AS/400 – Lock device by IP address

135 pts.
Tags:
AS/400 administration
AS/400 Client Access
AS/400 security
AS/400 user profiles
hello i'm new in AS/400 i have question..there is anyway how to make virtual workstation/workstation id create by ip address. so this virtual workstation/workstation only can open in one ip address? there is anyone can help me...because in my office the user use the workstation id not to its belongs
ASKED: March 13, 2009  8:35 AM
UPDATED: April 22, 2010  10:01 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

Assuming you’re using client access – you can specify the workstation name in the client access config for each machine – then each PC should only use it’s own workstation Id. If you specify new workstation names, you’ll need to set the auto config system values to create the new device descriptions for you – once they’ve been created you can set the system values back to whatever they were.

Regards,

Martin Gilbert.

HI,..
thanks for your answer…
what i means is can we make devd which lock by ip address..
so this devd can’t open in other ip address..

===============================================================

Although “lock by IP address” might be the wrong way to do this, you would do it best through the <a href=”http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzaks/rzakssbsasignuser1.htm”>Telnet device initialization and terminal exit points</a>. When DHCP assigns a different IP address to a client PC or some similar change to an addressing scheme happens, how are you expecting the function to adapt?

Tom

Discuss This Question: 11  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kiong
    Hi, Assuming you're using client access - you can specify the workstation name in the client access config for each machine - then each PC should only use it's own workstation Id. If you specify new workstation names, you'll need to set the auto config system values to create the new device descriptions for you - once they've been created you can set the system values back to whatever they were. Regards, Martin Gilbert. HI,.. thanks for your answer... what i means is can we make devd which lock by ip address.. so this devd can't open in other ip address..
    135 pointsBadges:
    report
  • Batman47
    Hello, What would work really well is to come up with a naming convention for your workstation Ids. Since you seem to be focused on the IP address, you can use the unique portion of each address for each workstation ID. At one time we used the number of the network jack the workstations would plug into. IP address and jack numbers can change in the future, so we finally used a simple naming convention: PC####, the letters 'PC' followed by a 4 digit number. This works well to 'lock' the devd by PC (which is better than locking it by ip address) Also, we first woud create the device description so that we could enter the user's name in the Text field, so we could easily keep track of who is using which device... when a person is terminated from the company we also delete the device description since the PC is shipped back to the Help Desk to get reimaged. The Help Desk can not install and configure an iSeries Access client without obtaining a new workstation ID from me (or my backup). I keep track of when these devd's get created and when they were last use, that way I can report back how many iSeries Access installs we have on my status report each month. This all works very from a security standpoint as well.... Users can not access our interactive subsystem without have a 'PC' workstation ID. Also, if someone decides on their own to pick a workstation number that someone else is using the problem will be very visable. So, it will be noticed if iSeries Access configurations were done incorrectly. Let me know if you have any further questions, as I've done this since the beginning of time (or at least when iSeries Access first came out). Bruce
    1,050 pointsBadges:
    report
  • Kiong
    hello batman.. thanks for your comment.. I have already naming devd like your idea.. but our big problem is the user try to use another devd when their default devd being use by another user.. the user try one by one where is the empty workstation id.. so i try to lock workstation id with the PC they use.. there is anyway in AS/400 to do that?
    135 pointsBadges:
    report
  • MrObvious
    the emulation prgm that we use on PCs will automatically 'pass-thru' as a QPADEVxxxx (Q = everthing supplied by IBM starts with a Q, PADEV - stands for 'pass-thru-device) UNLESS you go into it's settings and give the device a designated name which overrides the default. (this way it never changes even if DHCP changes the IP of the PC) i.e HZPCSHIP (first two letters designate which warehouse location HZ is Hazelwood facility) PC (obvious) SHIP is where in the warehouse the device is located - shipping dept. a second named session on the same PC will show up in WRKACT as HZPCSHIPS1, etc. this way each warehouse's devices come up grouped together HZPC HZPRTPAC1, 2 etc. HZPRTLBL1, 2 etc.
    165 pointsBadges:
    report
  • Kiong
    thanks for all comment.. but all provided solution already do by me.. my real question is,there is another way beside that? warm regards,
    135 pointsBadges:
    report
  • Gilly400
    Hi, I think your real problem is that the users can select which device they connect to. You should change your security on the PC's to restrict the configuration files in client access to only be updated by an administrator. Then set each PC up with a unique device Id. Regards, Martin Gilbert.
    23,730 pointsBadges:
    report
  • Batman47
    You could also go through all of your device decriptions and set the appropriate security, making sure to set *PUBLIC to *EXCLUDE so only the specific user you specify can use that device.
    1,050 pointsBadges:
    report
  • pdraebel
    If the purpose would be to block certain IP adresses why not use the TCP ROUTING table of the iSeries ? (CFGTCP option 2) Another route that could block certain names of Workstations are the SUBSYSTEM workstation entries.
    2,380 pointsBadges:
    report
  • Jbmm
    @Pdraebel | Mar 17 2009 8:27AM GMT >>Another route that could block certain names of Workstations are the SUBSYSTEM workstation entries. Thanks, I encountered a new range of workstation id's today that neede to be connected, and didn't understand why they got a blank screen... So, if you start setting up working with workstation id's, make sure your syntax is in the list of the subsystem where the sessions are supposed to run. Example: now running QPADEV* in subsytem INTER, you can see this in (WRKSBSD INTER, option 4). Here I added CNEH* for a new range of workstation id's to be connected. Otherwie you get a blank screen in ClientAcces (with session started message in statusbar) grtz Jeroen
    125 pointsBadges:
    report
  • pdraebel
    Hi Jeroen, you should also take care of "Excluding" devices from interactive subsystems where you do not want them to execute. ADDWSE SBSD(*LIBL/INTERACT) WRKSTN(PC*) AT(*ENTER) Otherwise your workstations could turn up active in subsystems where you do not want them to be. Peter
    2,380 pointsBadges:
    report
  • Kotteeswaranadmin
    how to create userprofile in AS/400 i serise with certain menus?
    20 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following