Filter
Top Products
1-10 Preliminary May 9, 2000 APX 8000/MAX TNT/DSLTNT Physical Interface Configuration Guide
Performing Basic Configuration
Recommended basic security measures
To prevent the TAOS unit router from being used as an intermediary in this type of
denial-of-service attack launched from another network, you must disable the TAOS unit from
forwarding the directed broadcasts it receives from another network. The following example
shows how to disable directed broadcasts that are not generated locally on all IP interfaces of a
TAOS unit with a four-port Ethernet card in shelf 1, slot 12:
admin> read ip-int {{1 c 1} 0}
IP-INTERFACE/{ { shelf-1 controller 1 } 0 } read
admin> set directed-broadcast-allowed = no
admin> write
IP-INTERFACE/{ { shelf-1 controller 1 } 0 } written
admin> read ip-int {{1 12 1} 0}
IP-INTERFACE/{ { shelf-1 slot-12 1 } 0 } read
admin> set directed-broadcast-allowed = no
admin> write
IP-INTERFACE/{ { shelf-1 slot-12 1 } 0 } written
admin> read ip-int {{1 12 2} 0}
IP-INTERFACE/{ { shelf-1 slot-12 2 } 0 } read
admin> set directed-broadcast-allowed = no
admin> write
IP-INTERFACE/{ { shelf-1 slot-12 2 } 0 } written
admin> read ip-int {{1 12 3} 0}
IP-INTERFACE/{ { shelf-1 slot-12 3 } 0 } read
admin> set directed-broadcast-allowed = no
admin> write
IP-INTERFACE/{ { shelf-1 slot-12 3 } 0 } written
admin> read ip-int {{1 12 4} 0}
IP-INTERFACE/{ { shelf-1 slot-12 4 } 0 } read
admin> set directed-broadcast-allowed = no
admin> write
IP-INTERFACE/{ { shelf-1 slot-12 4 } 0 } written
Configuring SNMP access to the unit
For Simple Network Management Protocol (SNMP) access, an SNMP manager must be
running on a host on the local IP network, and the TAOS unit must be able to find that host by
means of either a static route or RIP. In addition to these restrictions, the TAOS unit has its own
SNMP password security (community strings), which you must set up to protect the TAOS unit
from being reconfigured from an unauthorized SNMP station.
Overview of SNMP security
The SNMP profile contains SNMP-readable information about the unit and its SNMP security.
There are two levels of security:
• Community strings limit access to the TAOS unit to the community of SNMP managers
who know the strings.
• Address security excludes SNMP access unless it is initiated from a specified IP address.