value is passed to the system (in band) when an incoming call isreceived. The system compares the incoming password with the value found in the On-nodeDevice Table. If the incoming password matches the associated On-node Device Table Bridgepassword, the connection is established. Otherwise, the system will reject the incoming call.This value is stored in the same location as the PAP password, so a change to one password affectsthe other.