Avaya Task Training/ERS-5500/Basic Security
Appearance
Basic security will walk through the commands for changing the passwords and community strings, on a ERS-5500.
To begin attach to the switch by telnet
[edit | edit source]- Control Y to begin
- scroll down the menu to Command Line Interface... press enter
- enable
- config t (no password control is in place yet)
Turn off the Menu
[edit | edit source]Change console interface to cli and not menu, harder for unauthorized and unskilled user to make changes
- cmd-interface cli
Create a Custom Banner
[edit | edit source]Set a login banner so no-one can claim they didn't know they couldn't login
- banner ? (shows the banner commands Notice that you can turn off the banner all together)
- banner 9 "This is a private system. Unauthorized login prohibited."
- banner custom (enable the custom banner)
- show banner
Creating/Changing Passwords
[edit | edit source]Before creating/Changing a password set a safety point, so the switch will reboot to original config if a password typo happens
Safty Point
[edit | edit source]- no autosave enable (setting a safety point prior to working on passwords)
- copy config nvram
- reload minutes-to-wait 15
Passwords
[edit | edit source]- show cli password (display default passwords in clear text)
- cli password {read-only|read-write} password
- cli password serial ? (list of password commands)
- cli password telnet local (set password to use local password)
- show cli password type
- show cli password (passwords displayed)
Password Security
[edit | edit source]- password security (force complex passwords, and hides them, note: Password security is enabled by default with the ssh load)
After the command you will be prompted to change the passwords to complex passwords.
- show cli password (asterisk'ed), show run (passwords asterisk'ed, as well as snmp com string).
Test Passwords
[edit | edit source]Logout and Login to test the passwords.
Stop Safty Point Reload
[edit | edit source]- config t
- copy config nvram
- reload cancel
- autosave enable
Disable Web Server
[edit | edit source]- show web-server (show enabled by default)
- no web-server (shut it down so nosy browsers can't access it)
SNMP
[edit | edit source]Change default SNMP communities or passwords. For better security use SNMPv3.
- snmp-server community "labpublic" ro (note; this is the command for no password security, and you have password security on) To disable password security no password security
- snmp-server community ro (enter value and confirm value)
- snmp-server community rw (enter value and confirm value)
See also
[edit | edit source]Search for Nortel ERS 5500 on Wikipedia. |