Administering Network Access
The Access Administration function lets you manage settings for remote access to your network. From this screen you can:
- Add and delete remote hosts (computers attempting to access your system via a network connection).
- Edit remote host access to your system.
- Edit the login names used by remote hosts on your system.
- Edit service levels for remote users.
- Display the remote host's site name rather than IP number.
For more information on the Access Administration screen display, see Elements of the Access Administration Screen.
Adding Remote Hosts
To add the IP address of a remote host to the list:
- Choose ADD from the TELNET ACCESS ADMINISTRATION screen. The system prompts:
Enter IP address, a range of IP addresses, or network number:
- Add a single IP address, a range of IP addresse, or multiple IP addresses.
IP Address Octets
IP addresses are specified in the form "nnn.nnn.nnn.nnn", where each "nnn" (known as an octet) is a number from 0 to 255.
Type of Entry Description Single IP address The complete, four-octet address (for example: 111.111.111.111) A range of IP addresses The first address followed by a dash (-) and the last three digits of the last number in the range. For example, to add the range from 188.179.22.223 to 188.179.22.255, enter:
188.179.22.223-255
In any range, the last two digits of the first IP address must be less than last two digits of the second IP address (e.g., the range 188.179.22.223-140 is illegal).
Multiple IP addresses You can enter multiple IP addresses using any of the following methods: - Omit octets This allows access by all machines with an IP address that matches the beginning of the specified address. Note that you must include the trailing period ('.'). For example, if you grant access to the IP address 111.111.111. (i.e., the last octet is unspecified), then all machines with an IP address that begins 111.111.111 will be allowed to access the Web Server (i.e., 111.111.1.1, 111.111.111.2, 111.111.111.3, etc.).
- Use a valid wildcard.
Invalid Remote Host Entries
Invalid host entries include:
123.145-149.
123.145.156-159.
123.145.156-157.10
123.145.156.167-123.145.159.1After you key your entry, the system prompts you to enter a comment or a hostname:
Enter Comment or Hostname for <IP Address> :
- Enter a comment or hostname, and then press Enter. The system prompts you to edit the:
- access
- login name
- service level
Deleting Remote Hosts
To remove the IP address of a remote host from the list:
- Choose DELETE from the TELNET ACCESS ADMINISTRATION screen. The system prompts you for the remote host's number (i.e., its number in the list, which is indicated to the left of the IP address or site name).
- Enter the number. When you enter the number:
- the letter 'X' appears to the left of the number in the list
- the menu option toggles to UNDELETE
- (Optional) To cancel the deletion:
- Choose UNDELETE. The system prompts you for the remote host's number (i.e., its number in the list, which is indicated to the left of the IP address or site name).
- Enter the number. When you enter the number:
- the letter 'X' is removed from the left of the number in the list
- the menu option toggles to DELETE
- Choose QUIT. Remote hosts marked with an 'X' are deleted.
Editing Access
To edit whether a remote host is allowed access to your system:
- On the TELNET ACCESS ADMINISTRATION screen, enter the number that appears to the left of the remote host entry. The edit screen appears. For example:
TELNET ACCESS ADMINISTRATION 1 > REMOTE HOST : 12.95.104.59 2 > ACCESS? : Yes 3 > LOGIN NAME : 4 > SERVICE LEVEL : 0 5 > COMMENT : oreo.iii.com ___________________________________________________________________________ Key number to modify or Q > QUIT Choose one (1-5,Q)
- Enter 2.
-
To grant the remote host access to your system, enter Yes. The ACCESS? column displays "Yes".
- To refuse the remote host access to your system, enter No. The ACCESS? column displays "No".
If a user at the remote host IP attempts to connect to your system, the message Connection refused by foreign host appears on the user's terminal and the connection is dropped.
Editing Login Names
To make your system more secure and easier to use, provide the login name to be used by the remote host as it connects to your system.
-
To enter or edit a login name for a remote host, enter the number that appears to its left in the access administration screen. The system displays an editing screen. For example:
TELNET ACCESS ADMINISTRATION 1 > REMOTE HOST : 12.95.104.59 2 > ACCESS? : Yes 3 > LOGIN NAME : 4 > SERVICE LEVEL : 0 5 > COMMENT : oreo.iii.com ___________________________________________________________________________ Key number to modify or Q > QUIT Choose one (1-5,Q)
-
Enter 3.
- Enter a login name.
If you enter a login name for a remote host, all users from the remote host are automatically logged in under that login name. The remote host does not need to provide a login name. This is known as "forcing" the login.
If the LOGIN NAME is left blank, users logging in from the remote host is required to enter a login name and possibly a password.
Some products, such as Research Pro and Encore require a defined login name. Do not leave this setting blank if you use products that require a login name.
Some products, such as Self-Checkout require a login created and administered by Innovative. You may see a login name in the Limit Network Access table for a service that does not display in the Login Manager.
Although multiple remote hosts can use the same login name, a login name can have only one associated service level.
Editing the Service Level
- To edit the service level for a remote host, enter the number that appears to its left in the access administration screen. The system displays an editing screen. For example:
TELNET ACCESS ADMINISTRATION 1 > REMOTE HOST : 12.95.104.59 2 > ACCESS? : Yes 3 > LOGIN NAME : 4 > SERVICE LEVEL : 0 5 > COMMENT : oreo.iii.com ___________________________________________________________________________ Key number to modify or Q > QUIT Choose one (1-5,Q)
- Enter 4.
- Enter a service level from 0 to 9.
Although multiple remote hosts can use the same login name, a login name can have only one associated service level.
Users with the login of this remote host are allowed access only to system services (i.e., reference databases) with an access level less than or equal to this service level.
For example, if a users are assigned service level '0' (least access), they are allowed access to services with a service level of '0'. Users with a service level of '3' are allowed to access services with a service level of '0', '1', '2', and '3'. Users with a service level of '9' are allowed access to all system services.
There are no "standard" service level definitions. Your library determines the minimum Service Level required to access various services.
Display Remote Host Name
To display the site (node) names (if assigned) of the listed hosts, rather than their IP addresses:
- From the TELNET ACCESS ADMINISTRATION screen, choose Display site NAME.
TELNET ACCESS ADMINISTRATION REMOTE HOST ACCESS? LOGIN NAME SERVICE LEVEL 1 > 12.95.104.5 Yes alpha 0 2 > 134.146.36.171 Yes alpha 0 3 > 128.146.115.2 Yes web370 0 4 > LOCAL Yes web370 0 5 > ALL Yes web370 0 ___________________________________________________________________________ Key number to modify or F > FORWARD P > PRINT D > DELETE Q > QUIT J > JUMP A > ADD N > Display site NUMBER Choose one (1-5,F,J,P,A,D,N,Q)
- The system displays the remote host names and Display site NUMBER menu option. Choose this option to return to the view of IP addresses.
TELNET ACCESS ADMINISTRATION REMOTE HOST ACCESS? LOGIN NAME SERVICE LEVEL 1 > Clanksburg Yes alpha 0 2 > Main Desk Yes alpha 0 3 > AgathaH Yes web370 0 4 > Local Yes web370 0 5 > All Yes web370 0 ___________________________________________________________________________ Key number to modify or F > FORWARD P > PRINT D > DELETE Q > QUIT J > JUMP A > ADD N > Display site NUMBER Choose one (1-5,F,J,P,A,D,N,Q)
Elements of the Access Administration Screen
The Access Administration Screens show the access properties for each entry in the Limit Network Access table.
TELNET ACCESS ADMINISTRATION REMOTE HOST ACCESS? LOGIN NAME SERVICE LEVEL 1 > 12.95.104.59 Yes 0 2 > 128.146.115.2 Yes 0 3 > 134.146.36.171 No 0 4 > 134.184.1.1 Yes 0 5 > 134.184. Yes library1 2 6 > 134. Yes library2 1 7 > LOCAL Yes library3 3 8 > ALL Yes library 0 ___________________________________________________________________________ Key number to modify or F > FORWARD P > PRINT D > DELETE Q > QUIT J > JUMP A > ADD N > Display site NAME Choose one (1-8,F,J,P,A,D,N,Q)
Each Access Administration screen contains the following columns:
Column | Description |
REMOTE HOST | A numbered list of remote hosts (computers attempting to access your system via a network connection). |
ACCESS? | Whether the remote host can access your library's system. Values in this column are "Yes" or "No". By default, the system denies access to remote hosts. |
LOGIN NAME | The login you define allowing the service to log in the remote client automatically. |
SERVICE LEVEL | The remote host's service level. |
IP Address Wildcards
The following wildcards are valid for defining multiple IP addresses:
- LOCAL
This wildcard matches any remote host whose first three octets match the first three octets of your system's IP address. - LOCAL+
This wildcard matches any remote host whose first two octets match the first two octets of your system's IP address. - ALL matches all IP addresses.
This wildcard must be used only for last entry in the list of addresses, so that connections from remote hosts whose IP addresses do not match any other entries in the list can either be rejected or accepted and assigned a specific LOGIN NAME and SERVICE LEVEL.
If you set access for ALL to "NO", the system only allows access for only known IP addresses (IP addresses specified using Access Administration) for the specified access entry setting.
For example, if you set HTTPD access for ALL to "NO", the system only allows users from known IP address to access through WebPAC or Research Pro.