Avaya Task Training/ERS-5500/Basic Security
Jump to navigation
Jump to search
Basic security will walk through the commands for changing the passwords and community strings, on a ERS-5500.
To begin attach to the switch by telnet[edit | edit source]
- Control Y to begin
- scroll down the menu to Command Line Interface... press enter
- enable
- config t (no password control is in place yet)
Turn off the Menu[edit | edit source]
Change console interface to cli and not menu, harder for unauthorized and unskilled user to make changes
- cmd-interface cli
Create a Custom Banner[edit | edit source]
Set a login banner so no-one can claim they didn't know they couldn't login
- banner ? (shows the banner commands Notice that you can turn off the banner all together)
- banner 9 "This is a private system. Unauthorized login prohibited."
- banner custom (enable the custom banner)
- show banner
Creating/Changing Passwords[edit | edit source]
Before creating/Changing a password set a safety point, so the switch will reboot to original config if a password typo happens
Safty Point[edit | edit source]
- no autosave enable (setting a safety point prior to working on passwords)
- copy config nvram
- reload minutes-to-wait 15
Passwords[edit | edit source]
- show cli password (display default passwords in clear text)
- cli password {read-only|read-write} password
- cli password serial ? (list of password commands)
- cli password telnet local (set password to use local password)
- show cli password type
- show cli password (passwords displayed)
Password Security[edit | edit source]
- password security (force complex passwords, and hides them, note: Password security is enabled by default with the ssh load)
After the command you will be prompted to change the passwords to complex passwords.
- show cli password (asterisk'ed), show run (passwords asterisk'ed, as well as snmp com string).
Test Passwords[edit | edit source]
Logout and Login to test the passwords.
Stop Safty Point Reload[edit | edit source]
- config t
- copy config nvram
- reload cancel
- autosave enable
Disable Web Server[edit | edit source]
- show web-server (show enabled by default)
- no web-server (shut it down so nosy browsers can't access it)
SNMP[edit | edit source]
Change default SNMP communities or passwords. For better security use SNMPv3.
- snmp-server community "labpublic" ro (note; this is the command for no password security, and you have password security on) To disable password security no password security
- snmp-server community ro (enter value and confirm value)
- snmp-server community rw (enter value and confirm value)
See also[edit | edit source]
Search for Nortel ERS 5500 on Wikipedia. |