Chapter 5 Security

User Privileges and Policies

5.2.2.1 Superuser Privileges for Provisioning Users

Superusers can grant permission to Provisioning users to perform a set of tasks. The tasks include retrieving an audit log, restoring a database, clearing performance monitoring (PM) parameters, and activating and reverting software loads. These privileges, except the PM clearing privilege, can only be granted using CTC network element (NE) defaults. See Appendix C, “Network Element Defaults” for more information. To grant the PM clearing privilege using CTC, click the Provisioning > Security > Access tabs. For more information about setting up Superuser privileges, refer to the “Change Node Settings” chapter in the Cisco ONS 15310-MA SDH Procedure Guide.

5.2.2.2 Idle User Timeout

Each ONS 15310-MA SDH CTC or TL1 user can be idle during his or her login session for a specified amount of time before the CTC window is locked. A lockout prevents unauthorized users from making changes. Higher-level users have shorter default idle periods and lower-level users have longer or unlimited default idle periods, as shown in Table 5-3. The user idle period can be modified by a Superuser; refer to the “Change Node Settings” chapter in the Cisco ONS 15310-MA SDH Procedure Guide for instructions.

Table 5-3

Default User Idle Times

 

 

 

Security Level

 

Idle Time

 

 

 

Superuser

 

15 minutes

 

 

 

Provisioning

 

30 minutes

 

 

 

Maintenance

 

60 minutes

 

 

 

Retrieve

 

Unlimited

 

 

 

5.2.2.3 User Password, Login, and Access Policies

Superusers can view real-time lists of users who are logged in via CTC or TL1 for each node. Superusers can also provision the following password, login, and node access policies:

Password length, expiration and reuse—Superusers can configure the password length using NE defaults. The password length, by default, is set to a minimum of six and a maximum of 20 characters. You can configure the default values in CTC node view using the Provisioning > NE Defaults > Node > security > password Complexity tabs. The minimum length can be set to eight, ten, or twelve characters, and the maximum length to 80 characters. The password must be a combination of alphanumeric (a-z, A-Z, 0-9) and special (+, #,%) characters, where at least two characters are nonalphabetic and at least one character is a special character. Superusers can specify when users must change their passwords and how frequently passwords can be reused.

Login attempts and locking out users—Superusers can specify the maximum number of times that a user can unsuccessfully attempt to log in before being locked out of CTC. Superusers can also provision the length of time before the lockout is removed.

Disabling users—Superusers can provision the length of time before inactive user IDs are disabled.

Node access and user sessionsSuperusers can limit the number of CTC sessions one user can have, and they can prohibit access to the ONS 15310-MA SDH using the LAN connection.

Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2

5-6

78-19417-01

 

 

Page 111 Page 113
Page 112
Image 112
Cisco Systems 15310-MA manual Superuser Privileges for Provisioning Users, Idle User Timeout, Idle Time
Page 111 Page 113

15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.
Top Page Image Contents