System options background information, System options background information 149 – Cabletron Systems CSX1000 User Manual
Page 149
Workgroup Remote Access Switch 149
C
ONFIGURING
S
YSTEM
O
PTIONS
AND
I
NFORMATION
System Options
The above process applies to the system’s authentication of the remote device. It is also possible that
the remote device may wish to authenticate the system itself, a desire that is also negotiated during
the LCP initialization of the link. Enabling CHAP via configuration also permits the system to agree
to be authenticated via CHAP during LCP negotiation. In the same manner that each remote device
has a name and secret, the system itself is configured with a system-wide name and secret that are
used to respond to CHAP challenges.
Note:
When both CHAP and PAP are enabled, the system will request the CHAP protocol first.
If the remote device agrees to CHAP, then the secret that is configured for the device must
match the one that the remote device uses. If the remote device agrees to PAP then the
passwords must match. If only one of either PAP or CHAP is enabled, the system will insist
on that protocol only. If the remote device does not support the enabled protocol, the
device will not be allowed
B
RIDGE
MAC A
DDRESS
S
ECURITY
If bridging is enabled, you have the option of enabling Bridge Ethernet Address Security. Bridge
MAC Address Security may also be enabled if IP routing through a Virtual WAN interface is
enabled. This security option allows you to configure specific Bridge Ethernet Addresses and an
optional password on a per device basis. When Bridge Ethernet Address security is enabled, the
System will look up the received Ethernet address in the Device List. If the address is not found,
the call is disconnected. If the address is found and the corresponding device entry is configured
with a password, the System will validate the password. If the password is not valid, the call will
be disconnected.
IP H
OST
I
D
S
ECURITY
To enable IP Host Id Security, you must first enable IP routing. IP Host Id Security provides added
security through device validation. At connection establishment time, the Device sends an
unencrypted IP Host identifier over the WAN to the System. The System looks up the Device based
on the received IP Host identifier. If the identifier is found in the Device List, the call is accepted.
Otherwise the call is disconnected.
S
YSTEM
O
PTIONS
B
ACKGROUND
I
NFORMATION
When a remote device connects, the CyberSWITCH negotiates the required authentication. In
order for the remote device to be properly authenticated, the CyberSWITCH must have the
appropriate authentication enabled. If the CyberSWITCH does not have the authentication
required by the remote device enabled, the remote device will not be authenticated and the call will
be disconnected.
The possible security options that can be enabled include:
•
Calling Line Id
•
IP Host Id
•
Bridge Ethernet Address
•
PAP
•
CHAP