The following table shows the provisionable security parameters.
|
Parameter |
TL1 Commands (Access) (Note) |
Range |
Default |
Related WaveStar® CIT Commands |
|---|---|---|---|---|
|
Password (pid) |
ENT-USER-SECU ED-USER-SECU (P, A) |
If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character. If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login. |
None |
Administration → Security → Provision User Logins |
|
User Access Privilege (uap) |
ENT-USER-SECU ED-USER-SECU (P, A) |
Privileged, Administration, General, Maintenance, Reports-Only |
None |
Administration → Security → Provision User Logins |
|
Password Aging Interval (page) |
0 (Disabled), 7–999 days |
0-default users 60-other users | ||
|
Inactivity Timeout Period (tmout) |
0–999 minutes |
30 minutes | ||
|
Allow Login (alw_login) |
ENT-USER-SECU ED-USER-SECU (P, A) |
Enabled, Disabled |
Enabled |
Administration → Security → Provision User Logins Administration → Security → Enable User Login Administration → Security → Disable User Login |
|
New User ID (new_uid) |
ED-USER-SECU (P, A) |
case-sensitive alphanumeric string of 5–10 characters |
None |
Administration → Security → Provision User Logins |
|
New Password (new_pid) |
If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character. If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login. |
None | ||
|
Lockout Status (lockout_status) |
Enable Login |
None | ||
|
Old Private Identifier/ password (old_pid) |
ED-PID (P, A, G, M, R) |
If the maximum password length is less than or equal to 10 characters, at least one alphabetic and at least three non-alphabetic characters. Of the three nonalphabetic characters, at least one must be a numeric character and at least one must be a symbolic character. The third non-alphabetic character can be either a numeric or a symbolic character. If the provisioned maximum password length is greater than 10 characters, the password must contain a mix of upper-case alphabetic characters, lower-case alphabetic characters, numeric characters, and special characters, including at least two of each type. The password must not contain the consecutive identical characters. The password msut not contain the user login. |
None |
Administration → Change Password |
|
New Private Identifier/ password (new_pid) | ||||
|
Security State (state) |
ENT-CID-SECU (P) |
IS (no lockout), LO (Lockout) |
IS |
Administration → Security → Enable Lockout Security State Administration → Security → Disable Lockout Security State |
|
User ID Aging Period (usrage) |
ED-NE-SECU (P, A) |
0 - 999 Days |
60 |
Administration → Security → Provision NE Security |
|
Failed Login Attempts Lockout Period (intrvl) |
0 - 99 Minutes |
10 | ||
|
Failed Login Attempts Lockout Threshold (thrshld) |
2 - 99 |
5 | ||
|
Failed Login Attempts Lockout Aging Period (age) |
1 - 999 Minutes |
60 | ||
|
Minimum Waiting Period before Changing Password (pidwpd) |
0 - 30 Days |
20 | ||
|
Change Password Status (chg_pwd_stat) |
Enable, Disable |
Disable | ||
|
Access Control List (ACL) Status (aclstat) |
Enabled, Disabled |
Disabled | ||
|
Minimum password length (pwmin) |
6 – 18 |
6 | ||
|
Maximum password length (pwmax) |
10 – 20 |
10 | ||
|
Recently used passwords (pwreuse) |
5 – 15 |
5 | ||
|
Identifier for SNMPv1-2 user (uid) |
ENT-SNMP-USER ED-SNMP-USER (P) |
case-sensitive alphanumeric string of 6 to 15 characters |
None |
Administration → Security → Provision SNMP v1-2 Users |
|
SNMPv1-2 User IP address (uipadr) |
32-bit IP address |
None | ||
|
SNMPv1-2 Request Functionality (reqfnct) |
Enabled, Disabled |
Enabled | ||
|
SNMPv1-2 Trap Functionality (trapfncts) |
Enabled, Disabled |
Enabled | ||
|
Identifier for SNMPv3 user (uid) |
ENT-SNMP-USER ED-SNMP-USER (P) |
case-sensitive alphanumeric string of 6 to 15 characters |
None |
Administration → Security → Provision SNMP v3 Users |
|
SNMPv3 Tag identifier (tagid) |
Case sensitive alphanumeric string |
None | ||
|
SNMPv3 Authentication protocol (authprotocol) |
NOAUTH, MD5, SHA |
None | ||
|
SNMPv3 Privacy protocol (privprotocol) |
NOPRIV, DES, 3DES, AES128, AES192, AES256 |
None | ||
|
SNMPv3 Authentication password (authpid) |
Case sensitive alphanumeric string of 6-20 characters |
None | ||
|
SNMPv3 Privacy password (privpid) |
Case sensitive alphanumeric string of 6-20 characters. |
None | ||
|
Target transport IP address (tipadr) |
ENT-SNMP-ADDR ED-SNMP-ADDR (P) |
32-bit IP address consisting of four dot-separated decimal numbers 0-255 |
None |
Administration → Security → Provision SNMP Tables |
|
Tag Identifier List (tag_lst) |
Quoted text string with tags separated by either a space character or a tab character |
None | ||
|
Network type (domain) |
UDP |
None | ||
|
Expected maximum round trip time (timeout) |
TBD |
1500 | ||
|
Number of retries (retrycnt) |
0 – 255 |
3 | ||
|
TargetParamsName (parm_id) |
Case sensitive alphanumeric string of 6 to 20 characters. |
None | ||
|
IP subnet mask (mask) |
32-bit IP subnet mask consisting of 4 dot separated decimal numbers 0-255. |
255.255.255.255 | ||
|
Maximal message size (maxmsgsz) |
484 – 65535 |
2048 | ||
|
Security model (sec_model) |
ENT-SNMP-GROUP ED-SNMP-GROUP (P) |
SNMPV1, SNMPV2C, USM |
USM |
Administration → Security → Provision SNMP Tables |
|
Security level (sec_level) |
NOAUTHNOPRIV, AUTHNOPRIV, AUTHPRIV |
NOAUTH NOPRIV | ||
|
Read access MIB groups (readmibs) |
Case sensitive alphanumeric string of maximal 6-20 characters. |
None | ||
|
Write access MIB groups (writemibs) |
Case sensitive alphanumeric string of maximal 6-20 characters. |
None | ||
|
Notification MIB groups |
Case sensitive alphanumeric string of maximal 6-20 characters. |
None | ||
|
Context match value (match) |
Exact, Prefix |
Exact | ||
|
OID bit mask (mask) |
ENT-SNMP-MIBGP ED-SNMP-MIBGP (P) |
quoted Octet- String of up to 16 characters represented as a sequence of hexadecimal numbers separated by colons. Each octet is within the range 0x00 through 0xff. |
None |
Administration → Security → Provision SNMP Tables |
|
MIB view type (type) |
Include, Exclude |
None | ||
|
Tag value (tag_id) |
ENT-SNMP-NOTIF ED-SNMP-NOTIF (P) |
Case sensitive alphanumeric string of 6 to 20 characters, |
None |
Administration → Security → Provision SNMP Tables |
|
Notification type (notify_type) |
Trap, Inform |
Trap | ||
|
Security model (sec_model |
ENT-SNMP-PARAM ED-SNMP-PARAM (P) |
SNMPV1, SNMPV2C, USM |
USM |
Administration → Security → Provision SNMP Tables |
|
Security Name (sec_uid) |
Case-sensitive alphanumeric string of 6 to 20 characters. |
None | ||
|
Security level (sec_level) |
NOAUTHNOPRIV, AUTHNOPRIV, AUTHPRIV |
AUTHNOPRIV | ||
|
Access Table ID (groupid) |
ENT-SNMP-USERGP ED-SNMP-USERGP (P) |
Case sensitive alphanumeric string of 6 to 20 characters or NULL. |
None |
Administration → Security → Provision SNMP Tables |
|
ACL target identifier (acl_tid) |
ENT-ACL (P, A) |
Target Identifier of the ACL entry |
None |
Administration → Security → Provision Access Control |
|
ACL NSAP (acl_nsap) |
NSAP of the ACL entry. |
None | ||
|
RADIUS Server IP Address (ipaddr) |
ENT-RADIUS-SERVER (P, A) |
Four dot-separated decimal numbers ranging from 0 to 255. The value 0.0.0.0 is invalid |
None |
Administration → Security → Provision Radius Server |
|
UDP port number for RADIUS (port) |
1 to 65535 |
1812 | ||
|
Role of RADIUS Server (role) |
Primary, Secondary |
None | ||
|
Secret |
Valid values are case-sensitive strings of 1 to 128 characters, with characters @ , : = “ ; * \ ! ? not being allowed due to their special TL1 meanings. |
None | ||
|
Note: The TL1 command security access levels are Privileged (P), Administration (A), General (G), Maintenance (M), and Reports-only (R). | ||||
| November 2011 | Copyright © 2011 Alcatel-Lucent. All rights reserved. |