Perle Systems 1700 manual Configure PPP Security, Security Level

Page 60

Applications

Security

The router provides a number of means of providing security on incoming and outgoing traffic on a network. These methods include access password authentication, firewall limiting access to only designated device addresses, private network address translation (NAT) and filtering for both incoming and outgoing traffic.

Configure PPP Security

The PPP P1705 & P1730 provide support for both PAP and CHAP security access authentication. An outgoing user name, PAP password, and CHAP secret are defined that the router will use when responding to an authentication request from a remote site PPP router.

The cold start defaults for the security user name and passwords are as follows. These defaults will exist when the router is first started before and configuration is entered, and after a Full Reset has been performed. These default values are also set when the router is placed in TFTP Network load mode for upgrading the operating software via TFTP transfers. Care should be taken when upgrading a group of routers that have security levels set.

Default outgoing user name for each remote site when it is defined is the same as the default device name. Default PAP password and CHAP secret are both set to “BRIDGE”.

The complete password security configuration for both incoming and outgoing calls is defined within the Security menu of the WAN set-up section.

Security Level

Location: Main

ªConfiguration

ªWAN Set-up

ªSecurity Set-up

ªSecurity Level

The security level defines the type of security that this router will request when a remote site PPP router attempts to establish a PPP connection. The security may defined as none, PAP, or CHAP.

When a security level is defined on this router, an entry for each remote site PPP router that may be connected to this router must be placed in the security database. The security database is used to store the user names and passwords of the remote site PPP routers.

54

Image 60

Contents Bridge / Routers User And System Administration Guide Federal Communications Commission FCC Using This Manual Contents Introduction to Filtering Appendix D Interface Pinouts Unpack the Router Select a SiteIdentify the Reset Switch Location of the Reset Hole on RouterIdentify the Connectors P1705P1730 Connect to the Console Make the Link ConnectionsPower Up the Bridge/Router Managing the P1705 & P1730 Using the MenusConventions Option NameLogin to Bridge/Router and Enter the Required Configuration PasswordT1 or E1 56/64 kbpsAs specifed First channelNumber of channels ReservedMandatory Configuration Isdn U Isdn S/T PPP IsdnIdentify the Status LEDs OffTypical Applications & How to Configure Them Bridging and Routing Should You Bridge or Route? Bridging Networks Bridged across a WAN linkIP Routing IP Address / Size of Subnet MaskIP Addressing Masks IP SubnetsDefining an IP Subnet Mask IP Default Gateway IP Static RouteIPX Routing Novell Servers in Both LocationsNovell Servers in One Location Only IPX Routed Local Area Networks Servers on one sideIPX Routing Ethernet-II FramesRAW 802.3 Frames Ieee 802.2 FramesNovell Server with Dual LANs IPX ForwardingSelect LAN1 or LAN2 PPP Link Configuration PPP OverviewNumbered Links Link IP addressUnnumbered Links Peer IP addressMultilink Operation Basic WAN Configurations Basic Isdn ConnectionsSwitch Type Directory NumberSpid Soft Reset Console after a full resetPPP Isdn Manual Call Quick Connections Manual Call IP Address / Subnet mask sizeBasic Frame Relay Configuration Frame Relay configurationAuto Learning the Frame Relay Configuration Link SpeedManual Configuration LMI Type LMI TypePPP Enabled Quick Start Frame RelayIP Address / mask size Basic Leased Line Configuration Quick Start PPP Leased Line ConnectionsBridge Connection Configure Remote Site Profiles Configure Remote Site Profiles for Isdn PPP Isdn NumberEnabled Configure Remote Site Profile for Frame Relay ªConfiguration WAN Set up Remote Site Set-upRemote Site Alias DlciPrimary Link CIRDisabled EIRConfigure Remote Site Profiles for Leased Line PPP Site profile Recovery ScheduleConfigure Remote Site Profiles for PPPoE ªenabledLAN ªTCP mss value ª1452 ªISP provided username ªPPPoE remote site aliasAdvanced Features Configure Dynamic Host Configuration ProtocolªServer ªIP Address / number of addressesIP address local DNS server IP address external DNS serverEnter the private network IP address of each service offered Network Address Translation and Port Translation11 Napt Configuration Configure PPP Security SecuritySecurity Level Incoming PAP Password Outgoing PAP PasswordIncoming Chap Secret Outgoing Chap Secret Configure Firewall 13 Sample Firewall ApplicationEnter ID# 1 for ISP remote site InboundID# 1 for ISP remote site FTP ServerFilter ID # Destination Address Destination MaskSource Address Source MaskCompression Network Address TranslationFilters Enable Bandwidth On DemandQOS Priority Queuing Location MainªPriority ªPriority List Number ªenable Simple Network Time Protocol SntpªIP Address ªTimeIntroduction to Filtering MAC Address FilteringPattern Filtering NotNetBIOS &NetBEUI Windows For Workgroups Popular FiltersBridge IP & Related TrafficNetBIOS over TCP IP RouterBanyan Other interesting TCP PortsAppendix a Menu Trees Menu Tree Menu Tree Appendix B Octet Locations on Ethernet Frames Octet Locations on a Bridged TCP/IP FrameConfiguration Pages Octet Locations Octet Locations on a Bridged XNS Frame Appendix C Servicing Information Opening the caseIdentifying the Internal Components To Clear a Lost Password Changing LAN or WAN InterfacesSelecting MDI or MDI-X LAN Interface Installing the Isdn Link Modules Processor settings for the Isdn Link ModulesConnecting to the ISDN-U Link Module Changing the Termination Straps on the Isdn S/T InterfacePerforming a Software Upgrade PC used for Tftp transfers Router a Router B Router C Pinout Information Link Clocking InformationATL-CSU/DSU Link Module Information Switches Console Pinouts DB25 Female DCE24 & RS232C Link Pinouts DB25 Female DTE11/X.21 Link Pinouts DB15 Female DTERS442 & RS530 Link Pinouts DB25 Female DTELink Pinouts DCERS232 Null-Modem Cable Configuration Figure D-9 RS232 Null-Modem CableNull-Modem Cable Configuration Figure D 10 V-35 Null-Modem CableRS530 Null-Modem Cable Configuration Figure D-11 RS530 Null-Modem CableRS530 To RS449 Conversion Cable Figure D-12 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration Figure D-13 V.11/X.21 Null-Modem Cable