Western Telematic RSM-16DC, RSM-32DC, RSM-8 manual Configuration

Page 49

Configuration

The IP Security Function employs a TCP Wrapper program which allows the use of standard, Linux operators, wild cards and net/mask pairs to create a host based access control list.

As shown in Figures 5.13 and 5.14, the IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists. Basically, when setting up IP Security, you must enter IP addresses for hosts you wish to allow in the Allow list, and addresses for hosts you wish to deny in the Deny list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can indicate specific addresses, or a range of addresses to be allowed or denied.

When the IP Security feature is properly enabled, and a client attempts to connect, the RSM will perform the following checks:

1.If the client’s IP address is found in the "hosts.allow" list, the client will be granted immediate access. Once an IP address is found in the Allow list, the RSM will not check the Deny list, and will assume you wish to allow that address to connect.

2.If the client’s IP address is not found in the Allow list, the RSM will then proceed to check the Deny list.

3.If the client’s IP Address is found in the Deny list, the client will not be allowed to connect.

4.If the client’s IP Address is not found in the Deny list, the client will be allowed to connect, even if the address was not found in the Allow list.

Notes:

If the RSM finds an IP Address in the Allow list, it will not check the Deny list, and will allow the client to connect.

If both the Allow and Deny lists are left blank, then the IP Security feature will be disabled, and all IP Addresses will be allowed to connect (providing that the proper password and/or SSH key is supplied.)

When the Allow and Deny lists are defined, the user is only allowed to specify the Client List; the Daemon List and Shell Command cannot be defined.

5.8.3.1. Adding IP Addresses to the Allow and Deny Lists

To add an IP Address to the Allow or Deny list, and begin configuring the IP Security feature, proceed as follows.

Notes:

Both the Allow and Deny list can include Linux operators, wild cards, and net/mask pairs.

In some cases, it is not necessary to enter all four "digits" of the IP Address. For example, if you wish to allow access to all IP addresses that begin with "192," then you would only need to enter "192."

The IP Security Configuration menu is only available when the Supervisor Mode is active.

5-30

Page 48 Page 50
Image 49
Page 48 Page 50
Contents RSM Series Secure Racking Shock Hazard Do Not Enter Lithium BatteryDisconnect Power Agency Approvals Table of Contents Configuration Table of Contents List of Figures Introduction Security and Collocation FeaturesIntelligent Port Selection Capture BufferRSM-8, RSM-16, RSM-16DC, RSM-32 and RSM-32DC Units Configuration BackupTypographic Conventions Bold FontFront Panel Unit DescriptionInstrument Back Panel Model RSM-8 Back Panel Power On/Off Switch Apply Power to the RSM Quick Hardware InstallationGetting Started Connect your Control Device to the RSMCommunicating with the RSM Port Status Screen Text Interface RSM-8 Shown Getting Started Connecting Power to the RSM Unit Hardware InstallationDC Powered Units Connecting Devices to the RSM Connecting the Network CableCommunicating with the RSM Unit ConfigurationText Interface Configuration Home Screen Web Browser Interface Web Browser InterfaceConfiguration Menus System SetUp PortsSystem Parameters Defining System ParametersConfiguration Real Time Clock and Calendar Invalid Access Lockout Feature Audit Log Callback Security Configuration Port Access Supervisor AccessUser Accounts Viewing User Accounts Managing User AccountsAdd User Menu Text Interface RSM-8 Shown Adding User AccountsConfiguration Deleting User Accounts Modifying User Accounts1. RS232 Port Modes RS232 Port ConfigurationPort Configuration Menu Text Interface Communication Settings 2. RS232 Port Configuration MenusGeneral Parameters AT&C1&D2S0=1&B1&H1&R2 Port Mode ParametersNetwork Services Configuring the Internal Modem Servers and Clients Network ConfigurationConfiguration 11 Network Parameters Menu Web Browser Interface Network Parameters12 Network Port Parameters Menu Web Browser Interface Network Port ParametersConfiguration IP Security IP SecurityConfiguration Configuration Net/Mask Pairs ExceptConfiguration 15 Static Route Menu Text Interface Static Route17 Nomain Name Server Menu Text Interface Domain Name ServerSnmp Parameters 19 Snmp Access Menu Text InterfaceConfiguration Ldap Ldap ParametersConfiguration Ldap Group Group Membership Value Type Default = DN25 Add Ldap Group Menu Text Interface RSM-8 Shown 27 View Ldap Group Menu Text Interface RSM-8 Shown 29 Modify Ldap Group Menu Text Interface RSM-8 Shown 31 Delete Ldap Group Menu Web Browser Interface 32 Ldap Kerberos Set Up Menu Text Interface Configuration 34 The Tacacs Parameters Menu Text Interface Tacacs ParametersConfiguration 36 The Radius Parameters Menu Text Interface Radius ParametersConfiguration 38 The Copy Port Parameters Menu CP 3,5,7-9 Enter Save User Selected ParametersStatus Screens Status Screens Port Status Screen /SPort Diagnostics Screen RSM-8 Shown Port Diagnostics Screen /SDPorttcp Portstatus Username Network Status Screen /SNPort Parameters Screen RS232 Port Shown Port Parameters Screens /WXx Enter Operation Any-to-Any ModePort Connection and Disconnection Operation Operation Enter 4 EnterHunt Group Example Defining Hunt GroupsPassive Mode Reading Data from Buffer Mode Ports Buffer ModePort Buffers Modem Mode Network Port Numbers Telnet & SSH FunctionsSSH Encryption Configuration Direct Connect FeatureStandard Telnet Protocol, SSH and Raw Socket Telnet & SSH Functions SSH Direct Connection with Password RSM-8 Standard Telnet Direct Connection without Password RSM-8RSM-16 & RSM-16DC RSM-32 & RSM-32DCRaw Socket Direct Connection without Password RSM-8 Raw Socket Direct Connection with Password RSM-8Connection Example Terminating a Direct Connect Session Configuration Syslog FeatureCriteria for Generating a Syslog Message Test Menu Text Interface, Supervisor Mode Only Testing Syslog Configuration10-1 Snmp TrapsSnmp Trap Message How and When Snmp Traps are SentSnmp Contact Optional Snmp Location Optional Testing the Snmp Trap Function Sending Parameters to a File Saving and Restoring Configuration ParametersRestoring Saved Parameters 12-1 Upgrading RSM Firmware12-2 Command Conventions Command Reference GuideCommand Summary Resident Disconnect Sequence Command SetAudit Log Format /C x x Enter ConnectCP Copy RS232 Port Parameters Format /CP EnterFormat /D/Y x x Enter Third Party Disconnect2 Enter or /D/Y 3 Enter Erase BufferSet System Parameters Reboot System DefaultHelp Display Site IDSet Network Port Parameters Send SSH KeySet RS232 Port Parameters SD Display Port Diagnostics PW Change PasswordRead Buffer Display Port StatusUL Unlock Port Invalid Access Lockout UF Upgrade FirmwareTest Test Network Parameters Save ParametersDisplay Port Parameters Who Exit Command ModeFormat /W x Enter Format /X EnterWhen not connected When connectedAppendix A. RS232 Port Interface RS232 Port Interface Connectors Appendix B. SpecificationsPhysical / Environmental Power Models RSM-32 and RSM-32DCAppendix C. Customer Service Trademarks Used in this Manual Trademark and Copyright InformationTacacs Dhcp IndexIndex-2 Index-3 Index-4
Top Page Image Contents