[Top][Contents][Prev][Next][Last]Search

Security Using the VT100 Interface

Accessing the VT100 interface
Restricting access automatically granted to all callers

You can connect the MAX 800 unit control port directly to a workstation running VT100-terminal-emulation software and use the VT100 configuration interface to restrict MAX 800 configuration access. If you use this method, you do not have to assign an IP address before restricting access. (After you have assigned an IP address, you can also use Telnet to establish a VT100 configuration session with the MAX 800. The Telnet session establishes a VT100 configuration environment that is identical to the VT100 configuration interface established through the control port.)

This section includes basic instructions for changing Security profile settings and Telnet and SNMP passwords. For detailed information about using the VT100 configuration interface, see the Network Configuration Guide for the MAX 800. For more information about MAX 800 security options, see the MAX Security Supplement. You can also see the following documents on the Ascend Documentation Library CD-ROM: the Administration Guide for the MAX 800, and the MAX Reference Guide.

Accessing the VT100 interface

To access the VT100 interface, first connect a terminal or terminal emulator to the control port, as described in Setting up a controlling computer. Leave the terminal or emulator running, and start the MAX 800, as described in Starting the MAX 800.

When the MAX 800 completes its POST, press any key to display the Main Edit Menu and status windows

Restricting access automatically granted to all callers

To restrict the access automatically granted to all callers on a new MAX 800, you must:

Restricting the default access

  1. With the cursor (>) pointing to System, press Enter.

    The System menu appears:

  2. Press Ctrl-N or the Down Arrow key to move the cursor down until it is pointing to Security:

  3. Press Enter to display the Security menu:

  4. Press Enter again to display the Default Security profile:

  5. Press Ctrl-N or the Down Arrow key to move the cursor down until it is pointing to Operations:

  6. Press Enter to change the Operations setting from the default value of Yes to No.

  7. Press Ctrl-X, Ctrl-B, or the Left Arrow key to exit from the Default Security profile.

    The Exit menu appears:

  8. Press 2 to exit the profile and save the changes.

    The top-level Security menu reappears:

  9. Continue with Changing the password in the Full Access Security profile.

Changing the password in the Full Access Security profile

 To change the password in the Full Access Security profile:

  1. In the top-level Security menu, press Ctrl-N or the Down Arrow key to move the cursor down until it is pointing to Full Access:

  2. Press Enter to open the Full Access profile:

  3. Press Ctrl-N or the Down Arrow key to move the cursor to Passwd=Ascend.

  4. Press Enter.

    An edit field opens, delimited by brackets:

    A blinking text cursor appears in the brackets.

  5. Type a new, secure password, consisting of no more than 20 characters. The factory-default password is cleared when you type a character.

  6. Press Enter to exit from the text entry mode and accept the new password.

  7. Press Ctrl-X, Ctrl-B, or the Left Arrow key to exit from the Full Access profile.

    The Exit menu appears:

  8. Press 2 to exit from the profile and save the changes.

    The top-level Security menu appears:

    Later, when you reset or power-cycle the MAX 800, the new, restrictive Default profile will be in effect. To configure the MAX 800, you will be required to supply the new password that you assigned in step 5 to activate the Full Access Security profile.

  9. Continue with Setting password protection for Telnet access.

Setting password protection for Telnet access

 Assigning a Telnet password ensures that all users requesting Telnet sessions with the MAX 800, either locally or across a WAN, must enter the password. To assign a password:

  1. If you have just finished configuring the Security profiles, press Ctrl-X, Ctrl-B, or the Left Arrow key to exit from the Security Profile.

    The System menu appears:

  2. Press Ctrl-X, Ctrl-B, or the Left Arrow key to exit from the System menu.

    The Main menu appears.

  3. Press Ctrl-N or the Down Arrow key to move the cursor to Ethernet:

  4. Press Enter. The Ethernet menu appears:

  5. Press Ctrl-N or the Down Arrow key to move the cursor to Mod Config:

  6. Press Enter to display the Mod Config menu: 

90-B00 Mod Config

>	Ether options...

	WAN options...

	SNMP options...

	Route Pref...

	TServ options...

	Bridging=Yes

	IPX Routing=Yes

	AppleTalk=Yes

	Shared Prof=Yes

	Telnet Security=Global

	Telnet PW=xxxxx

	RIP Policy=Split Horzn

	RIP Summary=Yes

	RIP Trigger=Yes

	ICMP Redirects=Accept

	DNS...
  1. Press Ctrl-N or the Down Arrow key to move the cursor to Telnet PW.

  2. Press Enter.

    An edit field opens, delimited by brackets:

90-B00 Mod Config

	Ether options...

	WAN options...

	SNMP options...

	Route Pref...

	TServ options...

	Bridging=Yes

	IPX Routing=Yes

	AppleTalk=Yes

	Shared Prof=Yes

	Telnet Security=Global

>	Telnet PW:

		[]

	

	

	ICMP Redirects=Accept

	DNS...
A blinking text cursor appears in the brackets.

  1. Type a password of 20 or fewer characters.

  2. Press Ctrl-X, Ctrl-B, or the Left Arrow key to display the Exit menu:

  3. Press 2 to exit and save the changed password.

    The Ethernet menu reappears.

  4. Continue with Setting password protection for SNMP access.

Setting password protection for SNMP access

 An SNMP community string is a password that SNMP manager applications must specify to gain access to the SNMP Management Information Base (MIB). The read community string is public by default, enabling SNMP managers to perform read commands. The read-write community string is write by default, enabling SNMP managers to perform read and write commands. You should change the read-write community string to a more secure password. To change the password:

  1. With the Ethernet menu displayed, press Ctrl-N or the Down Arrow key to move the cursor to SNMP options:

  2. Press Enter to display the SNMP Options menu:

  3. Press Ctrl-N or the Down Arrow key to move the cursor to R/W Comm. The default read-write community string, which is set in the R/W comm parameter, is write.

  4. To change the password to a secure string, press Enter.

    An edit field opens, delimited by brackets:

    90-000 Mod Config
    SNMP options...
    READ Comm=public
    R/W Comm Enable=Yes
    R/W Comm=
    []
    A blinking text cursor appears in the brackets.

  5. Type a string of 16 or fewer characters.

  6. Press Ctrl-X, Ctrl-B, or the Left Arrow key to display the Exit menu:

  7. Type 2 to exit and save the changed password.

    The Ethernet menu reappears.

  8. Press Ctrl-D to exit from the VT100 configuration interface.

    The context-sensitive DO command menu appears:

  9. Press C to close the connection.


[Top][Contents][Prev][Next][Last]Search

techpubs@ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.