Enterasys Networks Network Card manual Allocating IP/IPX Addresses to Remote Clients

Configuring an ANG-3000/7000

Allocating IP/IPX Addresses to Remote Clients

When remote clients tunnel into the corporate network, they must be able to access devices on the network just as if they were locally connected. To serve this need, the ANG acts as a router, forwarding packets between devices on the corporate network and remote clients. When remote clients tunnel into the ANG, they must be allocated IP addresses accessible to or on the local network.

To access Novell NetWare servers using IPX protocol, remote clients must receive an IPX network number. RiverMaster allows you to specify a single IPX network number that is shared by all remote clients when they connect. IPX usage is also controlled by a group policy; refer to Chapter 6 for more information on group policies.

You can allocate IP addresses to Aurorean users in one of three ways:

HAssign a specific IP address to each remote client. This address is saved as part of the client’s user name and password account information stored on the Aurorean Policy Server. Once the client authenticates, the address is allocated to the client for the duration of the connection. To receive an IP address in this manner, the remote client must authenticate against the Enterasys authorization plug-in as described in Chapter 4.

HAuthenticate remote clients against an external authentication server (such as a RADIUS server) and have that server allocate IP addresses. To receive an IP address in this manner, the remote client must authenticate against a RADIUS plug-in as described in Chapter 4.

HDefine one or more virtual subnets that act as address pools. Virtual subnets are linked to groups; when a member of a group connects, an address from within the virtual subnet is allocated to that user for the duration of the connection.

To support virtual subnets, the ANG must learn the topology of the corporate network and advertise to other devices that remote clients on the virtual subnet are reachable. To do this, the ANG supports Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) routing protocols. The ANG supports both RIP Version 1 and Version 2.