NETGEAR RT210, RT211 Dening Security Levels

Reference Guide for the Model RT210/RT211 ISDN Routers

1-8 Introduction

Password Authentication Protocol

The Password Authentication Protocol (PAP) is the simplest method of enabling security on PPP

links. When the link is being set up, the Peer (caller) sends its Name and Password to the

Authenticator. If the Name and Password match the values stored by the Authenticator, the

connection is allowed to proceed.

Challenge Handshake Authentication Protocol

The Challenge Handshake Authentication Protocol (CHAP) is a more complex method of security.

The Authenticator challenges the Peer, which responds with the output of an algorithm based on

the CHAP Secret and the CHAP Name (the Name of the Path).

The Authenticator veriﬁes the output by using its CHAP Secret conﬁgured on the path CHAP

Name as the key for the algorithm. The Authenticator checks that the output value it calculates is

the same as the one received from the Peer. If the challenge is responded to correctly, the

connection is allowed to proceed. Because the CHAP Secret itself is never sent across the link, it

cannot be discovered by anyone monitoring the line.

Deﬁning Security Levels

Because ISDN is a public service, it opens your network to unauthorized access and security

becomes an important issue. The NETGEAR Model RT210 and Model RT211 ISDN routers are

equipped with the following features designed to maintain security:

• Caller Line Identiﬁcation (CLI or Caller ID) ensures that incoming ISDN calling numbers are

checked before access is granted.

• When PPP is the link protocol for connecting to third-party routers, you can use either

Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol

(CHAP).

— PAP improves security by requesting that a password be sent by the caller.

— CHAP, a more complex method of security, checks the authenticity of the password

without sending it across the link.

NGRRT210.BK Page 8 Friday, October 17, 1997 2:37 PM

Contents

Main Page Page Page Contents Page Page Page Page Page Figures Page Tables Page Preface Audience Purpose Conventions Use of Enter, Type, and Press Special Message Formats Related Publication Customer Support World Wide Web Chapter 1 Introduction Features About the Router Key Features ISDN Support Management Support TCP/IP Support Multilink PPP Support Planning Considerations Basic Concepts Page Connecting to ISDN Using Subaddressing and Multiple Subscriber Numbering Using PPP to Connect to Other Devices Using TCP/IP Dening Security Levels Chapter 2 Installing and Connecting Package Contents Site Preparation Checklists ISDN Services Checklist Network Checklist Installing and Connecting the Router Page 2-6 Installing and Connecting Figure 2-1. Router connections Connecting to ISDN U Interface S/T Interface Installing and Connecting 2-9 Figure 2-2. Connecting the NETGEAR Model RT210 router to ISDN in North America Connecting to a Hub Power Connection Using the FirstGear ISDN Router Conguration Utility Connecting Through a Serial Port or a Telnet Connection Page Page Chapter 3 Conguring the Router Conguration Methods 3-2 Configuring the Router Using the Commands in the Interface Table 3-1. Key character commands Table 3-2. Task commands Page Using the Built-in Interface Quick Setup Page Page Using the Built-In Interface Basic Setup Naming the Router Entering the Network Address Conguring the ISDN Line Connecting to Another NETGEAR or Bay Networks Nautica Router Connecting to a Router Using Point-to-Point Protocol Page Verifying Autocall Operation Operating with a Single IP Address Caller Line Identication (CLI) Obtaining Additional Bandwidth Subaddressing and Multiple Subscriber Numbering (MSN) Page Chapter 4 Menus and Commands Using the Menus Page Menus and Commands 4-3 Figure 4-2 illustrates the built-in interface menu hierarchy. Figure 4-2. Built-in interface menu hierarchy Using the CONFIG Command Using the Update System Parameters Form Using the Congure Paths Menu Page Page Page Page Using the Congure Ports Menu Page Using the Congure IP Routes Menu Using the Update PPP Custom Parameters Menu Page Using the STATS Command Viewing the Status/Statistics Menu Page Page Page Using the TELNET Command Using the PING Command Using the QUIT Command Page Chapter 5 Troubleshooting Using the Trace Window to Display System Messages Understanding the ISDN Clearing Codes Troubleshooting 5-3 Table 5-2. ISDN internal clearing codes Table 5-1. ISDN clearing codes (continued) Troubleshooting Your ISDN Line Using the Ping Utility to Troubleshoot a TCP/IP Network Testing the LAN Path to Your Router Testing the Path from Your Router to a Remote Device Page Testing the Full Path from Your PC to a Remote Device Testing the Voice Port Appendix A Technical Specications General Specications Page Appendix B TCP/IP Routing IP Addressing Page Subnet Addressing Address Resolution Routing IP Over ISDN Connecting to Other Routers Appendix C Ordering ISDN Lines Ordering an ISDN Line Connecting Devices to a Basic Rate ISDN Connecting to ISDN in North America Directory Numbers and SPIDs Page National ISDN Service Packages Page Connecting to ISDN in Europe Line Ordering Summary for North American Users Line Ordering Summary for European Users Page Appendix D Upgrading Software Obtaining the Latest Version of Software Upgrading Through a PC Upgrading Through a Remote Router Upgrading the Terminal Adapter Code Appendix E PPP Authentication Proles Determining PPP Proles E-2 PPP Authentication Profiles Table E-1. PPP authentication proles Table E-2. PPP authentication proles for NETGEAR, Nautica, and Bay products PPP Authentication Profiles E-3 Table E-3. PPP custom authentication proles for NETGEAR, Nautica, and Bay products E-4 PPP Authentication Profiles Table E-4. PPP authentication proles for other manufacturers Glossary Page Page Page Index A B C D E F H I L M N P R S T U V W