OA512 FTP access

Post Reply
User avatar
rjmeredeth
Member
Posts: 8
Joined: 11 Jan 2010 23:35

OA512 FTP access

Post by rjmeredeth » 14 Jan 2010 16:34

Hi Guys,

I have an OmniAccess 512 (Ver 4.4.2) that I cannot remove from production right now, and I want to either turn off or filter the source IP for the FTP service.

I can't find any docs on it and before I go poking around and trying things in a box that's in production, I was wondering if anyone here could point me in the right direction

Thanks!
Robb

User avatar
benny
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 745
Joined: 20 Oct 2007 14:51
Contact:

Post by benny » 15 Jan 2010 07:10

Hi Robb,

For your reference I've attached the documentation for the OmniAccess 512 (Download:
oa512.zip
).

I recommend to have a look at the section Secure Switch Access oa5_ch05.pdf Page 5-4 (PDF page 4).

My apologies but I don't have such a product available in my network, therefore I can't test it for you.

My best guess is that you need to do the following (not verified, do this at your own risk!)

1.)
Create a new filter using the secdefine command
Enter a Filter name (e.g. netadmin)
Enter an IP address (e.g. 192.168.10.100)
Leave MAC address blank (If this is a routed network you might not know the source MAC)
MAC address is non-canonical
Leave slot and port blank (despite you know that and want to set it)

2.)
Assign the filter to your FTP server using the secapply command
1=e (to enable the FTP security)
11=netadmin (to assign the filter)

Don't forget to save your configuration. Here is an interesting note from the document on how to fully disable the access to a specific application/service on the OmniAccess.
Alcatel-Lucent official documentation: oa5_ch05.pdf page 5-7 (PDF page 7) wrote: Secure Access Filter Points
1) FTP Security : Enabled
11) Filter List : Test, Engineering
2) Telnet Security : Disabled
21) Filter List : Test
3) SNMP Security : Enabled
31) Filter List :
4) TFTP Security : Enabled
41) Filter List : Manufacturing
5) HTTP Security : Disabled
51) Filter List :
6) Custom Security : Enabled
61) Filter List : HR
62) Protocol :
63) Port Service :
7) One-touch Global Security :
71) One-touch Filter List :
Command { Item=Value/?/Help?Quit/Redraw/Save} (Redraw) :
Note
If security is enabled for a filter point and there are no
names defined on its list, then the filter point is essentially
inaccessible to all users. For example, in the
above sample display, SNMP is not accessible to any
user.
Hope this helps ... :)

-benny
You do not have the required permissions to view the files attached to this post.
Regards,
Benny

User avatar
rjmeredeth
Member
Posts: 8
Joined: 11 Jan 2010 23:35

Post by rjmeredeth » 15 Jan 2010 10:01

Thanks for the docs and the advice, Benny! That looks like just what I need. I'm away from the office this week, but I'll try it out first thing next week.

Robb

User avatar
rjmeredeth
Member
Posts: 8
Joined: 11 Jan 2010 23:35

Post by rjmeredeth » 24 Feb 2010 23:28

I meant to post back before now, I just wanted to say thanks. That was exactly what I needed. It worked great.

Robb

Post Reply

Return to “Legacy Devices (OS4024, XOS, OmniCore)”