Cisco ONS 15600 Manual
Cisco ons 15600 procedure guide
Hide thumbs
Also See for ONS 15600:
- Reference manual (376 pages) ,
- Installation instructions manual (14 pages) ,
- Troubleshooting manual (62 pages)
Table of Contents
Quick Links
See also:
Troubleshooting Manual, Reference Manual
Security
This chapter provides information about Cisco ONS 15600 user security. To provision security, refer to
the Cisco ONS 15600 Procedure Guide.
Chapter topics include:
•
•
•
•
5.1 Users IDs and Security Levels
When you log in to an ONS 15600 for the first time, you use the CISCO15 user ID, which is provided
with every ONS 15600 system. You can use the CISCO15 ID, which has Superuser privileges, to create
other ONS 15600 user IDs. For detailed instructions about creating users, refer to the Cisco ONS 15600
Procedure Guide.
Each ONS 15600 permits up to 500 Cisco Transport Controller (CTC) or TL1 user IDs. A user ID is
assigned one of the following security levels:
•
•
•
•
See
By default, multiple concurrent user ID sessions are permitted on the node, that is, multiple users can
log into a node using the same user ID. However, you can provision the node to allow only a single login
per user and prevent concurrent logins for all users.
5.2 User Privileges and Policies
This section lists user privileges for each CTC action and describes the security policies available to
Superusers for provisioning.
5.1 Users IDs and Security Levels, page 5-1
5.2 User Privileges and Policies, page 5-1
5.3 Audit Trail, page 5-6
5.4 RADIUS Security, page 5-7
Superuser—Users can perform all of the functions of the other security levels as well as set names,
passwords, and security levels for other users.
Provisioning—Users can access provisioning and maintenance options.
Maintenance—Users can access only the ONS 15600 maintenance options.
Retrieve—Users can retrieve and view CTC information but cannot set or modify parameters.
Table 5-3 on page 5-6
for idle user timeout information for each security level.
C H A P T E R
Cisco ONS 15600 Reference Manual, R7.0
5
5-1
Table of Contents
Related Manuals for Cisco ONS 15600
Summary of Contents for Cisco ONS 15600
- Page 1 5.1 Users IDs and Security Levels When you log in to an ONS 15600 for the first time, you use the CISCO15 user ID, which is provided with every ONS 15600 system. You can use the CISCO15 ID, which has Superuser privileges, to create other ONS 15600 user IDs.
-
Page 2: User Privileges By Security Level
— — TARP: MAT: Add/Edit/Remove — — Routers: Setup: Edit — — — Routers: Subnets: — — Edit/Enable/Disable Tunnels: Create/Edit/Delete — — BLSR Create/Edit/Delete/Upgrade — — Ring Map/Squelch Table/RIP Table Protection Create/Delete/Edit — — Cisco ONS 15600 Reference Manual, R7.0... - Page 3 Chapter 5 Security 5.2.1 User Privileges by Security Level Table 5-1 ONS 15600 Security Levels—Node View (continued) CTC Tab Subtab Actions Retrieve Maintenance Provisioning Superuser Security Users: Create/Delete/Clear Security — — — Intrusion Users: Edit Same Same user Same user...
- Page 4 Chapter 5 Security 5.2.1 User Privileges by Security Level Table 5-1 ONS 15600 Security Levels—Node View (continued) CTC Tab Subtab Actions Retrieve Maintenance Provisioning Superuser Protection Switch/Lock out/Lockon/Clear/ — Unlock Software Download — Activate/Revert/Accept — — — Diagnostic Retrieve Diagnostic File —...
-
Page 5: Security Policies
Procedure Guide. 5.2.2.2 Idle User Timeout Each ONS 15600 CTC or TL1 user has a specified amount of time to leave the system idle before the CTC window locks. CTC lockouts prevent unauthorized users from making changes. Higher-level users have shorter idle times and lower-level users have longer or unlimited default idle periods, as shown in Table 5-3. -
Page 6: Superuser Password And Login Privileges
ID are not allowed. 5.3 Audit Trail The ONS 15600 maintains a GR-839-compliant audit trail log that resides on the TSC card. This record shows who has accessed the system and what operations were performed during a given period of time. -
Page 7: Audit Trail Log Entries
Users with Superuser security privileges can configure nodes to use Remote Authentication Dial In User Service (RADIUS) authentication. Cisco Systems uses a strategy known as authentication, authorization, and accounting (AAA) for verifying the identity of, granting access to, and tracking the actions of remote users. -
Page 8: Shared Secrets
An ONS 15600 node operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response that is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and returning all configuration information necessary for the client to deliver service to the user. -
Page 9
The stronger your shared secret, the more secure are the attributes (for example, those used for passwords and encryption keys) that are encrypted with it. An example of a strong shared secret is 8d#>9fq4bV)H7%a3-zE13sW$hIa32M#m
- Page 10 Chapter 5 Security 5.4.2 Shared Secrets Cisco ONS 15600 Reference Manual, R7.0 5-10...