Enterasys Networks CSX5500, CSX6000, CSX7000 MULTI-LEVEL Security, To verify multi-level security

USER’S GUIDE

MULTI-LEVEL SECURITY

To verify device and user level security to the CyberSWITCH, the WAN lines that are connected to the system must be available for use, and IP, AppleTalk, or bridging options must be properly initialized. The remote devices must be operational and available to initiate ISDN WAN connections. The remote device must be configured on a device database, with User Level Authentication initially disabled. A client PC on the LAN of the remote device must a user ID and password for a user level database on an off-node server. Both databases must be enabled and available.

Below is an example of a configuration used to verify multi-level security over an IP WAN UnNumbered interface. It uses IP addresses specific to the example. Substitute the IP address of your network when you perform the multi-level security verification steps. It also uses the “ping” command. The “ping” command sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the equivalent command on your network.

To verify multi-level security:

1.Determine if the client PC can ping the Service Server. On the Client PC, type: ping 100.0.0.2 <return>

If the ping is successful, then continue with the next step.

If the client PC CANNOT ping to the Service Server, refer to IP Routing over a WAN UnNumbered Interface Connection in the Verifying Routing Protocols chapter.

2.Reconfigure the definition of the remote device in the device database to enable User Level Authentication. Attempt to ping the Service Server again. On the client PC, type:

ping 100.0.0.2 <return>

If the ping is successful, disconnect the call. Ensure that User Level Authentication is enabled for the remote device, then try the ping again. The ping should fail.

If the client PC CANNOT ping to the Service Server, then continue with the next step.

426 CyberSWITCH