Version 6.6 369 October 2014
Installation & Operation Manual 33. Configuring Security Settings
33.18.5 Administering the Local CLI User Database
In a simple Media Gateway configuration, the CLI users database is stored internally
on each SC board and the tools user script is used to perform administration. The
local CLI users database is constantly synchronized between the SC boards, therefore
any change that is performed on the Active SC board is immediately replicated to the
Standby SC board.
To configure the Media Gateway to use the Local CLI Users Database, run the tools
user sync script and set synchronization mode to disabled (see chapter
'Synchronizing CLI Users Database with the EMS Server' on page 367 for details).
Also ensure that external user authentication is disabled (see chapter 'Centralized
RADIUS Servers' on page 384).
Figure
33-6: Local CLI Users Database on SC Boards
When the Media Gateway is configured to use the Local CLI Users Database, the
security administrator should decide which users are allowed access to the Media
Gateway CLI and to provision usernames and passwords via the tools user script as
described below. It is strongly recommended to create a separate CLI account for
each person who operates the Media Gateway and refrain from using shared
accounts (i.e. accounts that are used by multiple users, such as the default acladmin
account).
For enhanced security, passwords of CLI users must be periodically modified.
Note : The CLI Users Database is replicated from the active SC to the standby SC.
Therefore always connect to the Active SC to perform user administration.
To Next Page
Loading...
