Avaya Task Training/ERS-5500/Basic Security

Basic security will walk through the commands for changing the passwords and community strings, on a ERS-5500.

To begin attach to the switch by telnet

 * Control Y to begin
 * scroll down the menu to Command Line Interface... press enter
 * enable
 * config t (no password control is in place yet)

Turn off the Menu
Change console interface to cli and not menu, harder for unauthorized and unskilled user to make changes
 * cmd-interface cli

Create a Custom Banner
Set a login banner so no-one can claim they didn't know they couldn't login
 * banner ? (shows the banner commands Notice that you can turn off the banner all together)
 * banner 9 "This is a private system. Unauthorized login prohibited."
 * banner custom (enable the custom banner)
 * show banner

Creating/Changing Passwords
Before creating/Changing a password set a safety point, so the switch will reboot to original config if a password typo happens

Safty Point

 * no autosave enable (setting a safety point prior to working on passwords)
 * copy config nvram
 * reload minutes-to-wait 15

Passwords

 * show cli password (display default passwords in clear text)
 * cli password {read-only|read-write} password
 * cli password serial ? (list of password commands)
 * cli password telnet local (set password to use local password)
 * show cli password type
 * show cli password (passwords displayed)

Password Security
After the command you will be prompted to change the passwords to complex passwords.
 * password security (force complex passwords, and hides them, note: Password security is enabled by default with the ssh load)
 * show cli password (asterisk'ed), show run (passwords asterisk'ed, as well as snmp com string).

Test Passwords
Logout and Login to test the passwords.

Stop Safty Point Reload

 * config t
 * copy config nvram
 * reload cancel
 * autosave enable

Disable Web Server

 * show web-server (show enabled by default)
 * no web-server (shut it down so nosy browsers can't access it)

SNMP
Change default SNMP communities or passwords. For better security use SNMPv3.
 * snmp-server community "labpublic" ro (note; this is the command for no password security, and you have password security on) To disable password security no password security
 * snmp-server community ro (enter value and confirm value)
 * snmp-server community rw (enter value and confirm value)