User Password, Login, And Access Policies; Audit Trail; Node Timing; Table 18-4 Audit Trail Window Columns - Cisco ONS 15454 DWDM Installation And Operation Manual

18.2 Node Timing

18.1.2.2 User Password, Login, and Access Policies

Superusers can view real-time lists of users who are logged into CTC or TL1 user logins by node.
Superusers can also provision the following password, login, and node access policies:
•
•
•
•

18.1.2.3 Audit Trail

Audit trails prove useful for maintaining security, recovering lost transactions, and enforcing
accountability. Accountability refers to tracing user activities; that is, associating a process or action
with a specific user.
The ONS 15454 maintains a 640-entry, human-readable audit trail of user or system actions such as
login, logout, circuit creation or deletion, and user- or system-generated actions. Login events include
authorized Cisco logins using the ONS 15454 command line interface (CLI) or CTC, the ONS 15454
graphical user interface. You can move the log to a local or network drive for later review. The
ONS 15454 generates an event to indicate when the log is 80 percent full, and another event to indicate
that the oldest log entries are being overwritten.
Table 18-4

Table 18-4 Audit Trail Window Columns

Heading
Date
Num
User
P/F
Operation
18.2 Node Timing
SONET timing parameters must be set for each ONS 15454. Each ONS 15454 independently accepts its
timing reference from one of three sources:
•
Cisco ONS 15454 DWDM Intallation and Operations Guide, R4.7
18-6
Password expirations and reuse—Superusers can specify when users must change their passwords
and when they can reuse them.
Login attempts—Superusers can specify the maximum number of times a user is allowed to attempt
to login to CTC.
Locking out and disabling users—Superusers can provision the number of invalid logins that are
allowed before locking out users and the length of time before inactive users are disabled. The
number of allowed lockout attempts is set to the number of allowed login attempts.
Node access and user sessions—Superusers can limit the number of CTC sessions one user can have,
and they can prohibit access to the ONS 15454 using the LAN or TCC2 RJ-45 connections.
In addition, a Superuser can select secure shell (SSH) instead of Telnet at the CTC Provisioning >
Security > Access tabs. SSH is a terminal-remote host Internet protocol that uses encrypted links. It
provides authentication and secure communication over unsecure channels. Port 22 is the default
port and cannot be changed.
contains the columns listed in Audit Trail window.
Explanation
Date when the action occurred
Incrementing count of actions
User ID that initiated the action
Pass/Fail (whether or not the action was executed)
Action that was taken
The building integrated timing supply (BITS) pins on the ONS 15454 backplane (ANSI) or
MIC-C/T/P coaxial connectors (ETSI).
Chapter 18 Security and Timing
September 2004