Enterasys Networks CSX5500 User Guide
USER’S GUIDE
162 CyberSWITCH
Multilevel security provides both user level security and device level security for local (on-node)
database, Radius, and CSM. This provides added protection; first, a device will be authenticated,
and then a particular user (on the device) will be authenticated.
database, Radius, and CSM. This provides added protection; first, a device will be authenticated,
and then a particular user (on the device) will be authenticated.
The feature also allows the configuration of an on-node device database at the same time as an off-
node device database. Calls first check the on-node database (if enabled) and then the off-node
database for the correct device. Authentication is based on device information received from the
first matching database.
node device database. Calls first check the on-node database (if enabled) and then the off-node
database for the correct device. Authentication is based on device information received from the
first matching database.
S
YSTEM
O
PTIONS
AND
I
NFORMATION
The second phase of security configuration involves the proper setting of administrative security
options. We have thus far defined the selected type of security we plan to use. We now need to
enable security options, provide system information, and configure administrative sessions.
options. We have thus far defined the selected type of security we plan to use. We now need to
enable security options, provide system information, and configure administrative sessions.
System Options: You need to enable/disable PPP Link Security, Bridge MAC Address Security, IP
Host ID Security, or Calling Line ID Security, based upon your network requirements.
Host ID Security, or Calling Line ID Security, based upon your network requirements.
System Information: You need to assign a system name, password, and secret to the CyberSWITCH
for identification purposes.
for identification purposes.
Administrative Session Information: You can achieve secure administration sessions with flexible
control through the configuration of certain options, such as:
•
control through the configuration of certain options, such as:
•
Selecting an authentication database for administration sessions.
You may select an on-node database, a RADIUS server, a TACAS Server, or an ACE Server.
You may select an on-node database, a RADIUS server, a TACAS Server, or an ACE Server.
•
Specifying an inactivity session time-out.
Since there are only a limited number of sessions available, this avoids the problem of
administrator lockout because a user forgets to logout from the system.
Since there are only a limited number of sessions available, this avoids the problem of
administrator lockout because a user forgets to logout from the system.
•
Restricting Telnet access.
This is done by allowing you to set the number of possible administrative Telnet sessions.
Telnet access to the CyberSWITCH can be disabled, or the number of Telnet sessions can be
limited to less than 3.
This is done by allowing you to set the number of possible administrative Telnet sessions.
Telnet access to the CyberSWITCH can be disabled, or the number of Telnet sessions can be
limited to less than 3.
•
Accessing an emergency Telnet Server session.
To access an emergency Telnet Server session, you first need to configure an emergency Telnet
Server port. If the system administrator needs a Telnet session and all available Telnet sessions
are in use, they can then Telnet into this emergency port and disconnect inactive Telnet sessions
and begin a session of their own.
To access an emergency Telnet Server session, you first need to configure an emergency Telnet
Server port. If the system administrator needs a Telnet session and all available Telnet sessions
are in use, they can then Telnet into this emergency port and disconnect inactive Telnet sessions
and begin a session of their own.
D
EVICE
L
EVEL
D
ATABASES
If device level security or multi-level security has been chosen, then the next phase of security
configuration involves setting up a device level authentication database, and then specifying the
location of that database.
configuration involves setting up a device level authentication database, and then specifying the
location of that database.
The CyberSWITCH provides dial in/dial out access for remote devices via ISDN connections. The
information required to authenticate the remote device is maintained in a database that the system
queries during connection establishment. The system allows this “device database” to be located in
several optional environments.
information required to authenticate the remote device is maintained in a database that the system
queries during connection establishment. The system allows this “device database” to be located in
several optional environments.