Manuals / USRobotics / Computer Equipment / Switch

USRobotics NETServer/16 manual PAP/CHAP Authentication, PAP Password Authentication Protocol

Models: NETServer/16 NETServer/8

1 284

Download 284 pages 20.7 Kb

Page 83

PAP/CHAP Authentication

The NETServer supports auto-detecting the PAP and CHAP methods of login authentication on PPP connections. If a user dials in and starts sending PPP packets, the NETServer asks that the user log in with PAP (enter a user name and password). If the user refuses PAP authentication, the NETServer demands CHAP authentication. If this is also refused, the NETServer hangs up.

Security Note: PAP is a less secure authentication method than CHAP since user names and passwords are passed over the link in “clear text” (in other words, they are not encrypted). For this reason, it is possible to force CHAP authentication by disabling PAP support. The command to do this is:

set pap off

PAP (Password Authentication Protocol)

PAP is simply a fancy way of saying that the dialing user or system will respond to the User Name and Password prompts given by the authenticating system. Although the NETServer will not initiate dial out PAP authentication, you can accomplish the same effect by creating a dial script containing the expected prompts and the required responses.

However, the NETServer will respond to a dial-in PAP authenti- cation request. All that is needed is a User Table entry for the remote device.

CHAP (Challenge Handshake Authentication Protocol)

Instead of actually sending a password over the link, CHAP relies on a “shared secret”, a password that both sides of the connection know, but never send. When a remote system requests CHAP authentication, the authenticating host replies with a challenge packet. The challenge packet contains (among other things):

∙A user name for the host. The challenged system needs this to look up the correct “shared secret” password.

LAN-to-LAN Routing 6-9

Image 83

USRobotics NETServer/16, NETServer/8 manual PAP/CHAP Authentication, PAP Password Authentication Protocol

Contents

NETServer/8 NETServer/16 Page Table of Contents Network Dial-in Access Reference Section Administrative ToolsLimited Warranty Warranty and ServiceVii Service and SupportTechnical Support Viii We welcome your suggestions for better documentationOverview Chapter OverviewWhat’s New with Release 3.1? Additional Software EnhancementsAccounting Server Support Netmask TableIP Address Spoofing Accounting ServersIcmp Message Logging Multiple Name ServersRandomized Hosts Radius Accounting and ANI/DNISNew Modem Port Features NETServer Overview IP Modem Sharing How do I get there from here? Security Administrative UtilitiesBasic Installation Chapter Basic InstallationSystem Administrator Requirements TCP/IP Reference Material Accessing the Command Line Getting Started First step for IPX or IP/IPX networks Getting the LAN port up and runningBasic Installation IP Configuration You must also set the Broadcast Address. Type the following Ethernet802.3 ethernet802.2 ethernet802.2II ethernetII IPX ConfigurationFinal Steps IP and IPX Default Gateways Recommended Global ConfigurationPassword To set the IP gateway, type the following Save your work Name ServiceBasic Installation Configuration Overview Chapter Configuration OverviewHow to Setup Applications Application Section Where do I go from here?Separate a parameter and its value by a space Command LineCommands are not case sensitive You can abbreviate commandsSave your changes Reset any ports you have changedReboot when necessary How to log out of the command lineQuick Command Overview Hosts Table Overview of configurable tablesGlobal Configuration Netmasks Table Initialization Script ConfigurationNet0 LAN Port Configuration Location TablePacket Filter Table Port Type Port ConfigurationRoutes Table Snmp ConfigurationUser Table Configuration Overview IP Terminal Server Setup Chapter IP Terminal Server SetupTerminal or Workstation Setup NETServer Terminal Server Setup Overview User Table Port DefaultGlobal Default Set the port’s security Pass-Thru Login Terminal Server Detailed SetupConfiguring a Port Set the port type to User LoginCreate default user settings for the port Port Default Login Service Optional Friendly Stuff Save sport # Add the user to the User Table Configure the userAdding a Remote User to the User Table Login Service Configure for dialback use? Example IP Terminal Server Case StudiesNETServer will use ports 6, 7, and 8 for this application Save your work and reset all the ports Example IP Terminal Server Setup Network Dial In Access Chapter Network Dial In AccessDial-in User Setup Prework NETServer Setup for Network Dial-In OverviewConfiguration NETServer Dial-In Detailed Setup Dialback Users on this Port? Save the changes to flash memory Normal or dialback user? Create a new userAdd configuration information for the user This is the user’s IP subnet mask. Use the following command Option can be any one of the following Configure the ports IP Remote Access Case StudyCreate a user table entry for the dialback user Create user table entries for the dial in usersSave your work and reset the ports Connecting to the NETServer IPX Remote Access Create User Table entries for the dial in users LAN-to-LAN Routing Setup for NETServer Routing OverviewChapter LAN-to-LAN Routing IPX routing LAN-to-LAN Routing NETServer Routing An Introduction to NETServer RoutingLAN-to-LAN Routing How RIP Dynamically Builds the Routing Table Static vs. Dynamic RoutesEstablishing Connections to Remote Gateways How Packets are RoutedRouting Procedure PAP Password Authentication Protocol PAP/CHAP AuthenticationChap Setup for the NETServer Chap Challenge Example Configuring the Port LAN-to-LAN Routing Detailed SetupCreating a Dial-Out Group Set Required Location Parameters Adding a Remote Device to the Location TableCreate a new location table entry This is the remote device’s IP address Set location location name netmask netmask Dial Group Number Multiple lines for a single connection Maximum Ports Create a Dial Script Set location Chicago script 1 atds slot#\r Connect Tell the NETServer about the Remote Device Adding the Remote Device to the User TableCreate a User Table Entry Set user user name protocol ppp slip Set netuser user name compression on off LAN-to-LAN Routing Case Study Add netuser nsb password xyzabc Setting Up NETServer aSetting Up NETServer B Now, save your work and reset the ports Testing the Connection What If I Don’t Want to Use Chap Authentication? Connecting to NETServer a from NETServer BAssign the modem a TCP port number Configure the port as a host deviceChapter Talking to the Modems TCP/IP Modem SharingTurn modem control carrier detect off Save your work and reset the portImplementing Security with Host Device Dial Out Configuring modems as Unix pseudo TTYs Talking to the Modems Assign Text to an Initialization Script Modem Initialization ScriptsHow To Add a New Initialization ScriptDisplaying an Initialization Script Use an Existing Initialization ScriptDelete an Initialization Script Initialization Script Example Default initialization stringSending AT commands to the modems Talking to the Modems Packet Filters Chapter Packet FiltersPacket Filters Packet Filters and the NETServer Types of FiltersInformation Sources Input filters vs. Output filtersAdding Packet Filters Input filters vs. Output filters Name Filter Rule FormatRule Type Options Rule NumberPermit or Deny TCP/IP packet filtering Destination Address TCP and UDP parameters TCP UDP Standard Port NumbersFTP Packet Filtering Filtering RIP messagesClient opens a control channel FTP Example Type Description Filtering Icmp packetsIPX Rules IPX packet filteringDsthost SAP Rule Options Delete a Packet Filter Editing Packet FiltersEdit a Packet Filter Delete a Packet Filter RuleView the Packet Filter Table View a Packet FilterRoot Access Chapter Administrative ToolsConfiguring the !root account Changing the command promptTelnet Access Port Nslogin, Rlogin and Telnet Commands Manually Connecting to a Remote SiteDial Command Viewing Debug messages Troubleshooting CommandsTurn off the output console by typing the following Ifconfig MTU Ping Ptrace Version TracerouteShow Show commandShow flash Show arpShow netconns Show memoryShow netstat Show sessions Show sapAdministrative Tools Command Reference Chapter Command ReferenceGlobal Configuration Save Changes View the Global Configuration TableGet help Connect Message Default HostGlobal user parameters Assigned AddressRandomize Hosts Global routing parameters Default GatewaysIP Address Spoofing Default RouteSystem Name NetBIOS Packet PropagationPAP Authentication Proxy ARPServer name Name ServiceService Domain name DNS Cache Reset Time-outRadius Secret Radius securityPrimary Radius Server Alternate Radius ServerSyslog Accounting Radius AccountingIcmp Logging View the Hosts Table Hosts TableAdd a Host Delete a HostChange a Location’s Parameters Bring Up the List of CommandsLocation Table Add a Location to the Location TableView a Particular Location Save Location Table ChangesView the Location Table Connection Type Location Table ParametersIPX Network IP AddressNetmask Compression ProtocolRouting Maximum Ports Dial GroupHigh Water Mark Idle Time-outPPP Async Map MTUDial Script Output FilterInput Filter Send Reply Reset the Network Interface Card LAN Port Net0 ConfigurationEthernet Status View LAN Port ConfigurationLAN Port Parameters Interface Address Configured Ethernet MediaBroadcast Address IPX Frame Type Set net0 ifilter filter name View the netmask table Netmask TableAdd a netmask Delete a netmaskChange a Port’s Parameters Save Port ConfigurationView the Ports Table To view all of the S-ports, use the following commandIdle Port is idle View an Individual Port Host Device User LoginDetermining a Port’s Type Device Service Network Line Hangup Login MessageDial In Port Parameters Security Pass-Thru Login Login PromptAutolog Name User Login Port ParametersDialback Delay Host Login Service Terminal Type IPX Network Number Hardwired Port ParametersSet s0 netmask netmask NETServer sends RIP information across Stopbits Serial Communications ParametersPort Speed DatabitsModem Control ParityFlow Control Host OverrideChange a Route’s Information Routes Table ConfigurationAdd a Route to the Routes Table View the IP Routes Table Delete a Routes Table EntrySave Routes Table Changes Flag Parameter Viewing the IPX Routes TableIP Parameters IPX Parameters Enabling/Disabling Snmp Snmp TableDelete Snmp Hosts Save the Snmp Table ChangesWrite Community Name Snmp Table ParametersView Snmp Table Read Community NameWrite Hosts Read HostsAdd a User to the User Table User TableView the User Table Change a User’s ParametersDelete a User Save User Table ChangesDialback Number Login User ParametersAccess Filter Set user name service rlogin telnet netdata portmux Command Reference Dialback Network User ParametersIPX connections require the PPP protocol NETServer sends RIP information to the dial Set user filter name ofilter filter name Command Reference 16 port NETServer Hardware Appendix a Technical SpecificationsTypical Input Power Power RequirementsMaximum Output Power Maximum Input PowerExternal Serial Port Console Technical Specifications A-310Base-T Ethernet Network Interface CardIsolated GND SignalTechnical Specifications A-5 10Base-2 BNCTechnical Specifications Token Ring Network Interface Card Token Ring⎯STP ConnectorTechnical Specifications A-7 Token Ring⎯UTP Connector Routing Support NETServer Firmware SpecificationsAdministration Technical Specifications A-9Client Dial-up Support PPP Specific FeaturesIndustry Standards Support Slip and PPP Client Software Support Technical Specifications A-11Technical Specifications Addressing Schemes B-1 Appendix B Addressing SchemesIPX Addressing Basics IP Addressing BasicsAddressing Schemes Address ClassesSubnetting Addressing Schemes B-3 Mask Binary Subnets HostsReserved Addresses Addressing Schemes B-5 Supernetting Advanced TCP/IPCidr Each Supernet is treated as a single entity Addressing Schemes B-7 Step two Select a range of addresses for each supernet Addressing Schemes B-9 Supernetting and the NETServer Software Download C-1 SDL Using a Direct Connection to a PCWhy Perform an SDL Software Download? Appendix C Software DownloadStarting SDL Make Backup Copies of the NETServer FirmwareSoftware Installation Loading the Software Download SDL ProgramSoftware Download C-3 SDL Command SyntaxFilename Prefixes Optional -d ParameterSoftware Download C-5 Entering SDL ModeUpgrading NETServer Firmware From the Windows Management SoftwareSoftware Download C-7 Upgrading the Modem FirmwareFor the Isdn NETServer, the file names are Software Download C-9 Error MessagesPC SDL program detected unknown command line argu- ments Software Download C-11 Invalid Control Word Software Download C-13 File you are trying to download is not a NETServer file Boot Process D-1 Appendix D Boot ProcessBoot Process Syslog Accounting E-1 Using SyslogAppendix E Syslog Accounting Syslog Accounting Syslog System MessagesSpotting Unused Ports Syslog System Message FormatSyslog Accounting E-3 Syslog System Message ExamplesSomeone has logged in as !root on port S16 Syslog Accounting E-5 Syslog Accounting Obtaining Radius Appendix FSecurity a Centrally Managed User Table Authentication Items Setting Up Radius User Table EntriesResponse Items Radius F-5 Framed-Netmask Radius F-7 User Types Radius F-9 Making NETServer talk to a Radius security server Chap authentication using Radius Acct-Status-Type Acct-Delay-TimeRadius Accounting Radius accounting fieldsAcct-Session-Time Accounting ExamplesAcct-Authentic Radius Index Alphabetical IndexIndex Icmp MTU NIC PPP SAP Slip Index Index