Bay Networks Remote Annex Bedienungsanleitung PDF herunterladen (Seite 21)

Configuring the Nortel Networks Remote Access Concentrators and the DMS-10 for Remote Access.March 31, 1999 21

5.5.4 RAC Security

Security is one of the more complex aspects. The RAC has very limited security built into

its operating system. Its internal security is limited to simple password protection on its

ports. It is recommended to implement RADIUS security as described in this White Paper.

Another option is to use the security from the Windows NT workstation. The Windows

NT security works in conjunction with the Bay Access Control Protocol (ACP) daemons

that are installed along with the Bay boot software. ACP is also available for UNIX as

well. While ACP will work, RADIUS security provides industry standard approach which

is a much better overall integrated security for dial in access. Only RADIUS security will

be discussed in detail in this document. BaySecure RADIUS software for Windows NT

will be assumed to be the RADIUS choice. BaySecure can utilize NT domains, names and

passwords in addition to the normal RADIUS database.

The security on the RAC ports is built around using RADIUS security, with the RADIUS

security taking precedence over the local security. The RADIUS server has a database of

all the valid users and their passwords and attributes. These attributes supply information

to the RAC regarding the connection. Included in the attribute can be the type of framed

protocol i.e. PPP, a IP address for the connection, and port-limits for MLPP connections.

The RADIUS server also serves the accounting function of tracking user access and usage.

In addition the RAC uses RADIUS security to control logins and restrict access to the CLI

ports as well as PPP ports.

5.5.5 ANNEX Security

In a typical network there are two RADIUS servers declared for redundancy. Each of these

servers have two parts, an authentication server and an accounting server. The authentica-

tion server deals with validating the user names and passwords, while the accounting

server records the call and the time for accounting and billing. Key to RADIUS security is

a “secret” or encryption key which both the RAC and the RADIUS server know, but never

send. This secret is used to encode all transmissions between the RAC and the RADIUS

server, therefore the passwords are never sent in the “clear”.

Setting up the RADIUS server is a reasonably simple matter of filling the information

shown in figure 12. The syntax for showing RADIUS security parameters is at the

“admin:” prompt type

“show annex security”.

This command will display the information is figure 12. In order to set the parameters the

command structure

“set annex enable_security y”

format is used.

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 37 38

Keine Kommentare

Bay Networks Remote Annex Bedienungsanleitung Seite 21