User`s guide
USER’S GUIDE
64 SFVRA Connection Manager
Layer 2 Protocol (PPP or CPP), with the remote device. Once this is negotiated, the CyberSWITCH
sends a Connect Request to SFVRA-CONN. SFVRA Connection Manager checks time and
bandwidth restrictions for the remote device and sends a Connect Reply back to the
CyberSWITCH, indicating whether the call is acceptable. The CyberSWITCH then sends a Call
Accept message to the remote device and a Connect Notify message to SFVRA-CONN, which then
logs the call from the remote user and monitors the connection time.
O
FFNODE USER LEVEL AUTHENTICATION WITH SFVRA-CONN DEVICE LEVEL AUTHENTICATION
This feature provides device level authentication by the SFVRA Connection Manager service while
also requiring user level authentication from an off node authentication server, such as RADIUS,
ACE, or TACACS. The user level authentication can be configured with a grace period. When a
connection to the remote device completes user level authentication, the grace period starts. If a
connection is re-established before the grace period expires, the user level authentication is not
required.
The remote device is authenticated at the device level, as described in Device Level Authentication on
SFVRA-CONN. During the device level authentication process, SFVRA-CONN checks the grace
period, if the remote device is configured for user level authentication. If the grace period has not
expired, SFVRA-CONN disables user authentication, and sends this information in the
Authentication Reply message. If SFVRA-CONN accepts the call, and if the grace period has
expired, the remote device must initiate user level security through a Telnet connection to the
CyberSWITCH. The CyberSWITCH sends this information to the offnode authentication server.
Upon successful user level authentication, the CyberSWITCH will begin the grace period by
sending a message to SFVRA-CONN.
Note: Users must be on dial-up hosts or bridged PCs. Only bridging and IP are supported with
User Level Authentication.