Registry-based rules | Nortel Networks 4050 specs

338Chapter 7 TunnelGuard SRS Builder

Registry-based rules

TunnelGuard Agent supports checking of on-disk files, running processes, hash checking, and version numbers to verify installed software packages. Reading the registry settings on a client’s PC is another way of checking software packages and their installed state.

The following sections provide details on registry-based rules:

•“Registry-only SRS entry” on page 338

•“Creating a registry entry” on page 341

•“Registry-based File/Module” on page 342

•“Manually creating SRS entries” on page 343

Registry-only SRS entry

Both TunnelGuard Agent and TunnelGuard administrator applet support registry-checking functionality. The administrator tool applet is used to add registry key checks into SRS entries. You can check for the existence of certain registry keys and enforce their values on a desktop PC before allowing access to the network. One SRS entry holds any number of registry key checks, just as one SRS entry holds any number of file checks. Contrary to file and process checks, registry key checks do not have hash checking, date, and version number checking enabled. However, you can combine registry key checking entry with any other type of checking, such as process check or on-disk entry check.

Registry-based rules are most useful in instances where rules are created based on Registry Key Values. TunnelGuard supports simple regular expressions-based rules for Registry Key Values.

TunnelGuard Agent leverages the advantage of being a Java-based application and uses the pattern and regular expression support available in JRE. It provides all of the relevant pattern-matching facility based on regular expressions provided by JRE.

Registry Key Values of type string and integer are supported. Binary data type for Registry Key Values is not supported.

320818-A

Image 338

Nortel Networks 4050 manual Registry-based rules, Registry-only SRS entry

Contents

Nortel Secure Network Access Switch 4050 User Guide Copyright Nortel Networks Limited 2005. All rights reserved 320818-A Nortel Secure Network Access Switch 4050 User Guide Licensing General Contents Managing the network access devices Contents Configuring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Preface Connect the switch to the networkBefore you begin Text conventions Bold text Plain Courier text Related informationPublications Example Set Trap Monitor Filters How to get help Online Preface Nortel SNA solution This chapter includes the following topics Overview Elements of the Nsna solutionSupported users Role of the Nortel Snas Nortel Snas 4050 functions Nortel SNA VLANs and filters Groups and profiles Authentication methods TunnelGuard host integrity check Communication channels in the Nortel SNA network Communication channelsAbout SSH Nortel Snas 4050 clusters RSA DSA One-armed and two-armed configurations One-armed configuration Two-armed configuration Nortel SNA configuration and management tools Illustrates a two-armed configuration Nortel Snas 4050 configuration roadmap Configure the network Dhcp server Overview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup Portal Virtual IP address About the IP addressesManagement IP address Login admin Password admin Initial setupLog on using the following username and password Real IP address Enter port number for the management interface Setup Menu displaysSelect the option for a new installation Enter network mask 255.255.255.0 mask Enter Vlan tag id or zero for no Vlan Setup a two armed configuration yes/no no Enter default gateway IP address or blank to skip Enter IP address for this machine on traffic interface Specify the MIP for this device or clusterEnter port number for the traffic interface Enter a timezone or select select timezone Specify the DNS server, if applicable Configure the time settingsSpecify the NTP server, if applicable Enter NTP server address or blank to skip IPaddr Specify a name for the Nortel Snas 4050 domain Change the admin user password, if desiredSpecify the pVIP of the Nortel Snas 4050 device Create http to https redirect server no Settings created by the quick setup wizard Adding a Nortel Snas 4050 device to a cluster Extended profile details Before you begin Joining a cluster Select the option to join an existing cluster Enter network mask 255.255.255.0 mask Enter the existing admin user password password Specify the MIP of the existing cluster Setup successful Login Next steps Applying and saving the configuration Cfg/dump Applying and saving the configuration using the CLIApplying and saving the configuration using the Srem Cfg/ptcfg Apply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Managing network access devices using the CLI Roadmap of domain commands Reset Specify the IP address of the network access device Adding a network access device using the CLIUsing the quick switch setup wizard Cfg/domain 1/quick Go to on Nsna communication port5000 Red vlan id of Switch Vlan ID To continue, go to on Cfg/domain #/switch switch ID Manually adding a switchSwitch menu displays Deleting a network access device using the CLI Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete Configuring the network access devices using the CLI Ip IPaddr Switch menu includes the following optionsCfg/domain #/switch switch ID followed by Followed by Mapping the VLANs using the CLICfg/domain #/switch #/vlan Dis Delete Cfg/domain #/switch #/vlan/list Domain vlan or Switch vlan menu displaysCfg/domain #/switch #/vlan followed by Add name Vlan ID Managing SSH keys using the CLI Nsnas SSH key menu displays Generating SSH keys for the domain using the CLIFor an Ethernet Routing Switch 5510, 5520, or Cfg/domain #/sshkey Cfg/domain #/sshkey followed by Cfg/domain #/switch #/sshkey/exportNsnas SSH key menu includes the following options Shows sample output for the /cfg/domain #/sshkey command Main# /cfg/domain 1/sshkey Cfg/domain#1/sshkey/export command to Cfg/domain #/switch #/sshkeyCfg/domain #/switch #/sshkey followed by Cfg/domain #/switch #/hlthchk Reimporting the network access device SSH key using the CLIMonitoring switch health using the CLI Enter Apply to apply the change immediately HealthCheck menu includes the following options Cfg/domain #/switch #/hlthchk followed byCfg/domain #/switch #/dis Deadcnt count To add a network access device, use the following steps Managing network access devices using the SremAdding a network access device using the Srem Cfg/domain #/switch #/ena Add a Switch Add a Switch fields Deleting a network access device using the Srem Configuring the network access devices using the Srem Switch Configuration screen appears see Figure Switch Configuration screen 320818-A Switch Configuration fields Mapping the VLANs using the Srem You can perform the Vlan mapping in two ways Mapping VLANs by domain Domain VLANs screen Click Add Add a new Vlan dialog box appears see Figure Adding VLANs to a domainTo add VLANs to a domain, complete the following steps Add a new Vlan fields Removing VLANs from a domain Mapping VLANs by switch Switch VLANs screen Adding VLANs to a switch To add VLANs to a switch, complete the following steps Managing SSH keys using the Srem Removing VLANs from a switch Managing the network access devices Managing the network access devices Generating SSH keys for the domain using the Srem Key Generation screen appears see Figure Exporting SSH keys for the domain using the Srem Switch SSH Key fields Export Key screen appears see Figure Click Apply on the toolbar to begin the export process Export Key fields Managing SSH keys for Nortel SNA communication using Switch SSH Key screen appears see Figure Reimporting the network access device SSH key using the Srem Click Delete Switch SSH Key Monitoring switch health using the SremSwitch SSH Key screen appears see on Click Import SSH from Switch Health Check screen appears see Figure Health Check screen 320818-A Viewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Cfg/domain Configuring the domain using the CLIConfiguring the domain Logging traffic with syslog messages Captive portal Portal look and feel Linksets Details onoff You can create a domain in two ways Creating a domain using the CLIManually creating a domain using the CLI Cfg/domain domain ID 320818-A Cfg/quick Using the Nortel Snas 4050 domain quick setup wizardMain# /cfg/domain Specify the certificate to be used by the portal server Main# cfg/quick Configuring the domain Do you require chain certificates yes/no no Do you want to configure a switch? yes/no noSpecify whether the SSL server uses chain certificates Do you want an http to https redirect server yes/no no Do you want to create a tunnelguard test user? yes/no yes Configuring the domain Cfg/domain #/del Deleting a domain using the CLITo delete a domain, use the following command Cfg/domain domain ID followed by Configuring domain parameters using the CLITo configure the domain, use the following command Pvips IPaddr Httpredir Cfg/domain #/aaa/tg Configuring the TunnelGuard check using the CLITG menu displays TG menu includes the following options Cfg/domain #/aaa/tg followed by Cfg/domain #/aaa/tg/status-quo Using the quick TunnelGuard setup wizard in the CLI Cfg/domain #/aaa/tg/quick Server 1001 menu displays Configuring the SSL server using the CLITunnelGuard quick setup wizard creates a default SRS rule Main# /cfg/domain #/aaa/tg/quick Cfg/domain #/server followed by Tracing SSL traffic using the CLIServer 1001 menu includes the following options Interface ID Output mode Ssldump Tcpdump Cfg/domain #/adv/interface commandCfg/domain #/server/trace followed by Ping host Dnslookup host Configuring SSL settings using the CLISSL Settings menu displays Traceroute host Cert certificate SSL Settings menu includes the following optionsCfg/domain #/server/ssl followed by Index Yes Cachain certificateIndex list Cfg/domain #/server/ssl/protocol Configuring traffic log settings using the CLI Ena Dis Cfg/domain #/server/adv/traflog Traffic Log Settings menu displaysTraffic Log Settings menu includes the following options Cfg/domain #/server/adv/traflog followed by Cfg/domain #/httpredir followed by Configuring Http redirect using the CLICfg/domain #/httpredir Redir onoff Cfg/domain #/adv Configuring advanced settings using the CLICfg/sys/host #/interface command see Cfg/domain #/adv followed by Configuring Radius accounting using the CLI Cfg/domain #/aaa/radacct Managing Radius accounting servers using the CLIRadius Accounting Servers menu displays Cfg/domain #/aaa/radacct followed by Cfg/domain #/aaa/radacct/servers followed by Cfg/domain #/aaa/radacct/vpnattribu VPN Attribute menu displaysNSNAS-Portal-ID Cfg/domain #/aaa/radacct/vpnattribu followed by Configuring the domain using the SremVPN Attribute menu includes the following options Vendorid Creating a domain using the Srem Manually creating a domain using the Srem Secure Access Domain Table screen 320818-A Add a Secure Access Domain Add a Secure Access Domain fields Using the Srem Domain Quick Wizard Configuring the domain Click Next Domain Quick Wizard General Settings fieldsClick Domain Quick Wizard Domain Quick Wizard Certificate Domain Quick Wizard Certificate fields Organization name and do not use any of the following Domain Quick Wizard Certificate Chain Domain Quick Wizard Certificate Chain fields Domain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Server fields Domain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Switch fields Domain Quick Wizard Tunnel Guard dialog box appears see Domain Quick Wizard Tunnel Guard fields Deleting a domain using the Srem To delete a domain, perform the following steps Configuring domain parameters using the Srem To configure a domain, perform the following steps Domain Configuration fields Additional domain configuration tabs Additional domain configuration in the SremDomain domain Configuration screen Additional domain tree components Component Description Configuring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup screen appears see Figure TunnelGuard Quick Setup fields Configuring the SSL server using the Srem Server Configuration screen 320818-A Server Configuration fields Configuring SSL settings using the Srem Server SSL Settings screen 320818-A Server SSL Settings fields ALL@STRENGTH Configuring traffic log settings using the Srem Configuring the domain Server SSL Settings fields Traffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Configuring Http redirect using the Srem Tracing SSL traffic using the Srem Http Redirect screen 320818-A Configuring Radius accounting using the Srem Http Redirect fields Configuring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Radius accounting Configuration fields Managing Radius accounting servers using the SremAdding a Radius accounting server using the Srem Radius Accounting Servers screen appears see Figure Radius Accounting Servers screen Moving a Radius accounting server using the Srem Radius Accounting Server fields Deleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles Groups Configuring groups and profilesOverview This section includes the following topics Default group Linksets TunnelGuard SRS rule Extended profiles Configuring groups and extended profiles using the CLI Create the SRS rules see TunnelGuard SRS Builder on Roadmap of group and profile commands Cfg/domain 1/aaa/group group ID Configuring groups using the CLITo create and configure a group, use the following command Extend profile ID Cfg/domain 1/aaa/group # followed byRestrict Main# /cfg/domain 1/AAA/group Tgsrs SRS rule nameComment comment Configuring client filters using the CLI Cfg/domain 1/aaa/filter filter ID Tg truefalseignore Client Filter menu includes the following optionsCfg/domain 1/aaa/filter filter ID followed by Cfg/domain 1/aaa/group group IDgroup name/extend Configuring extended profiles using the CLIMain# /cfg/domain 1/AAA/filter Filter name Extended Profile menu includes the following optionsCfg/domain 1/aaa/group #/extend # followed by Vlan name Main# cfg/domain 1/aaa/group 2/extend Cfg/domain 1/aaa/group #/extend #Linkset Del Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow Cfg/domain 1/aaa/group #/extend #/linkset Mapping linksets to a group or profile using the CLICfg/domain 1/aaa/group #/linkset Cfg/domain 1/aaa/group #/extend #/linkset followed by Linksets# insert 2 example3 Main# cfg/domain 1/aaa/group 1/linksetLinksets# add example2 Configuring groups using the Srem Configuring groups and extended profiles using the SremCreating a default group using the CLI This section contains the following topics Using the guide for creating groups Click a Guide to Create a Group on the toolbar Adding a group Groups screen 320818-A Click Add Add a Group dialog box appears see Figure Add a Group fields Modifying a group To configure a group, perform the following stepsGroup Configuration screen appears see Figure Configuring client filters using the Srem Group Configuration fields Adding a client filter Client Filters screen appears see Figure Click Add Add a Client Filter dialog box appears see Figure Add a Client Filter fields Sheet 1 Check using the Srem on Modifying a client filter To configure a client filter, perform the following stepsClient filter Configuration screen appears see Figure Client Filters configuration fields Configuring extended profiles using the Srem Adding an extended profile Extended Profiles screen appears see Figure Add an Extended Profile screen Add an Extended Profile fields Extended profiles Configuration screen appears see Figure Modifying an extended profile Mapping linksets to a group or profile using the Srem Extended Profile Configuration fields Mapping linksets to a group Linksets screen for a group Add a Linkset fields Adding linksets to a groupTo add a linkset to a group, perform the following steps Removing linksets from a group Reordering linksets in a group Mapping linksets to a profile Linksets screen for an extended profile Adding linksets to an extended profile Removing linksets from an extended profile Reordering linksets in an extended profile Creating a default group using the Srem AAA Configuration screen 320818-A AAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Roadmap of authentication commands Cfg/domain 1/aaa Command Configuring authentication methods using the CLI Cfg/domain 1/aaa/auth auth ID Display Cfg/domain 1/aaa/auth auth ID followed byRadiusldaplocal Local accesses the Local database menu Cfg/domain 1/aaa/auth #/adv followed by Configuring Radius authentication using the CLICfg/domain 1/aaa/auth #/adv Groupauth auth IDs Adding the Radius authentication method using the CLI You can perform the following configuration tasks Configuring authentication Cfg/domain 1/aaa/auth #/radius Modifying Radius configuration settings using the CLIMain# /cfg/domain 1/aaa/auth Cfg/domain 1/aaa/auth #/radius followed by Type Radius servers menu displays Managing Radius authentication servers using the CLITimeout interval Sessiontim Radius servers menu includes the following options Cfg/domain 1/aaa/auth #/radius/servers followed by Cfg/domain 1/aaa/auth #/radius/sessiontim Configuring Ldap authentication using the CLIConfiguring session timeout using the CLI Adding the Ldap authentication method using the CLI Configuring authentication Modifying Ldap configuration settings using the CLI Cfg/domain 1/aaa/auth #/ldap Do not use the isdbinddn and isdbindpas Ldap menu displays Ldap menu includes the following optionsCfg/domain 1/aaa/auth #/ldap followed by Userattr names SAMAccountName=bill . The user’s loginIsdbindpas password Ou=Users, dc=example, dc=com . Activedire Enaldaps truefalseEnauserpre truefalse Managing Ldap authentication servers using the CLI Cfg/domain 1/aaa/auth #/ldap/servers Removes the specified Ldap server from the current Cfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Managing Ldap macros using the CLICfg/domain 1/aaa/auth #/ldap/ldapmacro Prefix suffix Add variable nameLdap attribute Variable name Active Directory Settings menu displays Managing Active Directory passwords using the CLISet the Active Directory settings using Cfg/domain 1/aaa/auth #/ldap/activedire command Configuring local database authentication using the CLI Configuring authentication Authentication menu commands local database Local database menu displays Managing the local database using the CLIYou can add users to the database in two ways Cfg/domain 1/aaa/auth #/local Cfg/domain 1/aaa/auth #/local followed by Cur group commandLocal database menu includes the following options TAB or use the /cfg/domain 1/aaa Import protocol Server filename key Specifying authentication fallback order using the CLI Export protocol Cfg/domain 1/aaa/authorder auth ID,auth ID Main# /cfg/domain 1/aaa/authorder Configuring authentication using the Srem Configuring authentication methods using the Srem Authentication Server Table appears see Figure Configuring Radius authentication using the Srem Add an Authentication Server Radius 320818-A Adding the Radius method and server Modifying Radius configuration Add an Authentication Server Radius fields Modifying Radius method settings Configuration 320818-A Configuration fields Modifying Radius configuration settings Radius Configuration screen appears see Figure Radius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Adding a Radius server Add a Radius Server fields Removing a Radius server Configuring authentication Add a Radius Server fieldsReordering additional Radius servers Configuring Ldap authentication using the Srem Next steps Add an Authentication Server Ldap fields Adding the Ldap method and server Modifying Ldap configuration Modifying Ldap method settings Configuration fields Modifying Ldap configuration settings Ldap Configuration screen appears see Figure Ldap Configuration fields Ou=Users, dc=example, dc=com. The user Cn=Users, dc=example, dc=com Configuring authentication Ldap Configuration fields Active Directory, on Managing additional Ldap servers Add an Ldap Server fields Adding an Ldap serverClick Apply Reordering additional Ldap servers Removing an Ldap server Managing Ldap macros Ldap Macros Adding Ldap macros Add an Ldap Macro fields Reordering Ldap macros Removing Ldap macros Configuring local database authentication using the Srem Populate the database see Populating the database on Adding the Local method Add an Authentication Server Local fields Database on You can populate the Local database in two ways Populating the databaseAdding users to the local database Local Users screen appears see Figure Click Add Add a Local User dialog box appears see Figure Add a Local User fields Configuring authentication Importing a database Import Local User Database 320818-A Modifying Local database configuration Import Local User Database fields Modifying Local method settings Modifying local users Local Users screen appears see on Local Users Configuration 320818-A Modifying local user passwords Local Users Configuration fields Select the Local User Configuration tab Local Users Local User Configuration 320818-A Local Users Local User Configuration fields Exporting the database Export Local User Database 320818-A Export Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder TunnelGuard SRS Builder Configuring SRS rulesTunnelGuard user interface \tunnelguard\tg.txt Software Definition menu Menu commandsFile menu Describes important items from the File menu Software Definition Entry menu Software Definition Entry menu items Sheet 1 Describes important items from the TunnelGuard Rule menu TunnelGuard Rule menuTool menu Describes important items from the Tool menu SRS definition toolbar SRS Definition toolbar item descriptions SRS Components table items Software Definition Available SRS listSRS Components table Customizing a component WINNT%\xxx.dll SRS Rule toolbar Memory snapshotTunnelGuard Rule Definition screen Memory snapshot item descriptions Available Expression list SRS Rule listSRS Rule Expression Constructor Rule Expression Constructor Managing TunnelGuard rules and expressions Creating a software definition Adding entries to a software definition Selecting modules or files from running processes Create New Memory Module SRS window For more information, see Making API calls on Selecting file on disk Select the TunnelGuard Rule Definition tab Create New on Disk SRS Entry window Creating logical expressions Click the TunnelGuard Rule Definition tab TunnelGuard Rule Definition tab Click the Form TunnelGuard Rule Expression button Available Expressions screen New SRS Rule window TunnelGuard Rule Name screen Registry-based rules Registry-only SRS entry Describes supported operands for integer values Supported integer operands Constructs for string based regular expressions Sheet 1 String regular expression Description Creating a registry entry TunnelGuard SRS Builder Registry Entry Registry-based File/ModuleEnter the Key Value Data Expression Manually creating SRS entries Manually creating an OnDisk file entry Create new OnDisk SRS Entry Manually creating a Memory Module entry Create New Memory Module SRS Entry page opens see on Create new Memory Module SRS entry File age check TunnelGuard SRS Builder Date/Time Range Adding commentsAdding a TunnelGuard rule comment Deleting SRS rules and their components Adding a software definition comment Deleting a TunnelGuard rule Deleting a software definitionDeleting a software definition entry Deleting an expression TunnelGuard support for API calls Making API calls TunnelGuard SRS Builder 320818-A Chapter Managing system users and groups Group membership and user rights User rights and group membershipManaging system users and groups Cfg/sys/user Managing system users and groups using the CLIRoadmap of system user management commands Cfg/sys/user followed by Managing user accounts and passwords using the CLIUser menu displays User menu includes the following options Del username Add username Caphrase Managing user settings using the CLIEdit username Password confirm User password Managing user groups using the CLIPassword user Cfg/sys/user/edit username This section includes the following detailed examples CLI configuration examplesAdding a new user Cfg/sys/user/edit username/groups Access the User Menu Main# /cfg/sys/user User# edit certadmin Apply the changes Verify and apply the changes User# edit admin Changing a user’s group assignment Changing passwords Changing your own password Changing another user’s password Type the password command to initialize the password change Deleting a user To manage users, choose from one of the following tasks Managing system users and groups using the SremManaging user accounts using the Srem User Table Adding new user accounts Click Add Add a User dialog box appears see Figure Add a User fields Removing existing user accountsTo remove an existing user, perform the following steps Setting password expiry using the Srem Password Setting 320818-A Password Settings fields Changing your password using the Srem Change Your Password 320818-A Only the admin user can change the passwords of other users Changing another user’s password using the SremClick Change Password Change Your Password fields Change User Password 320818-A Setting the certificate export passphrase using the Srem Change User Password fields Set Certificate Export PassPhrase screen appears see Figure Set Certificate Export PassPhrase 320818-A Set Certificate Export PassPhrase fields Managing user groups using the SremClick Set Pass Phrase To add a new user group, perform the following steps Adding a user groupChoose from the following tasks to manage users groups Add a User Group fields Removing a user groupClick Add Add a User Group dialog box appears see Figure Managing system users and groups Chapter Customizing the portal and user logon Captive portal and Exclude List Customizing the portal and user logon Exclude List Allowed regular expressions and escape sequences String Usage Expressions Portal display Portal look and feel Default appearance Colors Common colors, with hexadecimal codes Sheet 1 Color Hexadecimal code Language localization Content-Type text/plain charset=iso-8859-1/n Linksets and links Autorun linksets Planning the linksets Macros Examples of redirection URLs and link text Sheet 1 Automatic redirection to internal sitesExamples of redirection URLs and links Managing the end user experience Automatic JRE upload Windows domain logon script Customizing the portal and logon using the CLIRoadmap of portal and logon configuration commands Number Color2 code DNS Exclude menu displays Configuring the captive portal using the CLIConfiguring the Exclude List using the CLI Cfg/domain 1/dnscapt Cfg/domain 1/dnscapt/exclude followed by Changing the portal language using the CLIDNS Exclude menu includes the following options Cfg/lang Configuring language support using the CLILanguage Support menu displays Cfg/lang followed by Cfg/lang/import commandLanguage Support menu includes the following options Server filename Cfg/domain 1/portal/lang followed by Setting the portal display language using the CLICfg/domain 1/portal/lang Cfg/domain 1/portal/lang/list Cfg/domain 1/portal Configuring the portal display using the CLIRestore Cfg/domain 1/portal followed by Logintext text Redirect URL Linkcols columns Linktext textLinkurl onoff Linkwidth width Cfg/domain 1/portal/colors Changing the portal colors using the CLIPortal Colors menu displays Cfg/domain 1/portal/content Configuring custom content using the CLIPortal Custom Content menu displays Portal Colors menu includes the following options Tftpftpscpsftp. The default is tftp Portal Custom Content menu includes the following optionsCfg/domain 1/portal/content followed by Available Configuring linksets using the CLI Cfg/domain 1/linkset linkset ID Text text Linkset menu includes the following optionsCfg/domain 1/linkset linkset ID followed by Autorun truefalse Configuring links using the CLI Cfg/domain 1/linkset linkset ID/link index Move new index Link menu includes the following optionsCfg/domain 1/linkset linkset ID/link index followed by Cfg/domain 1/linkset linkset ID/link index/ external/quick Configuring external link settings using the CLIConfiguring FTP link settings using the CLI Cfg/domain 1/linkset linkset ID/link index/ ftp/quick Enabling DNS capture Customizing the portal and logon using the SremConfiguring the captive portal using the Srem DNS Capture screen includes the following components DNS Capture fields Add DNS Domain fields Configuring the DNS Exclude List using the SremClick Add Entry appears in the DNS Exclude List Changing the portal language using the Srem Languages sub-tabs appear see Figure Configuring language support using the SremSelect the System Language tab Choose from one of the following tasks Viewing and removing custom languages To view custom languages, use the following procedureViewing predefined languages Import/Export Definition screen appears see Figure Importing and exporting language definitionsClick the Import/Export Definition tab Import/Export Definition fields Setting the portal display language using the Srem Configuring the portal display using the Srem Language fields Configuring content Portal Configuration tab appears see Figure Portal Configuration fields Sites, see on Importing banners Import Banner screen 320818-A Import Banner fields Changing the portal colors using the Srem Color Settings screen 320818-A Color Settings fields Configuring custom content using the Srem Viewing basic information about custom content Basics screen appears see Figure Basics fields Import Content screen appears see Figure Importing custom contentTo import custom content, perform the following steps Import Content fields Export Content screen appears see Figure Exporting custom contentTo export custom content, perform the following steps Configuring linksets using the Srem Export Content fields Portal Links screen appears see Figure Creating a linksetTo create a linkset, perform the following steps Click Add Add a Linkset dialog box appears see Figure Add a Linkset To modify a linkset, perform the following steps Linkset Configuration screen appears see FigureModifying a linkset Linkset Configuration fields See Linksets and links on Configuring links using the Srem Links screen appears see Figure Creating an external link using the SremTo create an external link, perform the following steps Click Add Add a Portal Link dialog box appears see Figure Add a Portal Link fields Creating an FTP link using the Srem To create an FTP link, perform the following steps Add a Portal Link FTP Add a Portal Link FTP fields To modify a link, perform the following steps Modifying external link settings using the SremExternal link Configuration screen appears see Figure External link Configuration fields Reordering links using the Srem on Modifying FTP link settings using the Srem FTP link Configuration screen appears see Figure Reordering links using the Srem FTP link Configuration fields Re Order Links screen appears see Figure Re Order Links fields Customizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Configuring the cluster using the CLI Cfg/sys Roadmap of system commands Parameter Health interval Show Rsa server ID Configuring system settings using the CLICfg/sys followed by Cfg/domain #/server/trace/tcpdump Configuring the Nortel Snas 4050 host using the CLICfg/domain #/server/trace/ssldump Cfg/sys/host host ID /cfg/sys/host #/interface # Cluster Host menu includes the following optionsCfg/sys/host host ID followed by Interface number Hwplatform PortsPorts = 1,23 Halt Cfg/sys/host #/delete RebootCfg/sys/cur command Cfg/sys/host host ID/interface interface ID Configuring host interfaces using the CLIViewing host information Cfg/sys/host #/interface interface ID Mode Cfg/sys/host #/interface interface ID followed byVlanid tag Failovertrunking Cfg/sys/routes Configuring static routes using the CLIPrimary port Cfg/sys/host host ID/routes Add IPaddr mask Configuring host ports using the CLICfg/sys/host #/interface #/routes followed by Gateway Cfg/sys/host #/port port followed by Managing interface ports using the CLIHost Port menu includes the following options Cfg/sys/host #/interface interface ID/ports Cfg/sys/accesslist Configuring the Access List using the CLICfg/sys/host #/ports command see Interface Ports menu includes the following options Date and Time menu displays Configuring date and time settings using the CLICfg/sys/accesslist followed by Add IPaddr mask NTP Servers menu displays Managing NTP serversDate and Time menu includes the following options Cfg/sys/time followed by Cfg/sys/time/ntp followed by Configuring DNS servers and settings using the CLINTP Servers menu includes the following options Cfg/sys/dns Ttl ttl Retransmit intervalCount count Health interval Cfg/sys/dns/servers followed by Managing DNS serversCfg/sys/dns/servers Move index number new index number Configuring RSA servers using the CLIRSA Servers menu displays Switch Software Release Cfg/sys/rsa Syslog Servers menu displays Configuring syslog servers using the CLIRSA Servers menu includes the following options Cfg/sys/rsa followed by Facility Syslog Servers menu includes the following optionsCfg/sys/syslog followed by Syslog.conf under Unix Cfg/sys/adm Configuring administrative settings using the CLIAdministrative Applications menu displays Cfg/sys/adm followed by Auth SrsadminAudit Telnet onoff Cfg/sys/adm/srsadmin Enabling TunnelGuard SRS administration using the CLIConfiguring Nortel Snas 4050 host SSH keys using the CLI Cfg/sys/adm/srsadmin followed by Draft-ietf-secsh-publickeyfile Cfg/sys/adm/sshkeysCfg/sys/adm/sshkeys followed by Knownhosts SSH Known Host Keys menu includes the following options Managing known hosts SSH keys using the CLISSH Known Host Keys menu displays Cfg/sys/adm/sshkeys/knownhosts About the vendor-specific attributes Configuring Radius auditing using the CLIAbout Radius auditing NSNAS-SSL-Audit-Trail Configuring Radius auditingMap this string to the Vendor-Type value Cfg/sys/adm/audit Radius Audit Servers menu includes the following options Managing Radius audit servers using the CLIRadius Audit Servers menu displays Cfg/sys/adm/audit/servers Adds a Radius audit server to the configuration. You Configuring authentication of system users using the CLI Cfg/sys/adm/auth Cfg/sys/adm/auth/servers Radius Authentication Servers menu displaysFallback onoff Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem System Configuration screen appears see Figure Configuring system settings using the SremSelect the System Configuration tab Configuring a Nortel Snas 4050 host using the Srem System Configuration fields Hosts Viewing and configuring TCP/IP properties Host Viewing and installing host licenses Host fields Viewing global licenses for all hosts Describes the Global Licenses fields Global Licenses fields Viewing per domain licenses for all hosts Describes the Per Domain Licenses fields Per Domain Licenses fields Viewing installed licenses for a particular host Installing a license for a particular host Install New License Configuring host interfaces using the Srem To continue, choose one of the following procedures Select the System Hosts host Interfaces tab Adding a host interfaceTo create a host interface, perform the following steps Add an Interface fields Configuring system settings Add an Interface fields Click Apply New interface appears in the Interfaces table Configuring an existing host interface Interface fields Link is transferred back to the primary port To delete a host interface, perform the following steps Configuring static routes using the SremRemoving a host interface Viewing static routes for a cluster IP Routes Viewing static routes for a host Routes Viewing static routes for an interface Managing static routes Adding a static route Add Route fields Removing a static route Configuring host ports using the Srem Ports Port Port fields Managing interface ports using the Srem Add a Port fields Adding interface portsRemoving interface ports Configuring the access list using the Srem Select the System Access List tab Adding an access list entryAccess List Table appears see Figure Access List Table appears see on Click Add Add Access Host fields Removing an Access List entryAdd Access Host dialog box appears see Figure Managing date and time settings using the Srem Date & Time Date & Time fields Configuring the date and time settingsSelect the System Date & Time tab Add NTP Server fields Adding an NTP serverSelect the System Date and Time tab Removing an NTP server DNS Client Settings screen appears see Figure Configuring DNS settings using the SremSelect the System DNS Client Settings tab DNS Client Settings fields Configuring servers using the Srem Managing syslog servers Click Add Add Syslog Server dialog box appears see Figure Adding a new syslog serverFrom this screen, complete the following tasks as necessary Add Syslog Server fields Reordering a new syslog server Removing an existing syslog server Adding a DNS server on Removing an existing DNS server on Add DNS Server fields Adding a DNS serverSelect the System Servers DNS Servers tab Removing an existing DNS server Managing RSA servers RSA Server Table Select the System Servers RSA Server Table tab To configure RSA servers, perform the following stepsAdding an RSA server Add RSA Server fields Removing an existing RSA server Removing the RSA node secret Describes the RSA Server fields RSA Server fields Select an RSA server from the RSA Server Table Importing sdconf.recClick Remove Secret Node Select the Import sdconf.rec tab Import sdconf.rec screen appears see Figure Configuring administrative settings using the Srem Import sdconf.rec fields Configuring SRS control settings using the Srem Add SSH Key fields Configuring Nortel Snas 4050 host SSH keys usingSelect from one of the following tasks Showing SSH keys Show SSH Keys Configuring system settings Managing Nortel Snas 4050 and known host SSH keys Click Generate SSH Keys SSH Keys Hosts field Adding an SSH key for a known host using the Srem Add SSH Key Managing Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Configuring Radius audit settings using the Srem Radius audit Configuration Describes the Add Audit Configuration fields Add Audit Configuration fields Managing Radius audit servers using the Srem Select from the following tasks to manage the audit servers Add Audit Server fields Adding a new Audit ServerClick Add Add Audit Server dialog box appears see Figure Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Managing Radius authentication servers using the Srem Radius Server Table appears see Figure Adding a Radius authentication server Add Radius Server fields Removing an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Key and certificate formats Supported key and certificate formats Sheet 1 320818-A Installing certificates and keys Creating certificates Saving or exporting certificates and keys Updating certificates Managing private keys and certificates using the CLI Roadmap of certificate management commands Cfg/cert cert ID followed by Managing and viewing certificates and keys using the CLICfg/cert cert id /cfg/cert #/show command Phrase Generating and submitting a CSR using the CLICert #/export command Cfg/cert #/request CSR information IPip-address Emailemail-address Email Address tester@dummyssltesting.com Generating a CSR Save the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Lines Entire contents of the key, includingAdd the certificate Enter the following command Cfg/cert #/cert Adding a certificate by pasting Certificate added Certificate 2# apply Cfg/cert #/key Adding a private key to the Nortel Snas 4050 using the CLIAdd the private key Enter the following command Adding a private key by pasting Cfg/cert #/import Certificate and key import information Admin@hostname.isd Anonymous Displaying or saving a certificate and key using the CLI Cfg/cert #/display Copy the private key, certificate, or both, as required Displaying a private key and certificate Cfg/cert #/export Certificate and key export information About the formats, see Key and certificate formats on Generating a test certificate using the CLI Cfg/cert #/test Managing private keys and certificates using the Srem Viewing certificates using the Srem Certificates screen Select the Certificates Certificates tab Creating a certificate using the SremTo create a certificate, perform the following steps Add a Certificate Component fields Managing certificates Generating and submitting a CSR using the Srem To generate a CSR, perform the following steps CA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Displaying or saving a certificate and key using the Srem Import Certificate fields Display Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing certificate information using the Srem Viewing configuration details Certificate Configuration fields Configuration screen appears see FigureDescribes the certificate Configuration fields Managing certificates Certificate Configuration fields Viewing general information Info fields Info screen appears see FigureDescribes the Info fields Viewing certificate subject settings Managing certificates Info fields Subject fields Subject screen appears see FigureDescribes the Subject fields Managing certificates Subject fields Chapter Configuring Snmp Cfg/sys/adm/snmp Configuring Snmp using the CLIConfiguring Snmp Roadmap of Snmp commands Configuring Snmp settings using the CLI Snmp menu displays Snmp menu includes the following options Cfg/sys/adm/snmp/snmpv2-mib Configuring the Snmp v2 MIB using the CLISNMPv2-MIBmenu displays Cfg/sys/adm/snmp/snmpv2-mib followed by Configuring the Snmp community using the CLISNMPv2-MIBmenu includes the following options Cfg/sys/adm/snmp/community Configuring SNMPv3 users using the CLI Cfg/sys/adm/snmp/users user ID Md5 Sha Des Aes Snmp User menu includes the following options Cfg/sys/adm/snmp/users user ID followed by Cfg/sys/adm/snmp/target target ID Configuring Snmp notification targets using the CLINotification Target menu displays Event menu displays Configuring Snmp events using the CLINotification Target menu includes the following options Version v1v2cv3 Options -b name Event menu includes the following optionsCfg/sys/adm/snmp/event followed by OID op value Event Options -t nameOID value Comment name Options -x nameOID Notification Configuring Snmp settings using the Srem This section contains information about the following topics Configuring Snmp using the Srem To configure SNMP, perform the following steps Snmp Configuration fields Sonmp Configuring Snmp targets using the Srem Snmp Target Table appears see Figure Adding Snmp targetsTo add an Snmp target, perform the following steps Click Add Add Snmp Target dialog box appears see Figure Add Snmp Target 320818-A Snmp Target fields To manage Snmp targets, perform the following steps Target Settings screen appears see FigureManaging Snmp targets Removing Snmp targets Configuring SNMPv3 users using the Srem SNMPv3 User Table appears see Figure Adding SNMPv3 usersTo add an SNMPv3 user, perform the following steps Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User 320818-A Add SNMPv3 User fields User Settings screen appears see Figure Managing SNMPv3 users User Settings fields Sheet 1 Configuring Snmp User Settings fields Sheet 2 Removing SNMPv3 users To manage monitor events, select from the following tasks Configuring Snmp events using the SremManaging monitor events Adding monitor events To add monitor events, perform the following steps Viewing configuration details of monitor events Add a Monitor fields To delete a monitor event, perform the following steps Removing monitor eventsBoolean monitors Add a Monitor Boolean Boolean monitor fields Sheet 1 Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitors Threshold monitor fields Existence monitors Existence monitor fields Sheet 1 Managing notification events Existence monitor fields Sheet 2 Notification Table screen appears see Figure Adding notification eventsTo add notification events, perform the following steps Add a Notification Event Add a Notification Event fields Removing notification events To delete a notification event, perform the following steps 659 Info Roadmap of information and statistics commandsViewing system information and performance statistics Stats Viewing system information using the CLI Information menu displays Domain ID Information menu includes the following optionsInfo followed by Kick domain ID SwitchidInfo/mac command Username Mac MACaddr Info/ip commandSwitch ID Username-prefix Local Ethernet Info/events Viewing alarm events using the CLITo view active alarms, use the following command Info/events followed by To view and download log files, use the following command Viewing log files using the CLIViewing AAA statistics using the CLI Logs menu displays Logs menu includes the following options Total Stats/aaaStats/aaa followed by Isdhost host ID Main# stats/aaa/dump Stats/dump Viewing all statistics using the CLIViewing local information using the Srem Information fields Information screen appears see FigureDescribes the Information fields Viewing cluster information using the Srem Viewing the controller list using the Srem Describes the Controller List fields Controller List fields Viewing Sonmp topology information using the Srem Describes the Sonmp State fields Sonmp State fields Viewing switch distribution using the Srem Switch Distribution fields Viewing port information using the SremDescribes the Switch Distribution fields Describes the Port Information fields Port Information fields Sheet 1 Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Viewing active sessions using the Srem Sessions screen Describes the Sessions parameters Sessions parameters Viewing details for a particular session Session Properties screen Ending active user sessions Describes the Session Properties parameters Click KickOut KickOut User fields Number of Sessions fields Viewing the number of active sessions using the SremDescribes the Number of Sessions fields Viewing alarms using the Srem Viewing active alarms using the Srem Active Alarms screen 320818-A Describes the Active Alarms fields Active Alarms fields Downloading alarms using the Srem Download Alarms screen 320818-A Download Alarms fields Managing log files using the SremDescribes the Download Alarms fields Viewing the log list using the Srem Logs screen Download fields Sheet 1 Downloading log files using the SremDescribes the Download fields Viewing AAA statistics using the Srem Viewing AAA statistics for a host Hosts table License tab opens see on License statistics Sheet 1 Viewing License statisticsFor a description of the fields, seeTable Viewing Radius statistics Radius statistics 320818-A Radius statistics Viewing Local database statistics Local DB statistics Sheet 1 Viewing Ldap statistics Ldap statistics Viewing AAA statistics for the domain Statistics table Select one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license For a description of the fields, see Table Viewing Radius Statistics Sheet 1 320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table Viewing Rx statistics Sheet 1 Viewing Rx statisticsFor a description of the fields seeTable Rx Frames Displays number of errors due to malformed packets Viewing Tx statistics Viewing Tx Statistics Sheet 1 Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Maint Managing and maintaining the system using the CLIMaintaining and managing the system Roadmap of maintenance and boot commands Boot Performing maintenance using the CLI Maintenance menu displays Maintenance menu includes the following options Dumplogs protocol server filename all-isds? Maint followed by All-isds? Mode Starttrace tagsDomain ID output Stoptrace Backing up or restoring the configuration using the CLI Cfg/dump passphrase Ptcfg protocol Configuration menu backup and restore commandsCfg Server filename passphrase Passphrase Cfg followed byGtcfg protocol Dump passphrase Boot followed by Managing Nortel Snas 4050 devices using the CLIBoot menu displays Boot menu includes the following options Software Cfg/sys/host #/delete command Cfg/sys/host #/reboot command insteadCfg/sys/host #/delete command see Boot/software Software Management menu includes the following options Boot/software followed byActivate command Activate version Upgradecomplete.pkg Managing and maintaining the system using the SremPerforming maintenance using the Srem Ftp 10.0.0.1 pub/SSL-5.1.1 Dumping logs and status information using the Srem Dumps Dump fields Starting and stopping a trace using the SremClick Dump To start or stop a trace, perform the following steps Start/Stop Trace fields Checking configuration using the Srem Click Check Configuration Backing up or restoring the configuration using the Srem Backup & Restore 320818-A Backup & Restore fields If you later restore the configuration, the Certificate Managing software versions using the Srem Image List Image List fields Describes the Image List fieldsFollowing tasks are available from this screen Select the System Boot Image List tab Viewing details of the active software image Activating a software image Downloading images using the Srem Removing an inactive software image Maintaining and managing the system Rebooting or deleting a Nortel Snas 4050 device using Download Image fields Reboot/Delete ISD Options Downloading files using the Srem File Download fields File Download screen appears see FigureDescribes the File Download fields Running Nortel Snas 4050 diagnostics using the Srem Maintaining and managing the system File Download fields Describes the Diagnostics fields Diagnostics fields Maintaining and managing the system 320818-A Chapter Upgrading or reinstalling the software Upgrading the Nortel Snas Performing minor and major release upgrades Upgrading or reinstalling the software Downloading the software image using the CLI Enter the host name or IP address of the server Activating the software upgrade package Admin@hostname/IP.isd Nsnas At the Software Management# prompt, enter Log in again and verify the new software version Reinstalling the software Before you begin Upgrading or reinstalling the software Reinstalling the software from an external file server Alteon WebSystems, Inc Booting LoginRestarting Restarting system Run install-nsnas isd4050 Reinstalling the software from a CDWhen the installation is complete, remove the CD and reboot Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Establishing a console connection Connecting to the Nortel SnasCommand Line Interface Requirements ProcedureConsole configuration parameters Enabling and restricting Telnet access Establishing a Telnet connection Running Telnet Establishing a connection using SSHEnabling and restricting SSH access Running an SSH client Accessing the Nortel Snas 4050 cluster For more information, see How to get help on User access levels Idle timeout CLI Main Menu or SetupCommand line history and editing Command Line Interface On page 780 illustrates the network configuration Scenario Configuration example Network devices Sheet 1 VLANs for the Ethernet Routing Switch Summarizes the VLANs for the Ethernet Routing SwitchConfiguration example Network devices Sheet 2 Configure the network DNS server Steps Configure the network Dhcp server Create a new Dhcp scope see Figure Naming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Enter the IP address of the DNS server see Figure Specifying the DNS server Configure the network core router Shows the Dhcp scopes created for use in this example Configure the Ethernet Routing Switch 8300 using the CLI Steps Configuring the Red, Yellow, and Green VLANs Configuring the Nortel Snas 4050 pVIP subnetConfiguring the VoIP VLANs Enabling SSH Enabling Nsna globally Configuring the Nsna uplink filterConfiguring the Nsna ports Add the uplink port Configure the Ethernet Routing Switch Setting the switch IP address 5510-48Tconfig#nsna nsnas 10.40.40.0/24 Configuring SSH5510-48Tconfig# ssh 5510-48Tconfig#nsna vlan 240 color voip 5510-48Tconfig-if#exit Configure the Nortel SnasConfiguring the login domain controller filters 5510-48Tconfig#nsna enable Performing initial setup 10.40.40.1 Enter a password for the admin user Completing initial setupEnable SRS administration Main# cfg/sys/adm/srsadmin/ena Group 1# /cfg/domain 1/aaa/tg/quick Adding the network access devicesMain# cfg/domain 1/sshkey/generate TG#../group 1/tgsrs srs-rule-test Import the public SSH key from the switch Adding the Ethernet Routing SwitchAdd the switch manually Main# cfg/domain 1/switch 1 Creating Switch Main# cfg/domain 1/switch 1/vlan/add yellow Use the quick switch wizardMain# cfg/domain 1/switch 2/sshkey/import Switch Vlan# ../../vlan/add yellow Switch 2# apply Changes applied successfully Enabling the network access devicesMain# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena Domain Vlan# apply Changes applied successfully Configuration example 320818-A Appendix a CLI reference Using the CLI Global commands Quit PasteExit Netstat Command line history and editing Command line history and editing options Sheet 2 Command stackingYou can use the following CLI command shortcuts CLI shortcuts NTP Servers# ../../dns/servers Command abbreviationTab completion Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l Using a submenu name as a command argument Configuration# cur sys IP addresses Using slashes and spaces in commandsIP address and network mask formats Network masks Variables Variables CLI command reference CLI Main Menu Appendix a CLI reference Certs Information menu commands Sheet 1Information menu Sys Statistics menu Cfg/cert cert ID Name name Configuration menuConfiguration menu commands Sheet 1 Cert Auth #/adv Secondauth auth ID Cfg/domain Name nameAuth ID Radiusldaplocal Auth ID for Ldap Auth #/ldap/activedire Truefalse Cfg/domain #/aaa ServersAuth #/ldap Searchbase Expiredgro Group Passwd user name Auth #/local Password groupCfg/domain #/aaa Add user name Auth #/radius Vendorid vendor ID Auth #/radius Vendortype vendor Profile ID Access rule Number Linkset DelCfg/domain #/aaa Vendorid vendor ID Type Ena Dis Cfg/domain #/aaa Radacct Vpnattribu Group #/extend # Del index numberGroup #/linkset Del index number Ena Dis Cfg/domain #/aaa List Heartbeat interval Cfg/domain #/aaa/tg QuickRecheck interval Cfg/domain #/adv Interface interface Linkset ID Text text RestoreCfg/domain #/linkset Name name Linkset #/link index Text text Colors Color2 code Content Server filenameCfg/domain #/portal Color1 code Lang Charset Protocol Cfg/domain #/server Sysloghost IPaddrAdv/traflog Udpport port Ssl2ssl3ssl23tls1 Switch #/dis Cfg/domain #/switch Name nameSwitch ID Type ERS8300ERS5500 Switch #/ena Cfg/gtcfg protocol Cfg/domain #/vlan Add name Vlan IDPassphrase Passphrase Cfg/lang Import protocol Cfg/sys/adm Snmp Cfg/sys/accesslist ListAdd IPaddr mask Sonmp onoff Cfg/sys/adm/snmp Ena Cfg/sys/adm/auth ListShared secret Versions v1v2cv3 Cfg/sys/adm/snmp Addmonitor Snmpv2-mib SnmpEnableDisabledenabled Cfg/sys/adm/snmp Ip IPaddr Event Options -b name Dis Cfg/sys/adm/sshkeys Generate Cfg/sys/adm/snmp Name nameUsers user ID Seclevel Knownhosts Interface #/ports Del port Mode fullhalf Cfg/sys/host #/routesCfg/sys/dns/servers List Add port Cfg/sys/host # List SysLocatio Cfg/sys/host Ip IPaddrHost ID SysName name Cfg/sys/rsa Rsaname name Password confirm Add IPaddr Cfg/sys/user Password oldPassword new Username Password user Boot Software Boot menuBoot menu commands Reboot Delete Boot/software Cur Maint Dumplogs protocol Maintenance menuMaintenance menu commands All-isds? Chapter Troubleshooting Troubleshooting tips Enable Telnet or SSH access Cannot connect to the Nortel Snas 4050 using Telnet orVerify the current configuration Check the Access List Check the IP address configuration # /cfg/cur sys Cannot add the Nortel Snas 4050 to a cluster Cannot contact the MIP Enter network address IP address Enter netmask network mask Add Interface 1 IP addresses and the MIP to the Access ListMain# /cfg/sys/accesslist/add Console connection Nortel Snas 4050 stops respondingTelnet or SSH connection to the MIP Operator user password User password is lostAdministrator user password Root user password User fails to connect to the Nortel Snas 4050 domain Boot user passwordTrace tools Main# maint/starttrace Sample output for the trace command Tag Description Sample output Network diagnostics System diagnosticsInstalled certificates Main# /stats/dump Cluster Host 1# curMain# /cfg/sys/cur Main# /info/ethernet Active alarms and the events log file Error log files Troubleshooting Appendix B Syslog messages Syslog messages by message type Lists the operating system Critical messages Operating system OS messagesLists the Emerg operating system messages Lists the operating system Emerg messages Operating system messages ErrorSystem Control Process messages Lists the System Control Process Info messages About alarm messagesAlarm severity and syslog level correspondence System control process messages Info System Control Process messages Alarm Alarm System Control Process messages Event Audit/ena commandAbout event messages With /cfg/sys/cur Traffic Processing Subsystem messages Lists the Traffic Processing Error messagesTraffic Processing messages Error Sheet 1 Lists the Traffic Processing Critical messages Css error reason Traffic Processing messages Warning Traffic Processing messages Error Sheet 3Lists the Traffic Processing Warning messages Domain #/server/portal Traffic Processing messages Info Start-up messagesLists the Traffic Processing Info messages AAA subsystem messages Lists the AAA Error messagesAAA messages Error Lists the Start-up Info messages AAA messages Info Sheet 1 Log value Message Category Contains AAA messages Info Sheet 2 Nsnas subsystem messagesThere are two categories of Nsnas subsystem messages Lists the Nsnas Info messages Lists the Nsnas Error messagesNsnas Error Nsnas Info Sheet 1 Nsnas Info Sheet 2 Syslog messages in alphabetical orderLists the syslog messages in alphabetical order Syslog messages in alphabetical order Sheet 1 Sys/adm/audit/ena command Error Nsnas Syslog messages in alphabetical order Sheet 3 Info AAA Error AAA Syslog messages in alphabetical order Sheet 5 Authenticate is set to off Cfg/domain #/server/portal Syslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Supported MIBs Following MIBs are supported by the Nortel Snas Appendix C Supported MIBs ANAifType-MIBSNMPv2-MIB Supported MIBs Sheet 1 Supported MIBs Sheet 2 ALTEON-ISD-SSL-MIB CLI, using the /cfg/sys/adm/snmp/target command Appendix C Supported MIBs Supported MIBs Sheet 3 Describes the traps supported by the Nortel Snas Use the CLI command /cfg/sys/adm/snmp/snmpv2-mibSupported traps Supported traps Appendix C Supported MIBs 320818-A Appendix D Supported ciphers Supported ciphers Appendix D Supported ciphers Install All Administrative Tools Windows 2000 Server Register the Schema Management dll Windows Server Click Start and select Run Nortel Secure Network Access Switch 4050 User Guide Select a Title for the Program page displays Permit write operations to the schema Windows 2000 ServerCreate a shortcut to the console window Nortel Secure Network Access Switch 4050 User Guide Create the new class Add isdUserPrefs attribute to nortelSSLOffload class Add the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Creating the Dhcp options Configuring IP Phone auto-configurationAppendix F Configuring Dhcp to auto-configure IP Phones Dhcp Management Console Predefined Options and Values dialog box opens see Figure Click Add Option Type dialog box opens see on Option Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box displays see Figure Scope Options dialog box Call Server Information string parameter values Setting up the IP Phone Vlan ID Information string parameter valuesPage Configuring the logon script Create the logon script see Creating a logon script on Creating the script as a batch file Using Windows, open a plain text editor, such as NotepadCreating a logon script Assigning the logon script Creating the script as a VBScript file On the Group Policy tab, click Open Double-clickDefault Domain PolicyRight-click the Default Domain Policy and select Edit Appendix H Software licensing information GNU General Public License Appendix H Software licensing information Appendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Symbols Index Index Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index