Version 6.6
379
October 2014
Installation & Operation Manual
33. Configuring Security Settings
cmd-arg
= <arguments>" (e.g. moBoard#6)
Accounting Request
sent after the command completion, includes the following AV-
pairs:
stop_time
= <stop time> (in seconds since 1/1/1970)
elapsed_time
= <elapsed time> (in seconds)
cmd
= <command> (e.g. show)
cmd-arg
= <arguments>" (e.g. moBoard#6)
33.18.6.1.4 Working With Server : ROOT and EMS Users
For typical configurations, the Mediant 8000 should be configured to perform
authentication of
root
and
ems
users using the local user database (instead of via the
servers). This architecture ensures that common maintenance tasks
performed by the EMS server (e.g. Online Software Upgrade) do not depend on the
servers’ availability and will continue to work even in case of a temporary
network outage. It also allows provisioning of different passwords for these task-critical
users on different Media Gateways – thus enhancing overall network security.
Users who nevertheless wish to store user profiles for
root
and
ems
users on
server, may do so by configuring the parameter
Skip AAA Validation For
Special Users
to
Disabled
as described in the following sections.
33.18.6.1.5 Configuring Media Gateway to Work With Servers
To configure the Mediant 8000 to work with centralized servers:
1.
Connect to the Mediant 8000 CLI interface (on active SC board) and login as
root
user.
2.
Disable synchronization of local CLI user database with EMS server via
tools
user sync disable
command.
3.
Delete all CLI users, except
root
and
ems
from the local user database on SC
boards, via the
tools user del all
command.
4.
In the EMS, click
to access the Media Gateway status screen.
5.
In the Navigation pane, select
Security
and then in the configuration pane, select
Security Settings
; the Security Settings screen is displayed.
6.
In the Security Settings screen, select the
CLI Authentication
tab.
7.
At the bottom of the screen, use the
or
buttons to add or remove
servers. Configure server settings according to the "AAA
Server Settings" table below. After completing the configuration, unlock table
entries by right-clicking on the row and choosing
Unlock
.
8.
Set
External Authentication Server
to
TACACS
.
9.
Configure settings according to the " Settings" table below.
Summary of Contents for Mediant 8000
Page 2: ......
Page 33: ...Part I Hardware Overview This part describes the hardware overview of the Mediant 8000 chassis...
Page 34: ......
Page 90: ......
Page 158: ......
Page 264: ......
Page 546: ......
Page 775: ...Part VI Maintenance This part describes the Mediant 8000 maintenance procedures...
Page 776: ......
Page 834: ......
Page 879: ...Part VIII Appendices This part describes additional Mediant 8000 configuration procedures...
Page 880: ......
Page 924: ...Media Gateway Mediant 8000 www audiocodes com Installation Operation Maintenance Manual...