User`s guide
Table Of Contents
- Ascend Customer Service
- How to use this guide
- What you should know
- Documentation conventions
- How to use the on-board software
- Manual set
- Configuring WAN Connections
- Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Parameters that affect the routing table
- Static and dynamic routes
- Configuring static routes
- Specifying default routes on a per-user basis
- Enabling the Pipeline to use dynamic routing
- Route preferences
- Viewing the routing table
- Fields in the routing table
- Removing down routes to a host
- Identifying Temporary routes in the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
- IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
- Dial-in user DNS server assignments
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
- Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
- Configuring the Pipeline as a Bridge
- Defining Filters and Firewalls
- Setting Up Pipeline Security
- Pipeline System Administration
- Pipeline 75 Voice Features
- IDSL Implementations
- APP Server utility
- About the APP Server utility
- APP Server installation and setup
- Configuring the Pipeline to use the APP server
- Using App Server with Axent SecureNet
- Creating banner text for the password prompt
- Installing and using the UNIX APP Server
- Installing and using the APP Server utility for DO...
- Installing and using the APP Server utility for Wi...
- Installing APP Server on a Macintosh
- Troubleshooting
- Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
- Untitled
Setting Up Pipeline Security
Using security cards
7-20 Preliminary January 30, 1998 Pipeline User’s Guide
Requesting PAP-TOKEN-CHAP mode
PAP-TOKEN-CHAP authenticates additional channels using CHAP. If it is
specified in the Send Auth parameter, but the RADIUS profile at the far end is
not set up for PAP-TOKEN-CHAP, then PAP-TOKEN is used instead.
The dynamic password supplied by a user authenticates the base channel of the
call. It is sent in the clear (via PAP). When the Pipeline adds additional channels
to the call, PAP-TOKEN-CHAP uses CHAP authentication for the new channels.
CHAP sends encrypted passwords, so it can take the auxiliary password from the
Aux Send PW parameter and transmit it securely.
The following parameters are used to configure the calling unit:
Ethernet
Connections
profile
Encaps options...
Send Auth=PAP-TOKEN-CHAP
Send PW=*SECURE*
Aux Send PW=*SECURE*
The Send Auth parameter specifies the authentication mode requested by the
calling unit (PAP-TOKEN-CHAP in this case). The Send PW password is sent as
part of the initial session negotiation. If the session presents a password
challenge, the user enters the password generated by the security card.
The Aux Send PW parameter is sent via CHAP for authenticating additional
channels; additional entries derived from the security card are not required.
Requesting CACHE-TOKEN
CACHE-TOKEN uses CHAP and caches the initial password for re-use in
authenticating channels as they are added to the call. The RADIUS profile at the
far end must be set up with appropriate attributes that specify how long the token
will be cached.
The following parameters are used to configure the calling unit: