Western Telematic RSM-32DC, RSM-8, RSM-16DC manual Invalid Access Lockout Feature

Page 27

Configuration

Secondary NTP Address: Defines the IP address or domain name (up to 64 characters long) for the secondary, fallback NTP Server. (Default = undefined.)

NTP Timeout: The amount of time in seconds, that will elapse between each attempt to contact the NTP server. When the initial attempt is unsuccessful, the RSM will retry the connection four times. If neither the primary nor secondary NTP server responds, the RSM will wait 24 hours before attempting to contact the NTP server again. (Default = 3 Seconds.)

5.4.2.The Invalid Access Lockout Feature

When properly configured and enabled, the Invalid Access Lockout feature will watch all login attempts made at all RSM ports. If a given port exceeds the selected number of invalid attempts, then that port will be automatically disabled for a user-defined length of time. The Invalid Access Lockout feature uses three separate counters to track invalid access attempts:

Serial Port Counter: Counts invalid access attempts at each individual serial port. If the number of invalid attempts at a given port exceeds the user-defined Lockout Attempts value, then that port will be locked.

Raw Socket Counter: Counts invalid attempts to connect to a port via Raw Socket protocol. If the number of invalid attempts at a given port exceeds the user-defined Lockout Attempts value, then Raw Socket connections to that port will be locked.

Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access command mode via Telnet, SSH or Web Browser interface. If the number of cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then the Network Port will be locked.

Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout Duration period to elapse (after which, the RSM will automatically reactivate the port), or you can issue the /UL command (type /UL and press [Enter]) via the Text Interface to instantly unlock all RSM serial ports.

Notes:

Invalid Access Lockout parameters, defined via the System Parameters menu, will apply to all RSM serial ports.

When a Port is locked, an external modem connected to that port will not answer.

When a given RSM serial port is locked, the other RSM serial ports will remain unlocked, unless the Invalid Access Lockout feature has been triggered at those other ports.

If any one of the RSM’s logical network ports is locked, all other network connections to the unit will also be locked.

All invalid access attempts at the RSM Network Port are cumulative (the count for invalid access attempts is determined by the total number of all invalid attempts at all 64 logical network ports.) If a valid login name/password is entered at any of the logical network ports, then the count for all RSM logical network ports will be restarted.

A Port that has been locked by the Invalid Access Lockout feature will still respond to the ping command (providing that the ping command has not been disabled.)

5-8

Page 26 Page 28
Image 27
Page 26 Page 28
Contents RSM Series Secure Racking Shock Hazard Do Not Enter Lithium BatteryDisconnect Power Agency Approvals Table of Contents Configuration Table of Contents List of Figures Capture Buffer Security and Collocation FeaturesIntroduction Intelligent Port SelectionBold Font Configuration BackupRSM-8, RSM-16, RSM-16DC, RSM-32 and RSM-32DC Units Typographic ConventionsFront Panel Unit DescriptionInstrument Back Panel Model RSM-8 Back Panel Power On/Off Switch Connect your Control Device to the RSM Quick Hardware InstallationApply Power to the RSM Getting StartedCommunicating with the RSM Port Status Screen Text Interface RSM-8 Shown Getting Started Hardware Installation Connecting Power to the RSM UnitDC Powered Units Connecting Devices to the RSM Connecting the Network CableConfiguration Communicating with the RSM UnitText Interface Configuration Home Screen Web Browser Interface Web Browser InterfaceConfiguration Menus System SetUp PortsSystem Parameters Defining System ParametersConfiguration Real Time Clock and Calendar Invalid Access Lockout Feature Audit Log Callback Security Configuration Supervisor Access Port AccessUser Accounts Viewing User Accounts Managing User AccountsAdd User Menu Text Interface RSM-8 Shown Adding User AccountsConfiguration Deleting User Accounts Modifying User Accounts1. RS232 Port Modes RS232 Port ConfigurationPort Configuration Menu Text Interface Communication Settings 2. RS232 Port Configuration MenusGeneral Parameters AT&C1&D2S0=1&B1&H1&R2 Port Mode ParametersNetwork Services Configuring the Internal Modem Servers and Clients Network ConfigurationConfiguration 11 Network Parameters Menu Web Browser Interface Network Parameters12 Network Port Parameters Menu Web Browser Interface Network Port ParametersConfiguration IP Security IP SecurityConfiguration Configuration Net/Mask Pairs ExceptConfiguration 15 Static Route Menu Text Interface Static Route17 Nomain Name Server Menu Text Interface Domain Name ServerSnmp Parameters 19 Snmp Access Menu Text InterfaceConfiguration Ldap Ldap ParametersConfiguration Ldap Group Group Membership Value Type Default = DN25 Add Ldap Group Menu Text Interface RSM-8 Shown 27 View Ldap Group Menu Text Interface RSM-8 Shown 29 Modify Ldap Group Menu Text Interface RSM-8 Shown 31 Delete Ldap Group Menu Web Browser Interface 32 Ldap Kerberos Set Up Menu Text Interface Configuration 34 The Tacacs Parameters Menu Text Interface Tacacs ParametersConfiguration 36 The Radius Parameters Menu Text Interface Radius ParametersConfiguration 38 The Copy Port Parameters Menu CP 3,5,7-9 Enter Save User Selected ParametersStatus Screens Status Screens Port Status Screen /SPort Diagnostics Screen RSM-8 Shown Port Diagnostics Screen /SDPorttcp Portstatus Username Network Status Screen /SNPort Parameters Screen RS232 Port Shown Port Parameters Screens /WXx Enter Any-to-Any Mode OperationPort Connection and Disconnection Operation Operation Enter 4 EnterHunt Group Example Defining Hunt GroupsPassive Mode Reading Data from Buffer Mode Ports Buffer ModePort Buffers Modem Mode Telnet & SSH Functions Network Port NumbersSSH Encryption Direct Connect Feature ConfigurationStandard Telnet Protocol, SSH and Raw Socket Telnet & SSH Functions RSM-32 & RSM-32DC Standard Telnet Direct Connection without Password RSM-8SSH Direct Connection with Password RSM-8 RSM-16 & RSM-16DCRaw Socket Direct Connection with Password RSM-8 Raw Socket Direct Connection without Password RSM-8Connection Example Terminating a Direct Connect Session Configuration Syslog FeatureCriteria for Generating a Syslog Message Test Menu Text Interface, Supervisor Mode Only Testing Syslog Configuration10-1 Snmp TrapsHow and When Snmp Traps are Sent Snmp Trap MessageSnmp Contact Optional Snmp Location Optional Testing the Snmp Trap Function Sending Parameters to a File Saving and Restoring Configuration ParametersRestoring Saved Parameters 12-1 Upgrading RSM Firmware12-2 Command Conventions Command Reference GuideCommand Summary Command Set Resident Disconnect SequenceAudit Log Format /CP Enter ConnectFormat /C x x Enter CP Copy RS232 Port ParametersErase Buffer Third Party DisconnectFormat /D/Y x x Enter 2 Enter or /D/Y 3 EnterDisplay Site ID Reboot System DefaultSet System Parameters HelpSend SSH Key Set Network Port ParametersSet RS232 Port Parameters Display Port Status PW Change PasswordSD Display Port Diagnostics Read BufferSave Parameters UF Upgrade FirmwareUL Unlock Port Invalid Access Lockout Test Test Network ParametersFormat /X Enter Exit Command ModeDisplay Port Parameters Who Format /W x EnterWhen connected When not connectedAppendix A. RS232 Port Interface Models RSM-32 and RSM-32DC Appendix B. SpecificationsRS232 Port Interface Connectors Physical / Environmental PowerAppendix C. Customer Service Trademarks Used in this Manual Trademark and Copyright InformationTacacs Dhcp IndexIndex-2 Index-3 Index-4
Top Page Image Contents