Nortel Networks 4500 FIPS manual User Services

∙Status Functions : to view the switch configuration, routing tables, active sessions, use Gets to view SNMP{ XE "SNMP" } MIB II{ XE "SNMP:MIB II" } statistics, usage graphs, health, temperature, memory status, voltage, packet statistics, and review accounting logs.

∙Manage the Switch: to log off users, shut or reset the switch, disable or enable audible alarms, manually back up switch configurations, restore switch configurations, create a recovery diskette, etc.

A complete description of all the management and configuration capabilities of the Contivity Extranet switch can be found in the administrators manual, Managing the

Contivity Extranet Switch, and in the online help for the switch.

2.4.2User Services

An administrator (who has manage users rights) assigns each User a name and a User Group. The User Group defines access limitations and services that the User may exercise, including access hours, call admission priority, forwarding priority, number of simultaneous logins, maximum password age, minimum password length, whether passwords may contain only alphabetic characters, whether static IP addresses are assigned, idle timeout, forced logoff for timeout, filters, whether IPX is allowed.

The administrator also assigns each User separate User IDs and passwords for the following services: IPSec, PPTP, L2TP, and L2F tunnels. (A fifth ID and password may be assigned for Administration of the switch as described in 2.4.1.) The User may then authenticate as necessary to initiate secure tunnels using any of these services.

∙IPSec: Requires authentication through User Name and Password (checked against an LDAP directory or using AXENT or a SecureID token). This authenticates the User to the switch and is protected using ISAKMP. The Switch may be configured to additionally require authentication through RADIUS with a Group Name and Password. Security options for IPSec include using an Encapsulated Security Payload (ESP) with Triple-DES, Data Encryption Standard (DES), or “40-bit DES”, and an Authentication Header (AH) with Message Authentication Code Secure Hash{ XE "SHA" } Algorithm{ XE "secure hash algorithm" } (HMAC-SHA) or HMAC-MD5.

∙PPTP: Requires authentication using MS-CHAP, CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption.

∙L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS- CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption.

∙L2F: Requires authentication using CHAP, or PAP.