Cabletron Systems CyberSWITCH CSX400 Installation Manual

Also see for CyberSWITCH CSX400: Setup guide Configuration guide User guide User guide User guide

Contents

CSX400 Firmware SupportCyberSWITCH CSX400 and CSX400-DC Installation Guide2-9Point-to-Point Protocol (PPP)PPP is a data link layer industry standard WAN protocol for transferring multi-protocol data trafficover point-to-point connections. It is suitable for both high-speed synchronous ports as well aslower speed asynchronous dial-up ports. With this protocol, options such as security and networkprotocols can be negotiated over the connection.This device supports synchronous PPP over the ISDN port. In Single Link Mode, PPP uses oneISDN B channel for data transmission. PPP runs over each ISDN B channel for two separateconversations (split B-channel). In Multi-Link Protocol Mode, PPP simultaneously sends andreceives data over two ISDN B-channels on the same connection to optimize bandwidth usage.The STAC Electronics Stacker LZS Compression Protocol is supported over PPP providing up to4:1 data compression.PAP and CHAP SecurityThe CSX400 supports the Password Authentication Protocol (PAP) and Challenge HandshakeAuthentication Protocol (CHAP) under PPP.PAP provides verification of passwords between devices using a 2-way handshake. One device(peer) sends the system name and password to the other device (authenticator). Then theauthenticator checks the peer’s password against the configured remote peer’s password andreturns acknowledgment.CHAP is more secure than PAP as unencrypted passwords are not sent across the network. CHAPuses a 3-way handshake and supports full or half-duplex operation.In half-duplex operation, the authenticator device challenges the peer device by generating aCHAP challenge, and the challenge contains an MD5 algorithm with a random number that hasyour encrypted password and system name. The peer device then applies a one-way hashalgorithm to the random number and returns this encrypted information along with the systemname in the CHAP response. The authenticator then runs the same algorithm and compares theresult with the expected value. This authentication method depends upon a password or secret,known only to both ends locally.Full-duplex operation places an additional step to the half-duplex operation that mirrors theoperation discussed above for a peer to validate the authenticator. The peer device challenges theauthenticator by generating a CHAP challenge, and the authenticator returns a CHAP response.