System information

ManualsBrandsAllied Telesis ManualsComputer equipmentAT-2501 Series

1-14 AR Series Router Reference Manual

Software Release 2.0.1

C613-03018-00 REV A

Additional users can be added to the User Authentication Database using the

command:

ADD USER=login-name PASSWORD=password [CALLINGNUMBER=number]

[CBNUMBER=e164number] [DESCRIPTION=description]

[PRIVILEGE={USER|MANAGER|SECURITYOFFICER}] [TELNET={YES|

NO}] [IPADDRESS=ipadd] [IPXNETWORK=network]

[NETMASK=ipadd] [MTU=40..1500]

The number of entries in the database is limited only by the amount of memory

available. Only the login name and password must be specified. The default

privilege level is USER. Other information about a user that may be specified

includes a description for the entry (e.g. the user’s full name), the privilege

level, whether or not the user is permitted to use the TELNET command on

page 11-24 of Chapter 11, Terminal Server or connect to a Telnet service, an IP

number, network mask and MTU (Maximum Transmission Unit). The IP

number, network mask and MTU are only required if the user is to run

asynchronous PPP or SLIP over an asynchronous modem connected to an

asynchronous port. The callback number is only required if the user is to make

a PPP callback request with user authentication. See Chapter 3, Point-to-Point

Protocol (PPP) for more information. The calling number is only used for L2TP

and ISDN services that provide caller ID information.

Modifying Entries in the User Authentication Database

An entry in the database can be modified with the command:

SET USER=login-name [PASSWORD=password]

[CALLINGNUMBER=number] [CBNUMBER=e164number]

[DESCRIPTION=description] [PRIVILEGE={USER|MANAGER|

SECURITYOFFICER}] [TELNET={YES|NO}] [IPADDRESS=ipadd]

[IPXNETWORK=network] [NETMASK=ipadd] [MTU=40..1500]

An entry in the database can be deleted using the command:

DELETE USER=login-name

All entries in the database, except the MANAGER account, can be deleted with

the command:

PURGE USER

The contents of the database can be displayed with the command:

SHOW USER[=login-name]

Passwords

All users, including managers, should take care in selecting passwords. Tools

exist that enable hackers to guess or test many combinations of login names

and passwords easily. The UAF provides some protection against such attacks

by allowing the manager to set the number of consecutive login failures

allowed and a lockout period when the limit is exceeded.

However, the best protection against password discovery is to select a good

password, and keep it secret. When choosing a password:

■

Do make it six or more characters in length. The UAF enforces a minimum

password length, which can be changed by the manager. The default is six

characters.

■

Do include both alphabetic (a–z) and numeric (0–9) characters.