Table of Contents
Advertisement
IPSec Protocol Tunnels
PPTP Protocol Tunnels
L2TP Protocol Tunnels
L2F Protocol Tunnels
Change Password
2.4.1
Crypto Officer Services
There is a factory default login ID and password, which allows access to the Crypto Officer
role. This initial account is the primary administrator's account for the Switch, and guarantees
that at least one account is able to assume the Crypto Officer role and completely manage the
switch and users. (This initial account always has manage switch and manage users rights.)
An administrator of the switch may assign permission to access the Crypto Officer role to
additional accounts, thereby creating additional administrators. Administrators may always
access the switch and authenticate themselves via the serial port. They may also authenticate as
a User over a secure tunnel and then authenticate to the switch as a Crypto Officer in order to
manage the switch. An administrator can also configure the switch to allow or disallow
management via a private LAN interface, without using a secure tunnel. Initially the default
configuration allows HTTP management on the private LAN interface of the Switch without
requiring a secure tunnel.
At the highest level, Crypto Officer services include the following:
Configure the Switch: to define network interfaces and settings, set the protocols
the switch will support, define routing tables, set system date and time, load
authentication information, etc.
Create User Groups : to define common sets of user permissions such as access
hours, user priority, password restrictions, protocols allowed, filters applied, and
types of encryption allowed. Administrators can create, edit and delete User
Groups, which effectively defines the permission sets for a number of Users.
Create Users : to define User accounts and assign them permissions using User
Groups. Every User may be assigned a separate ID and password for IPSec,
PPTP, L2TP, and L2F, which allow access to the User roles. Additionally, an
account may be assigned an Administration ID, allowing access to the Crypto
Officer role. Each Administrator ID is assigned rights to Manage the Switch (either
none, view switch, or manage switch) and rights to Manage Users (either none,
view users, or manage users).
Define Rules and Filters : to create packet Filters that are applied to User data
streams on each interface. Each Filter consists of a set of Rules, which define a set
of packets to permit or deny based characteristics such as protocol ID, addresses,
ports, TCP connection establishment, or packet direction. The administrator may
use any of the pre-defined Rules or create custom Rules to be included in each
Filter.
© Copyright 2000 Nortel Networks.
11
Advertisement
Table of Contents
