Chapter 1 Controlling CSS Access

Controlling Administrative Access to the CSS

Controlling Administrative Access to the CSS

CSS access through a console, FTP, SSH, SNMP, and Telnet is enabled by default. The CSS supports a maximum of four FTP sessions and a maximum of four Telnet sessions. Use the restrict and no restrict commands to enable or disable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure XML, and web management data transfer to the CSS.

Specifying the restrict command does not prevent the CSS from listening for connection attempts on the restricted port. For TCP connections, the CSS completes the TCP 3-way handshake, then terminates the connection with an error to prevent any data transfer from occurring. For UDP SNMP connections, the CSS simply discards the packets.

To secure restricted ports from unauthorized access, configure ACL clauses to deny packets destined to these ports, while permitting normal traffic to flow through the CSS. You can also use ACLs to secure the CSS itself. See the “Controlling CSS Network Traffic Through Access Control Lists” section for information about configuring ACLs for the CSS.

Enabling Administrative Access to the CSS

To enable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure XML, and web management access to the CSS, use the following no restrict commands:

no restrict console - Enables console access to the CSS (enabled by default).

no restrict ftp - Enables FTP access to the CSS (enabled by default).

no restrict ssh - Enables SSH access to the CSS (enabled by default).

no restrict snmp - Enables SNMP access to the CSS (enabled by default).

no restrict telnet - Enables Telnet access to the CSS (enabled by default).

no restrict user-database- Enables users to clear the running-config file and create or modify usernames. Only administrator and technician users can perform these tasks (enabled by default).

no restrict secure-xml- Enables the transfer of XML configuration files to the CSS through secure HTTPS SSL connections (disabled by default).

 

Cisco Content Services Switch Security Configuration Guide

1-10

OL-5650-02

Page 34
Image 34
Cisco Systems OL-5650-02 manual Controlling Administrative Access to the CSS, Enabling Administrative Access to the CSS