Table Of Contents
Managing Security
8.1 Overview
8.2 Login Advisory Message
8.3 User Security
8.3.1 Restricting User Access
8.3.2 User Privilege Profiles
8.3.3 Performing User Administration
8.3.4 Managing CTM User Profiles
8.4 NE Security Management
8.4.1 Setting NE Authentication
8.4.2 Setting Up a Security Policy
8.4.3 Using the ONS 1580x NE User Access Log Table
8.4.4 Managing NE User Access
8.4.5 Managing CTC User Profiles
8.4.6 Managing Cisco IOS Users
8.4.7 Managing SNMPv3 Users
8.5 Audit Log
8.5.1 Viewing the Audit Log
8.5.2 Filtering Audit Log Data
8.5.3 Viewing the Audit Trail File—MGX Voice Gateway Devices
8.6 Northbound Gateway Security
Managing Security
This chapter describes CTM security and how to manage users. This includes an overview of security domains and a description of the user security and NE security features available in CTM.
This chapter contains the following sections:
•
Overview
•Login Advisory Message
•User Security
•NE Security Management
•Audit Log
•Northbound Gateway Security
8.1 Overview
Why create a security policy?
•To create a baseline of your current security posture
•To set the framework for security implementation
•To define allowed and disallowed behaviors
•To help determine necessary tools and procedures
•To communicate consensus and define roles
•To define how to handle security incidents
The following security domains govern CTM networks:
•CTM client—A CTM client must be created with one of the existing default user profiles or with a new custom user profile with appropriate access privileges. This new user profile should be created and assigned to a user.
•CTM Operations Support System (OSS) users—OSS-to-CTM sessions are configured by the CTM GateWay EMS-to-NMS interface architectural component. See Chapter 12, "Managing Southbound and Northbound Interfaces," for more information about CTM GateWay.
•NE users—An NE user account must be set up so CTM can use it to communicate with the NE. NE user accounts are used to directly access the NE through the NE's craft tool or the command-line interface (CLI).
CTM supports the following security features:
•Login advisory message
•User management and profiles
•NE access control
•Audit Log
•Northbound gateway security
8.2 Login Advisory Message
After logging into the CTM client, a login advisory message is shown. By default, the advisory message reads:
NOTICE: This is a private computer system. Unauthorized access or use may lead to
prosecution.
You can customize the default advisory message as follows:
Step 1 Log into the CTM server as the root user.
Step 2 Use a text editor to edit or create the advisory.txt file in the /opt/CiscoTransportManagerServer/cfg directory. The new advisory message can contain up to 1600 characters. The advisory.txt file does not exist by default.
Step 3 Save the changes. All subsequent users who log into the CTM client will see the new advisory message.
Note You can also disable the advisory message altogether. See Configuring CTM Security Parameters.
8.3 User Security
This section describes user security and management. This includes procedures on how to add a new user, modify a user's properties, delete a user, and end an active user session. It also includes procedures on how to add, modify, and delete custom profiles and how to perform NE user administration.
8.3.1 Restricting User Access
The Administration > CTM Users menu launched from the Domain Explorer window manages user security. CTM administration allows restricted access logins to enable users to perform tasks based on detailed access privileges. For each action, a user is given read-only, read/write, or no access privileges.
To perform security-controlled operations within the Chassis View and Statistics Report applications for MGX devices, read is the only access privilege allowed. The read access privilege enables all operations that are supported by the application.
8.3.2 User Privilege Profiles
By default, CTM contains the following user profiles:
•SuperUser—Users who have access to all operations.
•SysAdmin—System administrators who manage CTM access.
•NetworkAdmin—Typically, network operations center (NOC) supervisors who perform daily network NE operations. These operations do not include changing the NE username and password in the NE Authentication tab.
•Provisioner—Users who perform daily network surveillance, provisioning, and PM activities on specific NEs. Each provisioner can have only one active session. Provisioners cannot access administrative information.
•Operator—Users who perform daily network surveillance and PM activities on specific NEs. Each operator can have only one active session. Operators cannot access administrative information.
CTM allows SuperUsers and SysAdmins to generate custom user profiles with certain privileges. Custom user profiles are grouped into categories and each category has a set of operations. (See the following table.) After the user profiles are generated, they can be assigned to new CTM users.
Note You must select the privileges for all possible operations, even for privileges related to modules that are not currently installed on the server. (For example, the User Profile wizard contains references to the operations IOS XR AAA Configuration and IOS XR NE Alarm Administration, even if the IOS XR module has not been installed on the server.)
Table 8-1 CTM Custom User Profiles
Operations
|
Description
|
Privileges
|
EMS Administration Category
|
Audit Error Log
|
Launch the Audit Log and Error Log.
|
Read Only or No Access
|
CTC Upgrade Table
|
Launch the CTC Upgrade table and add, activate, or delete binary files.
|
Read Only, Read/Write, or No Access
|
CTM Failed Login Attempts
|
Launch the Unknown User Login Attempts table.
|
Read Only, Read/Write, or No Access
|
CTM User Profiles
|
Launch the CTM User Profiles table and add, delete, or modify user profiles.
|
Read Only, Read/Write, or No Access
|
CTM Users
|
Launch the CTM Users table and add, delete, or modify users and user preferences.
|
Read Only, Read/Write, or No Access
|
Control Panel
|
Launch the Control Panel and related tables.
|
Read/Write or No Access
|
GateWay/CORBA Users
|
Launch the GateWay/CORBA Users table and add, delete, or modify users.
|
Read Only, Read/Write, or No Access
|
GateWay/TL1 Users
|
Launch the GateWay/TL1 Users table and add, delete, or modify users.
|
Read Only, Read/Write, or No Access
|
Logged In CTM Users
|
Launch the Logged In CTM Users table.
|
Read Only, Read/Write, or No Access
|
Logged In GateWay/CORBA Users
|
Launch the Logged In GateWay/CORBA Users table.
|
Read Only, Read/Write, or No Access
|
Logged In GateWay/TL1 Users
|
Launch the Logged In GateWay/TL1 Users table.
|
Read Only, Read/Write, or No Access
|
MGX SNMPv3 Users
|
Permission to add, delete, or modify SNMPv3 users.
|
Read Only, Read/Write, or No Access
|
Save Map As Default
|
Save map customizations as the default.
|
Read/Write or No Access
|
Template Manager Table
|
Launch the Template Manager table and add, delete, edit, or apply templates.
|
Read Only, Read/Write, or No Access
|
NE Administration Category
|
Add or Delete NE or Group
|
Add or delete NEs or groups from the domain.
|
Read/Write or No Access
|
Audit Trail (Cisco MGX only)
|
Launch the Audit Trail table for MGX Voice Gateway devices.
|
Read Only, Read/Write, or No Access
|
CTC User Profiles
|
Launch the CTC User Profiles table and add, delete, and modify CTC user profiles.
|
Read Only, Read/Write, or No Access
|
CTM User Set CTC Password
|
Propagate the CTC NE password to all the NEs under the user domain.
|
Read Only, Read/Write, or No Access
|
Edit Domain Node Properties
|
Edit properties on the pane associated with the root node in the Domain Explorer tree.
|
Read/Write or No Access
|
Edit NE or Group Properties
|
Edit NE or group properties.
|
Read/Write or No Access
|
IOS XR/IOS 7600 ACL Configuration
|
Permission to run the Access Control List Configuration application from within the IOS XR or IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR AAA Configuration
|
Permission to run the AAA Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE Alarm Administration
|
Permission to run the Alarm Administration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE Configuration Rollback
|
Permission to run the Rollback Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE User Administration
|
Permission to run the User Administration application from within the IOS XR NE Explorer. Write access permits a force-logout.
|
Read Only, Read/Write, or No Access
|
Manage IOS Users
|
Launch the IOS Users table and create, modify, and delete users.
|
Read Only, Read/Write, or No Access
|
NE Logged In Users Table
|
Launch the Logged In NE Users table and add, modify, and delete NE users.
|
Read Only, Read/Write, or No Access
|
NE Security
|
Change the security advisory messages set for a single NE or for multiple NEs.
|
Read Only, Read/Write, or No Access
|
NE User Access Admin
|
Launch the NE User Access table and add, modify, and delete NE users.
|
Read Only, Read/Write, or No Access
|
SSH Secure Shell (Cisco MGX only)
|
Secure Shell Protocol to the NE.
|
Read/Write or No Access
|
Subnetwork Explorer
|
Launch the Subnetwork Explorer, add a new subnetwork, and modify existing subnetworks.
Note Adding a new subnetwork by a user profile with the Assign NEs property is not allowed.
|
Read Only, Read/Write, or No Access
|
Supported NE Table
|
Launch the Supported NE table.
|
Read Only, Read/Write, or No Access
|
Telnet Session (Cisco MGX only)
|
Command-line tool to launch a Telnet session to MGX switches.
|
Read/Write or No Access
|
Topology Modification
|
Drag, drop, cut, copy, and paste NEs in the Domain Explorer.
|
Read/Write or No Access
|
User Preferences
|
Edit the user preferences.
|
Read/Write or No Access
|
NE Configuration Management Category
|
APC Domain Management Table
|
APC Domain Management table.
|
Read Only, Read/Write, or No Access
|
Audit Logging in Chassis View (Cisco MGX only)
|
Audit logging permissions in the Chassis View.
|
Read Only, Read/Write, or No Access
|
Audit Logging in Configuration Center (Cisco MGX only)
|
Audit logging permissions in the Configuration Center.
|
Read Only, Read/Write, or No Access
|
BLSR Table
|
Launch the BLSR table.
|
Read Only, Read/Write, or No Access
|
CLI Interface
|
Launch the command-line interface (CLI) for an NE.
|
Read/Write or No Access
|
Chassis View (Cisco MGX only)
|
Launch the graphical view for MGX network devices.
|
Read Only or No Access
|
Circuit Table
|
Launch the Circuit table and create, modify, repair, delete, trace, or upgrade circuits.
|
Read Only, Read/Write, or No Access
|
Compare Config Files
|
Compare configuration files.
|
Read Only, Read/Write, or No Access
|
Configuration Center (Cisco MGX only)
|
Launch the Configuration Center application to configure NEs and services.
|
Read Only, Read/Write, or No Access
|
Create BLSR
|
Create a BLSR.
|
Read/Write or No Access
|
Create MS-SPRing
|
Create an MS-SPRing.
|
Read/Write or No Access
|
Data Administration Functions
|
Enable L2 functionality on an L2 topology created using L1 circuits.
|
Read Only, Read/Write, or No Access
|
Data Service Management Functions
|
Create, edit, or delete L2 services on an L2 topology.
|
Read Only, Read/Write, or No Access
|
Equipment Inventory
|
Launch the Equipment Inventory table.
|
Read Only or No Access
|
IOS CLI Interface
|
Launch the Cisco IOS CLI interface.
|
Read/Write or No Access
|
IOS XR/IOS 7600 Common Interface Configuration
|
Permission to run the Common Interface Configuration application from within the IOS XR or IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR/IOS 7600 Ethernet Interface Configuration
|
Permission to run the Ethernet Interface Configuration application from within the IOS XR or IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR POS Interface Configuration
|
Permission to run the POS Interface Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR Rack View
|
Permission to run the Rack View from within the IOS XR NE Explorer.
|
Read Only or No Access
|
IOS XR SONET Controller Configuration
|
Permission to run the SONET Controller Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
L2 Service Provisioning
|
User-defined profiles and custom QoS settings.
|
Read Only or Read/Write
|
Launch Craft Interface
|
Launch CTC from CTM.
|
Read/Write or No Access
|
Launch Fabric/Device Manager
|
Launch the Fabric or Device Manager.
|
Read Only, Read/Write, or No Access
|
Launch MDS 9000 CLI
|
Launch the MDS 9000 CLI.
|
Read Only, Read/Write, or No Access
|
Layer 1 Circuit Management
|
Create, edit, or delete an L2 topology using L1 circuits.
|
Read Only, Read/Write, or No Access
|
Link Table
|
Launch the Link table and create, modify, and delete links.
|
Read Only, Read/Write, or No Access
|
MS-SPRing Table
|
Launch the MS-SPRing table.
|
Read Only, Read/Write, or No Access
|
Manage VLANs
|
Launch the Manage VLANs dialog box and create and delete VLANs.
|
Read Only, Read/Write, or No Access
|
ONS 1580x Domain NE Table
|
Launch the ONS 1580x Domain NE table.
|
Read Only or No Access
|
Profile Management
|
Create, edit, and delete L2 QoS profiles on an L2 service.
|
Read Only, Read/Write, or No Access
|
Rolls Table
|
Launch the Rolls table.
|
Read Only, Read/Write, or No Access
|
SNTP Configuration
|
Launch the SNTP Configuration wizard.
|
Read/Write or No Access
|
TL1 Interface
|
Launch the TL1 interface on the NE.
|
Read/Write or No Access
|
NE Fault Management Category
|
Alarm Browser/Log
|
Launch the Alarm Browser, Alarm Log, or Event Export Manager; acknowledge alarms; and show alarm notes.
|
Read Only, Read/Write, or No Access
|
Audit Logging in Diagnostics Center (Cisco MGX 8800 only)
|
Audit logging permissions in the Diagnostics Center.
|
Read Only, Read/Write, or No Access
|
Diagnostics Center (Cisco MGX only)
|
Perform diagnostics on NEs and services.
|
Read Only, Read/Write, or No Access
|
Show CTM EMS Alarms/Events
|
Show the CTM-specific EMS alarms and events count in the Dashboard, show CTM-specific EMS alarms in the Alarm Browser, and show CTM-specific EMS alarms and events-related popups.
|
Read/Write or No Access
|
SysLog Viewer (Cisco 7600 only)
|
Launch the SysLog Viewer for Cisco 7600 NEs.
|
Read Only, Read/Write, or No Access
|
NE Management Category
|
Allow Partial Upgrade
|
Launch the Partial Software Upgrade dialog box.
|
Read/Write or No Access
|
Audit Trail Table
|
Launch the Audit Trail table.
|
Read Only or No Access
|
IOS XR BGP User Settings Table
|
Launch the IOS XR BGP User Settings table.
|
Read/Write or No Access
|
IOS XR Link Rediscovery
|
Rediscover IOS XR CDP and BGP links for one or all nodes.
|
Read/Write or No Access
|
IOS XR Node Resync
|
Resync IOS XR inventory and configuration with the CTM server.
|
Read/Write or No Access
|
IOS XR Software Table
|
Launch the IOS XR Router Software Management table.
|
Read/Write or No Access
|
IOS XR Template Creation
|
Permission to create templates within the IOS XR NE Explorer.
|
Read/Write or No Access
|
IOS 7600 DOM Table
|
Launch the Cisco 7600 Digital Optical Monitor table.
|
Read Only, Read/Write, or No Access
|
IOS 7600 Flash Files Table
|
Launch the Cisco 7600 Flash Files table.
|
Read Only, Read/Write, or No Access
|
Job Monitor
|
Launch the Job Monitor table and cancel jobs, cancel tasks, add user notes, or view user notes.
|
Read Only, Read/Write, or No Access
|
NE Software Memory Management
|
Back up and restore memory and download software on an NE.
|
Read/Write or No Access
|
NE Software Table
|
Launch the NE Software table and commit and revert/switch software versions on an NE.
|
Read Only, Read/Write, or No Access
|
ONS 155xx CM Discovery
|
Launch the ONS 155xx CM Discovery table.
|
Read Only, Read/Write or No Access
|
ONS 155xx Flash Files Table
|
Launch the ONS 155xx Flash Files table.
|
Read Only, Read/Write, or No Access
|
ONS 155xx SNMP Table
|
Launch the ONS 155xx SNMP table.
|
Read Only, Read/Write, or No Access
|
ONS 1580x NE User Log
|
Launch the ONS 1580x NE User Log.
|
Read Only, Read/Write, or No Access
|
Reset ML Cards
|
Permission to reset specific ML cards after a partial software upgrade.
|
Read Only, Read/Write, or No Access
|
Template Configuration Management
|
Apply the stored configuration to a set of the same type of NE.
|
Read/Write or No Access
|
NE PM Category
|
Audit Logging in Statistics Reporting Tool (Cisco MGX only)
|
Audit logging permissions in the Statistics Reporting tool.
|
Read Only, Read/Write, or No Access
|
IOS XR PM Stats Administration
|
Permission to run the PM Stats application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR PM Threshold Administration
|
Permission to run the PM Threshold application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
Performance Monitor
|
Launch PM query wizards.
|
Read Only or No Access
|
Statistics Reporting Tool (Cisco MGX only)
|
Configure network device statistics and collection parameters.
|
Read Only, Read/Write, or No Access
|
NE Provisioning Category
|
IOS XR/IOS 7600 NE BGP Configuration
|
Permission to run the Border Gateway Protocol Configuration application from within the IOS XR/IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR/IOS 7600 NE OSPF Configuration
|
Permission to run the OSPF Configuration application from within the IOS XR/IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR/IOS 7600 NE Packet Filter Configuration
|
Permission to run the Packet Filter Configuration application from within the IOS XR/IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR/IOS 7600 NE QoS Configuration
|
Permission to run the Quality of Service Configuration application from within the IOS XR/IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR/IOS 7600 NE Routing Policy Configuration
|
Permission to run the Routing Policy Configuration application from within the IOS XR/IOS 7600 NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE DWDM Controller Configuration
|
Permission to run the DWDM Controller Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE Explicit Path Config
|
Permission to run the Explicit Path Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE ISIS Configuration
|
Permission to run the ISIS Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE LDP Configuration
|
Permission to run the LDP Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE MPLS TE
|
Permission to run the MPLS Traffic Engineering (TE) application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE RSVP Configuration
|
Permission to run the RSVP Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE SONET APS Configuration
|
Permission to run the SONET APS Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE Static Route Configuration
|
Permission to run the Static Route Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
IOS XR NE VRF Configuration
|
Permission to run the VPN Routing and Forwarding (VRF) Table Configuration application from within the IOS XR NE Explorer.
|
Read Only, Read/Write, or No Access
|
NE DCC
|
Create, edit, and delete DCC parameters.
|
Read Only, Read/Write, or No Access
|
NE Explorer
|
Launch the NE Explorer.
|
Read Only, Read/Write, or No Access
|
NE Explorer Config
|
Allow network and timing write operations.
|
Read Only, Read/Write, or No Access
|
NE Firewall
|
Create, edit, and delete firewall parameters.
|
Read Only, Read/Write, or No Access
|
NE IP Address
|
Create, edit, and delete NE IP address-related parameters.
|
Read Only, Read/Write, or No Access
|
NE OSPF
|
Create, edit, and delete NE OSPF parameters.
|
Read Only, Read/Write, or No Access
|
NE OSPF Area Ranges
|
Create, edit, and delete NE OSPF area ranges.
|
Read Only, Read/Write, or No Access
|
NE OSPF Virtual Link
|
Create, edit, and delete OSPF virtual links.
|
Read Only, Read/Write, or No Access
|
NE Protection
|
Create, edit, and delete protection groups.
|
Read Only, Read/Write, or No Access
|
NE RIP
|
Create, edit, and delete RIP parameters.
|
Read Only, Read/Write, or No Access
|
NE SNMP
|
Create, edit, and delete NE SNMP.
|
Read Only, Read/Write, or No Access
|
NE Static Routes
|
Create, edit, and delete NE static routes.
|
Read Only, Read/Write, or No Access
|
8.3.3 Performing User Administration
This section describes how to perform user administration, including:
•Viewing the CTM Users Table
•Creating a CTM User
•Modifying a CTM User's Properties
•Deleting a CTM User
•Viewing Logged In CTM Users
•Ending an Active CTM User Session
•Viewing a List of Login Attempts by Unknown Users
•Using the CTM Locked Window
•Unlocking a User Account
•Changing Your User Password
•Managing Security Advisory Messages
•Setting User Preferences
•Enabling or Disabling the Continuous Audible Alarm
•Configuring CTM Security Parameters
•Sending Messages to Other Users
•Viewing User Notification Messages
The following table lists the CTM default user profiles and the privileges associated with each profile.
Note The SuperUser profile has access to all operations, and is not specifically listed in a separate column.
Note The NetworkAdmin profile has access to all NEs and groups. The SysAdmin profile has access to no NEs or groups.
Table 8-2 CTM Default User Profiles
Operation
|
SysAdmin
|
NetworkAdmin
|
Provisioner
|
Operator
|
Domain Explorer
|
File > New Group
|
Deny
|
Allow
|
Deny
|
Deny
|
File > Add Network Element(s)
|
Deny
|
Allow
|
Deny
|
Deny
|
File > Dashboard
|
Allow
|
Allow
|
Allow
|
Allow
|
File > Network Map
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Subnetwork Explorer
|
Deny
|
Allow
|
Deny
|
Deny
|
File > Domain NE Table
|
Deny
|
Allow
|
Allow
|
Allow
|
File > ENE Devices
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Notify Users
|
Allow
|
Allow
|
Allow
|
Allow
|
File > Refresh Data
|
Allow
|
Allow
|
Allow
|
Allow
|
File > Debug Options
|
Allow
|
Allow
|
Allow
|
Allow
|
File > Lock CTM Client
|
Allow
|
Allow
|
Allow
|
Allow
|
File > Exit
|
Allow
|
Allow
|
Allow
|
Allow
|
Edit > Cut
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Copy
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Paste
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Delete
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Delete All
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Undelete
|
Deny
|
Allow
|
Deny
|
Deny
|
Edit > Expand
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Collapse
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Find
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Find Next
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > User Preferences
|
Allow
|
Allow
|
Allow
|
Allow
|
Edit > Change Password
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Alarm Browser
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Alarm Log
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Event Export Manager
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Ping NE
|
Deny
|
Allow
|
Allow
|
Allow
|
Fault > Test NE Connectivity
|
Deny
|
Allow
|
Allow
|
Allow
|
Fault > Stop Continuous Beep
|
Deny
|
Allow
|
Allow
|
Allow
|
Fault > SysLog Viewer
|
Deny
|
Allow
|
Allow
|
Allow
|
Fault > MGX Voice Gateway > Diagnostic Center
|
Deny
|
Allow
|
Allow
|
Deny
|
Performance > PM Query by NE Model
|
Deny
|
Allow
|
Allow
|
Allow
|
Performance > PM Query by Category
|
Deny
|
Allow
|
Allow
|
Allow
|
Performance > MGX Voice Gateway > Statistics Report
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > MGX Voice Gateway > Equipment Inventory Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > MGX Voice Gateway > Chassis View
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > MGX Voice Gateway > Configuration Center
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE Explorer
|
Deny
|
Allow
|
Allow
|
Allow1
|
Configuration > Link Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > Create Circuit
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Manage VLANs
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Create Link
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Create Server Trail
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Compare Config Files
|
Deny
|
Allow
|
Deny
|
Deny
|
Configuration > DOM Table
|
Deny
|
Allow
|
Deny
|
Deny
|
Configuration > NE_Model > Equipment Inventory Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch Web Interface
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch CLI
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch TL1 Interface
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch Cisco Edge Craft
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > BLSR Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Create BLSR
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Alarm Profiles Management
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > NE Defaults Management
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > Circuit Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Rolls Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Update Circuit
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > Repair Circuit
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > Configure Node
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch CTC
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > L2 Topology Table
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Create L2 Topology
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > QoS Profile Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Create QoS Profile
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > MS-SPRing Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Create MS-SPRing
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > NE Discrepancy Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Discovery Info Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Resync with NE
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Template Manager
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > NE_Model > Rediscover
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Rediscover All
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch CiscoView
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Launch IOS CLI
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Domain 1580X Table
|
Deny
|
Allow
|
Allow
|
Allow
|
Configuration > NE_Model > Template Configuration
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Job Monitor
|
Deny
|
Allow
|
Allow
|
Deny
|
Administration > Service Monitor
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Self Monitor
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Memory Backup
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Memory Restore
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Memory Backup Upload
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Image Transfer
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > NE Software Table
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Software Management > Optical/MGX/7600
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Software Management > IOS XR
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > SNTP Configuration
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > CTM Users
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > GateWay/TL1 Users
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > GW/CORBA Users
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Control Panel
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Audit Log
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Error Log
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > Supported NE Table
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > CTC Upgrade Table
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > CTC User Profiles
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > MGX Voice Gateway > Audit Trail
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > NE_Model > NE User Access Administration
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > NE_Model > Audit Trail Table
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > NE_Model > Security Advisory Management
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > NE_Model > NE Authentication
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > NE_Model > IOS Users Table
|
Deny
|
Allow
|
Allow
|
Deny
|
Administration > NE_Model > BGP User Settings Table
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Cisco 7600 > Flash File Table
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > ONS 155XX > ONS 155XX SNMP Settings Table
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > ONS 155XX > Flash File Table
|
Allow
|
Allow
|
Deny
|
Deny
|
Administration > ONS 1580X > NE User Access Log
|
Allow
|
Allow
|
Deny
|
Deny
|
Network Map
|
File > Open
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Open (New Window)
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Parent
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Save
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Save As Default
|
Deny
|
Allow
|
Deny
|
Deny
|
File > Revert To Default
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Notify Users
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Refresh Data
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Debug Options
|
Deny
|
Allow
|
Allow
|
Allow
|
File > Close
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Enable Drag
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Enable Offview
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Change Map Background
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Change Node Icon
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Zoom In
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Zoom Out
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Zoom Area
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Expand All Links
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Collapse All Links
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Circular Layout
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Spring Layout
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Table Layout
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Declutter Layout
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > User Preferences
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Change Password
|
Deny
|
Allow
|
Allow
|
Allow
|
Subnetwork Explorer
|
File > Add New Network Partition
|
—
|
Allow
|
—
|
—
|
File > Add New Subnetwork
|
—
|
Allow
|
—
|
—
|
Alarm Browser
|
Fault > Acknowledge Alarms
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Acknowledge All Alarms
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Clear Alarm(s)
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Show Alarm Note
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Hide Cleared Alarms
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Hide Acknowledged Alarms
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Reset All Alarms
|
Allow
|
Allow
|
Allow
|
Allow
|
Fault > Locate Alarm/Event
|
Allow
|
Allow
|
Allow
|
Allow
|
Link Table
|
Edit > Modify Link
|
—
|
Allow
|
Allow
|
Deny
|
Edit > Delete Link
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Circuit Path Table
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Link Utilization Table
|
—
|
Allow
|
Allow
|
Deny
|
BLSR Table
|
Edit > Edit BLSR
|
Deny
|
Allow
|
Allow
|
Deny
|
Edit > Delete BLSR
|
Deny
|
Allow
|
Allow
|
Deny
|
Edit > Upgrade BLSR
|
Deny
|
Allow
|
Allow
|
Deny
|
Edit > Exercise BLSR
|
Deny
|
Allow
|
Allow
|
Deny
|
L2 Topology Table
|
Configuration > Circuits
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > Create L2 Topology
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Modify L2 Topology
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Delete L2 Topology
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Create L2 Service
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Show L2 Services
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > Modify Ports
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Enable L2 Service
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Add/Remove Card
|
Deny
|
Allow
|
Allow
|
Deny
|
QoS Profile Table
|
Configuration > Create QoS Profile
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Modify QoS Profile
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Delete QoS Profile
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Duplicate QoS Profile
|
Deny
|
Allow
|
Allow
|
Deny
|
Configuration > Show QoS Profile
|
Deny
|
Allow
|
Allow
|
Allow
|
Circuit Table
|
Configuration > Open Circuit Span
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > Create Circuit
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Modify Circuit
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Delete Circuit
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Trace Circuit
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > VLAN Table
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > Show Circuit Note
|
—
|
Allow
|
Allow
|
Allow
|
Configuration > Roll Circuit
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Member Circuits
|
Allow
|
Allow
|
Allow
|
Allow
|
Configuration > Merge Table
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Reconfigure Circuit(s)
|
—
|
Allow
|
Allow
|
Deny
|
MS-SPRing Table
|
Edit > Edit MS-SPRing
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Delete MS-SPRing
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Upgrade MS-SPRing
|
Deny
|
Allow
|
Allow
|
Allow
|
Edit > Exercise MS-SPRing
|
Deny
|
Allow
|
Allow
|
Allow
|
Rolls Table
|
Configuration > Complete Roll
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Finish Roll
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Cancel Roll
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Delete Roll
|
—
|
Allow
|
Allow
|
Deny
|
Configuration > Force Valid Signal
|
—
|
Allow
|
Allow
|
Deny
|
Job Monitor Table
|
Edit > Cancel Task
|
—
|
Allow
|
—
|
—
|
Edit > Cancel Job
|
—
|
Allow
|
—
|
—
|
Edit > User Note
|
—
|
Allow
|
—
|
—
|
Edit > NE Software Table
|
—
|
Allow
|
—
|
—
|
NE Software Table
|
Edit > Commit
|
—
|
Allow
|
—
|
—
|
Edit > Revert/Switch
|
—
|
Allow
|
—
|
—
|
Edit > Accept
|
—
|
Allow
|
—
|
—
|
CTM Users
|
Edit > Create
|
Allow
|
—
|
—
|
—
|
Edit > Modify
|
Allow
|
—
|
—
|
—
|
Edit > Delete
|
Allow
|
—
|
—
|
—
|
Edit > Unlock
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > CTM User Profiles
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Logged In CTM Users
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Failed Login Attempts
|
Allow
|
Deny
|
Deny
|
Deny
|
CTM User Profiles
|
Edit > Create
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Modify
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Delete
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Duplicate
|
Allow
|
Deny
|
Deny
|
Deny
|
Logged In CTM Users Table
|
Administration > Log Out User
|
Allow
|
Deny
|
Deny
|
Deny
|
GateWay/TL1 Users Table
|
Edit > Add
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Modify
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Delete
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > Logged In GateWay TL1 Users
|
Allow
|
Deny
|
Deny
|
Deny
|
Administration > GW/TL1 EFD Table2
|
Allow
|
Deny
|
Deny
|
Deny
|
CTM Active GWTL1 Users Table
|
Administration > Log Out GateWay TL1 User
|
Allow
|
Deny
|
Deny
|
Deny
|
GW/TL1 Event Forwarding Discriminator Table
|
Edit > Add EFD Profile
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Modify EFD Profile
|
Allow
|
Deny
|
Deny
|
Deny
|
Edit > Delete EFD Profile
|
Allow
|
Deny
|
Deny
|
Deny
|
Supported NE Table
|
Edit > Add
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
CTC Upgrade Table
|
Edit > Add
|
Allow
|
Allow
|
—
|
—
|
Edit > Activate
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
CTC User Profiles Table
|
Edit > Create
|
Allow
|
Allow
|
—
|
—
|
Edit > Modify
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
NE User Access Administration
|
Edit > Add
|
Allow
|
Allow
|
—
|
—
|
Edit > Add Predefined Users
|
Allow
|
Allow
|
—
|
—
|
Edit > Modify
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
Edit > NE Active Users
|
Allow
|
Allow
|
—
|
—
|
NE Active Users Table
|
Administration > Retrieve Last Activity Time
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > Log Out User
|
Deny
|
Allow
|
Deny
|
Deny
|
Administration > NE Users Access Activity Log (ONS 1580x only)
|
Deny
|
Allow
|
Deny
|
Deny
|
IOS Users Table
|
Edit > Create
|
Deny
|
Allow
|
Allow
|
Deny
|
Edit > Modify
|
Deny
|
Allow
|
Allow
|
Deny
|
Edit > Delete
|
Deny
|
Allow
|
Allow
|
Deny
|
SNMP Community String
|
Edit > Add
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
Edit > Modify
|
Allow
|
Allow
|
—
|
—
|
Flash File Table
|
Edit > Verify
|
Allow
|
Allow
|
—
|
—
|
Edit > Delete
|
Allow
|
Allow
|
—
|
—
|
Edit > Undelete
|
Allow
|
Allow
|
—
|
—
|
Edit > Squeeze
|
Allow
|
Allow
|
—
|
—
|
Edit > Activate
|
Allow
|
Allow
|
—
|
—
|
SNMPv3 Users Table
|
Edit > Add
|
Deny
|
Deny
|
Deny
|
Deny
|
Edit > View/Modify
|
Deny
|
Deny
|
Deny
|
Deny
|
Edit > Delete
|
Deny
|
Deny
|
Deny
|
Deny
|
8.3.3.1 Viewing the CTM Users Table
The CTM Users table displays basic information about CTM users. The table menu options allow you to create new users, modify users, delete users, and unlock user accounts.
To view the CTM Users table, choose Administration > CTM Users in the Domain Explorer window. The following table provides descriptions.
Tip You can click any cell or row in the CTM Users table and then type an alphanumeric character on your keyboard. The selection context jumps to the next username row that starts with that letter or number.
If there are multiple usernames that begin with the same letter or number, the selection context cycles through them. For example, if the CTM Users table contains SuperUser and SysAdmin users, and you press the s key multiple times, the selected row toggles between SuperUser and SysAdmin.
Table 8-3 Field Descriptions for the CTM Users Table
Field
|
Description
|
Username
|
Username of the selected CTM user.
|
CTC Username
|
CTC username of the selected user. This name is used to launch CTC from CTM.
|
User Privilege Level
|
User privilege level (SuperUser, SysAdmin, NetworkAdmin, Provisioner, Operator, or a custom profile).
|
User Domain Name
|
Name of the management domain where the username belongs.
|
Password Set Time (time zone)
|
Last time the password was set.
|
Locked State
|
Whether the user's account is locked or unlocked. If the user repeatedly tries unsuccessfully to log into the CTM client (the default maximum is 5 attempts), the user's account is locked automatically.
You can set the maximum number of login attempts a user is allowed before being locked out in the Control Panel > Security Properties pane.
|
Last Login Time (time zone)
|
Last time the user logged in.
|
Login Failed Attempts
|
Number of times the user tried to log in, but failed.
|
Login State
|
Administrative state (Enabled or Disabled) of the user.
|
User Description
|
Description of the user.
|
Password Change Enabled
|
Current state (Enabled or Disabled) of the password change option.
|
Multiple Login Enabled
|
Whether this user is allowed to perform multiple logins simultaneously.
|
Auto Disable Account
|
Number of days of nonuse that will prompt the account to be disabled automatically. The range is from 0 to 365 days, in 1-day increments. The Cisco default is 0 days, meaning the account will not be disabled automatically as a result of inactivity.
|
8.3.3.2 Creating a CTM User
Use the Create New CTM User wizard to add new CTM users to the domain. Table 8-4 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, choose Edit > Create (or click the Create a New User tool).
Step 3 In the Create New User wizard, fill in the following fields:
•Username
•User Password (and confirm password)
•User Privilege
•Domain Name
•Login State
•Password Change
•Description
•Auto Disable Account
•Require Password Change on Next Login check box
•Use Global Settings check box
•Enable check box
•Period
•User Login Sessions
Step 4 Click Next. When you are finished adding a new SuperUser, NetworkAdmin, or SysAdmin, you can click Finish.
Step 5 When adding a new Provisioner, Operator, or custom user profile, select the groups and NEs that the Provisioner or Operator will monitor. Selected groups and NEs appear in the Assigned Objects list. (SuperUsers and NetworkAdmins monitor the entire management domain, so there is no need to select groups or NEs when adding one of these users. SysAdmin users do not access any of the NEs.)
a. To assign groups, click the Groups radio button. In the Available Objects list, select the groups that will be assigned to the new user and click Add.
b. To assign NEs, click the Network Elements radio button. In the Available Objects list, select the NEs that will be assigned to the new user and click Add.
Note When individual NEs are assigned, these NEs will appear directly under the top level domain for the user in the Domain Explorer. It is possible that a given NE may have already been assigned as part of a group assignment to the user. In such a case, the same NE will appear directly under the top level domain and also within the assigned group. This behavior is consistent with the Domain Explorer's ability to represent the same group or NE within multiple locations of the hierarchy.
c. To remove groups or NEs from the Assigned Objects list, select the group or NE from the Assigned Objects list and click Remove.
d. Click Next (or Finish).
Step 6 When adding a new Provisioner, you can restrict the set of SONET or SDH circuit sizes that the user can provision. The selected SONET or SDH circuit sizes appear in the Assigned Circuit Sizes list.
a. To assign SONET circuits, click the SONET radio button. In the Available Circuit Sizes list, select the circuits that will be assigned to the user and click Add.
b. To assign SDH circuits, click the SDH radio button. In the Available Circuit Sizes list, select the circuits that will be assigned to the user and click Add.
c. To remove SONET or SDH circuits from the Assigned Circuit Sizes list, select the circuit size from the Assigned Circuit Sizes list and click Remove.
d. Click Next (or Finish).
Step 7 (Optional) In the CTC/Craft User Properties area, enter the username and password for accessing CTC-based NEs or NEs that support a TL1 interface. Then, confirm the password.
Note If the CTC/Craft User username and password have been defined for a given user, when that user launches a TL1 session to an NE that supports a TL1 interface, CTM logs the user in automatically with the ACT-USER command using the defined craft username and password.
Automatic login to a TL1 session does not apply to ONS 1580x NEs. You must manually enter the ACT-USER command.
Step 8 Click Finish.
The new user is listed in the CTM Users table. For CTC-based NEs, the new user will be mapped to a CTC user but the CTC user will not be created in the NE database. To create a CTC user on the NE database, see Managing NE User Access.
Table 8-4 Field Descriptions for the Create New CTM User Wizard
Field
|
Description
|
User Properties Pane
|
Username
|
Name that the user will use to access the system. The CTM username must contain from six to twelve alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The username must be unique in CTM and cannot contain a space or a special character.
Note After the username is set, it cannot be changed without deleting the user.
|
User Password
|
Login password that the user will use to access the system. The password complexity is configurable in the Control Panel > Security Properties pane. By default, the user password must:
•Contain at least six characters, but not more than 12 characters.
•Contain at least two alphabetic characters (A-Z, a-z). Of the alphabetic characters, at least one must be uppercase and one must be lowercase.
•Contain at least one numeric character (0-9).
•Contain at least one special character (+ # % , . ; & !). The default special character set is TL1+UNIX.
•Allow a special character as the first or last character.
•Allow a numeric character as the first or last character.
•Not contain the username or any circular shift of the username. An uppercase letter and its corresponding lowercase letter are considered equivalent. For example, if the username is Arthur, the password cannot contain the string arthur, rthura, thurar, hurart, urarth, or rarthu.
•Differ from the old password by at least three characters. For example, if the old password is MikeBrady5!, the new password cannot be mikebrady5% because only the last character is different. However, the new password MikeBrady2!99 is acceptable because it differs from MikeBrady5! by three characters.
Note By Cisco default, the minimum time between password changes is 20 days. The new password must differ from the previous password by 3 characters, and the new password is compared against the previous 5 passwords.
|
Confirm Password
|
Retype the password to confirm it.
|
User Privilege
|
User privilege level.
|
Domain Name
|
Domain name. When the user logs into the system, he or she sees all of the devices contained within this domain.
|
Login State
|
Permit (enable) or prevent (disable) the user from logging into the system.
|
Password Change
|
Permit (enable) or prevent (disable) the user from changing his or her password.
|
Description
|
Description of the new user.
|
Auto Disable Account
|
Number of days of nonuse that will prompt the account to be disabled automatically. The range is from 0 to 365 days, in 1-day increments. The Cisco default is 0 days, meaning the account will not be disabled automatically as a result of inactivity.
|
Require Password Change on Next Login
|
If checked, the user is prompted to change his or her password upon next login to the CTM client. If unchecked, the user is not required to change his or her password upon next login. By default, this option is checked.
|
Lockout
|
CTM automatically locks the current session after the period in the Period field. Click Use Global Settings to use the settings from the Security window. If you do not select Use Global Settings, click Enable to activate lockout for the selected user. Enter a lockout length in the Period field.
|
Logout
|
CTM automatically logs the user out of the CTM session after the period in the Period field. Click Use Global Settings to use the settings from the Security window. If you do not select Use Global Settings, click Enable to activate logout for the selected user. Enter a logout length in the Period field.
|
User Login Sessions
|
Select whether to allow single or multiple user logins.
|
Assign Objects to User Pane
(for Provisioner and Operator users only)
|
Select Object Type
|
Assign groups or NEs to the new user.
Note The Discovered NEs and Deleted NEs groups cannot be assigned to a Provisioner, Operator, or custom user profile.
|
Select Objects
|
Select from the list of available objects that can be assigned to the new user. By clicking the Add and Remove buttons, you can move objects back and forth between the Available Objects list and the Assigned Objects list.
|
Assign Circuit Sizes to User Pane
(for Provisioner users only)
|
Select Circuit Size Type
|
Select the circuit types that are relevant, SONET or SDH.
|
Select Circuit Sizes
|
Select valid circuit sizes from the list of available circuit sizes. By clicking the Add and Remove buttons, you can move objects back and forth between the Available Circuit Sizes list and the Assigned Circuit Sizes list.
|
CTC/Craft User Properties Pane
|
Username
|
Active username for accessing CTC-based NEs or NEs that support a TL1 interface. The username must contain at least six alphanumeric characters, but not more than 20 characters.
|
User Password
|
Login password for accessing CTC-based NEs or NEs that support a TL1 interface. The new password must:
•Contain at least 6 alphanumeric characters, but not more than 10.
•Contain at least two alphabetic characters (A-Z, a-z).
•Contain at least one numeric character (0-9).
•Contain at least one special character (+, #, or %).
|
Confirm Password
|
Retype the password to confirm it.
|
8.3.3.3 Modifying a CTM User's Properties
Use the Modify CTM User Properties wizard to modify the properties of an existing CTM user. Table 8-5 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, select the CTM user whose user properties will be modified.
Step 3 Choose Edit > View/Modify (or click the Modify User Properties tool). The Modify User Properties wizard opens.
Step 4 Modify the following fields, as needed; then, click Next:
•User Password (and confirm password)
Note Regardless of the actual size of the old password, the Password and Confirm Password fields display only a fixed-length string. The fixed-length string is 12 asterisks (*).
•User Privilege
•Domain Name
•Login State
•Password Change
•Description
•Auto Disable Account
•Require Password Change on Next Login check box
•Use Global Settings check box
•Enable check box
•Period
•User Login Sessions
Step 5 (Optional) For Provisioner, Operator, and custom user profiles, modify the list of assigned objects by adding groups or NEs to the Assigned Objects list or removing groups or NEs from the list. Click Next.
Step 6 (Optional) For Provisioners, modify the list of assigned circuit sizes by adding or removing SONET or SDH circuit sizes from the list. Click Next.
Step 7 (Optional) Modify the user's CTC/craft username and password for accessing CTC-based NEs or NEs that support a TL1 interface. For username and password constraints, see Table 8-5.
Step 8 Click Finish. The user whose properties were modified is listed in the CTM Users table.
Note•After you change the user privilege level, you receive a message that tells you that the selected user will be logged out. Click OK. This activity is reported in the Audit Log.
•The user whose privilege has been changed receives the message "A user with administration privileges has changed the privileges of this user. The application will be closed." The user is then logged out.
•You cannot change the user privilege of the last instance of a SysAdmin user. You must create another SysAdmin user before changing the user privilege level of the other SysAdmin user.
Table 8-5 Field Descriptions for the Modify User Properties Wizard
Field
|
Description
|
Cisco Transport Manager User Properties Pane
|
Username
|
Display only. Active username for accessing the system. The CTM username must contain from six to twelve alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The username must be unique in CTM and cannot contain a space or a special character.
Note After the username is set, it cannot be changed without deleting the user.
|
User Password
|
Login password used to access the system. The password complexity is configurable in the Control Panel > Security Properties pane. By default, the user password must:
•Contain at least six characters, but not more than 12 characters.
•Contain at least two alphabetic characters (A-Z, a-z). Of the alphabetic characters, at least one must be uppercase and one must be lowercase.
•Contain at least one numeric character (0-9).
•Contain at least one special character (+ # % , . ; & !). The default special character set is TL1+UNIX.
•Allow a special character as the first or last character.
•Allow a numeric character as the first or last character.
•Not contain the username or any circular shift of the username. An uppercase letter and its corresponding lowercase letter are considered equivalent. For example, if the username is Arthur, the password cannot contain the string arthur, rthura, thurar, hurart, urarth, or rarthu.
•Differ from the old password by at least three characters. For example, if the old password is MikeBrady5!, the new password cannot be mikebrady5% because only the last character is different. However, the new password MikeBrady2!99 is acceptable because it differs from MikeBrady5! by three characters.
Note By Cisco default, the minimum time between password changes is 20 days. The new password must differ from the previous password by 3 characters, and the new password is compared against the previous 5 passwords.
|
Confirm Password
|
Retype the password to confirm it.
|
User Privilege
|
User's privilege level.
|
Domain Name
|
Domain name. When the user logs into the system, he or she sees all the devices contained within this domain.
|
Login State
|
Permit (enable) or prevent (disable) the user from logging into the system.
|
Password Change
|
Permit (enable) or prevent (disable) the user from changing his or her password.
|
Description
|
User description.
|
Auto Disable Account
|
Number of days of nonuse that will prompt the account to be disabled automatically. The range is from 0 to 365 days, in 1-day increments. The Cisco default is 0 days, meaning the account will not be disabled automatically as a result of nonuse.
|
Require Password Change on Next Login
|
If checked, the user is prompted to change his or her password upon next login to the CTM client. If unchecked, the user is not required to change his or her password upon next login. By default, this option is checked.
|
Lockout
|
CTM automatically locks the current session after the number of minutes in the Period field. Click Use Global Settings to use the settings from the Security window. If you do not select Use Global Settings, click Enable to activate lockout for the selected user. Enter a lockout length in the Period field.
|
Logout
|
CTM automatically logs the user out of the CTM session after the number of minutes in the Period field. Click Use Global Settings to use the settings from the Security window. If you do not select Use Global Settings, click Enable to activate logout for the selected user. Enter a logout length in the Period field.
|
User Login Sessions
|
Whether to allow single or multiple user login.
|
Assign Objects to User Pane
(for Provisioner and Operator users only)
|
Select Object Type
|
Assign specific groups and NEs to operator and provisioner users.
|
Select Objects
|
Modify the objects that are assigned to operators and provisioners. Click Add and Remove to move objects back and forth between the Available Objects list and the Assigned Objects list.
|
Assign Circuit Sizes to User Pane
(for Provisioner users only)
|
Select Circuit Size Type
|
Select the circuit types that are relevant, SONET or SDH.
|
Select Circuit Sizes
|
Modify the circuit sizes that are assigned to the user. Click Add and Remove to move circuit sizes back and forth between the Available Circuit Sizes list and the Assigned Circuit Sizes list.
|
CTC/Craft User Properties Pane
|
Username
|
Modify the active username for accessing CTC-based NEs or NEs that support a TL1 interface. The username must contain at least six alphanumeric characters, but not more than 20 characters.
|
User Password
|
Modify the user's login password. The user password must:
•Contain at least 6 alphanumeric characters, but not more than 10.
•Contain at least two alphabetic characters (A-Z, a-z).
•Contain at least one numeric character (0-9).
•Contain at least one special character (+, #, or %).
|
Confirm Password
|
Confirm the newly modified password by retyping it.
|
8.3.3.4 Deleting a CTM User
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, select the user to be deleted.
Note A user cannot be deleted from the database until that user logs out. However, an active user session can be ended. See Ending an Active CTM User Session.
Step 3 Choose Edit > Delete (or click the Delete User tool).
Step 4 Click OK to remove the user from the database.
8.3.3.5 Viewing Logged In CTM Users
The Logged In CTM Users table lists the CTM users who are currently logged into the CTM application.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, choose Administration > Logged In CTM Users (or click the Show Logged In CTM Users tool). The following table provides descriptions.
Table 8-6 Field Descriptions for the Logged In CTM Users Table
Field
|
Description
|
Username
|
Name of the user who is currently logged in.
|
Logged In At
|
Date and time when the user logged in.
|
IP Address
|
User's IP address.
|
Session ID
|
Unique session ID number that the CTM server assigns to each CTM user during login.
|
8.3.3.6 Ending an Active CTM User Session
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, choose Administration > Logged In CTM Users (or click the Show Logged In CTM Users tool).
Step 3 In the Logged In CTM Users table, select the user whose session will be ended and choose Administration > Log Out User (or click the Log Out User tool).
Note If you are logged in as an Operator, you cannot log out a SuperUser.
Step 4 Click Yes at the following prompt:
This operation will log out the selected CTM user. The process will take approximately
1 minute and this CTM client will be unusable until then. Do you want to continue?
Wait while the CTM server logs out the selected CTM client. The CTM GUI is frozen for approximately 1 minute until the request is complete.
8.3.3.7 Viewing a List of Login Attempts by Unknown Users
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, choose Administration > Failed Login Attempts (or click the Show Failed Login Attempts tool). The Unknown User Login Attempts table opens. The following table provides descriptions.
Step 3 To unlock a locked IP address, select the IP address and choose Administration > Unlock (or click the Unlock User tool). This re-enables login attempts for the selected IP address. When an IP address is unlocked, the Login Failed Attempts value is reset to zero and the Last Login Failed Time value is set to N/A.
Table 8-7 Field Descriptions for the Unknown User Login Attempts Table
Field
|
Description
|
IP Address
|
IP address of the unknown user.
|
Failed Attempts
|
Number of login attempts from the unknown user associated with a specific IP address.
|
Last Login Failed Time (time zone)
|
Most recent time when the unknown user attempted to log into the CTM client.
|
Locked State
|
Status of the unknown user's account (locked or unlocked). Use the Administration > Unlock menu option to manually unlock an IP address. The CTM server unlocks an IP address automatically when the login disable period expires.
|
8.3.3.8 Using the CTM Locked Window
Use the CTM Locked window to lock the current CTM session. Once the session is locked, the Domain Explorer disappears, and the CTM Locked window prompts you to enter your password to unlock the CTM session. You can attempt login up to the configured maximum login attempts to unlock the session. If the threshold is exceeded, CTM will terminate. For convenience, the window has a Minimize icon. The following table describes the field in the CTM Locked window.
Table 8-8 Field Descriptions for the CTM Locked Window
Field
|
Description
|
Password
|
Enter your password; then, click Unlock to unlock the CTM session.
|
8.3.3.9 Unlocking a User Account
By default, CTM allows users a maximum of five login attempts; the user account is locked after the fifth unsuccessful login attempt. The lockout duration is configurable and can be from 0 to 600 seconds or infinite.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, select the locked user.
Step 3 Choose Edit > Unlock (or click the Unlock User tool).
8.3.3.10 Changing Your User Password
CTM users can use the Change Password dialog box to change their CTM and CTC passwords. The password change applies to the CTM user who is currently logged in. There is an enforced password change request when the default user logs in for the first time. If the user does not change the password, the CTM session is canceled.
Note•The password complexity is configurable in the Control Panel > Security Properties pane.
•It is possible to set up the user account such that the change password function is disabled. See the description of the Password Change field in Creating a CTM User.
Step 1 In the Domain Explorer window, choose Edit > Change Password.
Step 2 To change the CTM password:
a. In the CTM Password area, enter the current CTM password in the Old Password field.
b. Enter the new password in the New Password field. For CTM password constraints, see Table 8-9.
c. Confirm the new password.
Step 3 To change the CTC password:
a. In the CTC Password area, enter the new CTC password in the New Password field. For CTC password constraints, see Table 8-9.
Note The CTC Password area is not visible unless a CTC username and password have been configured for the user.
b. Confirm the new password.
c. If you want to apply the new CTC password to all the NEs in your domain, check the Propagate the password change to the NEs in my domain check box.
Step 4 Click OK. The result of this activity can be monitored in the Job Monitor table.
Table 8-9 Field Descriptions for the Change Password Dialog Box
Field
|
Description
|
CTM Password
|
Old Password
|
Enter the old CTM user password.
|
New Password
|
Enter the new login password. The password complexity is configurable in the Control Panel > Security Properties pane. By default, the new password must:
•Contain at least six characters, but not more than 12 characters.
•Contain at least two alphabetic characters (A-Z, a-z). Of the alphabetic characters, at least one must be uppercase and one must be lowercase.
•Contain at least one numeric character (0-9).
•Contain at least one special character (+ # % , . ; & !). The default special character set is TL1+UNIX.
•Allow a special character as the first or last character.
•Allow a numeric character as the first or last character.
•Not contain the username or any circular shift of the username. An uppercase letter and its corresponding lowercase letter are considered equivalent. For example, if the username is Arthur, the password cannot contain the string arthur, rthura, thurar, hurart, urarth, or rarthu.
•Differ from the old password by at least three characters. For example, if the old password is MikeBrady5!, the new password cannot be mikebrady5% because only the last character is different. However, the new password MikeBrady2!99 is acceptable because it differs from MikeBrady5! by three characters.
Note By Cisco default, the minimum time between password changes is 20 days. The new password must differ from the previous password by 3 characters, and the new password is compared against the previous 5 passwords.
Note Regardless of the actual size of the old password, the Password and Confirm Password fields display only a fixed-length string. The fixed-length string is 12 asterisks (*).
|
Confirm Password
|
Retype the password to confirm it.
|
CTC Password
|
New Password
|
Enter the new login password. The new password must:
•Contain at least 6 alphanumeric characters, but not more than 10.
•Contain at least two alphabetic characters (A-Z, a-z).
•Contain at least one numeric character (0-9).
•Contain at least one special character (+, #, or %).
|
Confirm Password
|
Retype the password to confirm it.
|
Propagate the password change to the NEs in my domain
|
Check this check box to apply the new CTC password to all the NEs in your domain.
|
8.3.3.11 Managing Security Advisory Messages
Use the Security Advisory Message Management wizard to choose a CTC-based NE from which a security advisory message can be loaded. The wizard then provides you with a list of NEs where the user can download this security message. When you click Finish, CTM schedules a job for this action, and the security message downloaded to each selected NE is tracked as a separate task on the Job Monitor table.
The following table provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > Security Advisory Management. The Security Advisory Message Management wizard opens.
Step 2 Select the NE where the security advisory message exists.
Step 3 Click the Text tab to view the existing security advisory message on the selected NE. If no message exists, you can use this field to enter a new message.
Step 4 Click Next.
Step 5 Use the Add and Remove buttons to move NEs to or from the Selected NE(s) list.
Step 6 Click Finish.
Note You can also use the NE Explorer node view to set the security advisory message for CTC-based NEs. In the node properties pane, click the Security tab. In the Legal Disclaimer subtab, there is a default advisory message that is noncustomer-specific. Change the text if you want the disclaimer to be specific for your company. In the Preview subtab, you can view the advisory message before saving it. Click Apply.
Table 8-10 Field Descriptions for the Security Advisory Message Management Wizard
Field
|
Description
|
Select an NE to View the Security Advisory Message Pane
|
Select NE
|
NE where the security advisory message exists.
Note If you opened the Security Advisory Message Management wizard after selecting an NE, only that NE will appear in this list.
|
Text
|
Security advisory message present on the selected NE. If no message exists, you can use this tab to enter a new message.
You can use the following HTML commands to format the text:
<b> Begins boldface font
</b> Ends boldface font
<center> Aligns type in the center of the window
</center> Ends the center alignment
<font=n, where n = point size> Changes the font to the new size
</font> Ends the font size command
<p> Creates a line break
<sub> Begins subscript
</sub> Ends subscript
<sup> Begins superscript
</sup> Ends superscript
<u> Starts underline
</u> Ends underline
|
Preview
|
View the advisory message before saving it.
|
Save the Security Advisory Message Pane
|
Available NE(s)
|
Select one or more NEs in the Available NE(s) list and click Add to move them to the Selected NE(s) list. The advisory message is saved for the NEs in the Selected NE(s) list.
|
Selected NE(s)
|
Select one or more NEs in the Selected NE(s) list and click Remove to move them to the Available NE(s) list.
|
8.3.3.12 Setting User Preferences
Use the User Preferences dialog box to configure the CTM user interface.
Step 1 In the Domain Explorer window, choose Edit > User Preferences. The User Preferences dialog box opens. The following table provides descriptions.
Step 2 After specifying the settings, check the Save current settings check box to preserve the current settings even after logging out. Users with the appropriate privileges can check the Save as the default user template check box to save the current settings as the default for new users who are added in the future. Current users who have not altered their default settings adopt the new default settings when they log out.
Step 3 Click OK to save the settings. After you save the selections, all subsequent views use the saved preferences.
Table 8-11 Field Descriptions for the User Preferences Dialog Box
Field
|
Description
|
Event Notification Tab
|
Show Notification Dialog For
|
Select whether an alert popup displays when a specific alarm or event occurs on NEs in your management domain or on the EMS. You can specify the alarm severity that will generate an alert popup, and whether to include cleared alarms.
Note Selections that apply to NEs are allowed only if you have NEs assigned to you. Selections that apply to the EMS are allowed only if you have the appropriate user privilege.
|
Play Audible Notification For
|
Select whether an audible alert sounds when a specific alarm or event occurs on an NE or on the CTM application. You can specify the alarm severity that will generate an audible alert, and whether to include cleared alarms. Check the Continuous Alarm for Dashboard Notifications check box to enable continuous audible notification whenever a new update occurs in the Dashboard window. Uncheck this check box to disable continuous audible notifications.
Note Selections that apply to NEs are allowed only if you have NEs assigned to you. Selections that apply to the EMS are allowed only if you have the appropriate user privilege.
|
Miscellaneous Tab
|
Time Zone for Date/Time Display
|
Change the time zone selection. You can select one of the following:
•Local—Displays time information adjusted for the time zone that is configured on the PC or workstation where the CTM client is running.
•GMT—Displays time information (for example, alarm time stamps) according to the GMT time zone.
•User Defined—Specify a fixed offset from GMT. The offset range is -12 to +13 hours from GMT, in one-hour increments. For offsets other than zero, specify a display string of four characters maximum (to indicate the time zone, for example).
|
Display Log/15-min PM Data for
|
Change the time period used to display time-sensitive data in 15-minute increments.
Note This field is visible only if you have read permission for the Performance Monitor operation.
Note If you change the time setting from a shorter time period to a longer time period (for example, from Past 4 Hours to Past 30 Days), you must click Refresh Data in the log window to retrieve the data, even if the Auto Refresh feature is enabled. This behavior is by design, because if there are thousands of nodes under management, it takes a long time to retrieve the data. CTM does not begin retrieving the data until you click Refresh Data manually.
|
Display 1 Day PM Data for
|
Change the time period used to display time-sensitive data in 24-hour increments.
Note This field is visible only if you have read permission for the Performance Monitor operation.
|
Table Export Encoding
|
Change the encoding to use when you export a table to a text file. Options are:
•Default—The encoding (that is, the translation from a character to the sequence of 0s and 1s that represent it in byte format) used by default. Default encoding depends on various factors, including the locale and the region of the Operating System (OS) running on the machine. Default encoding can only write characters belonging to that specific locale and region. Default encoding has the advantage that all OS applications can correctly read the text file generated by this encoding.
•UTF-8—Unicode Transformation Format-8 (UTF-8) is an octet (8-bit) lossless encoding of unicode characters. It encodes each character as a variable number of 1 to 4 octets, where the number of octets depends on the integer value assigned to the unicode character. UTF-8 is the default encoding for XML. UTF-8 is an encoding independent from OS, locale, and region; is standardized by the Unicode consortium; and can write any unicode character in 1, 2, or 3 bytes, depending on the character itself.
|
Don't Display User Profile Creation Warning Messages
|
Enable or disable the warning dialog box that pops up when you click Finish after creating or modifying a user profile. The warnings are still visible in the User Profile table.
|
Enable NE Aliases
|
When checked, it allows you to view the alias names for the following attributes:
•Node ID
•Link name
•Circuit name
The alias name can be displayed instead of the NE ID in the following windows:
•Domain Explorer—Tree and Identification tab of the Network Element Properties pane
•Subnetwork Explorer—Tree and Identification tab of the Network Element Properties pane
•Network Map
|
Enable Refresh Data Timer
|
The automatic Refresh Data feature automatically refreshes all data being displayed by CTM. You receive the following prompt:
Refresh Data action suggested. This action will result in closing all windows and
might take some time. Do you want to continue? {Yes | No}
In an unstable environment where NEs are synchronizing or NEs change their operational state frequently, you might receive the preceding prompt continuously. To disable the prompt, uncheck the Enable Refresh Data Timer check box.
|
Map Preferences Tab
|
Open Network Map in New Window
|
Within network map views, this setting specifies whether to open subsequent frames in the same window, or open a new window for subsequent map views.
|
Show Off View Icons
|
Within map views, this setting enables or disables the display of off-view icons. If an NE has a link defined to an NE on a different map, the off-view NE is represented by an off-view icon. The off-view icon serves as a hyperlink to the map that contains the NE at the opposite end of the link. Off-view icons are used only for links that terminate on an NE; off-view icons are not used for subnetworks or groups.
|
Minimum Icon Size
|
Specify a fixed and locked pixel size for icons in network maps. Choices are 8x8, 16x16, 24x24, and 32x32. Regardless of the zoom level, the map icon size does not change when it is set to a fixed size. By default, the icon size is variable based on the zoom level. The icon size setting is saved with the other map settings.
|
FM Preferences Tab
|
Color Entire Row in Table View
|
Set the Alarm Browser or Alarm Log to full background color for the entire selected row. The color corresponds to the alarm status and severity.
|
8.3.3.13 Enabling or Disabling the Continuous Audible Alarm
Step 1 In the Domain Explorer window, choose Edit > User Preferences. The User Preferences dialog box opens.
Step 2 In the Event Notification tab > Play Audible Notification For area, check the Continuous Alarm For Dashboard Notifications check box.
Step 3 Click OK.
Step 4 To disable the continuous audible alarm, choose Fault > Stop Continuous Beep in the Domain Explorer window.
8.3.3.14 Configuring CTM Security Parameters
Use the Security Properties pane to configure CTM security parameters and password complexity rules. You can also specify usernames and passwords for the MDS 9000, ONS 15216 EDFA2, ONS 15216 EDFA3, ONS 15216 OADM, ONS 155xx, ONS 158xx, ONS 15305 CTC, ONS 15310 CL, ONS 15310 MA, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, ONS 15600 SDH, CRS-1, XR 12000, and Cisco 7600.
Note Passwords that are already in the system are not affected by modifications to the password complexity rules. The password complexity rules are checked when:
•A privileged user adds a new user to the system
•A privileged user modifies an existing user's password
•A user changes his or her own existing password
Note Regardless of the actual size of the password, the Password and Confirm Password fields display only a fixed-length string. The fixed-length string is 12 asterisks (*).
Note You cannot configure security parameters for MGX devices in the Security Properties pane. Instead, use the Domain Explorer > Network Element Properties pane > NE Authentication tab to set the NE username, password, and community string.
Step 1 In the Domain Explorer window, choose Administration > Control Panel.
Step 2 Click Security Properties and set the parameters described in the following table. Tabs shown depend on the modules that are installed.
Step 3 Click Save.
Table 8-12 Field Descriptions for the Security Properties Pane
Field
|
Description
|
CTM Security Tab
|
Password Aging
|
Number of days before the password expires. The user is prompted to change the password after the specified number of days. The range is 0 to 999 days; the Cisco default is 30 days. A value of 0 disables this feature.
|
Password Expiration Early Notification
|
Allows you to configure an early warning period for password expiration. Enter the number of days before the warning in the Password Expiration Early Notification field. CTM supports values of 0 to (password aging - 1), with a maximum of 30. For example, if the password aging is configured for 30 days, the maximum early notification value would be 29 days. A value of 0 disables this feature.
|
Max Retries
|
Maximum number of login attempts a user is allowed before being denied access. The range is 0 to 10 retries; the Cisco default is 5 retries. A value of 0 disables this feature.
Note When the number of login attempts is exceeded for a given user, CTM generates an alarm. Alarm information includes the username and IP address of the client workstation where the final login attempt was made.
|
Infinite
|
Enable or disable infinite user lockout. If checked, CTM does not automatically re-enable the account, but always requires the intervention of a user with the appropriate user profile to re-enable.
|
Login Disable Period
|
Number of seconds a user's login is disabled after the maximum login retries value is exceeded. The range is 0 to 600 seconds; the Cisco default is 30 seconds. A value of 0 disables this feature and the Max Retries feature.
For example, if the maximum number of retries is 5 and the login disable period is 30 seconds, the user account will be disabled for 30 seconds after the fifth failed login attempt.
Note If you check the Infinite check box, the Login Disable Period field is grayed out. The user will not be allowed to log in until that user's login state is re-enabled from the CTM Users table.
|
Enable CTM Security Advisory Message
|
If checked, the advisory message that appears on login is enabled. Uncheck to disable the login advisory message.
|
Lockout Enable
|
If checked, CTM automatically locks the current session after the period in the Lockout Period field.
Note If both Lockout Enable and Logout Enable are checked, logout only occurs after the lockout period.
|
Lockout Period
|
Number of minutes a user's CTM session is inactive before CTM automatically locks the user out. The range is from 1 to 120 minutes in 1-minute increments; the Cisco default is 30 minutes.
|
Logout Enable
|
If checked, CTM automatically logs the user out of the CTM session after the period in the Logout Period field.
|
Logout Period
|
Number of minutes a user's CTM session is inactive before CTM automatically logs the user out. The range is from 1 to 1440 minutes in 1-minute increments.
|
CTM Password Rules Tab
|
Interval Between Password Change
|
Number of days a user must wait between password changes. The range is 0 to 99 days; the Cisco default is 20 days. A value of 0 disables this feature.
|
Differ From Previous Password by n Characters
|
Number of characters by which the new password must differ from the previous one. The range is 1 to 5 characters; the Cisco default is 3 characters.
|
Compare Against Previous n Passwords
|
Number of previously used passwords to compare against the new password. The range is 0 to 5 passwords; the Cisco default is 5 passwords. A value of 0 disables this feature.
|
Minimum Password Length
|
Minimum password length. The range is 2 to 10 characters; the Cisco default is 6 characters.
|
Maximum Password Length
|
Maximum password length. The range is 10 to 12 characters; the Cisco default is 12 characters.
|
Number of Alphabetic Characters
|
Minimum number of alphabetic characters that the password must include. The range is 0 to 2; the Cisco default is 2 alphabetic characters.
|
Number of Lowercase Alphabetic Characters
|
Minimum number of lowercase alphabetic characters that the password must include. The range is 0 to 2; the Cisco default is 1 lowercase character.
|
Number of Uppercase Alphabetic Characters
|
Minimum number of uppercase alphabetic characters that the password must include. The range is 0 to 2; the Cisco default is 1 uppercase character.
|
Number of Numeric Characters
|
Minimum number of numeric characters that the password must include. The range is 0 to 2; the Cisco default is 1 numeric character.
|
Number of Special Characters
|
Minimum number of special characters that the password must include. The range is 0 to 2; the Cisco default is 1 special character.
|
Special Character Set to Use
|
Special character set to use:
•TL1—Special characters permitted are + # %
•UNIX—Special characters permitted are , . ; % & !
•TL1+ UNIX—(Cisco default) Special characters permitted are , . ; % & ! + #
•ASCII—Special characters permitted are @ ` ! " # $ % & ' ( ) * : + ; [ { , < \ | - = ] } . > ^ ~ / ? _
|
Allow Special First or Last Character
|
If checked, a special character is allowed as the first or last character in the password. If unchecked, the first or last character in the password cannot be a special character.
|
Allow Numeric First or Last Character
|
If checked, a numeric character is allowed as the first or last character in the password. If unchecked, the first or last character in the password cannot be a number.
|
Allow User ID Circular Shift
|
If checked, the user ID or a circular shift of the ID can be used in the password. If unchecked, the user ID or a circular shift of the ID cannot be used in the password.
|
MDS 9000 Tab
|
Username
|
Username to use for CLI connections to the MDS 9000.
|
Password
|
Password to use for CLI connections to the MDS 9000.
|
Confirm Password
|
Re-enter the password to confirm it.
|
ONS 15216 EDFA2 Tab
|
Username
|
Username that the CTM server and CTM GateWay/TL1 use to connect to ONS 15216 EDFA2 NEs.
|
Password
|
Password to use for CTM server and CTM GateWay/TL1 connections to ONS 15216 EDFA2 NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
ONS 15216 EDFA3 Tab
|
CTM Server - NE Connection Username
|
Username that the CTM server uses to connect to ONS 15216 EDFA3 NEs.
Note The ONS 15216 EDFA3 has a TL1 interface and multiple usernames can be defined for authentication. Each username can be used for only one active connection. A second connection with the same username is not allowed. The current user must log out before another user can log in with that username.
|
Password
|
Password to use for CTM server connections to ONS 15216 EDFA3 NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
GateWay/TL1 - NE Connection Username
|
Username that CTM GateWay/TL1 uses to connect to ONS 15216 EDFA3 NEs.
|
Password
|
Password to use for CTM GateWay/TL1 connections to ONS 15216 EDFA3 NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
CTM Server - FTP Connection Username
|
Username that the CTM server uses to connect to FTP for software download, memory backup, and memory restore.
Caution An FTP account must already exist on the server in order for the file transfer to work correctly.
|
Password
|
Password to use for CTM server connections to FTP.
|
Confirm Password
|
Re-enter the password to confirm it.
|
FTP Directory
|
Absolute path for the FTP directory, beginning with a forward slash (/).
|
ONS 15216 OADM Tab
|
CTM Server - NE Connection Username
|
Username that the CTM server uses to connect to ONS 15216 OADM NEs.
Note The ONS 15216 OADM has a TL1 interface and multiple usernames can be defined for authentication. Each username can be used for only one active connection. A second connection with the same username is not allowed. The current user must log out before another user can log in with that username.
|
Password
|
Password to use for CTM server connections to ONS 15216 OADM NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
GateWay/TL1 - NE Connection Username
|
Username that CTM GateWay/TL1 uses to connect to ONS 15216 OADM NEs.
|
Password
|
Password to use for CTM GateWay/TL1 connections to ONS 15216 OADM NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
CTC-Based SDH Tab
|
Username
|
Username that the CTM server uses to connect to ONS 15305 CTC, ONS 15454 SDH, and ONS 15600 SDH NEs. By default, NEs are configured with the username CISCO15.
For the ONS 15454 SDH, there are also Username fields for CTM GateWay/TL1 connections to NEs, for CTM server connections to ML-series cards, and for CTM server connections to TL1 tunnel NEs.
Note The ONS 15454 SDH R5.0 supports a TL1 interface. For NE releases earlier than the ONS 15454 SDH R5.0, the GateWay/TL1 - NE Connection area is not applicable.
Note The default username is configured as CISCO15 for the ML cards specified in the default Cisco IOS configuration file. The Cisco IOS configuration file is included in the CTM R8.0 server installation CD (misc/bareboneCLI_Security.txt). By default, the username for all connections is configured as CISCO15.
|
Password
|
Password to use for CTM server connections.
For the ONS 15454 SDH, this is also the password to use for CTM GateWay/TL1, ML-series card, and TL1 tunnel NE connections.
Note The default password is configured as CTM123+ for the ML cards specified in the default Cisco IOS configuration file.
|
Confirm Password
|
Re-enter the password to confirm it.
|
CTC-Based SONET Tab
|
Username
|
Username that the CTM server and CTM GateWay/TL1 use to connect to ONS 15310 CL, ONS 15310 MA, ONS 15327, ONS 15454 SONET, and ONS 15600 SONET NEs. By default, NEs are configured with the username CISCO15.
For the ONS 15310 CL, ONS 15310 MA, and ONS 15454 SONET, there is also a Username field for CTM server connections to ML-series cards.
For the ONS 15310 CL, ONS 15310 MA, ONS 15327, and ONS 15454 SONET, there is also a Username field for CTM server connections to TL1 tunnel NEs.
|
Password
|
Password to use for CTM server and CTM GateWay/TL1 connections.
For the ONS 15310 CL, ONS 15310 MA, and ONS 15454 SONET, there is also a Password field for CTM server connections to ML-series cards.
For the ONS 15310 CL, ONS 15310 MA, ONS 15327, and ONS 15454 SONET, there is also a Password field for CTM server connections to TL1 tunnel NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
ONS 155xx Tab
|
Username
|
Username that CTM GateWay/TL1 uses to connect to ONS 15530 and ONS 15540 NEs.
|
Password
|
Password to use for CTM GateWay/TL1 connections to ONS 15530 and ONS 15540 NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
ONS 158xx Tab
|
Username
|
Username that the CTM server and CTM GateWay/TL1 use to connect to ONS 1580x NEs.
Note The account specified on the NE for CTM to use must be a SuperUser-level account.
|
Password
|
Password to use for CTM server and CTM GateWay/TL1 connections to ONS 1580x NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
CRS-1 Tab
|
Username
|
Username that the CTM server uses to connect to the CRS-1 device.
|
Password
|
Password to use for CTM server connections to the CRS-1.
|
Confirm Password
|
Re-enter the password to confirm it.
|
XR 12000 Tab
|
Username
|
Username that the CTM server uses to connect to the XR 12000.
|
Password
|
Password to use for CTM server connections to the XR 12000.
|
Confirm Password
|
Re-enter the password to confirm it.
|
IOS 7600 Tab
|
CTM Server - Config Engine Connection Username
|
Username that the CTM server and the Config Engine Connection service use to connect to Cisco 7600 NEs.
|
Password
|
Password to use for CTM server and CNS Transport service connections to Cisco 7600 NEs.
|
Confirm Password
|
Re-enter the password to confirm it.
|
Use Config Engine Agent check box
|
If checked, enables the Config Engine Agent on the device and connects to the agent. CTM uses this connection to transfer configuration commands to the device and receive command responses from the device.
Agents on the device can communicate with only one CTM server; if a device is managed by more then one CTM server, you must ensure that only the Use Config Engine Agent check box is selected for only one CTM server.
Note This option is dimmed; it is not supported in this release.
|
CTM Server - NE Connection Login Username
|
Username that the CTM server uses to connect to Cisco 7600 NEs.
|
Login Password
|
Password to use for CTM server connections to Cisco 7600 NEs.
|
Confirm Login Password
|
Re-enter the password to confirm it.
|
CLI - NE Connection Enable Username
|
Enable username used to connect to Cisco 7600 NEs through the CLI.
|
Enable Password
|
Enable password used to connect to Cisco 7600 NEs through the CLI.
|
Confirm Enable Password
|
Re-enter the password to confirm it.
|
CTM Server - FTP Connection Username
|
Username that the CTM server uses on the FTP connection for software download, memory backup, and memory restore.
Caution An FTP account must already exist on the server in order for the file transfer to work correctly.
|
Password
|
Password that the CTM server uses on the FTP connection.
|
Confirm Password
|
Re-enter the password to confirm it.
|
8.3.3.15 Sending Messages to Other Users
Use the Notify Users dialog box to type and send a message to all CTM users, or to all CTM users with the same user privileges. For example, you might want to alert all CTM users before shutting down the CTM server.
The following table provides descriptions.
Step 1 In the Domain Explorer window, choose File > Notify Users. The Notify Users dialog box opens.
Step 2 In the Message Targets area, select the recipients of the message.
Step 3 Type the message in the Message area.
Step 4 To send the message to the specified recipients, click Send. To cancel the message and close the dialog box, click Cancel. To launch the online help for the Notify Users dialog box, click Help.
Table 8-13 Field Descriptions for the Notify Users Dialog Box
Field
|
Description
|
Message Targets
|
Select recipients for your message. This list includes the default NetworkAdmin, Operator, Provisioner, SuperUser, and SysAdmin profiles, as well any custom user profile that has been generated. You can select custom and multiple profiles by using the Shift and Control keys while clicking the profile, or click the All CTM Users radio button to send your message to all users, regardless of user type.
|
Message
|
Type your message. The maximum length is 512 characters. If you enter a message that is longer than 512 characters, only the first 512 characters are sent.
|
8.3.3.16 Viewing User Notification Messages
The User Notification dialog box pops up on your screen when another user sends a message to a certain user profile or to all CTM users, and you belong to one of those groups. The following table provides descriptions.
Table 8-14 Field Descriptions for the User Notification Dialog Box
Field
|
Subfield
|
Description
|
Message Received
|
From
|
Username of the user who sent you the message.
|
Time
|
Date and time when you received the message.
|
Message
|
—
|
Text of the message. The maximum message length is 512 characters.
|
8.3.4 Managing CTM User Profiles
The following sections describe how to view, add, modify, delete, and duplicate a CTM user profile.
8.3.4.1 Viewing User Profiles
The CTM User Profiles table displays basic information about CTM user profiles. Use the menu options to manage user profiles.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the CTM Users table, choose Administration > CTM User Profiles (or click the Launch User Profiles Table tool). The following table provides descriptions.
Table 8-15 Field Descriptions for the CTM User Profiles Table
Field
|
Description
|
User Profile Name
|
Name of the existing CTM user profiles.
|
NE Assignment
|
NE assignment for the selected user profile. NE assignments are:
•Assign all NEs—SuperUser, NetAdmin
•Assign NEs—Operator, Provisioner
•Assign No NEs—SysAdmin
|
Default Login Sessions
|
Number of permitted simultaneous logins assigned to the user profile:
•1—Only one user with a given profile can log into a specific CTM server at a time.
•2 to 10—The specified number of users (2 to 10) with a given profile can log into a specific CTM server simultaneously.
•Unlimited—An unlimited number of users with a given profile can log into a specific CTM server simultaneously.
|
User Profile Description
|
Description of the user profile.
|
8.3.4.2 Adding a Custom User Profile
Use the Create New User Profile wizard to add CTM user profiles. Table 8-16 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the Cisco Transport Manager Users table, choose Administration > CTM User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Transport Manager User Profiles table, choose Edit > Create (or click the Create a New User Profile tool).
Step 4 In the Create New User Profile wizard, specify the following:
•User profile name
•NE assignment
•Max user sessions allowed
•Description
Step 5 Click Next.
Step 6 Select a user profile category from the Categories area. Operations for each category are displayed on the right side of the Categories area. See Table 8-1 for a list of CTM profile categories and operations.
Step 7 Specify user capabilities by setting permission or privileges for one or all operations. When setting privileges for each operation, select one of the following radio buttons:
•Read Only
•Read/Write
•No Access
When setting privileges for all operations, select one of the following buttons:
•Set All Read Only
•Set All Read/Write
•Set All No Access
Note The user profile operations displayed on the right side of the Create New User Profile wizard depend on the category selected. You can select the root node to see all the operations for all categories.
Step 8 Click Finish.
Step 9 Click Yes in the message box. (The message box will not be displayed if it is disabled in the User Preferences dialog box. See Setting User Preferences for more information.)
Table 8-16 Field Descriptions for the Create New User Profile Wizard
Field
|
Description
|
User Profile Name
|
Enter the name of the new user profile. The profile name must contain from six to twenty alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The profile name must be unique in CTM and cannot contain a space or any special characters.
|
NE Assignment
|
The NE assignment for the new user profile. Values are:
•Assign All NEs—SuperUser, NetworkAdmin
•Assign NEs—Operator, Provisioner
•Assign No NEs—SysAdmin
|
Max User Sessions Allowed
|
Select 1 to allow only one user with the selected user profile to log into a specific CTM server. Select a number other than 1 to allow the specified number of users to log into a specific CTM server simultaneously. Select Unlimited if you do not want to restrict the number of users with the selected profile from logging into a specific server simultaneously.
|
Description
|
Enter a description of the new user profile.
|
User Profile Privileges
|
Set user privileges for specific CTM categories. Select a category in the left panel to display that category's available operations. Select an operation from the Operations column; then, select a user privilege for the selected operation from the radio buttons in the Privileges column.
•Set All Read Only—Specifies that the user can only view information related to all the operations with Read Only privilege listed under the specified category. All other operations will be set to No Access.
•Set All Read/Write—Specifies that the user can view and perform any of the operations with Read/Write privilege listed under the specified category. All other operations will be set to Read Only.
•Set All No Access—Specifies that the user is not allowed to perform any of the operations with No Access privilege listed under the specified category. All other operations will be set to Read Only.
The Warning column lists the dependencies between various operations. After you click Finish to create the new user profile, a warning dialog box lists all of the warning messages. If you check the Don't Display User Profile Creation Warning Messages check box, the warning dialog box does not appear for subsequent user profile creations in the current client session. If you check the Don't Display User Profile Creation Warning Messages check box in the User Preferences dialog box, the warning dialog box is disabled as specified for the current user or as a template for new users.
|
8.3.4.3 Modifying a User Profile
Use the Modify User Profile wizard to modify CTM user profiles. Table 8-17 provides descriptions.
Note Users created with a certain profile cannot be changed to another profile. To change profiles, the user must be deleted, then recreated with the new profile.
Note Modifying a profile will log out all users who are logged in with that profile.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the Cisco Transport Manager Users table, choose Administration > CTM User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Transport Manager User Profiles table, click the profile to modify; then, choose Edit > View/Modify (or click the View/Modify User Profile Properties tool).
Step 4 In the Modify User Profile wizard, modify the following:
•NE assignment
•Max user sessions allowed
•Description
Step 5 Click Next.
Step 6 Select a user profile category from the Categories area. Operations for each category are displayed on the right side of the Categories area. See Table 8-1 for a list of CTM profile categories and operations.
Step 7 Specify user capabilities by setting permission or privileges on one or all operations. When setting privileges for each operation, select one of the following radio buttons:
•Read Only
•Read/Write
•No Access
When setting privileges for all operations, select one of the following buttons:
•Set All Read Only
•Set All Read/Write
•Set All No Access
Note The user profile operations displayed on the right side of the Modify User Profile wizard depend on the category selected. You can select the root node to see all the operations for all categories.
Step 8 Click Finish.
Step 9 Click Yes in the message box. (The message box will not be displayed if it is disabled in the User Preferences dialog box. See Setting User Preferences for more information.)
Table 8-17 Field Descriptions for the Modify User Profile Wizard
Field
|
Description
|
User Profile Name
|
Display only. Name of the user profile. The profile name must contain from six to twenty alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The profile name must be unique in CTM and cannot contain a space or any special characters.
|
NE Assignment
|
The NE assignment for the user profile. Values are:
•Assign all NEs—SuperUser, NetAdmin
•Assign NEs—Operator, Provisioner
•Assign No NEs—SysAdmin
Only Assign NEs is available for new profiles, meaning that NEs or groups must always be assigned to the new profile.
|
Max User Sessions Allowed
|
Select 1 to allow only one user with the selected user profile to log into a specific CTM server. Select a number other than 1 to allow the specified number of users to log into a specific CTM server simultaneously. Select Unlimited if you do not want to restrict the number of users with the selected profile from logging into a specific server simultaneously.
|
Description
|
Modify the description of the user profile.
|
User Profile Privileges
|
Modify selected user privileges for specific CTM categories. Select a category in the left panel to display that category's available operations. Select an operation from the Operations column, then select a user privilege for the selected operation from the radio buttons in the Privileges column.
•Set All Read Only—Specifies that the user can only view information related to all the operations with Read Only privilege listed under the specified category. All other operations will be set to No Access.
•Set All Read/Write—Specifies that the user can view and perform any of the operations with Read/Write privilege listed under the specified category. All other operations will be set to Read Only.
•Set All No Access—Specifies that the user is not allowed to perform any of the operations with No Access privilege listed under the specified category. All other operations will be set to Read Only.
The Warning column lists the dependencies between various operations. After you click Finish to modify the user profile, a warning dialog box lists all of the warning messages. If you check the Don't Display User Profile Creation Warning Messages check box, the warning dialog box does not appear for subsequent user profile modifications in the current client session. If you check the Don't Display User Profile Creation Warning Messages check box in the User Preferences dialog box, the warning dialog box is disabled as specified for the current user or as a template for new users.
Note Topology modification is not allowed for custom users.
|
8.3.4.4 Deleting a User Profile
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the Cisco Transport Manager Users table, choose Administration > CTM User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Transport Manager User Profiles table, select the profile you want to delete; then, choose Edit > Delete (or click the Delete User Profile tool).
Step 4 In the confirmation dialog box, click OK.
Note The default user profiles (SuperUser, SysAdmin, NetworkAdmin, Provisioner, and Operator) cannot be deleted. Custom user profiles cannot be deleted if they are assigned to any user. Delete the user with the custom user profile before deleting the user profile. See Deleting a CTM User.
8.3.4.5 Duplicating a User Profile
Use the Create Duplicate Profile window to duplicate an existing CTM user profile.
Step 1 In the Domain Explorer window, choose Administration > CTM Users.
Step 2 In the Cisco Transport Manager Users table, choose Administration > CTM User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Transport Manager User Profiles table, select the profile you want to duplicate; then, choose Edit > Duplicate (or click the Duplicate User Profile tool).
Step 4 In the Create Duplicate Profile dialog box, enter the duplicate profile name. See the following table for name constraints.
Step 5 Click OK.
Table 8-18 Field Descriptions for the Create Duplicate Profile Window
Field
|
Description
|
Duplicate Profile Name
|
The name of the duplicate user profile must contain from six to twenty alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The profile name must be unique in CTM and cannot contain a space or any special characters.
|
8.4 NE Security Management
This section describes NE security, including setting authentication on an NE, setting up a security policy, using log tables, and managing NE user access.
8.4.1 Setting NE Authentication
Use the NE Authentication dialog box to select the security properties (username and password for each authentication session) for multiple NEs. For each ONS 15000 NE that supports authentication, there is a specific Security tab in the Control Panel window.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs, ONS 15216, ONS 155XX, or ONS 1580X > NE Authentication. The NE Authentication dialog box opens. The following table provides descriptions. Fields shown depend on the NE that is selected.
Step 2 Specify the NE(s) that you will set a username and password authentication for. Click Add to add NEs to the Selected NEs list or click Remove to remove NEs from the list.
Step 3 In the CTM Server - NE Connection area, enter the following information:
•Enable—Check the Enable check box to set a username and password that the CTM server will use to establish a connection with the selected NEs.
•Username
•Password (and confirm password)
Step 4 In the GateWay/TL1 - NE Connection area, enter the following information:
•Enable—Check the Enable check box to set a TL1 username and password that the CTM server will use to establish a connection with the selected NEs through CTM GateWay/TL1.
•Username
•Password (and confirm password)
Step 5 In the CTM Server - TL1 Tunnel GNE Connection area, enter the following information:
•Enable—Check the Enable check box to set a GNE TL1 target identifier (TID), username, and password that the CTM server will use to establish a connection with the GNE and reach the selected tunnel NE (TNE).
•GNE TID
•Username
•Password (and confirm password)
Step 6 Click Save.
Table 8-19 Field Descriptions for the NE Authentication Dialog Box
Field
|
Description
|
Network Elements Area
|
Available NEs
|
List of available NEs.
|
Selected NEs
|
List of selected NEs.
|
CTM Server - NE Connection Area
|
Enable
|
If checked, allows a connection between the CTM server and the NE.
|
Username
|
Enter a username for the selected NEs. This field is unavailable if the Enable check box is not checked.
|
Password
|
Enter the password for the username. This field is unavailable if the Enable check box is not checked.
|
Confirm Password
|
Retype the password. This field is unavailable if the Enable check box is not checked.
|
GateWay/TL1 - NE Connection Area
|
Enable
|
If checked, allows a connection between the CTM GateWay/TL1 service and the NE.
|
Username
|
Enter a username for the selected NEs. This field is unavailable if the Enable check box is not checked.
|
Password
|
Enter the password for the username. This field is unavailable if the Enable check box is not checked.
|
Confirm Password
|
Retype the password. This field is unavailable if the Enable check box is not checked.
|
CTM Server - TL1 Tunnel GNE Connection Area
|
Enable
|
If checked, specifies a GNE TID, username, and password that the CTM server will use to log into the GNE to set up a TL1 tunnel with the selected TNE(s).
|
GNE TID
|
Enter the TID of the GNE for the selected TNE(s). This field is unavailable if the Enable check box is not checked.
|
Username
|
Enter a username for the GNE for the selected TNE(s). This field is unavailable if the Enable check box is not checked.
|
Password
|
Enter the password for the GNE for the selected TNE(s). This field is unavailable if the Enable check box is not checked.
|
Confirm Password
|
Retype the password. This field is unavailable if the Enable check box is not checked.
|
Note You can also set the NE authentication username and password in the Domain Explorer > Network Element Properties pane > NE Authentication tab. When changing the username or password of an NE, mark that NE as Out of Service and then In Service.
Note If the username and password fields in the NE Authentication tab are left blank, CTM uses the username and password defined in the Control Panel.
8.4.2 Setting Up a Security Policy
You can set up a security policy for CTC-based NEs.
Step 1 Select a CTC-based NE and choose Configuration > NE Explorer.
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the node properties pane of the NE Explorer window, click the Security tab.
Step 4 Complete the following information in the Policy subtab:
•In the Idle User Timeout area:
–Retrieve—Set the idle user timeout for a CTC Retrieve user.
–Maintenance—Set the idle user timeout for a CTC Maintenance user.
–Provisioner—Set the idle user timeout for a CTC Provisioner user.
–SuperUser—Set the idle user timeout for a CTC SuperUser.
Note Idle time can be from zero to 16 hours, 39 minutes (999 minutes). To deactivate the Idle User Timeout, enter zero as the idle time. A user already logged into the node is not affected by a change to the Idle User Timeout policy.
•In the User Lockout area:
–Manual Unlock By SuperUser—If checked, the CTC SuperUser user must manually unlock locked out CTC users. If unchecked, locked out CTC users are automatically unlocked after the lockout duration period elapses.
–Lockout Duration—Set the lockout duration period for locked out CTC users. This field is only enabled if the Manual Unlock by SuperUser check box is unchecked.
–Failed Logins Allowed—Set the number of failed logins before the CTC user is automatically locked out.
•In the Other area:
–Single Sessions Per User—If checked, each CTC user can only launch one session at a time.
–Disable Inactive User—If checked, inactive users will be disabled automatically.
–Inactive Duration—If Disable Inactive User is checked, specify the inactive duration. The range is from 1 to 99 days; the Cisco default is 45 days.
Step 5 Complete the following information in the Password subtab:
•In the Password Change area:
–Prevent Reusing Last—Prevents setting a CTC user's current password to one of the most recent passwords. You can set the number of most recent passwords that cannot be reused.
–Disable Password Flipping—If checked, users cannot change passwords for the number of days specified in the Can Change Password After field.
–Can Change Password After—Enter the number of days that must elapse before the user can change the password.
–Force Password Change After Assigned—If checked, during the first successful login, the user is forced to change the password.
–Password Difference—Enter the number of characters by which the new password of a user must differ from the old password, while performing a password change. The default value is 1. The range is from 1 to 5 characters.
•In the Password Aging Area:
–Enable Password Aging—Check this check box to enable password aging.
–Aging Period—Enter the aging period, in days, for Retrieve, Maintenance, Provisioner, and SuperUser CTC users. After the aging period expires, CTC users are forced to change their passwords.
–Warning Period—Enter the warning period, in days, for Retrieve, Maintenance, Provisioner, and SuperUser CTC users. After the warning period expires, CTC users are warned that their passwords will soon expire.
Step 6 Complete the following information in the Access subtab for all CTC-based NEs R5.0 or earlier:
•In the Access area:
–LAN Access—Specify the type of LAN access allowed. Values are Backplane Only, No LAN Access, Front and Backplane, or Front Only.
Note After setting the LAN access to the backplane, the CTM client is unusable for 4 to 5 minutes.
–Restore Timeout—This time period begins if No LAN Access is selected and all DCC connections are lost. If the time expires before a DCC is restored, LAN access is restored so that the node is not isolated. When the DCC comes back, LAN access returns to its specified settings. The range is from 0 (never) to 60 minutes; the Cisco default is 5 minutes.
•In the Shell Access area:
–Shell Access On—Specify shell access on Telnet or SSH.
–Telnet Port—This is enabled if you selected the Telnet radio button. Enter the Telnet port number.
–SSH Port—Display only. Indicates the SSH port number that will be used if the SSH radio button is selected.
•In the Other area:
–PM Clearing Privilege—Select the user privilege that allows clearing PM statistics for the NE.
Step 7 Complete the following information in the Access subtab for all CTC-based NEs R6.0 or later:
•In the Access area:
–LAN Access—Specify the type of LAN access allowed. Values are Backplane Only, No LAN Access, Front and Backplane, or Front Only.
Note After setting the LAN access to the backplane, the CTM client is unusable for 4 to 5 minutes.
–Restore Timeout—This time period begins if No LAN Access is selected and all DCC connections are lost. If the time expires before a DCC is restored, LAN access is restored so that the node is not isolated. When the DCC comes back, LAN access returns to its specified settings. The range is from 0 (never) to 60 minutes; the Cisco default is 5 minutes.
•In the Serial Craft Access area:
–Enable Craft Port—Check this check box to enable the craft port.
•In the Shell Access area:
–Access State—Select the Shell access state from the drop-down list. You can select Disable, Non-secure, or Secure.
–SSH Port—Display only. Indicates the SSH port number that will be used.
–SFTP Port—Display only. Indicates the SFTP port number that will be used.
–Telnet Port—This is enabled if you selected the Non-secure access state. Enter the Telnet port number that will be used.
–Use Standard Telnet Port—Check this check box to indicate that the standard Telnet port will be used.
–Enable Shell Password—Display only. Indicates whether the Shell password is enabled. You cannot enable the Shell password in CTM R8.0. Enabling and providing a Shell password is currently done in CTC.
•In the EMS Access area:
–Access State—Select the EMS access state from the drop-down list. You can select either Non-secure or Secure. Then, click OK at the following warning message:
When you change the EMS access mode of the NE, CTM resynchronizes the NE
connections during the next health poll. If you make provisioning changes to the
NE before the resynchronization is complete, the changes might not be saved. Wait
for the resynchronization to complete before making any provisioning changes to
the NE.
Note When you change the state from Secure to Non-secure or vice versa, the NE might reboot or resynchronize to reflect the changes. During this time, if you try to reapply the other state (Secure to Non-secure or vice versa), the changes might not be saved. The operation requires time to execute successfully.
–CORBA Listener Port—Select the port numbers for the TCC CORBA (IIOP) listener port and the TCC CORBA (SSLIOP) listener port. Select one of the following radio buttons:
Default-Fixed—Assign a default port number.
Standard Constant—The port number for the TCC CORBA (IIOP) listener port is 683. The port number for the TCC CORBA (SSLIOP) listener port is 684.
Other Constant—When selected, enter the port number that will be used.
•In the TL1 Access area:
–Access State—Select the TL1 access state from the drop-down list. You can select Disable, Non-secure, or Secure.
•In the SNMP Access area:
–Access State—Select the SNMP access state from the drop-down. You can select either Disable or Non-secure.
•In the Other area:
–PM Clearing Privilege—Select the user privilege that allows clearing PM statistics for the NE.
Step 8 Complete the following in the RADIUS Server subtab for all CTC-based NEs R6.0 or later:
•Enable RADIUS Authentication—Check this check box if you want to enable RADIUS authentication.
•Enable RADIUS Accounting—Check this check box if you want to enable RADIUS accounting. This is enabled if the Enable RADIUS Authentication check box is checked.
•Enable the Node as the Final Authenticator When no RADIUS Server is Reachable—Select a row from the RADIUS Servers in Order of Authentication table; then, check this check box. This indicates that the RADIUS server that you selected will be the final authenticator when no other RADIUS servers can be reached.
•Enable Access Challenge—Select a row from the RADIUS Servers in Order of Authentication table; then, check this check box. This indicates that you are enabling access challenge in the RADIUS server that you selected.
The following table describes the fields in the RADIUS Servers in Order of Authentication table.
Click the Up and Down buttons to reorder the list of RADIUS servers in the table.
See Managing RADIUS Servers for information on how to create, modify, and delete RADIUS servers. You can create a maximum of 10 RADIUS server entries.
Step 9 Complete the following in the Legal Disclaimer subtab:
•In the Advisory Message subtab, there is a default advisory message that is noncustomer-specific. Change the text if you want the disclaimer to be specific for your company.
•In the Preview subtab, you can view the advisory message before saving it.
Step 10 Click Apply.
Table 8-20 Field Descriptions for the RADIUS Servers in Order of Authentication Table
Field
|
Description
|
IP Address
|
IP address of the RADIUS server.
|
Shared Secret
|
Shared secrets are preshared keys that have been allocated to the communicating parties (the NE and the AAA server) prior to the start of the communication process. Transactions between the NE and the AAA server are authenticated through the use of the shared secret.
|
Authentication Port
|
Authentication port number.
|
Accounting Port
|
Accounting port number.
|
8.4.2.1 Managing RADIUS Servers
8.4.2.1.1 Creating a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer.
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the properties pane of the NE Explorer window, click the Security tab > RADIUS Server subtab.
Step 4 Click Create.
Step 5 In the Create New RADIUS Server dialog box, enter the following information:
•IP address
•Shared secret
•Authentication port
•Accounting port
Step 6 Click OK. The new RADIUS server is added to the RADIUS Servers in Order of Authentication table. You can create a maximum of 10 RADIUS server entries.
8.4.2.1.2 Modifying a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer.
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the properties pane of the NE Explorer window, click the Security tab > RADIUS Server subtab.
Step 4 From the RADIUS Servers in Order of Authentication table, select a RADIUS server to modify; then, click Edit.
Step 5 In the Edit RADIUS Server dialog box, modify the following information:
•IP address
•Shared secret
•Authentication port
•Accounting port
Step 6 Click OK. Changes to the RADIUS server appear in the RADIUS Servers in Order of Authentication table.
8.4.2.1.3 Deleting a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer.
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the properties pane of the NE Explorer window, click the Security tab > RADIUS Server subtab.
Step 4 From the RADIUS Servers in Order of Authentication table, select a RADIUS server to delete; then, click Delete.
Step 5 Click Yes in the confirmation dialog box.
8.4.3 Using the ONS 1580x NE User Access Log Table
The NE User Access Log table displays access activity logs of ONS 15800, ONS 15801, and ONS 15808 users.
8.4.3.1 Enabling or Disabling the NE User Access Log
Step 1 In the Domain Explorer, select an ONS 15800, ONS 15801, or ONS 15808 NE.
Step 2 In the Network Element Properties pane > Status tab > NE User Access Log State drop-down list, choose Enabled or Disabled.
Step 3 Click Save.
8.4.3.2 Viewing the NE User Access Log Table
The NE User Access Log table displays the current status of the NE Access log. To view the NE User Access Log table, select an ONS 15800, ONS 15801, or ONS 15808 NE in the Domain Explorer tree; then, choose Administration > ONS 1580X > NE User Access Log. The following table provides descriptions.
Table 8-21 Field Descriptions for the NE User Access Log Table
Field
|
Description
|
NE ID
|
ID number of the NE.
|
IP Address
|
IP address of the NE.
|
Log Status
|
Status of the NE access log. The status is Enabled, Disabled, or Deleted.
|
Last Update
|
Date of the last update to the NE User Access Log table.
|
8.4.3.3 Enabling or Disabling a Log
Use the Enable/Disable Log Activation wizard to enable, disable, or delete logs for ONS 15800, ONS 15801, or ONS 15808 NEs.
Step 1 In the Domain Explorer, select an ONS 15800, ONS 15801, or ONS 15808 NE and choose Administration > ONS 1580X > NE User Access Log.
Step 2 In the NE User Access Log table, choose Administration > Enable/Disable Log. The Enable/Disable Log Activation wizard opens. The following table provides descriptions.
Step 3 Use the Add and Remove buttons to designate which cards have the access logs disabled or enabled.
Step 4 Click Finish.
Step 5 Click OK in the confirmation message box.
Table 8-22 Field Descriptions for the Enable/Disable Log Activation Wizard
Field
|
Description
|
Log Disable/Log Deleted
|
Displays a list of ONS 1580x NEs that have their logs selected to be disabled or deleted. Select one or more NEs and click Add to enable the logs.
|
Log Enabled
|
Displays a list of ONS 1580x NEs that have their logs selected to be enabled. Select one or more NEs and click Remove to disable the logs.
|
8.4.3.4 Updating a Log
Step 1 In the Domain Explorer, select an ONS 15800, ONS 15801, or ONS 15808 NE and choose Administration > ONS 1580X > NE User Access Log.
Step 2 In the NE User Access Log table, choose Administration > Update Log. The NE User Access Log table updates.
Step 3 Choose File > Refresh Data (or click the Refresh Data tool) to see the updates.
8.4.3.5 Deleting a Log
Step 1 In the Domain Explorer, select an ONS 15800, ONS 15801, or ONS 15808 NE and choose Administration > ONS 1580X > NE User Access Log.
Step 2 In the NE User Access Log table, select a card to delete access log information and choose Administration > Delete Log. The Delete Log wizard opens. The following table provides descriptions.
Step 3 Use the Add and Remove buttons to designate the NE(s) for which you want to delete access log information.
Step 4 Click Finish.
Step 5 Click OK in the confirmation message box.
Table 8-23 Delete Log Wizard Descriptions
Field
|
Description
|
Available NEs
|
Displays a list of ONS 1580x NEs that are eligible for log removal. Select one or more NEs and click Add to add them to the Selected NEs list.
|
Selected NEs
|
Displays a list of ONS 1580x NEs that are selected for log removal. Select one or more NEs and click Remove to remove them from the Selected NEs list.
|
8.4.3.6 Viewing the NE Users Access Activity Log Table
The NE Users Access Activity Log table displays information about the users who have accessed the NE within a selected time frame.
Step 1 In the Domain Explorer, select an ONS 15800, ONS 15801, or ONS 15808 NE and choose Administration > ONS 1580X > NE User Access Log.
Step 2 In the NE User Access Log table, choose Administration > NE Users Access Activity Log. The following table provides descriptions.
Table 8-24 Field Descriptions for the NE Users Access Activity Log Table
Field
|
Description
|
NE ID
|
ID number of the NE.
|
Session ID
|
ID number of the session.
|
Username
|
Name of the user who accessed the NE.
|
Profile
|
Access level of the user.
|
Date and Time
|
Date and time the user accessed the NE.
|
Module Name
|
Name of the affected module, if applicable.
|
Location
|
Location of the affected module, if applicable.
|
Operation
|
Operation that the user performed on the NE.
|
Result
|
Result of the operation. Results are N/A, OK, or FAIL.
|
8.4.3.7 Filtering the NE Users Access Activity Log Table Data
Step 1 In the NE User Access Activity Log table, choose File > Filter (or click the Filter Data tool). The Filter dialog box opens.
Step 2 Specify the filter parameters described in the following table.
Step 3 After making your selections, click OK to run the filter.
Table 8-25 Field Descriptions for the NE Users Access Activity Log Table Filter
Field
|
Description
|
Date and Time (time zone)
|
Select a specific date or a date and time range for filtering.
|
User ID
|
Move users back and forth between the list of available users and selected users. The filter runs on the users in the Selected User ID list.
|
8.4.4 Managing NE User Access
You can view, add, modify, and delete user accounts for CTC-based, ONS 15216 EDFA3, ONS 1580x, CRS-1, and XR 12000 NEs.
Note For more information about ONS 15800 and ONS 15801 user access levels, see TL1 Software Message Manual for the Cisco ONS 15800/15801 System. For more information about ONS 15808 user access levels, see TL1 Command Reference for the Cisco ONS 15808 DWDM System.
8.4.4.1 Viewing the NE User Access Administration Table—CTC-Based and ONS 1580x NEs
The NE User Access Administration table displays information about the existing users on the NEs that are selected from the CTM domain.
To view the NE User Access Administration table, choose Administration > CTC-Based NEs or ONS 1580X > NE User Access Administration. The following table provides descriptions.
Table 8-26 Field Descriptions for the NE User Access Administration Table
Field
|
Description
|
Alias ID
|
Alias name of the NE.
|
User Type (ONS 1580x only)
|
Classification of the user. User types are Local Craft Terminal (LCT) or TL1.
|
NE Username
|
Username of the NE user.
|
NE User Privilege (CTC-based NEs only)
|
Privilege level of the user. For CTC-based NEs, user privileges are Retrieve, Maintenance, Provisioning, and Superuser.
|
Profile (ONS 1580x only)
|
Access level of the user. Values are System Administrator, Complete Permission, Read Only User, Partial Permission, or Simple Permission.
|
Lock Out
|
Whether the NE user is locked out of the NE.
|
Last Login Time
|
Time stamp when the NE user most recently logged in.
|
Failed Login Count
|
Number of times the NE user failed to log into the NE successfully.
|
Disabled
|
Whether the NE user's access to the NE has been disabled.
|
Password Change on Next Login
|
Whether the NE user is required to change his or her password upon the next login to the NE.
|
NE ID
|
Unique ID representing the NE.
|
8.4.4.2 Viewing the NE User Access Administration Table—ONS 15216 EDFA3 NEs
The NE User Access Administration table displays information about the existing users on the NEs that are selected from the CTM domain.
To view the NE User Access Administration table, choose Administration > ONS 15216 > NE User Access Administration. The following table provides descriptions.
Table 8-27 Field Descriptions for the NE User Access Administration Table
Field
|
Description
|
NE ID
|
Unique ID representing the NE.
|
NE Username
|
Username of the NE user.
|
NE User Privilege
|
Privilege level of the user. User privileges are Read Only, Read/Write, and Read/Write/Administrative.
|
Timeout
|
Length of the timeout period (in minutes) based on the user privilege. When a timeout occurs, the corresponding session is terminated, because no messages were exchanged for a defined period of time.
•For Read Only users, the Cisco default timeout is 60 minutes.
•For Read/Write users, the Cisco default timeout is 30 minutes.
•For Read/Write/Administrative users, the Cisco default timeout is 15 minutes.
|
8.4.4.3 Filtering NE User Access Administration Table Data
Step 1 In the NE User Access Administration table, choose File > Filter (or click the Filter Data tool). The Filter dialog box opens.
Step 2 Specify the filter parameters described in the following table.
Step 3 After making your selections, click OK to run the filter.
Table 8-28 Field Descriptions for the NE User Access Administration Table Filter
Field
|
Description
|
NE ID
|
Move NEs back and forth between the list of available NEs and selected NEs. The filter runs on the NEs in the Selected NE ID list.
|
User ID
|
Move users back and forth between the list of available users and selected users. The filter runs on the users in the Selected User ID list.
|
User Privilege
|
Select the user privilege level(s) for filtering.
|
User Type (ONS 1580x only)
|
Select the user type(s) for filtering. The user types are TL1 User and LCT User.
|
8.4.4.4 Adding an NE User
Use the Add NE User wizard to add new users to ONS 15216 EDFA3, ONS 1580x, or CTC-based NEs. Table 8-29 provides descriptions.
Note Only users with Read/Write/Administrative privileges can add a new user to the ONS 15216 EDFA3.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs, ONS 15216, or ONS 1580X > NE User Access Administration. The NE User Access Administration table opens.
Step 2 Choose Edit > Add (or click the Create a New User tool) for CTC-based or ONS 15216 EDFA3 NEs. Choose Administration > Add User for ONS 1580x NEs. The Add NE User wizard opens.
Step 3 In the Network Elements area, choose the NEs from the Available NEs list that the new user will have access to and click Add. These NEs will appear in the Selected NEs list. If you want to remove NEs that the new user has access to, select the NEs from the Selected NEs list and click Remove.
Step 4 Click Next.
Step 5 Set the new user account:
•User type (for ONS 1580x NEs)
•Username
•Password (and verify password)
•Privilege (for CTC-based and ONS 15216 EDFA3 NEs)
•Profile (for ONS 1580x NEs)
Step 6 Click Add. Each new user is added in the Selected Users Profile list.
Step 7 To remove a new user from the Selected Users Profile list, select the user profile and click Remove.
Step 8 Click Finish. The result of this activity can be monitored in the Job Monitor table.
Step 9 In the confirmation dialog box, click OK.
Note LCT users are predefined and cannot be added to ONS 1580x NE users.
Note The addition of an NE user account cannot be scheduled for an NE that is marked as Out of Service. The NE is not available in the list of NEs.
The addition of an NE user account can be scheduled for an NE that is marked as In Service and with a communication state of Unavailable. The job will remain in the Job Monitor table in Waiting status and will be executed once the NE becomes available. This job cannot be canceled while in Waiting status.
Table 8-29 Field Descriptions for the Add NE User Wizard
Field
|
Description
|
NE Selection Task
|
NE Model
|
Selected NE model.
|
Network Elements
|
List of available and selected NEs. Select one or more NEs from the Available NEs list and click Add to add them to the Selected NEs list. Select one or more NEs from the Selected NEs list and click Remove to remove them from the Selected NEs list.
|
User Profile Selection Task
|
User Type (for ONS 1580x NEs only)
|
New user's type. User types are LCT User and TL1 User.
|
Username
|
Username for the new user.
•For CTC-based NEs, the username must conform with the username rules specified as the NE defaults. To view the username rules, launch the NE Explorer and click the NE Defaults tab.
•For ONS 15216 EDFA3 NEs, the username must contain at least 6 but not more than 10 alphanumeric characters. ONS 15216 EDFA3 NEs support only a single TL1 session for each username, so make sure that the username you choose is not already used for the CTM GateWay/TL1 connection with the NE.
•For ONS 1580x NEs, the username must contain at least 1 but not more than 10 alphanumeric characters. Letters must be uppercase (A-Z). The username can also contain a hyphen (-), underscore (_), and a forward slash (/).
|
New Password
|
User password.
•For CTC-based NEs, the password must conform with the user password rules specified as the NE defaults. To view the user password rules, launch the NE Explorer and click the NE Defaults tab.
•For ONS 15216 EDFA3 NEs, the password must contain at least 7 but not more than 10 ASCII characters, where at least two characters are nonalphabetic and at least one character is a special character (+, #, %). For example, jpasswd#1 is an acceptable password. The password cannot contain the username. For example, if the username is CISCO15, the password cannot be CISCO15#. The password is case-sensitive.
•For ONS 1580x NEs, the password must contain at least 6 but not more than 8 alphanumeric characters and special characters, including a hyphen (-), an underscore (_), and a forward slash (/). Of these characters, at least two must be uppercase letters (A-Z). Lowercase letters are not accepted.
|
Verify/Confirm Password
|
Re-enter the password to confirm it.
|
Privilege (for CTC-based and ONS 15216 EDFA3 NEs)
|
Privilege level for the new NE user.
•For CTC-based NEs, privilege levels are Retrieve, Maintenance, Provisioning, and Superuser.
•For ONS 15216 EDFA3 NEs, privilege levels are Read Only (R), Read/Write (RW), and Read/Write/Administrative (RWA). The timeout period is based on the user privilege. When a timeout occurs, the corresponding session is terminated, because no messages were exchanged for a defined period of time.
–Read Only: The user can monitor the state of an NE, but cannot issue provisioning commands. The Cisco default timeout is 60 minutes.
–Read/Write: The user can receive notifications, read information, and provision the NE. The user cannot carry out system administrative tasks. The Cisco default timeout is 30 minutes.
–Read/Write/Administrative: The user can receive notifications, read information, provision the NE, carry out system administrative tasks, and perform user management. The Cisco default timeout is 15 minutes.
|
Profile (for ONS 1580x NEs)
|
Profile for the new user. Profiles are System Administrator, Complete Permission, Read Only User, Partial Permission, and Simple Permission.
|
Selected Users Profile
|
List of new NE user(s). You can click Remove to remove the selected NE user.
|
8.4.4.5 Adding a Predefined User
Use the Add Predefined User wizard to add a predefined CTM user from an NE or from the NE User Access Administration table. Table 8-30 provides descriptions.
Note The Add Predefined User wizard is not available for ONS 15216 EDFA3 NEs.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 1580x > NE User Access Administration. The NE User Access Administration table opens.
Step 2 For CTC-based NEs, choose Edit > Add Predefined Users. For ONS 1580x NEs, choose Administration > Add Predefined Users.
Step 3 In the Add Predefined User wizard, do the following:
a. Select the area from which you will choose the predefined NE user. In the Existing NE User Selection area, click one of the following:
•From NE—To choose predefined users of a specific NE.
•From CTM User Table—To choose predefined users associated with the CTM user in the CTM User table.
•From CTC User Profile Table—To choose predefined users associated with the CTC user in the CTC User Profile table.
b. If you chose to select users from an NE, in the NE Selection area, choose the NE from the Select NE to pick users from drop-down list. If you chose to select from the CTM User table, this field is unavailable.
c. If you chose to select users from an NE, specify and verify the password in the Specify User Password area. This password will be applied to all the users selected in the next window. If you chose to select from the CTM User table, you can force a password to the user by checking the Force Password check box, then specifying and verifying the password.
d. Specify the user privilege. If you chose to select users from an NE, you can force a privilege to the user by checking the Force Privilege check box.
This privilege will be applied to all the users selected in the next window.
Step 4 Click Next.
Step 5 Select the predefined users. Use the Add and Remove buttons to add or remove users in the Selected Users list.
Step 6 Click Next.
Step 7 Specify the NEs that the new user will have access to. Use the Add and Remove buttons to add or remove NEs in the Selected NEs list.
Step 8 Click Finish. The result of this activity can be monitored in the Job Monitor table.
Step 9 In the confirmation dialog box, click OK.
Table 8-30 Field Descriptions for the Add Predefined User Wizard
Field
|
Description
|
Predefined User Property Selection Task
|
Existing NE User Selection
|
Choose whether to add the new user from the selected NE, from the CTM User table, or from the CTC User Profile table.
Note Fields that do not apply to the ONS 1580x are dimmed if you launch this wizard from an ONS 1580x NE.
|
NE Selection
|
Select the NE from which to choose a user.
Note This field is dimmed if you selected From CTM User Table or From CTC User Profile Table in the Existing NE User Selection area.
|
Force Password
|
If enabled, forces the predefined user to use a password when logging in.
Note This field is dimmed if you selected From NE or From CTC User Profile Table in the Existing NE User Selection area.
|
Password
|
Enter the login password that the user will use to access the system.
•For CTC-based NEs, the password must conform with the password rules specified as the NE defaults. To view the password rules, launch the NE Explorer and click the NE Defaults tab.
•For ONS 1580x NEs, the password must contain at least 6 but not more than 8 alphanumeric characters. Of these characters, at least two must be uppercase letters (A-Z). Lowercase letters are not accepted. The password can also contain numeric characters and a hyphen (-), an underscore (_), and a forward slash (/).
Note This field is dimmed if you select From CTC User Profile Table in the Existing NE User Selection area.
|
Confirm Password
|
Confirm the user password by retyping it.
|
Force Privilege
|
If enabled, forces the predefined user to use a specific user privilege level when logging in.
Note This field is dimmed if you select From CTM User Table or From CTC User Profile Table in the Existing NE User Selection area.
|
Privilege
|
Set the appropriate user privilege level.
•For CTC-based NEs, privilege levels are Retrieve, Maintenance, Provisioning, and Superuser.
•For ONS 1580x NEs, privilege levels are System Administrator, Complete Permission, Read Only User, Partial Permission, and Simple Permission.
|
Predefined User Selection Task
|
Available Users
|
Select one or more users from the list and click Add to add them to the Selected Users list. Only the users in the Selected Users list will be added.
|
Selected Users
|
Select one or more users from the list and click Remove to remove them from the Selected Users list. Only the users in the Selected Users list will be added.
|
NE Selection Task
|
Available NEs
|
Select one or more NEs from the list and click Add to add them to the Selected NEs list. Users are added only to the NEs in the Selected NEs list.
|
Selected NEs
|
Select one or more NEs from the list and click Remove to remove them from the Selected NEs list. Users are added only to the NEs in the Selected NEs list.
|
8.4.4.6 Modifying an NE User Profile
Use the Modify NE User wizard to make changes to existing NE users. Table 8-31 provides descriptions.
Note Only users with Read/Write/Administrative privileges can modify a user's password and privilege level on the ONS 15216 EDFA3.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs, ONS 15216, or ONS 1580x > NE User Access Administration. The NE User Access Administration table opens.
Step 2 Select a user from the list. Choose Edit > View/Modify (or click the Modify User Properties tool) for CTC-based and ONS 15216 EDFA3 NEs. Choose Administration > Modify User (or click the Modify User tool) for ONS 1580x NEs.
Step 3 In the Modify NE User wizard, modify the following information (as needed). Fields shown depend on the NE selected:
•User Type (for ONS 1580x NEs)
•Username
•New Password (and verify password)
•Privilege (for CTC-based and ONS 15216 EDFA3 NEs)
•Profile (for ONS 1580x NEs)
•Lock Out
•Disabled
•Change Password on Next Login
•Modify User on Multiple NEs check box
Step 4 Do one of the following:
a. If you did not check Modify User on Multiple NEs, proceed to the next step.
b. If you checked Modify User on Multiple NEs, click Next. Select the NE(s) that the modified user can or cannot access.
Step 5 Click Finish. The result of this activity can be monitored in the Job Monitor table.
Step 6 In the confirmation dialog box, click OK.
Step 7 If you are modifying the profile of a user who is currently logged in, click OK in the warning message. Changes to the NE user profile will take effect on the user's next login attempt.
Note You can modify only the password field for LCT users of ONS 1580x NEs.
Note•You cannot modify an existing NE user account for an NE that is marked as Out of Service. You can select the NE's records in the NE User Access Administration table, but when you try to modify the account, you will get an error message telling you that you cannot perform the operation.
•You can schedule modification of an existing NE user account for an NE that is marked as In Service but is unavailable. The job remains in Waiting status in the Job Monitor table and is executed when the NE becomes available. You cannot cancel the job.
Table 8-31 Field Descriptions for the Modify NE User Wizard
Field
|
Description
|
User Type (for ONS 1580x NEs only)
|
Display only. User type (LCT User or TL1 User).
Note The user type cannot be modified without deleting the user.
|
Username
|
For the ONS 15216 EDFA3, edit the username.
Note For CTC-based and ONS 1580x NEs, the username is display only; it cannot be modified without deleting the user.
|
New Password
|
Modify the user password.
•For CTC-based NEs, the password must conform with the password rules specified as the NE defaults. To view the password rules, launch the NE Explorer and click the NE Defaults tab.
•For ONS 15216 EDFA3 NEs, the password must contain at least 7 but not more than 10 ASCII characters, where at least two characters are nonalphabetic and at least one character is a special character (+, #, %). For example, jpasswd#1 is an acceptable password. The password cannot contain the username. For example, if the username is CISCO15, the password cannot be CISCO15#. The password is case-sensitive.
•For ONS 1580x NEs, the password must contain at least 6 but not more than 8 alphanumeric characters. Of these characters, at least two must be uppercase letters (A-Z). No lowercase letters are allowed. The password can also contain numeric characters and a hyphen (-), an underscore (_), and a forward slash (/).
|
Verify/Confirm Password
|
Re-enter the modified password to confirm it.
|
Privilege (for CTC-based and ONS 15216 EDFA3 NEs)
|
Modify the privilege level of the user.
•For CTC-based NEs, privilege levels are Retrieve, Maintenance, Provisioning, and Superuser.
•For ONS 15216 EDFA3 NEs, privilege levels are Read Only, Read/Write, and Read/Write/Administrative.
|
Timeout (for ONS 15216 EDFA3 NEs)
|
Display only. View the length of the timeout period (in minutes) based on the user privilege. When a timeout occurs, the corresponding session is terminated, because no messages were exchanged for a defined period of time.
•For Read Only users, the Cisco default timeout is 60 minutes.
•For Read/Write users, the Cisco default timeout is 30 minutes.
•For Read/Write/Administrative users, the Cisco default timeout is 15 minutes.
|
Profile (for ONS 1580x NEs only)
|
Modify the profile for the user. The choices are System Administrator, Complete Permission, Read Only User, Partial Permission, and Simple Permission.
|
Lock Out
|
Check this check box to lock out the NE user.
|
Disabled
|
Check this check box to permanently disable the user from logging back into CTM.
|
Change Password on Next Login
|
Check this check box to force the NE user to change his or her password on the next login.
|
Modify User on Multiple NEs
|
Check this check box to modify the profile for multiple NEs. The NEs are selected in the next panel.
|
8.4.4.7 Deleting an NE User
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs, ONS 15216, or ONS 1580X > NE User Access Administration. The NE User Access Administration table opens.
Step 2 Select a user from the list and choose Edit > Delete (or click the Delete User tool) for CTC-based and ONS 15216 EDFA3 NEs. Choose Administration > Delete User (or click the Delete User tool) for ONS 1580x NEs.
Note You cannot delete a user who is currently logged in. For CTC-based and ONS 1580x NE users, you must first log out the user from the Active NE Users table. See Ending an Active NE User Session. For ONS 15216 EDFA3 NE users, you must wait for the user to log out before deleting that user.
Note Only users with Read/Write/Administrative privileges can delete an ONS 15216 EDFA3 user.
Note You cannot delete LCT users of ONS 1580x NEs.
Step 3 Click Yes in the confirmation dialog box.
Step 4 Click OK in the message box.
Note You cannot delete an existing NE user account for an NE that is marked as Out of Service. You can select the NE's records in the NE User Access Administration table, but when you try to delete the account, you will get an error message telling you that you cannot perform the operation.
Note You can schedule deletion of an existing NE user account for an NE that is marked as In Service but is unavailable. The job remains in Waiting status in the Job Monitor table and is executed when the NE becomes available. You cannot cancel the job.
8.4.4.8 Viewing Active NE Users
The NE Active Users table displays information about the users who are currently logged into selected NEs in CTM. Table 8-32 provides descriptions. Fields shown depend on the NE selected.
Note The ONS 15216 EDFA3 supports up to 20 user accounts with up to 11 simultaneous Telnet user connections. Each user can open only one connection at a time.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs, ONS 15216, or ONS 1580X > NE User Access Administration. The NE User Access Administration table opens.
Step 2 For CTC-based and ONS 15216 EDFA3 NEs, choose Edit > NE Active Users (or click the Show NE Active Users tool). For ONS 1580x NEs, choose Administration > NE Active Users (or click the Show NE Active Users tool). The NE Active Users table opens.
Step 3 For CTC-based NEs, choose Administration > Retrieve Last Activity Time (or click the Retrieve Last Activity Time tool) to refresh the Last Activity Time field for the current list of active users, if the activity time has changed.
Table 8-32 Field Descriptions for the NE Active Users Table
Field
|
Description
|
Alias ID
|
Alias name of the NE.
|
User Type (ONS 1580x NEs only)
|
Classification of the user. User types are LCT or TL1.
|
Session ID (ONS 1580x NEs only)
|
Session ID of the user.
|
NE Username
|
Name of the user.
|
Profile (ONS 1580x NEs only)
|
Access level of the user.
|
Client IP Address (CTC-based and ONS 1580x NEs only)
|
IP address of the client workstation from which the user has logged in.
|
Session Type (CTC-based NEs only)
|
Type of active user session (EMS, Telnet, and so on). CTM and CTC sessions are identified as "EMS."
This field applies only to the following CTC-based NEs:
•ONS 15454 SONET R6.0 and later
•ONS 15454 SDH R6.0 and later
•ONS 15310 CL R6.0 and later
•ONS 15310 MA R7.0 and later
•ONS 15327 R6.0 and later
•ONS 15600 SONET R6.0 and later
|
Last Activity Time (CTC-based NEs only)
|
Date and time when the last activity was performed by the active user on the NE.
This field applies only to the following CTC-based NEs:
•ONS 15454 SONET R6.0 and later
•ONS 15454 SDH R6.0 and later
•ONS 15310 CL R6.0 and later
•ONS 15310 MA R7.0 and later
•ONS 15327 R6.0 and later
•ONS 15600 SONET R6.0 and later
|
Login Time (CTC-based NEs only)
|
Date and time when the active user logged into the NE.
This field applies only to the following CTC-based NEs:
•ONS 15454 SONET R6.0 and later
•ONS 15454 SDH R6.0 and later
•ONS 15310 CL R6.0 and later
•ONS 15310 MA R7.0 and later
•ONS 15327 R6.0 and later
•ONS 15600 SONET R6.0 and later
|
NE ID
|
Unique ID number of the NE.
|
8.4.4.9 Filtering NE Active Users Table Data
Step 1 In the NE Active Users table, choose File > Filter (or click the Filter Data tool). The Filter dialog box opens.
Step 2 Specify the filter parameters described in the following table.
Step 3 After making your selections, click OK to run the filter.
Table 8-33 Field Descriptions for the NE Active Users Table Filter
Field
|
Description
|
NE ID
|
Move NEs back and forth between the list of available NEs and selected NEs. The filter runs on the NEs in the Selected NE ID list.
|
8.4.4.10 Ending an Active NE User Session
You can use the Log Out User feature to end a user session on CTC-based or ONS 1580x NEs.
Note The Log Out User feature is not available for ONS 15216 EDFA3 NEs.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 1580X > NE User Access Administration. The NE User Access Administration table opens.
Step 2 For CTC-based NEs, choose Edit > NE Active Users (or click the Show NE Active Users tool). For ONS 1580x NEs, choose Administration > NE Active Users. The NE Active Users table opens.
Step 3 For CTC-based NEs, choose Administration > Log Out User (or click the Log Out User tool). For ONS 1580x NEs, choose Administration > Disconnect User.
Step 4 Click Yes.
8.4.4.11 Viewing Users Configured on Cisco IOS XR-Based Devices
The User Settings table lists the usernames and passwords that are configured on Cisco IOS XR-based NEs. These usernames and passwords are used to determine the NE type, while discovering Border Gateway Protocol (BGP) and Cisco Discovery Protocol (CDP) neighbors of a seed NE.
Note To connect to each BGP or CDP neighbor, CTM uses the list of usernames and passwords in the User Settings table and the default username and password configured in the Control Panel > Security Properties pane > CRS-1 or XR 12000 tab.
The User Settings table is populated using the concept of target IP addresses. The IP address of the discovered NE is compared against each of the IP addresses specified in the Target column. CTM tries only the username and password that match the given target IP address. The target is specified as a basic regular expression, where an asterisk (*) is a wildcard. The target can contain entries such as 172.20-40.30-60.* and 172.[20-40].*.*.
Note If none of the target IP addresses match those of the discovered NE or if there are no entries in the User Settings table, CTM uses the following default settings:
•Target: *.*.*.*
•Username: hfrems
•Password: hfrems
•Number of retries: 2
Additionally, the Error Log records an entry to indicate that default settings were used.
You can specify the number of retries for each username and password. The seed NE will try to contact the neighboring NE as many times as is specified in the Retry column.
To view the User Settings table and add, modify, or delete usernames and passwords:
Step 1 In the Domain Explorer window, choose Administration > Cisco IOS XR based Devices > BGP User Settings Table. The User Settings table opens. The following table provides descriptions.
Step 2 Choose Edit > Add (or click the Add Username and Password tool) to add a new username and password for a target IP address and specify the number of retries. Note the following username and password constraints:
•The username cannot be blank.
•The password must contain at least 6 alphanumeric characters. The password accepts as special characters a hyphen (-) and an underscore (_).
Step 3 Choose Edit > View/Modify (or click the Modify Username and Password tool) to modify an existing username and password on a target IP address and change the number of retries. At the confirmation prompt, click OK.
Step 4 Choose Edit > Delete (or click the Delete Username and Password tool) to delete an existing username and password on a target IP address. At the confirmation prompt, click OK.
Table 8-34 Field Descriptions for the User Settings Table
Field
|
Description
|
Target
|
Shows the target IP address that a specific username and password are configured for.
|
Username
|
Shows the username configured for a target IP address.
|
Retry
|
Specifies the number of retries for each username and password. The seed NE will try to contact the neighboring NE as many times as is specified in this column. The range is from 0 to 5 retries.
|
8.4.5 Managing CTC User Profiles
You can view, create, modify, and delete CTC user profiles in the CTM database.
8.4.5.1 Viewing the CTC User Profiles Table
The CTC User Profiles table contains a list of predefined CTC user profiles that are available in the CTM database. To view the CTC User Profiles table, choose Administration > CTC User Profiles in the Domain Explorer window. The following table provides descriptions.
Table 8-35 Field Descriptions for the CTC User Profiles Table
Field
|
Description
|
User ID
|
CTC username.
|
User Privilege
|
CTC user privilege.
|
Description
|
Description of the CTC user.
|
8.4.5.2 Creating a CTC User Profile
Use the Add New CTC User Profile dialog box to add new CTC user profiles to the database. The following table provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles. The CTC User Profiles table opens.
Step 2 Choose Edit > Create (or click the Create a New CTC User Profile tool).
Step 3 In the Add New CTC User Profile dialog box, enter the following information:
•User ID
•User password (and confirm password)
•User privilege
•Description
Step 4 Click OK.
Table 8-36 Field Descriptions for the Add New CTC User Profile Dialog Box
Field
|
Description
|
User ID
|
Name of the new user profile. The profile name must contain from six to twenty alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The user profile name cannot contain a space or any special characters.
Note After the user ID is set, it cannot be changed without deleting the user.
|
User Password
|
User password. The new password must contain a minimum of six and a maximum of ten alphanumeric (a-z, A-Z, 0-9) and special characters (+, #,%), where at least two characters are alphabetic, at least one character is numeric, and at least one character is a special character.
Note Regardless of the actual size of the old password, the Password field displays only a fixed-length string. The fixed-length string is 12 asterisks (*).
|
Confirm Password
|
Retype the password to confirm it.
|
User Privilege
|
Access privilege for the new user profile. Privilege levels are Retrieve, Maintenance, Provisioning, and Superuser.
|
Description
|
Description of the new user profile.
|
8.4.5.3 Modifying a CTC User's Properties
Use the Modify CTC User Profile dialog box to make changes to an existing CTC user profile. The following table provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles. The CTC User Profiles table opens.
Step 2 Choose Edit > View/Modify (or click the Modify CTC User Profile Properties tool).
Step 3 In the Modify CTC User Profile dialog box, modify the following information, as needed:
•User password (and confirm password)
•User privilege
•Description
Step 4 Click OK.
Table 8-37 Field Descriptions for the Modify CTC User Profile Dialog Box
Field
|
Description
|
User ID
|
Display only. Name of the user profile. The profile name must contain from six to twenty alphanumeric characters (A-Z, a-z, 0-9). Alphabetic characters are case-sensitive. The user profile name cannot contain a space or any special characters.
Note After the username is set, it cannot be changed without deleting the user.
|
User Password
|
User password. The password must contain a minimum of six and a maximum of ten alphanumeric (a-z, A-Z, 0-9) and special characters (+, #,%), where at least two characters are alphabetic, at least one character is numeric, and at least one character is a special character.
Note Regardless of the actual size of the old password, the Password field displays only a fixed-length string. The fixed-length string is 12 asterisks (*).
|
Confirm Password
|
Retype the modified password to confirm it.
|
User Privilege
|
Access privilege for the user profile. Privilege levels are Retrieve, Maintenance, Provisioning, and Superuser.
|
Description
|
Description of the user profile.
|
8.4.5.4 Deleting a CTC User Profile
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles. The CTC User Profiles table opens.
Step 2 Select the CTC user profile that you want to delete and choose Edit > Delete (or click the Delete CTC User Profile tool).
Step 3 Click OK in the confirmation dialog box.
8.4.6 Managing Cisco IOS Users
You can view, create, modify, and delete Cisco IOS user accounts in the CTM database.
8.4.6.1 Viewing the IOS Users Table
The IOS Users table shows all of the configured Cisco IOS user accounts. You can use the IOS Users table to manage user access to Layer 2 and Layer 3 Cisco IOS cards. Use this table to give users the ability to view or edit the username and password on ML cards in CTC-based NEs.
To view the table, choose Administration > CTC-Based NEs > IOS Users Table in the Domain Explorer window. The following table provides descriptions.
Table 8-38 Field Descriptions for the IOS Users Table
Field
|
Description
|
Alias ID
|
Alias of the NE.
|
Module Name
|
Name of the selected module.
|
Physical Location
|
Location of the selected module.
|
Username
|
Username that is provisioned on the Cisco IOS card.
|
Privilege
|
Privilege level of the selected user.
|
NE ID
|
ID number of the NE.
|
8.4.6.2 Adding an IOS User
Use the IOS User Creation wizard to add new Cisco IOS users to the domain.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table.
Step 2 In the IOS Users table, choose Edit > Create (or click the Create a New User tool). The IOS User Creation wizard opens. The following table provides descriptions.
Step 3 In the IOS Card Selection window, complete the following substeps:
a. Select the NE ID on which you want to create a new Cisco IOS user.
b. In the Available IOS Cards list, select the card(s) that you want the new user to be able to access. Use the Add button to move the card(s) to the Selected IOS Cards list.
c. Click Next.
Step 4 In the IOS User Information window, enter the following information:
•Username
•Password (and confirm password)
•User privilege
Step 5 Click Finish.
Note A progress animator is displayed while the new user is being added to the IOS Users table.
The new user is listed in the IOS Users table.
Table 8-39 Field Descriptions for the IOS User Creation Wizard
Field
|
Description
|
IOS Card Selection Pane
|
NE ID
|
NE ID on which you want to create a new Cisco IOS user.
|
Available IOS Cards
|
Available Cisco IOS data card(s) that the user can access. Click Add to move the card(s) to the Selected IOS Cards list.
|
Selected IOS Cards
|
Selected Cisco IOS data card(s) that the user can access. Click Remove to return the card(s) to the Available IOS Cards list.
|
IOS User Information Pane
|
Username
|
Name of the Cisco IOS user.
|
Password
|
Login password that the Cisco IOS user will use to access ML cards.
Note Regardless of the actual size of the old password, the Password and Confirm Password fields display only a fixed-length string. The fixed-length string is 12 asterisks (*).
|
Confirm Password
|
Retype the password to confirm it.
|
User Privilege
|
User privilege level. Values are from 0 to 15; the Cisco default is 15.
|
8.4.6.3 Modifying an IOS User
Use the IOS User Modification wizard to modify the password or privilege level of an existing Cisco IOS user.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table.
Step 2 In the IOS Users table, choose Edit > Modify (or click the Modify User Properties tool). The IOS User Modification wizard opens. The following table provides descriptions.
Step 3 In the IOS Card Selection window, complete the following substeps:
a. Select the NE ID on which you want to modify the Cisco IOS user password or privilege level.
b. In the Available IOS Cards list, select the card(s) that you want the modified user to be able to access. Use the Add button to move the card(s) to the Selected IOS Cards list.
c. Click Next.
Step 4 In the IOS User Information window, enter the following information:
•Password (and confirm password)
•User privilege
Step 5 Click Finish.
Note A progress animator is displayed while the user information is modified.
Table 8-40 Field Descriptions for the IOS User Modification Wizard
Field
|
Description
|
IOS Card Selection Pane
|
NE ID
|
NE ID on which you want to modify the Cisco IOS user.
|
Available IOS Cards
|
Available Cisco IOS data card(s) that the user can access. Click Add to move the card(s) to the Selected IOS Cards list.
|
Selected IOS Cards
|
Selected Cisco IOS data card(s) that the user can access. Click Remove to return the card(s) to the Available IOS Cards list.
|
IOS User Information Pane
|
Username
|
Display only. Name of the Cisco IOS user.
|
Password
|
Login password that the Cisco IOS user will use to access ML cards.
|
Confirm Password
|
Retype the password to confirm it.
|
User Privilege
|
User privilege level. Values are from 0 to 15; the Cisco default is 15.
|
8.4.6.4 Deleting an IOS User
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table.
Step 2 In the IOS Users table, select the user to be deleted.
Step 3 Choose Edit > Delete (or click the Delete User tool).
Step 4 Click OK to remove the user from the database.
Note A progress animator is displayed while the delete operation is performed.
8.4.7 Managing SNMPv3 Users
You can view, create, modify, and delete SNMPv3 user profiles
