Troubleshooting guide
Contents
Alcatel-Lucent 5620 Service Aware Manager v
5620 SAM
System Administrator Guide
3 — NE user and device security 3-1
3.1 NE user and device security overview ............................................... 3-2
3.2 RADIUS, TACACS+, and LDAP .......................................................... 3-2
Combined local and remote authentication ..................................... 3-3
3.3 CPM filters and traffic management ................................................. 3-4
3.4 DoS protection........................................................................... 3-4
DoS protection in the core network............................................... 3-5
DoS protection policies in aggregation networks................................ 3-5
3.5 DDoS protection ......................................................................... 3-5
DDoS alarm handling................................................................. 3-6
3.6 IP security ................................................................................ 3-7
3.7 7705 SAR-H firewalls.................................................................... 3-8
Configuring a 7705 SAR-H firewall on a management or CPM
interface......................................................................... 3-8
3.8 Workflow to manage NE user and device security ................................. 3-8
3.9 NE user and device security procedures............................................3-10
Procedure 3-1 To configure a MAF...............................................3-10
Procedure 3-2 To configure a CPM filter........................................3-11
Procedure 3-3 To configure an NE DoS protection policy ....................3-13
Procedure 3-4 To view NE DoS protection violations .........................3-14
Procedure 3-5 To configure an NE DDoS protection policy ..................3-14
Procedure 3-6 To configure a site user profile ................................3-16
Procedure 3-7 To configure a user account on a managed device .........3-17
Procedure 3-8 To configure a password policy ................................3-18
Procedure 3-9 To configure an NE RADIUS authentication policy...........3-19
Procedure 3-10 To configure an NE TACACS+ authentication policy .......3-20
Procedure 3-11 To configure an OmniSwitch RADIUS, TACACS+, or
LDAP security authentication policy .......................................3-21
Procedure 3-12 To configure device system security settings...............3-21
Procedure 3-13 To configure and manage PKI site security on an NE......3-23
Procedure 3-14 To configure a PKI certificate authority profile............3-25
Procedure 3-15 To perform CMPv2 actions.....................................3-26
Procedure 3-16 To distribute a license key to all 7705 SAR-H nodes.......3-28
Procedure 3-17 To configure a 7705 SAR-H NE firewall ......................3-29
Procedure 3-18 To configure an NE management access firewall
on the 7705 SAR-H ............................................................3-31
Procedure 3-19 To configure an NE CPM firewall on the 7705 SAR-H ......3-32
Procedure 3-20 To delete a security policy ....................................3-33
Procedure 3-21 To manually unlock a user account ..........................3-34
Procedure 3-22 To clear the password history of a user on a
managed device ...............................................................3-34
Procedure 3-23 To clear collected statistics on a CPM filter................3-35
Procedure 3-24 To manage OCSP cache entries on an NE ...................3-36
4 — TCP enhanced authentication 4-1
4.1 TCP enhanced authentication overview............................................. 4-2
TCP keys and key chains ............................................................ 4-2
4.2 Workflow to configure TCP enhanced authentication for NEs ................... 4-3
4.3 TCP enhanced authentication procedures .......................................... 4-3
Procedure 4-1 To configure a global TCP key chain ........................... 4-4
Procedure 4-2 To distribute global key chains to NEs ......................... 4-4
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01