Procedure 7-21: Provision network element security

- Overview

Use this procedure to provision the following network element level security parameters:

  • User ID Lockout Threshold

  • User ID Aging Period

  • Minimum Waiting Period Before Password Changes

  • User ID Lockout Interval

  • User ID Lockout Aging Period

  • Change Password Status

  • Access Control List Status.

- Privilege level

You must log in as a Privileged or Administration user to complete this procedure.

- Before you begin

Prior to performing this procedure:

  1. Refer to Before you begin and Required equipment in this chapter.

  2. Obtain the work instructions for this procedure.

  3. Verify that the work instructions identify the network element security parameters to be provisioned and the new values.

Steps

Complete the following steps to provision the network element level security parameters.

 
1

From the System View menu, select Administration → Security → Provision NE Security.

Result:

The Provision NE Security window opens.

2

Provision the network element security parameters according to your work instructions and click OK.

  • User ID Lockout Threshold: The maximum number of consecutive invalid login attempts that are allowed by a User ID. When the number of invalid login attempts reaches the provisioned threshold, the User ID is locked out for the provisioned period of time. After a successful login attempt, the count of invalid login attempts by that User is reset to zero. The value is 2–99 consecutive failed attempts; default is 5. A value of 0 or selecting Disable disables the lockout threshold.

  • User ID Aging Period: If a User ID is not used during the provisioned time interval, it is disabled. User ID aging does not apply to the three default logins. The value is 0–999 days; default is 60. A value of 0 or selecting Disable disables user ID aging.

  • Minimum Waiting Period Before Password Changes: If the Password Aging Interval (number days before a user has to change his/her password) is enabled (7–999 days), the Minimum Waiting Period before Password Changes value MUST be less than the Password Aging Interval. The value is 0–30 days; default is 20. A value of 0 or selecting Disable disables the minimum waiting period.

  • User ID Lockout Interval: When the number of invalid login attempts reaches the provisioned threshold, the User ID is locked out for this provisioned period of time. After the provisioned period expires, login attempts are allowed from that User ID. The value is 0–99 minutes; default is 10. A value of 0 or selecting Disable disables the lockout interval.

  • User ID Lockout Aging Period: The time period during which the number of invalid login attempts are counted. When the Lockout Aging Period expires, the counter of invalid login attempts by that User ID is reset to zero. The value is 1–999 minutes; default is 60.

  • Change Password Status: Enables or disables the requirement to change a password when the password is first used in a new login ID or after the password is changed by a System Administrator. The default is Disable.

  • Access Control List Status: Enables or disables the Access Control List. The default is Disable.

    Before you can change Access Control List Status to Enable, you must provision at least one access control list (Administration → Security → Provision Access Control).

End of steps

November 2011Copyright © 2011 Alcatel-Lucent. All rights reserved.