Enterasys Networks CSX7000, CSX5500, CSX6000 specs

CONFIGURING SECURITY LEVEL

Device and User Level Security

DEVICE AND USER LEVEL BACKGROUND INFORMATION

Multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security for all remote devices. User-level authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and bridge users. Only users configured for user level authentication will be required to do so. Refer to the following illustration of a sample IP network configured for multilevel security.

Service	CSX1200
Server	sys name: Ollie
	Device Table	PC
	name: Zoe	PC

Internet				Scally
	CSX5500		CSX1200	Scally
	CSX5500		CSX1200
	1.1.1.1	ISDN	1.1.1.2
	1.1.1.1			PC
				PC
Ace Server	sys name: Zoe		sys name: Sparky
Ace Server			Device Table

	Device Table
	Device Table		name: Zoe
	name: Sparky		name: Zoe
	name: Sparky
	name: Ollie			Simon
				Simon

The network security level has been configured for both device level and user level security. Certain remote devices, such as Ollie, are able to dial-in and are only authenticated at the device level. However, remote devices, such as Sparky, are configured in the device level database to be authenticated at the user level as well as at the device level.

For example, Scally is using the PC on the LAN attached to Sparky, a CSX1200. Scally needs to download some files off of the Service Server, which is on the LAN connecting to Zoe, a CSX5500. Upon initiation of Scally’s call, device level authentication begins. Zoe checks its on-node device database to see if Sparky is a valid device, and whether its IP address and password are also valid. If valid, Zoe allows the connection, however a data filter is placed on the connection. This filter only allows Telnet session traffic to flow over the connection between Zoe and Sparky. User level authentication begins when Scally telnets to the IP address 1.1.1.1, port 7003, which is the port assigned to the ACE server. Zoe sends the user level login prompt to Scally’s PC. Once Scally completes the login and password information, Zoe relays this data to the ACE Server. If Scally is a valid user in the ACE database and provides the correct login and password, Zoe removes the restrictive filter so he may access the Service Server, or any other system on that LAN. Now that Scally has been properly authenticated, any users on his LAN may access the systems attached to Zoe. For example, while Scally is downloading files, Simon could boot up his PC and access the Internet without going through the authentication process.

Enterasys Networks CSX7000, CSX5500, CSX6000 manual Device and User Level Background Information

Models: CSX7000 CSX6000 CSX5500

DEVICE AND USER LEVEL BACKGROUND INFORMATION

ISDN

Central Site Remote Access Switch 173