Enterasys csx150 Guia Do Utilizador
Small Office Remote Access Switch 161
C
ONFIGURING
O
FF
-
NODE
S
ERVER
I
NFORMATION
RADIUS Authentication Server
VRA M
ANAGER
A
UTHENTICATION
S
ERVER
C
ONFIGURATION
E
LEMENTS
TCP P
ORT
N
UMBER
The TCP port number used by the VRA Manager. Note that you can assign a device-defined port
number, but that the VRA Manager TCP port number must be entered identically on both the
CyberSWITCH and the VRA Manager.
number, but that the VRA Manager TCP port number must be entered identically on both the
CyberSWITCH and the VRA Manager.
VRA M
ANAGER
A
UTHENTICATION
S
ERVER
B
ACKGROUND
I
NFORMATION
When a remote site calls a CyberSWITCH, it sends its identification (such as the system name) and
a password (or challenge). The system then sends the data in a message to the VRA Manager
(Virtual Remote Access Manager) on a TCP connection. VRA Manager will find the device in its
database, searching for the system name (if provided) or the Ethernet address for Combinet
Proprietary Protocol (CPP) devices. After finding the device, the password or challenge is verified,
and configuration information about the device is sent to the system.
a password (or challenge). The system then sends the data in a message to the VRA Manager
(Virtual Remote Access Manager) on a TCP connection. VRA Manager will find the device in its
database, searching for the system name (if provided) or the Ethernet address for Combinet
Proprietary Protocol (CPP) devices. After finding the device, the password or challenge is verified,
and configuration information about the device is sent to the system.
Before allowing data to be sent to the newly-connected device, the system will again query the VRA
Manager, this time to verify if the call is acceptable. The VRA Manager checks against various
configuration settings to see if the call is to be allowed.
Manager, this time to verify if the call is acceptable. The VRA Manager checks against various
configuration settings to see if the call is to be allowed.
RADIUS A
UTHENTICATION
S
ERVER
C
ONFIGURING
A
RADIUS A
UTHENTICATION
S
ERVER
Note:
In order for the CyberSWITCH to reference a RADIUS Server for device authentication, the
following configuration steps must first be completed:
•
following configuration steps must first be completed:
•
IP Routing must be enabled. If you try to enable the RADIUS Server before IP routing
has been enabled, an error message will be displayed.
has been enabled, an error message will be displayed.
•
The appropriate LAN network interface(s) must be configured to represent the local IP
network.
network.
•
The appropriate WAN network information must be configured for each type of
remote device configured that will connect to the system.
remote device configured that will connect to the system.
•
The system must have a valid route to the RADIUS Server. This route can be via a
directly connected network interface or via a static route. If the RADIUS Server has a
direct physical connection to the network, the appropriate network interface must then
be configured for that connection. If the RADIUS Server has no direct physical
connection to the network, then a static route needs to be configured to establish a
route, with one exception: if the router connecting the system to the RADIUS Server
supports RIP, no static route is needed. If there are multiple CyberSWITCHes at one
site, it is more convenient to maintain all of the static route information for these
systems on a central RADIUS Server. The static routes then do not need to be
duplicated on all of the Cabletron systems. This is done by enabling the “IP Routes via
RADIUS” feature available under CFGEDIT’s IP Information Menu, and including a
Framed Route attribute for each system’s RADIUS device entry.
directly connected network interface or via a static route. If the RADIUS Server has a
direct physical connection to the network, the appropriate network interface must then
be configured for that connection. If the RADIUS Server has no direct physical
connection to the network, then a static route needs to be configured to establish a
route, with one exception: if the router connecting the system to the RADIUS Server
supports RIP, no static route is needed. If there are multiple CyberSWITCHes at one
site, it is more convenient to maintain all of the static route information for these
systems on a central RADIUS Server. The static routes then do not need to be
duplicated on all of the Cabletron systems. This is done by enabling the “IP Routes via
RADIUS” feature available under CFGEDIT’s IP Information Menu, and including a
Framed Route attribute for each system’s RADIUS device entry.