Nortel Networks 2000 Switch User Manual


 
Mediant 2000 SIP
Mediant 2000 SIP User’s Manual 40 Document #: LTRT-72504
5.4 Password Control
The Embedded Web Server is protected by a unique username and password combination. The
first time a browser request is made, the User is requested to provide his username and
password to obtain access. Subsequent requests are negotiated by the browser on behalf of the
User, so that the User doesn’t have to re-enter the username and password for each request, but
the request is still authenticated (the Embedded Web Server uses the MD5 authentication
method supported by the HTTP 1.1 protocol).
An additional level of protection is obtained by a restriction that no more than three IP addresses
can access the Embedded Web Server concurrently. With this approach, a fourth User is told that
the server is busy, even if the correct username and password were provided.
5.4.1 Embedded Web Server Username & Password
The default username and password for all gateways are:
Username = “Admin” (case-sensitive)
Password = “Admin” (case-sensitive)
For details on changing the username and password, refer to Section
5.9.7 on page 71. Note that
the password and username can be a maximum of 7 case-sensitive characters.
The User can reset the Web username and password (to the default values) by enabling an ini
file parameter called ‘ResetWebPassword’. The Web password is automatically the default
password.
5.5 Configuring the Web Interface via the ini File
Two additional security preferences can be configured using ini file parameters. These security
levels provide protection against unauthorized access (such as Internet hacker attacks),
particularly to Users without a firewall. For information on the ini file, refer to Section
6 on page
87.
5.5.1 Limiting the Embedded Web Server to Read-Only Mode
Users can limit the Web Interface to read-only mode by changing the ini file parameter
‘DisableWebConfig’ to 1. In this mode all Web screens are read-only and cannot be modified. In
addition, the following screens cannot be accessed: ‘Quick Setup’, ‘Change Password’, ’Reset‘,
‘Save Configuration‘, ‘Software Upgrade Wizard’, ‘Load Auxiliary Files’, ‘Configuration File’ and
‘Regional Settings’.
5.5.2 Disabling the Embedded Web Server
To deny access to the gateway through HTTP protocol, the User can disable the Embedded Web
Server task. To disable the Web task, use the ini file parameter ‘DisableWebTask = 1’. The
default is to Web task enabled.