sysSecurityFileSystemAccessRestrictions
LUM-SYSTEM-MIB ·
.1.3.6.1.4.1.8708.2.2.2.11.7
Object
scalar
LUM-TCEnableDisable
Access rights to the file system of the node element. When 'restricted',
restrictions to the file system are activated, these restrictions depends
on the user authority profile.
disabled - Default access rights:
1. Administrators (including root) and operators can execute
CLI commands bash and telnet.
2. All users have full file system access using SFTP or
FTP (if enabled).
enabled - Restricted access rights to the file system. The following
restrictions are applied:
1. Only administrator users (including root) can execute
CLI commands bash and telnet.
2. When using SFTP:
Readonly and operator users can only access /tftpboot/ and
its subdirectories.
Administrator users (including root) have full file system
access.
3. When using FTP (if enabled):
Readonly, operator and all administrator users except root
can only access /tftpboot/ and its subdirectories.
The root user have full file system access.
When changed, the updated restrictions will be used at following FTP/SFTP
sessions.
On CU-SFP/III, active FTP sessions will be aborted at the point when file
system access is changed.
Only administrator can change the file system access restriction settings.
Context
- MIB
- LUM-SYSTEM-MIB
- OID
.1.3.6.1.4.1.8708.2.2.2.11.7- Type
- scalar
- Access
- readonly
- Status
- current
- Parent
- sysSecurity
- Siblings
- 14
Values & Constraints
Type Values
1 | disabled |
2 | enabled |
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| sysSecurityLocalConsoleAccess When this parameter is 'disabled' there
is no way to access the board via RS-232.
Note, the setting applies to all boards in all chassis.
enabled - Acce… | scalar | Enumeration | .1.3.6.1.4.1.8708.2.2.2.11.1 |
| sysSecuritySubrackICNPortAccess The Subrack ICN port access is used for
internal connection between subracks.
When this parameter is 'disabled' there
is no way to access next subrack via ICN3 or ICN4.… | scalar | LUM-TCEnableDisable | .1.3.6.1.4.1.8708.2.2.2.11.10 |
| sysSecurityChangeSubrackICNPortAccess Procedure to change 'Subrack ICN port access' | scalar | LUM-TCCommandString | .1.3.6.1.4.1.8708.2.2.2.11.11 |
| sysSecurityMgmtAccessProofOfConnStatus This parameter shows if the NE has lost the signal
or not. The SNMP agent is regularly polling the NE
and if the NE is not polled within a certain time period
(set in parameter M… | scalar | Enumeration | .1.3.6.1.4.1.8708.2.2.2.11.12 |
| sysSecurityMgmtAccessProofOfConnectivity Number of minutes that has to pass with no SNMP agent polls
before the NE assumes that connectivity is lost.
Only administrator can change the proof of connectivity set… | scalar | Integer32 | .1.3.6.1.4.1.8708.2.2.2.11.13 |
| sysSecurityAutoEnableBlockedMgmtPorts A setting to turn off/on auto enabling of blocked management ports.
Management ports in this context means DCN and Local craft ETH (Local craft ETH
does not exist on all platforms… | scalar | LUM-TCOnOff | .1.3.6.1.4.1.8708.2.2.2.11.14 |
| sysSecurityBlockedMgmtPortsUnblocked Blocked management ports (i.e. local craft and DCN ports) are unblocked. | scalar | LUM-TCFaultStatus | .1.3.6.1.4.1.8708.2.2.2.11.15 |
| sysSecurityChangeLocalConsoleAccess Procedure to change 'Local Console Access' | scalar | LUM-TCCommandString | .1.3.6.1.4.1.8708.2.2.2.11.2 |
| sysSecurityIpTablesStatus This parameter shows if a system
function is enabled in the node.
unavailable - package not installed
unsecure - package installed but not in use
secure - package inst… | scalar | Enumeration | .1.3.6.1.4.1.8708.2.2.2.11.3 |
| sysSecurityLocalCraftAccess The local craft ETH access is used for
connecting a PC which runs DHCP (Dynamic Host Control Protocol)
for accessing the web (GUI) interface.
Use lc in the address bar of the brow… | scalar | LUM-TCEnableDisable | .1.3.6.1.4.1.8708.2.2.2.11.4 |
| sysSecurityChangeLocalCraftAccess Procedure to change 'Local Craft ETH Access' | scalar | LUM-TCCommandString | .1.3.6.1.4.1.8708.2.2.2.11.5 |
| sysSecurityAuthenticationOrder This parameter shows the authentication order which is
used by the system.
localFirst - First authenticate with respect to local user database. If it fails, try … | scalar | Enumeration | .1.3.6.1.4.1.8708.2.2.2.11.6 |
| sysSecurityCUFrontICNPortAccess The CU front ICN port access is used for
internal connection between subracks.
When this parameter is 'disabled' there
is no way to access next node via ICN1 or ICN2.
… | scalar | LUM-TCEnableDisable | .1.3.6.1.4.1.8708.2.2.2.11.8 |
| sysSecurityChangeCUFrontICNPortAccess Procedure to change 'CU front ICN port access' | scalar | LUM-TCCommandString | .1.3.6.1.4.1.8708.2.2.2.11.9 |