CHAPTER
5-1
Cisco ONS 15600 Reference Manual, R7.2
5
Security
This chapter provides information about Cisco ONS 15600 user security. To provision security, refer to
the Cisco ONS 15600 Procedure Guide.
Chapter topics include:
•
5.1 Users IDs and Security Levels, page 5-1
•
5.2 User Privileges and Policies, page 5-1
•
5.3 Audit Trail, page 5-6
•
5.4 RADIUS Security, page 5-7
5.1 Users IDs and Security Levels
When you log in to an ONS 15600 for the first time, you use the CISCO15 user ID, which is provided
with every ONS 15600 system. You can use the CISCO15 ID, which has Superuser privileges, to create
other ONS 15600 user IDs. For detailed instructions about creating users, refer to the Cisco ONS 15600
Procedure Guide.
Each ONS 15600 permits up to 500 Cisco Transport Controller (CTC) or TL1 user IDs. A user ID is
assigned one of the following security levels:
•
Superuser—Users can perform all of the functions of the other security levels as well as set names,
passwords, and security levels for other users.
•
Provisioning—Users can access provisioning and maintenance options.
•
Maintenance—Users can access only the ONS 15600 maintenance options.
•
Retrieve—Users can retrieve and view CTC information but cannot set or modify parameters.
See Table 5-3 on page 5-6 for idle user timeout information for each security level.
By default, multiple concurrent user ID sessions are permitted on the node, that is, multiple users can
log into a node using the same user ID. However, you can provision the node to allow only a single login
per user and prevent concurrent logins for all users.
5.2 User Privileges and Policies
This section lists user privileges for each CTC action and describes the security policies available to
Superusers for provisioning.