Nortel 8006 vswitch Security Management

With the rapid development of network technology, Nortel 8006 vswitch security management is now rarely used, and Nortel has filed for bankruptcy, the corresponding technical support is not guaranteed. It is necessary to study the security management of the Nortel 8006 switch to better cope with the usual network security inspection and internal control audit inspection. Let's talk about the security access control policy of the Nortel 8006 switch and the corresponding DM software settings. We know that there is a default access control policy in the Nortel 8006 configuration. Its ID number is 1, which allows access by all hosts by default, services such as telnet and snmp are also enabled by default. The default accessLevel RO string is used for communication. The DM software mainly uses the snmp service and needs to set the read community and write community to communicate with each other, the read and write strings are the snmp community corresponding to the newly created access policy setting accesslevel. The following describes the specific configuration of the access policy with ID 2 in detail. 1. create an access policy and enable the www.2cto.com config sys access-policy 2 create command to create an access policy with ID 2, if you want to invalidate an access policy, for example, a policy with ID number 2, you can use the config sys access-policy 2 disable command. After creation, the allow operation is performed by default, while the config sys access-policy 2 mode deny command rejects the operation, the telnet, snmp, http, and ssh services are enabled by default. To enable the rlogin service, run the config sys access-policy 2 service rlogin enable command, if you want to stop a service, such as the snmp service, use the config sys access-policy 2 service snmp disable command. Because the DM software needs to use the snmp service, so do not stop the snmp service here. 2. Set accesslevel use the config sys access-policy 2 accesslevel ro | rw | rwa command to set the specific access permission of access policy 2, next we will talk about the snmp community settings corresponding to this accesslevel permission, that is, the read community and write community to be set for DM software, after the configuration is complete, run the "config sys access-policy 2 access-strict true" command to make the specific accesslevel take effect. 3. Configure the host or network to allow access. Next, configure the host or network to allow access. For example, allow access from a host with an IP address of 192.168.1.1 and a network with a IP address range of 192.168.1.33 -- 192.168.1.62, then run the command config sys access-policy 2 host 192.168.1.1 and config sys access-policy 2 network 192.168.1.32 without authorization. As mentioned earlier, the system has an access policy with the default ID number 1. Therefore, you must delete it here, or allow all access, in this case, the host or network configured above will not work. The command config sys access-policy 1 delete is to delete the access policy with ID 1. Www.2cto.com 4. enable the access policy and set the DM string. To make the configured access policy take effect, run the command config sys access-policy enable true, at this point, the security management of the Nortel 8006 switch is completed. As mentioned above, when using DM software, you need to set read community and write community. These two strings are strings set by the specific permissions of accesslevel. For example, the accesslevel set above is rwa, use the config sys set snmp community rwa abcd1234 command to set the access permission to the rwa string to abcd1234, which is also the read community and write community required by the DM software settings. Security management of network devices involves all aspects. The above is only a small part. As security management is a complex and important task, we hope to have the opportunity to further discuss with you in the future. This article is from the fat shark network.