Enterasys Networks CSX7000, CSX5500, CSX6000 Configuring Link Layer Encryption PPP Encryption only

CONFIGURING ENCRYPTION

Configuration

Note: For the Final Destination and Source IP addresses, you may enter the entire address (i.e.,

197.1.2.2vs. 197.1.0.0); however, the subnet mask will determine how many significant bits the system will actually consider.

5.The next series of questions pertain to the Authentication Header. To implement an Authentication Header, select Authentication using MD5, and provide a shared secret authentication key. If you do not wish to use an Authentication Header, select No Authentication:

Security Association Authentication Menu:

1)No Authentication

2)Authentication using MD5

3)Id of Authentication to use [default = 1]? 2

Enter the Shared Secret Authentication Key for this Association:

6.Complete this IP Security configuration:

Enter the Security Parameter Index (SPI) for this Security Association: 12345678

Select function from above or <RET> for previous menu:

Refer to the Background Information section for a pertinent example of IP Encryption configuration.

USING MANAGE MODE

Not currently supported.

CONFIGURING LINK LAYER ENCRYPTION (PPP ENCRYPTION ONLY)

Link Layer Encryption provides encryption capabilities for all protocols within a PPP environment. This feature allows you to:

•enable encryption for PPP devices,

•select either an automatic key exchange or manually-configured keys, and then

•for manual-key configuration, assign key values to devices to encrypt/decrypt datagrams

USING CFGEDIT

1.From the CFGEDIT Main Menu, select Security.

2.Select Device Level Databases.

3.Select On-node device entries.

4.Follow on-screen instructions to enable device level security, and then add a new (or change an existing) device. Refer to Configuring Device Level Databases for details.

5.From the Device Table Menu, select Encryption. A menu similar to the following will be displayed:

Central Site Remote Access Switch 233