In this section:
Access Levels
Administrators have the ability to grant access to users whose accounts have been locally created on the SBC 1000/2000, and to users remotely authenticating.
The following table lists the different types of access roles and the functions they secure.
If a RADIUS user belongs to a Class that is not mapped to an SBC Edge access level, then a default access is used from the Missing User Class Access Level tab.
Default Passwords
The Administrator's password is set at initial setup; the Administrator can add other users through the WebUI.
Password Management
The Administrator may add/edit users through the WebUI (Security > Users > Local User Management).
Adding/Resetting Local User Passwords
The following table outlines information about adding and resetting local user passwords.
New users are prompted to enter a new password when they first attempt to log into the SBC 1000/2000 system. Login is permitted only when the new password meets the specified password criteria.
Recovering Admin Passwords
The SBC 1000/2000 includes a password recovery feature that allows for the recovery of (resetting) the admin password. This feature works by creating a temporary Admin user with a temporary password that allows an administrator to access the Local User Management page of the WebUI and reset at least one Admin level user's password. The Password Recovery feature is enabled (disabled by default) through Global Security Options. See Setting Enhanced Security.
Changing Current User's Password
Change the password of the local user account currently logged into the Ribbon SBC 1000/2000 system through the WebUI (Security> Change Password).
Setting Enhanced Security
The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC 1000/2000 also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.
Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.
Global Security Options can be set through the WebUI (Security > Users > Global Security Options).
Modifying the Global Security Options is available only to users with administrator level access.
Password Resets and new Users
After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC 1000/2000. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).
New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.
Password Lockout
When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration. However, if the SBC 1000/2000 is rebooted, the lockout is terminated.
REST Users
Unlike the various WebUI access users, REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.
User Authentication
This section outlines the user authentication
Local Users
The Ribbon SBC 1000/2000 manages local users whose accounts (and profiles) are stored directly on the Ribbon SBC 1000/2000 system. Authentication for these users occurs locally. Once created, you specify the access levels for these users through the WebUI (Security > Users > Local User Management).
Access Levels:
- Administrator
- Operator
- Audit
- Read-Only
- REST
Remote Users
The Ribbon SBC 1000/2000 allows you to authenticate remote users using the following supported providers:
- Active Directory (AD)
- Remote Authentication Dial In User Service (RADIUS)
For these remote users to operate the Ribbon SBC 1000/2000 system, configure their access level permissions by mapping their remote Group (in the case of AD) or Class (in the case of RADIUS) to the desired SBC 1000/2000 access level. This mapping configuration will dictate the Ribbon SBC-based permissions for your remotely authenticated users.
Remote users are not stored on the Ribbon SBC 1000/2000 system, instead they live on the remote authentication providers. Remote user authentication happens over the network with the appropriate external provider, which is transparent to the user.