Customer managed networks, Customer managed networks 2-137 – Nortel Networks OPTera Metro 3500 User Manual
Page 175
Operation, administration, and maintenance (OAM) features 2-137
Planning and Ordering Guide—Part 1 of 2 NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004
Users with UPC 1 through 3 will not be allowed to log in if their passwords
have expired. There are two password modes for level 1 through 3 accounts:
‘Assigned’ and ‘Valid’.
•
A user password is in ‘Assigned’ mode when the system administrator was
the last person to change the password (that is, initial account creation or
user forgot password). At this point, the system administrator and the user
both know the password. The user is expected to change his/her password
to one that only he/she knows.
•
A user password is in ‘Valid’ mode when the user password was last
changed by the user (that is, in this situation, the user is the only person
who knows the password).
The following intervals are provisionable by a level 4 or 5 user to support
password aging:
•
Password Expiry Period: the length of time after which the password is no
longer valid.
•
Password Validation Period: if the system administrator is the last person
to change the password (for example, initial creation of account or user
forgot password), the period of time a user has to change the password
before it expires.
•
Password Warning Period: the number of days prior to password expiration
that is presented in a warning message upon logging into the network
element.
•
Password Change Period: a specified minimum waiting period before an
existing password can be updated.
Temporary Accounts
You can use the password aging feature to implement a temporary user account
feature. A temporary account is specified upon creation and denies the user
access when the password expires. A temporary account is created by enabling
password expiry, disabling password validation, and setting the password
change period one day longer than the password expiry period. These settings
force the expiry of the password before it can be changed.
For information about the Challenge Response Authentication Protocol, see
Centralized Security Administration (CSA) on page 2-124
Customer managed networks
This feature provides transport functionality that allows security of the SDCC
network and allows you to block a customer node from another customer’s
node at a level beyond Userid and Passwords in the network. This functionality
adds an extra layer of security and lowers the
potential of intrusion to blocked
nodes.