Cabletron Systems CSX1000 User Manual
Workgroup Remote Access Switch 135
S
ECURITY
O
VERVIEW
User Level Databases
These environments include an on-node database and a variety of off-node, central authentication
databases. The on-node database contains a list of valid devices that can access the network
resources connected to the CyberSWITCH. This list of valid devices is configured and stored
locally. A central database allows a network with more than one CyberSWITCH to access one
database for device authentication. Supported central authentication databases for device level
security include: VRA Manager, and RADIUS.
databases. The on-node database contains a list of valid devices that can access the network
resources connected to the CyberSWITCH. This list of valid devices is configured and stored
locally. A central database allows a network with more than one CyberSWITCH to access one
database for device authentication. Supported central authentication databases for device level
security include: VRA Manager, and RADIUS.
U
SER
L
EVEL
D
ATABASES
If user level security or multi-level security has been chosen, then the next phase of security
configuration involves enabling an off-node user level authentication database, and then
specifying the Telnet port used to access that database. User level security is only available through
an off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.
configuration involves enabling an off-node user level authentication database, and then
specifying the Telnet port used to access that database. User level security is only available through
an off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.
O
FF
-
NODE
S
ERVER
I
NFORMATION
If an off-node authentication server has been chosen for device or user level security, then the next
phase of security configuration requires that these servers are appropriately configured in the
system.
phase of security configuration requires that these servers are appropriately configured in the
system.
The SecureFast Virtual Remote Access Manager (VRA Manager) is an off-node, central database
supported by the CyberSWITCH. VRA Manager is installed on a Windows NT system that is local
to the network. It operates with an SQL Server that can store data for thousands of users. A TCP
connection allows the CyberSWITCH to communicate with the VRA Manager.
supported by the CyberSWITCH. VRA Manager is installed on a Windows NT system that is local
to the network. It operates with an SQL Server that can store data for thousands of users. A TCP
connection allows the CyberSWITCH to communicate with the VRA Manager.
The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
Access Control Encryption (ACE) is a database supported by the system. ACE operates using two
components: client code and server code. The ACE Server software is installed on a UNIX-based
system connected to the network. The client protocols allow the CyberSWITCH to communicate
with the ACE Server, ultimately authenticating users.
components: client code and server code. The ACE Server software is installed on a UNIX-based
system connected to the network. The client protocols allow the CyberSWITCH to communicate
with the ACE Server, ultimately authenticating users.
N
ETWORK
L
OGIN
I
NFORMATION
The last phase of security configuration involves configuring network login information. If you are
using User Level Security or Multilevel Security, you may customize banners and login
configuration to suit the needs of your particular installation. You may also specify the number of
login attempts and password change attempts. Specific login elements, such as prompt order, for
RADIUS and TACACS are defined here.
using User Level Security or Multilevel Security, you may customize banners and login
configuration to suit the needs of your particular installation. You may also specify the number of
login attempts and password change attempts. Specific login elements, such as prompt order, for
RADIUS and TACACS are defined here.