Nortel Networks 4500 FIPS manual User Services

Page 12

Status Functions : to view the switch configuration, routing tables, active sessions, use Gets to view SNMP{ XE "SNMP" } MIB II{ XE "SNMP:MIB II" } statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs.

Manage the Switch: to log off users, shut or reset the switch, disable or enable audible alarms, manually back up switch configurations, restore switch configurations, create a recovery diskette, etc.

A complete description of all the management and configuration capabilities of the Contivity Extranet switch can be found in the administrators manual, Managing the

Contivity Extranet Switch, and in the online help for the switch.

2.4.2User Services

An administrator (who has manage users rights) assigns each User a name and a User Group. The User Group defines access limitations and services that the User may exercise, including access hours, call admission priority, forwarding priority, number of simultaneous logins, maximum password age, minimum password length, whether passwords may contain only alphabetic characters, whether static IP addresses are assigned, idle timeout, forced logoff for timeout, filters, whether IPX is allowed.

The administrator also assigns each User separate User IDs and passwords for the following services: IPSec, PPTP, L2TP, and L2F tunnels. (A fifth ID and password may be assigned for Administration of the switch as described in 2.4.1.) The User may then authenticate as necessary to initiate secure tunnels using any of these services.

IPSec: Requires authentication through User Name and Password (checked against an LDAP directory or using AXENT or a SecureID token). This authenticates the User to the switch and is protected using ISAKMP. The Switch may be configured to additionally require authentication through RADIUS with a Group Name and Password. Security options for IPSec include using an Encapsulated Security Payload (ESP) with Triple-DES, Data Encryption Standard (DES), or “40-bit DES”, and an Authentication Header (AH) with Message Authentication Code Secure Hash{ XE "SHA" } Algorithm{ XE "secure hash algorithm" } (HMAC-SHA) or HMAC-MD5.

PPTP: Requires authentication using MS-CHAP, CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption.

L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption.

L2F: Requires authentication using CHAP, or PAP.

© Copyright 2000 Nortel Networks.

12

Page 11 Page 13
Image 12
Page 11 Page 13
Contents Level 2 Validation February Copyright 2000 Nortel NetworksTable of Contents Introduction Contivity Extranet 4500 SwitchSecure Operation of the Contivity Switch Introduction PurposeReferences TerminologyCopyright 2000 Nortel Networks Contivity Extranet 4500 Switch Cryptographic ModuleModule Interfaces Physical Interfaces Switch physical interface Fips 140-1 Logical Interface Redundancy and Physical SecuritySteel Cover of the Extranet Switch Contivity Extranet Switch Roles and Services Damaged Tamper-Evident LabelCrypto Officer Services User Services Secure Operation of the Contivity Switch Key ManagementSelf Tests Recommended Required
Top Page Image Contents