Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
161162163164165166167168169170
Security Outgoing Authentication
11-4
11.1.2.3 Offering Authentication Information to the Incoming Caller
If the incoming caller must authenticate the SCS, the port must have PAP Local or CHAP Local configured.
Use the Define Ports PPP CHAP Local or Define Ports PPP PAP Local command.
Figure 11-9: Enabling CHAP and PAP Local
During CHAP/PAP negotiation, the SCS will send the sites username and remote password to the incoming
caller. To set a sites username and remote password, use the Define Site Authentication command:
Figure 11-10: Configuring the Site Username and Remote Password
Use caution when configuring a site to offer and accept authentication information (when the site has both
a local and remote password). PAP does not offer complete security in this situation; if the site has PAP
authentication enabled for incoming and outgoing connections, both passwords may be compromised
during the LCP negotiation process.
When the SCS receives an incoming call, a site configured with a local and remote password may let the
incoming caller know that it is willing to transmit these passwords. If the remote caller has PAP
authentication enabled, it may persuade the SCS to transmit its passwords to the remote caller as part of the
PAP authentication negotiation. At that point, the remote caller can hang up in possession of the SCS
passwords. The caller may be able to use the SCS remote password to log into other networks, or to call the
SCS and connect as an authorized user.
11.1.3 SLIP Logins
SLIP does not support authentication; authentication must take place before SLIP is started.
Ensure that the port will start in character mode by disabling SLIP autodetection and SLIP dedicated modes.
SLIP Autodetection and dedicated SLIP are disabled by default.
Figure 11-11: Disabling SLIPdetect and SLIP Dedicated
11.2 Outgoing Authentication
When the SCS attempts to connect to a remote host, the host may require that the SCS send a username and
password. The method used to transmit this username/password pair depends upon the type of connection:
character, SLIP, or PPP.
Local>> DEFINE PORT 2 PPP CHAP LOCAL
Local>> DEFINE PORT 2 PPP PAP LOCAL
Local>> DEFINE SITE irvine AUTHENTICATION USERNAME seattle
Local>> DEFINE SITE irvine AUTHENTICATION REMOTE gopher
Local>> DEFINE PORT 2 SLIPDETECT DISABLED
Local>> DEFINE PORT 2 SLIP DISABLED
Local>> DEFINE PORT 2 SLIP ENABLED