8: Device Ports
SLC™ Console Manager User Guide 139
dial-on-demand connection will be started for each, waiting for IP traffic destined for a remote
network.
When IP traffic needs to be sent, the SLC unit dials the appropriate Dial-out Number for the
site, and if the remote peer requests PAP or CHAP authentication, provides the Dial-out
Login and Dial-out Password as authentication tokens. Once authenticated, a PPP session
will be established using either negotiated IP addresses or specific IP addresses (determined
by the Negotiate IP Address setting). The PPP connection will stay active until no IP traffic is
sent for Modem Timeout seconds. Once the timeout has expired, the PPP connection will be
terminated and will not be reestablished for at least Restart Delay seconds.
CBCP Server
Callback Control Protocl (CBCP) is a PPP option that negotiates the use of callback where the
server, after authenticating the client, terminates the connection and calls the client back at a
phone number that is determined by the CBCP handshake. For more information on CBCP, see
http://technet.microsoft.com/en-us/library/cc957979.aspx
. CBCP is used primarily by Microsoft
PPP peers. CBCP supports two options for determining the number to dial on callback: the client
can specify a user-defined number for the server to dial on callback, or the client can request the
server use an administrator-defined number to dial on callback. Optionally, some servers may also
allow "no callback" as an option.
For CBCP Server, the SLC console manager waits for a client to call the unit, establishes a PPP
connection, authenticates the user, and negotiates a dial-back number with the client using CBCP.
If the SLC unit is able to determine a dial-back number to use, it hangs up and calls the dial-back
number.
When a call is received, a PPP connection is established, and the user will be authenticated via
PAP or CHAP (determined by the Authentication setting for the modem). For PAP, the Local/
Remote User list will be used to authenticate the login and password sent by the PPP peer, and
the site list will be searched for a site that (a) the Login/CHAP Host matches the name that was
authenticated, (b) Authentication is set to PAP, and (c) the Port is set to None or matches the
port the modem is on. For CHAP, the site list will be searched for a site that (a) the Login/CHAP
Host and CHAP Secret match the name and secret sent in the CHAP Challenge response by the
PPP peer, (b) Authentication is set to CHAP, and (c) the Port is set to None or matches the port
the modem is on. If the remote peer requests PAP or CHAP authentication from the SLC console
manager the Remote/Dial-out Login and Remote/Dial-out Password configured for the modem
(not the site) will be provided as authentication tokens.
If a matching site is found, its CBCP Server Allow No Callback, Dial-back Number, Allow Dial-
back, Dial-back Delay, Dial-out Login, Dial-out Password, Negotiate IP Address, NAT, and
Modem Timeout parameters will be used for the rest of the dial-back connection instead of the
parameters configured for the modem. Once the remote server is authenticated, the CBCP
handshake with the client determines the number to use for dial-back. The SLC unit will present
the client with the available options: if Allow Dial-back is enabled for the site and a Dial-back
Number is defined, the administrator-defined option is allowed; if this is not the case, the user-
defined number is allowed. Additionally, if CBCP Server Allow No Callback is enabled, the client
can also select no callback (the PPP connection established at dial-in will remain up). The client
will select from the available callback options. If the SLC device can determine a dial-back number
to use, it will hang up and wait Dial-back Delay seconds before initiating the dial-back. The SLC
console manager will call back the previously authenticated remote peer, and if the remote peer
requests PAP or CHAP authentication, provide the Dial-out Login and Dial-out Password as
authentication tokens. Once authenticated, a PPP session will be established using either
negotiated IP addresses or specific IP addresses (determined by the Negotiate IP Address
setting).
To Next Page
Loading...
Need help?
General