[Top][Contents][Prev][Next][Last]Search

Setting Up Security Profiles

This chapter contains:
Understanding Security profiles
Configuring a Security profile
Activating a Security profile
Using the Full Access profile

Understanding Security profiles

A Security profile consists of parameters you can set to control access to the MAX. All Security profiles are located below the Security menu of the System profile in the MAX configuration interface. Table 2-1 lists the parameters in a Security profile.

Table 2-1. Security profile parameters

Parameter

Description

Possible values
Name

 Specifies a name for the profile.

 Text string containing up to 16 characters. The default value is null.

Passwd

 Specifies a password.

 Text string containing up to 20 characters. The default value is null.

Operations

 Enables or disables read-only security.

 Yes
No

The default is Yes.

Edit Security

 Grants or restricts privileges to edit Security profiles.

 Yes
No

The default value is Yes.

Edit System

 Grants or restricts privileges to edit the System profile and the Read Comm and R/W Comm parameters in the Ethernet profile.

 Yes
No

The default value is Yes.

Edit Line

 Indicates whether an operator can edit Line profiles.

Yes
No

The default value is Yes.

Edit All Ports

 Indicates whether an operator can edit all Port profiles.

 Yes
No

The default value is Yes.

Edit Own Port

 Indicates whether an operator can edit their own Port profile.

 Yes
No

The default value is Yes.

To keep an operator from editing their own Port profile, you must set Edit Own Port=No and Edit All Ports=No.

Edit All Calls

 Indicates whether an operator can edit all the parameters in all Call profiles and Connection profiles.

 Yes
No

The default value is Yes.

No specifies that an operator can edit only the Dial # and Base Ch Count parameters in the current Call profile. To disable editing of the Dial # and Base Ch Count parameters, you must set Edit All Calls=No and Edit Cur Call=No.

Edit Com Call

 Indicates whether an operator can edit Call profiles that are not specific to any serial host port.

Call profiles not specific to any serial host port are known as common Call profiles.

Yes
No

The default value is Yes.

To keep an operator from editing common Call profiles, you must set Edit Com Call=No and Edit All Calls=No.

Edit Own Call

 Indicates whether an operator can edit the Call profile that defines the connection between the user's MAX and the MAX being remotely managed over an AIM channel.

 Yes
No

The default value is Yes.

To keep an operator from editing the Call profile between a local and a remotely managed MAX, you must set Edit Own Call=No and Edit All Calls=No.

Edit Cur Call

 Indicates whether an operator can edit all the parameters in the current Call profile.

 Yes
No

The default value is Yes.

No specifies that an operator can edit only the Dial # and Base Ch Count parameters in the current Call profile. To disable editing of the Dial # and Base Ch Count parameters, you must set Edit Cur Call=No and Edit All Calls=No.

Sys Diag

 Indicates whether an operator can perform all system diagnostics.

 Yes
No

The default value is Yes.

All Port Diag

 Indicates whether an operator can perform all serial host port diagnostics.

 Yes
No

The default value is Yes.

Own Port Diag

 Indicates whether an operator can perform port diagnostics for his or her own serial host port.

 Yes
No

The default value is Yes.

To completely disable the operator's ability to perform diagnostics for his or her own port, you must set Own Port Diag=No and All Port Diag=No.

Download

 Indicates whether an operator can download the configuration of the MAX using the Save Cfg command.

 Yes
No

The default value is Yes.

Note: Whether you choose Yes or No, a user cannot download passwords to another device.

Upload

 Indicates whether an operator can upload the MAX configuration from another device using the Restore Cfg command.

 Yes
No

The default value is Yes.

Note: When you save a configuration to file, passwords are not included in the download, so restoring from file clears all passwords in the MAX.

Field Service

 Grants or restricts privileges to perform field service operations, such as uploading new system software.

 Yes
No

The default value is Yes.

Configuring a Security profile

To configure a Security profile, follow these steps:

  1. Open the System > Security menu.

  2. Open any Security profile.

  3. Set Name to a descriptive designation for the profile.

    You can enter up to 16 characters. For example:

  4. For the Passwd parameter, specify a password containing up to 20 characters.

  5. To enable or disable read-only security, set the Operations parameter.

    Yes enables a user to view MAX profiles and to change the value of any parameter. The default value is Yes.

    No permits a user to view MAX profiles, but not to change the value of any parameter. If you specify No, a user cannot access most DO commands. Only DO Esc, DO Close Telnet, and DO password are available.

  6. To grant or restrict privileges to edit Security profiles, set the Edit Security parameter.

    Yes grants privileges. When you specify Yes, a user can edit Security profiles, and can access all other operations by enabling them in his or her active Security profile. In addition, all passwords in Security profiles are visible as text. This privilege is the most powerful one you can assign, because it allows users to change their own privileges at will. The default value is Yes.

    No restricts privileges. When Edit Security=No, all passwords are hidden by the string "*SECURE*."

    Note: Do not set the Edit Security parameter to No on all nine Security profiles; if you do, you cannot edit any of them.

  7. To grant or restrict privileges to edit the System profile and the Ethernet profile, set the Edit System parameter.

    Yes enables an operator to edit the System profile, and to edit the Read Comm and R/W Comm parameters in the Ethernet profile. The default value is Yes.

    No restricts edit privileges.

  8. To indicate whether an operator can edit Line profiles, set the Edit Line parameter.

    Yes enables an operator to edit Line profiles. The default value is Yes.

    No prevents an operator from editing Line profiles.

  9. To indicate whether an operator can edit all Port profiles, set the Edit All Ports parameter.

    Yes specifies that an operator can edit all Port profiles by local or remote management. The default value is Yes.

    No specifies that an operator cannot edit Port profiles.

  10. To indicate whether an operator can edit his or her own Port profile, set the Edit Own Port parameter.

    Yes specifies that the operator can use remote management to edit the Port profile for the port that has been called. The default value is Yes.

    No specifies that an operator cannot edit his or her own Port profile. To keep an operator from editing his or her own Port profile, you must set Edit Own Port=No and Edit All Ports=No.

  11. To indicate whether an operator can edit all the parameters in all Call profiles and Connection profiles, set the Edit All Calls parameter.

    Yes specifies that an operator can edit all the parameters in all Call profiles and
    Connection profiles by Telnet, by local management (the Control port), or by remote management. The default value is Yes.

    No specifies that an operator can edit only the Dial # and Base Ch Count parameters in the current Call profile. To disable editing of the Dial # and Base Ch Count parameter, you must set Edit All Calls=No and Edit Cur Call=No.

  12. To indicate whether an operator can edit Call profiles that are not specific to any serial host port, set the Edit Com Call parameter.

    Call profiles not specific to any serial host port are known as common Call profiles. Numbers 201 through 216 denote port-specific Call profiles. Numbers 217 through 232 denote common Call profiles.

    Yes specifies that an operator can edit common Call profiles by local or remote management. The default value is Yes.

    No specifies that an operator cannot edit common Call profiles. To keep an operator from editing common Call profiles, you must set Edit Com Call=No and Edit All Calls=No.

  13. To indicate whether an operator can edit the Call profile that defines the connection between the user's MAX and the MAX being remotely managed over an AIM channel, set the Edit Own Call parameter.

    Yes specifies that the operator can edit the Call profile. The default value is Yes.

    No specifies that an operator cannot edit the Call profile. To keep an operator from editing the Call profile between a local and a remotely managed MAX, you must set Edit Own Call=No and Edit All Calls=No.

  14. To indicate whether an operator can edit all the parameters in the current Call profile, set the Edit Cur Call parameter.

    Yes specifies that an operator can edit all the parameters in the current Call profile by local or remote management. Yes is the default.

    No specifies that an operator can edit only the Dial # and Base Ch Count parameters in the current Call profile. To disable editing of the Dial # and Base Ch Count parameters, you must set Edit Cur Call=No and Edit All Calls=No.

  15. To indicate whether an operator can perform all system diagnostics, set the Sys Diag parameter.

    Yes specifies that an operator can use any of the options in the Sys Diag menu by local or remote management. The default value is Yes.

    No specifies that an operator cannot use any of the options in the Sys Diag menu.

  16. To indicate whether an operator can perform all serial host port diagnostics, set the All Port Diag parameter.

    Yes specifies that an operator can perform all the tasks listed in the Port Diag menu. The default value is Yes.

    No specifies that an operator cannot perform any of the tasks listed in the Port Diag menu.

  17. To indicate whether an operator can perform port diagnostics for his or her own serial host port, set the Own Port Diag parameter.

    Yes specifies that an operator can use remote management to perform any of the options in the Port Diag menu for the port that has been called. The default value is Yes.

    No specifies that the operator cannot perform port diagnostics for his or her own serial host port. To completely disable the operator's ability to perform diagnostics for his or her own port, you must set Own Port Diag=No and All Port Diag=No.

  18. To indicate whether an operator can download the configuration of the MAX using the Save Cfg command, set the Download parameter.

    Yes specifies that a user can download profiles and other configuration parameters to another device for backup. The default value is Yes.

    No specifies that an operator cannot download profiles and other configuration parameters.

    Note: Whether you choose Yes or No, you cannot download passwords to another device.

  19. To indicate whether an operator can upload the MAX configuration from another device using the Restore Cfg command, set the Upload parameter.

    Yes specifies that the user can upload profiles and other configuration parameters from another device to the MAX. You must set Upload=Yes in order to use the Restore Cfg command. The default value is Yes.

    No specifies that the user cannot upload profiles and other configuration parameters from another device to the MAX.

    Note: When you save a configuration to file, passwords are not included in the download, so restoring from file clears all passwords on the MAX.

  20. To grant or restrict privileges to perform Ascend-provided field service operations, such as uploading new system software, set the Field Service parameter.

    Yes grants privileges. The default value is Yes.

    No restricts privileges. Selecting No does not disable access to any MAX operations. Field service operations are special diagnostic routines not available through MAX menus.

  21. Close the new Security profile.

Activating a Security profile

When you log into the MAX, you can only view settings, because the Default profile is active. To make any changes or perform any administrative tasks, you must activate the Full Access profile or any other profile configured to allow setup or administrative tasks.

To activate a profile, follow these steps:

  1. Press Ctrl-D to open the DO menu

  2. Press P, or select P=Password.

  3. In the list of Security profiles that opens, select the profile you want to activate.

    The MAX prompts you for the password.

  4. Specify the appropriate password, and press Enter.

    When you enter the correct password, the MAX displays the message Password accepted. Using new security level. If you enter an incorrect password, the MAX prompts you again for the password.

Using the Full Access profile

The Full Access Security profile is the super-user profile that enables you to configure your system, dial remote locations, reset the unit, and upgrade system software. This profile is intended to remain totally open, with all privileges set to Yes. The default password assigned to the profile is Ascend. A user who knows the password for the Full Access profile can perform any operation on the MAX.

Note: To prevent unauthorized access, make sure to change the default password as soon as possible.

These are the default settings for the Full Access profile:

Name=Full Access

Passwd=Ascend

Operations=Yes

Edit Security=Yes

Edit System=Yes

Edit Line=Yes

Edit All Ports=Yes 

Edit Own Port=N/A

Edit All Calls=Yes

Edit Com Call=N/A

Edit Own Call=N/A

Edit Cur Call=N/A

Sys Diag=Yes

All Port Diag=Yes 

Own Port Diag=N/A

Download=Yes

Upload=Yes

Field Service=Yes

[Top][Contents][Prev][Next][Last]Search

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.