- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- play_arrow Overview
- play_arrow Installation
- play_arrow Installation Tasks Overview
-
- Installing or Upgrading the CTPView Server OS
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Installing the CTPView Server OS (CTPView Server CLI)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- Reviewing the Installation Log for Errors (CTPView Server CLI)
- Verifying the CTPView Server OS Installation (CTPView)
- Validating the CTPView Server Configuration (CTPView)
- play_arrow Upgrade Tasks for Only the CTPView Software
-
- Configuring the CTPView Administrative Settings
- Preparing a New Server
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Default User Account Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)
- Configuring the Network Access (CTPView Server Menu)
- Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Enabling OpenSSL Authentication of Users by Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Importing Certificates Issued by a Third-Party CA (CTPView Server Menu)
- Updating the CTPView Software
- Logging In with a Browser (CTPView)
- Changing the CTPView GUI Default User Account Password (CTPView)
- Creating a New Global_Admin Account (CTPView)
- Configuring Subdomains in Hostnames (CTPView Server Menu)
- play_arrow Upgrade Tasks for CTPOS
- play_arrow Default Accounts and Passwords
- play_arrow Understanding CTPView Upgrade Files
- play_arrow Administration
- play_arrow Managing and Displaying Users (CTPView)
- Managing CTPView Users with the CTPView Admin Center
- Accessing the CTPView Admin Center (CTPView)
- Monitoring CTPView Users (CTPView)
- Adding New CTPView Users (CTPView)
- Modifying CTPView User Properties (CTPView)
- Monitoring CTPView Groups (CTPView)
- Modifying CTPView User Group Affiliation (CTPView)
- Adding a New CTPView User Group (CTPView)
- Modifying CTPView User Group Default Properties (CTPView)
- play_arrow Deleting Users and Groups (CTPView)
- play_arrow Managing User Passwords (CTPView)
- play_arrow Configuring User Login Properties (CTPView)
- Logging Out a CTPView User (CTPView)
- Configuring Automatic Logout for a CTPView User (CTPView)
- Configuring the Number of Login Attempts Allowed Before Lockout (CTPView)
- Configuring a Lockout Period for CTPView Users (CTPView)
- Clearing CTPView User Counters (CTPView)
- Reinstating Locked-Out IP Addresses (CTPView)
- Creating an Access Filter to Allow or Deny IP Addresses (CTPView)
- Removing an IP Access Filter (CTPView)
- Understanding CTPView GUI User Levels
- CTPOS and CTPView Software Password Requirements
- play_arrow Managing the CTPView Server (CTPView)
- Adding and Removing CTP Platforms Managed by CTPView Software (CTPView)
- Adding and Removing Host Groups (CTPView)
- Adding and Removing SNMP Communities (CTPView)
- Managing CTP Platforms in the Network (CTPView)
- Configuring Email Notifications (CTPView)
- Setting the CTPView Server Start-Up Banner (CTPView)
- Setting the CTP Platforms Login Banner (CTPView)
- Configuring an SSH Connection to a CTP Platform that Persists Through the Session (CTPView)
- Setting the CTPView Server Clock (CTPView)
- Setting the CTPOS Clock (CTP Menu)
-
- Accessing the NTP Server Settings Window (CTPView)
- Stopping the NTP Daemon (CTPView)
- Adding an NTP Peer (CTPView)
- Removing an NTP Peer (CTPView)
- Synchronizing the CTPView Server to an NTP Peer (CTPView)
- Adding NTP Network Clients (CTPView)
- Removing an NTP Network Client (CTPView)
- Modifying the Netmask of an NTP Network Client (CTPView)
- play_arrow NTP Authentication Overview on CTP Devices
- Configuring NTP Authentication Using the System Query Page (CTPView)
- Configuring NTP Authentication Using the System Configuration Page (CTPView)
- Configuring NetRef Settings (CTPView)
- Setting a Limit on File Transfer Bandwidth Between the CTPView Server and CTP Platforms (CTPView)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- play_arrow Monitoring CTP Platforms (CTPView)
- Monitoring the Network with the CTPView Software (CTPView)
- Changing the Display Settings for CTPView Network Monitoring (CTPView)
- Displaying Runtime Query Results for a CTP Platform (CTPView)
- Overriding CTP Platform Network Status and Adding Comments (CTPView)
- Saving CTP Platform Configurations (CTPView)
- Setting an Audible Alert for CTP Platform Status (CTPView)
- Displaying CTPView Network Reports (CTPView)
- Field Descriptions in CTPView Network Reports (CTPView)
- Displaying Network Statistics (CTPView)
- Displaying the Management and Circuit Interface Settings (CTP Menu)
- play_arrow Changing CTPView GUI Settings
-
- Accessing the CTPView Server Configuration Menu (CTPView Server Menu)
- play_arrow Managing CTPView Users (CTPView Server Menu)
- Unlocking a User Account (CTP Menu)
- play_arrow Adding a VLAN Interface to a Node (CTP Menu)
- Configuring Separate Interfaces for Management and Circuit Traffic (CTP Menu)
- Accessing the Security Profile Configuration Menu (CTP Menu)
- Classification of CTPView Shell Account Users
-
- Setting the CTPView Server Start-Up Banner (CTPView Server Menu)
- Establishing an SSH Connection (CTP Menu)
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restarting the PostgreSQL Server (CTPView Server Menu)
- Setting the Logging Level (CTPView Server Menu)
-
- Resetting the Default System Administrator Account (CTPView Server Menu)
- Resetting the Data File Permissions (CTPView Server Menu)
- Resetting the CTPView System Files to the Default Values (CTPView Server Menu)
- Burning an Image of CTPOS to a CompactFlash Card (CTPView Server Menu)
- Resetting the Default Firewall Settings (CTPView Server Menu)
-
- Changing Passwords to Improve Access Security
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- play_arrow Troubleshooting
- play_arrow Restoring CLI Access to the CTPView Server
- Restoring Access to a CTPView Server
- Accessing a Shell on the CTPView Server (CTPView Server CLI)
- Setting a New Password for a Nonroot User Account (CTPView Server CLI)
- Setting a New Password for a Root User Account (CTPView Server CLI)
- Creating a Nonroot User Account and Password (CTPView Server CLI)
- play_arrow Restoring Browser Access to a CTPView Server
- play_arrow Changing a CTPOS User Password
Configuring NTP Authentication Using the System Configuration Page (CTPView)
NTP authentication enables the CTP device, which functions as the NTP client, to verify that servers are known and trusted. Symmetric key authentication will be used to authenticate the packets. It is assumed that the shared secret key is already being communicated between client and server and it is the responsibility of the server to have the shared secret keys already configured in their configuration and keys files. The client then adds the required key ID and shared secret key to their configuration and keys files through CTPView or through syscfg commands. The Key ID and Key Value fields must be left blank in CTPView to disable NTP authentication.
To configure NTP authentication using CTPView:
- In the side pane, select System > Configuration. Tip
Alternatively, you can specify the key ID and key value for NTP authentication from the System Query page by selecting System > Query in the side pane.
- Click Node Settings tab.
The NTP Settings page is displayed. The hostname and IP address of the CTP device are displayed under the Device table, which is shown to the left of the NTP Settings table.
- Configure the parameters described in Table 14 and click Submit Settings.
- (Optional) Click System > Configuration > Node Settings to verify the NTP configuration details.
Table 14: NTP Server Authentication Settings on the System Configuration Page in CTPView
| Field | Function | Your Action |
|---|---|---|
Server IP | Specifies the IPv4 or IPV6 address of the NTP server. Adds NTP servers to the server list (IP addresses or hostnames). You can configure a maximum of two NTP servers. NTP authentication is started from the first server in the list and if the first server fails or becomes unavailable, the second server in the list is used. | Enter the IPv4 or IPv6 address of the NTP server to be used for authentication. |
Key ID | Specifies the key ID to authenticate the NTP packets received from the server by the NTP client. The servers and clients involved must agree on the key and key identifier to authenticate NTP packets. Keys and related information are specified in a key file. Key ID is used to prove authenticity of data received over the network. During the synchronization of time, the client requests the key ID with the “NTP Client” packet and server sends the response with the “NTP Server” packet. If the key ID differs in both the packets, then the time does not synchronize. The time is synchronized and modified for the client only when the two key IDs are the same. The IP address with the secret key is configured in the “/etc/ntp.conf” NTP configuration file on the CTP device. The following is the example for the ntp.conf file: ‘server x.x.x.x key 123’ where: x.x.x.x is the NTP server IP address Key is the secret key id which is shared by both the client and server. | Enter a 32-bit integer in the range of 1 through 65534. |
Key Value | Specifies the value of the NTP key used for NTP authentication between the NTP server and the NTP client. NTP uses keys to implement authentication. This key is used while exchanging data between the client and server. The following three key types are present:
CTP devices support the M key (MD5) for NTP authentication. All the keys must be defined in the “/etc/ntp/keys” file. The following is an example for the keys file: ‘123 M pass’ where: 123 is the key id (range 1 to 65534) M designates the key type (M means MD5 encryption) Pass denotes the key itself | Enter the key value as a sequence of up to 31 ASCII characters. |
Status | Specifies whether you want to enable or disable the NTP process on the CTP device. | Select one:
|
You can also configure the RADIUS and TACACS+ settings from the System Configuration page.
To configure TACACS+ from the CTPView web interface:
- In the side pane, select System > Configuration.
- Click Node Settings > TACACS+ Settings tab.
The TACACS+ Settings page is displayed.
- Configure the parameters described in Table 15 and click Submit Settings.
- (Optional) Click System > Query > Node Settings to
verify the TACACS+ configuration details.
Table 15: TACACS+ Settings for the CTPView Web Interface
Field
Function
Your Action
Status
Specifies whether TACACS+ is enabled or disabled.
TACACS+ is disabled by default.
Select one.
Enabled
Disabled
Dest Port
TACACS+ uses the TCP port for sending and receiving data.
Port 49 is reserved for TACACS+ and is the default port.
Enter the destination port number.
Timeout
Time in seconds that the TACACS+ client should wait for a response from the TACACS+ server after sending the authentication and authorization request. Timeout value applies to all the TACACS+ servers that are configured.
The default timeout value is 5 seconds.
Specify a value.
Off-Line-Failover
You can use the local authentication credentials if the configured TACACS+ servers are unavailable or no response is received from the TACACS+ servers.
The default option is Allowed to Loc Acct.
Select one.
Not Allowed
Allowed to Loc Acct
Reject-Failover
You can use the local authentication credentials if the TACACS+ server rejects the attempt to authenticate.
The default option is Allowed to Loc Acct.
Select one.
Not Allowed
Allowed to Loc Acct
Servers
You can configure up to 10 TACACS+ servers each for CTPOS and CTPView users for authentication and authorization.
CTP tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.
Authorization is done on the server that successfully authenticates the user.
Enter the IP address of the server, and specify a shared secret.
Shared Secret
Shared secret is the secret key that TACACS+ servers use to encrypt and decrypt packets that are sent and received from the server. TACACS+ clients use the same secret key to encrypt and decrypt packets.
Specify the shared secret.
To configure RADIUS from the CTPView web interface:
- In the side pane, select System > Configuration.
- Click Node Settings > RADIUS Settings tab.
The RADIUS Settings page is displayed.
- Configure the parameters described in Table 16 and click Submit Settings.
- (Optional) Click System > Query > Node Settings to
verify the RADIUS configuration details.
Table 16: RADIUS Settings for the CTPView Web Interface
Field
Function
Your Action
Status
Specifies whether RADIUS is enabled or disabled.
RADIUS is disabled by default.
Select one.
Enabled
Disabled
Dest Port
RADIUS uses the TCP port for sending and receiving data.
Port 49 is reserved for RADIUS and is the default port.
Enter the destination port number.
Timeout
Time in seconds that the RADIUS client should wait for a response from the RADIUS server after sending the authentication and authorization request. Timeout value applies to all the RADIUS servers that are configured.
The default timeout value is 5 seconds.
Specify a value.
Off-Line-Failover
You can use the local authentication credentials if the configured RADIUS servers are unavailable or no response is received from the RADIUS servers.
The default option is Allowed to Loc Acct.
Select one.
Not Allowed
Allowed to Loc Acct
Reject-Failover
You can use the local authentication credentials if the RADIUS server rejects the attempt to authenticate.
The default option is Allowed to Loc Acct.
Select one.
Not Allowed
Allowed to Loc Acct
Servers
You can configure up to 10 RADIUS servers each for CTPOS and CTPView users for authentication and authorization.
CTP tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.
Authorization is done on the server that successfully authenticates the user.
Enter the IP address of the server, and specify a shared secret.
Shared Secret
Shared secret is the secret key that RADIUS servers use to encrypt and decrypt packets that are sent and received from the server. RADIUS clients use the same secret key to encrypt and decrypt packets.
Specify the shared secret.
