3Com 11.1 - page 11

NETB

UILDER SOFTWARE VERSION 11.1 RELEASE NOTES

Additional RAS Enhancements

The RAS service has been enhanced in this release to add support for routers

acting as RAS clients. Support was added for the RADIUS attributes

“Framed_Route” and “Framed_Netmask.” Previous releases of software ignored

these attributes when/if the RADIUS server responded with them and provided a

"host" address and subnet mask to all RAS callers.

RAS services have been added to the SuperStack II NETBuilder SI (CF package) and

the NETBuilder II multiprotocol nonencrypted software (DW package).

Extensible Authentication Protocol

The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP

authentication that supports multiple authentication mechanisms. It is being

included in Windows NT 5.0 and simpliﬁes support of token-based authentication.

This feature supports customers who use token card authentication systems with

NETBuilder bridge/routers as their network access servers. Speciﬁcally, only the

following authentication methods are supported:

■MD5-Challenge

■Generic Token Card

The Default Authentication Protocol parameter for the PPP Service does not

include a conﬁguration option for EAP at the time of the 11.1 release. The

functionality will be available in a patch release for 11.1. Contact your 3Com

support representative for a patch version of the software that allows you to set

this parameter.

DHCP Proxy

During an IPCP negotiation, a remote client may ask for an IP address to be

assigned. The IP address can be obtained either through an internal IP address

pool or from an external DHCP server. To support dynamic IP address assignment

for RAS clients through an external DHCP server, the NETBuilder bridge/router

must act as a proxy agent on behalf of each remote client.

Encryption Strength

New levels of encryption strength and algorithms have been added to this release.

3Com has extended the encryption software to support up to 128 bits. RC5 and

3DES-2key have been added to the IPSEC feature set (MPPE will continue to use

RC4). For this release of 3DES, the key length is limited to up to 128 bits. In

3DES-2key (the implementation for 11.1) the ﬁrst key is also used for the last key

(ﬁrst key, second key, ﬁrst key).

The “strong” encryption software upgrades and hardware ship kits are

recognizable via the 3CR number and the package identiﬁers.

< 128 bit support packages/kits contain:

■A package identiﬁer ending in ‘S’ (example, NS)

■A 3CR number containing/ending in ‘92’ (examples, 3CR856792,

3CR6452P92FLASH)