12NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

Additional RAS Enhancements

The RAS service has been enhanced in this release to add support for routers acting as RAS clients. Support was added for the RADIUS attributes “Framed_Route” and “Framed_Netmask.” Previous releases of software ignored these attributes when/if the RADIUS server responded with them and provided a "host" address and subnet mask to all RAS callers.

RAS services have been added to the SuperStack II NETBuilder SI (CF package) and the NETBuilder II multiprotocol nonencrypted software (DW package).

Extensible Authentication Protocol

The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP authentication that supports multiple authentication mechanisms. It is being included in Windows NT 5.0 and simplifies support of token-based authentication. This feature supports customers who use token card authentication systems with NETBuilder bridge/routers as their network access servers. Specifically, only the following authentication methods are supported:

MD5-Challenge

Generic Token Card

The Default Authentication Protocol parameter for the PPP Service does not include a configuration option for EAP at the time of the 11.1 release. The functionality will be available in a patch release for 11.1. Contact your 3Com support representative for a patch version of the software that allows you to set this parameter.

DHCP Proxy

During an IPCP negotiation, a remote client may ask for an IP address to be assigned. The IP address can be obtained either through an internal IP address pool or from an external DHCP server. To support dynamic IP address assignment for RAS clients through an external DHCP server, the NETBuilder bridge/router must act as a proxy agent on behalf of each remote client.

Encryption Strength

New levels of encryption strength and algorithms have been added to this release. 3Com has extended the encryption software to support up to 128 bits. RC5 and 3DES-2key have been added to the IPSEC feature set (MPPE will continue to use RC4). For this release of 3DES, the key length is limited to up to 128 bits. In 3DES-2key (the implementation for 11.1) the first key is also used for the last key (first key, second key, first key).

The “strong” encryption software upgrades and hardware ship kits are recognizable via the 3CR number and the package identifiers.

<128 bit support packages/kits contain:

A package identifier ending in ‘S’ (example, NS)

A 3CR number containing/ending in ‘92’ (examples, 3CR856792, 3CR6452P92FLASH)

Page 11
Image 11
3Com 11.1 manual Additional RAS Enhancements, Extensible Authentication Protocol, Dhcp Proxy, Encryption Strength