CONFIGURING OFF-NODE SERVER INFORMATION

ACE Authentication Server

b.Specify the time between retries.

c.Choose between the DES or SDI Encryption Method. The algorithm you select must be compatible with the ACE Server setup.

d.You will also be prompted for a source IP address. This source IP address should be a valid address for the CyberSWITCH. The IP address must match the IP address listed for the system in the ACE Server host machine’s /etc/hosts file.

USING MANAGE MODE COMMANDS

ace

Displays the current ACE Server configuration data.

ace change

Allows you to change the current ACE Server configuration data. After entering the ace change command, you will be prompted for the configuration elements you want to change.

There is also an option to load the ACE configuration file. Use this option only if you have selected the alternate method of configuring the ACE Server on the system using the sdconf.rec file.

ace reinit

Allows you to reinitialize the system ACE client. This is required only if the server’s IP address or encryption method has been changed. A reinitialization removes the user-named services file as described in the ACE Server documentation.

ALTERNATE METHOD OF CONFIGURATION

There is an alternate method of configuring the ACE Server database using a file on the ACE Server itself. If you decide to use this alternate method, you would TFTP the file sdconf.rec to the system, placing it in the \config directory. You would then activate the “load” through CFGEDIT (screen on page 220, selection 4) or through MANAGE MODE, using the ace change command. A restart would also activate the “load.” After downloading the file, you will still need to specify the source IP address.

For more information on the sdconf.rec file and this alternate method of configuration, refer to the ACE Server documentation.

ACE AUTHENTICATION SERVER CONFIGURATION ELEMENTS

IP ADDRESS

The IP address in dotted decimal notation for the ACE Server. The IP address must match the address used for the server in its host machine’s \etc\hosts file.

UDP PORT NUMBER

The UDP port number used by the ACE Server. The default value is 1024. This port number must match the port listed for the SecurID service in the host machine’s \etc\services file.

NUMBER OF ACCESS REQUEST RETRIES

The number of Access Request Retries that the system will send to the ACE Server. The initial default value is 3. The acceptable range is from 0 to 32,767.

Central Site Remote Access Switch 221

Page 221
Image 221
Enterasys Networks CSX7000, CSX5500, CSX6000 manual ACE Authentication Server Configuration Elements