3Com 11.1 manual Additional RAS Enhancements, Extensible Authentication Protocol, Dhcp Proxy

Page 11

12NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

Additional RAS Enhancements

The RAS service has been enhanced in this release to add support for routers acting as RAS clients. Support was added for the RADIUS attributes “Framed_Route” and “Framed_Netmask.” Previous releases of software ignored these attributes when/if the RADIUS server responded with them and provided a "host" address and subnet mask to all RAS callers.

RAS services have been added to the SuperStack II NETBuilder SI (CF package) and the NETBuilder II multiprotocol nonencrypted software (DW package).

Extensible Authentication Protocol

The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP authentication that supports multiple authentication mechanisms. It is being included in Windows NT 5.0 and simplifies support of token-based authentication. This feature supports customers who use token card authentication systems with NETBuilder bridge/routers as their network access servers. Specifically, only the following authentication methods are supported:

MD5-Challenge

Generic Token Card

The Default Authentication Protocol parameter for the PPP Service does not include a configuration option for EAP at the time of the 11.1 release. The functionality will be available in a patch release for 11.1. Contact your 3Com support representative for a patch version of the software that allows you to set this parameter.

DHCP Proxy

During an IPCP negotiation, a remote client may ask for an IP address to be assigned. The IP address can be obtained either through an internal IP address pool or from an external DHCP server. To support dynamic IP address assignment for RAS clients through an external DHCP server, the NETBuilder bridge/router must act as a proxy agent on behalf of each remote client.

Encryption Strength

New levels of encryption strength and algorithms have been added to this release. 3Com has extended the encryption software to support up to 128 bits. RC5 and 3DES-2key have been added to the IPSEC feature set (MPPE will continue to use RC4). For this release of 3DES, the key length is limited to up to 128 bits. In 3DES-2key (the implementation for 11.1) the first key is also used for the last key (first key, second key, first key).

The “strong” encryption software upgrades and hardware ship kits are recognizable via the 3CR number and the package identifiers.

<128 bit support packages/kits contain:

A package identifier ending in ‘S’ (example, NS)

A 3CR number containing/ending in ‘92’ (examples, 3CR856792, 3CR6452P92FLASH)

Page 10 Page 12
Image 11
Page 10 Page 12
Contents NETBuilder Family Software Version 11.1 Release Notes 95052-8145 3Com CorporationBayfront Plaza Santa Clara, CaliforniaContents CPU Utilization Statistic Deleting ATM Neighbors Web Link Documentation Path Zmodem Time Out Known ProblemsBcmfdinteg File Conversion Considerations Limitations Accm Not Configurable Web Link Login SupportNAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex Mode Displaying Configuration Profiles Dynamic PathsHow IPsec Works Policies Authentication Header AHCONFiguration Configuring IPsecStatPollInterval Contact 3Com or your network supplier Netbuilder Software Version Release NotesEncryption PackagesApproved 20 MB Flash Memory Cards New ProductsSupported PC Flash Memory Cards Lists 3Comapproved vendors of the PC flash memory cardSIMMs New FeaturesVPN Features Layer Two Tunneling Protocol Approved DramEncryption Strength Extensible Authentication ProtocolAdditional RAS Enhancements Dhcp ProxyAlgorithm Package ID Length Virtual Circuit PrioritizationSummary of Encryption Strengths Encryption KeyBGP-4 Enhancements IP Version 6 PhaseFirewall Enhancements Boundary Router Remote LAN Detection Ospf Not-So-Stubby-Area NssaFrame Relay PVC Q.933 Support Data Over Voice B-Channel Isdn SpecificationNETBuilder Web Link Improvements Features Ascii BootToken Ring in Fast Ethernet Tife 56/64K CSU/DSU External LoopbackPlacing a Data Over Upgrade Management Utilities and NETBuilder Upgrade LinkApplication Notes Flash LoadToggle the respective paths. Type ExampleNew Features Application Notes Version 11.1 for the NETBuilder bridge/router platforms NETBuilder II Software FeaturesSoftware IBM Protocols Other FeaturesNETBuilder II Firmware Requirements NETBuilder II Firmware RequirementsSuperStack II NETBuilder SI Software Features 458 438Memory Requirements SuperStack II NETBuilder Ethernet and Token Ring FeaturesModels Features Token Ring 131 OfficeConnect NETBuilder Software FeaturesModels Features Token Ring WAN Protocols Model and Software Package 112 132 111 145112 131 120 132 Additional OfficeConnect NETBuilder Models Software Features 136 117 137116 Memory Requirements Ruuaix111.1 Utilities for the Solaris 2.5 platformsRuuhp111.1 Utilities for the HP-UX 10.x platformsNETBuilder Upgrade Management Utilities Etc/passwd. You must add an entry can be ignored Known IssuesSVCs PROfile ServiceBridge Static Routes DLSwToken Ring a non-source routed frame Dialog boxes will be fully visible without scrollingModems Ports in DCE ModeSupported Asynchronous Modems Supported Synchronous ModemHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports 3Com Bridge/Routers and Supported Features Token Ring Frame Copy ErrorsFrame Copy Errors under LAN Net Manager Known Problems Value Interrupt the boot cycle and enter monitor modeThis system SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations IBM Boundary Routing Processor/Frame Relay Relay port is Access for LLC2 TrafficNumber of TCP Connections Front-EndSnmp Management SpeedMultilink PPP Port running PPPSource Route Service Point Source-RouteSdlc Adjacent Link Stations for AppnSoftware Update Pages Using Netbuilder FamilyReplace with this chapter Configuring IpsecProcedures in this section describe how to configure IPsec Configuring IPsecOn bridge/router 2, enter Creating an Encryption PolicyOn bridge/router, 2 enter Creating a Security PolicyManual key information, use For example, to create a new encryption key set, enterConfidentiality and data integrity To disable Ipsec on port 1, enterConfigure an Ipsec policy/security association by entering Enable Layer 2 Tunnelling by enteringAssign an IP address to the tunnel virtual port by entering Create a route between the two tunnel endpoints by enteringIntercepted and viewed Enable Layer 2 Tunnelling Pptp by enteringHow IPsec Works Create a route between two tunnel endpoints by enteringHow IPsec Works Configuring Ipsec Reference for Netbuilder Family CONTrol Ipsec Service ParametersCONFiguration Ipsec Service Parameters and CommandsKeySet ManualPOLicy ManualKeyInfoSrcipaddr/mask Is assigned dynamically using Ipcp or DhcpPolicyname Name you assign to the policy you are adding Be all or ALL239.255.255.254 Encrypt phases, and the second 8 bytes for the decryptPhase of the encrypt-decrypt-encrypt Specifies Cipher Block Chaining mode of the DataIpsec Service Parameters Rsvp Service Parameters UDPEndcap MaxFlowRateREQuest RESerVationPlace this page in front of Chapter SR Service ParametersAllRoutes ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters StatPollInterval Weblink Service ParametersWeblink Service Parameters
Top Page Image Contents