1 three levels of security, 2 feature access level configuration, 3 add or edit an account – CANOGA PERKINS 9145ELB NID Software Version 4.01 User Manual

System Configuration

9145ELB NID Software User’s Manual

Account Configuration

33

3.3.1 Three Levels of Security

A three-level security system on the 9145ELB controls all user interface and SNMPv3 access.

Most Service Provider management networks provision certain access levels to technicians,
network administrators, and managers. Offering tiered management access to network elements
allows Service Providers to protect their network against unauthorized access and
misconfigurations.

All 9145ELB features require a certain access level in order for users to gain access to the
feature. The logged in user or SNMPv3 manager’s access level is used to validate and control
access to the 9145ELB features. When accessing a menu item or an SNMP object the user’s
access level is checked against the access level required for the feature. If the user’s access
level is sufficient, then the access is granted. If the user’s access level is not sufficient, an error
message is displayed in the status area or an SNMP error is returned.

The three access levels are supervisor, operator, and observer.

In the default configuration, the supervisor access level is allowed complete access to all
9145ELB features including configuring the security system. The operator access level is allowed
access to the 9145ELB features except those relating to the 9145ELB’s security system. This
level can be configurable by the administrator.

The observer access level is allowed access to the 9145ELB features that do not modify the
9145ELB’s configuration. This level can be configurable by the administrator.

3.3.2 Feature Access Level Configuration

The assignment of access levels has a default configuration built into the 9145ELB. Creating and
downloading a text file called 9145e.cap to the 9145ELB can change this assignment, however.
This file contains mappings between module features and the access level required to access
the feature. For example, the entry that controls access to the Maximum Frame Size setting
looks like the following:

maxFrameSize=operator

This entry indicates that to change the Maximum Frame Size, a user’s account must have
operator access level or greater.

The 9145e.cap file is downloaded to the 9145ELB via the normal FTP/SFTP/TFTP in the same
manner as downloading a firmware file to the 9145ELB. The same file may be downloaded to
multiple 9145ELB's to ensure that each is following the same security rules.

3.3.3 Add or Edit an Account

To add an account, from the Account Configuration screen (Figure 3-19), type A and press Enter.
The Edit User Account screen (Figure 3-20) opens with all fields empty. When you have entered
the account information, press Esc to return to the Account Configuration screen.

To edit an account, type E and press the Space bar to select an account. The Edit User Account
screen (Figure 3-20) opens.