Identifying AI232 Menu System Security Options | Kentrox instruction

AI232 Version 9.6x User’s Guide

AI232 Local Menu System: Identifying AI232 Menu System Security Options

Identifying AI232 Menu System Security Options

AI232 has a variety of security options, including:

zMultilevel User Name and Password Security

zRADIUS Authentication

zTACACS+ Authentication

zPPP Authentication Protocols (PAP and CHAP)

Multilevel User Name and Password Security

Up to 10 configurable user account profiles can be assigned to an AI232 user. Five system profiles are available for providing various levels of user access. For more information about user profiles, refer to command profile on page 1-103.

RADIUS Authentication

RADIUS authentication verifies user login information against valid user information in a database on a centralized RADIUS authentication server. A primary and secondary RADIUS server are configurable to provide secure access for an entire AI232 network. AI232 RADIUS authentication is available for Telnet, asynchronous, and synchronous ports. For more information on RADIUS authentication, refer to section RADIUS Configuration on page 1-19.

TACACS+ Authentication

TACACS+ authentication verifies user login information against the user’s permission level on a TACACS+ server. Up to 9 TACACS+ servers are configurable to provide secure access for an entire AI232 network. AI232 TACACS+ authentication is available for Telnet, asynchronous, and FTP connections. For more information on TACACS+ authentication and server configuration, refer to the following commands:

z aaa authen on page 8-7		z tacacs server on page 8-96
z aaa author on page 8-8		z tacacs server phase on page 8-98
z aaa fallback on page 8-10		z tacacs server ip on page 8-97
z	aaa timeout on page 8-19	z	tacacs server port on page 8-100
z	aaa ppp authen on page 8-11	z	tacacs server secret on page 8-101

3-2

Image 36

Kentrox manual Identifying AI232 Menu System Security Options, Multilevel User Name and Password Security

Contents

AI232 Port High Speed Asynchronous Line Card User’s Guide Page About this Document Document Conventions Tip Laser Danger Electrostatic Discharge Caution Ground Caution Proper Cooling Caution FCC Warning Customer Assistance Web Site SupportEmail Support Phone Support Table of Contents System Configuration Link Configuration Diagnostics for TID Multiplexing TID Multiplexing TOC-5 AI232 Commands AI232 Menu Aliases FTP Sessions Appendix a AI232 Crash Codes Product Description Features Standalone Configuration System Diagnostics AI232 Hardware Components Ports 25-32 Connector Ports 17-24 ConnectorPorts 9-16 Connector Ports 1-8 Connector Technical Specifications Component Description Specifications for DP232-19/23 Description SpecificationDistribution Panels Model DP232-19/23 Pin Assignments Signal DCD Installation Procedure Model DP232-RJ45Connect to the AI232 Ports Places Specifications for DP232-RJ45 Pin Signal Install the mounting flanges in the desired location Parts ListDescription Quantity Cable CAB467 Places DP232-RJ45 Typical Applications Asynchronous to TCP/IP Application Modem Multiplexer Application Illustrates a modem multiplexer application Using the AI198 Menu System Accessing the Menu System Navigating the Menu System Menu Numbering StructureTypes of Menu Items Submenus Toggles DataMenu re-appears with the entered IP address Functions Menu Item DescriptionsMenu Item Description Exiting the Menu System AI232 Local Menu System Multilevel User Name and Password Security Radius AuthenticationTACACS+ Authentication Identifying AI232 Menu System Security Options PPP Authentication Protocols PAP and Chap Using a Telnet Connection for Login Logging Into AI232 Using an Asynchronous Port for Login Consecutive failed login attempts Number of consecutive failed login attempts Accessing the Local Menu System Navigating the Local Menu System Identifying Types of Menu ItemsData Entry Items Direction Keys Toggle Items Accessing the Help Menu Send Exiting the Local Menu System Save the changes AI232 Version 9.6x User’s Guide System Configuration General System Properties Configuration Destination Menu Break SequenceDescription Format Configuration in the AI198 Menu System Menu Item Type Ethernet Port Settings Configuration in the AI232 Local Menu SystemToggle for both menu items FTP Port This menu item sets the FTP server port number IP Settings This example displays 16 FTP port number set to Menu Item Types Access the System Menu System PromptThis item sets the system prompt value in the CLI TCP Settings ToggleTo on Telnet Port This item sets the Telnet port value for AI232 This example displays Telnet Port set to Radius Configuration Server Settings Enabled To configure the shell/FTP Radius option Access Menu FALLBACK. The default is DisabledShell/FTP Options Enabled TACACS+ Configuration Shell/FTP Options 00049 Snmp Configuration Authentication TrapsAI232 Local Menu Item Configuration Community Names Data for all menu items Following example displays WriteComm Menu Contact Persons Node Information Snmp Manager 10.65.32.4 Static Route Configuration IP Address Settings TID to Modem Mux Configuration Inactivity TimeoutFollowing are available This example displays Inactivity Timeout set to Initialization String Port Bit Settings This example displays Init String set to conn23Toggle for all menu items TID to Route AI232 Local Menu Item Configuration Time Configuration Daylight Savings Time Sntp Settings SettingsAccess the Time Menu located under the System Menu Time Zone This following example displays AI232 Version 9.6x User’s Guide Link Configuration AI232 has 3 configurable link types AI232 Link TypesAsynchronous Asynchronous PPP Modem Multiplexer Connect Options Configuration Access Menu For 02 Alias, enter 2, and the alias nameAlias Link Type Availability Call Retry Interval This example displays 02 Alias set to async.4.1 Connect String This example displays 03 Call retry interval set to 00134 Connection Settings Connection settings are configured using three menu itemsDefault is OFF Is on 00030 Link Application Login Disconnect Options Configuration Disconnect Inactivity Timer SettingsDisconnect inactivity timer when the link receives a call Select on or OFF. The default is on This example displays Off. The default is On This example displaysIs Off Disconnect Settings Disconnect settings are configured using two menu itemsDefault is on Disconnect String Disconnect General Link Properties Configuration Auto Disable Error LimitAsync, AsyncPPP, and ModMux Flow Control Access the Link Menu Link DescriptionThis example displays SW Flow Control set to XonXoff This menu item defines a description for a link Link Number This menu item enables or disables a link Link StateThis example displays 01 Link number set to This example displays Link state set to Disabled Link Type Port Data Bits Async and AsyncPPP Port Parity This example displays Port data bits set to Seven Port Speed This example displays Port parity set to OddThis menu item defines the baud rate for a port Data in the AI232 local menu system Menu 4.2.14.12.5 appears Port Stop Bits Xon Repeat Interval This example displays 10 Xon Repeat interval set to General PPP Properties Configuration Ipcp Address SettingsFollowing menu items are available for PPP configuration AsyncPPP and ModMux Ipcp Address Parameters Maximum Unit Settings Set to Network Control Protocol For an Ipcp network control protocol Ipcp Modem Option Configuration Modem String Dialing Time-out Interval Number of Dial Attempts This example displays Dialing time-outset to Modem Setup Menu This example displays Number of dial attempts set to PPP Authentication Configuration Local Authentication Settings PAP RAS Option This example displays RAS Option set to RADIUS/Fallback Remote Authentication Settings Chap RTS/DTR Lead Control Configuration DTR State Configuration RTS State Configuration Flow Control DTR connect state Off DTR disconnect state TID Multiplexing Overview AI232 Version 9.6x User’s Guide TID Multiplexing Configuration Configuring the Parent AliasMenu appears Values are 1 to Destination Configuring the Children Aliases TidforAI232 Defines the terminal identifier for AI232 During the parent alias configuration TIDtid Example Configurations For Alias name, enterSecond child connection YES Alias Edit Menu Alias Name 172.16.30.61#6001 PARENT1.1 Alias Edit Menu Alias Name TID Multiplexing Troubleshooting ParametersNormal Response Format Response Item Description Error Response Format Normal Response Example Diagnostics for TID Multiplexing Error Response ExampleErrcde AI232 Version 9.6x User’s Guide Alias and Call Routing Configuration Downstream Incoming Outgoing Asynchronous TCP/IP CallCallAI232 Card B IP address Upstream AI232 Version 9.6x User’s Guide Configuring an Alias Configuring an Alias in the AI198 Menu SystemCall Routing AI232 Version 9.6x User’s Guide AI232 Version 9.6x User’s Guide Configuring an Alias in the AI232 Menu System For Display Alias in Destination Menu, select Yes or No Source/Destination Protocol Tables Source Destination Menu Item Information SourceMenu Item Information TCP/IP Source Without Telnet Breaks AI198 TCP/IP Source With Telnet Breaks AI198Async with Async break Asynchronous Source Without Breaks AI232 Asynchronous Source With Breaks AI232Telnet break Example asy.3 TCP/IP Source Without Telnet Breaks AI232 TCP/IP Source With Telnet Breaks AI232 Protocol Processing Modules Module Types Return followed by a line feed To zero, this option is turned off Specify up to 16 charactersCharacters. The packet module accepts only one -S parameter Provides TL1 packetizing and sets the packetizing timer to SecondsFeed and delete Provides TL1 packetizing and prevents breaks from passing Echo 1 when the connection is initiated. Initiates will SGA Provides Telnet handling, but prevents breaks from beingPropagated upstream Echo and will SGA Start Symbols Alias MacrosAlias Macro Components Comments ConstantsVariables Variable Value Wildcard Symbols OperatorsOperator Description Alias Macro Function Description of Operation Match any of the expressions, then default is Greater than the length of string, the functionReturns the entire string Returns the length of string Alias Macro Configuration Configuration Examples =LA,PA,’#’,1-1=MYIP1 AI232 Version 9.6x User’s Guide AI232 Commands Commands Overview Shell CommandsShell Connections Establishing a Local Shell Connection Winslc Commands Displaying winslc Command LoggingEstablishing a Remote Shell Connection Using winslc Commands Log/Alarm Message HeaderHeader Element Description Introduces the log/alarm message Specifies the current dateSpecifies the message severity level Specifies the line card baseport number Command Type Command DefaultsAaa account Formats Enables TACACS+ authentication Disables TACACS+ authenticationAaa authen Connections Aaa author Priv-lvl Aaa chpass Enabled TACACS+ fallback Aaa fallbackThis example displays the disabling of TACACS+ fallback Disables TACACS+ authentication Enables TACACS+ authentication with no fallbackEnables TACACS+ authentication with fallback Disabled all links No associations configured Aaa profileProfile. Individual values are separated by commas , Specifies the name of an existing profile Aaa profile 2 newprof1 Aaa retry Made. Valid values are 1 toConnection attempt Aaa stats Display Item Description Displays the number of TACACS+ authorization Displays the number of failed TACACS+ authorizationAuthorization instead of the TACACS+ server Where AI232’s system log was used for accounting Aaa summary Displays the status of FTP access as AAA TACACS+ Displays the TACACS+ authorization method for the AI232Per-command based on per-command request/reply handling Displays the TACACS+ accounting status of user login events Aaa timeout TACACS+ server when a connection attempt is made. ValidResets the timeout value to its default Values are 1 to Alarm Command Type shell Formats This example displays all system alarms in group links This example displays alarms for links 5-8in group links This example displays all alarms by severity level This example displays the unmasking of alarm group links Command Types Arp Column Description 172.16.30.117 Break 232break 10.40.5.11#1821 Breaking connection 10.40.5.11#1821 Creset To reset error counters for links 1, 2,Reset error counters for links 1 Example, 1,2-3 to reset error counters for links 1, 2, Date Debug This example displays the enabling of all debug data logging This command deletes a specified file that resides on AI232 DeleteFilename Defines the name of the file to delete This example displays the deletion of file log.txt Diag-conn This option prompts for the ID of the connection to view Displays details for that connectionPattern 1, Logic 2, and Pattern 3 are evaluated before Logic 4 and Pattern 5 are considered Using Interpretation Mode Diag-eth Using the Help Option Following formats apply to filters Adds a filterDeletes a filter Defines the source address MAC, IP, or TCP/UDP MAC/IP address settings Defines the TCP/UDP port number regardlessAdds or deletes a specific protocol filter. Available Protocol filters are This example displays Ethernet diagnostic help information Ijkl FF FC This example displays the deletion of filter protocol tcp This example displays the deletion of all filters Diag-info Last reset Displays the name of the Streams resourceDisplays the number of free or available Streams resources Display Connection to be enabled Displays the link numberDisplays the state of the driver. Two states are available Specifies that the link is not established Had CRC errors Displays the number of frame length violationsReceived packets Displays the number of short received frames Displays the number of frames received on ConnectionDisplays the number of bytes received on Displays the number of times transmitted frames Does not indicate an error Displays the number of transmit errors that have occurredDisplays the number of frames received on the connection Displays the number of bytes received on the connection Errors Displays the number of alignment errorsExcessive deferral timer is exceeded. An excessive deferral Error is recorded when the following events occur Ethernet interface needs to be reset Displays the current state of the Ethernet interface.Following values may appear Ethernet interface is uninitialized Diag-line Option Function Diag-line Only present in data packets, then the data byte count is Displayed as Ascii String Diag-tconn Baseport Defines the baseport number for AI232 Dir This example displays all available files Exit This example displays an exit from the current shell session This command displays the first few lines of a file Defines the number of lines to display. The default isHead Defines the name of the file to display This example displays a list of all available commands This example displays help information for command showHelp This command displays the current user name and profile Formats ExamplesThis example displays the current user name and profile This example displays the configured IP address information Ip init Enter IP Address Range default 1 Setting range to 232 Enables the serial links Disables the serial linksLink Restarts the serial links This example displays the starting of links 1 through 4 This example displays the stopping of links 6 This command turns the display of log messages on or off Log This command closes a shell session LogoutThis example displays the closing of a shell session This command displays a list of available files This command accesses the AI232 main menu system MenuThis example displays the AI232 Main Menu Modmux Displays the phone number that was dialed More 232more log.txt This command forces AI232 to crash dump and halt PanicWinslc Baseport Defines the AI232 baseport number This command changes an existing user’s password Passwd Ping Pppstatus Displays one of the following IP address of AI232 if the link status is Running Profile Adds commands to a profile and optionally adds write Defines the name of a command to associate with a userAdds write permission for a command that otherwise would Deletes commands from a user profile Pvclist This example displays PVC information for link Column Description Reset This command resets AI232This example displays the resetting of AI232 Ipaddress Defines the IP address of the default router Router Usage Notes Configuration file Specifies the option that deletes a configuration fileSelcnf Extension PDisplays the content of the file one page at a time Sholog Show Displays the default and backup gateway IP address Displays the IP address, subnet mask, and high IP addressDisplays the version number of AI232 Displays the date and time This command displays the status of the EIA leads StaeiaLead is negated DCD This example displays the current standalone mode status Standalone Staslc Is asserted and means the signal is negated Displays the number of parity errorsDisplays the number of framing errors Displays the number of overrun errors Syncflash Tacacs info Tacacs server Tacacs server ip Specifies a server number or range of server numbers. ValidDefines the server IP address 0.0 Tacacs server phase Tacacs server phase 1-5,8 disable account Tacacs server port Defines the TCP port number for the TACACS+ servers. ValidValues are 1 through TCP port No secret configured Tacacs server secret Associated servers are enabled + or disabled Tacacs server summaryDisplays the server numbers. The +/ signs indicate if Displays the TACACS+ shared secrets passwords for specified Tacacs sholog This example displays a TACACS+ debug log file Tacacs stats Displays the number of errors that occurred when AI232 When AI232 attempted to read a packet from the TACACS+Were received when AI232 attempted to read them from Server that had a sequence number that was out of order This command displays the last few lines of a file TailSpecifies that a line number value will be entered This example displays the last 20 lines of file log.txt Default is Tcpoutconn Telnet This example changes the telnet port to port Tftp Downloads a file from the Tftp serverUploads a file to the Tftp server Defines the IP address of the Tftp server to which the file Defines the name of the source file after it has been File name is specified, the file will have the same name asSource file Special characters Tftpboot 113 Timezone 115 Defines the file for which you want to view the contents TypeDisplays text from the file one page at a time Update Defines the source file to copy Uptime Useradd Profilename Permission Specifies a user who can login into AI232 and access Retrieve status or to change the configurationDestination at login. The destination is specified when Permission is assigned Userdel Users Who Xon-interval Is 1 to 120 seconds AI232 Crash Codes This appendix provides information about AI232 crash codes Error Code Description Hexadecimal Decimal Crash CodesCommon Crash Codes AI232 Crash Codes System Failure Crash Reports Kentrox Technical Support AI232 Version 9.6x User’s Guide Standalone Mode and Switch Mode Standalone Mode Downloading Software for a Standalone AI232At the FTP prompt, open AI232 Transfer the software image to AI232 Configuring BOOTP/TFTP Switch Mode Downloading Software for AI232 in Switch ModeAt the FTP prompt, open AI198 Transfer the software image to AI198 Winslc baseport update AI232 Version 9.6x User’s Guide Commands for AI232 TACACS+ Server Enhancements AI232 Commands Following keyword lets users access destinations AI232 Menu Aliases Menu Menulink Following AI232 keywords apply to FTP access Provides FTP read accessFTP Sessions Acronym Meaning Command and Control Interface Challenge-Handshake Authentication ProtocolCommand Line Interface Border Gateway Protocol Channel Service Unit Dynamic Host Configuration ProtocolDomain Name Service Digital Service Unit File Transfer, Access, and Management End SystemElectrostatic Discharge End System to Intermediate System Integrated Services Digital Network Internet Service ProviderLink Access Protocol Balanced Link State Update Nonservice Affecting Network Service Access PointOperations, Administration, Maintenance, and Provisioning Multimode Fiber Optic Cable Password Authentication Protocol Private ID or passwordPlain Old Telephone Service QoS Quality of Service Remote Network Monitoring Specification Serial Alarm ModuleService Advertisement Protocol Switching Center Control System Switched Virtual Connection Terminal Access Controller Access SystemTID Address Resolution Protocol Time Division Multiple Access XML Key Management Specification Xerox Network ServicesUnshielded Twisted Pair Virtual Channel