security
config>system
This command enables the context to configure security settings.
Security commands manage user profiles and user membership. Security commands also manage user login registrations.
copy {user source-user | profile source-profile} to destination [overwrite]
config>system>security
This command copies the specified user or profile configuration parameters to another (destination) user or profile.
The password is set to the Return key and a new password at login must be selected.
the user to copy from. The user must already exist.
the profile to copy from. The profile must already exist.
the destination user or profile
specifies that the destination user or profile configuration will be overwritten with the copied source user or profile configuration. A configuration will not be overwritten if the overwrite command is not specified.
[no] ftp-server
config>system>security
This command enables FTP servers running on the system.
FTP servers are disabled by default. At system startup, only SSH servers are enabled.
The no form of the command disables FTP servers running on the system.
no ftp-server
hash-control [read-version {1 | 2 | all}] [write-version {1 | 2}]
no hash-control
config>system>security
Whenever the user executes a save or info command, the system will encrypt all passwords, keys, and so on for security reasons. At present, two algorithms exist.
The first algorithm is a simple, short key that can be copied and pasted in a different location when the user wants to configure the same password. However, because it is the same password and the hash key is limited to the password/key, it is obvious that it is the same key.
The second algorithm is a more complex key, and cannot be copied and pasted in different locations in the configuration file. In this case, if the same key or password is used repeatedly in different contexts, each encrypted (hashed) version will be different.
all — read-version set to accept both versions 1 and 2
when the read-version is configured as ‟all,” both versions 1 and 2 will be accepted by the system. Otherwise, only the selected version will be accepted when reading configuration or exec files. The presence of incorrect hash versions will abort the script/startup.
selects the hash version that will be used the next time the configuration file is saved (or an info command is executed). Be careful to save the read and write version correctly, so that the file can be properly processed after the next reboot or exec.
source-address
config>system>security
This command specifies the source address that should be used in all unsolicited packets sent by the application.
application app [ip-int-name | ip-address]
no application app
config>system>security>source-address
This command specifies the application to use the source IPv4 address specified by the source-address command.
The no form of the command removes the specified source address from the application, causing the application to use the system IP address as the source address.
specifies the application name
specifies the name of the IP interface or IPv4 address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
application6 app ipv6-address
no application6 app
config>system>security>source-address
This command specifies the application to use the source IPv6 address specified by the source-address command.
The no form of the command removes the specified source address from the application, causing the application to use the system IP address as the source address.
specifies the application name
specifies the IPv6 address
[no] telnet-server
config>system>security
This command enables Telnet servers running on the system.
Telnet servers are off by default. At system startup, only SSH servers are enabled.
Telnet servers in 7705 SAR networks limit a Telnet client to three retries to log in. The Telnet server disconnects the Telnet client session after three retries.
The no form of the command disables Telnet servers running on the system.
no telnet-server
[no] telnet6-server
config>system>security
This command enables Telnet IPv6 servers running on the system.
Telnet servers are off by default. At system startup, only SSH servers are enabled.
Telnet servers in 7705 SAR networks limit a Telnet client to three retries to log in. The Telnet server disconnects the Telnet client session after three retries.
The no form of the command disables Telnet servers running on the system.
no telnet6-server
vprn-network-exceptions [number seconds]
no vprn-network-exceptions
config>system>security
This command configures the rate at which the 7705 SAR sends ICMP replies to a source IP address in response to TTL expiry IP packets that have been received for all VPRN instances in the system and from all network IP interfaces. Packets include labeled user packets as well as ping and traceroute packets within a VPRN.
This command does not apply to MPLS packets or service OAM packets such as VPRN ping and trace, LSP ping and trace, and VCC ping and trace.
When the command is issued without any number and seconds parameters specified, the default rate is 100 ICMP reply packets sent per 10 seconds. The no form of the command disables the rate-limiting of ICMP replies.
no vprn-network-exceptions
specifies the maximum number of ICMP reply messages that can be sent within the configured number of seconds
specifies the time frame in which the configured number of ICMP reply messages can be sent