Manuals / USRobotics / Computer Equipment / Switch

USRobotics NETServer/16, NETServer/8 manual Chap Challenge Example

Models: NETServer/16 NETServer/8

1 284

Download 284 pages 20.7 Kb

Page 85

A CHAP Challenge Example

At the Corporate site is a NETServer with the Sysname of NETSERVE. A typical authentication might resemble the following:

1.A remote NETServer establishes a connection and negoti- ates for an authentication procedure.

2.NETSERVE becomes responsible for issuing a CHAP challenge. Inside that challenge is a User Name string containing the name NETSERVE and the random challenge string LASDFH;LASD.

3.When the remote NETServer receives the challenge, it checks its local User Table for the entry NETSERVE.

4.Finding the entry, the remote NETServer learns the shared secret password CHAP_PW and passes the string CHAP_PWLASDFH;LASD through MD5.

5.MD5 forms a response which the remote NETServer sends back to NETSERVE. Contained within the response is a User Name containing the Sysname of the remote NETServer.

6.NETSERVE then looks in the User Table for the name of the remote NETServer, and uses the password and the challenge string to validate the CHAP response received from the remote NETServer.

7.If the password comparison is successful, NETSERVE will then send a CHAP successful message back to the remote NETServer and the connection is complete. If the MD5 comparison fails, a CHAP failure message is sent to the remote NETServer and the process repeats.

LAN-to-LAN Routing 6-11

Image 85

USRobotics NETServer/16, NETServer/8 manual Chap Challenge Example

Contents

NETServer/8 NETServer/16 Page Table of Contents Network Dial-in Access Reference Section Administrative ToolsLimited Warranty Warranty and ServiceTechnical Support Service and SupportVii Viii We welcome your suggestions for better documentationWhat’s New with Release 3.1? Chapter OverviewAdditional Software Enhancements OverviewIP Address Spoofing Netmask TableAccounting Servers Accounting Server SupportRandomized Hosts Multiple Name ServersRadius Accounting and ANI/DNIS Icmp Message LoggingNew Modem Port Features NETServer Overview IP Modem Sharing How do I get there from here? Security Administrative UtilitiesSystem Administrator Requirements Chapter Basic InstallationBasic Installation TCP/IP Reference Material Accessing the Command Line Getting Started First step for IPX or IP/IPX networks Getting the LAN port up and runningBasic Installation IP Configuration You must also set the Broadcast Address. Type the following Ethernet802.3 ethernet802.2 ethernet802.2II ethernetII IPX ConfigurationFinal Steps Password Recommended Global ConfigurationIP and IPX Default Gateways To set the IP gateway, type the following Save your work Name ServiceBasic Installation How to Setup Applications Chapter Configuration OverviewConfiguration Overview Application Section Where do I go from here?Commands are not case sensitive Command LineYou can abbreviate commands Separate a parameter and its value by a spaceReboot when necessary Reset any ports you have changedHow to log out of the command line Save your changesQuick Command Overview Global Configuration Overview of configurable tablesHosts Table Net0 LAN Port Configuration Initialization Script ConfigurationLocation Table Netmasks TablePacket Filter Table Port Type Port ConfigurationRoutes Table Snmp ConfigurationUser Table Configuration Overview Terminal or Workstation Setup Chapter IP Terminal Server SetupIP Terminal Server Setup NETServer Terminal Server Setup Overview Global Default Port DefaultUser Table Configuring a Port Terminal Server Detailed SetupSet the port type to User Login Set the port’s security Pass-Thru LoginCreate default user settings for the port Port Default Login Service Optional Friendly Stuff Save sport # Adding a Remote User to the User Table Configure the userAdd the user to the User Table Login Service Configure for dialback use? Example IP Terminal Server Case StudiesNETServer will use ports 6, 7, and 8 for this application Save your work and reset all the ports Example IP Terminal Server Setup Dial-in User Setup Chapter Network Dial In AccessNetwork Dial In Access Prework NETServer Setup for Network Dial-In OverviewConfiguration NETServer Dial-In Detailed Setup Dialback Users on this Port? Save the changes to flash memory Normal or dialback user? Create a new userAdd configuration information for the user This is the user’s IP subnet mask. Use the following command Option can be any one of the following Configure the ports IP Remote Access Case StudyCreate a user table entry for the dialback user Create user table entries for the dial in usersSave your work and reset the ports Connecting to the NETServer IPX Remote Access Create User Table entries for the dial in users Chapter LAN-to-LAN Routing Setup for NETServer Routing OverviewLAN-to-LAN Routing IPX routing LAN-to-LAN Routing NETServer Routing An Introduction to NETServer RoutingLAN-to-LAN Routing How RIP Dynamically Builds the Routing Table Static vs. Dynamic RoutesEstablishing Connections to Remote Gateways How Packets are RoutedRouting Procedure PAP Password Authentication Protocol PAP/CHAP AuthenticationChap Setup for the NETServer Chap Challenge Example Configuring the Port LAN-to-LAN Routing Detailed SetupCreating a Dial-Out Group Create a new location table entry Adding a Remote Device to the Location TableSet Required Location Parameters This is the remote device’s IP address Set location location name netmask netmask Dial Group Number Multiple lines for a single connection Maximum Ports Create a Dial Script Set location Chicago script 1 atds slot#\r Connect Create a User Table Entry Adding the Remote Device to the User TableTell the NETServer about the Remote Device Set user user name protocol ppp slip Set netuser user name compression on off LAN-to-LAN Routing Case Study Add netuser nsb password xyzabc Setting Up NETServer aSetting Up NETServer B Now, save your work and reset the ports Testing the Connection What If I Don’t Want to Use Chap Authentication? Connecting to NETServer a from NETServer BChapter Talking to the Modems Configure the port as a host deviceTCP/IP Modem Sharing Assign the modem a TCP port numberTurn modem control carrier detect off Save your work and reset the portImplementing Security with Host Device Dial Out Configuring modems as Unix pseudo TTYs Talking to the Modems How To Modem Initialization ScriptsAdd a New Initialization Script Assign Text to an Initialization ScriptDelete an Initialization Script Use an Existing Initialization ScriptDisplaying an Initialization Script Initialization Script Example Default initialization stringSending AT commands to the modems Talking to the Modems Packet Filters Chapter Packet FiltersPacket Filters Packet Filters and the NETServer Types of FiltersInformation Sources Input filters vs. Output filtersAdding Packet Filters Input filters vs. Output filters Rule Type Filter Rule FormatName Permit or Deny Rule NumberOptions TCP/IP packet filtering Destination Address TCP and UDP parameters TCP UDP Standard Port NumbersFTP Packet Filtering Filtering RIP messagesClient opens a control channel FTP Example Type Description Filtering Icmp packetsIPX Rules IPX packet filteringDsthost SAP Rule Options Edit a Packet Filter Editing Packet FiltersDelete a Packet Filter Rule Delete a Packet FilterView the Packet Filter Table View a Packet FilterConfiguring the !root account Chapter Administrative ToolsChanging the command prompt Root AccessTelnet Access Port Dial Command Manually Connecting to a Remote SiteNslogin, Rlogin and Telnet Commands Viewing Debug messages Troubleshooting CommandsTurn off the output console by typing the following Ifconfig MTU Ping Ptrace Version TracerouteShow Show commandShow flash Show arpShow netconns Show memoryShow netstat Show sessions Show sapAdministrative Tools Global Configuration Chapter Command ReferenceCommand Reference Get help View the Global Configuration TableSave Changes Global user parameters Default HostAssigned Address Connect MessageRandomize Hosts Global routing parameters Default GatewaysIP Address Spoofing Default RoutePAP Authentication NetBIOS Packet PropagationProxy ARP System NameService Name ServiceServer name Domain name DNS Cache Reset Time-outPrimary Radius Server Radius securityAlternate Radius Server Radius SecretSyslog Accounting Radius AccountingIcmp Logging Add a Host Hosts TableDelete a Host View the Hosts TableLocation Table Bring Up the List of CommandsAdd a Location to the Location Table Change a Location’s ParametersView the Location Table Save Location Table ChangesView a Particular Location Connection Type Location Table ParametersNetmask IP AddressIPX Network Routing ProtocolCompression Maximum Ports Dial GroupHigh Water Mark Idle Time-outPPP Async Map MTUInput Filter Output FilterDial Script Send Reply Reset the Network Interface Card LAN Port Net0 ConfigurationLAN Port Parameters View LAN Port ConfigurationEthernet Status Interface Address Configured Ethernet MediaBroadcast Address IPX Frame Type Set net0 ifilter filter name Add a netmask Netmask TableDelete a netmask View the netmask tableChange a Port’s Parameters Save Port ConfigurationView the Ports Table To view all of the S-ports, use the following commandIdle Port is idle View an Individual Port Determining a Port’s Type User LoginHost Device Device Service Network Dial In Port Parameters Login MessageLine Hangup Security Pass-Thru Login Login PromptDialback Delay User Login Port ParametersAutolog Name Host Login Service Terminal Type IPX Network Number Hardwired Port ParametersSet s0 netmask netmask NETServer sends RIP information across Port Speed Serial Communications ParametersDatabits StopbitsFlow Control ParityHost Override Modem ControlAdd a Route to the Routes Table Routes Table ConfigurationChange a Route’s Information Save Routes Table Changes Delete a Routes Table EntryView the IP Routes Table Flag Parameter Viewing the IPX Routes TableIP Parameters IPX Parameters Delete Snmp Hosts Snmp TableSave the Snmp Table Changes Enabling/Disabling SnmpView Snmp Table Snmp Table ParametersRead Community Name Write Community NameWrite Hosts Read HostsAdd a User to the User Table User TableDelete a User Change a User’s ParametersSave User Table Changes View the User TableAccess Filter Login User ParametersDialback Number Set user name service rlogin telnet netdata portmux Command Reference Dialback Network User ParametersIPX connections require the PPP protocol NETServer sends RIP information to the dial Set user filter name ofilter filter name Command Reference 16 port NETServer Hardware Appendix a Technical SpecificationsMaximum Output Power Power RequirementsMaximum Input Power Typical Input PowerExternal Serial Port Console Technical Specifications A-310Base-T Ethernet Network Interface CardTechnical Specifications A-5 Signal10Base-2 BNC Isolated GNDTechnical Specifications Technical Specifications A-7 Token Ring⎯STP ConnectorToken Ring Network Interface Card Token Ring⎯UTP Connector Administration NETServer Firmware SpecificationsTechnical Specifications A-9 Routing SupportIndustry Standards Support PPP Specific FeaturesClient Dial-up Support Slip and PPP Client Software Support Technical Specifications A-11Technical Specifications IPX Addressing Basics Appendix B Addressing SchemesIP Addressing Basics Addressing Schemes B-1Subnetting Address ClassesAddressing Schemes Addressing Schemes B-3 Mask Binary Subnets HostsReserved Addresses Addressing Schemes B-5 Supernetting Advanced TCP/IPCidr Each Supernet is treated as a single entity Addressing Schemes B-7 Step two Select a range of addresses for each supernet Addressing Schemes B-9 Supernetting and the NETServer Why Perform an SDL Software Download? SDL Using a Direct Connection to a PCAppendix C Software Download Software Download C-1Software Installation Make Backup Copies of the NETServer FirmwareLoading the Software Download SDL Program Starting SDLSoftware Download C-3 SDL Command SyntaxFilename Prefixes Optional -d ParameterSoftware Download C-5 Entering SDL ModeUpgrading NETServer Firmware From the Windows Management SoftwareSoftware Download C-7 Upgrading the Modem FirmwareFor the Isdn NETServer, the file names are Software Download C-9 Error MessagesPC SDL program detected unknown command line argu- ments Software Download C-11 Invalid Control Word Software Download C-13 File you are trying to download is not a NETServer file Boot Process D-1 Appendix D Boot ProcessBoot Process Appendix E Syslog Accounting Using SyslogSyslog Accounting E-1 Spotting Unused Ports Syslog System MessagesSyslog System Message Format Syslog AccountingSyslog Accounting E-3 Syslog System Message ExamplesSomeone has logged in as !root on port S16 Syslog Accounting E-5 Syslog Accounting Obtaining Radius Appendix FSecurity a Centrally Managed User Table Authentication Items Setting Up Radius User Table EntriesResponse Items Radius F-5 Framed-Netmask Radius F-7 User Types Radius F-9 Making NETServer talk to a Radius security server Chap authentication using Radius Radius Accounting Acct-Delay-TimeRadius accounting fields Acct-Status-TypeAcct-Authentic Accounting ExamplesAcct-Session-Time Radius Index Alphabetical IndexIndex Icmp MTU NIC PPP SAP Slip Index Index