Manuals / ADTRAN / Computer Equipment / Network Router

ADTRAN 1200350L1 user manual Security/PPP

Models: 1200350L1

1 134

Download 134 pages 2.52 Kb

Page 57

Security/PPP

Chapter 4: Configuration Overview

Security/PPP

Write security: 1; Read security: 2

The PPP peer can be authenticated using three standard methods:

1.PAP (Password Authentication Protocol),

2.CHAP (Challenge Handshake Protocol)

3.EAP (Extensible Authentication Protocol).

The strength of the authentication is determined in the following or- der:

1.EAP

2.CHAP

3.PAP (where EAP is the strongest and PAP is the weakest)

PAP is a clear-text protocol, which means it is sent over the PPP link in a readable format.

Do not allow highly sensitive passwords to become compromised using this method.

CHAP and EAP use a one-way hashing algorithm which makes it virtually impossible to determine the password. EAP has other ca- pabilities which allow more flexibility than CHAP.

The following selections are possible:

PAP, CHAP or EAP (def) - The Router Option Module will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP or PAP.

CHAP or EAP - The Router Option Module will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP but not PAP.

EAP - The Router Option Module will only allow EAP to be negoti- ated. If the PPP peer is not capable of doing EAP, then the connec- tion will not succeed.

61200350L1-1

Router Option Module User Manual

4-21

Image 57

ADTRAN 1200350L1 user manual Security/PPP

Contents

1200350L1 USER MANUAL 61200350L1-1A JulyRouter Option Module IQ View is a trademark of ADTRAN Trademark InformationABOUT THIS MANUAL Notes provide additional useful information FEDERAL COMMUNICATIONS COMMISSION RADIO FREQUENCY INTERFERENCE STATEMENTCANADIAN EMISSIONS REQUIREMENTS CANADIAN EQUIPMENT LIMITATIONS Chapter 2. Installation Table of ContentsChapter 1. Introduction Chapter 3. OperationTable of Contents Chapter 4. Configuration OverviewTable of Contents Spanning Tree/Bridge Group Configuration/PPP Profile Chapter 5. Statistics Router Statistics Available on Front Panel Utilities/Upgrade MenuTest Menu/Echo Request Logs/Syslog HostAppendix A. Pinouts List of Figures List of Figures Router Option Module User Manual61200350L1-1 Pin Assignments for Control Connector List of TablesTable A-1 Table A-2xviii List of TablesRouter Option Module User Manual 61200350L1-1Chapter IntroductionPRODUCT OVERVIEW Basic Functions of Router Option ModuleRouting and Bridging with the Router Option Module Factory DefaultNetwork Address Translation NAT PPP or Frame RelayNetwork Address Translation Mode NAT Concurrent Routing and BridgingIPX Routing Warranty and Customer Service UNPACK, INSPECT, POWER UP Receipt Inspection InstallationADTRAN Shipments Include ChapterFigure 2-1. Installing the Option Module INSTALLATION Placement of the Option ModulePower Connection Attaching the Plug-On BoardFigure 2-2. Attaching the Plug-On Board Control 10BaseTFigure 2-3. Router Option Module Rear Panel FRONT PANEL OperationTerminal Menu Structure Main Menu OptionsFigure 3-1. Top Level Terminal Menu Configuration MenuTest Menu Status MenuLogs Menu Utilities MenuGeneral Layout NAVIGATING THE TERMINAL MENUSMenu Path Moving AroundDescription Menu OptionReading Menu Options Navigating the KeyboardIf you want to Session ManagementPress If you want toConfiguration If you want toPress Security Security LevelsLevel No DescriptionFigure 3-2. Router Option Module Front Panel Menu Structure 3-10 Chapter 3 OperationRouter Option Module User Manual 61200350L1-1CONFIGURATION MENU Configuration/System Info Chapter 4 Configuration OverviewFigure 4-1. Configuration/System Info Screen 61200350L1-1System Location System NameSystem Contact Firmware RevisionFigure 4-2. Configuration/Frame Relay Screen WAN/DSO Rate Configuration/WANConfiguration/IP Figure 4-3. Configuration/IP ScreenIP/IP Address also available via Front Panel Static Routes/Active IP/Static RoutesStatic Routes/IP Address Write security 4 Read security Static Routes/Subnet Mask Write security 4 Read securityIP Router/Mode IP/IP RouterIP/RIP RIP/ModeNAT/Default IP NAT/DHCP ModeRIP/V2 Secret IP/NATIP/DNS IP/UDP RelayDNS/Domain Name DNS/ServerUDP Relay List/Relay Address Write security 3 Read security UDP Relay/UDP Relay ListUDP Relay List/UDP Port Type IP/Proxy ARPConfiguration/IPX Figure 4-4. Configuration/IPX Screen IPX/ModeIPX/Network IPX/Frame Type Seeding SelectionIPX/Seed Status DescriptionIPX/SAP Timer IPX/RIP TimerSeeding Selection DescriptionFigure 4-5. Configuration/Bridge Screen Bridge/Mode Configuration/BridgeWAN IP Bridge/Network Bridge/WAN IP BridgeWAN IP Bridge/Netmask Write security 2 Read security WAN IP Bridge/Triggered Write security 2 Read securityWAN IPX Bridge/Frame Type Write security 2 Read security WAN IPX Bridge/Network Write security 2 Read securityWAN IPX Bridge/Seed Status Write security 2 Read security WAN IPX Bridge/Triggered Write security 2 Read securitySpanning Tree/Priority Write security 2 Read security Spanning Tree/Forward Delay Write security 2 Read securitySpanning Tree/Maximum Age Write security 2 Read security Spanning Tree/Hello Time Write security 2 Read securitySpanning Tree/Bridge Group LAN Port/PriorityBridge Group 1/Active Bridge Group 1/Path Cost Write security 2 Read securityBridge/Address Table Address Table/AgingAddress Table/Forward Policy Write security 3 Read security Figure 4-6. Configuration/Security Screen Configuration/SecuritySecurity/Authentication Write security 1 Read security Security/Radius ServerRadius Server/Secondary Server Write security 1 Read security Radius Server/Primary Server Write security 1 Read securityRadius Server/UDP Port Write security 1 Read security Radius Server/SecretSecurity/PPP Filter Defines/MAC Filter Defines Security/Filter DefinesFilter Defines/IP Filter Defines Write security 2 Read security Filter Defines /Pattern Filter DefinesFilter Defines /IPX Filter Defines 16-bit value which is the source socket Virtual Circuit Types Frame RelayDescription Frame Relay/Maintenance Protocol Frame Relay/Polling Frequency Write security 3, Read securityFrame Relay/DLCI Mapping If you want to ThenDLCI Mapping/DLCI DLCI Mapping/ActiveDLCI Mapping/IP Map IP Map/ActiveIP Map/Link IP Address Write security 3, Read security IP Map/RIP ProtocolIP Map/RIP Method DLCI Mapping/IPX Map IP Map/RIP DirectionIPX Map/Active IPX Map/IARPBridge Map/Active DLCI Mapping/Bridge MapBridge Map/Bridge Group Write security 3, Read security DLCI Mapping/FiltersPattern - from the Configuration/Security/Filter MAC - from the Configuration/Security/FilterIP - from the Configuration/Security/Filter IPX - from the Configuration/Security/FilterFilters/Out Exceptions Filters/Out to PVCConfiguration/PPP Profile Figure 4-7. Configuration/PPP Profile ScreenPPP Profile/Authentication Authentication/Tx Username Write security 1 Read security Authentication/Tx Method Write security 2 Read securityAuthentication/Tx Password Write security 0 Read security Authentication/Rx UsernameIP/Route IP/ModeRoute/IP/Net Route/NetmaskRIP/Mode IP/RIPRIP/Protocol RIP/MethodPPP Profile/IPX RIP/TriggeredIPX/Mode IPX/Remote NetworkBridge/Mode PPP Profile/BridgePPP Profile/PPP PPP/VJ CompressionPPP/Max Timer PPP/Max ConfigPPP/Max Failure PPP Profile/FiltersFilters/In Exceptions Filters/Out Exceptions Filters/LAN-to-WAN Out Write security 2 Read securityFigure 4-8. Configuration/Management Screen Management/Telnet Configuration/ManagementTelnet/Server Access Telnet/User ListUser List/Name User List/PasswordUser List/Authen Method User List/Idle TimeSNMP/Communities SNMP AccessCommunities/Name Communities/PrivilegeMaint Port/Password Maint Port/Password Protect Write security 0 Read securityManagement/Maint Port Maint Port/Baud RateMaint Port/Stop Bits Configuration/Terminal ModeSTATUS MENU StatisticsFigure 5-1. Status Screen ChapterName Status/SessionsSessions/PPP Session DescriptionState DefinitionSessions/DLCI Table Sessions/Spanning Tree Status/ARP CacheStatus/IP Routes Status/Bridge TableName DescriptionIP Routes/Flags Name Status/IPX RoutesDescription localStatus/WAN Stats Status/IPX ServersName DescriptionStatus/LAN Stats NameDescription Status/IP Stats Router Statistics Available on Front Panel Viewing Statistical Information Front Panel InterfaceStep Action5-12 Chapter 5 StatisticsRouter Option Module User Manual 61200350L1-1TEST MENU DiagnosticsTest Menu/Echo Request ChapterLOGS MENU LevelDescription Logs/PPP Log Logs/Syslog HostPPP Log/Active PPP Log/WrapLogs/Network Log Logs/Connection LogConnection Log/Active Connection Log/WrapNetwork Log/Level Network Log/WrapNetwork Log/View Network Log/ClearChapter 6 Diagnostics Router Option Module User Manual61200350L1-1 Utility Menu TERMINAL MODE Utilities MenuFigure 7-1. Utilities Screen ChapterUtilities/Ping Utilities/Upgrade MenuUtilities/Telnet Client Chapter 7 Utility MenuUpgrade/TFTP Host Upgrade/Transfer MethodUpgrade/Filename Upgrade/StatusUpgrade/TFTP Server Upgrade/Abort TransferCMD Mode Utilities/ExitPinouts Table A-1 Pin Assignments for Control ConnectorAppendix A Table A-2 10BaseT EthernetAppendix A Pinouts Router Option Module User Guide61200350L1-1 Power SPECIFICATIONS AND FEATURESAppendix B Ethernet Interface LANAppendix B Specifications Router Option Module User Guide61200350L1-1 Appendix C PPP Log MessagesLog Messages IPCP X down EAP authen failedIPCP X up IPXCP X downNo IP addr for peer Negot not convergingNo Response from peer PAP authen failedPeer refused authen Peer failed PAP authenPeer refused SpanTree PPPtxx …Power Up - last down cause reason Call Log MessagesInstalling bad default route ifnum=inter metric=hops gw=ip Network Log MessagesAttempting to add bad IP iface route ifnum=inter dest=ip DHCP couldnt alloc memsyslog no port TELNETD Set TCPCLISTENQ failed UNDERSTANDING SNMP Appendix DSNMP Components Network ManagerPage SNMP Embedded Agent CommunitiesTraps Appendix D SNMP Router Option Module User Guide61200350L1-1 MENU COMMANDS Terminal Mode CommandsAppendix E TypeKey Word Key WordsGoes directly to the following menu For ExampleDownload/Uploading Configuration Additional CommandsAppendix E Terminal Mode Commands Router Option Module User Guide61200350L1-1 Index CHAP 4-21agent D-1, D-3 EAP 4-21 IP/RIP 4-6 IP/NAT 4-7IPX/mode 4-10 NAT 1-2, 4-7PPP 1-2, 4-21 PAP 4-21Radius 4-19 RIP 1-1, 1-3, 4-6SNMP 4-45, D-1 SAP 1-1Page Presales Inquiries and Applications Support Product Support InformationPost-Sale Support Repair and Return