Chapter 1: Introduction 9
Fallback mechanisms of the following types are available:
• Local authentication can be tried first followed by remote if the local authentication fails
(Local/Remote_Method), or
• Remote authentication may be tried first, followed by local (Remote_Method/Local), or
• Local authentication may be tried only if a remote authentication server is down
(Remote_MethodDownLocal).
Authentication configuration tasks
An administrator can configure authentication using the CLI utility and the Web Manager. The
default authentication method for the console server and the serial ports is Local. Any
authentication method that is configured for the console server or the ports is used for
authentication of any user who attempts to log in through Telnet, SSH or the Web Manager.
You can either accept the default or configure another authentication method.
VPN Based on IPSec with NAT Traversal
If IPSec is enabled in the selected security profile, an administrator can use the VPN feature to
enable secure connections. IPSec encryption with optional NAT traversal (which is configured by
default) creates a secure tunnel for dedicated communications between the console server and other
computers that have IPSec installed, such as routers, firewall machines, application servers and
end-user machines.
ESP and AH authentication protocols, RSA Public Keys and Shared Secret are supported.
Packet Filtering
An administrator can configure the device to filter packets like a firewall. Packet filtering is
controlled by chains. A chain is a named profile configured with one or more rules that define both
a set of characteristics to look for in a packet and what to do with any packet that has the defined
characteristics. The console server filter table contains a number of built-in chains that cannot be
deleted; all input and output packets and packets to be forwarded are accepted. The policies for how
to handle built-in chains can be modified.
To configure packet filtering, an administrator can do the following:
• Add a new chain and specify rules for that chain
• Add new rules to existing chains
• Edit a built-in chain or delete the built-in chain rules
SNMP
If SNMP is enabled in the selected Security Profile, an administrator can configure the Simple
Network Management Protocol (SNMP) agent that resides on the console server to send
notifications about significant events or traps to an SNMP management application.
To Next Page
Loading...
