Chapter 5: CPS Appliance Commands

57

 

 

Server Security command

The Server Security command specifies the authentication method, enables/disables access methods and enables/disables security lock-out. For more information, see Using Authentication Methods on page 24, Enabling plain text Telnet and SSH connections on page 19 and Using security lock-outon page 27.

When you enter this command, you are prompted to confirm or cancel the specified information.

Access right: SCON

Access level: APPLIANCEADMIN

Syntax

SERVER SECURITY [AUTHENTICATION=<auth>] [ENCRYPT=<conns>] [DSMODE=SECURETRUSTALL] [DSCLEAR] [LOCKOUT=<hours>]

Table 5.16: Server Security Command Parameters

Parameter

Description

 

 

 

Authentication method. Multiple values may be specified, separated by commas.

 

Valid values are:

 

DS

Use DSView software server(s) for authentication.

AUTHENTICATION=

LOCAL

Use the local CPS user database to authenticate users.

<auth>

RADIUS

Use the previously defined RADIUS server(s) to authenticate users.

 

NONE

Do not authenticate users. This method cannot be used when SSH access

 

 

is enabled, and it cannot be combined with other authentication methods.

 

Default = LOCAL,DS

 

 

 

Enables/disables plain text Telnet or SSH connections. To enable both, specify both

 

values, separated by a comma. Valid values are:

ENCRYPT=<conns>

SSH

Enables SSH connections.

 

None

Enables plain text Telnet connections.

 

Default = None

 

 

 

Specifies the mode when DSView software authentication is used. Secure indicates

DSMODE=SECURE

authentication will be locked to one DSView software server after initial access, and

DSView software server and appliance credentials will be stored. Trustall indicates

TRUSTALL

that any DSView software server may be used for authentication, and DSView

 

 

software server credentials will not be stored or validated.

 

 

DSCLEAR

Clears any stored credentials used by the DSView software, including the

DSMode setting.

 

 

 

 

Enables or disables security lock-out. To enable, specify the number of hours in the

LOCKOUT=<hours>

lock-out period, in the range 1-99. To disable, specify a zero value.

 

Default = 0 (disabled)

 

 

 

Server Set command

The Server Set command changes CPS appliance address information. You may specify one, two or all three parameters. A reboot is required if you change the IP address.