Avaya Task Training/ERS-5500/Basic Security

Basic security will walk through the commands for changing the passwords and community strings, on a ERS-5500.


To begin attach to the switch by telnet

edit
  • Control Y to begin
  • scroll down the menu to Command Line Interface... press enter
  • enable
  • config t (no password control is in place yet)

Turn off the Menu

edit

Change console interface to cli and not menu, harder for unauthorized and unskilled user to make changes

  • cmd-interface cli

Create a Custom Banner

edit

Set a login banner so no-one can claim they didn't know they couldn't login

  • banner ? (shows the banner commands Notice that you can turn off the banner all together)
  • banner 9 "This is a private system. Unauthorized login prohibited."
  • banner custom (enable the custom banner)
  • show banner

Creating/Changing Passwords

edit

Before creating/Changing a password set a safety point, so the switch will reboot to original config if a password typo happens

Safty Point

edit
  • no autosave enable (setting a safety point prior to working on passwords)
  • copy config nvram
  • reload minutes-to-wait 15

Passwords

edit
  • show cli password (display default passwords in clear text)
  • cli password {read-only|read-write} password
  • cli password serial ? (list of password commands)
  • cli password telnet local (set password to use local password)
  • show cli password type
  • show cli password (passwords displayed)

Password Security

edit
  • password security (force complex passwords, and hides them, note: Password security is enabled by default with the ssh load)

After the command you will be prompted to change the passwords to complex passwords.

  • show cli password (asterisk'ed), show run (passwords asterisk'ed, as well as snmp com string).

Test Passwords

edit

Logout and Login to test the passwords.

Stop Safty Point Reload

edit
  • config t
  • copy config nvram
  • reload cancel
  • autosave enable

Disable Web Server

edit
  • show web-server (show enabled by default)
  • no web-server (shut it down so nosy browsers can't access it)

SNMP

edit

Change default SNMP communities or passwords. For better security use SNMPv3.

  • snmp-server community "labpublic" ro (note; this is the command for no password security, and you have password security on) To disable password security no password security
  • snmp-server community ro (enter value and confirm value)
  • snmp-server community rw (enter value and confirm value)


See also

edit
  Search for Nortel ERS 5500 on Wikipedia.