Administering Network Access

The Access Administration function lets you manage settings for remote access to your network. From this screen you can:

Add and delete remote hosts (computers attempting to access your system via a network connection).
Edit remote host access to your system.
Edit the login names used by remote hosts on your system.
Edit service levels for remote users.
Display the remote host's site name rather than IP number.

For more information on the Access Administration screen display, see Elements of the Access Administration Screen.

Adding Remote Hosts

To add the IP address of a remote host to the list:

Choose ADD from the TELNET ACCESS ADMINISTRATION screen. The system prompts:
Enter IP address, a range of IP addresses, or network number:

Add a single IP address, a range of IP addresse, or multiple IP addresses.

IP Address Octets

IP addresses are specified in the form "nnn.nnn.nnn.nnn", where each "nnn" (known as an octet) is a number from 0 to 255.

Type of Entry	Description
Single IP address	The complete, four-octet address (for example: 111.111.111.111)
A range of IP addresses	The first address followed by a dash (-) and the last three digits of the last number in the range. For example, to add the range from 188.179.22.223 to 188.179.22.255, enter: 188.179.22.223-255 In any range, the last two digits of the first IP address must be less than last two digits of the second IP address (e.g., the range 188.179.22.223-140 is illegal).
Multiple IP addresses	You can enter multiple IP addresses using any of the following methods: Omit octets This allows access by all machines with an IP address that matches the beginning of the specified address. Note that you must include the trailing period ('.'). For example, if you grant access to the IP address 111.111.111. (i.e., the last octet is unspecified), then all machines with an IP address that begins 111.111.111 will be allowed to access the Web Server (i.e., 111.111.1.1, 111.111.111.2, 111.111.111.3, etc.). Use a valid wildcard.

Invalid Remote Host Entries

Invalid host entries include:

123.145-149.
123.145.156-159.
123.145.156-157.10
123.145.156.167-123.145.159.1

After you key your entry, the system prompts you to enter a comment or a hostname:

Enter Comment or Hostname for <IP Address> :

Enter a comment or hostname, and then press Enter. The system prompts you to edit the:
- access
- login name
- service level

Deleting Remote Hosts

To remove the IP address of a remote host from the list:

Choose DELETE from the TELNET ACCESS ADMINISTRATION screen. The system prompts you for the remote host's number (i.e., its number in the list, which is indicated to the left of the IP address or site name).
Enter the number. When you enter the number:
- the letter 'X' appears to the left of the number in the list
- the menu option toggles to UNDELETE
(Optional) To cancel the deletion:
1. Choose UNDELETE. The system prompts you for the remote host's number (i.e., its number in the list, which is indicated to the left of the IP address or site name).
2. Enter the number. When you enter the number:
  - the letter 'X' is removed from the left of the number in the list
  - the menu option toggles to DELETE
Choose QUIT. Remote hosts marked with an 'X' are deleted.

Editing Access

To edit whether a remote host is allowed access to your system:

On the TELNET ACCESS ADMINISTRATION screen, enter the number that appears to the left of the remote host entry. The edit screen appears. For example:

     TELNET ACCESS ADMINISTRATION                      

1 > REMOTE HOST   : 12.95.104.59
2 > ACCESS?       : Yes
3 > LOGIN NAME    :
4 > SERVICE LEVEL : 0
5 > COMMENT       : oreo.iii.com

___________________________________________________________________________
 Key number to modify or
 Q > QUIT
 Choose one (1-5,Q)

Enter 2.
To grant the remote host access to your system, enter Yes. The ACCESS? column displays "Yes".
To refuse the remote host access to your system, enter No. The ACCESS? column displays "No".

If a user at the remote host IP attempts to connect to your system, the message Connection refused by foreign host appears on the user's terminal and the connection is dropped.

Editing Login Names

To make your system more secure and easier to use, provide the login name to be used by the remote host as it connects to your system.

To enter or edit a login name for a remote host, enter the number that appears to its left in the access administration screen. The system displays an editing screen. For example:

                        TELNET ACCESS ADMINISTRATION                      

1 > REMOTE HOST   : 12.95.104.59
2 > ACCESS?       : Yes
3 > LOGIN NAME    :
4 > SERVICE LEVEL : 0
5 > COMMENT       : oreo.iii.com

___________________________________________________________________________
 Key number to modify or
 Q > QUIT
 Choose one (1-5,Q)

Enter 3.
Enter a login name.

If you enter a login name for a remote host, all users from the remote host are automatically logged in under that login name. The remote host does not need to provide a login name. This is known as "forcing" the login.

If the LOGIN NAME is left blank, users logging in from the remote host is required to enter a login name and possibly a password.

Some products, such as Research Pro and Encore require a defined login name. Do not leave this setting blank if you use products that require a login name.

Some products, such as Self-Checkout require a login created and administered by Innovative. You may see a login name in the Limit Network Access table for a service that does not display in the Login Manager.

Although multiple remote hosts can use the same login name, a login name can have only one associated service level.

Editing the Service Level

To edit the service level for a remote host, enter the number that appears to its left in the access administration screen. The system displays an editing screen. For example:

                        TELNET ACCESS ADMINISTRATION                      

1 > REMOTE HOST   : 12.95.104.59
2 > ACCESS?       : Yes
3 > LOGIN NAME    :
4 > SERVICE LEVEL : 0
5 > COMMENT       : oreo.iii.com

___________________________________________________________________________
 Key number to modify or
 Q > QUIT
 Choose one (1-5,Q)

Enter 4.
Enter a service level from 0 to 9.

Although multiple remote hosts can use the same login name, a login name can have only one associated service level.

Users with the login of this remote host are allowed access only to system services (i.e., reference databases) with an access level less than or equal to this service level.

For example, if a users are assigned service level '0' (least access), they are allowed access to services with a service level of '0'. Users with a service level of '3' are allowed to access services with a service level of '0', '1', '2', and '3'. Users with a service level of '9' are allowed access to all system services.

There are no "standard" service level definitions. Your library determines the minimum Service Level required to access various services.

Display Remote Host Name

To display the site (node) names (if assigned) of the listed hosts, rather than their IP addresses:

From the TELNET ACCESS ADMINISTRATION screen, choose Display site NAME.

                        TELNET ACCESS ADMINISTRATION                       
      REMOTE HOST              ACCESS?       LOGIN NAME     SERVICE LEVEL
 1 > 12.95.104.5              Yes            alpha          0
 2 > 134.146.36.171           Yes            alpha          0
 3 > 128.146.115.2            Yes            web370         0
 4 > LOCAL                    Yes            web370         0
 5 > ALL                      Yes            web370         0

___________________________________________________________________________
  Key number to modify or
  F > FORWARD       P > PRINT       D > DELETE                 Q > QUIT
  J > JUMP          A > ADD         N > Display site NUMBER
  Choose one (1-5,F,J,P,A,D,N,Q)

The system displays the remote host names and Display site NUMBER menu option. Choose this option to return to the view of IP addresses.

                        TELNET ACCESS ADMINISTRATION                       
      REMOTE HOST              ACCESS?       LOGIN NAME     SERVICE LEVEL
 1 > Clanksburg               Yes            alpha          0
 2 > Main Desk                Yes            alpha          0
 3 > AgathaH                  Yes            web370         0
 4 > Local                    Yes            web370         0
 5 > All                      Yes            web370         0

___________________________________________________________________________
  Key number to modify or
  F > FORWARD       P > PRINT       D > DELETE                 Q > QUIT
  J > JUMP          A > ADD         N > Display site NUMBER
			Choose one (1-5,F,J,P,A,D,N,Q)

Elements of the Access Administration Screen

The Access Administration Screens show the access properties for each entry in the Limit Network Access table.

                        TELNET ACCESS ADMINISTRATION                       
      REMOTE HOST              ACCESS?       LOGIN NAME     SERVICE LEVEL
   1 > 12.95.104.59             Yes                          0
   2 > 128.146.115.2            Yes                          0
   3 > 134.146.36.171           No                           0
   4 > 134.184.1.1              Yes                          0
   5 > 134.184.                 Yes          library1        2
   6 > 134.                     Yes          library2        1
   7 > LOCAL                    Yes          library3        3
   8 > ALL                      Yes          library         0

___________________________________________________________________________
  Key number to modify or
  F > FORWARD       P > PRINT       D > DELETE                 Q > QUIT
  J > JUMP          A > ADD         N > Display site NAME
  Choose one (1-8,F,J,P,A,D,N,Q)

Each Access Administration screen contains the following columns:

Column	Description
REMOTE HOST	A numbered list of remote hosts (computers attempting to access your system via a network connection).
ACCESS?	Whether the remote host can access your library's system. Values in this column are "Yes" or "No". By default, the system denies access to remote hosts.
LOGIN NAME	The login you define allowing the service to log in the remote client automatically.
SERVICE LEVEL	The remote host's service level.

IP Address Wildcards

The following wildcards are valid for defining multiple IP addresses:

LOCAL
This wildcard matches any remote host whose first three octets match the first three octets of your system's IP address.
LOCAL+
This wildcard matches any remote host whose first two octets match the first two octets of your system's IP address.
ALL matches all IP addresses.
This wildcard must be used only for last entry in the list of addresses, so that connections from remote hosts whose IP addresses do not match any other entries in the list can either be rejected or accepted and assigned a specific LOGIN NAME and SERVICE LEVEL.

If you set access for ALL to "NO", the system only allows access for only known IP addresses (IP addresses specified using Access Administration) for the specified access entry setting.

For example, if you set HTTPD access for ALL to "NO", the system only allows users from known IP address to access through WebPAC or Research Pro.