
Additional RAS Enhancements
The RAS service has been enhanced in this release to add support for routers
acting as RAS clients. Support was added for the RADIUS attributes
“Framed_Route” and “Framed_Netmask.” Previous releases of software ignored
these attributes when/if the RADIUS server responded with them and provided a
"host" address and subnet mask to all RAS callers.
RAS services have been added to the SuperStack II NETBuilder SI (CF package) and
the NETBuilder II multiprotocol nonencrypted software (DW package).
Extensible Authentication Protocol
The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP
authentication that supports multiple authentication mechanisms. It is being
included in Windows NT 5.0 and simplifies support of token-based authentication.
This feature supports customers who use token card authentication systems with
NETBuilder bridge/routers as their network access servers. Specifically, only the
following authentication methods are supported:
Generic Token Card
The Default Authentication Protocol parameter for the PPP Service does not
include a configuration option for EAP at the time of the 11.1 release. The
functionality will be available in a patch release for 11.1. Contact your 3Com
support representative for a patch version of the software that allows you to set
this parameter.
DHCP Proxy
During an IPCP negotiation, a remote client may ask for an IP address to be
assigned. The IP address can be obtained either through an internal IP address
pool or from an external DHCP server. To support dynamic IP address assignment
for RAS clients through an external DHCP server, the NETBuilder bridge/router
must act as a proxy agent on behalf of each remote client.
Encryption Strength
New levels of encryption strength and algorithms have been added to this release.
3Com has extended the encryption software to support up to 128 bits. RC5 and
3DES-2key have been added to the IPSEC feature set (MPPE will continue to use
RC4). For this release of 3DES, the key length is limited to up to 128 bits. In
3DES-2key (the implementation for 11.1) the first key is also used for the last key
(first key, second key, first key).
The “strong” encryption software upgrades and hardware ship kits are
recognizable via the 3CR number and the package identifiers.
128 bit support packages/kits contain:
A package identifier ending in ‘S’ (example, NS)
A 3CR number containing/ending in ‘92’ (examples, 3CR856792,