2-124Operation, administration, and maintenance (OAM) features

Note 4: Because of the power granted by the Challenge / Response Authentication Protocol, the local shared secret must be kept secure and must not be lost. There is no way to recuperate or change a lost local shared secret. If the local shared secret is lost, contact your Nortel Networks support group.

Note 5: If the response for a challenge-response login includes lowercase characters, you must enter the response in double quotes (“) when you log in through TL1.

Note 6: The default local shared secret is ‘nortelnetworks’ (all in lower case). The local shared secret can be provisioned through Site Manager or TL1 and must be between 8 and 20 alphanumeric characters. To maintain case sensitivity when you provision the secret through TL1, you must enclose the secret in double quotes (“). The double quotes are not included in the length of the secret.

CAUTION

Risk of unauthorized access

Be sure to change the default local shared secret to something only the administrative-level user knows.

Centralized Security Administration (CSA)

OPTera Metro 3500 Release 11.0 introduced a new centralized authentication mechanism that provided additional security when accessing OPTera Metro 3500 network elements and network processors.

System administrators can provision access to be based on any one of three methods:

Centralized user administration and authentication through RADIUS

Local account user authentication

Local ‘challenge-response’ user authentication

Note: Local account user authentication and RADIUS authentication require a user identifier and password. See Password management on page 2-135for information on password restrictions.

For information about enhanced security logs, see TL1 event / log feature on page 2-173.

OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004

Page 162
Image 162
Nortel Networks NTRN10AN, 3500 manual Centralized Security Administration CSA, Risk of unauthorized access