Nortel Networks NTRN10AN Server User Manual


  Open as PDF
of 342
 
2-138 Operation, administration, and maintenance (OAM) features
OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004
OPTera Metro allows any user with a UPC level 4 and above to add, delete, or
retrieve the Access Control List (ACL) for a node. Each OPTera Metro
network element supports an ACL which allows a customer to provision nodes
onto an allow or deny list. These lists determine whether or not another node
is allowed to access the relevant node. The ACL provisioner has the flexibility
to define separate outgoing and incoming access. Your customers modify their
own lists but are restricted to incoming access only. In other words, the
customer provisions the nodes that are able to access their node.
An Incoming network violation alarm is raised when a denied node attempts
to gain access.
Security log audit trail
The security log, by default, records all TL1 commands on the network
element that require level 2 access or higher with the following level 1
command exceptions:
ACT-USER, CANC-USER, ED-SECU-PID
ALW-MSG-ALL
INH-MSG-ALL
The caption of the security log includes the following:
date and time of the event
user identification
type of event
names of resources accessed
success or failure of event
The following events are recorded in the security log:
all user login and logouts
invalid user authentication attempts (as well as alarm/alerts generated due
to invalid authentication attempts)
authorized commands (according to user class)
changes made in a users security profiles and attributes
changes made in security profiles and attributes associated with a channel
or port
changes made in the network elements security configuration
These logs are archived in a circular buffer resident on the SPx or NPx and
accessible through Site Managers Security menu. The circular buffer has a
capacity of 600 logs per node (estimated 1 weeks activity). Logging on to
Preside or Site Manager is not recorded. The Login is limited to operations on
Site Manager/Preside that invoke (directly or indirectly) TL1 commands and
 previous next