A
- access control lists
- access security
- accounts
- address filter, IP See IP access filter
- Admin Center
- accessing
- groups
- passwords
- users
- adding
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters, creating
- IP access filters, removing
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing access
- modifying properties
- monitoring
- prohibiting
- reinstating prohibited
- administrative passwords
- administrative settings
- Apache daemon
- archive file
- authentication
B
- bandwidth throttling
- banner
- BIOS menu
- booting CTPView server from CD
- browser
C
- Circuit to Packet network
- clock options
- CompactFlash card
- configuration settings
- configuration, server
- CTP devices
- CTP platforms
- adding and removing
- adding comments to monitoring status
- automatically collecting statistical data
- changing display settings for network monitoring
- checking connections to the CTPView server
- displaying network statistics
- displaying reports
- displaying runtime query results
- host groups, adding and removing
- managing
- manually overriding monitoring status
- monitoring (CTPView GUI)
- passwords
- port forwarding
- restoring configuration
- saving configuration automatically
- setting audible status alert
- SNMP communities, adding and removing
- SSH connections
- understanding network reports
- updating CTPOS
- CTPOS
- burn CTPOS flash image 1, 2
- burning image to a CompactFlash card
- default accounts and passwords
- updating
- upgrade files
- CTPView
- CTPView Admin Center See Admin Center
- CTPView GUI
- adding comments to platform monitoring status
- Admin Center, accessing
- automatically removing outdated files
- automatically synchronizing servers
- bandwidth throttling
- browser settings
- browser, logging in
- changing default user password
- checking network connections
- configuring automatic functions
- creating more server disk space
- CTP platform reports
- display settings
- display settings help
- displaying platform and port runtime query results
- email notifications
- Global_Admin account, creating
- groups
- host groups, adding and removing
- managing users and groups
- manually overriding platform monitoring status
- monitoring the CTP platform network
- network monitoring display settings
- network reports 1
- network statistics
- NTP servers, managing
- passwords
- platforms, adding and removing
- port forwarding, managing
- restoring configuration
- CTP platform
- CTPView server, by synchronizing servers 1, 2
- restoring server configuration
- saving configuration
- server clock, setting
- setting audible platform status alert
- SNMP communities, adding and removing
- start-up (log-in) banner
- support for tabbed or nontabbed browsers
- synchronizing servers
- user properties, modifying
- users
- adding
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters, creating
- IP address access filters, removing
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing access
- monitoring
- prohibiting
- reinstating prohibited
- validating server configuration 1, 2
- verifying server OS installation
- CTPView server
- access security, managing 1, 2
- account
- acquiring shell access
- booting from CD
- clock, setting
- configuring guidelines on a virtual machine
- configuring on a Hyper-V server
- configuring on an ESXi server
- creating disk space
- data file permissions, resetting
- default accounts and passwords
- determining free disk space
- disk space, creating
- firewall defaults, restoring
- installation log
- installing OS (CTPView server CLI)
- installing the software overview
- log-in banner, setting
- logging level, setting
- logs, managing
- MySQL server, restarting
- network access, configuring
- on a Hyper-V server
- on a Hyper-V server, overview
- on a virtual machine, overview
- on an ESXi server
- on an ESXi server, overview
- password
- password requirements 1, 2
- port forwarding, configuring
- preparing a new
- restoring browser access
- restoring configuration by synchronizing servers 1, 2
- restoring configuration overview
- restoring configuration settings
- restoring shell access
- software installation and upgrade
- start-up (log-in) banner
- synchronizing to restore configuration 1, 2
- system administrator account, resetting
- system file defaults, restoring
- TACACS+ settings
- TACACS+, configuring
- third-party software on
- upgrade files
- upgrading the software overview
- user passwords, managing
- users, managing shell account
- validating configuration 1, 2
- verifying OS installation
- web certificate, creating
- CTPView server CLI
- BIOS menu password 1, 2
- burning CTPOS image to a CompactFlash card
- changing default user password
- changing root account password 1, 2
- installing server OS
- reviewing the installation log
- CTPView server menu
- access security, managing
- accessing
- creating more server disk space 1, 2
- GRUB boot loader password 1, 2
- log-in banner, setting
- logging level, setting
- logs, managing
- MySQL Apache account password 1, 2
- MySQL IP access lists
- MySQL root account password 1, 2
- MySQL server, restarting
- network access, configuring
- OpenSSL authenticaton, creating and self-signing web certificate
- port forwarding, managing
- restoring server configuration settings 1, 2
- saving CTPView configuration settings 1, 2
- TACACS+, configuring
- user passwords, managing
- users, managing shell account
- web certificate, creating
- CTPView server OS
- software installation and upgrade
- verifying installation
- CTPView server, OpenSSL
- CTPView software
- configuring administrative settings
- saving configuration settings 1, 2
- updating CTPOS
- upgrade files
- upgrading
- user security levels
D
- data file permissions
E
- email notifications
- ESXi server
F
- files
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- firewall
G
- Global_Admin account
- groups, user
- GRUB boot loader
H
I
- installation
- IP access filter
- IP address filter See IP access filter
L
- limiting CTP network bandwidth
- log-in banner
- configuring
- setting
- logging level
- login security
- logs
M
- menu
- MySQL database
- automatically backing up
- changing the Apache account password 1, 2
- changing the root account password 1, 2
- configuring IP access control lists
- MySQL server
N
- native authentication with Steel-Belted RADIUS
- network access
- network reports
- nonroot account
- nonroot passwords
- NTP servers
O
- OpenSSL authentication
- OS, CTPView server
- installing (CTPView server CLI)
- software installation and upgrade
- verifying installation on server
- outdated files
- automatically removing
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- overview
- Circuit to Packet network
- CTP network software
- restoring configuration 1, 2
- restoring server configuration
- software installation and upgrade
- synchronizing servers (CTPView)
P
- passwords
- BIOS menu changing 1, 2
- changing administrative
- changing requirements
- CTP platform user
- CTPOS
- CTPView GUI
- CTPView server
- changing default
- changing root 1, 2
- creating nonroot
- default
- recovering lost
- requirements 1, 2
- setting new nonroot
- setting new root
- excluding from use
- expiration of user
- Global_Admin account
- GRUB boot loader changing 1, 2
- limiting use
- managing user
- MySQL database changing 1, 2, 3, 4
- reinstating excluded
- requirements of user
- port forwarding
R
- receive packet processing
- redundant files
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- remote host See CTP platforms
- root passwords
- RSA SecurID authentication with Steel-Belted RADIUS
S
- security levels
- serial stream processing
- setting user password
- shell access to CTPView server
- SNMP communities See adding and removing
- software
- installation and upgrade
- upgrade files
- SSH
- connections to CTP platforms
- persistent connections to CTP platforms
- start-up banner
- configuring
- setting
- Steel-Belted RADIUS
- synchronization of CTPView servers
- automatic method
- configuring the synchronization network
- manual method
- overview
- to restore configuration 1, 2
- system administrator account
- system file
T
- third-party software
- transmit packet processing
- troubleshooting
- two factor authentication with Steel-Belted RADIUS
U
- upgrade
- user accounts, unlocking
- user groups See groups, user
- user passwords
- changing CTP platform
- changing CTPView GUI default
- changing server’s default
- changing server’s root 1, 2
- expiration
- requirements
- users
- adding
- authentication with Steel-Belted RADIUS
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing
- managing access
- managing passwords
- modifying properties
- monitoring
- password requirements 1, 2
- prohibiting
- reinstating prohibited
- security levels 1, 2
- shell account, classification
- shell account, managing
V
- virtual machine
W
- web certificate
Download This Guide
Related Documentation
Configuring NTP Authentication Using the System Configuration Page (CTPView)
NTP authentication enables the CTP device, which functions as the NTP client, to verify that servers are known and trusted. Symmetric key authentication will be used to authenticate the packets. It is assumed that the shared secret key is already being communicated between client and server and it is the responsibility of the server to have the shared secret keys already configured in their configuration and keys files. The client then adds the required key ID and shared secret key to their configuration and keys files through CTPView or through syscfg commands. The Key ID and Key Value fields must be left blank in CTPView to disable NTP authentication.
To configure NTP authentication using CTPView:
- In the side pane, select System > Configuration.
Tip: Alternatively, you can specify the key ID and key value for NTP authentication from the System Query page by selecting System > Query in the side pane.
- Click Node Settings tab.
The NTP Settings page is displayed. The hostname and IP address of the CTP device are displayed under the Device table, which is shown to the left of the NTP Settings table.
- Configure the parameters described in Table 13 and click Submit Settings.
- (Optional) Click System > Configuration > Node Settings to verify the NTP configuration details.
Table 13: NTP Server Authentication Settings on the System Configuration Page in CTPView
| Field | Function | Your Action |
|---|---|---|
Server IP | Specifies the IPv4 or IPV6 address of the NTP server. Adds NTP servers to the server list (IP addresses or hostnames). You can configure a maximum of two NTP servers. NTP authentication is started from the first server in the list and if the first server fails or becomes unavailable, the second server in the list is used. | Enter the IPv4 or IPv6 address of the NTP server to be used for authentication. |
Key ID | Specifies the key ID to authenticate the NTP packets received from the server by the NTP client. The servers and clients involved must agree on the key and key identifier to authenticate NTP packets. Keys and related information are specified in a key file. Key ID is used to prove authenticity of data received over the network. During the synchronization of time, the client requests the key ID with the “NTP Client” packet and server sends the response with the “NTP Server” packet. If the key ID differs in both the packets, then the time does not synchronize. The time is synchronized and modified for the client only when the two key IDs are the same. The IP address with the secret key is configured in the “/etc/ntp.conf” NTP configuration file on the CTP device. The following is the example for the ntp.conf file: ‘server x.x.x.x key 123’ where: x.x.x.x is the NTP server IP address Key is the secret key id which is shared by both the client and server. | Enter a 32-bit integer in the range of 1 through 65534. |
Key Value | Specifies the value of the NTP key used for NTP authentication between the NTP server and the NTP client. NTP uses keys to implement authentication. This key is used while exchanging data between the client and server. The following three key types are present:
CTP devices support the M key (MD5) for NTP authentication. All the keys must be defined in the “/etc/ntp/keys” file. The following is an example for the keys file: ‘123 M pass’ where: 123 is the key id (range 1 to 65534) M designates the key type (M means MD5 encryption) Pass denotes the key itself | Enter the key value as a sequence of up to 31 ASCII characters. |
Status | Specifies whether you want to enable or disable the NTP process on the CTP device. | Select one:
|
You can also configure the RADIUS and TACACS+ settings from the System Configuration page.
To configure TACACS+ from the CTPView web interface:
- In the side pane, select System > Configuration.
- Click Node Settings > TACACS+ Settings tab.
The TACACS+ Settings page is displayed.
- Configure the parameters described in Table 14 and click Submit Settings.
- (Optional) Click System > Query > Node Settings to
verify the TACACS+ configuration details.
Table 14: TACACS+ Settings for the CTPView Web Interface
Field
Function
Your Action
Status
Specifies whether TACACS+ is enabled or disabled.
TACACS+ is disabled by default.
Select one.
- Enabled
- Disabled
Dest Port
TACACS+ uses the TCP port for sending and receiving data.
Port 49 is reserved for TACACS+ and is the default port.
Enter the destination port number.
Timeout
Time in seconds that the TACACS+ client should wait for a response from the TACACS+ server after sending the authentication and authorization request. Timeout value applies to all the TACACS+ servers that are configured.
The default timeout value is 5 seconds.
Specify a value.
Off-Line-Failover
You can use the local authentication credentials if the configured TACACS+ servers are unavailable or no response is received from the TACACS+ servers.
The default option is Allowed to Loc Acct.
Select one.
- Not Allowed
- Allowed to Loc Acct
Reject-Failover
You can use the local authentication credentials if the TACACS+ server rejects the attempt to authenticate.
The default option is Allowed to Loc Acct.
Select one.
- Not Allowed
- Allowed to Loc Acct
Servers
You can configure up to 10 TACACS+ servers each for CTPOS and CTPView users for authentication and authorization.
CTP tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.
Authorization is done on the server that successfully authenticates the user.
Enter the IP address of the server, and specify a shared secret.
Shared Secret
Shared secret is the secret key that TACACS+ servers use to encrypt and decrypt packets that are sent and received from the server. TACACS+ clients use the same secret key to encrypt and decrypt packets.
Specify the shared secret.
To configure RADIUS from the CTPView web interface:
- In the side pane, select System > Configuration.
- Click Node Settings > RADIUS Settings tab.
The RADIUS Settings page is displayed.
- Configure the parameters described in Table 15 and click Submit Settings.
- (Optional) Click System > Query > Node Settings to
verify the RADIUS configuration details.
Table 15: RADIUS Settings for the CTPView Web Interface
Field
Function
Your Action
Status
Specifies whether RADIUS is enabled or disabled.
RADIUS is disabled by default.
Select one.
- Enabled
- Disabled
Dest Port
RADIUS uses the TCP port for sending and receiving data.
Port 49 is reserved for RADIUS and is the default port.
Enter the destination port number.
Timeout
Time in seconds that the RADIUS client should wait for a response from the RADIUS server after sending the authentication and authorization request. Timeout value applies to all the RADIUS servers that are configured.
The default timeout value is 5 seconds.
Specify a value.
Off-Line-Failover
You can use the local authentication credentials if the configured RADIUS servers are unavailable or no response is received from the RADIUS servers.
The default option is Allowed to Loc Acct.
Select one.
- Not Allowed
- Allowed to Loc Acct
Reject-Failover
You can use the local authentication credentials if the RADIUS server rejects the attempt to authenticate.
The default option is Allowed to Loc Acct.
Select one.
- Not Allowed
- Allowed to Loc Acct
Servers
You can configure up to 10 RADIUS servers each for CTPOS and CTPView users for authentication and authorization.
CTP tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.
Authorization is done on the server that successfully authenticates the user.
Enter the IP address of the server, and specify a shared secret.
Shared Secret
Shared secret is the secret key that RADIUS servers use to encrypt and decrypt packets that are sent and received from the server. RADIUS clients use the same secret key to encrypt and decrypt packets.
Specify the shared secret.
