 12
direction.Theadministratormayuseanyofthepre-definedRulesorcreate
customRulestobeincludedineachFilter.
StatusFunctions:toviewtheswitchconfiguration,routingtables,active
sessions,useGetstoviewSimpleNetworkManagementProtocol(SNMP)
ManagementInformationBase(MIB)IIstatistics,usagegraphs,health,
temperature,memorystatus,voltage,packetstatistics,andreviewaccounting
logs.
ManagetheSwitch:tologoffusers,shutdownorresettheswitch,disable
orenableaudiblealarms,manuallybackupswitchconfigurations,restore
switchconfigurations,createarecoverydiskette,etc.
Acompletedescriptionofallthemanagementandconfigurationcapabilitiesofthe
ContivityExtranetswitchcanbefoundintheContivityExtranetSwitchAdministrator’s
Guideandintheonlinehelpfortheswitch.
2.4.2 UserServices
Anadministrator(whohasmanageusersrights)assignseachUseranameandaUser
Group.TheUserGroupdefinesaccesslimitationsandservicesthattheUsermay
exercise,includingaccesshours,calladmissionpriority,forwardingpriority,numberof
simultaneouslogins,maximumpasswordage,minimumpasswordlength,whether
passwordsmaycontainonlyalphabeticcharacters,whetherstaticInternetProtocol(IP)
addressesareassigned,idletimeout,forcedlogofffortimeout,filters,whether
InternetworkPacketExchange(IPX)isallowed.
TheadministratoralsoassignseachUserseparateUserIDsandpasswordsforthe
followingservices:IPSec,PPTP,L2TP,andL2Ftunnels.(AfifthIDandpasswordmay
beassignedforAdministrationoftheswitchasdescribedin2.4.1.)TheUsermaythen
authenticateasnecessarytoinitiatesecuretunnelsusinganyoftheseservices.
IPSec:RequiresauthenticationthroughUserNameandPassword
(checkedagainstaLightweightDirectoryAccessProtocol(LDAP)
directoryorusingAXENToraSecureIDtoken).Thisauthenticates
theUsertotheswitchandisprotectedusingInternetSecurity
AssociationandKeyManagementProtocol(ISAKMP).TheSwitch
maybeconfiguredtoadditionallyrequireauthenticationthrough
RADIUSwithaGroupNameandPassword.Securityoptionsfor
IPSecincludeusinganEncapsulatedSecurityPayload(ESP)with
Triple-DES,DataEncryptionStandard(DES),or“40-bitDES”,andan
AuthenticationHeader(AH)withMessageAuthenticationCode
SecureHashAlgorithm(HMAC-SHA)orHMAC-MD5.When
operatingthedeviceinaFIPS140-1compliantmanner,onlythe
TripleDESESP,DESESP,andHMAC-SHAAHmaybeenabled.
PPTP:RequiresauthenticationusingtheMicrosoftChallenge
HandshakeAuthenticationProtocol(MS-CHAP),Challenge
HandshakeAuthenticationProtocol(CHAP),orPassword