Procedure 7-27: Provision access control

- Overview

Use this procedure to create or delete Access Control List entries.

Up to 50 different entries can be included on the access control list.

- Access control list

The access control list adds a layer of control in addition to the TL1 user ID and password. When the access control list is enabled, an IP-based OS can log in to a remote target NE via a GNE (T-TD) only if the GNE, represented by its TID or NSAP, is included on the target network element access control list.

An OSI-based OS can log in to a remote target NE only if the OSI-based OSI, represented by its NSAP, is included on the target network element access control list.

Important!

Specifying a GNE's NSAP is more secure than specifying the TID. Since the TID is provisionable and are generally available, a user attempting unauthorized access to the NE could present a TID that duplicates a TID on the access control list, thereby, bypassing the security provided by the access control list.

Privilege level

You must log in as a Privileged or Administration user to complete this procedure.

- Before you begin

Prior to performing this procedure:

  1. Refer to Before you begin and Required equipment in this chapter.

  2. Obtain the work instructions for this procedure.

Steps

Perform the following steps to add or delete Access Control List entries.

 
1

Important!

The network element security Access Control List Status parameter must be Enabled to use the Access Control List.

Before you can change Access Control List Status to Enable, you must provision at least one access control list (Administration → Security → Provision Access Control).

If required, select Administration → Security → Provision NE Security to access the NE security parameters and enable the Access Control List Status parameter. Click OK.

Reference:

Procedure 7-21: Provision network element security

2

From the System View menu, select Administration → Security → Provision Access Control.

Result:

The Provision Access Control window opens to allow you to create or delete an Access Control List entry.

3

Determine the required provisioning.

If...

Then...

adding an Access Control List entry,

Continue with Step 4.

deleting an Access Control List entry,

Important!

The network element security Access Control List Status parameter must be Disabled if all the access control lists are deleted.

If required, select Administration → Security → Provision NE Security to access the NE security parameters. On the Provision NE Security window, disable the Access Control List Status parameter and click OK.

Proceed to Step 5.

4

Perform the following to ADD AN ACCESS CONTROL LIST ENTRY:

  1. Provision the NSAP Address and/or TID according to the work instructions.

  2. Click Create at the bottom of the window.

Proceed to Step 6.

5

Select the required Access Control List entry to be deleted and click Delete at the bottom of the window.

Note:

If you delete all of the Access Control List entries, you must also disable access control. If required, select Administration → Security → Provision NE Security to access the NE security parameters. On the Provision NE Security window, disable the Access Control List Status parameter and click OK.

Proceed to Step 6.

6

Do you wish to perform additional Access Control List provisioning?

If...

Then...

Yes

Return to Step 3.

No

Click Close at the bottom of the window.

STOP! End of Procedure.

End of steps

November 2011Copyright © 2011 Alcatel-Lucent. All rights reserved.