Configuring the Options for the Network Security Enhancements Feature

This procedure is used to configure the EAGLE to enhance its network security by discarding messages that should not be received. Four options are set using the chg-stpopts command to support this feature.

SECMTPSID – The EAGLE should not receive a message where the OPC is equal to the EAGLE's own true, secondary or capability point codes.
SECMTPMATE – The EAGLE should not receive a message with the true, secondary, or capability point code of the mate STP other than across the C link.
SECMTPSNM – the EAGLE should not receive an MTP network management message unless:
- The OPC is an adjacent point code
- The EAGLE has a route to the OPC of the MTP network management message on the linkset which the message was received.
- The EAGLE has a route to the destination field in the message (if applicable to the concerned message) on the linkset which the message was received.
SECMTPSCMG – the EAGLE should not receive an SCCP network management message unless:
- The EAGLE has a route to the OPC of the SCMG message on the linkset, on which the message was received.
- The EAGLE has a route to the affected point code in the message on the linkset on which the message was received.
This option will only apply to SSP and SOR messages. This feature will not affect the following messages: SSA, SST, SOG, SBR, SNR and SRT.

Each of these options have four values which determine how the EAGLE handles the messages controlled by the options.

NOTIFY – The specified option is active and UIMs are generated.
SILENT – The specified option is active, but no UIMs are generated.
TEST – The specified option is not active, but UIMS are generated as if the option was active.
OFF – The specified option is not active.

The system default value for each of these options is OFF.

To set these options, the Network Security Enhancements feature must be enabled and activated. This can be verified with the rtrv-ctrl-feat command. To enable and activate the Network Security Enhancements feature, go to the Activating Controlled Features procedure.

If the Network Security Enhancements feature is not enabled and activated, the Network Security Enhancement options are not displayed in the rtrv-stpopts output.

When the Network Security Enhancements feature is enabled and activated for the first time, each option is displayed in the rtrv-stpopts output with the system default value (OFF). When the Network Security Enhancements feature is enabled and activated after the feature was disabled, each option is displayed in the rtrv-stpopts output with the value that the option was assigned when the feature was disabled.

Display the Network Security Enhancements options using the rtrv-stpopts command.
This is an example of the possible output.
```
rlghncxa03w 06-10-01 16:02:05 GMT  EAGLE5 36.0.0
STP OPTIONS
-----------------------
SECMTPSID         notify
SECMTPMATE        test
SECMTPSNM         silent
SECMTPSCMG        off
```
Note:
The rtrv-stpopts command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-stpopts command, see the rtrv-stpopts command description in Commands User's Guide.

Note:
If the Network Security Enhancement options are shown in the rtrv-stpopts output in step 1, skip step 2, and go to step 3.
Verify that the Network Security Enhancements feature is enabled and activated, by entering the rtrv-ctrl-feat command.
This is an example of the possible output.
```
rlghncxa03w 06-10-01 21:15:37 GMT EAGLE5 36.0.0
The following features have been permanently enabled:
Feature Name              Partnum    Status  Quantity
Network Security Enhance  893009101  off     ----
```
Note:
The rtrv-ctrl-feat command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-ctrl-feat command, see the rtrv-ctrl-feat command description in Commands User's Guide.

If the Network Security Enhancements feature is not enabled or activated, go to the Activating Controlled Features procedure and enable and activate the Network Security Enhancements feature.

Caution:
If the Network Security Enhancements feature is temporarily enabled, the Network Security Enhancement options can be set and used only for the amount of time shown in the Trial Period Left column in the rtrv-ctrl-feat output.
Change the Network Security Enhancement options.
For this example, enter this command.

chg-stpopts:secmtpsid=silent:secmtpmate=notify :secmtpsnm=notify:secmtpscmg=notify

When this command has successfully completed, this message should appear.
```
rlghncxa03w 06-10-01 00:22:57 GMT  EAGLE5 36.0.0
CHG-STPOPTS: MASP A - COMPLTD
```
Verify the changes using the rtrv-stpopts command.
This is an example of the possible output.
```
rlghncxa03w 06-10-01 16:02:05 GMT  EAGLE5 36.0.0
STP OPTIONS
-----------------------
SECMTPSID          silent
SECMTPMATE         notify
SECMTPSNM          notify
SECMTPSCMG         notify
```
Note:
The rtrv-stpopts command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-stpopts command, see the rtrv-stpopts command description in Commands User's Guide.

Back up the new changes using the chg-db:action=backup:dest=fixedcommand.

These messages should appear, the active Maintenance and Administration Subsystem Processor (MASP) appears first.

BACKUP (FIXED) : MASP A - Backup starts on active MASP.
BACKUP (FIXED) : MASP A - Backup on active MASP to fixed disk complete.
BACKUP (FIXED) : MASP A - Backup starts on standby MASP.
BACKUP (FIXED) : MASP A - Backup on standby MASP to fixed disk complete.

Figure 4-28 Configuring the Options for the Network Security Enhancements Feature