Dlp- A272 Change Security Policy On Multiple Nodes - Cisco ONS 15454 Series Procedure Manual

Chapter 19 DLPs A200 to A299
DLP-A272 Change Security Policy on Multiple Nodes
Purpose
Tools/Equipment
Prerequisite Procedures
Required/As Needed
Onsite/Remote
Security Level
From the View menu, choose Go to Network View.
Step 1
Step 2 Click the Provisioning > Security > Policy tabs. A read-only table of nodes and their policies appears.
Click a node on the table that you want to modify, then click Change.
Step 3
If you want to modify the idle user timeout period, click the hour (H) and minute (M) arrows in the
Step 4
Idle User Timeout area for the security level you want to provision: RETRIEVE, MAINTENANCE,
PROVISIONING, or SUPERUSER. The idle period time range is between 0 and 16 hours, and 0 and 59
minutes. The user is logged out after the idle user timeout period is reached.
In the User Lockout area, you can modify the following:
Step 5
•
•
•
Step 6 In the Password Change area, you can modify the following:
•
•
•
Step 7 To require users to change their password at periodic intervals, check the Enforce Password Aging
check box in the Password Aging area. If checked, provision the following parameters:
•
•
In the Other area, you can provision the following:
Step 8
•
•
September 2005
This task changes the security policy for multiple nodes including idle user
timeouts, user lockouts, password change, and concurrent login policies.
None
DLP-A60 Log into CTC, page 17-66
As needed
Onsite or remote
Superuser
Failed Logins Before Lockout—The number of failed login attempts a user can make before the user
is locked out of the node. You can choose a value between 0 and 10.
Manual Unlock by Superuser—Allows a user with Superuser privileges to manually unlock a user
who has been locked out of a node.
Lockout Duration—Sets the amount of time the user will be locked out after a failed login. You can
choose a value between 0 and 10 minutes in five-second intervals.
Prevent Reusing Last [ ] Passwords—Choose a value between 1 and 10 to set the number of different
passwords the user must create before they can reuse a password.
Cannot Change New Password for [ ] days—If checked, prevents users from changing their
password for the specified period. The range is 20 to 95 days.
Require Password Change on First Login to New Account—If checked, requires users to change
their password the first time they log into their account.
Aging Period—Sets the amount of time that must pass before the user must change his or her
password for each security level: RETRIEVE, MAINTENANCE, PROVISIONING, and
SUPERUSER. The range is 20 to 95 days.
Warning—Sets the number days the user will be warned to change their password for each security
level. The range is 2 to 20 days.
Single Session Per User—If checked, limits users to one login session at one time.
Disable Inactive User—If checked, disables users who do not log into the node for the period of time
specified in the Inactive Duration box. The Inactive Duration range is 45 to 90 days.
DLP-A272 Change Security Policy on Multiple Nodes
Cisco ONS 15454 Procedure Guide, R5.0
19-55