Avaya VSP 4000 Скачать руководство пользователя страница 84

Страница: 84 / 137

Avaya Inc.

– External Distribution

avaya.com

March 2015

Step 4: Enter login credentials

Step 5: Using SSH to connect to another switch

VSPswitch(config):1:1#

exit

VSPswitch:1#

ssh 10.136.56.82 –l rwa

Trying 10.136.56.82 ...

Are you sure you want to continue? (y/n) ? y

[email protected]'s password: ******

Содержание VSP 4000

Страница 1: ...Virtual Services Platform 4000 8000 9000 Engineering Management Access Security Technical Configuration Guide Avaya Networking Document Date April 2015 Document Number NN48500 650 Document Version 1 1...

Страница 2: ...SING THE SOFTWARE OR AUTHORIZING OTHERS TO DO SO YOU ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING DOWNLOADING OR USING THE SOFTWARE HEREINAFTER REFERRED TO INTERCHANGEABLY AS YOU A...

Страница 3: ...tch using Telnet HTTP SSL SSH and SNMP Revision Control Version Date Revised By Remarks Draft 1 3 16 2015 John Vant Erve Jeff Cox Initial Draft Draft 2 4 3 2015 Didier Ducarre Review Draft 3 4 9 2015...

Страница 4: ...word prompt 21 3 7 Telnet Access Configuration Examples using Local Users with hsecure disabled 22 3 7 1 Local Password Configuration Password Security Disabled 22 3 7 2 Verify Operations 23 4 Passwor...

Страница 5: ...anager 95 7 1 EDM configuration Example 96 7 1 1 Configuration 96 7 1 2 Verify Operations 100 8 SNMP 101 8 1 SNMPv3 Overview 101 8 2 Blocking SNMP 102 8 3 Blocking SNMPv1 2 only 102 8 4 Community Stri...

Страница 6: ...fy Operations 116 8 15 SNMP Traps 119 8 15 1 Trap Receivers 119 8 16 SNMPv1 Trap Configuration Example 120 8 16 1 Configuration 120 8 16 2 Verify Operations 120 9 Access Policy 123 9 1 Enable Access P...

Страница 7: ...Avaya Inc External Distribution 7 avaya com March 2015 Figures Figure 1 SNMPv3 USM 101 Figure 2 MIB Structure 110...

Страница 8: ...tributes 24 Table 5 Enhanced Security RADIUS Attributes 25 Table 6 RADIUS Events Logged 25 Table 7 TACACS Access Levels 56 Table 8 Enhanced Security TACACS Attributes 56 Table 9 SSH clients 78 Table 1...

Страница 9: ...dicates text the user must enter or select in a menu item button or command ERS5520 48T show running config Output examples from Avaya devices are displayed in a Lucida Console font ERS5520 48T show s...

Страница 10: ...1 config boot config flags block snmp VSPswitch 1 config no boot config flags block snmp VSPswitch 1 config boot config flags ftpd VSPswitch 1 config no boot config flags ftpd VSPswitch 1 config boot...

Страница 11: ...e switch supports the following authentication access levels for local authentication Remote Authentication Dial In User Service RADIUS and Terminal Access Controller Access Control System Plus TACACS...

Страница 12: ...ase character from the range ABCDEFGHIJKLMNOPQRSTUVWXYZ Two lowercase character from the range abcdefghijklmnopqrstuvwxyz Two numeric character from the range 1234567890 Two special character from the...

Страница 13: ...Re enter the New password Admin Jvelab123 8202 1 en 8202 1 show cli password change interval 24 min passwd len 8 password history 3 password rule 1 1 1 1 pre expiry notification interval 1 7 30 post...

Страница 14: ...e the same user name or password as that temporarily configured Login user1 Password This is an initial attempt using the default user name and password Please change the user name and password to con...

Страница 15: ...ages explaining when the password will expire The administrator can define the pre and post notification interfaces between 1 and 99 days If you do not change the password before the expiry date the s...

Страница 16: ...return the system back to the factory default defaults and delete all the configured user accounts VSPswitch 1 config sys system default WARNING Executing this command returns the system to factory d...

Страница 17: ...nd status information and change physical port settings l1 l1 Layer 2 read write View and change configuration and status information for Layer 2 bridging and switching functions l2 l2 Layer 3 read wr...

Страница 18: ...ssword followed by the entering and verifying the new password VSPswitch 1 config cli password rwa read write all Enter the old password rwa Enter the New password Re enter the New password 3 1 2 Enab...

Страница 19: ...The following command confirms the change VSPswitch 1 show cli password access level aging 90 min passwd len 8 password history 3 ACCESS LOGIN STATE rwa rwa NA rw rw ena l3 l3 ena l2 l2 ena l1 l1 ena...

Страница 20: ...must re enable SNMP using the command no boot config flag block snmp After you enable the hsecure flag you can configure a duration after which you must change your password You configure the duration...

Страница 21: ...t CLI prompt VSPswitch 1 config default prompt 3 6 Login message and password prompt To change the default CLI login prompt first you must disable the default login prompt no login message and then en...

Страница 22: ...nly user name from rw to user2 o For user2 use the password readwrite Change the default login and password prompt from Login and Password to Enter username and Enter your password Step 1 Add new user...

Страница 23: ...na Default Lockout Time 60 Lockout Time IP Time Step 2 Verify the login prompt VSPswitch 1 config show cli info cli configuration more true screen lines 23 telnet sessions 8 rlogin sessions 8 timeout...

Страница 24: ...erver authenticates the user name and assigns one of the existing access priorities to that name Unauthenticated user names are denied access to the device User names ro L1 L2 L3 rw and rwa must be ad...

Страница 25: ...deny CLI commands for a user This is done using RADIUS vendor identifier 1584 attribute types 194 and 195 Attribute type 194 needs to be set to a value of 0 while attribute 195 lists the command you...

Страница 26: ...the source IP address If you do not specify the source IP the VSP switch will use the source IP address of the out going interface Depending on the number of out going interfaces you may have to add t...

Страница 27: ...e default CLI command attribute value to another value other than 195 enter the following command VSPswitch 1 config radius cli commands attribute 192 240 4 4 Enabling RADIUS accounting globally To us...

Страница 28: ...hen adding a RADIUS server no additional configuration steps are required to enable CLI RADIUS authentication Step 1 Add RADIUS server enable RADIUS enable RADIUS accounting and enable RADIUS accounti...

Страница 29: ...d count 5 radius sourceip flag Step 2 Verify that RADIUS has been enabled globally VSPswitch 1 show radius Sub Context clear config dump monitor mplsping mplstrace peer show switchover test trace Curr...

Страница 30: ...rch 2015 Step 3 Verify that RADIUS Server Configuration VSPswitch 1 show radius server Radius Server Entries ACCT ACCT SOURCE NAME USEDBY SECRET PORT PRIO RETRY TIMEOUT ENABLED PORT ENABLED IP 10 12 1...

Страница 31: ...und attribute values required by the VSP switch for each access level for RADIUS vendor identifier 1584 Bay Networks attribute type 192 For this example we will configure IDE with attribute values of...

Страница 32: ...rity Values for Read Only and Read Write All Access IDE Step 1 IDE already has the vendor specific attributes defined Bay Networks vendor code 1584 using attribute type 192 for the VSP switch which ca...

Страница 33: ...ing Outbound Attributes New IDE Step 3 Via the Outbound Attribute window type in a name for the attribute to be used for access priority i e VSP Access Priority as used in this example click the VSA r...

Страница 34: ...Avaya Inc External Distribution 34 avaya com March 2015 IDE Step 4 Go to Site Configuration Provisioning RADIUS Outbound Values New...

Страница 35: ...entering a name via the Outbound Value Name window i e vsp ro as used in this example and click on New IDE Step 6 Select the Outbound Attributes name created in Step 3 i e VSP Access Priority as used...

Страница 36: ...dd an attribute value of 6 for read write all access Start by entering a name via the Outbound Value Name window i e vsp rwa as used in this example and click on New IDE Step 8 Select the Outbound Att...

Страница 37: ...e to be used to list the CLI command click the VSA radio button select Bay Networks vendor code 1584 via Vendor and ERS8xxx CLI Commands attribute 195 via VSA Click on OK when done IDE Step 3 Set the...

Страница 38: ...3 3 Add Users For this configuration example we will add the following users User Name Access Level user1 Read Only Access user6 Read Write All Access IDE Step 1 Start by going to Site Configuration...

Страница 39: ...or read only access via User Name i e user1 as used in this example and enter the password for this user via Password and Confirm Password Click on OK when done If you wish you can also change the exp...

Страница 40: ...ll access user Enter the user name for read write all access via User Name i e user6 as used in this example and enter the password for this user via Password and Confirm Password Click on OK when don...

Страница 41: ...ya com March 2015 4 6 3 4 Add an Access Policy IDE Step 1 Go to Site Configuration Access Policies RADIUS Right click RADIUS and select New Access Policy Enter a policy name i e VSP Access as used in...

Страница 42: ...2 avaya com March 2015 IDE Step 2 Click on the policy we just created i e ERS8000 Access and click on Edit via the Authentication Policy tab IDE Step 3 Under Edit Authentication Policy window select N...

Страница 43: ...Avaya Inc External Distribution 43 avaya com March 2015 IDE Step 4 Go to the Identity Routing tab and click on Edit IDE Step 5 Check off the Enable Default Directory Set and click on OK when done...

Страница 44: ...on Edit IDE Step 7 Once the Edit Authorization Policy window pops up click on Add Add a rule for read only access When the New Rule window pops up for this example name the rule read only access Add...

Страница 45: ...raint For the read only access rule we configure the rule to look for a user id of user1 o Attribute Category User Attribute user id Static Value user1 For the read only access rule we configure the r...

Страница 46: ...ernal Distribution 46 avaya com March 2015 Select the read write all rule and add the following constraint usig the user id s we configured in above Select the read write all rule and add the followin...

Страница 47: ...alues window select the output attribute we created previously named vsp ro and click on the less than arrow key to move the attribute to the Provision With window Click on the rule named read write a...

Страница 48: ...Avaya Inc External Distribution 48 avaya com March 2015...

Страница 49: ...Avaya Inc External Distribution 49 avaya com March 2015 IDE Step 10 When completed you can view the complete policy by clicking on the Access Policy Summary button...

Страница 50: ...2015 4 6 3 5 Add the Avaya VSP switch as an RADIUS Authenticator For Ignition Server to process the Avaya switch RADIUS requests each switch must be added as an Authenticator IDE Step 1 Go to Site Con...

Страница 51: ...a com March 2015 IDE Step 2 Enter the settings as shown below making sure you select the policy we created previously named ERS8000 Access via Access Policy Leave Enable Authenticator and Enable RADIU...

Страница 52: ...gnition Server click on the Troubleshoot tab go to Directory Service Debugger and select the Auth User tab Make you select Internal User Store and PAP and the enter a valid user name and password conf...

Страница 53: ...r user IDE Step 1 In Dashboard select the IP address of the Ignition Server and click on the Monitor tab go to Log Viewer and select the Access tab Via the message of a valid user right click the mess...

Страница 54: ...Avaya Inc External Distribution 54 avaya com March 2015...

Страница 55: ...ous step and if this also fails verify the Ignition Server configuration User Id Displays the name of the user id in this example a user id of user6 was used for the user with read write all access ri...

Страница 56: ...rt to ensure reliable delivery of packets TACACS provides security by encrypting all traffic between the switch which acts as the Network Access Server and the TACACS server The VSP switch supports le...

Страница 57: ...assword authentication PAP CHAP MSCHAP authentication methods The FOLLOW response of a TACACS server in which the AAA services are redirected to another server The response is interpreted as an authen...

Страница 58: ...connenction the switch uses the default connection type which is per session or multi connection mode Enabling TACACS authentication VSPswitch 1 config tacacs authentication all cli web Enabling TACA...

Страница 59: ...interface VSPswitch 1 config interface loopback 1 VSPswitch config if ip address 1 10 1 1 81 255 255 255 255 VSPswitch config if exit Step 2 Add TACACS server enable TACACS and enable TACACS accountin...

Страница 60: ...ion enabled for cli accounting enabled for cli authorization disabled User privilege levels set for command authorization None Server create Prio Status Key Port IP address Timeout Single Source Sourc...

Страница 61: ...e expiry date via Password Expires if you do not wish to use the default setting of one year Repeat again by clicking on New to add user6 IDE Step 3 Add a new TACACS policy by going to Configuration S...

Страница 62: ...l down and select user id Select Equal To with Format of None check Static Value and enter the read only access user id of user6 Click on OK when done Via Action select Allow Click on the Session Valu...

Страница 63: ...ct ers switches avaya via Device Template and remove the default check via Enable RADIUS Access Under the RADIUS Setting tab uncheck the Enable RADIUS Access setting to disable RADIUS this is the defa...

Страница 64: ...March 2015 IDE Step 6 Go to Configuration Site Configuration Access Policies TACACS VSP Policy Name of policy we created in Step 3 above Go to the Identity Routing tab and click on Edit Check the Enab...

Страница 65: ...ation level 1 6 User privilege level all Enable tacacs command authorization for all privilege levels none Disable tacacs command authorization for all levels For this configuration example we will us...

Страница 66: ...ration TACACS CONFIGURATION tacacs server host 10 12 120 120 key source 10 1 1 81 source ip interface enable tacacs protocol enable tacacs accounting enable cli tacacs authorization enable tacacs auth...

Страница 67: ...00 to 2299 IDE Step 1 Go to Configuration Site name Services TACACS Ensure that TACACS is enabled if not click the Edit box and enable TACACS The default port TCP 49 should be left as is IDE Step 2 Ad...

Страница 68: ...level5_set1 as used in this example and click on Add for each ACLI command set For all the normal commands via the Device Command window select Simple Command using Keywords and Arguments and Allow Fo...

Страница 69: ...to the Authorization Policy tab and click on Edit o Once the Edit Authorization Policy window pops up click on Add in the Rules window Add two Rules simply named level6 and level5_cmd o For the rule n...

Страница 70: ...Avaya Inc External Distribution 70 avaya com March 2015...

Страница 71: ...n and select user id Select Equal To with Format of None check Static Value and enter the read only access user id of userabc Click on OK when done Via Action select Allow Click on the Session Values...

Страница 72: ...Avaya Inc External Distribution 72 avaya com March 2015 o When completed you can view the complete policy by clicking on the Access Policy Summary button...

Страница 73: ...ticator Type select Avaya via Vendor select ers switches avaya via Device Template and remove the default check via Enable RADIUS Access Under the RADIUS Setting tab uncheck the Enable RADIUS Access s...

Страница 74: ...Avaya Inc External Distribution 74 avaya com March 2015 Click on OK when done The configuration should look something like the following...

Страница 75: ...March 2015 IDE Step 6 Go to Configuration Site Configuration Access Policies TACACS VSP Policy Name of policy we created in Step 3 above Go to the Identity Routing tab and click on Edit Check the Enab...

Страница 76: ...y NotConn 49 10 12 120 120 10 false 10 1 1 81 true Step 2 Verify TACACS users i e assuming a TACACS using a user name of user6 via privilege level 6 has successfully been authenticated VSPswitch 1 con...

Страница 77: ...rnal Distribution 77 avaya com March 2015 Permission denied VSPswitch 1 config vlan create 2000 type port mstprstp 0 VSPswitch 1 config vlan members 2000 1 18 8201 1 config vlan members 1900 1 19 Perm...

Страница 78: ...ssh aead aes 256 gcm ssh hmac sha1 96 hmac md5 96 o VOSS 4 2 or higher hmac md5 hmac sha1 hmac sha1 96 hmac md5 96 Secure Copy SCP and or Secure File Transfer SFTP are off by default and enabled when...

Страница 79: ...n you enable the SSHv2 server To authenticate an SSHv2 client using DSA the administrator must copy the public part of the client DSA key to intflash ssh directory on the VSP switch that is acting as...

Страница 80: ...y_rwa RW intflash ssh dsa_key_rw RO intflash ssh dsa_key_ro L3 intflash ssh dsa_key_rwl3 L2 intflash ssh dsa_key_rwl2 L1 intflash ssh dsa_key_rwl Client key with enhanced secure mode enabled Administr...

Страница 81: ...H client authentication information using RSA Table 11 RSA authentication access level and file name Client key format Access level File name Client key in IETF format with enhanced secure mode disabl...

Страница 82: ...configuration If you are using RADIUS or TACACS for password authentication please setup the RADIUS or TACACS server referring to the sections titled Password Protection using RADIUS Authentication an...

Страница 83: ...ion Host Name or IP address enter the IP address of the switch select SSH and click on Open when done Step 6 Click on Yes when prompted with the public key fingerprint You will only be prompted with t...

Страница 84: ...com March 2015 Step 4 Enter login credentials Step 5 Using SSH to connect to another switch VSPswitch config 1 1 exit VSPswitch 1 ssh 10 136 56 82 l rwa Trying 10 136 56 82 Are you sure you want to co...

Страница 85: ...max sessions 4 timeout 60 action rsa keygen rsa keysize 2048 action dsa keygen dsa keysize 2048 rsa auth true dsa auth true pass auth true enable secure Step 3 Verify SSH session via log file VSPswit...

Страница 86: ...e enable both or either of these features again Putty will be used as the SSH Client while Puttygen will be used to generate the DSA key pairs We will use the DSA key names of dsa_key_rwa and vsppriv...

Страница 87: ...com March 2015 Step 4 Run Puttygen and select SSH 2 DSA key with 2048 bits and click on Generate to create both a public and private key The public key will be uploaded to the switch You will be promp...

Страница 88: ...d twice once for each CPU card In this example the PSCP and SFTP program is located via the directory c putty Please note the file name must use the file naming as shown in table 10 above The file nam...

Страница 89: ...assuming the remote switch is a VSP 8200 psftp open rwa 10 136 56 81 Using username rwa rwa 10 136 56 81 s password Remote working directory is intflash psftp cd ssh Remote directory is now intflash s...

Страница 90: ...Distribution 90 avaya com March 2015 b Once connected to the switch copy the public key to the intflash ssh directory on the VSP switch Select file from local site and drag to remote switch under the...

Страница 91: ...Avaya Inc External Distribution 91 avaya com March 2015 Step 7 Open up Putty scroll down to SSH Auth and select the private key generated above by clicking on the Browse icon and then click on Open...

Страница 92: ...Avaya Inc External Distribution 92 avaya com March 2015 Step 8 Go to Session Host Name or IP address enter the IP address of the switch select SSH and click on Open when done...

Страница 93: ...Avaya Inc External Distribution 93 avaya com March 2015 Step 9 Enter any user name you like when prompted with the login as prompt and enter the DSA Key passphrase from the DSA key you generated above...

Страница 94: ...48 rsa auth true dsa auth true pass auth true enable true Step 3 Verify DSA download public key VSPswitch 1 config ls intflash ssh drwxr xr x 2 0 0 4096 Mar 26 13 34 drwxr xr x 20 0 0 4096 Mar 24 13 2...

Страница 95: ...26 Microsoft Internet Explorer version 8 0 You cannot open two HTTP sessions from the same IP address to the same switch using the same browser To open two simultaneous sessions to the same switch yo...

Страница 96: ...ord ro wr rwa user name password VSPswitch 1 config web server password rwa admin AdminUser 1234 By default the Web server is configured with the secure only option that requires you to use https ip a...

Страница 97: ...Avaya Inc External Distribution 97 avaya com March 2015 Step 3 Login using the credential from step 1...

Страница 98: ...e Device menu to refresh and update device information or enable polling Preference Setting Enable polling or hot swap detection Configure the frequency to poll the device Refresh Status Use this opti...

Страница 99: ...earning Global MAC Filtering SMLT and SLPP IS IS Use the IS IS menu to view and configure IS IS and Shortest Path Bridging MAC SPBM IP Use the IP menu to view and configure IP routing functions for th...

Страница 100: ...server Web Server Info Status on Secure only enabled RWA Username admin RWA Password Def display rows 30 Inactivity timeout 900 sec Html help tftp source dir 10 136 61 50 help VOSSv420_HELP_EDM HttpP...

Страница 101: ...alidate the fingerprint VSP9000 and VOSS versions prior to 4 2 support two authentication protocols HMAC MD5 and HMAC SHA 96 for use with USM VOSS 4 2 and later versions support MD5 SHA 1 and SHA 2 Wh...

Страница 102: ...ve boot To re enable SNMP access type in the following command VSPswitch config no boot config flags block snmp 8 3 Blocking SNMPv1 2 only If you wish to allow only SNMPv3 access you can disable SNMPv...

Страница 103: ...fault VACM group tables provide either read only or read write Read only members can view configuration and performance information Read write members can view configuration and performance informatio...

Страница 104: ...ned by the Security Name from the VACM table VSPswitch show snmp server community Community Table Index Name Security Name Transport Tag first readview second initialview To view the SNMP security nam...

Страница 105: ...ew Community String To add a new community strings enter the following command VSPswitch config snmp server community name index Comm Idx secname security name Where Parameter Description Comm Idx The...

Страница 106: ...ss is controlled via community strings The default read community string is public x while the default read write community string is private x where x equals the VRF instance a number from 1 to 255 T...

Страница 107: ...all we have to do is change the VACM table security name from initialview to readview for the SNMP Community security name of second The end result if a user attempts to connect to an VSP switch using...

Страница 108: ...first secname readview Step 2 Change the write right access default community string from private to private1234 You must first delete the default read write community string and then add the new comm...

Страница 109: ...read only VACM security name of readview VSPswitch 1 config snmp server community readonly index third secname readview Step 2 Create the new read write community using an index name of forth add the...

Страница 110: ...both private and enterprise private MIBs Figure 2 MIB Structure To create a new MIB view enter the following command VSPswitch config snmp server view view name subtree oid Enterprise MIBS Standard MI...

Страница 111: ...B view named ro_private to exclude the Private branch enter the following Step 1 Create the new MIB view named ro_private VSPswitch 1 config snmp server view ro_private 1 3 6 1 4 8 12 2 Verify Operati...

Страница 112: ...zations to protect sensitive information It is also becoming a global standard for commercial software and hardware that uses encryption or other security features Once the DES or AES encryption modul...

Страница 113: ...unication with authentication MD5 or SHA and privacy DES or AES We can assign the USM group to either an existing MIB view or we could create a new MIB view and then assign it to the USM group The nex...

Страница 114: ...v1v2only v1v2only VACM Group Membership Configuration Sec Model Security Name Group Name snmpv1 readview readgrp snmpv1 sBladeUser sBladeGrp snmpv1 initialview v1v2grp snmpv2c readview readgrp snmpv2...

Страница 115: ...ig load encryption module DES Step 2 Add SNMPv3 authPriv User In this example we will use a user name of user1 a MD5 password of user1234 and a DES privacy password of userpriv VSPswitch 1 config snmp...

Страница 116: ...20 00 HMAC_MD5 DES PRIVACY user2 0x80 00 08 E0 03 00 80 2D BE 20 00 HMAC_MD5 NO PRIVACY initial 0x80 00 08 E0 03 00 80 2D BE 20 00 NO AUTH NO PRIVACY Step 2 Verify SNMP VACM group and access configura...

Страница 117: ...Priv v1v2only org readgrp snmpv2c noAuthNoPriv v1v2only org v1v2grp snmpv1 noAuthNoPriv v1v2only v1v2only v1v2only v1v2grp snmpv2c noAuthNoPriv v1v2only v1v2only v1v2only sBladeGrp snmpv1 noAuthNoPriv...

Страница 118: ...Avaya Inc External Distribution 118 avaya com March 2015 v1v2only 1 3 6 1 6 3 16 v1v2only 1 3 6 1 6 3 18...

Страница 119: ...m timeout value retries value mms value filter filter profile name Where Variable Value ipv4 ipv6 addr Specifies either an IPv4 or IPv6 address security name security name 1 32 specifies the security...

Страница 120: ...p receiver with an target address of 192 168 50 100 using the default notification tag trapTag for SNMPv1 traps VSPswitch 1 config snmp server host 192 168 50 100 v1 readview VSPswitch 1 config snmp s...

Страница 121: ...v3 authNoPriv operator Step 2 Verify SNMP trap receiver VSPswitch 1 config show snmp server host Target Address Configuration Target Name TDomain TAddress TMask 4f99cb74d471bada1dc572fa85a1fe51 ipv4 1...

Страница 122: ...me MP Model Security Name Sec Level 4f99cb74d471bada1dc572fa85a1fe51 usm operator authNoPriv TparamV1 snmpv1 readview noAuthNoPriv TparamV2 snmpv2c readview noAuthNoPriv c0c5053151fc2c2528f09ef8dea9ae...

Страница 123: ...that matches this entry should be permitted to enter the device or denied access Service Indicates the protocol to which this entry should be applied Choices are telnet snmp tftp ftp http rlogin and o...

Страница 124: ...r netmask precedence Set access policy precedence rlogin Enable rlogin snmp group Add snmpV3 group under this access policy snmpv3 Enable snmp ssh Enable ssh telnet Enable telnet tftp Enable tftp user...

Страница 125: ...ies the access level of the trusted host as one of the following ro readOnly rw readWrite rwa readWriteAll accessstrict Enables or disables strict access criteria for remote users If unchecked a user...

Страница 126: ...s policy 1 65535 snmpv3 In regards to the SNMP group name use the following command to display the SNMP VACM group access configuration The default SNMPv1 and SNMPv2c read group name is readgrp while...

Страница 127: ...nd HTTP The default SNMPv1 and SNMPv2c VACM read group name is readgrp while the default read write group is v1v2grp For this example we will simple use these VACM groups This can be verified using AC...

Страница 128: ...s policy 3 snmp group readgrp snmpv1 VSPswitch 1 config access policy 3 snmp group readgrp snmpv2c Step 4 Setup policy 4 to allow for read write to network 172 30 20 0 24 for telnet and HTTP services...

Страница 129: ...snmpv3 access policy 2 snmp group v1v2grp snmpv1 access policy 2 snmp group v1v2grp snmpv2c access policy 3 access policy 3 name policy3 network 172 0 0 0 8 access policy 3 snmpv3 access policy 3 snmp...

Страница 130: ...cyEnable true Mode allow Service snmpv3 Precedence 10 NetAddrType ipv4 NetAddr 0 0 0 0 NetMask 0 0 0 0 TrustedHostAddr 172 30 20 21 TrustedHostUserName none AccessLevel readOnly AccessStrict false Usa...

Страница 131: ...TrustedHostUserName none AccessLevel readWriteAll AccessStrict true Usage 7597 Step 3 Verify Access Policy Configuration VSPswitch 1 show access policy snmp group snmpv3 groups Policy 1 snmpv3 groups...

Страница 132: ...cess policy 3 o Limit Telnet access only to network 172 30 0 0 16 Step 1 Add SNMPv3 user VSPswitch 1 config load encryption module DES VSPswitch 1 config snmp server user user1 group group_1 md5 user1...

Страница 133: ...wa VSPswitch 1 config access policy 3 access strict VSPswitch 1 config access policy 3 ssh telnet Step 4 Enable access policies globally VSPswitch 1 config access policy If SNMPv3 access is denied eve...

Страница 134: ...cess policy 2 access strict access policy 2 snmpv3 access policy 2 snmp group group_1 usm access policy 3 access policy 3 name policy3 network 172 30 0 0 16 accesslevel rwa access policy 3 access stri...

Страница 135: ...0 0 0 0 NetMask 0 0 0 0 TrustedHostAddr 172 30 20 21 TrustedHostUserName none AccessLevel readWriteAll AccessStrict true Usage 0 Id 3 Name policy3 PolicyEnable true Mode allow Service telnet ssh Prece...

Страница 136: ...com March 2015 Step 3 Add SNMPv3 user VSPswitch 1 show access policy snmp group snmpv3 groups Policy 1 snmpv3 groups Group Name Snmp Model Policy 2 snmpv3 groups Group Name Snmp Model group_1 usm Pol...

Страница 137: ...ya Inc and are registered in the United States and other countries All trademarks identified by TM or SM are registered marks trademarks and service marks respectively of Avaya Inc All other trademark...

Результаты поиска

Содержание VSP 4000

Отзывы:

Похожие инструкции для VSP 4000

Бренды по названию

Популярные бренды

Avaya VSP 4000, Техническое конфигурационное руководство

Результаты поиска

Содержание VSP 4000

Отзывы:

Похожие инструкции для VSP 4000

Бренды по названию

Популярные бренды