Dynamic device configuration elements, Background information – Enterasys Networks CSX6000 User Manual
Page 217
Central Site Remote Access Switch 217
C
ONFIGURING
O
FF
-
NODE
S
ERVER
I
NFORMATION
Dynamic Device Option
U
SING
M
ANAGE
M
ODE
offnode
Allows you to change current settings for off-node server options. You may use this command
to enable and configure the dynamic device option.
D
YNAMIC
D
EVICE
C
ONFIGURATION
E
LEMENTS
D
EVICE
N
AME
A 1 to 17-character, user-specified name. Any name may be entered. For dynamic devices, this
name will not be used, but it must be entered to allow for creation of a device.
PAP P
ASSWORD
This password (a string of 1 to 12 ASCII characters) is used by PPP line protocol for PAP
authentication. For dynamic devices, this password is not used unless the Outbound
Authentication flag for the default device is enabled; but, either the password or secret is required
regardless of the setting of the outbound authentication flag.
CHAP S
ECRET
This field (a string of 1 to 17 ASCII characters) is used by PPP line protocol for CHAP
authentication. For dynamic devices, this secret is not used unless the Outbound Authentication
flag for the default device is enabled; but, either the password or secret is required regardless of the
setting of the outbound authentication flag.
O
UTBOUND
A
UTHENTICATION
Since the main focus of this feature is not to require device-level authentication, the
flag is disabled by default. However, if you would like to add additional security,
you can enable outbound authentication for the default device. If this is the case, all terminal users
dialing into the CyberSWITCH will need to pass user-level authentication, and configure their
remote machines (i.e., Win95 dialup client) with:
•
a user name that matches the name they will use for user-level security, and
•
a password that matches the password/secret defined for the default device.
In this situation, everyone will have the same password/secret, but different names.
For more information on these and other device-level configuration elements, refer to
Device Database Configuration Elements
.
B
ACKGROUND
I
NFORMATION
Terminal Mode connections require both device-level + user-level security configurations.
However, if you have a large number of users dialing in, you may not want to create an on-node or
CSM database with devices for all possible users. If device-level authentication is not necessary,
you can satisfy the device-level configuration requirement with the dynamic device option. This
option allows the dynamic creation of devices, based on an authenticated user name, and with the
device parameters associated with a “default” device. This “default” device is configured as part
of the off-node server configuration. Configuration consists of enabling the dynamic device option,
then specifying a PAP password or CHAP secret for the default device.
Once the dynamic device option is enabled, all terminal users dialing in will be given the same
configuration parameters (such as IP enabled or disabled, etc.).