Nortel Secure Network Access Switch 4050 User Guide
Copyright Nortel Networks Limited 2005. All rights reserved
320818-A
Nortel Secure Network Access Switch 4050 User Guide
Licensing
General
Contents
Managing the network access devices
Contents
Configuring the domain
Configuring groups and profiles
Configuring authentication 233
TunnelGuard SRS Builder
Managing system users and groups
Customizing the portal and user logon
Setting the portal display language using the CLI
Configuring system settings
Adding a host interface
Managing certificates
Configuring Snmp
Maintaining and managing the system
Upgrading or reinstalling the software
Appendix a CLI reference
Troubleshooting 837
Appendix C Supported MIBs
Appendix H Software licensing information Index
Contents 320818-A
Preface
Before you begin
Connect the switch to the network
Preface
Text conventions
Bold text
Related information
Publications
Plain Courier text
Example Set Trap Monitor Filters
How to get help
Online
Preface
Nortel SNA solution
This chapter includes the following topics
Supported users
Elements of the Nsna solution
Overview
Role of the Nortel Snas
Nortel Snas 4050 functions
Nortel SNA VLANs and filters
Groups and profiles
Authentication methods
TunnelGuard host integrity check
About SSH
Communication channels
Communication channels in the Nortel SNA network
Nortel Snas 4050 clusters
RSA DSA
One-armed and two-armed configurations
One-armed configuration
Two-armed configuration
Nortel SNA configuration and management tools
Illustrates a two-armed configuration
Nortel Snas 4050 configuration roadmap
Configure the network Dhcp server
Overview
Overview
Overview
Overview
Overview 320818-A
Chapter Initial setup
Initial setup
Management IP address
About the IP addresses
Portal Virtual IP address
Initial setup
Log on using the following username and password
Login admin Password admin
Real IP address
Select the option for a new installation
Setup Menu displays
Enter port number for the management interface
Enter network mask 255.255.255.0 mask
Enter Vlan tag id or zero for no Vlan
Setup a two armed configuration yes/no no
Enter default gateway IP address or blank to skip
Specify the MIP for this device or cluster
Enter port number for the traffic interface
Enter IP address for this machine on traffic interface
Enter a timezone or select select timezone
Configure the time settings
Specify the NTP server, if applicable
Specify the DNS server, if applicable
Enter NTP server address or blank to skip IPaddr
Specify the pVIP of the Nortel Snas 4050 device
Change the admin user password, if desired
Specify a name for the Nortel Snas 4050 domain
Create http to https redirect server no
Settings created by the quick setup wizard
Adding a Nortel Snas 4050 device to a cluster
Extended profile details
Before you begin
Joining a cluster
Select the option to join an existing cluster
Enter network mask 255.255.255.0 mask
Enter the existing admin user password password
Specify the MIP of the existing cluster
Setup successful Login
Next steps
Applying and saving the configuration
Applying and saving the configuration using the CLI
Applying and saving the configuration using the Srem
Cfg/dump
Cfg/ptcfg
Apply and Commit buttons
Initial setup 320818-A
Chapter Managing the network access devices
Managing the network access devices
Managing network access devices using the CLI
Roadmap of domain commands
Reset
Adding a network access device using the CLI
Using the quick switch setup wizard
Specify the IP address of the network access device
Cfg/domain 1/quick
Go to on
Nsna communication port5000
Red vlan id of Switch Vlan ID
To continue, go to on
Switch menu displays
Manually adding a switch
Cfg/domain #/switch switch ID
Deleting a network access device using the CLI
Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete
Configuring the network access devices using the CLI
Cfg/domain #/switch switch ID followed by
Switch menu includes the following options
Ip IPaddr
Mapping the VLANs using the CLI
Cfg/domain #/switch #/vlan
Followed by
Dis Delete
Domain vlan or Switch vlan menu displays
Cfg/domain #/switch #/vlan followed by
Cfg/domain #/switch #/vlan/list
Add name Vlan ID
Managing SSH keys using the CLI
Generating SSH keys for the domain using the CLI
For an Ethernet Routing Switch 5510, 5520, or
Nsnas SSH key menu displays
Cfg/domain #/sshkey
Nsnas SSH key menu includes the following options
Cfg/domain #/switch #/sshkey/export
Cfg/domain #/sshkey followed by
Shows sample output for the /cfg/domain #/sshkey command
Main# /cfg/domain 1/sshkey
Cfg/domain #/switch #/sshkey followed by
Cfg/domain #/switch #/sshkey
Cfg/domain#1/sshkey/export command to
Reimporting the network access device SSH key using the CLI
Monitoring switch health using the CLI
Cfg/domain #/switch #/hlthchk
Enter Apply to apply the change immediately
Cfg/domain #/switch #/hlthchk followed by
Cfg/domain #/switch #/dis
HealthCheck menu includes the following options
Deadcnt count
Managing network access devices using the Srem
Adding a network access device using the Srem
To add a network access device, use the following steps
Cfg/domain #/switch #/ena
Add a Switch
Add a Switch fields
Deleting a network access device using the Srem
Configuring the network access devices using the Srem
Switch Configuration screen appears see Figure
Switch Configuration screen 320818-A
Switch Configuration fields
Mapping the VLANs using the Srem
You can perform the Vlan mapping in two ways
Mapping VLANs by domain
Domain VLANs screen
Adding VLANs to a domain
To add VLANs to a domain, complete the following steps
Click Add Add a new Vlan dialog box appears see Figure
Add a new Vlan fields
Removing VLANs from a domain
Mapping VLANs by switch
Switch VLANs screen
Adding VLANs to a switch
To add VLANs to a switch, complete the following steps
Managing SSH keys using the Srem
Removing VLANs from a switch
Managing the network access devices
Managing the network access devices
Generating SSH keys for the domain using the Srem
Key Generation screen appears see Figure
Exporting SSH keys for the domain using the Srem
Switch SSH Key fields
Export Key screen appears see Figure
Click Apply on the toolbar to begin the export process
Export Key fields
Managing SSH keys for Nortel SNA communication using
Switch SSH Key screen appears see Figure
Reimporting the network access device SSH key using the Srem
Monitoring switch health using the Srem
Switch SSH Key screen appears see on
Click Delete Switch SSH Key
Click Import SSH from Switch
Health Check screen appears see Figure
Health Check screen 320818-A
Viewing a connected client list using the Srem
Connected Clients fields
Managing the network access devices
Switch Configuration screen
Chapter Configuring the domain
Configuring the domain
Configuring the domain using the CLI
Cfg/domain
Logging traffic with syslog messages
Captive portal Portal look and feel Linksets
Details onoff
Creating a domain using the CLI
Manually creating a domain using the CLI
You can create a domain in two ways
Cfg/domain domain ID
320818-A
Main# /cfg/domain
Using the Nortel Snas 4050 domain quick setup wizard
Cfg/quick
Specify the certificate to be used by the portal server
Main# cfg/quick
Configuring the domain
Do you want to configure a switch? yes/no no
Specify whether the SSL server uses chain certificates
Do you require chain certificates yes/no no
Do you want an http to https redirect server yes/no no
Do you want to create a tunnelguard test user? yes/no yes
Configuring the domain
To delete a domain, use the following command
Deleting a domain using the CLI
Cfg/domain #/del
Configuring domain parameters using the CLI
To configure the domain, use the following command
Cfg/domain domain ID followed by
Pvips IPaddr
Httpredir
Configuring the TunnelGuard check using the CLI
TG menu displays TG menu includes the following options
Cfg/domain #/aaa/tg
Cfg/domain #/aaa/tg followed by
Cfg/domain #/aaa/tg/status-quo
Using the quick TunnelGuard setup wizard in the CLI
Cfg/domain #/aaa/tg/quick
Configuring the SSL server using the CLI
TunnelGuard quick setup wizard creates a default SRS rule
Server 1001 menu displays
Main# /cfg/domain #/aaa/tg/quick
Tracing SSL traffic using the CLI
Server 1001 menu includes the following options
Cfg/domain #/server followed by
Interface ID
Output mode
Ssldump
Cfg/domain #/adv/interface command
Cfg/domain #/server/trace followed by
Tcpdump
Ping host
Configuring SSL settings using the CLI
SSL Settings menu displays
Dnslookup host
Traceroute host
SSL Settings menu includes the following options
Cfg/domain #/server/ssl followed by
Cert certificate
Index
Cachain certificate
Index list
Yes
Cfg/domain #/server/ssl/protocol
Configuring traffic log settings using the CLI
Ena Dis
Traffic Log Settings menu displays
Traffic Log Settings menu includes the following options
Cfg/domain #/server/adv/traflog
Cfg/domain #/server/adv/traflog followed by
Configuring Http redirect using the CLI
Cfg/domain #/httpredir
Cfg/domain #/httpredir followed by
Redir onoff
Configuring advanced settings using the CLI
Cfg/sys/host #/interface command see
Cfg/domain #/adv
Cfg/domain #/adv followed by
Configuring Radius accounting using the CLI
Managing Radius accounting servers using the CLI
Radius Accounting Servers menu displays
Cfg/domain #/aaa/radacct
Cfg/domain #/aaa/radacct followed by
Cfg/domain #/aaa/radacct/servers followed by
NSNAS-Portal-ID
VPN Attribute menu displays
Cfg/domain #/aaa/radacct/vpnattribu
Configuring the domain using the Srem
VPN Attribute menu includes the following options
Cfg/domain #/aaa/radacct/vpnattribu followed by
Vendorid
Creating a domain using the Srem
Manually creating a domain using the Srem
Secure Access Domain Table screen 320818-A
Add a Secure Access Domain
Add a Secure Access Domain fields
Using the Srem Domain Quick Wizard
Configuring the domain
Click Domain Quick Wizard
Domain Quick Wizard General Settings fields
Click Next
Domain Quick Wizard Certificate
Domain Quick Wizard Certificate fields
Organization name and do not use any of the following
Domain Quick Wizard Certificate Chain
Domain Quick Wizard Certificate Chain fields
Domain Quick Wizard Server dialog box appears see Figure
Domain Quick Wizard Server fields
Domain Quick Wizard Switch dialog box appears see Figure
Domain Quick Wizard Switch fields
Domain Quick Wizard Tunnel Guard dialog box appears see
Domain Quick Wizard Tunnel Guard fields
Deleting a domain using the Srem
To delete a domain, perform the following steps
Configuring domain parameters using the Srem
To configure a domain, perform the following steps
Domain Configuration fields
Domain domain Configuration screen
Additional domain configuration in the Srem
Additional domain configuration tabs
Additional domain tree components
Component Description
Configuring the TunnelGuard check using the Srem
TunnelGuard Configuration screen appears see Figure
TunnelGuard Configuration fields
Groups using the Srem on
Using the TunnelGuard Quick Setup in the Srem
TunnelGuard Quick Setup screen appears see Figure
TunnelGuard Quick Setup fields
Configuring the SSL server using the Srem
Server Configuration screen 320818-A
Server Configuration fields
Configuring SSL settings using the Srem
Server SSL Settings screen 320818-A
Server SSL Settings fields
ALL@STRENGTH
Configuring traffic log settings using the Srem
Configuring the domain Server SSL Settings fields
Traffic Log Syslog Settings screen appears see Figure
Traffic Log Syslog Settings fields
Configuring Http redirect using the Srem
Tracing SSL traffic using the Srem
Http Redirect screen 320818-A
Configuring Radius accounting using the Srem
Http Redirect fields
Configuring Nortel Snas 4050-specific attributes using
Radius accounting Configuration screen appears see Figure
Adding a Radius accounting server using the Srem
Managing Radius accounting servers using the Srem
Radius accounting Configuration fields
Radius Accounting Servers screen appears see Figure
Radius Accounting Servers screen
Moving a Radius accounting server using the Srem
Radius Accounting Server fields
Deleting a Radius accounting server using the Srem
Configuring the domain 320818-A
Chapter Configuring groups and profiles
Configuring groups and profiles
Overview
Groups
This section includes the following topics
Default group
Linksets
TunnelGuard SRS rule
Extended profiles
Configuring groups and extended profiles using the CLI
Create the SRS rules see TunnelGuard SRS Builder on
Roadmap of group and profile commands
To create and configure a group, use the following command
Configuring groups using the CLI
Cfg/domain 1/aaa/group group ID
Restrict
Cfg/domain 1/aaa/group # followed by
Extend profile ID
Comment comment
Tgsrs SRS rule name
Main# /cfg/domain 1/AAA/group
Configuring client filters using the CLI
Cfg/domain 1/aaa/filter filter ID
Cfg/domain 1/aaa/filter filter ID followed by
Client Filter menu includes the following options
Tg truefalseignore
Main# /cfg/domain 1/AAA/filter
Configuring extended profiles using the CLI
Cfg/domain 1/aaa/group group IDgroup name/extend
Extended Profile menu includes the following options
Cfg/domain 1/aaa/group #/extend # followed by
Filter name
Vlan name
Cfg/domain 1/aaa/group #/extend #
Linkset Del
Main# cfg/domain 1/aaa/group 2/extend
Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow
Mapping linksets to a group or profile using the CLI
Cfg/domain 1/aaa/group #/linkset
Cfg/domain 1/aaa/group #/extend #/linkset
Cfg/domain 1/aaa/group #/extend #/linkset followed by
Linksets# add example2
Main# cfg/domain 1/aaa/group 1/linkset
Linksets# insert 2 example3
Configuring groups and extended profiles using the Srem
Creating a default group using the CLI
Configuring groups using the Srem
This section contains the following topics
Using the guide for creating groups
Click a Guide to Create a Group on the toolbar
Adding a group
Groups screen 320818-A
Click Add Add a Group dialog box appears see Figure
Add a Group fields
Group Configuration screen appears see Figure
To configure a group, perform the following steps
Modifying a group
Configuring client filters using the Srem
Group Configuration fields
Adding a client filter
Client Filters screen appears see Figure
Click Add Add a Client Filter dialog box appears see Figure
Add a Client Filter fields Sheet 1
Check using the Srem on
Client filter Configuration screen appears see Figure
To configure a client filter, perform the following steps
Modifying a client filter
Client Filters configuration fields
Configuring extended profiles using the Srem
Adding an extended profile
Extended Profiles screen appears see Figure
Add an Extended Profile screen
Add an Extended Profile fields
Extended profiles Configuration screen appears see Figure
Modifying an extended profile
Mapping linksets to a group or profile using the Srem
Extended Profile Configuration fields
Mapping linksets to a group
Linksets screen for a group
To add a linkset to a group, perform the following steps
Adding linksets to a group
Add a Linkset fields
Removing linksets from a group
Reordering linksets in a group
Mapping linksets to a profile
Linksets screen for an extended profile
Adding linksets to an extended profile
Removing linksets from an extended profile
Reordering linksets in an extended profile
Creating a default group using the Srem
AAA Configuration screen 320818-A
AAA Configuration fields
Configuring groups and profiles 320818-A
Chapter Configuring authentication
Configuring authentication
Before you begin
Configuring authentication using the CLI
Roadmap of authentication commands
Cfg/domain 1/aaa
Command
Configuring authentication methods using the CLI
Cfg/domain 1/aaa/auth auth ID
Radiusldaplocal
Cfg/domain 1/aaa/auth auth ID followed by
Display
Local accesses the Local database menu
Configuring Radius authentication using the CLI
Cfg/domain 1/aaa/auth #/adv
Cfg/domain 1/aaa/auth #/adv followed by
Groupauth auth IDs
Adding the Radius authentication method using the CLI
You can perform the following configuration tasks
Configuring authentication
Main# /cfg/domain 1/aaa/auth
Modifying Radius configuration settings using the CLI
Cfg/domain 1/aaa/auth #/radius
Cfg/domain 1/aaa/auth #/radius followed by
Type
Managing Radius authentication servers using the CLI
Timeout interval
Radius servers menu displays
Sessiontim
Radius servers menu includes the following options
Cfg/domain 1/aaa/auth #/radius/servers followed by
Configuring session timeout using the CLI
Configuring Ldap authentication using the CLI
Cfg/domain 1/aaa/auth #/radius/sessiontim
Adding the Ldap authentication method using the CLI
Configuring authentication
Modifying Ldap configuration settings using the CLI
Cfg/domain 1/aaa/auth #/ldap
Cfg/domain 1/aaa/auth #/ldap followed by
Ldap menu displays Ldap menu includes the following options
Do not use the isdbinddn and isdbindpas
SAMAccountName=bill . The user’s login
Isdbindpas password
Userattr names
Ou=Users, dc=example, dc=com .
Enauserpre truefalse
Enaldaps truefalse
Activedire
Managing Ldap authentication servers using the CLI
Cfg/domain 1/aaa/auth #/ldap/servers
Removes the specified Ldap server from the current
Cfg/domain 1/aaa/auth #/ldap/ldapmacro
Managing Ldap macros using the CLI
Cfg/domain 1/aaa/auth #/ldap/ldapmacro followed by
Add variable name
Ldap attribute
Prefix suffix
Variable name
Managing Active Directory passwords using the CLI
Set the Active Directory settings using
Active Directory Settings menu displays
Cfg/domain 1/aaa/auth #/ldap/activedire command
Configuring local database authentication using the CLI
Configuring authentication
Authentication menu commands local database
Managing the local database using the CLI
You can add users to the database in two ways
Local database menu displays
Cfg/domain 1/aaa/auth #/local
Cur group command
Local database menu includes the following options
Cfg/domain 1/aaa/auth #/local followed by
TAB or use the /cfg/domain 1/aaa
Import protocol
Server filename key
Specifying authentication fallback order using the CLI
Export protocol
Cfg/domain 1/aaa/authorder auth ID,auth ID
Main# /cfg/domain 1/aaa/authorder
Configuring authentication using the Srem
Configuring authentication methods using the Srem
Authentication Server Table appears see Figure
Configuring Radius authentication using the Srem
Add an Authentication Server Radius 320818-A
Adding the Radius method and server
Modifying Radius configuration
Add an Authentication Server Radius fields
Modifying Radius method settings
Configuration 320818-A
Configuration fields
Modifying Radius configuration settings
Radius Configuration screen appears see Figure
Radius Configuration fields
Configuring authentication Radius Configuration fields
Managing additional Radius servers
Adding a Radius server
Add a Radius Server fields
Reordering additional Radius servers
Configuring authentication Add a Radius Server fields
Removing a Radius server
Configuring Ldap authentication using the Srem
Next steps
Add an Authentication Server Ldap fields
Adding the Ldap method and server
Modifying Ldap configuration
Modifying Ldap method settings
Configuration fields
Modifying Ldap configuration settings
Ldap Configuration screen appears see Figure
Ldap Configuration fields
Ou=Users, dc=example, dc=com. The user
Cn=Users, dc=example, dc=com
Configuring authentication Ldap Configuration fields
Active Directory, on
Managing additional Ldap servers
Click Apply
Adding an Ldap server
Add an Ldap Server fields
Reordering additional Ldap servers
Removing an Ldap server
Managing Ldap macros
Ldap Macros
Adding Ldap macros
Add an Ldap Macro fields
Reordering Ldap macros
Removing Ldap macros
Configuring local database authentication using the Srem
Populate the database see Populating the database on
Adding the Local method
Add an Authentication Server Local fields
Database on
Populating the database
Adding users to the local database
You can populate the Local database in two ways
Local Users screen appears see Figure
Click Add Add a Local User dialog box appears see Figure
Add a Local User fields
Configuring authentication
Importing a database
Import Local User Database 320818-A
Modifying Local database configuration
Import Local User Database fields
Modifying Local method settings
Modifying local users
Local Users screen appears see on
Local Users Configuration 320818-A
Modifying local user passwords
Local Users Configuration fields
Select the Local User Configuration tab
Local Users Local User Configuration 320818-A
Local Users Local User Configuration fields
Exporting the database
Export Local User Database 320818-A
Export Local User Database fields
Specifying authentication fallback order using the Srem
Authentication Server Order
Saving authentication settings
Chapter TunnelGuard SRS Builder
Configuring SRS rules
TunnelGuard user interface
TunnelGuard SRS Builder
\tunnelguard\tg.txt
Menu commands
File menu
Software Definition menu
Describes important items from the File menu
Software Definition Entry menu
Software Definition Entry menu items Sheet 1
TunnelGuard Rule menu
Tool menu
Describes important items from the TunnelGuard Rule menu
Describes important items from the Tool menu
SRS definition toolbar
SRS Definition toolbar item descriptions
SRS Components table
Software Definition Available SRS list
SRS Components table items
Customizing a component
WINNT%\xxx.dll
Memory snapshot
TunnelGuard Rule Definition screen
SRS Rule toolbar
Memory snapshot item descriptions
SRS Rule list
SRS Rule Expression Constructor
Available Expression list
Rule Expression Constructor
Managing TunnelGuard rules and expressions
Creating a software definition
Adding entries to a software definition
Selecting modules or files from running processes
Create New Memory Module SRS window
For more information, see Making API calls on
Selecting file on disk
Select the TunnelGuard Rule Definition tab
Create New on Disk SRS Entry window
Creating logical expressions
Click the TunnelGuard Rule Definition tab
TunnelGuard Rule Definition tab
Click the Form TunnelGuard Rule Expression button
Available Expressions screen
New SRS Rule window
TunnelGuard Rule Name screen
Registry-based rules
Registry-only SRS entry
Describes supported operands for integer values
Supported integer operands
Constructs for string based regular expressions Sheet 1
String regular expression Description
Creating a registry entry
Enter the Key Value Data Expression
Registry-based File/Module
TunnelGuard SRS Builder Registry Entry
Manually creating SRS entries
Manually creating an OnDisk file entry
Create new OnDisk SRS Entry
Manually creating a Memory Module entry
Create New Memory Module SRS Entry page opens see on
Create new Memory Module SRS entry
File age check
Adding a TunnelGuard rule comment
Adding comments
TunnelGuard SRS Builder Date/Time Range
Deleting SRS rules and their components
Adding a software definition comment
Deleting a software definition
Deleting a software definition entry
Deleting a TunnelGuard rule
Deleting an expression
TunnelGuard support for API calls
Making API calls
TunnelGuard SRS Builder 320818-A
Chapter Managing system users and groups
Managing system users and groups
User rights and group membership
Group membership and user rights
Roadmap of system user management commands
Managing system users and groups using the CLI
Cfg/sys/user
User menu displays User menu includes the following options
Managing user accounts and passwords using the CLI
Cfg/sys/user followed by
Del username
Add username
Edit username
Managing user settings using the CLI
Caphrase
Managing user groups using the CLI
Password user
Password confirm User password
Cfg/sys/user/edit username
CLI configuration examples
Adding a new user
This section includes the following detailed examples
Cfg/sys/user/edit username/groups
Access the User Menu
Main# /cfg/sys/user
User# edit certadmin
Apply the changes
Verify and apply the changes
User# edit admin
Changing a user’s group assignment
Changing passwords
Changing your own password
Changing another user’s password
Type the password command to initialize the password change
Deleting a user
Managing user accounts using the Srem
Managing system users and groups using the Srem
To manage users, choose from one of the following tasks
User Table
Adding new user accounts
Click Add Add a User dialog box appears see Figure
To remove an existing user, perform the following steps
Removing existing user accounts
Add a User fields
Setting password expiry using the Srem
Password Setting 320818-A
Password Settings fields
Changing your password using the Srem
Change Your Password 320818-A
Changing another user’s password using the Srem
Click Change Password
Only the admin user can change the passwords of other users
Change Your Password fields
Change User Password 320818-A
Setting the certificate export passphrase using the Srem
Change User Password fields
Set Certificate Export PassPhrase screen appears see Figure
Set Certificate Export PassPhrase 320818-A
Click Set Pass Phrase
Managing user groups using the Srem
Set Certificate Export PassPhrase fields
Choose from the following tasks to manage users groups
Adding a user group
To add a new user group, perform the following steps
Click Add Add a User Group dialog box appears see Figure
Removing a user group
Add a User Group fields
Managing system users and groups
Chapter Customizing the portal and user logon
Captive portal and Exclude List
Customizing the portal and user logon
Exclude List
Allowed regular expressions and escape sequences
String Usage Expressions
Portal display
Portal look and feel
Default appearance
Colors
Common colors, with hexadecimal codes Sheet 1
Color Hexadecimal code
Language localization
Content-Type text/plain charset=iso-8859-1/n
Linksets and links
Autorun linksets
Planning the linksets
Macros
Examples of redirection URLs and links
Automatic redirection to internal sites
Examples of redirection URLs and link text Sheet 1
Managing the end user experience
Automatic JRE upload
Roadmap of portal and logon configuration commands
Customizing the portal and logon using the CLI
Windows domain logon script
Number
Color2 code
Configuring the captive portal using the CLI
Configuring the Exclude List using the CLI
DNS Exclude menu displays
Cfg/domain 1/dnscapt
DNS Exclude menu includes the following options
Changing the portal language using the CLI
Cfg/domain 1/dnscapt/exclude followed by
Language Support menu displays
Configuring language support using the CLI
Cfg/lang
Cfg/lang/import command
Language Support menu includes the following options
Cfg/lang followed by
Server filename
Setting the portal display language using the CLI
Cfg/domain 1/portal/lang
Cfg/domain 1/portal/lang followed by
Cfg/domain 1/portal/lang/list
Configuring the portal display using the CLI
Restore
Cfg/domain 1/portal
Cfg/domain 1/portal followed by
Logintext text
Redirect URL
Linktext text
Linkurl onoff
Linkcols columns
Linkwidth width
Portal Colors menu displays
Changing the portal colors using the CLI
Cfg/domain 1/portal/colors
Configuring custom content using the CLI
Portal Custom Content menu displays
Cfg/domain 1/portal/content
Portal Colors menu includes the following options
Portal Custom Content menu includes the following options
Cfg/domain 1/portal/content followed by
Tftpftpscpsftp. The default is tftp
Available
Configuring linksets using the CLI
Cfg/domain 1/linkset linkset ID
Linkset menu includes the following options
Cfg/domain 1/linkset linkset ID followed by
Text text
Autorun truefalse
Configuring links using the CLI
Cfg/domain 1/linkset linkset ID/link index
Cfg/domain 1/linkset linkset ID/link index followed by
Link menu includes the following options
Move new index
Configuring external link settings using the CLI
Configuring FTP link settings using the CLI
Cfg/domain 1/linkset linkset ID/link index/ external/quick
Cfg/domain 1/linkset linkset ID/link index/ ftp/quick
Configuring the captive portal using the Srem
Customizing the portal and logon using the Srem
Enabling DNS capture
DNS Capture screen includes the following components
DNS Capture fields
Click Add Entry appears in the DNS Exclude List
Configuring the DNS Exclude List using the Srem
Add DNS Domain fields
Changing the portal language using the Srem
Configuring language support using the Srem
Select the System Language tab
Languages sub-tabs appear see Figure
Choose from one of the following tasks
Viewing predefined languages
To view custom languages, use the following procedure
Viewing and removing custom languages
Click the Import/Export Definition tab
Importing and exporting language definitions
Import/Export Definition screen appears see Figure
Import/Export Definition fields
Setting the portal display language using the Srem
Configuring the portal display using the Srem
Language fields
Configuring content
Portal Configuration tab appears see Figure
Portal Configuration fields
Sites, see on
Importing banners
Import Banner screen 320818-A
Import Banner fields
Changing the portal colors using the Srem
Color Settings screen 320818-A
Color Settings fields
Configuring custom content using the Srem
Viewing basic information about custom content
Basics screen appears see Figure
Basics fields
To import custom content, perform the following steps
Importing custom content
Import Content screen appears see Figure
Import Content fields
To export custom content, perform the following steps
Exporting custom content
Export Content screen appears see Figure
Configuring linksets using the Srem
Export Content fields
To create a linkset, perform the following steps
Creating a linkset
Portal Links screen appears see Figure
Click Add Add a Linkset dialog box appears see Figure
Add a Linkset
Modifying a linkset
Linkset Configuration screen appears see Figure
To modify a linkset, perform the following steps
Linkset Configuration fields
See Linksets and links on
Configuring links using the Srem
To create an external link, perform the following steps
Creating an external link using the Srem
Links screen appears see Figure
Click Add Add a Portal Link dialog box appears see Figure
Add a Portal Link fields
Creating an FTP link using the Srem
To create an FTP link, perform the following steps
Add a Portal Link FTP
Add a Portal Link FTP fields
External link Configuration screen appears see Figure
Modifying external link settings using the Srem
To modify a link, perform the following steps
External link Configuration fields
Reordering links using the Srem on
Modifying FTP link settings using the Srem
FTP link Configuration screen appears see Figure
Reordering links using the Srem
FTP link Configuration fields
Re Order Links screen appears see Figure
Re Order Links fields
Customizing the portal and user logon 320818-A
Chapter Configuring system settings
Configuring system settings
Configuring the cluster using the CLI
Cfg/sys
Roadmap of system commands
Parameter
Health interval
Show
Cfg/sys followed by
Configuring system settings using the CLI
Rsa server ID
Configuring the Nortel Snas 4050 host using the CLI
Cfg/domain #/server/trace/ssldump
Cfg/domain #/server/trace/tcpdump
Cfg/sys/host host ID
Cluster Host menu includes the following options
Cfg/sys/host host ID followed by
/cfg/sys/host #/interface #
Interface number
Ports
Ports = 1,23
Hwplatform
Halt
Cfg/sys/cur command
Reboot
Cfg/sys/host #/delete
Configuring host interfaces using the CLI
Viewing host information
Cfg/sys/host host ID/interface interface ID
Cfg/sys/host #/interface interface ID
Cfg/sys/host #/interface interface ID followed by
Vlanid tag
Mode
Failovertrunking
Configuring static routes using the CLI
Primary port
Cfg/sys/routes
Cfg/sys/host host ID/routes
Configuring host ports using the CLI
Cfg/sys/host #/interface #/routes followed by
Add IPaddr mask
Gateway
Managing interface ports using the CLI
Host Port menu includes the following options
Cfg/sys/host #/port port followed by
Cfg/sys/host #/interface interface ID/ports
Configuring the Access List using the CLI
Cfg/sys/host #/ports command see
Cfg/sys/accesslist
Interface Ports menu includes the following options
Configuring date and time settings using the CLI
Cfg/sys/accesslist followed by
Date and Time menu displays
Add IPaddr mask
Managing NTP servers
Date and Time menu includes the following options
NTP Servers menu displays
Cfg/sys/time followed by
Configuring DNS servers and settings using the CLI
NTP Servers menu includes the following options
Cfg/sys/time/ntp followed by
Cfg/sys/dns
Retransmit interval
Count count
Ttl ttl
Health interval
Cfg/sys/dns/servers
Managing DNS servers
Cfg/sys/dns/servers followed by
Configuring RSA servers using the CLI
RSA Servers menu displays Switch Software Release
Move index number new index number
Cfg/sys/rsa
Configuring syslog servers using the CLI
RSA Servers menu includes the following options
Syslog Servers menu displays
Cfg/sys/rsa followed by
Syslog Servers menu includes the following options
Cfg/sys/syslog followed by
Facility
Syslog.conf under Unix
Configuring administrative settings using the CLI
Administrative Applications menu displays
Cfg/sys/adm
Cfg/sys/adm followed by
Srsadmin
Audit
Auth
Telnet onoff
Enabling TunnelGuard SRS administration using the CLI
Configuring Nortel Snas 4050 host SSH keys using the CLI
Cfg/sys/adm/srsadmin
Cfg/sys/adm/srsadmin followed by
Cfg/sys/adm/sshkeys
Cfg/sys/adm/sshkeys followed by
Draft-ietf-secsh-publickeyfile
Knownhosts
Managing known hosts SSH keys using the CLI
SSH Known Host Keys menu displays
SSH Known Host Keys menu includes the following options
Cfg/sys/adm/sshkeys/knownhosts
About Radius auditing
Configuring Radius auditing using the CLI
About the vendor-specific attributes
Configuring Radius auditing
Map this string to the Vendor-Type value
NSNAS-SSL-Audit-Trail
Cfg/sys/adm/audit
Managing Radius audit servers using the CLI
Radius Audit Servers menu displays
Radius Audit Servers menu includes the following options
Cfg/sys/adm/audit/servers
Adds a Radius audit server to the configuration. You
Configuring authentication of system users using the CLI
Cfg/sys/adm/auth
Fallback onoff
Radius Authentication Servers menu displays
Cfg/sys/adm/auth/servers
Cfg/sys/adm/auth/servers followed by
Configuring the cluster using the Srem
Select the System Configuration tab
Configuring system settings using the Srem
System Configuration screen appears see Figure
Configuring a Nortel Snas 4050 host using the Srem
System Configuration fields
Hosts
Viewing and configuring TCP/IP properties
Host
Viewing and installing host licenses
Host fields
Viewing global licenses for all hosts
Describes the Global Licenses fields
Global Licenses fields
Viewing per domain licenses for all hosts
Describes the Per Domain Licenses fields
Per Domain Licenses fields
Viewing installed licenses for a particular host
Installing a license for a particular host
Install New License
Configuring host interfaces using the Srem
To continue, choose one of the following procedures
Adding a host interface
To create a host interface, perform the following steps
Select the System Hosts host Interfaces tab
Add an Interface fields
Configuring system settings Add an Interface fields
Click Apply New interface appears in the Interfaces table
Configuring an existing host interface
Interface fields
Link is transferred back to the primary port
Removing a host interface
Configuring static routes using the Srem
To delete a host interface, perform the following steps
Viewing static routes for a cluster
IP Routes
Viewing static routes for a host
Routes
Viewing static routes for an interface
Managing static routes
Adding a static route
Add Route fields
Removing a static route
Configuring host ports using the Srem
Ports
Port
Port fields
Managing interface ports using the Srem
Removing interface ports
Adding interface ports
Add a Port fields
Configuring the access list using the Srem
Adding an access list entry
Access List Table appears see Figure
Select the System Access List tab
Access List Table appears see on Click Add
Add Access Host dialog box appears see Figure
Removing an Access List entry
Add Access Host fields
Managing date and time settings using the Srem
Date & Time
Select the System Date & Time tab
Configuring the date and time settings
Date & Time fields
Select the System Date and Time tab
Adding an NTP server
Add NTP Server fields
Removing an NTP server
Select the System DNS Client Settings tab
Configuring DNS settings using the Srem
DNS Client Settings screen appears see Figure
DNS Client Settings fields
Configuring servers using the Srem
Managing syslog servers
Adding a new syslog server
From this screen, complete the following tasks as necessary
Click Add Add Syslog Server dialog box appears see Figure
Add Syslog Server fields
Reordering a new syslog server
Removing an existing syslog server
Adding a DNS server on Removing an existing DNS server on
Select the System Servers DNS Servers tab
Adding a DNS server
Add DNS Server fields
Removing an existing DNS server
Managing RSA servers
RSA Server Table
To configure RSA servers, perform the following steps
Adding an RSA server
Select the System Servers RSA Server Table tab
Add RSA Server fields
Removing an existing RSA server
Removing the RSA node secret
Describes the RSA Server fields
RSA Server fields
Click Remove Secret Node
Importing sdconf.rec
Select an RSA server from the RSA Server Table
Select the Import sdconf.rec tab
Import sdconf.rec screen appears see Figure
Configuring administrative settings using the Srem
Import sdconf.rec fields
Configuring SRS control settings using the Srem
Select from one of the following tasks
Configuring Nortel Snas 4050 host SSH keys using
Add SSH Key fields
Showing SSH keys
Show SSH Keys
Configuring system settings
Managing Nortel Snas 4050 and known host SSH keys
Click Generate SSH Keys
SSH Keys Hosts field
Adding an SSH key for a known host using the Srem
Add SSH Key
Managing Radius audit settings using the Srem
About the vendor-specific attributes
Configuring Radius auditing
Configuring Radius audit settings using the Srem
Radius audit Configuration
Describes the Add Audit Configuration fields
Add Audit Configuration fields
Managing Radius audit servers using the Srem
Select from the following tasks to manage the audit servers
Click Add Add Audit Server dialog box appears see Figure
Adding a new Audit Server
Add Audit Server fields
Removing an existing Radius audit server
Managing Radius authentication of system users using
Configuring Radius authentication of system users using
Radius Authentication Configuration fields
Managing Radius authentication servers using the Srem
Radius Server Table appears see Figure
Adding a Radius authentication server
Add Radius Server fields
Removing an existing Radius server
Configuring system settings 320818-A
Chapter Managing certificates
Managing certificates
Key and certificate formats
Supported key and certificate formats Sheet 1
320818-A
Installing certificates and keys
Creating certificates
Saving or exporting certificates and keys
Updating certificates
Managing private keys and certificates using the CLI
Roadmap of certificate management commands
Cfg/cert cert id
Managing and viewing certificates and keys using the CLI
Cfg/cert cert ID followed by
/cfg/cert #/show command
Cert #/export command
Generating and submitting a CSR using the CLI
Phrase
Cfg/cert #/request
CSR information
IPip-address
Emailemail-address
Email Address tester@dummyssltesting.com
Generating a CSR
Save the CSR to a file
Adding a certificate to the Nortel Snas 4050 using the CLI
Entire contents of the key, including
Add the certificate Enter the following command
Lines
Cfg/cert #/cert
Adding a certificate by pasting
Certificate added Certificate 2# apply
Add the private key Enter the following command
Adding a private key to the Nortel Snas 4050 using the CLI
Cfg/cert #/key
Adding a private key by pasting
Cfg/cert #/import
Certificate and key import information
Admin@hostname.isd
Anonymous
Displaying or saving a certificate and key using the CLI
Cfg/cert #/display
Copy the private key, certificate, or both, as required
Displaying a private key and certificate
Cfg/cert #/export
Certificate and key export information
About the formats, see Key and certificate formats on
Generating a test certificate using the CLI
Cfg/cert #/test
Managing private keys and certificates using the Srem
Viewing certificates using the Srem
Certificates screen
Creating a certificate using the Srem
To create a certificate, perform the following steps
Select the Certificates Certificates tab
Add a Certificate Component fields
Managing certificates
Generating and submitting a CSR using the Srem
To generate a CSR, perform the following steps
CA Request fields
Importing a certificate or key using the Srem
Import Certificate screen 320818-A
Displaying or saving a certificate and key using the Srem
Import Certificate fields
Display Certificate screen 320818-A
Display Certificates fields
Export Certificate screen 320818-A
Export Certificate fields
Viewing certificate information using the Srem
Viewing configuration details
Describes the certificate Configuration fields
Configuration screen appears see Figure
Certificate Configuration fields
Managing certificates Certificate Configuration fields
Viewing general information
Describes the Info fields
Info screen appears see Figure
Info fields
Viewing certificate subject settings
Managing certificates Info fields
Describes the Subject fields
Subject screen appears see Figure
Subject fields
Managing certificates Subject fields
Chapter Configuring Snmp
Configuring Snmp
Configuring Snmp using the CLI
Cfg/sys/adm/snmp
Roadmap of Snmp commands
Configuring Snmp settings using the CLI
Snmp menu displays Snmp menu includes the following options
SNMPv2-MIBmenu displays
Configuring the Snmp v2 MIB using the CLI
Cfg/sys/adm/snmp/snmpv2-mib
Configuring the Snmp community using the CLI
SNMPv2-MIBmenu includes the following options
Cfg/sys/adm/snmp/snmpv2-mib followed by
Cfg/sys/adm/snmp/community
Configuring SNMPv3 users using the CLI
Cfg/sys/adm/snmp/users user ID
Md5 Sha
Des Aes
Snmp User menu includes the following options
Cfg/sys/adm/snmp/users user ID followed by
Notification Target menu displays
Configuring Snmp notification targets using the CLI
Cfg/sys/adm/snmp/target target ID
Configuring Snmp events using the CLI
Notification Target menu includes the following options
Event menu displays
Version v1v2cv3
Event menu includes the following options
Cfg/sys/adm/snmp/event followed by
Options -b name
OID op value
OID value
Options -t name
Event
Options -x name
OID
Comment name
Notification
Configuring Snmp settings using the Srem
This section contains information about the following topics
Configuring Snmp using the Srem
To configure SNMP, perform the following steps
Snmp Configuration fields
Sonmp
Configuring Snmp targets using the Srem
To add an Snmp target, perform the following steps
Adding Snmp targets
Snmp Target Table appears see Figure
Click Add Add Snmp Target dialog box appears see Figure
Add Snmp Target 320818-A
Snmp Target fields
Managing Snmp targets
Target Settings screen appears see Figure
To manage Snmp targets, perform the following steps
Removing Snmp targets
Configuring SNMPv3 users using the Srem
To add an SNMPv3 user, perform the following steps
Adding SNMPv3 users
SNMPv3 User Table appears see Figure
Click Add Add SNMPv3 User dialog box appears see Figure
Add SNMPv3 User 320818-A
Add SNMPv3 User fields
User Settings screen appears see Figure
Managing SNMPv3 users
User Settings fields Sheet 1
Configuring Snmp User Settings fields Sheet 2
Removing SNMPv3 users
Managing monitor events
Configuring Snmp events using the Srem
To manage monitor events, select from the following tasks
Adding monitor events
To add monitor events, perform the following steps
Viewing configuration details of monitor events
Add a Monitor fields
Boolean monitors
Removing monitor events
To delete a monitor event, perform the following steps
Add a Monitor Boolean
Boolean monitor fields Sheet 1
Configuring Snmp Boolean monitor fields Sheet 2
Threshold monitors
Threshold monitor fields
Existence monitors
Existence monitor fields Sheet 1
Managing notification events
Existence monitor fields Sheet 2
To add notification events, perform the following steps
Adding notification events
Notification Table screen appears see Figure
Add a Notification Event
Add a Notification Event fields
Removing notification events
To delete a notification event, perform the following steps
659
Roadmap of information and statistics commands
Viewing system information and performance statistics
Info
Stats
Viewing system information using the CLI
Information menu displays
Info followed by
Information menu includes the following options
Domain ID
Switchid
Info/mac command
Kick domain ID
Username
Info/ip command
Switch ID
Mac MACaddr
Username-prefix
Local
Ethernet
Viewing alarm events using the CLI
To view active alarms, use the following command
Info/events
Info/events followed by
Viewing log files using the CLI
Viewing AAA statistics using the CLI
To view and download log files, use the following command
Logs menu displays Logs menu includes the following options
Stats/aaa
Stats/aaa followed by
Total
Isdhost host ID
Main# stats/aaa/dump
Viewing local information using the Srem
Viewing all statistics using the CLI
Stats/dump
Describes the Information fields
Information screen appears see Figure
Information fields
Viewing cluster information using the Srem
Viewing the controller list using the Srem
Describes the Controller List fields
Controller List fields
Viewing Sonmp topology information using the Srem
Describes the Sonmp State fields
Sonmp State fields
Viewing switch distribution using the Srem
Describes the Switch Distribution fields
Viewing port information using the Srem
Switch Distribution fields
Describes the Port Information fields
Port Information fields Sheet 1
Viewing license information using the Srem
Viewing global license information
Nortel Snas 4050, SSL is the only type of license
Viewing license information for a domain
Viewing session details using the Srem
Viewing active sessions using the Srem
Sessions screen
Describes the Sessions parameters
Sessions parameters
Viewing details for a particular session
Session Properties screen
Ending active user sessions
Describes the Session Properties parameters
Click KickOut
KickOut User fields
Describes the Number of Sessions fields
Viewing the number of active sessions using the Srem
Number of Sessions fields
Viewing alarms using the Srem
Viewing active alarms using the Srem
Active Alarms screen 320818-A
Describes the Active Alarms fields
Active Alarms fields
Downloading alarms using the Srem
Download Alarms screen 320818-A
Describes the Download Alarms fields
Managing log files using the Srem
Download Alarms fields
Viewing the log list using the Srem
Logs screen
Describes the Download fields
Downloading log files using the Srem
Download fields Sheet 1
Viewing AAA statistics using the Srem
Viewing AAA statistics for a host
Hosts table
License tab opens see on
For a description of the fields, seeTable
Viewing License statistics
License statistics Sheet 1
Viewing Radius statistics
Radius statistics 320818-A
Radius statistics
Viewing Local database statistics
Local DB statistics Sheet 1
Viewing Ldap statistics
Ldap statistics
Viewing AAA statistics for the domain
Statistics table
Select one of the following tasks
Viewing License statistics
For the Nortel Snas 4050, SSL is the only type of license
For a description of the fields, see Table
Viewing Radius Statistics Sheet 1
320818-A
Viewing Local database statistics
Logging Accepted Rejected
Viewing Ldap Statistics Sheet 1
Viewing Ethernet statistics using the Srem
Ethernet Interface table
For a description of the fields seeTable
Viewing Rx statistics
Viewing Rx statistics Sheet 1
Rx Frames Displays number of errors due to malformed packets
Viewing Tx statistics
Viewing Tx Statistics Sheet 1
Information, see Configuring host ports using the Srem
Page
Chapter Maintaining and managing the system
Maintaining and managing the system
Managing and maintaining the system using the CLI
Maint
Roadmap of maintenance and boot commands
Boot
Performing maintenance using the CLI
Maintenance menu displays
Maintenance menu includes the following options
Dumplogs protocol server filename all-isds?
Maint followed by
All-isds?
Starttrace tags
Domain ID output
Mode
Stoptrace
Backing up or restoring the configuration using the CLI
Cfg/dump passphrase
Configuration menu backup and restore commands
Cfg
Ptcfg protocol
Server filename passphrase
Cfg followed by
Gtcfg protocol
Passphrase
Dump passphrase
Managing Nortel Snas 4050 devices using the CLI
Boot menu displays Boot menu includes the following options
Boot followed by
Software
Cfg/sys/host #/reboot command instead
Cfg/sys/host #/delete command see
Cfg/sys/host #/delete command
Boot/software
Boot/software followed by
Activate command
Software Management menu includes the following options
Activate version
Managing and maintaining the system using the Srem
Performing maintenance using the Srem
Upgradecomplete.pkg
Ftp 10.0.0.1 pub/SSL-5.1.1
Dumping logs and status information using the Srem
Dumps
Click Dump
Starting and stopping a trace using the Srem
Dump fields
To start or stop a trace, perform the following steps
Start/Stop Trace fields
Checking configuration using the Srem
Click Check Configuration
Backing up or restoring the configuration using the Srem
Backup & Restore 320818-A
Backup & Restore fields
If you later restore the configuration, the Certificate
Managing software versions using the Srem
Image List
Following tasks are available from this screen
Describes the Image List fields
Image List fields
Select the System Boot Image List tab
Viewing details of the active software image
Activating a software image
Downloading images using the Srem
Removing an inactive software image
Maintaining and managing the system
Rebooting or deleting a Nortel Snas 4050 device using
Download Image fields
Reboot/Delete ISD Options
Downloading files using the Srem
Describes the File Download fields
File Download screen appears see Figure
File Download fields
Running Nortel Snas 4050 diagnostics using the Srem
Maintaining and managing the system File Download fields
Describes the Diagnostics fields
Diagnostics fields
Maintaining and managing the system 320818-A
Chapter Upgrading or reinstalling the software
Upgrading the Nortel Snas
Performing minor and major release upgrades
Upgrading or reinstalling the software
Downloading the software image using the CLI
Enter the host name or IP address of the server
Activating the software upgrade package
Admin@hostname/IP.isd
Nsnas
At the Software Management# prompt, enter
Log in again and verify the new software version
Reinstalling the software
Before you begin
Upgrading or reinstalling the software
Reinstalling the software from an external file server
Restarting Restarting system
Booting Login
Alteon WebSystems, Inc
When the installation is complete, remove the CD and reboot
Reinstalling the software from a CD
Run install-nsnas isd4050
Upgrading or reinstalling the software 320818-A
Chapter Command Line Interface
Command Line Interface
Connecting to the Nortel Snas
Establishing a console connection
Console configuration parameters
Procedure
Requirements
Enabling and restricting Telnet access
Establishing a Telnet connection
Enabling and restricting SSH access
Establishing a connection using SSH
Running Telnet
Running an SSH client
Accessing the Nortel Snas 4050 cluster
For more information, see How to get help on
User access levels
Command line history and editing
CLI Main Menu or Setup
Idle timeout
Command Line Interface
On page 780 illustrates the network configuration
Scenario
Configuration example
Network devices Sheet 1
Configuration example Network devices Sheet 2
Summarizes the VLANs for the Ethernet Routing Switch
VLANs for the Ethernet Routing Switch
Configure the network DNS server
Steps
Configure the network Dhcp server
Create a new Dhcp scope see Figure
Naming the new Dhcp scope 320818-A
Specify the IP address range for the Dhcp scope see Figure
Choosing to configure additional options 320818-A
Enter the IP address of the default gateway see Figure
Enter the IP address of the DNS server see Figure
Specifying the DNS server
Configure the network core router
Shows the Dhcp scopes created for use in this example
Configure the Ethernet Routing Switch 8300 using the CLI
Steps
Configuring the Nortel Snas 4050 pVIP subnet
Configuring the VoIP VLANs
Configuring the Red, Yellow, and Green VLANs
Enabling SSH
Configuring the Nsna uplink filter
Configuring the Nsna ports
Enabling Nsna globally
Add the uplink port
Configure the Ethernet Routing Switch
Setting the switch IP address
Configuring SSH
5510-48Tconfig# ssh
5510-48Tconfig#nsna nsnas 10.40.40.0/24
5510-48Tconfig#nsna vlan 240 color voip
Configure the Nortel Snas
Configuring the login domain controller filters
5510-48Tconfig-if#exit
5510-48Tconfig#nsna enable
Performing initial setup
10.40.40.1
Completing initial setup
Enable SRS administration
Enter a password for the admin user
Main# cfg/sys/adm/srsadmin/ena
Adding the network access devices
Main# cfg/domain 1/sshkey/generate
Group 1# /cfg/domain 1/aaa/tg/quick
TG#../group 1/tgsrs srs-rule-test
Adding the Ethernet Routing Switch
Add the switch manually
Import the public SSH key from the switch
Main# cfg/domain 1/switch 1 Creating Switch
Use the quick switch wizard
Main# cfg/domain 1/switch 2/sshkey/import
Main# cfg/domain 1/switch 1/vlan/add yellow
Switch Vlan# ../../vlan/add yellow
Enabling the network access devices
Main# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena
Switch 2# apply Changes applied successfully
Domain Vlan# apply Changes applied successfully
Configuration example 320818-A
Appendix a CLI reference
Using the CLI
Global commands
Paste
Exit
Quit
Netstat
Command line history and editing
Command stacking
You can use the following CLI command shortcuts
Command line history and editing options Sheet 2
CLI shortcuts
Command abbreviation
Tab completion
NTP Servers# ../../dns/servers
Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l
Using a submenu name as a command argument
Configuration# cur sys
Using slashes and spaces in commands
IP address and network mask formats
IP addresses
Network masks
Variables
Variables
CLI command reference
CLI Main Menu
Appendix a CLI reference
Information menu commands Sheet 1
Information menu
Certs
Sys
Statistics menu
Configuration menu
Configuration menu commands Sheet 1
Cfg/cert cert ID Name name
Cert
Cfg/domain Name name
Auth ID Radiusldaplocal
Auth #/adv Secondauth auth ID
Auth ID for Ldap
Cfg/domain #/aaa Servers
Auth #/ldap Searchbase
Auth #/ldap/activedire Truefalse
Expiredgro Group
Auth #/local Password group
Cfg/domain #/aaa Add user name
Passwd user name
Auth #/radius Vendorid vendor ID
Profile ID Access rule Number Linkset Del
Cfg/domain #/aaa Vendorid vendor ID
Auth #/radius Vendortype vendor
Type Ena Dis Cfg/domain #/aaa
Group #/extend # Del index number
Group #/linkset Del index number
Radacct Vpnattribu
Ena Dis Cfg/domain #/aaa List
Cfg/domain #/aaa/tg Quick
Recheck interval
Heartbeat interval
Cfg/domain #/adv Interface interface
Restore
Cfg/domain #/linkset Name name
Linkset ID Text text
Linkset #/link index Text text
Content Server filename
Cfg/domain #/portal Color1 code
Colors Color2 code
Lang Charset
Cfg/domain #/server Sysloghost IPaddr
Adv/traflog Udpport port
Protocol
Ssl2ssl3ssl23tls1
Cfg/domain #/switch Name name
Switch ID Type ERS8300ERS5500
Switch #/dis
Switch #/ena
Cfg/domain #/vlan Add name Vlan ID
Passphrase
Cfg/gtcfg protocol
Passphrase Cfg/lang Import protocol
Cfg/sys/accesslist List
Add IPaddr mask
Cfg/sys/adm Snmp
Sonmp onoff
Cfg/sys/adm/auth List
Shared secret
Cfg/sys/adm/snmp Ena
Versions v1v2cv3
Snmpv2-mib SnmpEnable
Disabledenabled Cfg/sys/adm/snmp Ip IPaddr
Cfg/sys/adm/snmp Addmonitor
Event Options -b name
Cfg/sys/adm/snmp Name name
Users user ID Seclevel
Dis Cfg/sys/adm/sshkeys Generate
Knownhosts
Mode fullhalf Cfg/sys/host #/routes
Cfg/sys/dns/servers List
Interface #/ports Del port
Add port Cfg/sys/host # List
Cfg/sys/host Ip IPaddr
Host ID SysName name
SysLocatio
Cfg/sys/rsa Rsaname name
Add IPaddr Cfg/sys/user Password old
Password new
Password confirm
Username Password user
Boot menu
Boot menu commands
Boot Software
Reboot Delete Boot/software Cur
Maintenance menu
Maintenance menu commands
Maint Dumplogs protocol
All-isds?
Chapter Troubleshooting
Troubleshooting tips
Cannot connect to the Nortel Snas 4050 using Telnet or
Verify the current configuration
Enable Telnet or SSH access
Check the Access List
Check the IP address configuration
# /cfg/cur sys
Cannot add the Nortel Snas 4050 to a cluster
Cannot contact the MIP
Main# /cfg/sys/accesslist/add
Add Interface 1 IP addresses and the MIP to the Access List
Enter network address IP address Enter netmask network mask
Telnet or SSH connection to the MIP
Nortel Snas 4050 stops responding
Console connection
User password is lost
Administrator user password
Operator user password
Root user password
Boot user password
Trace tools
User fails to connect to the Nortel Snas 4050 domain
Main# maint/starttrace
Sample output for the trace command
Tag Description Sample output
Installed certificates
System diagnostics
Network diagnostics
Cluster Host 1# cur
Main# /cfg/sys/cur
Main# /stats/dump
Main# /info/ethernet
Active alarms and the events log file
Error log files
Troubleshooting
Appendix B Syslog messages
Syslog messages by message type
Lists the Emerg operating system messages
Operating system OS messages
Lists the operating system Critical messages
System Control Process messages
Operating system messages Error
Lists the operating system Emerg messages
About alarm messages
Alarm severity and syslog level correspondence
Lists the System Control Process Info messages
System control process messages Info
System Control Process messages Alarm
Alarm
Audit/ena command
About event messages
System Control Process messages Event
With /cfg/sys/cur
Lists the Traffic Processing Error messages
Traffic Processing messages Error Sheet 1
Traffic Processing Subsystem messages
Lists the Traffic Processing Critical messages
Css error reason
Traffic Processing messages Error Sheet 3
Lists the Traffic Processing Warning messages
Traffic Processing messages Warning
Domain #/server/portal
Lists the Traffic Processing Info messages
Start-up messages
Traffic Processing messages Info
Lists the AAA Error messages
AAA messages Error
AAA subsystem messages
Lists the Start-up Info messages
AAA messages Info Sheet 1
Log value Message Category Contains
There are two categories of Nsnas subsystem messages
Nsnas subsystem messages
AAA messages Info Sheet 2
Lists the Nsnas Error messages
Nsnas Error
Lists the Nsnas Info messages
Nsnas Info Sheet 1
Syslog messages in alphabetical order
Lists the syslog messages in alphabetical order
Nsnas Info Sheet 2
Syslog messages in alphabetical order Sheet 1
Sys/adm/audit/ena command
Error Nsnas
Syslog messages in alphabetical order Sheet 3
Info AAA
Error AAA
Syslog messages in alphabetical order Sheet 5
Authenticate is set to off
Cfg/domain #/server/portal
Syslog messages in alphabetical order Sheet 7
Root filesystem repaired
Syslog messages in alphabetical order Sheet 9
Unable to use the certificate for
Supported MIBs
Following MIBs are supported by the Nortel Snas
ANAifType-MIB
SNMPv2-MIB
Appendix C Supported MIBs
Supported MIBs Sheet 1
Supported MIBs Sheet 2
ALTEON-ISD-SSL-MIB
CLI, using the /cfg/sys/adm/snmp/target command
Appendix C Supported MIBs Supported MIBs Sheet 3
Use the CLI command /cfg/sys/adm/snmp/snmpv2-mib
Supported traps
Describes the traps supported by the Nortel Snas
Supported traps
Appendix C Supported MIBs 320818-A
Appendix D Supported ciphers
Supported ciphers
Appendix D Supported ciphers
Install All Administrative Tools Windows 2000 Server
Register the Schema Management dll Windows Server
Click Start and select Run
Nortel Secure Network Access Switch 4050 User Guide
Create a shortcut to the console window
Permit write operations to the schema Windows 2000 Server
Select a Title for the Program page displays
Nortel Secure Network Access Switch 4050 User Guide
Create the new class
Add isdUserPrefs attribute to nortelSSLOffload class
Add the nortelSSLOffload Class to the User Class
320818-A
Appendix F Configuring Dhcp to auto-configure IP Phones
Appendix F Configuring Dhcp to auto-configure IP Phones
Configuring IP Phone auto-configuration
Creating the Dhcp options
Dhcp Management Console
Predefined Options and Values dialog box opens see Figure
Click Add Option Type dialog box opens see on
Option Type dialog box
Option Type dialog box field values for Vlan Information
Scope Options dialog box displays see Figure
Scope Options dialog box
Call Server Information string parameter values
Setting up the IP Phone
Vlan ID Information string parameter values
Page
Configuring the logon script
Create the logon script see Creating a logon script on
Creating a logon script
Using Windows, open a plain text editor, such as Notepad
Creating the script as a batch file
Assigning the logon script
Creating the script as a VBScript file
Right-click the Default Domain Policy and select Edit
Double-clickDefault Domain Policy
On the Group Policy tab, click Open
Appendix H Software licensing information
GNU General Public License
Appendix H Software licensing information
Appendix H Software licensing information
Appendix H Software licensing information
Apache Software License, Version
Bouncy Castle license
Symbols
Index
Index
Index
DNS
Index
Local authentication database Add users
Cannot contact
Index
See also SRS rule
SSL
Index
Index
