How do I configure device system security settings?
Steps
1 |
Choose Administration→Security→NE System Security from the NFM-P main menu. The Select Site form opens. |
2 |
Select a managed device and click OK. The NE System Security (Edit) form opens. Note: Items that appear on the NE System Security (Edit) form are device-dependent. Not all configuration form tabs and parameters in this procedure apply to all devices. |
3 |
To configure the FTP, Telnet, or SSH server parameters, click on the Servers Configuration tab. Note: The 7705 SAR may become temporarily unreachable when enabling SSH and starting the SSH server on the device. |
4 |
To configure allowed SSH ciphers, perform the following.
|
5 |
To configure SSH key regeneration, perform the following.
|
6 |
To configure the CPM hardware queueing for BGP or T-LDP peers, click on the CPM Per-Peer-Queuing tab. |
7 |
To configure user profiles, click on the System User Template tab. Otherwise, go to Step 20 . The default System User radius_default and tacplus_default templates are listed. |
8 |
Select the appropriate default template and click Properties. The System User Template (Edit) form opens. |
9 |
Configure the required parameters. |
10 |
If you intend to use the default Template Profile, go to Step 20 . |
11 |
Click Select in the Template Profile panel to choose a template profile. |
12 |
If you choose the administrative template, go to Step 20 . |
13 |
Click Create. The Site User Profile (Create) form opens. |
14 |
Configure the required parameters. |
15 |
Click on the Entries tab. |
16 |
Perform the following steps.
|
17 |
Repeat Step 16 to specify an additional match entry, if required. |
18 |
Save your changes and close the form. |
19 |
Close the System User Template (Edit) form. |
20 |
To configure global DoS protection, click on the NE DoS Protection tab. |
21 |
Configure the required parameters. Note: PIM in an MVPN on the egress DR does not switch traffic from the (*,G) to the (S,G) tree if protocol protection is enabled, and if PIM is not enabled on the ingress network interface. Enable the Block PIM Tunneled parameter to enable extraction and processing of PIM packets that arrive from a tunnel, for example, an MPLS or GRE tunnel, on a network interface. |
22 |
Click on the following child tabs, as required, to view the DoS violations. |
23 |
Click on the VPRN Network Exceptions tab to configure rate limits for VPRN network exceptions. |
24 |
Configure the required parameters. |
25 |
Save your changes and close the NE System Security (Edit) form. |
26 |
Close the NE System Security form. End of steps |