Manuals / Nortel Networks / Computer Equipment / Network Card

Nortel Networks manual Nortel Snas 4050 functions, Nortel SNA VLANs and filters

Models: 4050

1 922

Download 922 pages 38.09 Kb

Page 34

34Chapter 1 Overview

Nortel SNAS 4050 functions

The Nortel SNAS 4050 performs the following functions:

•Acts as a web server portal, which is accessed by users in clientless mode for authentication and host integrity check and which sends remediation instructions and guidelines to endpoint clients if they fail the host integrity check.

•Communicates with backend authentication servers to identify authorized users and levels of access.

•Acts as a policy server, which communicates with the TunnelGuard applet that verifies host integrity.

•Instructs the network access device to move clients to the appropriate VLAN and, if applicable, to apply additional filters.

•Can be a DNS proxy in the Red VLAN when the Nortel SNAS 4050 functions as a captive portal

•Performs session management.

•Monitors the health of clients and switches.

•Performs logging and auditing functions.

•Provides High Availability (HA) through IPmig protocol.

Nortel SNA VLANs and filters

There are four types of Layer 2 or Layer 3 VLANs in a Nortel SNA network:

•Red — extremely restricted access. If the default filters are used, the user can communicate only with the Nortel SNAS 4050 and the Windows domain controller network. There is one Red VLAN for each network access device.

•Yellow — restricted access for remediation purposes if the client PC fails the host integrity check. Depending on the filters and TunnelGuard rules configured for the network, the client may be directed to a remediation server participating in the Yellow VLAN. There can be up to five Yellow VLANs for each network access device. Each user group is associated with only one Yellow VLAN.

•Green — full access, in accordance with the user’s access privileges. There can be up to five Green VLANs for each network access device.

320818-A

Image 34

Nortel Networks manual Nortel Snas 4050 functions, Nortel SNA VLANs and filters

Contents

Nortel Secure Network Access Switch 4050 User Guide Copyright Nortel Networks Limited 2005. All rights reserved 320818-ANortel Secure Network Access Switch 4050 User Guide LicensingGeneral Contents Managing the network access devices ContentsConfiguring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Before you begin Connect the switch to the networkPreface Text conventions Bold textPlain Courier text Related informationPublications Example Set Trap Monitor FiltersHow to get help OnlinePreface Nortel SNA solution This chapter includes the following topicsSupported users Elements of the Nsna solutionOverview Role of the Nortel Snas Nortel Snas 4050 functions Nortel SNA VLANs and filtersGroups and profiles Authentication methods TunnelGuard host integrity check About SSH Communication channelsCommunication channels in the Nortel SNA network Nortel Snas 4050 clusters RSA DSAOne-armed and two-armed configurations One-armed configuration Two-armed configurationNortel SNA configuration and management tools Illustrates a two-armed configurationNortel Snas 4050 configuration roadmap Configure the network Dhcp serverOverview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup Management IP address About the IP addressesPortal Virtual IP address Login admin Password admin Initial setupLog on using the following username and password Real IP addressSelect the option for a new installation Setup Menu displaysEnter port number for the management interface Enter network mask 255.255.255.0 mask Enter Vlan tag id or zero for no VlanSetup a two armed configuration yes/no no Enter default gateway IP address or blank to skipEnter IP address for this machine on traffic interface Specify the MIP for this device or clusterEnter port number for the traffic interface Enter a timezone or select select timezoneSpecify the DNS server, if applicable Configure the time settingsSpecify the NTP server, if applicable Enter NTP server address or blank to skip IPaddrSpecify the pVIP of the Nortel Snas 4050 device Change the admin user password, if desiredSpecify a name for the Nortel Snas 4050 domain Create http to https redirect server no Settings created by the quick setup wizard Adding a Nortel Snas 4050 device to a cluster Extended profile detailsBefore you begin Joining a cluster Select the option to join an existing clusterEnter network mask 255.255.255.0 mask Enter the existing admin user password password Specify the MIP of the existing clusterSetup successful Login Next stepsApplying and saving the configuration Cfg/dump Applying and saving the configuration using the CLIApplying and saving the configuration using the Srem Cfg/ptcfgApply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Managing network access devices using the CLI Roadmap of domain commandsReset Specify the IP address of the network access device Adding a network access device using the CLIUsing the quick switch setup wizard Cfg/domain 1/quickGo to on Nsna communication port5000Red vlan id of Switch Vlan ID To continue, go to onSwitch menu displays Manually adding a switchCfg/domain #/switch switch ID Deleting a network access device using the CLI Cfg/domain #/switch #/dis Cfg/domain #/switch #/deleteConfiguring the network access devices using the CLI Cfg/domain #/switch switch ID followed by Switch menu includes the following optionsIp IPaddr Followed by Mapping the VLANs using the CLICfg/domain #/switch #/vlan Dis DeleteCfg/domain #/switch #/vlan/list Domain vlan or Switch vlan menu displaysCfg/domain #/switch #/vlan followed by Add name Vlan IDManaging SSH keys using the CLI Nsnas SSH key menu displays Generating SSH keys for the domain using the CLIFor an Ethernet Routing Switch 5510, 5520, or Cfg/domain #/sshkeyNsnas SSH key menu includes the following options Cfg/domain #/switch #/sshkey/exportCfg/domain #/sshkey followed by Shows sample output for the /cfg/domain #/sshkey command Main# /cfg/domain 1/sshkeyCfg/domain #/switch #/sshkey followed by Cfg/domain #/switch #/sshkeyCfg/domain#1/sshkey/export command to Cfg/domain #/switch #/hlthchk Reimporting the network access device SSH key using the CLIMonitoring switch health using the CLI Enter Apply to apply the change immediatelyHealthCheck menu includes the following options Cfg/domain #/switch #/hlthchk followed byCfg/domain #/switch #/dis Deadcnt countTo add a network access device, use the following steps Managing network access devices using the SremAdding a network access device using the Srem Cfg/domain #/switch #/enaAdd a Switch Add a Switch fieldsDeleting a network access device using the Srem Configuring the network access devices using the SremSwitch Configuration screen appears see Figure Switch Configuration screen 320818-ASwitch Configuration fields Mapping the VLANs using the Srem You can perform the Vlan mapping in two waysMapping VLANs by domain Domain VLANs screenClick Add Add a new Vlan dialog box appears see Figure Adding VLANs to a domainTo add VLANs to a domain, complete the following steps Add a new Vlan fieldsRemoving VLANs from a domain Mapping VLANs by switch Switch VLANs screenAdding VLANs to a switch To add VLANs to a switch, complete the following stepsManaging SSH keys using the Srem Removing VLANs from a switchManaging the network access devices Managing the network access devices Generating SSH keys for the domain using the Srem Key Generation screen appears see FigureExporting SSH keys for the domain using the Srem Switch SSH Key fieldsExport Key screen appears see Figure Click Apply on the toolbar to begin the export process Export Key fieldsManaging SSH keys for Nortel SNA communication using Switch SSH Key screen appears see FigureReimporting the network access device SSH key using the Srem Click Delete Switch SSH Key Monitoring switch health using the SremSwitch SSH Key screen appears see on Click Import SSH from SwitchHealth Check screen appears see Figure Health Check screen 320818-AViewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Configuring the domain Configuring the domain using the CLICfg/domain Logging traffic with syslog messages Captive portal Portal look and feel LinksetsDetails onoff You can create a domain in two ways Creating a domain using the CLIManually creating a domain using the CLI Cfg/domain domain ID320818-A Main# /cfg/domain Using the Nortel Snas 4050 domain quick setup wizardCfg/quick Specify the certificate to be used by the portal server Main# cfg/quickConfiguring the domain Do you require chain certificates yes/no no Do you want to configure a switch? yes/no noSpecify whether the SSL server uses chain certificates Do you want an http to https redirect server yes/no noDo you want to create a tunnelguard test user? yes/no yes Configuring the domain To delete a domain, use the following command Deleting a domain using the CLICfg/domain #/del Cfg/domain domain ID followed by Configuring domain parameters using the CLITo configure the domain, use the following command Pvips IPaddrHttpredir Cfg/domain #/aaa/tg Configuring the TunnelGuard check using the CLITG menu displays TG menu includes the following options Cfg/domain #/aaa/tg followed byCfg/domain #/aaa/tg/status-quo Using the quick TunnelGuard setup wizard in the CLI Cfg/domain #/aaa/tg/quickServer 1001 menu displays Configuring the SSL server using the CLITunnelGuard quick setup wizard creates a default SRS rule Main# /cfg/domain #/aaa/tg/quickCfg/domain #/server followed by Tracing SSL traffic using the CLIServer 1001 menu includes the following options Interface IDOutput mode SsldumpTcpdump Cfg/domain #/adv/interface commandCfg/domain #/server/trace followed by Ping hostDnslookup host Configuring SSL settings using the CLISSL Settings menu displays Traceroute hostCert certificate SSL Settings menu includes the following optionsCfg/domain #/server/ssl followed by IndexYes Cachain certificateIndex list Cfg/domain #/server/ssl/protocolConfiguring traffic log settings using the CLI Ena DisCfg/domain #/server/adv/traflog Traffic Log Settings menu displaysTraffic Log Settings menu includes the following options Cfg/domain #/server/adv/traflog followed byCfg/domain #/httpredir followed by Configuring Http redirect using the CLICfg/domain #/httpredir Redir onoffCfg/domain #/adv Configuring advanced settings using the CLICfg/sys/host #/interface command see Cfg/domain #/adv followed byConfiguring Radius accounting using the CLI Cfg/domain #/aaa/radacct Managing Radius accounting servers using the CLIRadius Accounting Servers menu displays Cfg/domain #/aaa/radacct followed byCfg/domain #/aaa/radacct/servers followed by NSNAS-Portal-ID VPN Attribute menu displaysCfg/domain #/aaa/radacct/vpnattribu Cfg/domain #/aaa/radacct/vpnattribu followed by Configuring the domain using the SremVPN Attribute menu includes the following options VendoridCreating a domain using the Srem Manually creating a domain using the Srem Secure Access Domain Table screen 320818-AAdd a Secure Access Domain Add a Secure Access Domain fieldsUsing the Srem Domain Quick Wizard Configuring the domain Click Domain Quick Wizard Domain Quick Wizard General Settings fieldsClick Next Domain Quick Wizard Certificate Domain Quick Wizard Certificate fieldsOrganization name and do not use any of the following Domain Quick Wizard Certificate Chain Domain Quick Wizard Certificate Chain fieldsDomain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Server fieldsDomain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Switch fieldsDomain Quick Wizard Tunnel Guard dialog box appears see Domain Quick Wizard Tunnel Guard fieldsDeleting a domain using the Srem To delete a domain, perform the following stepsConfiguring domain parameters using the Srem To configure a domain, perform the following stepsDomain Configuration fields Domain domain Configuration screen Additional domain configuration in the SremAdditional domain configuration tabs Additional domain tree components Component DescriptionConfiguring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup screen appears see FigureTunnelGuard Quick Setup fields Configuring the SSL server using the Srem Server Configuration screen 320818-AServer Configuration fields Configuring SSL settings using the Srem Server SSL Settings screen 320818-AServer SSL Settings fields ALL@STRENGTHConfiguring traffic log settings using the Srem Configuring the domain Server SSL Settings fieldsTraffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Configuring Http redirect using the Srem Tracing SSL traffic using the SremHttp Redirect screen 320818-A Configuring Radius accounting using the Srem Http Redirect fieldsConfiguring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Adding a Radius accounting server using the Srem Managing Radius accounting servers using the SremRadius accounting Configuration fields Radius Accounting Servers screen appears see Figure Radius Accounting Servers screenMoving a Radius accounting server using the Srem Radius Accounting Server fieldsDeleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles Groups Configuring groups and profilesOverview This section includes the following topicsDefault group Linksets TunnelGuard SRS ruleExtended profiles Configuring groups and extended profiles using the CLI Create the SRS rules see TunnelGuard SRS Builder onRoadmap of group and profile commands To create and configure a group, use the following command Configuring groups using the CLICfg/domain 1/aaa/group group ID Restrict Cfg/domain 1/aaa/group # followed byExtend profile ID Comment comment Tgsrs SRS rule nameMain# /cfg/domain 1/AAA/group Configuring client filters using the CLI Cfg/domain 1/aaa/filter filter IDCfg/domain 1/aaa/filter filter ID followed by Client Filter menu includes the following optionsTg truefalseignore Main# /cfg/domain 1/AAA/filter Configuring extended profiles using the CLICfg/domain 1/aaa/group group IDgroup name/extend Filter name Extended Profile menu includes the following optionsCfg/domain 1/aaa/group #/extend # followed by Vlan nameMain# cfg/domain 1/aaa/group 2/extend Cfg/domain 1/aaa/group #/extend #Linkset Del Extended Profile 1# ../extend 2/filter tgfailed/vlan YellowCfg/domain 1/aaa/group #/extend #/linkset Mapping linksets to a group or profile using the CLICfg/domain 1/aaa/group #/linkset Cfg/domain 1/aaa/group #/extend #/linkset followed byLinksets# add example2 Main# cfg/domain 1/aaa/group 1/linksetLinksets# insert 2 example3 Configuring groups using the Srem Configuring groups and extended profiles using the SremCreating a default group using the CLI This section contains the following topicsUsing the guide for creating groups Click a Guide to Create a Group on the toolbarAdding a group Groups screen 320818-AClick Add Add a Group dialog box appears see Figure Add a Group fieldsGroup Configuration screen appears see Figure To configure a group, perform the following stepsModifying a group Configuring client filters using the Srem Group Configuration fieldsAdding a client filter Client Filters screen appears see FigureClick Add Add a Client Filter dialog box appears see Figure Add a Client Filter fields Sheet 1Check using the Srem on Client filter Configuration screen appears see Figure To configure a client filter, perform the following stepsModifying a client filter Client Filters configuration fields Configuring extended profiles using the Srem Adding an extended profile Extended Profiles screen appears see FigureAdd an Extended Profile screen Add an Extended Profile fieldsExtended profiles Configuration screen appears see Figure Modifying an extended profileMapping linksets to a group or profile using the Srem Extended Profile Configuration fieldsMapping linksets to a group Linksets screen for a groupTo add a linkset to a group, perform the following steps Adding linksets to a groupAdd a Linkset fields Removing linksets from a group Reordering linksets in a groupMapping linksets to a profile Linksets screen for an extended profileAdding linksets to an extended profile Removing linksets from an extended profile Reordering linksets in an extended profileCreating a default group using the Srem AAA Configuration screen 320818-AAAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Roadmap of authentication commands Cfg/domain 1/aaaCommand Configuring authentication methods using the CLI Cfg/domain 1/aaa/auth auth IDRadiusldaplocal Cfg/domain 1/aaa/auth auth ID followed byDisplay Local accesses the Local database menu Cfg/domain 1/aaa/auth #/adv followed by Configuring Radius authentication using the CLICfg/domain 1/aaa/auth #/adv Groupauth auth IDsAdding the Radius authentication method using the CLI You can perform the following configuration tasksConfiguring authentication Main# /cfg/domain 1/aaa/auth Modifying Radius configuration settings using the CLICfg/domain 1/aaa/auth #/radius Cfg/domain 1/aaa/auth #/radius followed by TypeRadius servers menu displays Managing Radius authentication servers using the CLITimeout interval SessiontimRadius servers menu includes the following options Cfg/domain 1/aaa/auth #/radius/servers followed byConfiguring session timeout using the CLI Configuring Ldap authentication using the CLICfg/domain 1/aaa/auth #/radius/sessiontim Adding the Ldap authentication method using the CLI Configuring authentication Modifying Ldap configuration settings using the CLI Cfg/domain 1/aaa/auth #/ldapCfg/domain 1/aaa/auth #/ldap followed by Ldap menu displays Ldap menu includes the following optionsDo not use the isdbinddn and isdbindpas Userattr names SAMAccountName=bill . The user’s loginIsdbindpas password Ou=Users, dc=example, dc=com .Enauserpre truefalse Enaldaps truefalseActivedire Managing Ldap authentication servers using the CLI Cfg/domain 1/aaa/auth #/ldap/serversRemoves the specified Ldap server from the current Cfg/domain 1/aaa/auth #/ldap/ldapmacro Managing Ldap macros using the CLICfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Prefix suffix Add variable nameLdap attribute Variable nameActive Directory Settings menu displays Managing Active Directory passwords using the CLISet the Active Directory settings using Cfg/domain 1/aaa/auth #/ldap/activedire commandConfiguring local database authentication using the CLI Configuring authentication Authentication menu commands local database Local database menu displays Managing the local database using the CLIYou can add users to the database in two ways Cfg/domain 1/aaa/auth #/localCfg/domain 1/aaa/auth #/local followed by Cur group commandLocal database menu includes the following options TAB or use the /cfg/domain 1/aaaImport protocol Server filename keySpecifying authentication fallback order using the CLI Export protocolCfg/domain 1/aaa/authorder auth ID,auth ID Main# /cfg/domain 1/aaa/authorderConfiguring authentication using the Srem Configuring authentication methods using the Srem Authentication Server Table appears see FigureConfiguring Radius authentication using the Srem Add an Authentication Server Radius 320818-A Adding the Radius method and serverModifying Radius configuration Add an Authentication Server Radius fieldsModifying Radius method settings Configuration 320818-AConfiguration fields Modifying Radius configuration settings Radius Configuration screen appears see FigureRadius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Adding a Radius server Add a Radius Server fieldsReordering additional Radius servers Configuring authentication Add a Radius Server fieldsRemoving a Radius server Configuring Ldap authentication using the Srem Next stepsAdd an Authentication Server Ldap fields Adding the Ldap method and serverModifying Ldap configuration Modifying Ldap method settings Configuration fields Modifying Ldap configuration settings Ldap Configuration screen appears see FigureLdap Configuration fields Ou=Users, dc=example, dc=com. The user Cn=Users, dc=example, dc=comConfiguring authentication Ldap Configuration fields Active Directory, onManaging additional Ldap servers Click Apply Adding an Ldap serverAdd an Ldap Server fields Reordering additional Ldap servers Removing an Ldap serverManaging Ldap macros Ldap Macros Adding Ldap macros Add an Ldap Macro fieldsReordering Ldap macros Removing Ldap macrosConfiguring local database authentication using the Srem Populate the database see Populating the database onAdding the Local method Add an Authentication Server Local fields Database onYou can populate the Local database in two ways Populating the databaseAdding users to the local database Local Users screen appears see FigureClick Add Add a Local User dialog box appears see Figure Add a Local User fieldsConfiguring authentication Importing a database Import Local User Database 320818-AModifying Local database configuration Import Local User Database fieldsModifying Local method settings Modifying local users Local Users screen appears see onLocal Users Configuration 320818-A Modifying local user passwords Local Users Configuration fieldsSelect the Local User Configuration tab Local Users Local User Configuration 320818-ALocal Users Local User Configuration fields Exporting the database Export Local User Database 320818-AExport Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder TunnelGuard SRS Builder Configuring SRS rulesTunnelGuard user interface \tunnelguard\tg.txtSoftware Definition menu Menu commandsFile menu Describes important items from the File menuSoftware Definition Entry menu Software Definition Entry menu items Sheet 1Describes important items from the TunnelGuard Rule menu TunnelGuard Rule menuTool menu Describes important items from the Tool menuSRS definition toolbar SRS Definition toolbar item descriptionsSRS Components table Software Definition Available SRS listSRS Components table items Customizing a component WINNT%\xxx.dllSRS Rule toolbar Memory snapshotTunnelGuard Rule Definition screen Memory snapshot item descriptionsAvailable Expression list SRS Rule listSRS Rule Expression Constructor Rule Expression ConstructorManaging TunnelGuard rules and expressions Creating a software definitionAdding entries to a software definition Selecting modules or files from running processesCreate New Memory Module SRS window For more information, see Making API calls on Selecting file on disk Select the TunnelGuard Rule Definition tabCreate New on Disk SRS Entry window Creating logical expressions Click the TunnelGuard Rule Definition tab TunnelGuard Rule Definition tabClick the Form TunnelGuard Rule Expression button Available Expressions screen New SRS Rule windowTunnelGuard Rule Name screen Registry-based rules Registry-only SRS entryDescribes supported operands for integer values Supported integer operandsConstructs for string based regular expressions Sheet 1 String regular expression DescriptionCreating a registry entry Enter the Key Value Data Expression Registry-based File/ModuleTunnelGuard SRS Builder Registry Entry Manually creating SRS entries Manually creating an OnDisk file entryCreate new OnDisk SRS Entry Manually creating a Memory Module entry Create New Memory Module SRS Entry page opens see onCreate new Memory Module SRS entry File age check Adding a TunnelGuard rule comment Adding commentsTunnelGuard SRS Builder Date/Time Range Deleting SRS rules and their components Adding a software definition commentDeleting a TunnelGuard rule Deleting a software definitionDeleting a software definition entry Deleting an expressionTunnelGuard support for API calls Making API callsTunnelGuard SRS Builder 320818-A Chapter Managing system users and groups Managing system users and groups User rights and group membershipGroup membership and user rights Roadmap of system user management commands Managing system users and groups using the CLICfg/sys/user User menu displays User menu includes the following options Managing user accounts and passwords using the CLICfg/sys/user followed by Del username Add usernameEdit username Managing user settings using the CLICaphrase Password confirm User password Managing user groups using the CLIPassword user Cfg/sys/user/edit usernameThis section includes the following detailed examples CLI configuration examplesAdding a new user Cfg/sys/user/edit username/groupsAccess the User Menu Main# /cfg/sys/userUser# edit certadmin Apply the changes Verify and apply the changes User# edit admin Changing a user’s group assignmentChanging passwords Changing your own passwordChanging another user’s password Type the password command to initialize the password change Deleting a user Managing user accounts using the Srem Managing system users and groups using the SremTo manage users, choose from one of the following tasks User Table Adding new user accounts Click Add Add a User dialog box appears see FigureTo remove an existing user, perform the following steps Removing existing user accountsAdd a User fields Setting password expiry using the Srem Password Setting 320818-APassword Settings fields Changing your password using the Srem Change Your Password 320818-AOnly the admin user can change the passwords of other users Changing another user’s password using the SremClick Change Password Change Your Password fieldsChange User Password 320818-A Setting the certificate export passphrase using the Srem Change User Password fieldsSet Certificate Export PassPhrase screen appears see Figure Set Certificate Export PassPhrase 320818-AClick Set Pass Phrase Managing user groups using the SremSet Certificate Export PassPhrase fields Choose from the following tasks to manage users groups Adding a user groupTo add a new user group, perform the following steps Click Add Add a User Group dialog box appears see Figure Removing a user groupAdd a User Group fields Managing system users and groups Chapter Customizing the portal and user logon Captive portal and Exclude List Customizing the portal and user logonExclude List Allowed regular expressions and escape sequences String Usage ExpressionsPortal display Portal look and feelDefault appearance ColorsCommon colors, with hexadecimal codes Sheet 1 Color Hexadecimal codeLanguage localization Content-Type text/plain charset=iso-8859-1/n Linksets and links Autorun linksetsPlanning the linksets MacrosExamples of redirection URLs and links Automatic redirection to internal sitesExamples of redirection URLs and link text Sheet 1 Managing the end user experience Automatic JRE uploadRoadmap of portal and logon configuration commands Customizing the portal and logon using the CLIWindows domain logon script Number Color2 code DNS Exclude menu displays Configuring the captive portal using the CLIConfiguring the Exclude List using the CLI Cfg/domain 1/dnscaptDNS Exclude menu includes the following options Changing the portal language using the CLICfg/domain 1/dnscapt/exclude followed by Language Support menu displays Configuring language support using the CLICfg/lang Cfg/lang followed by Cfg/lang/import commandLanguage Support menu includes the following options Server filenameCfg/domain 1/portal/lang followed by Setting the portal display language using the CLICfg/domain 1/portal/lang Cfg/domain 1/portal/lang/listCfg/domain 1/portal Configuring the portal display using the CLIRestore Cfg/domain 1/portal followed byLogintext text Redirect URLLinkcols columns Linktext textLinkurl onoff Linkwidth widthPortal Colors menu displays Changing the portal colors using the CLICfg/domain 1/portal/colors Cfg/domain 1/portal/content Configuring custom content using the CLIPortal Custom Content menu displays Portal Colors menu includes the following optionsTftpftpscpsftp. The default is tftp Portal Custom Content menu includes the following optionsCfg/domain 1/portal/content followed by AvailableConfiguring linksets using the CLI Cfg/domain 1/linkset linkset IDText text Linkset menu includes the following optionsCfg/domain 1/linkset linkset ID followed by Autorun truefalseConfiguring links using the CLI Cfg/domain 1/linkset linkset ID/link indexCfg/domain 1/linkset linkset ID/link index followed by Link menu includes the following optionsMove new index Cfg/domain 1/linkset linkset ID/link index/ external/quick Configuring external link settings using the CLIConfiguring FTP link settings using the CLI Cfg/domain 1/linkset linkset ID/link index/ ftp/quickConfiguring the captive portal using the Srem Customizing the portal and logon using the SremEnabling DNS capture DNS Capture screen includes the following components DNS Capture fieldsClick Add Entry appears in the DNS Exclude List Configuring the DNS Exclude List using the SremAdd DNS Domain fields Changing the portal language using the Srem Languages sub-tabs appear see Figure Configuring language support using the SremSelect the System Language tab Choose from one of the following tasksViewing predefined languages To view custom languages, use the following procedureViewing and removing custom languages Click the Import/Export Definition tab Importing and exporting language definitionsImport/Export Definition screen appears see Figure Import/Export Definition fields Setting the portal display language using the Srem Configuring the portal display using the Srem Language fieldsConfiguring content Portal Configuration tab appears see FigurePortal Configuration fields Sites, see on Importing banners Import Banner screen 320818-AImport Banner fields Changing the portal colors using the Srem Color Settings screen 320818-AColor Settings fields Configuring custom content using the Srem Viewing basic information about custom content Basics screen appears see FigureBasics fields To import custom content, perform the following steps Importing custom contentImport Content screen appears see Figure Import Content fields To export custom content, perform the following steps Exporting custom contentExport Content screen appears see Figure Configuring linksets using the Srem Export Content fieldsTo create a linkset, perform the following steps Creating a linksetPortal Links screen appears see Figure Click Add Add a Linkset dialog box appears see Figure Add a LinksetModifying a linkset Linkset Configuration screen appears see FigureTo modify a linkset, perform the following steps Linkset Configuration fields See Linksets and links onConfiguring links using the Srem To create an external link, perform the following steps Creating an external link using the SremLinks screen appears see Figure Click Add Add a Portal Link dialog box appears see Figure Add a Portal Link fieldsCreating an FTP link using the Srem To create an FTP link, perform the following steps Add a Portal Link FTPAdd a Portal Link FTP fields External link Configuration screen appears see Figure Modifying external link settings using the SremTo modify a link, perform the following steps External link Configuration fields Reordering links using the Srem onModifying FTP link settings using the Srem FTP link Configuration screen appears see FigureReordering links using the Srem FTP link Configuration fieldsRe Order Links screen appears see Figure Re Order Links fieldsCustomizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Configuring the cluster using the CLI Cfg/sysRoadmap of system commands Parameter Health interval Show Cfg/sys followed by Configuring system settings using the CLIRsa server ID Cfg/domain #/server/trace/tcpdump Configuring the Nortel Snas 4050 host using the CLICfg/domain #/server/trace/ssldump Cfg/sys/host host ID/cfg/sys/host #/interface # Cluster Host menu includes the following optionsCfg/sys/host host ID followed by Interface numberHwplatform PortsPorts = 1,23 HaltCfg/sys/cur command RebootCfg/sys/host #/delete Cfg/sys/host host ID/interface interface ID Configuring host interfaces using the CLIViewing host information Cfg/sys/host #/interface interface IDMode Cfg/sys/host #/interface interface ID followed byVlanid tag FailovertrunkingCfg/sys/routes Configuring static routes using the CLIPrimary port Cfg/sys/host host ID/routesAdd IPaddr mask Configuring host ports using the CLICfg/sys/host #/interface #/routes followed by GatewayCfg/sys/host #/port port followed by Managing interface ports using the CLIHost Port menu includes the following options Cfg/sys/host #/interface interface ID/portsCfg/sys/accesslist Configuring the Access List using the CLICfg/sys/host #/ports command see Interface Ports menu includes the following optionsDate and Time menu displays Configuring date and time settings using the CLICfg/sys/accesslist followed by Add IPaddr maskNTP Servers menu displays Managing NTP serversDate and Time menu includes the following options Cfg/sys/time followed byCfg/sys/time/ntp followed by Configuring DNS servers and settings using the CLINTP Servers menu includes the following options Cfg/sys/dnsTtl ttl Retransmit intervalCount count Health intervalCfg/sys/dns/servers Managing DNS serversCfg/sys/dns/servers followed by Move index number new index number Configuring RSA servers using the CLIRSA Servers menu displays Switch Software Release Cfg/sys/rsaSyslog Servers menu displays Configuring syslog servers using the CLIRSA Servers menu includes the following options Cfg/sys/rsa followed byFacility Syslog Servers menu includes the following optionsCfg/sys/syslog followed by Syslog.conf under UnixCfg/sys/adm Configuring administrative settings using the CLIAdministrative Applications menu displays Cfg/sys/adm followed byAuth SrsadminAudit Telnet onoffCfg/sys/adm/srsadmin Enabling TunnelGuard SRS administration using the CLIConfiguring Nortel Snas 4050 host SSH keys using the CLI Cfg/sys/adm/srsadmin followed byDraft-ietf-secsh-publickeyfile Cfg/sys/adm/sshkeysCfg/sys/adm/sshkeys followed by KnownhostsSSH Known Host Keys menu includes the following options Managing known hosts SSH keys using the CLISSH Known Host Keys menu displays Cfg/sys/adm/sshkeys/knownhostsAbout Radius auditing Configuring Radius auditing using the CLIAbout the vendor-specific attributes NSNAS-SSL-Audit-Trail Configuring Radius auditingMap this string to the Vendor-Type value Cfg/sys/adm/auditRadius Audit Servers menu includes the following options Managing Radius audit servers using the CLIRadius Audit Servers menu displays Cfg/sys/adm/audit/serversAdds a Radius audit server to the configuration. You Configuring authentication of system users using the CLI Cfg/sys/adm/authFallback onoff Radius Authentication Servers menu displaysCfg/sys/adm/auth/servers Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem Select the System Configuration tab Configuring system settings using the SremSystem Configuration screen appears see Figure Configuring a Nortel Snas 4050 host using the Srem System Configuration fieldsHosts Viewing and configuring TCP/IP properties HostViewing and installing host licenses Host fieldsViewing global licenses for all hosts Describes the Global Licenses fields Global Licenses fieldsViewing per domain licenses for all hosts Describes the Per Domain Licenses fields Per Domain Licenses fieldsViewing installed licenses for a particular host Installing a license for a particular host Install New License Configuring host interfaces using the Srem To continue, choose one of the following proceduresSelect the System Hosts host Interfaces tab Adding a host interfaceTo create a host interface, perform the following steps Add an Interface fieldsConfiguring system settings Add an Interface fields Click Apply New interface appears in the Interfaces tableConfiguring an existing host interface Interface fields Link is transferred back to the primary port Removing a host interface Configuring static routes using the SremTo delete a host interface, perform the following steps Viewing static routes for a cluster IP RoutesViewing static routes for a host RoutesViewing static routes for an interface Managing static routesAdding a static route Add Route fieldsRemoving a static route Configuring host ports using the Srem PortsPort Port fields Managing interface ports using the Srem Removing interface ports Adding interface portsAdd a Port fields Configuring the access list using the Srem Select the System Access List tab Adding an access list entryAccess List Table appears see Figure Access List Table appears see on Click AddAdd Access Host dialog box appears see Figure Removing an Access List entryAdd Access Host fields Managing date and time settings using the Srem Date & TimeSelect the System Date & Time tab Configuring the date and time settingsDate & Time fields Select the System Date and Time tab Adding an NTP serverAdd NTP Server fields Removing an NTP server Select the System DNS Client Settings tab Configuring DNS settings using the SremDNS Client Settings screen appears see Figure DNS Client Settings fields Configuring servers using the Srem Managing syslog serversClick Add Add Syslog Server dialog box appears see Figure Adding a new syslog serverFrom this screen, complete the following tasks as necessary Add Syslog Server fieldsReordering a new syslog server Removing an existing syslog serverAdding a DNS server on Removing an existing DNS server on Select the System Servers DNS Servers tab Adding a DNS serverAdd DNS Server fields Removing an existing DNS server Managing RSA servers RSA Server TableSelect the System Servers RSA Server Table tab To configure RSA servers, perform the following stepsAdding an RSA server Add RSA Server fieldsRemoving an existing RSA server Removing the RSA node secretDescribes the RSA Server fields RSA Server fieldsClick Remove Secret Node Importing sdconf.recSelect an RSA server from the RSA Server Table Select the Import sdconf.rec tab Import sdconf.rec screen appears see FigureConfiguring administrative settings using the Srem Import sdconf.rec fieldsConfiguring SRS control settings using the Srem Select from one of the following tasks Configuring Nortel Snas 4050 host SSH keys usingAdd SSH Key fields Showing SSH keys Show SSH KeysConfiguring system settings Managing Nortel Snas 4050 and known host SSH keys Click Generate SSH Keys SSH Keys Hosts fieldAdding an SSH key for a known host using the Srem Add SSH KeyManaging Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Configuring Radius audit settings using the Srem Radius audit ConfigurationDescribes the Add Audit Configuration fields Add Audit Configuration fieldsManaging Radius audit servers using the Srem Select from the following tasks to manage the audit serversClick Add Add Audit Server dialog box appears see Figure Adding a new Audit ServerAdd Audit Server fields Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Managing Radius authentication servers using the Srem Radius Server Table appears see FigureAdding a Radius authentication server Add Radius Server fieldsRemoving an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Key and certificate formats Supported key and certificate formats Sheet 1320818-A Installing certificates and keys Creating certificatesSaving or exporting certificates and keys Updating certificatesManaging private keys and certificates using the CLI Roadmap of certificate management commands Cfg/cert cert id Managing and viewing certificates and keys using the CLICfg/cert cert ID followed by /cfg/cert #/show command Cert #/export command Generating and submitting a CSR using the CLIPhrase Cfg/cert #/request CSR informationIPip-address Emailemail-addressEmail Address tester@dummyssltesting.com Generating a CSRSave the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Lines Entire contents of the key, includingAdd the certificate Enter the following command Cfg/cert #/certAdding a certificate by pasting Certificate added Certificate 2# applyAdd the private key Enter the following command Adding a private key to the Nortel Snas 4050 using the CLICfg/cert #/key Adding a private key by pasting Cfg/cert #/import Certificate and key import informationAdmin@hostname.isd AnonymousDisplaying or saving a certificate and key using the CLI Cfg/cert #/displayCopy the private key, certificate, or both, as required Displaying a private key and certificate Cfg/cert #/export Certificate and key export informationAbout the formats, see Key and certificate formats on Generating a test certificate using the CLI Cfg/cert #/testManaging private keys and certificates using the Srem Viewing certificates using the Srem Certificates screenSelect the Certificates Certificates tab Creating a certificate using the SremTo create a certificate, perform the following steps Add a Certificate Component fieldsManaging certificates Generating and submitting a CSR using the Srem To generate a CSR, perform the following stepsCA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Displaying or saving a certificate and key using the Srem Import Certificate fieldsDisplay Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing certificate information using the Srem Viewing configuration detailsDescribes the certificate Configuration fields Configuration screen appears see FigureCertificate Configuration fields Managing certificates Certificate Configuration fields Viewing general informationDescribes the Info fields Info screen appears see FigureInfo fields Viewing certificate subject settings Managing certificates Info fieldsDescribes the Subject fields Subject screen appears see FigureSubject fields Managing certificates Subject fields Chapter Configuring Snmp Configuring Snmp Configuring Snmp using the CLICfg/sys/adm/snmp Roadmap of Snmp commands Configuring Snmp settings using the CLI Snmp menu displays Snmp menu includes the following optionsSNMPv2-MIBmenu displays Configuring the Snmp v2 MIB using the CLICfg/sys/adm/snmp/snmpv2-mib Cfg/sys/adm/snmp/snmpv2-mib followed by Configuring the Snmp community using the CLISNMPv2-MIBmenu includes the following options Cfg/sys/adm/snmp/communityConfiguring SNMPv3 users using the CLI Cfg/sys/adm/snmp/users user IDMd5 Sha Des AesSnmp User menu includes the following options Cfg/sys/adm/snmp/users user ID followed byNotification Target menu displays Configuring Snmp notification targets using the CLICfg/sys/adm/snmp/target target ID Event menu displays Configuring Snmp events using the CLINotification Target menu includes the following options Version v1v2cv3Options -b name Event menu includes the following optionsCfg/sys/adm/snmp/event followed by OID op valueOID value Options -t nameEvent Comment name Options -x nameOID NotificationConfiguring Snmp settings using the Srem This section contains information about the following topicsConfiguring Snmp using the Srem To configure SNMP, perform the following stepsSnmp Configuration fields SonmpConfiguring Snmp targets using the Srem To add an Snmp target, perform the following steps Adding Snmp targetsSnmp Target Table appears see Figure Click Add Add Snmp Target dialog box appears see Figure Add Snmp Target 320818-ASnmp Target fields Managing Snmp targets Target Settings screen appears see FigureTo manage Snmp targets, perform the following steps Removing Snmp targets Configuring SNMPv3 users using the Srem To add an SNMPv3 user, perform the following steps Adding SNMPv3 usersSNMPv3 User Table appears see Figure Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User 320818-AAdd SNMPv3 User fields User Settings screen appears see Figure Managing SNMPv3 usersUser Settings fields Sheet 1 Configuring Snmp User Settings fields Sheet 2 Removing SNMPv3 usersManaging monitor events Configuring Snmp events using the SremTo manage monitor events, select from the following tasks Adding monitor events To add monitor events, perform the following stepsViewing configuration details of monitor events Add a Monitor fieldsBoolean monitors Removing monitor eventsTo delete a monitor event, perform the following steps Add a Monitor Boolean Boolean monitor fields Sheet 1Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitorsThreshold monitor fields Existence monitors Existence monitor fields Sheet 1Managing notification events Existence monitor fields Sheet 2To add notification events, perform the following steps Adding notification eventsNotification Table screen appears see Figure Add a Notification Event Add a Notification Event fieldsRemoving notification events To delete a notification event, perform the following steps659 Info Roadmap of information and statistics commandsViewing system information and performance statistics StatsViewing system information using the CLI Information menu displaysInfo followed by Information menu includes the following optionsDomain ID Kick domain ID SwitchidInfo/mac command UsernameMac MACaddr Info/ip commandSwitch ID Username-prefixLocal EthernetInfo/events Viewing alarm events using the CLITo view active alarms, use the following command Info/events followed byTo view and download log files, use the following command Viewing log files using the CLIViewing AAA statistics using the CLI Logs menu displays Logs menu includes the following optionsTotal Stats/aaaStats/aaa followed by Isdhost host IDMain# stats/aaa/dump Viewing local information using the Srem Viewing all statistics using the CLIStats/dump Describes the Information fields Information screen appears see FigureInformation fields Viewing cluster information using the Srem Viewing the controller list using the Srem Describes the Controller List fields Controller List fieldsViewing Sonmp topology information using the Srem Describes the Sonmp State fields Sonmp State fieldsViewing switch distribution using the Srem Describes the Switch Distribution fields Viewing port information using the SremSwitch Distribution fields Describes the Port Information fields Port Information fields Sheet 1Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Viewing active sessions using the Srem Sessions screenDescribes the Sessions parameters Sessions parametersViewing details for a particular session Session Properties screenEnding active user sessions Describes the Session Properties parametersClick KickOut KickOut User fieldsDescribes the Number of Sessions fields Viewing the number of active sessions using the SremNumber of Sessions fields Viewing alarms using the Srem Viewing active alarms using the Srem Active Alarms screen 320818-ADescribes the Active Alarms fields Active Alarms fieldsDownloading alarms using the Srem Download Alarms screen 320818-ADescribes the Download Alarms fields Managing log files using the SremDownload Alarms fields Viewing the log list using the Srem Logs screenDescribes the Download fields Downloading log files using the SremDownload fields Sheet 1 Viewing AAA statistics using the Srem Viewing AAA statistics for a host Hosts tableLicense tab opens see on For a description of the fields, seeTable Viewing License statisticsLicense statistics Sheet 1 Viewing Radius statistics Radius statistics 320818-ARadius statistics Viewing Local database statistics Local DB statistics Sheet 1Viewing Ldap statistics Ldap statistics Viewing AAA statistics for the domain Statistics tableSelect one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license For a description of the fields, see Table Viewing Radius Statistics Sheet 1320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table For a description of the fields seeTable Viewing Rx statisticsViewing Rx statistics Sheet 1 Rx Frames Displays number of errors due to malformed packets Viewing Tx statistics Viewing Tx Statistics Sheet 1Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Maintaining and managing the system Managing and maintaining the system using the CLIMaint Roadmap of maintenance and boot commands BootPerforming maintenance using the CLI Maintenance menu displaysMaintenance menu includes the following options Dumplogs protocol server filename all-isds?Maint followed by All-isds?Mode Starttrace tagsDomain ID output StoptraceBacking up or restoring the configuration using the CLI Cfg/dump passphrasePtcfg protocol Configuration menu backup and restore commandsCfg Server filename passphrasePassphrase Cfg followed byGtcfg protocol Dump passphraseBoot followed by Managing Nortel Snas 4050 devices using the CLIBoot menu displays Boot menu includes the following options SoftwareCfg/sys/host #/delete command Cfg/sys/host #/reboot command insteadCfg/sys/host #/delete command see Boot/softwareSoftware Management menu includes the following options Boot/software followed byActivate command Activate versionUpgradecomplete.pkg Managing and maintaining the system using the SremPerforming maintenance using the Srem Ftp 10.0.0.1 pub/SSL-5.1.1Dumping logs and status information using the Srem DumpsClick Dump Starting and stopping a trace using the SremDump fields To start or stop a trace, perform the following steps Start/Stop Trace fields Checking configuration using the Srem Click Check ConfigurationBacking up or restoring the configuration using the Srem Backup & Restore 320818-ABackup & Restore fields If you later restore the configuration, the CertificateManaging software versions using the Srem Image ListFollowing tasks are available from this screen Describes the Image List fieldsImage List fields Select the System Boot Image List tab Viewing details of the active software imageActivating a software image Downloading images using the Srem Removing an inactive software imageMaintaining and managing the system Rebooting or deleting a Nortel Snas 4050 device using Download Image fieldsReboot/Delete ISD Options Downloading files using the Srem Describes the File Download fields File Download screen appears see FigureFile Download fields Running Nortel Snas 4050 diagnostics using the Srem Maintaining and managing the system File Download fieldsDescribes the Diagnostics fields Diagnostics fieldsMaintaining and managing the system 320818-A Chapter Upgrading or reinstalling the software Upgrading the Nortel SnasPerforming minor and major release upgrades Upgrading or reinstalling the softwareDownloading the software image using the CLI Enter the host name or IP address of the serverActivating the software upgrade package Admin@hostname/IP.isdNsnas At the Software Management# prompt, enter Log in again and verify the new software versionReinstalling the software Before you beginUpgrading or reinstalling the software Reinstalling the software from an external file server Restarting Restarting system Booting LoginAlteon WebSystems, Inc When the installation is complete, remove the CD and reboot Reinstalling the software from a CDRun install-nsnas isd4050 Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Command Line Interface Connecting to the Nortel SnasEstablishing a console connection Console configuration parameters ProcedureRequirements Enabling and restricting Telnet access Establishing a Telnet connectionEnabling and restricting SSH access Establishing a connection using SSHRunning Telnet Running an SSH client Accessing the Nortel Snas 4050 cluster For more information, see How to get help onUser access levels Command line history and editing CLI Main Menu or SetupIdle timeout Command Line Interface On page 780 illustrates the network configuration ScenarioConfiguration example Network devices Sheet 1Configuration example Network devices Sheet 2 Summarizes the VLANs for the Ethernet Routing SwitchVLANs for the Ethernet Routing Switch Configure the network DNS server StepsConfigure the network Dhcp server Create a new Dhcp scope see FigureNaming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Enter the IP address of the DNS server see Figure Specifying the DNS serverConfigure the network core router Shows the Dhcp scopes created for use in this exampleConfigure the Ethernet Routing Switch 8300 using the CLI StepsConfiguring the Red, Yellow, and Green VLANs Configuring the Nortel Snas 4050 pVIP subnetConfiguring the VoIP VLANs Enabling SSHEnabling Nsna globally Configuring the Nsna uplink filterConfiguring the Nsna ports Add the uplink portConfigure the Ethernet Routing Switch Setting the switch IP address5510-48Tconfig#nsna nsnas 10.40.40.0/24 Configuring SSH5510-48Tconfig# ssh 5510-48Tconfig#nsna vlan 240 color voip5510-48Tconfig-if#exit Configure the Nortel SnasConfiguring the login domain controller filters 5510-48Tconfig#nsna enablePerforming initial setup 10.40.40.1Enter a password for the admin user Completing initial setupEnable SRS administration Main# cfg/sys/adm/srsadmin/enaGroup 1# /cfg/domain 1/aaa/tg/quick Adding the network access devicesMain# cfg/domain 1/sshkey/generate TG#../group 1/tgsrs srs-rule-testImport the public SSH key from the switch Adding the Ethernet Routing SwitchAdd the switch manually Main# cfg/domain 1/switch 1 Creating SwitchMain# cfg/domain 1/switch 1/vlan/add yellow Use the quick switch wizardMain# cfg/domain 1/switch 2/sshkey/import Switch Vlan# ../../vlan/add yellowSwitch 2# apply Changes applied successfully Enabling the network access devicesMain# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena Domain Vlan# apply Changes applied successfullyConfiguration example 320818-A Appendix a CLI reference Using the CLI Global commandsQuit PasteExit NetstatCommand line history and editing Command line history and editing options Sheet 2 Command stackingYou can use the following CLI command shortcuts CLI shortcutsNTP Servers# ../../dns/servers Command abbreviationTab completion Main# cfg/sys/time/ntp/list Main# c/sy/t/n/lUsing a submenu name as a command argument Configuration# cur sysIP addresses Using slashes and spaces in commandsIP address and network mask formats Network masksVariables VariablesCLI command reference CLI Main MenuAppendix a CLI reference Certs Information menu commands Sheet 1Information menu SysStatistics menu Cfg/cert cert ID Name name Configuration menuConfiguration menu commands Sheet 1 CertAuth #/adv Secondauth auth ID Cfg/domain Name nameAuth ID Radiusldaplocal Auth ID for LdapAuth #/ldap/activedire Truefalse Cfg/domain #/aaa ServersAuth #/ldap Searchbase Expiredgro GroupPasswd user name Auth #/local Password groupCfg/domain #/aaa Add user name Auth #/radius Vendorid vendor IDAuth #/radius Vendortype vendor Profile ID Access rule Number Linkset DelCfg/domain #/aaa Vendorid vendor ID Type Ena Dis Cfg/domain #/aaaRadacct Vpnattribu Group #/extend # Del index numberGroup #/linkset Del index number Ena Dis Cfg/domain #/aaa ListHeartbeat interval Cfg/domain #/aaa/tg QuickRecheck interval Cfg/domain #/adv Interface interfaceLinkset ID Text text RestoreCfg/domain #/linkset Name name Linkset #/link index Text textColors Color2 code Content Server filenameCfg/domain #/portal Color1 code Lang CharsetProtocol Cfg/domain #/server Sysloghost IPaddrAdv/traflog Udpport port Ssl2ssl3ssl23tls1Switch #/dis Cfg/domain #/switch Name nameSwitch ID Type ERS8300ERS5500 Switch #/enaCfg/gtcfg protocol Cfg/domain #/vlan Add name Vlan IDPassphrase Passphrase Cfg/lang Import protocolCfg/sys/adm Snmp Cfg/sys/accesslist ListAdd IPaddr mask Sonmp onoffCfg/sys/adm/snmp Ena Cfg/sys/adm/auth ListShared secret Versions v1v2cv3Cfg/sys/adm/snmp Addmonitor Snmpv2-mib SnmpEnableDisabledenabled Cfg/sys/adm/snmp Ip IPaddr Event Options -b nameDis Cfg/sys/adm/sshkeys Generate Cfg/sys/adm/snmp Name nameUsers user ID Seclevel KnownhostsInterface #/ports Del port Mode fullhalf Cfg/sys/host #/routesCfg/sys/dns/servers List Add port Cfg/sys/host # ListSysLocatio Cfg/sys/host Ip IPaddrHost ID SysName name Cfg/sys/rsa Rsaname namePassword confirm Add IPaddr Cfg/sys/user Password oldPassword new Username Password userBoot Software Boot menuBoot menu commands Reboot Delete Boot/software CurMaint Dumplogs protocol Maintenance menuMaintenance menu commands All-isds?Chapter Troubleshooting Troubleshooting tipsEnable Telnet or SSH access Cannot connect to the Nortel Snas 4050 using Telnet orVerify the current configuration Check the Access ListCheck the IP address configuration # /cfg/cur sys Cannot add the Nortel Snas 4050 to a cluster Cannot contact the MIPMain# /cfg/sys/accesslist/add Add Interface 1 IP addresses and the MIP to the Access ListEnter network address IP address Enter netmask network mask Telnet or SSH connection to the MIP Nortel Snas 4050 stops respondingConsole connection Operator user password User password is lostAdministrator user password Root user passwordUser fails to connect to the Nortel Snas 4050 domain Boot user passwordTrace tools Main# maint/starttraceSample output for the trace command Tag Description Sample outputInstalled certificates System diagnosticsNetwork diagnostics Main# /stats/dump Cluster Host 1# curMain# /cfg/sys/cur Main# /info/ethernetActive alarms and the events log file Error log filesTroubleshooting Appendix B Syslog messages Syslog messages by message typeLists the Emerg operating system messages Operating system OS messagesLists the operating system Critical messages System Control Process messages Operating system messages ErrorLists the operating system Emerg messages Lists the System Control Process Info messages About alarm messagesAlarm severity and syslog level correspondence System control process messages InfoSystem Control Process messages Alarm AlarmSystem Control Process messages Event Audit/ena commandAbout event messages With /cfg/sys/curTraffic Processing Subsystem messages Lists the Traffic Processing Error messagesTraffic Processing messages Error Sheet 1 Lists the Traffic Processing Critical messagesCss error reason Traffic Processing messages Warning Traffic Processing messages Error Sheet 3Lists the Traffic Processing Warning messages Domain #/server/portalLists the Traffic Processing Info messages Start-up messagesTraffic Processing messages Info AAA subsystem messages Lists the AAA Error messagesAAA messages Error Lists the Start-up Info messagesAAA messages Info Sheet 1 Log value Message Category ContainsThere are two categories of Nsnas subsystem messages Nsnas subsystem messagesAAA messages Info Sheet 2 Lists the Nsnas Info messages Lists the Nsnas Error messagesNsnas Error Nsnas Info Sheet 1Nsnas Info Sheet 2 Syslog messages in alphabetical orderLists the syslog messages in alphabetical order Syslog messages in alphabetical order Sheet 1Sys/adm/audit/ena command Error Nsnas Syslog messages in alphabetical order Sheet 3Info AAA Error AAA Syslog messages in alphabetical order Sheet 5Authenticate is set to off Cfg/domain #/server/portalSyslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Supported MIBs Following MIBs are supported by the Nortel SnasAppendix C Supported MIBs ANAifType-MIBSNMPv2-MIB Supported MIBs Sheet 1Supported MIBs Sheet 2 ALTEON-ISD-SSL-MIBCLI, using the /cfg/sys/adm/snmp/target command Appendix C Supported MIBs Supported MIBs Sheet 3Describes the traps supported by the Nortel Snas Use the CLI command /cfg/sys/adm/snmp/snmpv2-mibSupported traps Supported trapsAppendix C Supported MIBs 320818-A Appendix D Supported ciphers Supported ciphersAppendix D Supported ciphers Install All Administrative Tools Windows 2000 Server Register the Schema Management dll Windows ServerClick Start and select Run Nortel Secure Network Access Switch 4050 User Guide Create a shortcut to the console window Permit write operations to the schema Windows 2000 ServerSelect a Title for the Program page displays Nortel Secure Network Access Switch 4050 User Guide Create the new class Add isdUserPrefs attribute to nortelSSLOffload classAdd the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Appendix F Configuring Dhcp to auto-configure IP Phones Configuring IP Phone auto-configurationCreating the Dhcp options Dhcp Management Console Predefined Options and Values dialog box opens see Figure Click Add Option Type dialog box opens see onOption Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box displays see Figure Scope Options dialog boxCall Server Information string parameter values Setting up the IP Phone Vlan ID Information string parameter valuesPage Configuring the logon script Create the logon script see Creating a logon script onCreating a logon script Using Windows, open a plain text editor, such as NotepadCreating the script as a batch file Assigning the logon script Creating the script as a VBScript fileRight-click the Default Domain Policy and select Edit Double-clickDefault Domain PolicyOn the Group Policy tab, click Open Appendix H Software licensing information GNU General Public License Appendix H Software licensing informationAppendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Symbols IndexIndex Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index