In this section:

Access Levels

Administrators have the ability to grant access to users whose accounts have been locally created on the SBC 1000/2000, and to users remotely authenticating.

The following table lists the different types of access roles and the functions they secure.

Access Levels

Access Account Level

Capabilities

Administrator

Permission to manage (view/add/remove) the Ribbon SBC 1000/2000 system through the User Interface.

Operator

Permission to manage a subset of the functions (non-service affecting) granted to Administrators.

Audit

Permissions to audit the logs on the Ribbon SBC 1000/2000 system.

Read-only

Permission to only view the Ribbon SBC 1000/2000 system through the user interface.

REST

Permission to manage (view/add/remove) the Ribbon SBC 1000/2000 system through the Ribbon API. Users with this access level will not be able to access the web interface.

Configure SBC Edge Authentication for Non-mapped RADIUS User Classes

If a RADIUS user belongs to a Class that is not mapped to an SBC Edge access level, then a default access is used from the Missing User Class Access Level tab.

Default Passwords

The Administrator's password is set at initial setup; the Administrator can add other users through the WebUI.

Default Passwords

User TypeHow to Create PasswordUser ID/Password
AdministratorSet at Initial setupSet at Initial Setup

Administrator
Operator
Audit
Read-only
REST

Added by Administrator through WebUI (Security > Users > Local User Management)Set by Administrator when adding a user

Password Management

The Administrator may add/edit users through the WebUI (Security > Users > Local User Management).

Adding/Resetting Local User Passwords

The following table outlines information about adding and resetting local user passwords.

Adding/Resetting Local Users

LocationLogin User IDMethodPassword Specifications
WebUIadminFrom WebUI: access Security > Users > Local Management
  • Passwords must be 128 characters or less.
  • Passwords may contain a combination of letters, numbers, and special characters.
Note

New users are prompted to enter a new password when they first attempt to log into the SBC 1000/2000 system. Login is permitted only when the new password meets the specified password criteria.

Recovering Admin Passwords

Changing Current User's Password

Change the password of the local user account currently logged into the Ribbon SBC 1000/2000 system through the WebUI (Security> Change Password).

Changing Current User's Password

LocationLogin User IDMethodPassword Specifications
WebUILogged in UserFrom WebUI: access Security > Change Password
  • Passwords must be 128 characters or less.
  • Passwords may contain a combination of letters, numbers, and special characters.

Setting Enhanced Security

The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC 1000/2000 also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.

Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.

Global Security Options can be set through the WebUI (Security > Users > Global Security Options).

Note

Modifying the Global Security Options is available only to users with administrator level access.

Password Resets and new Users

After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC 1000/2000. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).

New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.

Password Lockout

When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration. However, if the SBC 1000/2000 is rebooted, the lockout is terminated.

REST Users

Unlike the various WebUI access users, REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.

User Authentication

This section outlines the user authentication

Local Users

The Ribbon SBC 1000/2000 manages local users whose accounts (and profiles) are stored directly on the Ribbon SBC 1000/2000 system. Authentication for these users occurs locally. Once created, you specify the access levels for these users through the WebUI (Security > Users > Local User Management).

Access Levels:

  • Administrator
  • Operator
  • Audit
  • Read-Only
  • REST

Remote Users

The Ribbon SBC 1000/2000 allows you to authenticate remote users using the following supported providers:

  • Active Directory (AD)
  • Remote Authentication Dial In User Service (RADIUS)

For these remote users to operate the Ribbon SBC 1000/2000 system, configure their access level permissions by mapping their remote Group (in the case of AD) or Class (in the case of RADIUS) to the desired SBC 1000/2000 access level. This mapping configuration will dictate the Ribbon SBC-based permissions for your remotely authenticated users.

Remote User Storage and Authentication

Remote users are not stored on the Ribbon SBC 1000/2000 system, instead they live on the remote authentication providers. Remote user authentication happens over the network with the appropriate external provider, which is transparent to the user.

  • No labels