Enterasys csx5500 用户指南
USER’S GUIDE
204 CyberSWITCH
O
FF
-
NODE
D
EVICE
D
ATABASE
L
OCATION
C
ONFIGURATION
E
LEMENTS
D
ATABASE
L
OCATION
The database location for device level security. The choices for the off-node database location are
None (Use on-node), CSM, or RADIUS. Choosing an off-node database location enables the
particular database.
None (Use on-node), CSM, or RADIUS. Choosing an off-node database location enables the
particular database.
Note: Enabling CSM as the off-node device database location automatically enables CSM as a
Call Control Manager. However, disabling CSM as the authentication agent will not
disable CSM as a Call Control Manager. Refer to the SecureFast Virtual Remote Access User’s
Guide or the
disable CSM as a Call Control Manager. Refer to the SecureFast Virtual Remote Access User’s
Guide or the
chapter of this guide for more information.
O
FF
-
NODE
D
EVICE
D
ATABASE
L
OCATION
B
ACKGROUND
I
NFORMATION
An off-node, central database allows a network with more than one CyberSWITCH to access one
database for device authentication. The CyberSWITCH will access the off-node database to locate
authentication information on a remote device that is attempting to establish a connection.
database for device authentication. The CyberSWITCH will access the off-node database to locate
authentication information on a remote device that is attempting to establish a connection.
If the On-node Device Database has been enabled, and either CSM or RADIUS has been selected as
the off-node database location, both databases will be searched for the device attempting the
incoming or outgoing call. The on-node database will be searched and then, if the correct device is
not found, the off-node database will be searched. Authentication is based on device information
received from the first matching database. Matching a device is defined in different ways,
depending on the call is made. For example, if an outbound call is made on an IP WAN interface
by using the ip ping command, the IP address is the method that is used to search the database. If
a matching IP address is found, a connection is attempted. If the system is unable to authenticate
the peer, the connection attempt is done. The system will not attempt to continue searching the
remaining database entries or additional off-node database for the correct peer.
the off-node database location, both databases will be searched for the device attempting the
incoming or outgoing call. The on-node database will be searched and then, if the correct device is
not found, the off-node database will be searched. Authentication is based on device information
received from the first matching database. Matching a device is defined in different ways,
depending on the call is made. For example, if an outbound call is made on an IP WAN interface
by using the ip ping command, the IP address is the method that is used to search the database. If
a matching IP address is found, a connection is attempted. If the system is unable to authenticate
the peer, the connection attempt is done. The system will not attempt to continue searching the
remaining database entries or additional off-node database for the correct peer.