Changing Secure Shell Key Pairs | Nokia IPSO 4.0 guide

To configure authorized keys

1.Click SSH Authorized Keys under Configuration > Security and Access > Secure Shell (SSH) in the tree view.

Note

If you previously configured authorized keys for user accounts, the information appears in the View/Delete Per-User Authorized Keys table. To delete the authorized key for each user click the Delete check box.

2.Select the user name from the Username drop-down list.

3.Complete the following, depending on the authorized key you are adding.

To add an RSA authorized key to use in SSHv1—enter the key size, exponent, modulus, and an optional comment in the Add a New Authorized Key (RSA, for protocol version 1) table.

To add a RSA authorized key to use in SSHv2—enter the RSA key, in either OpenSSH format or SSHv2 format, depending on your client, and optional comment in the (RSA, for protocol version 2) table.

To add a DSA authorized key to use in SSHv2—enter the DSA key, in either OpenSSH format or SSHv2 format, depending on your client, and optional comment in the Add a New Authorized Key (DSA, for protocol version 2) table.

4.Click Apply.

5.Click Save to make your changes permanent.

Changing Secure Shell Key Pairs

The following procedure describes how to generate new RSA and DSA keys. When you generate new keys, you might need to change configurations of each client, or the client might return errors. For more information, see your SSH client documentation.

To configure key pairs

1.Click SSH Key Pairs under Configuration > Security and Access > Secure Shell (SSH) in the tree view.

2.(Optional) To generate an RSA host key (to use with SSHv1), select the key size, listed in bits, from the Generate New RSA v1 Host Key drop-down list.

Note

The most secure value is 1024 bits. Values over 1024 bits cause problems for some clients, including those based on RSAREF.

3.Click Apply.

Nokia Network Voyager for IPSO 4.0 Reference Guide

309

Image 309

Nokia IPSO 4.0 manual Changing Secure Shell Key Pairs, To configure authorized keys, To configure key pairs

Contents

Nokia Network Voyager For Ipso Reference Guide Restricted Rights Legend Nokia Network Voyager for Ipso 4.0 Reference Guide Https//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Virtual Router Redundancy Protocol Vrrp Configuring Clustering Nokia Network Voyager Ipso 4.0 Reference Guide Configuring IPv6 Configuring Snmp Managing Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Monitoring System Configuration and Hardware Configuring Router Services Index About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Text Conventions Conventions This Guide UsesText Conventions Convention Description Menu Items Related Documentation Nokia Network Voyager for Ipso 4.0 Reference Guide Software Overview Logging In to Network Voyager Logging OffTo open Nokia Network Voyager To log in with exclusive configuration lock Obtaining a Configuration LockTo log in without exclusive configuration lock To override a configuration lock Navigating in Network Voyager Accessing Documentation and HelpReloading Pages To clear the memory and disk cache To open a new window to view help „ Nokia support site https//support.nokia.com To view the asset management summary Viewing Hardware and Software Information for Your System Interface Overview Configuring Interfaces Configuring Network Devices IP2250 Management PortsType Prefix Physical Interface Logical Interface Configuring IP Addresses Interface Status Configuring Tunnel Interfaces Interface Status IndicatorsIndicator Description Physical Interface Configuration Parameters Configuring Ethernet InterfacesEthernet Interfaces Parameter Description Link Aggregation To configure an Ethernet interface Configuring Switches for Link Aggregation Managing Link Aggregation Using Snmp Static Link Aggregation Link Aggregation on the IP2250Firewall Synchronization Traffic Production Traffic ADP I/O Ports Only Configuring the Remaining Management Ports Physical Interface Configuration Configuring Link AggregationTo set up link aggregation in Network Voyager To physically configure the interfaces you will aggregate To configure link aggregation groups Group Configuration Gigabit Ethernet Interfaces Logical ConfigurationDeleting Aggregation Groups Gigabit Ethernet Interface Parameters MTU To configure a Gigabit Ethernet interface Configuring PPPoE To configure PPPoEPoint-to-Point Over Ethernet Nokia Network Voyager for Ipso 4.0 Reference Guide To delete configuration profiles To change configuration profilesTo create PPPoE logical interfaces To delete PPPoE logical interfaces Virtual LAN Interfaces Configuring MSS Clamping To delete a Vlan Interface To configure a Vlan Interface To define the maximum number of VLANs Vlan Example Topology Fddi Interfaces To configure an Fddi Interface To change the IP address of an Fddi interface To change the duplex setting of an Fddi interface Isdn Interfaces To configure an Isdn physical interface To configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls To add an incoming number Configuring Calling Line-Identification Screening To remove an incoming number To configure an interface to place and receive calls Dial-on-Demand Routing DDR Lists To create a DDR list To delete a DDR listTo add a new rule to a DDR list Example DDR List To modify a ruleTo apply or remove a DDR list to/from an interface Isdn Network Configuration Example To configure the IP650 to handle an incoming call To configure the IP330 to place an outgoing call Sample Call Traces Trace for connecting a call from the Nokia IP330 is Logging Isdn TroubleshootingTo set level of messages logged To view the message log To trace Isdn traffic using tcpdump Troubleshooting Cause CodesTracing Isdn Cause Code Fields Cause Cause Description Diagnostics Isdn Cause ValuesCause Values See Isdn Cause Values table Information-element identifiers is missing Value Description Isdn Bearer-Capable Values Token Ring Interfaces To configure a Token Ring interface To change a Token Ring interface To deactivate a Token Ring interface Token Ring Example Fddi Point-to-Point Link over ATM To configure an ATM interface To change the VPI/VCI of an ATM interface To change the IP MTU of an ATM interface To change the IP Address of an ATM interface Fddi ATM Example To configure the ATM interface on Nokia Platform a To configure an ATM logical IP subnet LIS interfaceIP over ATM IPoA To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface ATM IPoA Example Serial V.35 and X.21 Interfaces To configure a serial interface for Cisco Hdlc To configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example To configure the serial interface on Nokia Platform a To configure a T1 Interface for Cisco HdlcT1with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a E1 with Built-In CSU/DSU Interfaces To configure an E1 interface for Cisco Hdlc Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 100 To configure an E1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 101 102 To configure an Hssi interface for Cisco Hdlc Hssi InterfacesNokia Network Voyager for Ipso 4.0 Reference Guide 103 104 To configure an Hssi interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 105 To configure an Hssi interface for frame relay 106 To configure an unnumbered interface Configuring Unnumbered InterfacesUnnumbered Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 107 108 To change an unnumbered interface to a numbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 109 To configure a static route over an unnumbered interface Configuring Ospf over Unnumbered Interface Ospf over Unnumbered Interfaces Using Virtual Links110 Cisco Hdlc Protocol To change the keepalive interval for Cisco HdlcNokia Network Voyager for Ipso 4.0 Reference Guide 111 To change the IP address in Cisco Hdlc Point-to-Point ProtocolTo change the keepalive interval in PPP 112 To change the keepalive maximum failures in PPP To change the IP address in PPPNokia Network Voyager for Ipso 4.0 Reference Guide 113 To change the keepalive interval in frame relay Frame Relay ProtocolTo change the Dlci in frame relay 114 To change the LMI parameters in frame relay To change the interface type in frame relayNokia Network Voyager for Ipso 4.0 Reference Guide 115 To change the IP address in frame relay To change the active status monitor setting in frame relayTo remove a frame relay interface 116 To add an IP Address to a Loopback Interface Loopback InterfacesTo change the IP Address of a loopback interface Nokia Network Voyager for Ipso 4.0 Reference Guide 117 GRE Tunnels Configuring GRE TunnelsTo create a GRE tunnel 118 Nokia Network Voyager for Ipso 4.0 Reference Guide 119 120 To change IP TOS value of a GRE tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 121 GRE Tunnel Example High Availability GRE Tunnels HA GRE Tunnel Example122 Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 Dvmrp Tunnels To create a Dvmrp tunnelNokia Network Voyager for Ipso 4.0 Reference Guide 125 Dvmrp Tunnel Example To change the local or remote addresses of a Dvmrp tunnel126 Nokia Network Voyager for Ipso 4.0 Reference Guide 127 ARP Table Entries To change ARP global parameters128 To add a static ARP entry To add a proxy ARP entryNokia Network Voyager for Ipso 4.0 Reference Guide 129 Configuring ARP for ATM Interfaces To delete a static ATM ARP entry To add a static ATM ARP entryTo view and delete dynamic ATM ARP entries Nokia Network Voyager for Ipso 4.0 Reference Guide 131 Transparent Mode Limitations132 Nokia Network Voyager for Ipso 4.0 Reference Guide 133 Transparent Mode Processing Details 134 Configuring Transparent Mode in VPN Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 135 Example of Transparent Mode 136 Configuring Transparent Mode To create a transparent mode group Creating and Deleting Transparent Mode GroupsTo delete a transparent mode group Nokia Network Voyager for Ipso 4.0 Reference Guide 137 Enabling or Disabling a Transparent Mode Group To enable or disable a transparent mode group138 Transparent Mode and Check Point NGX Monitoring Transparent Mode GroupsEnabling or Disabling Vrrp for a Transparent Mode Group Configuring Antispoofing Unnumbered VTIs Virtual Tunnel Interfaces Fwvpn for Route-Based VPNRouting Traffic through the VTI 140 Nokia Network Voyager for Ipso 4.0 Reference Guide 141 Vrrp Support Creating Virtual Tunnel InterfacesTo create a virtual tunnel interface To create the VPN community Nokia Network Voyager for Ipso 4.0 Reference Guide 143 144 To create the virtual tunnel interface Nokia Network Voyager for Ipso 4.0 Reference Guide 145 Configuring Dhcp Dhcp Client Configuration Configuring Dhcp Client InterfacesTo configure the Dhcp client interface To enable the Dhcp client process Configuring the Dhcp Server To configure the Dhcp server processNokia Network Voyager for Ipso 4.0 Reference Guide 147 Dhcp Server Configuration To enable the Dhcp server process148 To disable the Dhcp server process Changing Dhcp ServiceTo change the Dhcp service Adding Dhcp Address Pools Enabling or Disabling Dhcp Address Pools To enable and existing IP address poolAssigning a Fixed-IP Address to a Client To assign a fixed-IP address to a client Nokia Network Voyager for Ipso 4.0 Reference Guide 151 Creating Dhcp Client Templates 152 Configuring Dynamic Domain Name System Zones Configuring Dynamic Domain Name System ServiceTo configure Dynamic Domain Name System Ddns Nokia Network Voyager for Ipso 4.0 Reference Guide 153 Configuring Disk Mirroring Configuring the Domain Name ServiceTo configure DNS To create a mirror set Using an Optional Disk Flash-Based Systems Only To delete a mirror setNokia Network Voyager for Ipso 4.0 Reference Guide 155 To configure the system to store log files on the PC card To install and configure PC card flash memoryMail Relay To remove an optional disk To configure failure notification Configuring Mail RelayTo configure mail relay for your firewall System Failure Notification Sending Mail Setting the System TimeTo send mail from the firewall 158 To set system time once Configuring Host AddressesTo add a static host entry Nokia Network Voyager for Ipso 4.0 Reference Guide 159 Configuring Logging on Disk-Based Systems Configuring System LoggingAccepting Log Messages Logging to a Remote System Configuring Logging on Flash-Based Systems To send syslog messages to a remote systemNokia Network Voyager for Ipso 4.0 Reference Guide 161 162 Configuring Logging to Remote Log Servers Configuring Audit Logs Configuring Logging to an Optional DiskNokia Network Voyager for Ipso 4.0 Reference Guide 163 164 To set the system configuration audit log Nokia Network Voyager for Ipso 4.0 Reference Guide 165 Remote Core Dump Server on Flash-Based Systems Changing the Hostname Managing Configuration SetsTo change the hostname 166 To switch a currently active database To create a factory default configuration fileTo delete unwanted configuration database files Scheduling Jobs Backing Up and Restoring Files To delete scheduled jobs168 To create a backup file manually Creating Backup FilesTo delete local backup files Nokia Network Voyager for Ipso 4.0 Reference Guide 169 Configuring Automatic Transfers Transferring Backup FilesTo configure scheduled backups To cancel a regularly scheduled backup Transferring Backup Files Manually To manually transfer archive files to a remote serverNokia Network Voyager for Ipso 4.0 Reference Guide 171 Restoring Files from Locally Stored Backup Files To restore files172 Changing Current Image Managing Nokia Ipso ImagesDeleting Images To select a new current image Installing New Images To delete an Nokia Ipso image174 Testing a New Image To test an image before activating itNokia Network Voyager for Ipso 4.0 Reference Guide 175 Upgrading Nokia Ipso Images for a Cluster Rebooting a ClusterDowngrading Nokia Ipso Images 176 Nokia Network Voyager for Ipso 4.0 Reference Guide 177 Configuring Monitor Reports Managing Packages Installing and Enabling PackagesRestrictions for Flash-Based Platforms Monitor Report Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 179 To install a package Tuning the TCP/IP Stack Advanced System TuningTo enable or disable a package To delete a package Router Alert IP Option To set the TCP MSSNokia Network Voyager for Ipso 4.0 Reference Guide 181 182 Vrrp Overview How Vrrp WorksNokia Network Voyager for Ipso 4.0 Reference Guide 183 184 Simple Vrrp Configuration Vrrp Configuration with Simultaneous Backup Vrrp Configuration with Internal and External VRIDs Configuring Vrrp Understanding Monitored-Circuit Vrrp186 Selecting Configuration Parameters PriorityNokia Network Voyager for Ipso 4.0 Reference Guide 187 Authentication Hello Interval188 Backup Address Priority DeltaNokia Network Voyager for Ipso 4.0 Reference Guide 189 190 Vmac Mode Vrrp Configuration Parameters Global Vrrp SettingsBefore you Begin Nokia Network Voyager for Ipso 4.0 Reference Guide 191 192 Configuring Monitored-Circuit Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 193 To add a virtual router To change the configuration of an existing virtual router Configuring Monitored-Circuit Vrrp using the Full MethodTo delete a virtual router 194 Nokia Network Voyager for Ipso 4.0 Reference Guide 195 Additional Vrrp Parameters Used in Full Method Configuring VRRPv2 To add or back up a virtual router using VRRPv2196 Nokia Network Voyager for Ipso 4.0 Reference Guide 197 Configuring Check Point NGX for Vrrp 198 Configure settings under the 3rd party configuration tab Configuring Vrrp Rules for Check Point NGX Configuration Rule for Check Point NGX FP1Nokia Network Voyager for Ipso 4.0 Reference Guide 199 Configuring Rules if You Are Using Ospf or Dvmrp Configuration Rules for Check Point NGX FP2 and LaterSource Destination Service Action 200 Monitoring Vrrp CLI commands for VrrpLink Aggregation IP2250 Systems Only State Location Stats202 General Configuration Considerations Troubleshooting VrrpTo enable or disable Monitor Firewall state To enable traces for Vrrp Access Control Lists Firewall Policies204 Monitored-Circuit Vrrp in Switched Environments Switched EnvironmentsVRRPv2 in Switched Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 205 206 Using Flash-Based Platforms IP Clustering DescriptionNokia Network Voyager for Ipso 4.0 Reference Guide 207 208 Example Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 209 Cluster Management 210 Cluster Terminology Nokia Network Voyager for Ipso 4.0 Reference Guide 211 Cluster member a cluster node that is not the master 212 Clustering Modes Nokia Network Voyager for Ipso 4.0 Reference Guide 213 Considerations for Clustering Network Environment214 Nokia Network Voyager for Ipso 4.0 Reference Guide 215 Other Considerations 216 Clustering IP2250 Platforms Nokia Network Voyager for Ipso 4.0 Reference Guide 217 Upgrading Ipso in a Cluster Upgrading from Ipso 3.7 or Later For All UpgradesUpgrading from Ipso 218 Nokia Network Voyager for Ipso 4.0 Reference Guide 219 Enabling Cluster Management Configuration Overview Creating and Configuring a ClusterTo create and configure a cluster Creating a Cluster Selecting the Cluster Mode Configuring the Work Assignment MethodNokia Network Voyager for Ipso 4.0 Reference Guide 221 Configuring an Interface To include an interface in the cluster222 Configuring Firewall Monitoring Supporting Non-Check Point Gateways and ClientsNokia Network Voyager for Ipso 4.0 Reference Guide 223 Configuring VPN Tunnels Using IP Pools224 Nokia Network Voyager for Ipso 4.0 Reference Guide 225 Using IP Pools When Only Check Point Gateways Are Involved Configuring Join-Time Shared Features Configuring IP pools in Cluster Voyager226 What is Sharable? What if Settings Conflict?Nokia Network Voyager for Ipso 4.0 Reference Guide 227 228 Configuring Features for Sharing Making the Cluster Active Adding a Node to a ClusterAfter You Create a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 229 230 Recommended Procedure Managing a Cluster Joining a System to a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 231 Using Cluster Voyager To start Cluster Voyager232 If You Forget the cadmin Password Cluster Administrator UsersNokia Network Voyager for Ipso 4.0 Reference Guide 233 Configuring the Performance Rating Configuring the Failure IntervalMonitoring a Cluster 234 Nokia Network Voyager for Ipso 4.0 Reference Guide 235 Managing Join-Time Shared Features 236 Installing Ipso Images Nokia Network Voyager for Ipso 4.0 Reference Guide 237 238 Removing a Node from a Cluster Deleting a Cluster Configuration Changing Cluster Interface ConfigurationsSynchronizing the Time on Cluster Nodes Assigning the Time Zone Configuring NTP NTP Server Outside the Cluster240 Configuring NGX for Clustering Using the Master Node as the NTP ServerNokia Network Voyager for Ipso 4.0 Reference Guide 241 242 Nokia Network Voyager for Ipso 4.0 Reference Guide 243 Clustering Example Three Nodes 244 Configuring the Cluster in Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 245 Configuring the Internal and External Routers 246 Clustering Example With Non-Check Point VPN Nokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Nokia Network Voyager for Ipso 4.0 Reference Guide 249 Snmp Overview Source Function 250 UDP-MIB Nokia Network Voyager for Ipso 4.0 Reference Guide 251 252 Snmp Proxy Support for Check Point MIB Using the Check Point MIB Using cpsnmpstartNokia Network Voyager for Ipso 4.0 Reference Guide 253 To enable or disable Snmp Enabling Snmp and Selecting the Version254 Setting an Agent Address Configuring the System for SnmpTo set an Snmp agent address Nokia Network Voyager for Ipso 4.0 Reference Guide 255 Types of Snmp Traps Configuring Traps256 Type of Trap Description Nokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Configuring Trap Receivers Setting the Trap PDU Agent AddressEnabling or Disabling Trap Types Configuring Location and Contact Information Interpreting Error MessagesTo configure location and contact information Error status code Meaning Nokia Network Voyager for Ipso 4.0 Reference Guide 261 GetRequestVariable-bindings Element Description Value Field Set Description GetNextRequest Configuring SNMPv3GetBulkRequest 262 Managing Snmp Users Request MessagesSecurity Related Options Used in Request Messages Nokia Network Voyager for Ipso 4.0 Reference Guide 263 264 To add an Snmp user Nokia Network Voyager for Ipso 4.0 Reference Guide 265 To delete a USM user 266 Nokia Network Voyager for Ipso 4.0 Reference Guide 267 IPv6 Overview To configure IPv6 logical interfaces Interfaces268 To configure neighbor discovery To disable IPv6 on an interfaceTo delete an IPv6 address Nokia Network Voyager for Ipso 4.0 Reference Guide 269 To configure IPv6 in IPv4 tunnels Configuring IPv6 in IPv4 TunnelsIPv6 and IPv4 Compatibility 270 Configuring IPv6 over IPv4 Configuring IPv6 to IPv4To configure IPv6 to IPv4 To configure IPv6 over IPv4 Configuring an IPv6 Default or Static Route Configuring IPv4 in IPv6 TunnelsTo configure IPv4 in IPv6 tunnels To configure an IPv6 default or static route Configuring OSPFv3 Routing ConfigurationConfiguring RIPng Creating IPv6 Aggregate Routes Redistributing Static Routes into RIPng Creating Redistributed RoutesRedistributing Aggregate Routes in RIPng 274 Router Discovery Configuring ICMPv6 Router DiscoveryRedistributing Interface Routes into RIPng Nokia Network Voyager for Ipso 4.0 Reference Guide 275 276 Configuring Vrrp for IPv6 Vrrp for IPv6Nokia Network Voyager for Ipso 4.0 Reference Guide 277 278 Creating a Virtual Router for an IPv6 Interface Using VRRPv3 Nokia Network Voyager for Ipso 4.0 Reference Guide 279 Setting a Virtual MAC Address for a Virtual Router To set the virtual MAC address280 Changing the IP Address List of a Virtual Router in VRRPv3 Removing a Virtual Router in VRRPv3Nokia Network Voyager for Ipso 4.0 Reference Guide 281 282 Creating a Virtual Router in Monitored Circuit Mode for IPv6 Nokia Network Voyager for Ipso 4.0 Reference Guide 283 284 Traffic Management Security and Access Configuration To enable FTP, TFTP, or Telnet accessNokia Network Voyager for Ipso 4.0 Reference Guide 285 286 Managing Passwords To change the current user’s passwordNokia Network Voyager for Ipso 4.0 Reference Guide 287 To change another user’s password Managing User Accounts288 User Account Attributes Adding and Deleting UsersNokia Network Voyager for Ipso 4.0 Reference Guide 289 Attribute Description To add a user Managing and Using S/KeyTo remove a user 290 To configure S/Key Using S/KeyTo use the S/Key Nokia Network Voyager for Ipso 4.0 Reference Guide 291 Managing Groups To disable S/KeyDisabling S/Key 292 Role-Based Administration To add or edit a groupNokia Network Voyager for Ipso 4.0 Reference Guide 293 Managing Roles To add or edit a role294 To assign roles and access mechanisms to users Assigning Roles and Access Mechanisms to UsersTo delete a role Nokia Network Voyager for Ipso 4.0 Reference Guide 295 296 Creating Cluster Administrator Users Network Access Configuration Options Configuring Network Access and ServicesNetwork Services Service Description To enable network access options and services Configuring a Modem on COM2, COM3, or COM4Modem Configuration Parameters 298 Nokia Network Voyager for Ipso 4.0 Reference Guide 299 To configure a modem on COM2, COM3, or COM4 Country Codes for Ositech Five of Clubs Card Configuring Nokia Network Voyager AccessCountry Codes for Ositech Five of Clubs Card II 300 Configuring Basic Nokia Network Voyager Options To configure Web access for Nokia Network VoyagerNokia Network Voyager for Ipso 4.0 Reference Guide 301 Generating an SSL/TLS Certificate and Keys Generating and Installing SSL/TLS CertificatesTo generate a certificate and its associated private key 302 Installing the SSL/TLS Certificate To install the certificate and its associated private keyNokia Network Voyager for Ipso 4.0 Reference Guide 303 Troubleshooting SSL/TLS Configuration Secure Shell SSH304 Initial SSH Configuration To configure SSHNokia Network Voyager for Ipso 4.0 Reference Guide 305 Configuring Advanced Options for SSH To configure advanced options306 Nokia Network Voyager for Ipso 4.0 Reference Guide 307 308 Configuring Secure Shell Authorized Keys To configure key pairs To configure authorized keysChanging Secure Shell Key Pairs Nokia Network Voyager for Ipso 4.0 Reference Guide 309 Managing User RSA and DSA Identities To manage user identities310 Tunneling Http Over SSH Network Voyager Session ManagementTo tunnel Http over SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 311 To enable or disable session management Configuring Session TimeoutsTo set the session timeout interval Enabling Enabling or Disabling Session Management Creating an AAA Configuration Authentication, Authorization, and Accounting AAATo create an AAA configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 313 Creating a Service Module Entry Creating a Service ProfileCreating an Authentication Profile Authentication Profile Types Nokia Network Voyager for Ipso 4.0 Reference Guide 315Type Module Description Creating an Accounting Profile To create an account profile316 317 Profile Controls Creating a Service Module Example318 Control Description Configuring Radius Service Auth. Mgmt Acct. Mgmt Session MgmtNokia Network Voyager for Ipso 4.0 Reference Guide 319 320 Nokia Network Voyager for Ipso 4.0 Reference Guide 321 Configuring TACACS+ Deleting an AAA Authentication Server Configuration To delete an authentication server322 Changing the Service Profile Changing an AAA ConfigurationTo change an AAA configuration To add an authentication profile Creating a Stacked Service Module Service Authentication Management324 Changing an Authentication Profile Configuration Changing a Service Module ConfigurationTo add an accounting profile To add a session profile Changing an Accounting Profile Configuration Changing a Session Profile Configuration326 Deleting an Item in a Service Profile Entry Deleting an AAA ConfigurationTo delete an AAA configuration Encryption Acceleration IPSec Tunnels Ipso Implementation To enable the card for a Check Point VPNEnabling Encryption Accelerator Cards Monitoring Cryptographic Acceleration Nokia Network Voyager for Ipso 4.0 Reference Guide 329 Transport and Tunnel Modes Building VPN on ESP Protocol Negotiation and Key Management330 Nokia Network Voyager for Ipso 4.0 Reference Guide 331 IPSec Implementation in Ipso Using PKIIPSec RFCs 332 Nokia Network Voyager for Ipso 4.0 Reference Guide 333 Miscellaneous Tunnel Requirements IPSec Parameters Phase 1 ConfigurationPlatform Support 334 To chose IPv4 or IPv6 general configuration pages Choosing IPv4 or IPv6 General ConfigurationCreating an IPSec Policy Nokia Network Voyager for Ipso 4.0 Reference Guide 335 Trusted CA Certificates Proposal and FiltersTo select a trusted CA certificate 336 Nokia Network Voyager for Ipso 4.0 Reference Guide 337 Device Certificates 338 To enroll and install a device certificate Nokia Network Voyager for Ipso 4.0 Reference Guide 339 Advanced IPSec Putting It All Together To complete creating an IPSec policy340 Creating an IPSec Tunnel Rule To create an IPSec tunnel ruleNokia Network Voyager for Ipso 4.0 Reference Guide 341 Transport Rule To create a transport rule342 Nokia Network Voyager for Ipso 4.0 Reference Guide 343 To configure Nokia Platform IPSec Tunnel Rule Example344 Nokia Network Voyager for Ipso 4.0 Reference Guide 345 To configure Nokia Platform 1 Ipso Configure Nokia PlatformIPSec Transport Rule Example 346 Nokia Network Voyager for Ipso 4.0 Reference Guide 347 Removing an IPSec Tunnel Configure PC1To remove an IPSec tunnel 348 Miscellaneous Security Settings To set TCP flag combinationsNokia Network Voyager for Ipso 4.0 Reference Guide 349 350 Routing Overview Routing ProtocolsNokia Network Voyager for Ipso 4.0 Reference Guide 351 352 RIP Nokia Network Voyager for Ipso 4.0 Reference Guide 353 Route Maps 354 Types of Areas Area Border Routers High Availability Support for OspfNokia Network Voyager for Ipso 4.0 Reference Guide 355 Configuring Ospf Clustering356 Ospf Area Configuration Parameters Configuring Ospf Areas and Global SettingsStub Area Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 357 358 Nssa Not So Stubby Area Parameters To configure Ospf Configuring Virtual LinksTo configure a virtual link Nokia Network Voyager for Ipso 4.0 Reference Guide 359 360 Configuring Global Settings Nokia Network Voyager for Ipso 4.0 Reference Guide 361 Global Settings for Ospf Configuring Ospf Interfaces Configuration Parameters for Ospf Interfaces362 Nokia Network Voyager for Ipso 4.0 Reference Guide 363 To configure an Ospf interface 364 Configuring Ospf Example Nokia Network Voyager for Ipso 4.0 Reference Guide 365 Network Mask Virtual IP Address Support for Vrrp Auto Summarization366 To configure RIP Configuring RIPRIP 1 Configuration Options Available from Network Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 367 368 Configuring RIP Timers RIP Example Configuring Auto-SummarizationEnabling RIP 1 on an Interface Nokia Network Voyager for Ipso 4.0 Reference Guide 369 370 Enabling RIP 2 on an Interface PIM Support for IP Clustering Configuring Virtual IP Support for VrrpPIM Dense-Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 371 372 PIM Sparse-Mode Configuring Check Point VPN-1 Pro/Express Configuring Dense-Mode PIMPIM and Check Point SecureXL Nokia Network Voyager for Ipso 4.0 Reference Guide 373 374 Disabling PIM Nokia Network Voyager for Ipso 4.0 Reference Guide 375 Setting Advanced Options for Dense-Mode PIM Optional 376 Configuring Sparse-Mode PIM Nokia Network Voyager for Ipso 4.0 Reference Guide 377 Configuring High-Availability Mode 378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 380 Configuring a PIM-SM Static Rendezvous Point Nokia Network Voyager for Ipso 4.0 Reference Guide 381 Setting Advanced Options for Sparse-Mode PIM Optional 382 Command Shows Debugging PIMNokia Network Voyager for Ipso 4.0 Reference Guide 383 384 To log information about errors and events Nokia Network Voyager for Ipso 4.0 Reference Guide 385 Igrp 386 Nokia Network Voyager for Ipso 4.0 Reference Guide 387 Generation of Exterior Routes Aliased Interfaces Configuring IgrpIgrp Aggregation 388 To enable Igrp on an interface Igrp ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 389 390 Dvmrp Configuring Dvmrp Configuring Dvmrp TimersNokia Network Voyager for Ipso 4.0 Reference Guide 391 392 Igmp Nokia Network Voyager for Ipso 4.0 Reference Guide 393 Configuring Igmp 394 Static Routes To configure a default or static route To setting the rank for static routesNokia Network Voyager for Ipso 4.0 Reference Guide 395 396 To add and configure many static routes at the same time To create a static route non-default To create a static default routeAdding and Managing Static Routes Example Creating/Removing Static Routes To disable a static route Backup Static RoutesTo create a backup static route Route Aggregation To create aggregate routes To remove aggregate routesNokia Network Voyager for Ipso 4.0 Reference Guide 399 400 Route Aggregation Example Route Rank Preference DefaultRank Assignments Nokia Network Voyager for Ipso 4.0 Reference Guide 401 Routing Protocol Rank Example To set route rank402 To configure the routing preferences Support for BGP-4++Nokia Network Voyager for Ipso 4.0 Reference Guide 403 BGP Sessions Internal and External BGP Path Attributes404 Path Attribute Definition Nokia Network Voyager for Ipso 4.0 Reference Guide 405 BGP Multi-Exit Discriminator BGP Interactions with IGPs406 Redistributing Routes to BGP Inbound BGP Route FiltersCommunities Nokia Network Voyager for Ipso 4.0 Reference Guide 407 Route Reflection 408Community attribute Description Nokia Network Voyager for Ipso 4.0 Reference Guide 409 Confederations 410 Ebgp Multihop Support TCP MD5 Authentication Route DampeningNokia Network Voyager for Ipso 4.0 Reference Guide 411 412 BGP Support for Virtual IP for Vrrp BGP Memory Requirements BGP Support for IP ClusteringTables Nokia Network Voyager for Ipso 4.0 Reference Guide 413 Memory Size Example414 To configure Ibgp on Nokia Platform a BGP Neighbors ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform B To configure Ibgp on Nokia Platform C416 To configure Ebgp on Nokia Platform C To configure Ebgp on Nokia Platform aTo configure Ebgp on Nokia Platform D Nokia Network Voyager for Ipso 4.0 Reference Guide 417 Path Filtering Based on Communities Example To configuring Ebgp on Nokia Platform EVerification 418 To configure Default MED for Nokia Platform D BGP Multi Exit Discriminator ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 419 420 To configure MED Values for all peers of AS200 Nokia Network Voyager for Ipso 4.0 Reference Guide 421 Changing the Local Preference Value Example To configure the static routes required for an Ibgp session To configure an Ibgp peer for Nokia Platform BTo set the local preference value for an Ibgp peer 422 Configuring Nokia Platform C BGP Confederation ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 423 424 Configuring Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 425 Configuring Platform B as Route Reflector Route Reflector Example426 Configuring Platform C as Ibgp Peer of Platform B Configuring Platform D as Ibgp Peer of Platform BNokia Network Voyager for Ipso 4.0 Reference Guide 427 Configuring Redistribution of BGP Routes on Platform B Configuring BGP Route Inbound Policy on Platform BBGP Community Example 428 Nokia Network Voyager for Ipso 4.0 Reference Guide 429 Follow the steps in the Redistributing Ospf to BGP Example Configuring a Loopback Address on Platform B Configuring a Loopback Address on Platform aConfiguring a Static Route on Platform a Ebgp Load Balancing Example Scenario #1 Configuring an Ebgp Peer on Platform a Configuring a Static Route on Platform BConfiguring an Ebgp Peer on Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 431 Configuring Ospf on Platform B Configuring Ospf on Platform aEbgp Load Balancing Example Scenario #2 432 Nokia Network Voyager for Ipso 4.0 Reference Guide 433 Adjusting BGP Timers Example Configuring TCP MD5 Authentication on Nokia Platform a TCP MD5 Authentication ExampleConfiguring BGP Route Redistribution on Nokia Platform B 434 Field Default value Units of measurement BGP Route Dampening ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 435 BGP Path Selection BGP-4++ Example436 Nokia Network Voyager for Ipso 4.0 Reference Guide 437 To configure configure a BGP4 session over IPv6 transport 438 Route Redistribution Nokia Network Voyager for Ipso 4.0 Reference Guide 439 Redistributing Routes to RIP and Igrp To configure BGP route redistribution on Nokia Platform DBGP Route Redistribution Example To redistribute a single route Nokia Network Voyager for Ipso 4.0 Reference Guide 441 Redistributing RIP to Ospf Example 442 Nokia Network Voyager for Ipso 4.0 Reference Guide 443 Redistributing Ospf to BGP Example Redistributing Routes with Ospf To redistribute Ospf to BGP through Nokia Platform a444 To configure IGP inbound filters Inbound Route FiltersNokia Network Voyager for Ipso 4.0 Reference Guide 445 446 BGP Route Inbound Policy Example Nokia Network Voyager for Ipso 4.0 Reference Guide 447 BGP AS Path Filtering Example Aspath Regular Expressions448 Packet Filtering Description Traffic Management OverviewTraffic Shaping Description Nokia Network Voyager for Ipso 4.0 Reference Guide 449 Configuring Access Control Lists Traffic Queuing Description450 To create or delete an ACL To apply or remove an ACL to or from an interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 451 452 Configuring ACL Rules Modifying a Rule To add a new rule to an ACLNokia Network Voyager for Ipso 4.0 Reference Guide 453 454 ACL Rule Attributes Nokia Network Voyager for Ipso 4.0 Reference Guide 455 Configuring Aggregation Classes To create an Aggregation Class To associate an aggregation class with a rule456 Nokia Network Voyager for Ipso 4.0 Reference Guide 457 Configuring Queue Classes To set or modify queue class configuration values To create or delete a queue class458 To associate a queue class with an interface Configuring ATM QoSCreate a QoS descriptor Nokia Network Voyager for Ipso 4.0 Reference Guide 459 To delete an ATM QoS descriptor To dissociate an ATM QoS Descriptor from an existing PVC460 Nokia Network Voyager for Ipso 4.0 Reference Guide 461 Configuring Common Open Policy Server Configuring a Cops Client ID and Policy Decision Point Configuring Security Parameters for a Cops Client ID462 Nokia Network Voyager for Ipso 4.0 Reference Guide 463 Assigning Roles to Specific Interfaces Activating and Deactivating the Cops Client To disable and delete a Client IDDeleting a Client ID 464 Nokia Network Voyager for Ipso 4.0 Reference Guide 465 Example Rate Shaping 466 Example Expedited Forwarding Nokia Network Voyager for Ipso 4.0 Reference Guide 467 468 To test the configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 469 BOOTP/DHCP Relay To enable Bootp relay on an Interface Configuring BOOTP/DHCP RelayBootp configuration parameters 470 IP Broadcast helper configuration parameters To disable Bootp relay on an interfaceIP Broadcast Helper Nokia Network Voyager for Ipso 4.0 Reference Guide 471 472 To configure IP broadcast helper Configuring Router Discovery Router Discovery OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 473 To enable router discovery services Router discover configuration parameters474 To disable router discovery services Network Time Protocol NTPNokia Network Voyager for Ipso 4.0 Reference Guide 475 Configuring NTP To configure NTP476 Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 Viewing System Utilization Statistics CPU-Memory Live UtilizationNokia Network Voyager for Ipso 4.0 Reference Guide 479 Disk and Swap Space Monitoring Process Utilization480 Ipso Process Management Nokia Network Voyager for Ipso 4.0 Reference Guide 481Process Description Reports Generating Monitor Reports482 Report Description Monitoring System Health To display reportsNokia Network Voyager for Ipso 4.0 Reference Guide 483 484 Monitoring System Logs Nokia Network Voyager for Ipso 4.0 Reference Guide 485 Viewing Cluster Status and Members Viewing Routing Protocol Information Displaying Route SettingsDisplaying the Kernel Forwarding Table 486 Displaying Interface Settings Hardware MonitoringNokia Network Voyager for Ipso 4.0 Reference Guide 487 Iclid Commands Using the iclid ToolTo display routing daemon status using iclid 488 Nokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 494 Preventing Full Log Buffers and Related Console Messages If you are using FireWall-1 If you are using FireWall-1 NGNokia Network Voyager for Ipso 4.0 Reference Guide 495 496 Nokia Network Voyager for Ipso 4.0 Reference Guide Index Index Bios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index