Introduction 14
Interconnect Switch can also be uploaded to a TFTP server, a configuration file can be downloaded into a GbE2
Interconnect Switch from a TFTP server, and configuration settings can be saved to the TFTP server.
Store and forward switching scheme
The GbE2 Interconnect Switch provides a store and forward switching scheme that allows each packet to be buffered
(stored) before it is forwarded to its destination. While this method creates latency, it improves reliability in a heavily
used interconnect switch. Packets that cannot be forwarded are saved immediately, rather than dropped, so that
packets behind them are less likely to be dropped in periods of heavy usage.
Bootstrap Protocol
By default, the GbE2 Interconnect Switch is configured to obtain an IP address from a Bootstrap Protocol (BOOTP)
server during the boot process. The IP settings can also be manually configured by means of the serial interface. The
IP settings are configurable from the browser-based interface, but because the connection is based on an IP address
for these interfaces, users will have to reconnect with the newly assigned IP address.
Network Time Protocol
The GbE2 Interconnect Switch can maintain the current date and time. This information displays on the management
interfaces and is used to record the date and time of switch events. Current date and time information can be
manually set on the GbE2 Interconnect Switch or can be obtained through Network Time Protocol (NTP). NTP allows
the GbE2 Interconnect Switch to send a request to a primary NTP server in each polling period asking for Greenwich
Mean Time (GMT).
Remote Authentication Dial-in User Service (RADIUS)
The GbE2 Interconnect Switch supports the Remote Authentication Dial-in User Service (RADIUS) method to
authenticate and authorize remote administrators for managing the GbE2 Interconnect Switch. This method is based
on a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end database server. A
remote user (the remote administrator) interacts only with the RAS, not the back-end server and database.
RADIUS authentication consists of the following components:
•
A protocol with a frame format that utilizes User Datagram Protocol (UDP) over IP, based on Request For
Comments (RFC) 2138 and 2866
•
A centralized server that stores all the user authorization information
•
A client, in this case, the GbE2 Interconnect Switch
The GbE2 Interconnect Switch, acting as the RADIUS client, communicates to the RADIUS server to authenticate and
authorize a remote administrator using the protocol definitions specified in Request For Comments (RFC) 2138 and
2866. Transactions between the client and the RADIUS server are authenticated using a shared key that is not sent
over the network. In addition, the remote administrator passwords are sent encrypted between the RADIUS client (the
switch) and the back-end RADIUS server.
The benefits of using RADIUS are:
•
Authentication of remote administrators
•
Identification of the administrator using name/password
•
Authorization of remote administrators
•
Determination of the permitted actions and customizing service for individual administrators
Terminal Access Controller Access Control System Plus ()
Starting with Release 2.0, the GbE2 Interconnect Switch supports the Terminal Access Controller Access Control
System Plus () method to authenticate, authorize, and account for remote administrators managing the
GbE2 Interconnect Switch. This method is based on a client/server model. The switch is a client to the back-end
AAA server. A remote user (the remote administrator) interacts only with the client, and not with the
back-end AAA server.
The AAA method consists of the following components:
•
A protocol with a frame format that utilizes TCP over IP
•
A centralized AAA server that stores all the user authentication, authorization, and accounting (of usage)
information
•
A Network Access Server (NAS) or client (in this case, the GbE2 Interconnect Switch)
The GbE2 Interconnect Switch, acting as the client or NAS, communicates to the server to
authenticate, authorize, and account for user access. Transactions between the client and the server are