System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 29
Configure from most specific to least specific. The 7705 SAR exits on the first
match; subordinate levels cannot be modified with subsequent action
commands. Subordinate level VSAs must be entered prior to this entry to be
effective.
All commands at and below the hierarchy level of the matched command are
subject to the timetra-action VSA. Multiple match-strings can be entered in a
single timetra-cmd VSA. Match strings must be semicolon (;) separated
(maximum string length is 254 characters).
One or more timetra-cmd VSAs can be entered followed by a single timetra-action
VSA:
• timetra-action <deny | permit> — causes the permit or deny action to be
applied to all match strings specified since the last timetra-action VSA
• timetra-home-directory <home-directory string> — specifies the home
directory that applies for the FTP and CLI user. If this VSA is not configured, the
home directory is Compact Flash slot 1 (cf3: on all platforms).
• timetra-restrict-to-home-directory <true | false> — specifies if user access is
limited to their home directory (and directories and files subordinate to their
home directory). If this VSA is not configured, the user is allowed to access the
entire file system.
• timetra-login-exec <login-exec-string> — specifies the login exec file that is
executed when the user login is successful. If this VSA is not configured, no login
exec file is applied.
If no VSAs are configured for a user, the following applies.
• The password authentication-order command on the 7705 SAR router must
include local.
• The user name must be configured on the 7705 SAR router.
• The user must be successfully authenticated by the RADIUS server.
• A valid profile must exist on the 7705 SAR router for this user.
If all conditions listed above are not met, access to the 7705 SAR router is denied
and a failed login event/trap is written to the security log.
For receiving data from the RADIUS server, the following are supported:
• Juniper (vendor-id 4874) attributes 4 (Primary DNS server) and 5 (Secondary
DNS server)
• Redback (vendor-id 2352) attributes 1 (Primary DNS) and 2 (Secondary DNS)
• sending authentication requests: (from the DSL Forum) (vendor-id 3561),
attributes 1 (Circuit ID) and 2 (Remote ID)
To Next Page
Loading...
