Enterasys csx150 Betriebsanweisung
Small Office Remote Access Switch 121
C
ONFIGURING
S
ECURITY
L
EVEL
User Level Security
O
VERVIEW
OF
D
EVICE
A
UTHENTICATION
P
ROCESS
When a remote device connects, the CyberSWITCH negotiates the required authentication. It then
collects the information which is used to identify and authenticate the remote device. The system
compares this collected information against information maintained in a device database. If the
information collected from the remote device matches the information found in the database, the
connection is valid and the device is allowed access to network resources. If the collected
information does not match the information in the database, the connection is disconnected.
collects the information which is used to identify and authenticate the remote device. The system
compares this collected information against information maintained in a device database. If the
information collected from the remote device matches the information found in the database, the
connection is valid and the device is allowed access to network resources. If the collected
information does not match the information in the database, the connection is disconnected.
The device database can be maintained either locally on the CyberSWITCH itself, or on a server,
central to the network. When an on-node device database is used, device information is configured
either directly through the CFGEDIT configuration utility or through using Manage Mode
commands.
central to the network. When an on-node device database is used, device information is configured
either directly through the CFGEDIT configuration utility or through using Manage Mode
commands.
It is also possible to configure and maintain device information on an off-node, central device
database. This could be useful for networks with a large number of devices or several systems. Only
one device database would need to be configured and maintained. The Remote Authentication Dial
In User Service (RADIUS) and the SecureFast Virtual Remote Access (VRA) Manager are the off-
node, central databases currently supported by the system. The RADIUS Server option is available
for PPP/IP devices (with CHAP or PAP security), HDLC bridge devices, and RFC 1294 devices.
database. This could be useful for networks with a large number of devices or several systems. Only
one device database would need to be configured and maintained. The Remote Authentication Dial
In User Service (RADIUS) and the SecureFast Virtual Remote Access (VRA) Manager are the off-
node, central databases currently supported by the system. The RADIUS Server option is available
for PPP/IP devices (with CHAP or PAP security), HDLC bridge devices, and RFC 1294 devices.
U
SER
L
EVEL
S
ECURITY
C
ONFIGURING
U
SER
L
EVEL
S
ECURITY
U
SING
CFGEDIT
1.
Select User Level Security from the Security Level Menu. If you need guidance to find this menu,
refer to the instructions provided in the
refer to the instructions provided in the
configuration section.
2.
Refer to the chapter
in order to select and configure the user
level database.
U
SING
M
ANAGE
M
ODE
seclevel
Displays the current security level configuration data.
U
SER
L
EVEL
S
ECURITY
B
ACKGROUND
I
NFORMATION
User level security is an authentication process between a specific user and a device. The
authentication process is interactive; users connect to a terminal server and need to interact with it
in order to communicate with other devices beyond the server. The CyberSWITCH supports user
level security through the RADIUS, TACACS, or ACE server.
authentication process is interactive; users connect to a terminal server and need to interact with it
in order to communicate with other devices beyond the server. The CyberSWITCH supports user
level security through the RADIUS, TACACS, or ACE server.
User level security supports the following devices:
•
•
PPP devices
•
HDLC bridges