Changing the Admin password | Lucent Technologies 7820-0802-003

Performing Basic Configuration

Recommended basic security measures

Changing the Admin password

A user who knows the password to the Admin level can perform any operation on the

TAOS unit, including changing the configuration. The Admin password is set to Ascend by default. Lucent recommends that you assign a secret password immediately to prevent unauthorized users from gaining access to the unit by means of the default password.

Following is an example of changing the Admin password:

default> auth admin Password: Ascend

admin> read user admin

USER/admin read

admin> set password = secret

admin> write USER/admin written

Note that the Allow-Password permission is set to No in the Admin login. Although this setting protects the unit’s passwords, it also prevents the Save command from storing passwords in a configuration file. To save passwords in a configuration file, you can set Allow-Password to Yes in the Admin profile, or you can create another User profile for the purpose of backing up the unit and set Allow-Password to Yes in that profile.

Securing the serial port

By default, when users connect to the serial port on the shelf controller, they are logged in with the Admin User profile. To secure the serial port with a username and password, proceed as follows:

1Read the Serial profile:

admin> read serial { 1 17 2}

2Set the User profile to null: admin> set user =

3Set Auto-Logout to Yes:

admin> set auto-logout = yes

This setting automatically logs out the current User profile if the Data Terminal Ready signal (DTR) is lost on the serial port.

4Write the profile: admin> write

Now users connecting to the serial port must supply a valid username and password for access to the TAOS unit through the serial port.

Assigning a Telnet password

Lucent recommends that you assign a Telnet password, which can be up to 21 characters in length, to prevent unauthorized Telnet sessions. A user who opens a Telnet session to the TAOS unit is prompted to supply this password.

1-8	APX 8000/MAX TNT/DSLTNT Physical Interface Configuration Guide

Image 28

Lucent Technologies 7820-0802-003 manual Changing the Admin password, Securing the serial port, Assigning a Telnet password

Contents

APX 8000 /MAX TNT/DSLMAX Lucent Technologies Customer Service Advantage ServicesGathering information you will need Calling Lucent from within the United States Calling Lucent from outside the United States Other telephone numbersObtaining assistance through correspondence Contents Chapter Configuring the Thermal Profile for Fan Chapter Configuring MultiDSP Cards Chapter Configuring T1 FrameLine Cards Chapter Configuring Serial WAN Swan Cards Chapter Configuring OC3-ATM Cards Signaling System 7 SS7 18-1 Appendix a Figures Page Tables Page About This Guide What is in this guideWhat you should know Documentation conventions Documentation conventionsConvention Meaning Boldface mono Installation and basic configuration ConfigurationDocumentation set Documentation set Radius Taos Radius Guide and Reference Reference Performing Basic Configuration Introduction to basic configuration Introduction to basic configuration Section Description of task Related commands or parameters Connecting to a new unit Connecting to a new unitNew APX 8000 unit New MAX TNT or Dsltnt unit Admin ping Admin set ip-address = 10.2.3.4/24 admin write Setting the system date Setting the system nameSetting the log level Admin date Configuring a default gateway Configuring basic DNS informationConfiguring a default gateway Admin read ip-global Pinging the Taos unit from a local host Recommended basic security measuresPinging the Taos unit from a local host Host-1%ping Assigning a Telnet password Changing the Admin passwordSecuring the serial port Ignoring Icmp redirects Requiring acceptance of the pool addressDisabling directed broadcasts Configuring Snmp access to the unit Overview of Snmp security Setting community strings Setting up address securityAdmin set enabled = yes Enabling Snmp in the Taos unit Where to go next Where to go next Overview of redundancy operations Configuring Shelf-Controller Redundancy APXShelf-controller startup and primary election Normal operation Overview of redundancy operations Configuring the APX 8000 for shelf-controller redundancy Controller switchoverConfiguring the APX 8000 for shelf-controller redundancy Log messages Assigning the system IP address Examples of setting shelf-controller Ethernet IP addressAssigning an Ethernet IP address Defining the soft IP interface for fault tolerance Example of setting the soft IP address Physical interface profiles Configuring shelf-controller redundancyRedundancy profile Admin set primary-preference = right-controller-preferred Resetting shelf controllers and clearing controller Nvram Resetting the controllers Viewing controller up time Clearing Nvram Admin uptime -a Viewing controller status Setting up a trap to monitor the secondary controller Clearing the fatal-error history logPage Overview of the Thermal profile for fan tray operations Configuring the Thermal Profile for Fan Tray Operations APXParameter Specifies Example of configuring thermal controls Overview of the Thermal profile for fan tray operations Thermal alarms Related log messages Thermal status reporting Fanstatus commandThermal status reporting Thermalstatus command Admin thermalstatusPage Configuring Ethernet Cards Introduction to Ethernet slot cardsFull-duplex 10/100Mbps Ethernet-2 slot card Full-duplex 10/100Mbps Ethernet-3 slot card Overview of Ethernet configuration Understanding the Ethernet-related profilesUpgrading to the Ethernet-2 and Ethernet-3 slot cards Ethernet profile Configuring duplex mode on the 100Mbps Ethernet port Configuring duplex mode on the 100Mbps Ethernet portAdmin read ethernet 1 7 4 ETHERNET/ shelf-1slot-7 4 read Admin set duplex-mode = halfPage Configuring Series56 II III Modem and Hybrid Access Cards Overview of configuring modem cards Specifying modem negotiation settings Specifying modem negotiation settingsAdmin read terminal-server TERMINAL-SERVER read Description of task Section Associated parameters Configuring an additional AT answer string for modem calls Series56 II and III Call-Route profiles Admin callroute -dSeries56 II and III Call-Route profiles Hybrid Access card implementation Page Configuring MultiDSP Cards MAX TNT, APX Introduction to MultiDSP Port MultiDSP card Introduction to MultiDSP Supported MultiDSP services Card configuration constraintsData 110 PHS Voice over IP VoIP Displaying information about all installed cards Displaying information about an installed MultiDSP cardObtaining status information about a MultiDSP card Obtaining status information about a MultiDSP card Configuring a MultiDSP card Configuring a MultiDSP card Verifying that MultiDSP services are enabled Base profile parameter Value if supported Verifying call routes for MultiDSP services Admin dir call-r Call-Route-Type values for Description MultiDSP services About the Call-Route-Type parameter Adding an additional MultiDSP service Viewing call-routing database entries Admin slot -r 1 Page Configuring T1 Cards Introduction to T1 Nailed or unchannelized T1Channelized line-side vs. trunk-side T1 Introduction to T1 Overview of T1 configuration Overview of T1 configurationSection Description of task Associated parameters NFAS-ID Configuring T1 Cards Making a profile the working profile Admin read t1 1 2Making a profile the working profile Assigning names to T1 line profiles Admin read t1 1 12 0 admin set name = T1 TrunkAssigning names to T1 line profiles Configuring Isdn PRI signaling Admin set line enabled = yesEnabling a line Specifying the framing and encoding Configuring overlap receiving on PRI lines Configuring Isdn network-side emulationConfiguring Isdn network-side emulation Configuring overlap receiving on PRI lines Configuring inband robbed-bit signaling Configuring inband robbed-bit signaling Admin set robbed-bit-mode = wink-start Admin set signaling-mode = inbandAdmin set default call type = voice Configuring Nfas Configuring a single Nfas groupConfiguring multiple Nfas groups Configuring Nfas T1/ shelf-1 slot-2 2 read Configuring Isdn Nfas for Japanese switch types Admin read t1 1 5 Configuring clocking Configuring the front-end transceiverConfiguring clocking Admin set front-end-type = dsx admin set dsx-line-length = Configuring channel usage Configuring channel usage Assigning telephone numbers to switched channels Assigning telephone numbers to switched channelsAdmin list line channel Configuring trunk groups Admin set 13 phone =Admin set use-trunk-groups = yes admin write Read system Configuring nailed channels Configuring a back-to-back T1 connectionConfiguring nailed channels Admin set trunk-group = 4 admin write Specifying analog encoding for Taos unit codecs Configuring specialized optionsSpecifying analog encoding for Taos unit codecs Sample T1 configuration Sample T1 configurationAdmin set physical-address = 1 2 Admin list line-interface enabled = no Default Call-Route profiles Overview of supported features Configuring T1 FrameLine CardsIntroduction to T1 FrameLine Overview of T1 FrameLine configuration Overview of T1 FrameLine configurationFrame Relay Routing protocols Configuring the clock source Configuring the clock sourcePage Configuring E1 Cards Overview of E1 configuration Introduction to E1Isdn Primary Rate Interface PRI Nailed or unchannelized E1 Overview of E1 configuration Understanding configuration requirements Understanding configuration requirements Admin read e1 1 2 Assigning names to E1 line profiles Assigning names to E1 line profiles Configuring a back-to-back connection Admin read e1 1 12 0 admin set name = E1 TrunkAdmin set back-to-back = truefalse Specifying the framing Specifying E1 signaling Specifying E1 signalingAdmin set line frame-type = G7032DSD4esf Admin set line signaling-mode = signalingmode admin write Adminread e1 1 15 Adminlist line-interface Configuring E1 R1 signaling Configuring E1 R2 signalingConfiguring E1 R1 signaling Admin read e1 1 13 Configuring E1 R2 signaling Configuring Dpnss signaling Configuring Dpnss signaling Admin set loop-avoidance = Configuring the front-end E1 transceiverAdmin set front-end-type=short-haullong-haul Admin read system System read Admin set trunk-group = Admin list Admin read e1 1 1Admin set trunk-group = Admin set channel = nailed admin set nailed = 3 admin write Default Call-Route profiles Page Configuring E1 FrameLine Cards Introduction to E1 FrameLine Overview of E1 FrameLine configuration Overview of E1 FrameLine configuration Example E1 FrameLine configuration Administrative profiles for E1 FrameLine Administrative profiles for E1 FrameLine Administrative commands and status information Admin-State profileAdministrative commands and status information Device-State profile Configuring the clock source Overview of T3 configuration Configuring T3 CardsIntroduction to T3 Understanding T3 configuration requirements Understanding T3 configuration requirementsParameter Difference Understanding T3 slot card profiles T3 profileCall-Route profile Understanding T3 slot card profiles T1 profiles Assigning a name to a T3 profileAssigning a name to a T3 profile Admin read t3 1 12 0 admin set name = T3 Trunk Configuring the T3 physical linkAdmin read t3 1 2 Page Overview of Swan configuration Configuring Serial WAN Swan CardsIntroduction to Swan Understanding Swan card configuration requirements Understanding Swan card configuration requirementsElement Explanation Admin dir Swan Element Admin read Swan 1 12 0 admin set name = SWAN1 admin write Admin read Swan 1 2Admin set line nailed-group= Assigning a name to a Swan profile Adminread swan 1 13 Adminlist line-configAdminlist clocking Specifying the Swan internal clock speed Frame Relay configuration Frame Relay configurationAdminset divider=4 adminset exp=2 Supported features Configuring Unchannelized DS3 CardsIntroduction to unchannelized DS3 Overview of unchannelized DS3 configuration Using the UDS3 profileConfiguring the UDS3 physical link Overview of unchannelized DS3 configuration Admin read uds3 1 2 Configuring the UDS3 physical linkAdmin set name = uds3-LA admin set enabled = yes Page Configuring DS3-ATM Cards Overview of DS3-ATM settings Configuring DS3-ATM Cards Overview of DS3-ATM settings Configuring redundant cards Examples of DS3-ATM configurationsExamples of DS3-ATM configurations Looping back the line Overview of OC3-ATM settings Configuring OC3-ATM CardsIntroduction to OC3-ATM Configuring OC3-ATM Cards MAX TNT/DSLTNT Overview of OC3-ATM settings Using OC3-ATM ports as a clock source Using OC3-ATM ports as a clock source Example of an OC3-ATM configuration Example of an OC3-ATM configuration Configuring STM-0 Cards Introduction to STM-0 Using STM and T1 profiles Sample STM-0 configurationsExample of configuring an STM profile Admin read stm 1 7 1 STM/ shelf-1slot-7 1 read Example of configuring a T1 data trunk Sample STM-0 configurationsPage Introduction to DSL technologies Configuring DSL ConnectionsIdsl overview Wire gauge Upstream rate Downstream rate Distance Adsl overviewIntroduction to DSL technologies Upstream rate Downstream rate Distance Wire gauge AWG Data transfer rate Distance Sdsl overview Configuring switched connections DSL configurationDSL configuration Configuring nailed connections Configuring nailed connectionsAdmin read connection dslpipe-1 Admin set telco call-type = off Configuring data transfer rates Configuring data transfer rates for Adsl linesConfiguring data transfer rates Parameter Cards it applies to Configuring data transfer rates for Sdsl lines Admin read adsl-cap 2 3 2 ADSL-CAP/shelf-2slot-3 2 readAdmin set enabled=yes Admin list line-config Configuring per-session data transfer rates Adminread sdsl 2 1Adminset enabled=yes Admin set max-rate=1552000 Configuring per-session data rates using modem rate control Admin read conn adslpipe-1 Configuring per-session data rate limits Admin read connection sdsl-1 CONNECTION/sdsl-1 readAdmin set rx-data-rate-limit=64000 Admin set tx-data-rate-limit=64000 Configuring DSL Connections Dsltnt Configuring DSLPipe Plug and Play Configuring DSLPipe Plug and PlayHow Plug and Play works DSLPipe unit obtaining its configuration Plug and Play Dhcp server requirements This menu These are the defaults DSLPipe default configurationTftp server requirements Configuring the Dsltnt Configuring Bootp RelayConfiguring the Sdsl profile Admin list bootp-relay Configuring a Frame Relay profile Admin set link-type = dce Configuring Idsl voice connections Configuring a Connection profile Incoming calls Configuring the Idsl profileOutgoing calls Configuring a Connection profile for the remote device Configuring trunk groups Configuring the Configure profile Configuring the PipelineChan Usage=Switch/Switch My Num A=55105554444 Sample Frame Relay Idsl configuration Sample DSL configurationsSample DSL configurations Configuring the Dsltnt Admin set encapsulation-protocol=frame-relayAdmin set frame-relay-profile=idsltnt-fr Admin list .. telco-options Configuring the Frame Relay profile Admin read idsl 1 7 18 IDSL/ shelf-1slot-7 18 readAdmin set channel-usage = nailed-64-channel Admin set nailed-group = Configuring a static route to the gateway Configuring the PipelineChan Usage=Leased/Unused My Addr=192.1.2.1/24 Sample Adsl nailed PPP connection Configuring the Connection profileName=idsl-fr Configuring the Adsl profile List the IP-Options submenu admin list ip-options Configuring the DSLPipe My Addr=10.10.73.1/24 Rem Addr=104.178.115.163/24 Example Sdsl setup with interface-based routing Configuring the IP-Route profile Admin new ip-route sdsl-pipeline Configuring the Frame-Relay profile Configuring the DSLPipe-S Rem Addr=192.168.23.142/30FR Prof=Frame Relay LAN Adrs=192.168.23.142/30 Example Sdsl setup with system-based routing Name=Frame Relay Specify the encapsulation type as Frame Relay Configuring the Sdsl profile Rem Addr=192.168.215.135/24 Page Introduction to SS7 Signaling System 7 SS7Platform Ipdc Asgcp Q.931+ Taos unit as terminator of data calls in an SS7 network System requirements for SS7 operationsSystem requirements for SS7 operations Taos unit terminating voice and data calls in an SS7 network Configuring an SS7 signaling gateway Interface between a signaling gateway and Taos unitConfiguring an SS7 signaling gateway Continuity tests Parameter Configuring transport-layer options Specifying the SS7 control protocol System IP address considerations Operations. This parameter is currently not used Example of a basic configuration T1 lines as SS7 data trunks Example of configuring a T1 data trunk Example of configuring a T3 card for SS7 dataUsage for SS7 data trunks E1 lines as SS7 data trunks SS7 link establishment timer Bearer capability for SS7 calls using IpdcTwo-wire continuity check on T1 and E1 lines Incoming-Procedure Outgoing-Procedure Outgoing continuity tests on T1 and T3 Digital milliwatt tone support on T1 and T3Analog milliwatt tone and variable tone support Element Description When the unit reports VoIP statistics Reporting VoIP call statistics Statistics and error reporting on SS7 connections Ss7nmi debug-level commandCommand output when no errors are detected Admin ss7nmi -s Output field Description ASG Command output showing errors Cause codes for SS7 Asgcp calls to the Taos unit Cause codes for SS7 Asgcp calls to the Taos unitOutput field Ipdc generation of a globally unique call ID SS7 Ipdc support for call ID and disconnect cause codesGlobal-Call-ID parameter Start and Stop records Disconnect cause codesEvent Code Definition CUG Snmp support for SS7 Snmp support for SS7Event Code Definition Page Configuring Call Routing Network, host, and dual-purpose devices Understanding the call-routing database Understanding the call-routing databaseNetwork slot cards Host slot cards Dual-purpose slot cards Field Contains Modem usage and database sort order How call routes affect device usageField Hdlc channel usage and database sort order Shelfslotitemlogical item Call-Route profile settings Working with Call-Route profilesTrunk line usage and sort order Working with Call-Route profiles Trunk group 8 connecting to a Taos unit Outbound call routing by trunk group Multilink Frame Relay requirements with Hybrid Access Example with two E1 lines in an MFR bundle Concentrating multilink calls on one Hybrid Access card Example with six E1 lines in an MFR bundle Another way to route incoming calls deprecated Dedicating Series56 cards to modem processingEnabling Series56 cards to handle Hdlc processing Another way to route incoming calls deprecated Localization of call routes within a quadrant Call routing algorithmsCall routing algorithms How the system finds a route Matching call information to a database entry Details of how a route is chosen First pass trunk group numberSecond pass Isdn subaddresses Third pass telephone numbers Fifth pass source device addresses Fourth pass destination device addressesLast pass comparison routing type Configuring Call Routing Provisioning the switch for T1 access Provisioning the SwitchTranslation Optional or required What you need from your E1 service provider What you need from your T1 service providerWhat you need from your T1 service provider Index CASPage DNS DSL Page Idsl OC3-ATM PRI Page Phone numbers, 7-19trunk groups TCP/IP WAN