![]() |
Configuring the ACS Console Server in Wizard ModeA security profile consists of a set of parameters that can be configured in order to have more control over the services active at any time.NOTE: SSH root access is enabled when the security profile is set to Moderate or Open. If a Secured security profile is selected, you must switch to a Custom security profile and enable the allow root access option.
• Moderate - The Moderate profile is the recommended security level. This profile enables sshv1, sshv2, HTTP, HTTPS, Telnet, SSH and Raw connections to the Serial Ports. In addition, ICMP and HTTP redirection to HTTPS are enabled. Authentication to access the serial ports is not required.
• Open - The Open profile enables all services such as Telnet, sshv1, sshv2, HTTP, HTTPS, SNMP, RPC, ICMP, SSH and Raw connections to the Serial Ports. Authentication to access serial ports is not required.See the following tables for the list of enabled services when the Default security profile is used.The Custom security profile opens up a dialog box to allow custom configuration of individual protocols or services.NOTE: By default, a number of protocols and services are enabled in the Custom profile; however, they are configurable to a user’s requirements.The following tables illustrate the properties for each of the security profiles. The enabled services in each profile are designated with a check mark.
The first step to configure your ACS console server is to select a security profile. One of the following situations is applicable when you boot the console server.
• The ACS console server is starting for the first time or after a reset to factory default. In this situation when you boot the console server and log in as an administrator to the Web Manager, a security warning dialog box appears. The Web Manager is redirected to Step 1: Security Profile in the Wizard mode. Further navigation to other sections of the Web Manager is not possible without selecting or configuring a security profile. Once you select or configure a security profile and apply the changes, the console server Web Manager restarts for the security configuration to take effect.
• The console server firmware is upgraded and the system is restarting with the new firmware.In this situation the console server was already in use and certain configuration parameters were saved in the Flash memory. In this case the console server automatically retrieves the Custom Security Profile parameters saved in the Flash memory and behaves as it was a normal reboot.
• The console server is restarting normally. In this situation, the console server detects the pre-defined security profile. You can continue working in the Web Manager.All serial ports on console server units shipped from the factory are disabled by default. The administrator can enable ports individually or collectively and assign specific users to individual ports.If you reconfigure the security profile and restart the Web Manager, make sure the serial ports protocols and access methods match the selected security profile. A reminder dialog box will appear before you can proceed to Step 2: Network Setting.The following procedure assumes you have installed a new console server at your site or you have reset the unit to factory default.
1.
2. Review the Security Advisory and click the Close button.
4. Select a pre-defined security profile by pressing one of the Secure, Moderate, Open or Default profiles or create a Custom profile.The following dialog box is displayed when you select the Custom profile.CAUTION: Take the required precautions to understand the potential impacts of each individual service configured under the Custom profile.NOTE: It is not possible to continue working in the Web Manager without selecting a security profile. A reminder dialog box will appear if you attempt to navigate to other sections of the Web Manager.
5. Once you select a security profile or configure a custom profile and apply the changes, the console server Web Manager must restart for the changes to take effect. A reminder dialog box is displayed. Click OK to continue.
6. Select apply changes at the bottom of the Web Manager form to save the configuration to Flash. The Web Manager restarts.
7. Log in after Web Manager restarts and click on the Wizard button to switch to Wizard mode.