Enterasys Networks CSX5500, CSX6000, CSX7000 manual Outbound Authentication

CONFIGURING DEVICE LEVEL DATABASES

On-node Device Entries

OUTBOUND AUTHENTICATION

This parameter allows you to enable or disable PPP outbound authentication procedures. When

PPPoutbound authentication is enabled, PPP (CHAP or PAP) authentication is required at both ends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH does not authenticate the remote device when dialing out. If enabled, the CyberSWITCH will authenticate the remote device. Outbound authentication is required if a PPP device is associated with a frame relay virtual circuit and the virtual circuit name and device name do not match.

USER LEVEL AUTHENTICATION

This parameter allows you to enable or disable user level authentication for this device. When user level authentication is enabled, the device is required to fulfill the necessary requirements of an off- node user level authentication server, such as RADIUS, ACE, or TACACS, after being authenticated at the device level.

IP HOST IDENTIFIER

The IP Host Id is used to authenticate a device over the IP Host (RFC 1294) line protocol. A unique identifier, 1 to 24 non-blank characters in length, it identifies the device. This identifier is exchanged and validated when the device connects to the system. This identifier must be identical to the identifier configured on the device’s IP Host system. This field is only required when the IP routing operating mode is enabled. The identifier entered here must be identical to the configured identifier for the device’s remote IP Host device.

BRIDGE ETHERNET ADDRESS

This address is used for authentication purposes on connections made over the HDLC Bridge line protocol. It is required if Bridge Ethernet Address Security is enabled.

This is the MAC address of the remote bridge device. This value is passed to the system (in band) when a connection is established. The system will look up the incoming Bridge Ethernet Address in the On-node Device Table. If the address is not included in the On-node Device Table, the system will reject the incoming call. If the address is included in the On-node Device Table, and the corresponding device entry is not configured with a bridge password, the connection will be established. If the address is included in the On-node Device Table, and the corresponding device entry is configured with a bridge password, the system will validate the password before establishing the connection.

BRIDGE PASSWORD

This password is used by the HDLC Bridge line protocol. It is an unencrypted password value (a string of 1 to 12 characters) used as a secondary security check when Bridge Ethernet Address Security is enabled. Its use is optional; however, if it is specified, it must be correct for the connection to be allowed. This value is passed to the system (in band) when an incoming call is received. The system compares the incoming password with the value found in the On-node Device Table. If the incoming password matches the associated On-node Device Table Bridge password, the connection is established. Otherwise, the system will reject the incoming call.

This value is stored in the same location as the PAP password, so a change to one password affects the other.

CALLING LINE IDENTIFIER (CLID)

Applicable to ISDN connections only, and only when the CLID option is enabled. You can specify eight CLIDs for each device entry. Each CLID for a given device must be unique. This is the telephone number of the calling party that is connecting to the system. In some areas this information is passed to the system on the ISDN incoming connection message. The system will

Central Site Remote Access Switch 195