Security parameters

The following table shows the provisionable security parameters.

Table A-10: Security parameters

Parameter

TL1 Commands (Access) (Note)

Range

Default

Related WaveStar® CIT Commands

Password (pid)

ENT-USER-SECU

ED-USER-SECU

(P, A)

If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character.

If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login.

None

Administration → Security → Provision User Logins

User Access Privilege (uap)

ENT-USER-SECU

ED-USER-SECU

(P, A)

Privileged, Administration, General, Maintenance, Reports-Only

None

Administration → Security → Provision User Logins

Password Aging Interval (page)

0 (Disabled), 7–999 days

0-default users

60-other users

Inactivity Timeout Period (tmout)

0–999 minutes

30 minutes

Allow Login (alw_login)

ENT-USER-SECU

ED-USER-SECU

(P, A)

Enabled, Disabled

Enabled

Administration → Security → Provision User Logins

Administration → Security → Enable User Login

Administration → Security → Disable User Login

New User ID (new_uid)

ED-USER-SECU

(P, A)

case-sensitive alphanumeric string of 5–10 characters

None

Administration → Security → Provision User Logins

New Password (new_pid)

If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character.

If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login.

None

Lockout Status (lockout_status)

Enable Login

None

Old Private Identifier/ password (old_pid)

ED-PID

(P, A, G, M, R)

If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character.

If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login.

None

Administration → Change Password

New Private Identifier/ password (new_pid)

Security State (state)

ENT-CID-SECU

(P)

IS (no lockout),

LO (Lockout)

IS

Administration → Security → Enable Lockout Security State

Administration → Security → Disable Lockout Security State

User ID Aging Period (usrage)

ED-NE-SECU

(P, A)

0 - 999 Days

60

Administration → Security → Provision NE Security

Failed Login Attempts Lockout Period (intrvl)

0 - 99 Minutes

10

Failed Login Attempts Lockout Threshold (thrshld)

2 - 99

5

Failed Login Attempts Lockout Aging Period (age)

1 - 999 Minutes

60

Minimum Waiting Period before Changing Password (pidwpd)

0 - 30 Days

20

Change Password Status (chg_pwd_stat)

Enable, Disable

Disable

Access Control List (ACL) Status (aclstat)

Enabled, Disabled

Disabled

Minimum password length (pwmin)

6 – 18

6

Maximum password length (pwmax)

10 – 20

10

Recently used passwords (pwreuse)

5 – 15

5

Identifier for SNMPv1-2 user (uid)

ENT-SNMP-USER

ED-SNMP-USER

(P)

case-sensitive alphanumeric string of 6 to 15 characters

None

Administration → Security → Provision SNMP v1-2 Users

SNMPv1-2 User IP address (uipadr)

32-bit IP address

None

SNMPv1-2 Request Functionality (reqfnct)

Enabled, Disabled

Enabled

SNMPv1-2 Trap Functionality (trapfncts)

Enabled, Disabled

Enabled

Identifier for SNMPv3 user (uid)

ENT-SNMP-USER

ED-SNMP-USER

(P)

case-sensitive alphanumeric string of 6 to 15 characters

None

Administration → Security → Provision SNMP v3 Users

SNMPv3 Tag identifier (tagid)

Case sensitive alphanumeric string

None

SNMPv3 Authentication protocol (authprotocol)

NOAUTH, MD5, SHA

None

SNMPv3 Privacy protocol (privprotocol)

NOPRIV, DES, 3DES, AES128, AES192, AES256

None

SNMPv3 Authentication password (authpid)

Case sensitive alphanumeric string of 6-20 characters

None

SNMPv3 Privacy password (privpid)

Case sensitive alphanumeric string of 6-20 characters.

None

Target transport IP address (tipadr)

ENT-SNMP-ADDR

ED-SNMP-ADDR

(P)

32-bit IP address consisting of four dot-separated decimal numbers 0-255

None

Administration → Security → Provision SNMP Tables

Tag Identifier List (tag_lst)

Quoted text string with tags separated by either a space character or a tab character

None

Network type (domain)

UDP

None

Expected maximum round trip time (timeout)

TBD

1500

Number of retries (retrycnt)

0 – 255

3

TargetParamsName (parm_id)

Case sensitive alphanumeric string of 6 to 20 characters.

None

IP subnet mask (mask)

32-bit IP subnet mask consisting of 4 dot separated decimal numbers 0-255.

255.255.255.255

Maximal message size (maxmsgsz)

484 – 65535

2048

Security model (sec_model)

ENT-SNMP-GROUP

ED-SNMP-GROUP

(P)

SNMPV1, SNMPV2C, USM

USM

Administration → Security → Provision SNMP Tables

Security level (sec_level)

NOAUTHNOPRIV, AUTHNOPRIV, AUTHPRIV

NOAUTH NOPRIV

Read access MIB groups (readmibs)

Case sensitive alphanumeric string of maximal 6-20 characters.

None

Write access MIB groups (writemibs)

Case sensitive alphanumeric string of maximal 6-20 characters.

None

Notification MIB groups

Case sensitive alphanumeric string of maximal 6-20 characters.

None

Context match value (match)

Exact, Prefix

Exact

OID bit mask (mask)

ENT-SNMP-MIBGP

ED-SNMP-MIBGP

(P)

quoted Octet- String of up to 16 characters represented as a sequence of hexadecimal numbers separated by colons. Each octet is within the range 0x00 through 0xff.

None

Administration → Security → Provision SNMP Tables

MIB view type (type)

Include, Exclude

None

Tag value (tag_id)

ENT-SNMP-NOTIF

ED-SNMP-NOTIF

(P)

Case sensitive alphanumeric string of 6 to 20 characters,

None

Administration → Security → Provision SNMP Tables

Notification type (notify_type)

Trap, Inform

Trap

Security model (sec_model

ENT-SNMP-PARAM

ED-SNMP-PARAM

(P)

SNMPV1, SNMPV2C, USM

USM

Administration → Security → Provision SNMP Tables

Security Name (sec_uid)

Case-sensitive alphanumeric string of 6 to 20 characters.

None

Security level (sec_level)

NOAUTHNOPRIV, AUTHNOPRIV, AUTHPRIV

AUTHNOPRIV

Access Table ID (groupid)

ENT-SNMP-USERGP

ED-SNMP-USERGP

(P)

Case sensitive alphanumeric string of 6 to 20 characters or NULL.

None

Administration → Security → Provision SNMP Tables

ACL target identifier (acl_tid)

ENT-ACL

(P, A)

Target Identifier of the ACL entry

None

Administration → Security → Provision Access Control

ACL NSAP (acl_nsap)

NSAP of the ACL entry.

None

RADIUS Server IP Address (ipaddr)

ENT-RADIUS-SERVER

(P, A)

Four dot-separated decimal numbers ranging from 0 to 255. The value 0.0.0.0 is invalid

None

Administration → Security → Provision Radius Server

UDP port number for RADIUS (port)

1 to 65535

1812

Role of RADIUS Server (role)

Primary, Secondary

None

Secret

Valid values are case-sensitive strings of 1 to 128 characters, with characters @ , : = “ ; * \ ! ? not being allowed due to their special TL1 meanings.

None

Note: The TL1 command security access levels are Privileged (P), Administration (A), General (G), Maintenance (M), and Reports-only (R).

November 2011Copyright © 2011 Alcatel-Lucent. All rights reserved.