Concentrating frame relay connections, Enabling x.25 terminal connections, Configuring routing and bridging across the wan – Lucent Technologies 6000 User Manual

Configuration Concepts and Profiles

Overview of MAX configuration

MAX 6000/3000 Network Configuration Guide

2-5

Concentrating Frame Relay connections

The MAX provides extensive support for Frame Relay. Using a T1 or E1 line or serial WAN
port for a nailed connection to a switch, it can function as a Network to Network Interface
(NNI) switch, a Data Circuit-terminating Equipment (DCE) unit responding to users, or as a
Data Terminal Equipment (DTE) unit requesting services from a switch.

Enabling X.25 terminal connections

X.25 is a precursor to Frame Relay and is generally considered less efficient. However, many
sites use it to transmit information between users across the WAN. It accommodates both
high-volume data transfers and interactive use of host machines. The MAX can have one
physical connection to an X.25 DCE unit at the other end of a T1, E1, or BRI line. To support
interactive use, the connection must be nailed.

Configuring routing and bridging across the WAN

Routing and bridging configurations enable the MAX to forward packets between the local
network and the WAN and also between WAN connections.

Enabling protocol-independent packet bridging

The MAX can operate as a link-level bridge, forwarding packets from the Ethernet network to
a WAN connection (and vice versa) on the basis of the destination hardware address in each
packet. Unlike a router, a bridge does not examine packets at the network layer. It simply
forwards packets to another network segment if the address does not reside on the local
segment.

Caller-ID and
called-number
authentication

You can restrict who can access the MAX, by verifying the caller-ID
before answering the call. You can also use the called number to
authenticate and direct the call.

Authentication
servers

You can off load the authentication responsibility to a RADIUS or
TACACS server on the local network.

Security card
authentication

The MAX supports hand-held personal security cards, such as those
provided by Enigma Logic and Security Dynamics. These cards
provide users with a password that changes frequently, usually many
times a day. Support for dynamic passwords requires the use of a
RADIUS server that has access to an authentication server, such as an
Enigma Logic SafeWord AS or Security Dynamics ACE
authentication server.

Terminal server

After a dial-in user has met the initial connection-security criteria, you
can demand another password for access to the MAX terminal
services. Within the terminal server, you can restrict commands that
are accessible to users, or you can prevent them from executing any
command other than Telnet.

Filters and firewalls

Packet-level security mechanisms can provide a very high level of
network security.

Feature Description