EasyManua.ls Logo

AudioCodes Media 800 MSBR

AudioCodes Media 800 MSBR
1002 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User's Manual 72 Document #: LTRT-12809
Mediant 800 MSBR
5.6 Limiting OAMP Access to a Specific WAN Interface
You can limit the access of OAMP applications (such as HTTP, HTTPS, Telnet, and SSH)
to a specific WAN interface. This OAMP-interface binding can then be associated with a
Virtual Routing and Forwarding (VRF).
To limit OAMP access on a specific WAN interface, using CLI.
1. Enable WAN management access for specific OAMP applications (see 'Enabling
Remote HTTP/S Web Management' on page 40), using any of the following
commands:
set wan-ssh-allow
set wan-telnet-allow
set wan-snmp-allow
set wan-http-allow
set wan-https-allow
2. Define the WAN interface for the OAMP applications, using the
OAMPWanInterfaceName ini file parameter or the following CLI command:
bind GigabitEthernet <slot/port.vlanId> oamp
bind vlan <vlanId> oamp
The following example enables WAN access for Telnet on interface GigabitEthernet 0/0.4
(GigabitEthernet 0/0.4 may be associated with a VRF):
(config-system)# cli-terminal
(cli-terminal)# set wan-telnet-allow on
(cli-terminal)# exit
(config-system)# bind GigabitEthernet 0/0.5 oamp
To define the WAN OAMP interface using the Web interface:
1. Open the WEB Security Settings page (see 'Configuring Web Security Settings' on
page 71).
2. From the 'WAN OAMP Interface' drop-down list, select the required WAN interface.
3. Click Submit to apply your changes.
5.7 Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common
access card (CAC) with user identification. When a user attempts to access the device
through the Web browser (HTTPS), the device retrieves the Web user’s login username
(and other information, if required) from the CAC. The user attempting to access the device
is only required to provide the login password. Typically, a TLS connection is established
between the CAC and the device’s Web interface, and a RADIUS server is implemented to
authenticate the password with the username. Therefore, this feature implements a two-
factor authentication - what the user has (i.e., the physical card) and what the user knows
(i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
Note: For specific integration requirements for implementing a third-party smart
card for Web login authentication, contact your AudioCodes representative.

Table of Contents

Related product manuals