User level databases, Off-node server information, Network login information – Enterasys Networks CSX6000 User Manual
Page 163: Configuring user level databases, Configuring off-node server information, Configuring network login information
Central Site Remote Access Switch 163
S
ECURITY
O
VERVIEW
User Level Databases
These environments include an on-node database and a variety of off-node, central authentication
databases. The on-node database contains a list of valid devices that can access the network
resources connected to the CyberSWITCH. This list of valid devices is configured and stored
locally. A central database allows a network with more than one CyberSWITCH to access one
database for device authentication. Supported central authentication databases for device level
security include: CSM and RADIUS.
U
SER
L
EVEL
D
ATABASES
If user level security or multi-level security has been chosen, then the next phase of security
configuration involves enabling an off-node user level authentication database, and then
specifying the Telnet port used to access that database. User level security is only available through
an off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.
O
FF
-
NODE
S
ERVER
I
NFORMATION
If an off-node authentication server has been chosen for device or user level security, then the next
phase of security configuration requires that these servers are appropriately configured in the
system.
CSM is an off-node, central database supported by the CyberSWITCH. CSM is installed on a
Windows NT system that is local to the network. It operates with an SQL Server that can store data
for thousands of users. A TCP connection allows the CyberSWITCH to communicate with CSM.
The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
Access Control Encryption (ACE) is a database supported by the system. ACE operates using two
components: client code and server code. The ACE Server software is installed on a UNIX-based
system connected to the network. The client protocols allow the CyberSWITCH to communicate
with the ACE Server, ultimately authenticating users.
N
ETWORK
L
OGIN
I
NFORMATION
The last phase of security configuration involves configuring network login information. If you are
using User Level Security or Multilevel Security, you may customize banners and login
configuration to suit the needs of your particular installation. You may also specify the number of
login attempts and password change attempts. Specific login elements, such as prompt order, for
RADIUS and TACACS are defined here.