Manuals / Nortel Networks / Computer Equipment / Server

Nortel Networks 3500, NTRN10AN Password management, Logical flow of intrusion attempt handling

Models: 3500 NTRN10AN

1 342

Download 342 pages 27.69 Kb

Page 173

Operation, administration, and maintenance (OAM) features 2-135

Figure 2-42

Logical flow of intrusion attempt handling

EX1098p

Login

Denied

	Login Attempt


	Is Port		Yes
	Locked Out ?		Yes
	Locked Out ?

Reject

Login

No

Is	Yes
Login Valid ?
Login Valid ?

No

Increment Login Counter

Reset Login

Counter

Is		Yes		- Add to Lockout List
Counter at Max ?		Yes		- Raise Alarm
Counter at Max ?				- Raise Alarm
				- Start Lockout Timer
	No
	No

Password management

Password restrictions

For the OPTera Metro 3500 network element, use a password identifier (PID) to activate a user login session to the user-ID (UID) specified, or to change the current PID. The PID is a confidential code to qualify the authorized system user’s access to the account specified by a UID. PIDs are between 8 and 10 characters in length with a combination of alphanumeric (A-Z, 0-9) and special characters. The following special characters are supported for the password:

! ” # $ % ’ () * + - . / < = > @ [ ] ^ _ ‘{} ~

See Enhanced password restrictions on page 2-136for password restrictions.

The following characters are not supported for the PID:

•semicolon (;)

•colon(:)

•ampersand (&)

•comma (,)

•all control characters

Planning and Ordering Guide—Part 1 of 2 NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004

Image 173

Nortel Networks 3500, NTRN10AN manual Password management, Logical flow of intrusion attempt handling, Password restrictions

Contents

OPTera Metro 3500 Multiservice Platform Copyright  2000-2004 Nortel Networks, All Rights Reserved Contents Iv Contents Contents Hardware feature descriptions Contents Page Supported software StandardsAudience Supported hardwareHardware naming conventions NTRN16AA OPTera Metro 3500 NTP libraryGlobal software upgrade support North America For non-service-affecting problems North AmericaTechnical support and information InternationalNetwork element overview OverviewLoam Loam Release 12.1 features In-service reconfigurations Dwdm DS3 ServicesDS1 8Overview Overview Performance monitoring Security and administration Bandwidth management Miscellaneous Blsr14Overview Overview Platforms with STX VTX-series Circuit packs Release 12.1 Hardware Compatibility MatrixOC-3x4 Yes 18Overview Supported configurations Upsr Linear Spur OC-48 OC-3 Requires dual slot circuit OC-12 Pack 22Overview VTX-48e Linear pt-to-pt or OC-12 ADM chain OC-3 24Overview Interworking Supported upgrade paths New or enhanced OAM features in OPTera Metro 3500 Release Operation, administration, and maintenance OAM featuresOPTera Metro 3500 OAM features Gigabit Ethernet Drop and Continue P2P Gigabit Ethernet drop and continue applicationEngineering rules Alarm provisioningAlarm flow control External controls Environmental alarmsBandwidth management Tributary, DWDM, BLSR, UPSR, and 1+1 linear point-to-point Connection editing In-service traffic rolloverBlsr networks 2-fiber Switching matrixOPTera Metro STS or 5376 VTProtection User-initiated Blsr switching commandsAutomatically initiated Blsr switching requests ’Infinite wait-to-restore’ parameterBlsr single span fiber cut scenario Blsr Line Protection Oscillation ControlBlsr single span Fiber cut example Step Action Node status ’Bridged and Switched’ 16Operation, administration, and maintenance OAM features UEQ Blsr ring switch example18Operation, administration, and maintenance OAM features Node 1 and 2 state change detail Idle State 20Operation, administration, and maintenance OAM features EX1242p 22Operation, administration, and maintenance OAM features State Protection traffic 24Operation, administration, and maintenance OAM features Blsr nodal / multi-span failure scenario involves squelching 26Operation, administration, and maintenance OAM features C-B OC-48 Blsr node failure exampleA-B OC-192 Blsr node failure example STS paths and squelch map for a four-node 2-Fiber Blsr ring Blsr configurationsBlsr configuration attributes Blsr configuration audit Blsr configuration and connection auditBlsr configuration distribution STS Blsr with VT assignment Traffic flow over OC-48 BlsrBlsr connection audit Traffic flow over OC-192 Blsr VT Blsr with full VT accessNetwork Element a DS1 add/drop OC-48/OC-192 Blsr provisioning rules Rule # Description Provisioning rulesRisk of traffic loss OC-48/OC-192 Blsr provisioning rules 36Operation, administration, and maintenance OAM features EX1294p 38Operation, administration, and maintenance OAM features West optics East optics IPTR-3 IPTR-2IPTR-4 IPTR-1RPR over a Blsr and subtending Upsr example Upsr #2 Upsr #1OAM supported on Blsr Common Language Location Identifier Channelized DS3 service DS3VTx12 mapperChanging the Blsr configuration / connection audit period Consolidated load Connection IDDense wavelength division multiplexing Dwdm Band OPTera Metro 3500 bandsOMX module OPTera Metro 3500 and OMX interconnect Network sitesPhysical connections in a hubbed-ring configuration Dwdm configurationsHubbed-ring configuration 3500 3500 Logical connections in a hubbed-ring configuration3500 Meshed-ring configuration 3500 Physical connections in a meshed-ring configuration3500 Logical connections in a meshed-ring configuration Linear point-to-point Dwdm point-to-point configurationPhysical Connections 3500 3500 Logical ConnectionsLoopbacks Facility attributesTerminal loopback Facility loopbackOptical facility loopbacks Optical loopbackElectrical Loopback types OOS Facility loopbackAIS Optical terminal loopbacksOperation, administration, and maintenance OAM features 2x100BT-P2P loopback conditioning Network surveillanceExtended network processor NPx Single-ended Tbos Telemetry byte-oriented serial TbosTbos report format Remote alarm LED indicatorPath trace Section trace TID address resolution protocol TarpOPTera Packet Edge System Resilient Packet Ring Ethernet ConnectorsResilient packet ring shelf level Resilient packet ring RPR object64Operation, administration, and maintenance OAM features Traps RPR configuration alertAuto save notification 2x100BT-P2P circuit pack NNI Filters increased toPPP and Hdlc PPP over SonetHdlc STS1/3C PPP/BCP 2x100BT-P2P circuit pack model2x100BT-P2P logical datapath overview Network protection using UPSR, 1+1 linear and BlsrBridge Control Protocol Ethernet Operational Measurements Oamp supportOperation, administration, and maintenance OAM features TDIs on a mapped UNI Distributed multilink trunkingBandwidth Reservation Protocol BRP 2xGigE/FC-P2P circuit pack Optical Ethernet Private Line OE-PL and Storage applicationsSDH Alarm managementEquipment alarms 76Operation, administration, and maintenance OAM features Ingress LAN port alarms Small Form Factor Pluggables SFP alarmsFor Fibre Channel facilities, this alarm Ingress LAN port alarms Alarm Description SeverityFor Fibre Channel facilities , this alarm Egress WAN port and service alarms LAN Ingress AlarmsLAN WAN LAN GFP VcatSUBRATE=DISABLE 82Operation, administration, and maintenance OAM features Client Service Mismatch Contiguous concatenation Bandwidth managementLanwan Virtual concatenation Facility attributesEngineering rules Ethernet facility86Operation, administration, and maintenance OAM features MTU Fibre Channel facility88Operation, administration, and maintenance OAM features STS12C, STS24C Provunits WAN facilityWAN GFP Supported on 2xGigE/FC-P2P Outframesdiscds Supported on 2xGigE/FC-P2P circuit PackAlignerr 94Operation, administration, and maintenance OAM features Fibre Channel Extended Reach Performance MonitoringSES INFRAMESERR/INFRAME Inoctetserr UASStorage over Sonet GFP and Flow Control Enable Distance Extension See Note 60950 91430 182860 Generic Framing Procedure and Virtual Concatenation supportGeneric Framing Procedure GFP GFP FCS GFP EncapsulationEfficiency Rate Virtual Concatenation VcatSonet line, section, and path parameters Optical interoperability of OPTera MetroPerformance monitoring User defined default threshold values facility type Hard-coded default threshold values facility typeThreshold values User defined threshold values facilityLine Path SES-P ES-PES-PFE SEFS-PFE SES-PFESAS-P SEFS-PFC-PFE FC-POperation, administration, and maintenance OAM features Retrieving performance monitoring counts Physical PMs NTN445CB NTN408DANTN445DA NTN445JAStorage and retrieval of physical PMs Resetting registers and invalid data flagTCAs TCA summary alarmsPerformance monitoring threshold crossing alerts TCA Alarms Site Manager support Preside Software Upgrade Management supportSite Manager main window Preside Applications Platform and Multiservice MOA supportProtection switching Protection hierarchy 120Operation, administration, and maintenance OAM features Protection PM in a Blsr configuration Protection PM in a linear 1+1 configurationLocal account user authentication Security and administrationLocal ‘challenge-response’ user authentication Risk of unauthorized access Centralized Security Administration CSAOperation, administration, and maintenance OAM features Time s Server ’Access-Request’’Access-Accept’ ’Access-Reject’SecurID support Secure storage of authentication dataLocal TL1 of provisioning data Saving and restoring provisioning dataSpan of control Individual shelf processorLevel Application of TL1 commands from a TL1 script fileSecurity levels System identifier SID Multiple login sessions Remote loginEnhanced Intrusion Detection SPx login sessionsNPx login sessions Intrusion attempt handling Logical flow of intrusion attempt handling Password managementPassword restrictions Password Aging Enhanced password restrictionsPassword Reuse Temporary Accounts Customer managed networksACT-USER, CANC-USER, ED-SECU-PID ALW-MSG-ALL INH-MSG-ALL Security log audit trailLog Names Log name Log events General Broadcast toolSECU401 SECU410Example of Modified Login Banner Modifiable Login BannerLogin banner functionality Restore-bannerNE3 DSM STS Managed DSMNE1 DSM DSMNE2 NE4NE4 DSM NE1NE5 Group of DS1 facilities STS1 endpoints to DS1 facility grouping assignmentsSTS1 AID is used to perform BWM operations on Synchronization Support for 12 DSMExternal timing Internal timingLine timing Transport line timingExternal timing mode Timing signal sources Internal timing modeLine timing mode transport / tributary Tributary line timingTiming modes SMC Stratum clocksSynchronization hierarchy ST3 Hierarchy violationsTiming loops Hierarchical network synchronization Network element synchronization modes Building-integrated timing supply BitsLine timing External timingTiming sources and timing distribution Flow of synchronization timing signalsSynchronization-status messages STU ST1 PRSST2 ST4Bits output with VTX-series or STX-192 circuit packs User-initiated synchronization switchesUser-specified quality levels for timing sources DUS Test Access Site Manager Test Access Session Management window Test Access Ports TAPsMonitoring test access Test access configurationsTest access components DCNSingle FAD, Mone and Single FAD Monf Test access-monitor stateMonitoring test access-Single FAD, Monf Monitoring test access-Single FAD, MoneMonitoring test access-Dual FAD, Monef TAPSingle FAD, Splte and Single FAD Spltf Split test accessTest access-split state Split test access-Single FAD, Splta Split test access-Single FAD, SplteSplit test access-Single FAD, Spltf Dual FAD, Spltef Loss of association and auto recoverySplit test access-Dual FAD, Spltef Site Manager User interfaceTime of day synchronization 170Operation, administration, and maintenance OAM features TOD parameters applicable to NP only Hhminsec Unknown TL1 Changes to Cross Connect AID parameterTL1 event exerciser TL1 event / log featureCLX RTRV-EQPT Behaviour Card in Slot 13 RTRV-EQPT Output CLX-13CTYPE=VTXOOS-AU, UEQInventory events Database change eventsLog events VT management option on STX equipped OPTera Metro Topology enhancementsAtag sequence numbers VT management on a UpsrSTX Per-site dedicated STSVTX Per-site dedicated STS no VT loss in case of a fiber cut STXW/STX Virtual ring path-in-line and shared VT-managed STSVT#1 UPSR, 2 way STS-1 #1 Unprotected OM3500 180Operation, administration, and maintenance OAM features VT grooming on a Upsr VT grooming with dedicated STS at each site DS1 DS3 EC1 VT grooming with shared VT-managed STS184Operation, administration, and maintenance OAM features OM3500 VT#1, STS-1 #1 Collocated OPTera Metro 3000 NE and shared VT-managed STS EX1561p 188Operation, administration, and maintenance OAM features General guidelines Upsr planning guidelines summaryPhysical subtending rings VT grooming at an STS-managed OPTera Metro 3500 sitePage New hardware in OPTera Metro 3500 Release Hardware feature descriptionsOPTera Metro 3500 hardware Extended Reach ZX Small Form Factor Pluggable SFP NTTP51DZ Shelves equipped with VTX-48 or VTX-48e circuit packs Shelves equipped with STX-192 circuit packs OPTera Metro Shelf Assembly Universal Shelf NTN476DA Operational temperature rangeNTN476AH OC-3 circuit packsOC-48 non-DWDM circuit packs OC-48 Dwdm circuit packs OC-48 Dwdm NTN442LF OC-48 ER Dwdm NTN408CWOC-48 Dwdm NTN442NB OC192 non-DWDM circuit packsElectrical tributary circuit packs NTN438DA NTN433AANTTP51AA NTTP51BDNTN433BB OPTera Packet Edge System circuit packsNTN433EA NTN433FACross-connect / synchronization circuit packs NTN438BANTN414AA NTN414ABNetwork / Shelf processors, and Ilan circuit packs Protection switching circuit packsPower modules and BIPs Modules Accessory shelvesCooling unit assemblies NTN452AH NTN452EANTN452CH NTN452EHNTN452JH NTN452JANTN452KA NTN452NANTN451BA LIFs and LOAMsNTN451MA NTN451BHLIF, Loam 20Hardware feature descriptions Loam LIF OPTera Metro 3500 Shelf Assembly NTN476DABNC 12 port I/O NTN452AA and BNC 12-Port Front I/O module NTN452JADS1 EX1157p 24Hardware feature descriptions Air deflector Replaceable I/O modules Hardware feature descriptions NTN476DA Module type and slot positionsType / PEC Positions Transport slot ADD / Drop DS1 29-56 Front I/O module NTN452CA DS1 1-28 Front I/O module NTN452AABNC 12-Port Front I/O module NTN452JA DS1 29-84 Front I/O module NTN452EADS1 1-28 Front Enhanced I/O module NTN452AH 8xRJ-45 Front I/O module NTN452NADS1 29-84 Front Enhanced I/O module NTN452EH DS1 29-56 Front Enhanced I/O module NTN452CH8xRJ-45 Front Enhanced I/O module NTN452NH BNC 12-Port Front Enhanced I/O module NTN452JHDS1 29-56 Rear I/O module NTN452DA DS1 1-28 Rear I/O module NTN452BA8xRJ-45 Rear I/O module NTN452HB DS1 29-84 Rear I/O module NTN452FABNC 12-Port Rear I/O module NTN452KA Common modulesLeft OAM Loam NTN451MA, NTN451MH Left OAM Loam NTN451MA, NTN451MH Left interface LIF NTN451BA, NTN451BHColan Ilan ACOLeft interface LIF NTN451BA, NTN451BH OPTera Metro 3500 Cooling unit assembly NTN458QA OPTera Metro 3500 Universal cooling unit assembly NTN458QH OPTera Metro 3000 breaker interface panel BIP NTN458RA Universal power module NTN451HAUniversal power module NTN451HA Breaker Alarm Power Input AlarmBay Alarms Alarm CircuitsOPTera Metro 3500 BIP European deployment NTFW56BA Core circuit packs VTX equipped OPTera Metro 3500 shelf Core circuit packs STX-192 equipped OPTera Metro 3500 shelf EX1474p Tributary circuit packsOPTera Packet Edge circuit packs 2xGigE/FC-P2P and SFP interfaces PSX Ilan NPx, ILAN, PSC, and PSX circuit packsPSC Equipping rules External timing reference input signalsSTX-192 circuit pack NTN415AA OC48 STS OC-48 STSDSM LED name Color Description Alarm LED definitionsVTX-48 circuit pack NTN414AA VTX-48e circuit pack NTN414AB, NTN414AH TL1 sessions Extended shelf processor SPx NTN423BA, BHReset button Alarms and TbosExtended network processor NPx NTN424BA, BH Section data communication channel SdccAlarms and provisioning data OC-192 optical interface circuit pack NTN445CB, DA Ilan interface NTN425AASection trace for OC-192 Forward Error Correction FECSTS-1 path trace for OC-192 Alarm Text or conditions Upsr path protection OC-192 protection switching+1 linear protection Blsr protection 64Hardware feature descriptions OC-48 optical wavelength OC-48 circuit pack Wavelength STS-1 path trace for OC-48Following table lists the OC-48 interface circuit pack LEDs Section trace for OC-48OC-48 protection switching OC-48 STS optical interface circuit pack NTN440HA, KA, LA STS-1 path trace for OC-48 70Hardware feature descriptions Section data communication channel Sdcc Optical transmit Unidirectional path switched rings UPSRs OC-12 Protection switchingOptical receive +1 linear74Hardware feature descriptions Parameters Value OC12x4 STS IR optical interface circuit pack NTN446CAMultimode Interworking 76Hardware feature descriptions OC-3 optical interface circuit pack NTN401AA, DA OC-3 Protection switching Section data communication channel Sdcc OC-3x4 optical interface circuit pack NTN441AA, AC Equipping rules EC-1x3 circuit pack NTN436AA Protection switching EC-1x12 circuit pack NTN436DA EC-1x12 circuit packs do not support Sdcc channels DS1 mapper NTN430AA, BA DS1 DS1 I/O module types88Hardware feature descriptions DS3 Path PMs Near-End available only on DS3x12e mapper DS3 alarms available only on DS3x12e mapperDS3x12 / DS3x12e mapper NTN435AA, AH / NTN435BA DS3VTx12 mapper NTN435FA 2x100BT-P2P circuit pack NTN433AA DS3/VT protection switching92Hardware feature descriptions Shelf Module Scenario description OPTera Packet Edge System 4x100BT circuit pack NTN433BB WAN OPTera Packet Edge System 4x100FX circuit pack NTN433EA, FA LEDs Color Description 98Hardware feature descriptions Hardware feature descriptions Protection switch controller PSC NTN412AA OMX + Fiber Manager 4CH NT0H32AE, BE, CE, DE, EE, FE, GE, HE Protection switch extender PSX NTN413AAOMX + Fiber Manager 4CH equipment drawer OMX shelf not required with OMX + Fiber Manager 4CH NTN449ZW OMX OMX shelf NTN449ZWMounting bracket labels Letter Rack type Fiber manager NT0H57BB Multiple is DS1 service module DSM shelf NTN407MADS1 service module DSM NTN407MA EX0959p DSM OAM Hardware Release 6 with cover off DSM OAM Hardware Release 6 with cover on DSM DS1x84 termination module TMNTN313AA, AC LOS LED Name LED Color On condition descriptionPage OPTera Metro Multiservice Platform