Groups and profiles | Nortel Networks 4050 manual

Chapter 1 Overview 35

•VoIP — automatic access for VoIP traffic. The network access device places VoIP calls in a VoIP VLAN without submitting them to the Nortel

SNAS 4050 authentication and authorization process.

When a client attempts to connect to the network, the network access device places the client in its Red VLAN. The Nortel SNAS 4050 authenticates the client and then downloads a TunnelGuard applet to check the integrity of the client host. If the integrity check fails, the Nortel SNAS 4050 instructs the network access device to move the client to a Yellow VLAN, with its associated filter. If the integrity check succeeds, the Nortel SNAS 4050 instructs the network access device to move the client to a Green VLAN, with its associated filter. The network access device applies the filters when it changes the port membership.

The VoIP filters allow IP Phone traffic into one of the preconfigured VoIP VLANs for VoIP communication only.

The default filters can be modified to accommodate network requirements, such as Quality of Service (QoS) or specific workstation boot processes and network communications.

For information about configuring VLANs and filters on the network access device, see Release Notes for Nortel Ethernet Routing Switch 5500 Series, Software Release 4.3 (217468-B) or Release Notes for the Ethernet Routing Switch 8300, Software Release 2.2.8 (316811-E).

Groups and profiles

Users are organized in groups. Group membership determines:

•user access rights

Within the group, extended profiles further refine access rights depending on the outcome of the TunnelGuard checks.

•number of sessions allowed

•the TunnelGuard SRS rule to be applied

•what displays on the portal page after the user has been authenticated

For information about configuring groups and extended profiles on the Nortel SNAS 4050, see “Configuring groups and profiles” on page 191.

Nortel Secure Network Access Switch 4050 User Guide

Image 35

Nortel Networks 4050 manual Groups and profiles

Contents

Nortel Secure Network Access Switch 4050 User Guide 320818-A Copyright Nortel Networks Limited 2005. All rights reserved Licensing Nortel Secure Network Access Switch 4050 User Guide General Contents Contents Managing the network access devices Configuring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Preface Connect the switch to the networkBefore you begin Bold text Text conventions Example Set Trap Monitor Filters Related informationPublications Plain Courier text Online How to get help Preface This chapter includes the following topics Nortel SNA solution Overview Elements of the Nsna solutionSupported users Role of the Nortel Snas Nortel SNA VLANs and filters Nortel Snas 4050 functions Groups and profiles Authentication methods TunnelGuard host integrity check Communication channels in the Nortel SNA network Communication channelsAbout SSH RSA DSA Nortel Snas 4050 clusters One-armed and two-armed configurations Two-armed configuration One-armed configuration Illustrates a two-armed configuration Nortel SNA configuration and management tools Configure the network Dhcp server Nortel Snas 4050 configuration roadmap Overview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup Portal Virtual IP address About the IP addressesManagement IP address Real IP address Initial setupLog on using the following username and password Login admin Password admin Enter port number for the management interface Setup Menu displaysSelect the option for a new installation Enter Vlan tag id or zero for no Vlan Enter network mask 255.255.255.0 mask Enter default gateway IP address or blank to skip Setup a two armed configuration yes/no no Enter a timezone or select select timezone Specify the MIP for this device or clusterEnter port number for the traffic interface Enter IP address for this machine on traffic interface Enter NTP server address or blank to skip IPaddr Configure the time settingsSpecify the NTP server, if applicable Specify the DNS server, if applicable Specify a name for the Nortel Snas 4050 domain Change the admin user password, if desiredSpecify the pVIP of the Nortel Snas 4050 device Create http to https redirect server no Settings created by the quick setup wizard Extended profile details Adding a Nortel Snas 4050 device to a cluster Before you begin Select the option to join an existing cluster Joining a cluster Enter network mask 255.255.255.0 mask Specify the MIP of the existing cluster Enter the existing admin user password password Next steps Setup successful Login Applying and saving the configuration Cfg/ptcfg Applying and saving the configuration using the CLIApplying and saving the configuration using the Srem Cfg/dump Apply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Roadmap of domain commands Managing network access devices using the CLI Reset Cfg/domain 1/quick Adding a network access device using the CLIUsing the quick switch setup wizard Specify the IP address of the network access device Nsna communication port5000 Go to on To continue, go to on Red vlan id of Switch Vlan ID Cfg/domain #/switch switch ID Manually adding a switchSwitch menu displays Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete Deleting a network access device using the CLI Configuring the network access devices using the CLI Ip IPaddr Switch menu includes the following optionsCfg/domain #/switch switch ID followed by Dis Delete Mapping the VLANs using the CLICfg/domain #/switch #/vlan Followed by Add name Vlan ID Domain vlan or Switch vlan menu displaysCfg/domain #/switch #/vlan followed by Cfg/domain #/switch #/vlan/list Managing SSH keys using the CLI Cfg/domain #/sshkey Generating SSH keys for the domain using the CLIFor an Ethernet Routing Switch 5510, 5520, or Nsnas SSH key menu displays Cfg/domain #/sshkey followed by Cfg/domain #/switch #/sshkey/exportNsnas SSH key menu includes the following options Main# /cfg/domain 1/sshkey Shows sample output for the /cfg/domain #/sshkey command Cfg/domain#1/sshkey/export command to Cfg/domain #/switch #/sshkeyCfg/domain #/switch #/sshkey followed by Enter Apply to apply the change immediately Reimporting the network access device SSH key using the CLIMonitoring switch health using the CLI Cfg/domain #/switch #/hlthchk Deadcnt count Cfg/domain #/switch #/hlthchk followed byCfg/domain #/switch #/dis HealthCheck menu includes the following options Cfg/domain #/switch #/ena Managing network access devices using the SremAdding a network access device using the Srem To add a network access device, use the following steps Add a Switch fields Add a Switch Configuring the network access devices using the Srem Deleting a network access device using the Srem Switch Configuration screen 320818-A Switch Configuration screen appears see Figure Switch Configuration fields You can perform the Vlan mapping in two ways Mapping the VLANs using the Srem Domain VLANs screen Mapping VLANs by domain Add a new Vlan fields Adding VLANs to a domainTo add VLANs to a domain, complete the following steps Click Add Add a new Vlan dialog box appears see Figure Removing VLANs from a domain Switch VLANs screen Mapping VLANs by switch To add VLANs to a switch, complete the following steps Adding VLANs to a switch Removing VLANs from a switch Managing SSH keys using the Srem Managing the network access devices Managing the network access devices Key Generation screen appears see Figure Generating SSH keys for the domain using the Srem Switch SSH Key fields Exporting SSH keys for the domain using the Srem Export Key screen appears see Figure Export Key fields Click Apply on the toolbar to begin the export process Switch SSH Key screen appears see Figure Managing SSH keys for Nortel SNA communication using Reimporting the network access device SSH key using the Srem Click Import SSH from Switch Monitoring switch health using the SremSwitch SSH Key screen appears see on Click Delete Switch SSH Key Health Check screen 320818-A Health Check screen appears see Figure Viewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Cfg/domain Configuring the domain using the CLIConfiguring the domain Captive portal Portal look and feel Linksets Logging traffic with syslog messages Details onoff Cfg/domain domain ID Creating a domain using the CLIManually creating a domain using the CLI You can create a domain in two ways 320818-A Cfg/quick Using the Nortel Snas 4050 domain quick setup wizardMain# /cfg/domain Main# cfg/quick Specify the certificate to be used by the portal server Configuring the domain Do you want an http to https redirect server yes/no no Do you want to configure a switch? yes/no noSpecify whether the SSL server uses chain certificates Do you require chain certificates yes/no no Do you want to create a tunnelguard test user? yes/no yes Configuring the domain Cfg/domain #/del Deleting a domain using the CLITo delete a domain, use the following command Pvips IPaddr Configuring domain parameters using the CLITo configure the domain, use the following command Cfg/domain domain ID followed by Httpredir Cfg/domain #/aaa/tg followed by Configuring the TunnelGuard check using the CLITG menu displays TG menu includes the following options Cfg/domain #/aaa/tg Cfg/domain #/aaa/tg/status-quo Cfg/domain #/aaa/tg/quick Using the quick TunnelGuard setup wizard in the CLI Main# /cfg/domain #/aaa/tg/quick Configuring the SSL server using the CLITunnelGuard quick setup wizard creates a default SRS rule Server 1001 menu displays Interface ID Tracing SSL traffic using the CLIServer 1001 menu includes the following options Cfg/domain #/server followed by Ssldump Output mode Ping host Cfg/domain #/adv/interface commandCfg/domain #/server/trace followed by Tcpdump Traceroute host Configuring SSL settings using the CLISSL Settings menu displays Dnslookup host Index SSL Settings menu includes the following optionsCfg/domain #/server/ssl followed by Cert certificate Cfg/domain #/server/ssl/protocol Cachain certificateIndex list Yes Ena Dis Configuring traffic log settings using the CLI Cfg/domain #/server/adv/traflog followed by Traffic Log Settings menu displaysTraffic Log Settings menu includes the following options Cfg/domain #/server/adv/traflog Redir onoff Configuring Http redirect using the CLICfg/domain #/httpredir Cfg/domain #/httpredir followed by Cfg/domain #/adv followed by Configuring advanced settings using the CLICfg/sys/host #/interface command see Cfg/domain #/adv Configuring Radius accounting using the CLI Cfg/domain #/aaa/radacct followed by Managing Radius accounting servers using the CLIRadius Accounting Servers menu displays Cfg/domain #/aaa/radacct Cfg/domain #/aaa/radacct/servers followed by Cfg/domain #/aaa/radacct/vpnattribu VPN Attribute menu displaysNSNAS-Portal-ID Vendorid Configuring the domain using the SremVPN Attribute menu includes the following options Cfg/domain #/aaa/radacct/vpnattribu followed by Creating a domain using the Srem Secure Access Domain Table screen 320818-A Manually creating a domain using the Srem Add a Secure Access Domain fields Add a Secure Access Domain Using the Srem Domain Quick Wizard Configuring the domain Click Next Domain Quick Wizard General Settings fieldsClick Domain Quick Wizard Domain Quick Wizard Certificate fields Domain Quick Wizard Certificate Organization name and do not use any of the following Domain Quick Wizard Certificate Chain fields Domain Quick Wizard Certificate Chain Domain Quick Wizard Server fields Domain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Switch fields Domain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Tunnel Guard fields Domain Quick Wizard Tunnel Guard dialog box appears see To delete a domain, perform the following steps Deleting a domain using the Srem To configure a domain, perform the following steps Configuring domain parameters using the Srem Domain Configuration fields Additional domain configuration tabs Additional domain configuration in the SremDomain domain Configuration screen Component Description Additional domain tree components Configuring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on TunnelGuard Quick Setup screen appears see Figure Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup fields Server Configuration screen 320818-A Configuring the SSL server using the Srem Server Configuration fields Server SSL Settings screen 320818-A Configuring SSL settings using the Srem ALL@STRENGTH Server SSL Settings fields Configuring the domain Server SSL Settings fields Configuring traffic log settings using the Srem Traffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Tracing SSL traffic using the Srem Configuring Http redirect using the Srem Http Redirect screen 320818-A Http Redirect fields Configuring Radius accounting using the Srem Configuring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Radius accounting Configuration fields Managing Radius accounting servers using the SremAdding a Radius accounting server using the Srem Radius Accounting Servers screen Radius Accounting Servers screen appears see Figure Radius Accounting Server fields Moving a Radius accounting server using the Srem Deleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles This section includes the following topics Configuring groups and profilesOverview Groups Default group TunnelGuard SRS rule Linksets Extended profiles Create the SRS rules see TunnelGuard SRS Builder on Configuring groups and extended profiles using the CLI Roadmap of group and profile commands Cfg/domain 1/aaa/group group ID Configuring groups using the CLITo create and configure a group, use the following command Extend profile ID Cfg/domain 1/aaa/group # followed byRestrict Main# /cfg/domain 1/AAA/group Tgsrs SRS rule nameComment comment Cfg/domain 1/aaa/filter filter ID Configuring client filters using the CLI Tg truefalseignore Client Filter menu includes the following optionsCfg/domain 1/aaa/filter filter ID followed by Cfg/domain 1/aaa/group group IDgroup name/extend Configuring extended profiles using the CLIMain# /cfg/domain 1/AAA/filter Vlan name Extended Profile menu includes the following optionsCfg/domain 1/aaa/group #/extend # followed by Filter name Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow Cfg/domain 1/aaa/group #/extend #Linkset Del Main# cfg/domain 1/aaa/group 2/extend Cfg/domain 1/aaa/group #/extend #/linkset followed by Mapping linksets to a group or profile using the CLICfg/domain 1/aaa/group #/linkset Cfg/domain 1/aaa/group #/extend #/linkset Linksets# insert 2 example3 Main# cfg/domain 1/aaa/group 1/linksetLinksets# add example2 This section contains the following topics Configuring groups and extended profiles using the SremCreating a default group using the CLI Configuring groups using the Srem Click a Guide to Create a Group on the toolbar Using the guide for creating groups Groups screen 320818-A Adding a group Add a Group fields Click Add Add a Group dialog box appears see Figure Modifying a group To configure a group, perform the following stepsGroup Configuration screen appears see Figure Group Configuration fields Configuring client filters using the Srem Client Filters screen appears see Figure Adding a client filter Add a Client Filter fields Sheet 1 Click Add Add a Client Filter dialog box appears see Figure Check using the Srem on Modifying a client filter To configure a client filter, perform the following stepsClient filter Configuration screen appears see Figure Client Filters configuration fields Configuring extended profiles using the Srem Extended Profiles screen appears see Figure Adding an extended profile Add an Extended Profile fields Add an Extended Profile screen Modifying an extended profile Extended profiles Configuration screen appears see Figure Extended Profile Configuration fields Mapping linksets to a group or profile using the Srem Linksets screen for a group Mapping linksets to a group Add a Linkset fields Adding linksets to a groupTo add a linkset to a group, perform the following steps Reordering linksets in a group Removing linksets from a group Linksets screen for an extended profile Mapping linksets to a profile Adding linksets to an extended profile Reordering linksets in an extended profile Removing linksets from an extended profile AAA Configuration screen 320818-A Creating a default group using the Srem AAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Cfg/domain 1/aaa Roadmap of authentication commands Command Cfg/domain 1/aaa/auth auth ID Configuring authentication methods using the CLI Display Cfg/domain 1/aaa/auth auth ID followed byRadiusldaplocal Local accesses the Local database menu Groupauth auth IDs Configuring Radius authentication using the CLICfg/domain 1/aaa/auth #/adv Cfg/domain 1/aaa/auth #/adv followed by You can perform the following configuration tasks Adding the Radius authentication method using the CLI Configuring authentication Cfg/domain 1/aaa/auth #/radius Modifying Radius configuration settings using the CLIMain# /cfg/domain 1/aaa/auth Type Cfg/domain 1/aaa/auth #/radius followed by Sessiontim Managing Radius authentication servers using the CLITimeout interval Radius servers menu displays Cfg/domain 1/aaa/auth #/radius/servers followed by Radius servers menu includes the following options Cfg/domain 1/aaa/auth #/radius/sessiontim Configuring Ldap authentication using the CLIConfiguring session timeout using the CLI Adding the Ldap authentication method using the CLI Configuring authentication Cfg/domain 1/aaa/auth #/ldap Modifying Ldap configuration settings using the CLI Do not use the isdbinddn and isdbindpas Ldap menu displays Ldap menu includes the following optionsCfg/domain 1/aaa/auth #/ldap followed by Ou=Users, dc=example, dc=com . SAMAccountName=bill . The user’s loginIsdbindpas password Userattr names Activedire Enaldaps truefalseEnauserpre truefalse Cfg/domain 1/aaa/auth #/ldap/servers Managing Ldap authentication servers using the CLI Removes the specified Ldap server from the current Cfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Managing Ldap macros using the CLICfg/domain 1/aaa/auth #/ldap/ldapmacro Variable name Add variable nameLdap attribute Prefix suffix Cfg/domain 1/aaa/auth #/ldap/activedire command Managing Active Directory passwords using the CLISet the Active Directory settings using Active Directory Settings menu displays Configuring local database authentication using the CLI Configuring authentication Authentication menu commands local database Cfg/domain 1/aaa/auth #/local Managing the local database using the CLIYou can add users to the database in two ways Local database menu displays TAB or use the /cfg/domain 1/aaa Cur group commandLocal database menu includes the following options Cfg/domain 1/aaa/auth #/local followed by Server filename key Import protocol Export protocol Specifying authentication fallback order using the CLI Main# /cfg/domain 1/aaa/authorder Cfg/domain 1/aaa/authorder auth ID,auth ID Configuring authentication using the Srem Authentication Server Table appears see Figure Configuring authentication methods using the Srem Configuring Radius authentication using the Srem Adding the Radius method and server Add an Authentication Server Radius 320818-A Add an Authentication Server Radius fields Modifying Radius configuration Configuration 320818-A Modifying Radius method settings Configuration fields Radius Configuration screen appears see Figure Modifying Radius configuration settings Radius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Add a Radius Server fields Adding a Radius server Removing a Radius server Configuring authentication Add a Radius Server fieldsReordering additional Radius servers Next steps Configuring Ldap authentication using the Srem Adding the Ldap method and server Add an Authentication Server Ldap fields Modifying Ldap configuration Modifying Ldap method settings Configuration fields Ldap Configuration screen appears see Figure Modifying Ldap configuration settings Ldap Configuration fields Cn=Users, dc=example, dc=com Ou=Users, dc=example, dc=com. The user Active Directory, on Configuring authentication Ldap Configuration fields Managing additional Ldap servers Add an Ldap Server fields Adding an Ldap serverClick Apply Removing an Ldap server Reordering additional Ldap servers Managing Ldap macros Ldap Macros Add an Ldap Macro fields Adding Ldap macros Removing Ldap macros Reordering Ldap macros Populate the database see Populating the database on Configuring local database authentication using the Srem Adding the Local method Database on Add an Authentication Server Local fields Local Users screen appears see Figure Populating the databaseAdding users to the local database You can populate the Local database in two ways Add a Local User fields Click Add Add a Local User dialog box appears see Figure Configuring authentication Import Local User Database 320818-A Importing a database Import Local User Database fields Modifying Local database configuration Modifying Local method settings Local Users screen appears see on Modifying local users Local Users Configuration 320818-A Local Users Configuration fields Modifying local user passwords Local Users Local User Configuration 320818-A Select the Local User Configuration tab Local Users Local User Configuration fields Export Local User Database 320818-A Exporting the database Export Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder \tunnelguard\tg.txt Configuring SRS rulesTunnelGuard user interface TunnelGuard SRS Builder Describes important items from the File menu Menu commandsFile menu Software Definition menu Software Definition Entry menu items Sheet 1 Software Definition Entry menu Describes important items from the Tool menu TunnelGuard Rule menuTool menu Describes important items from the TunnelGuard Rule menu SRS Definition toolbar item descriptions SRS definition toolbar SRS Components table items Software Definition Available SRS listSRS Components table WINNT%\xxx.dll Customizing a component Memory snapshot item descriptions Memory snapshotTunnelGuard Rule Definition screen SRS Rule toolbar Rule Expression Constructor SRS Rule listSRS Rule Expression Constructor Available Expression list Creating a software definition Managing TunnelGuard rules and expressions Selecting modules or files from running processes Adding entries to a software definition Create New Memory Module SRS window For more information, see Making API calls on Select the TunnelGuard Rule Definition tab Selecting file on disk Create New on Disk SRS Entry window Creating logical expressions TunnelGuard Rule Definition tab Click the TunnelGuard Rule Definition tab Click the Form TunnelGuard Rule Expression button New SRS Rule window Available Expressions screen TunnelGuard Rule Name screen Registry-only SRS entry Registry-based rules Supported integer operands Describes supported operands for integer values String regular expression Description Constructs for string based regular expressions Sheet 1 Creating a registry entry TunnelGuard SRS Builder Registry Entry Registry-based File/ModuleEnter the Key Value Data Expression Manually creating an OnDisk file entry Manually creating SRS entries Create new OnDisk SRS Entry Create New Memory Module SRS Entry page opens see on Manually creating a Memory Module entry Create new Memory Module SRS entry File age check TunnelGuard SRS Builder Date/Time Range Adding commentsAdding a TunnelGuard rule comment Adding a software definition comment Deleting SRS rules and their components Deleting an expression Deleting a software definitionDeleting a software definition entry Deleting a TunnelGuard rule Making API calls TunnelGuard support for API calls TunnelGuard SRS Builder 320818-A Chapter Managing system users and groups Group membership and user rights User rights and group membershipManaging system users and groups Cfg/sys/user Managing system users and groups using the CLIRoadmap of system user management commands Cfg/sys/user followed by Managing user accounts and passwords using the CLIUser menu displays User menu includes the following options Add username Del username Caphrase Managing user settings using the CLIEdit username Cfg/sys/user/edit username Managing user groups using the CLIPassword user Password confirm User password Cfg/sys/user/edit username/groups CLI configuration examplesAdding a new user This section includes the following detailed examples Main# /cfg/sys/user Access the User Menu User# edit certadmin Apply the changes Verify and apply the changes Changing a user’s group assignment User# edit admin Changing your own password Changing passwords Changing another user’s password Type the password command to initialize the password change Deleting a user To manage users, choose from one of the following tasks Managing system users and groups using the SremManaging user accounts using the Srem User Table Click Add Add a User dialog box appears see Figure Adding new user accounts Add a User fields Removing existing user accountsTo remove an existing user, perform the following steps Password Setting 320818-A Setting password expiry using the Srem Password Settings fields Change Your Password 320818-A Changing your password using the Srem Change Your Password fields Changing another user’s password using the SremClick Change Password Only the admin user can change the passwords of other users Change User Password 320818-A Change User Password fields Setting the certificate export passphrase using the Srem Set Certificate Export PassPhrase 320818-A Set Certificate Export PassPhrase screen appears see Figure Set Certificate Export PassPhrase fields Managing user groups using the SremClick Set Pass Phrase To add a new user group, perform the following steps Adding a user groupChoose from the following tasks to manage users groups Add a User Group fields Removing a user groupClick Add Add a User Group dialog box appears see Figure Managing system users and groups Chapter Customizing the portal and user logon Customizing the portal and user logon Captive portal and Exclude List Exclude List String Usage Expressions Allowed regular expressions and escape sequences Portal look and feel Portal display Colors Default appearance Color Hexadecimal code Common colors, with hexadecimal codes Sheet 1 Language localization Content-Type text/plain charset=iso-8859-1/n Autorun linksets Linksets and links Macros Planning the linksets Examples of redirection URLs and link text Sheet 1 Automatic redirection to internal sitesExamples of redirection URLs and links Automatic JRE upload Managing the end user experience Windows domain logon script Customizing the portal and logon using the CLIRoadmap of portal and logon configuration commands Number Color2 code Cfg/domain 1/dnscapt Configuring the captive portal using the CLIConfiguring the Exclude List using the CLI DNS Exclude menu displays Cfg/domain 1/dnscapt/exclude followed by Changing the portal language using the CLIDNS Exclude menu includes the following options Cfg/lang Configuring language support using the CLILanguage Support menu displays Server filename Cfg/lang/import commandLanguage Support menu includes the following options Cfg/lang followed by Cfg/domain 1/portal/lang/list Setting the portal display language using the CLICfg/domain 1/portal/lang Cfg/domain 1/portal/lang followed by Cfg/domain 1/portal followed by Configuring the portal display using the CLIRestore Cfg/domain 1/portal Redirect URL Logintext text Linkwidth width Linktext textLinkurl onoff Linkcols columns Cfg/domain 1/portal/colors Changing the portal colors using the CLIPortal Colors menu displays Portal Colors menu includes the following options Configuring custom content using the CLIPortal Custom Content menu displays Cfg/domain 1/portal/content Available Portal Custom Content menu includes the following optionsCfg/domain 1/portal/content followed by Tftpftpscpsftp. The default is tftp Cfg/domain 1/linkset linkset ID Configuring linksets using the CLI Autorun truefalse Linkset menu includes the following optionsCfg/domain 1/linkset linkset ID followed by Text text Cfg/domain 1/linkset linkset ID/link index Configuring links using the CLI Move new index Link menu includes the following optionsCfg/domain 1/linkset linkset ID/link index followed by Cfg/domain 1/linkset linkset ID/link index/ ftp/quick Configuring external link settings using the CLIConfiguring FTP link settings using the CLI Cfg/domain 1/linkset linkset ID/link index/ external/quick Enabling DNS capture Customizing the portal and logon using the SremConfiguring the captive portal using the Srem DNS Capture fields DNS Capture screen includes the following components Add DNS Domain fields Configuring the DNS Exclude List using the SremClick Add Entry appears in the DNS Exclude List Changing the portal language using the Srem Choose from one of the following tasks Configuring language support using the SremSelect the System Language tab Languages sub-tabs appear see Figure Viewing and removing custom languages To view custom languages, use the following procedureViewing predefined languages Import/Export Definition screen appears see Figure Importing and exporting language definitionsClick the Import/Export Definition tab Import/Export Definition fields Setting the portal display language using the Srem Language fields Configuring the portal display using the Srem Portal Configuration tab appears see Figure Configuring content Portal Configuration fields Sites, see on Import Banner screen 320818-A Importing banners Import Banner fields Color Settings screen 320818-A Changing the portal colors using the Srem Color Settings fields Configuring custom content using the Srem Basics screen appears see Figure Viewing basic information about custom content Basics fields Import Content screen appears see Figure Importing custom contentTo import custom content, perform the following steps Import Content fields Export Content screen appears see Figure Exporting custom contentTo export custom content, perform the following steps Export Content fields Configuring linksets using the Srem Portal Links screen appears see Figure Creating a linksetTo create a linkset, perform the following steps Add a Linkset Click Add Add a Linkset dialog box appears see Figure To modify a linkset, perform the following steps Linkset Configuration screen appears see FigureModifying a linkset See Linksets and links on Linkset Configuration fields Configuring links using the Srem Links screen appears see Figure Creating an external link using the SremTo create an external link, perform the following steps Add a Portal Link fields Click Add Add a Portal Link dialog box appears see Figure Creating an FTP link using the Srem Add a Portal Link FTP To create an FTP link, perform the following steps Add a Portal Link FTP fields To modify a link, perform the following steps Modifying external link settings using the SremExternal link Configuration screen appears see Figure Reordering links using the Srem on External link Configuration fields FTP link Configuration screen appears see Figure Modifying FTP link settings using the Srem FTP link Configuration fields Reordering links using the Srem Re Order Links fields Re Order Links screen appears see Figure Customizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Cfg/sys Configuring the cluster using the CLI Roadmap of system commands Parameter Health interval Show Rsa server ID Configuring system settings using the CLICfg/sys followed by Cfg/sys/host host ID Configuring the Nortel Snas 4050 host using the CLICfg/domain #/server/trace/ssldump Cfg/domain #/server/trace/tcpdump Interface number Cluster Host menu includes the following optionsCfg/sys/host host ID followed by /cfg/sys/host #/interface # Halt PortsPorts = 1,23 Hwplatform Cfg/sys/host #/delete RebootCfg/sys/cur command Cfg/sys/host #/interface interface ID Configuring host interfaces using the CLIViewing host information Cfg/sys/host host ID/interface interface ID Failovertrunking Cfg/sys/host #/interface interface ID followed byVlanid tag Mode Cfg/sys/host host ID/routes Configuring static routes using the CLIPrimary port Cfg/sys/routes Gateway Configuring host ports using the CLICfg/sys/host #/interface #/routes followed by Add IPaddr mask Cfg/sys/host #/interface interface ID/ports Managing interface ports using the CLIHost Port menu includes the following options Cfg/sys/host #/port port followed by Interface Ports menu includes the following options Configuring the Access List using the CLICfg/sys/host #/ports command see Cfg/sys/accesslist Add IPaddr mask Configuring date and time settings using the CLICfg/sys/accesslist followed by Date and Time menu displays Cfg/sys/time followed by Managing NTP serversDate and Time menu includes the following options NTP Servers menu displays Cfg/sys/dns Configuring DNS servers and settings using the CLINTP Servers menu includes the following options Cfg/sys/time/ntp followed by Health interval Retransmit intervalCount count Ttl ttl Cfg/sys/dns/servers followed by Managing DNS serversCfg/sys/dns/servers Cfg/sys/rsa Configuring RSA servers using the CLIRSA Servers menu displays Switch Software Release Move index number new index number Cfg/sys/rsa followed by Configuring syslog servers using the CLIRSA Servers menu includes the following options Syslog Servers menu displays Syslog.conf under Unix Syslog Servers menu includes the following optionsCfg/sys/syslog followed by Facility Cfg/sys/adm followed by Configuring administrative settings using the CLIAdministrative Applications menu displays Cfg/sys/adm Telnet onoff SrsadminAudit Auth Cfg/sys/adm/srsadmin followed by Enabling TunnelGuard SRS administration using the CLIConfiguring Nortel Snas 4050 host SSH keys using the CLI Cfg/sys/adm/srsadmin Knownhosts Cfg/sys/adm/sshkeysCfg/sys/adm/sshkeys followed by Draft-ietf-secsh-publickeyfile Cfg/sys/adm/sshkeys/knownhosts Managing known hosts SSH keys using the CLISSH Known Host Keys menu displays SSH Known Host Keys menu includes the following options About the vendor-specific attributes Configuring Radius auditing using the CLIAbout Radius auditing Cfg/sys/adm/audit Configuring Radius auditingMap this string to the Vendor-Type value NSNAS-SSL-Audit-Trail Cfg/sys/adm/audit/servers Managing Radius audit servers using the CLIRadius Audit Servers menu displays Radius Audit Servers menu includes the following options Adds a Radius audit server to the configuration. You Cfg/sys/adm/auth Configuring authentication of system users using the CLI Cfg/sys/adm/auth/servers Radius Authentication Servers menu displaysFallback onoff Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem System Configuration screen appears see Figure Configuring system settings using the SremSelect the System Configuration tab System Configuration fields Configuring a Nortel Snas 4050 host using the Srem Hosts Host Viewing and configuring TCP/IP properties Host fields Viewing and installing host licenses Viewing global licenses for all hosts Global Licenses fields Describes the Global Licenses fields Viewing per domain licenses for all hosts Per Domain Licenses fields Describes the Per Domain Licenses fields Viewing installed licenses for a particular host Installing a license for a particular host Install New License To continue, choose one of the following procedures Configuring host interfaces using the Srem Add an Interface fields Adding a host interfaceTo create a host interface, perform the following steps Select the System Hosts host Interfaces tab Click Apply New interface appears in the Interfaces table Configuring system settings Add an Interface fields Configuring an existing host interface Interface fields Link is transferred back to the primary port To delete a host interface, perform the following steps Configuring static routes using the SremRemoving a host interface IP Routes Viewing static routes for a cluster Routes Viewing static routes for a host Managing static routes Viewing static routes for an interface Add Route fields Adding a static route Removing a static route Ports Configuring host ports using the Srem Port Port fields Managing interface ports using the Srem Add a Port fields Adding interface portsRemoving interface ports Configuring the access list using the Srem Access List Table appears see on Click Add Adding an access list entryAccess List Table appears see Figure Select the System Access List tab Add Access Host fields Removing an Access List entryAdd Access Host dialog box appears see Figure Date & Time Managing date and time settings using the Srem Date & Time fields Configuring the date and time settingsSelect the System Date & Time tab Add NTP Server fields Adding an NTP serverSelect the System Date and Time tab Removing an NTP server DNS Client Settings screen appears see Figure Configuring DNS settings using the SremSelect the System DNS Client Settings tab DNS Client Settings fields Managing syslog servers Configuring servers using the Srem Add Syslog Server fields Adding a new syslog serverFrom this screen, complete the following tasks as necessary Click Add Add Syslog Server dialog box appears see Figure Removing an existing syslog server Reordering a new syslog server Adding a DNS server on Removing an existing DNS server on Add DNS Server fields Adding a DNS serverSelect the System Servers DNS Servers tab Removing an existing DNS server RSA Server Table Managing RSA servers Add RSA Server fields To configure RSA servers, perform the following stepsAdding an RSA server Select the System Servers RSA Server Table tab Removing the RSA node secret Removing an existing RSA server RSA Server fields Describes the RSA Server fields Select an RSA server from the RSA Server Table Importing sdconf.recClick Remove Secret Node Import sdconf.rec screen appears see Figure Select the Import sdconf.rec tab Import sdconf.rec fields Configuring administrative settings using the Srem Configuring SRS control settings using the Srem Add SSH Key fields Configuring Nortel Snas 4050 host SSH keys usingSelect from one of the following tasks Show SSH Keys Showing SSH keys Configuring system settings Managing Nortel Snas 4050 and known host SSH keys SSH Keys Hosts field Click Generate SSH Keys Add SSH Key Adding an SSH key for a known host using the Srem Managing Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Radius audit Configuration Configuring Radius audit settings using the Srem Add Audit Configuration fields Describes the Add Audit Configuration fields Select from the following tasks to manage the audit servers Managing Radius audit servers using the Srem Add Audit Server fields Adding a new Audit ServerClick Add Add Audit Server dialog box appears see Figure Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Radius Server Table appears see Figure Managing Radius authentication servers using the Srem Add Radius Server fields Adding a Radius authentication server Removing an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Supported key and certificate formats Sheet 1 Key and certificate formats 320818-A Creating certificates Installing certificates and keys Updating certificates Saving or exporting certificates and keys Managing private keys and certificates using the CLI Roadmap of certificate management commands Cfg/cert cert ID followed by Managing and viewing certificates and keys using the CLICfg/cert cert id /cfg/cert #/show command Phrase Generating and submitting a CSR using the CLICert #/export command CSR information Cfg/cert #/request Emailemail-address IPip-address Generating a CSR Email Address tester@dummyssltesting.com Save the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Cfg/cert #/cert Entire contents of the key, includingAdd the certificate Enter the following command Lines Certificate added Certificate 2# apply Adding a certificate by pasting Cfg/cert #/key Adding a private key to the Nortel Snas 4050 using the CLIAdd the private key Enter the following command Adding a private key by pasting Certificate and key import information Cfg/cert #/import Anonymous Admin@hostname.isd Cfg/cert #/display Displaying or saving a certificate and key using the CLI Copy the private key, certificate, or both, as required Displaying a private key and certificate Certificate and key export information Cfg/cert #/export About the formats, see Key and certificate formats on Cfg/cert #/test Generating a test certificate using the CLI Managing private keys and certificates using the Srem Certificates screen Viewing certificates using the Srem Add a Certificate Component fields Creating a certificate using the SremTo create a certificate, perform the following steps Select the Certificates Certificates tab Managing certificates To generate a CSR, perform the following steps Generating and submitting a CSR using the Srem CA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Import Certificate fields Displaying or saving a certificate and key using the Srem Display Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing configuration details Viewing certificate information using the Srem Certificate Configuration fields Configuration screen appears see FigureDescribes the certificate Configuration fields Viewing general information Managing certificates Certificate Configuration fields Info fields Info screen appears see FigureDescribes the Info fields Managing certificates Info fields Viewing certificate subject settings Subject fields Subject screen appears see FigureDescribes the Subject fields Managing certificates Subject fields Chapter Configuring Snmp Cfg/sys/adm/snmp Configuring Snmp using the CLIConfiguring Snmp Roadmap of Snmp commands Snmp menu displays Snmp menu includes the following options Configuring Snmp settings using the CLI Cfg/sys/adm/snmp/snmpv2-mib Configuring the Snmp v2 MIB using the CLISNMPv2-MIBmenu displays Cfg/sys/adm/snmp/community Configuring the Snmp community using the CLISNMPv2-MIBmenu includes the following options Cfg/sys/adm/snmp/snmpv2-mib followed by Cfg/sys/adm/snmp/users user ID Configuring SNMPv3 users using the CLI Des Aes Md5 Sha Cfg/sys/adm/snmp/users user ID followed by Snmp User menu includes the following options Cfg/sys/adm/snmp/target target ID Configuring Snmp notification targets using the CLINotification Target menu displays Version v1v2cv3 Configuring Snmp events using the CLINotification Target menu includes the following options Event menu displays OID op value Event menu includes the following optionsCfg/sys/adm/snmp/event followed by Options -b name Event Options -t nameOID value Notification Options -x nameOID Comment name This section contains information about the following topics Configuring Snmp settings using the Srem To configure SNMP, perform the following steps Configuring Snmp using the Srem Sonmp Snmp Configuration fields Configuring Snmp targets using the Srem Snmp Target Table appears see Figure Adding Snmp targetsTo add an Snmp target, perform the following steps Add Snmp Target 320818-A Click Add Add Snmp Target dialog box appears see Figure Snmp Target fields To manage Snmp targets, perform the following steps Target Settings screen appears see FigureManaging Snmp targets Removing Snmp targets Configuring SNMPv3 users using the Srem SNMPv3 User Table appears see Figure Adding SNMPv3 usersTo add an SNMPv3 user, perform the following steps Add SNMPv3 User 320818-A Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User fields Managing SNMPv3 users User Settings screen appears see Figure User Settings fields Sheet 1 Removing SNMPv3 users Configuring Snmp User Settings fields Sheet 2 To manage monitor events, select from the following tasks Configuring Snmp events using the SremManaging monitor events To add monitor events, perform the following steps Adding monitor events Add a Monitor fields Viewing configuration details of monitor events To delete a monitor event, perform the following steps Removing monitor eventsBoolean monitors Boolean monitor fields Sheet 1 Add a Monitor Boolean Threshold monitors Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitor fields Existence monitor fields Sheet 1 Existence monitors Existence monitor fields Sheet 2 Managing notification events Notification Table screen appears see Figure Adding notification eventsTo add notification events, perform the following steps Add a Notification Event fields Add a Notification Event To delete a notification event, perform the following steps Removing notification events 659 Stats Roadmap of information and statistics commandsViewing system information and performance statistics Info Information menu displays Viewing system information using the CLI Domain ID Information menu includes the following optionsInfo followed by Username SwitchidInfo/mac command Kick domain ID Username-prefix Info/ip commandSwitch ID Mac MACaddr Ethernet Local Info/events followed by Viewing alarm events using the CLITo view active alarms, use the following command Info/events Logs menu displays Logs menu includes the following options Viewing log files using the CLIViewing AAA statistics using the CLI To view and download log files, use the following command Isdhost host ID Stats/aaaStats/aaa followed by Total Main# stats/aaa/dump Stats/dump Viewing all statistics using the CLIViewing local information using the Srem Information fields Information screen appears see FigureDescribes the Information fields Viewing cluster information using the Srem Viewing the controller list using the Srem Controller List fields Describes the Controller List fields Viewing Sonmp topology information using the Srem Sonmp State fields Describes the Sonmp State fields Viewing switch distribution using the Srem Switch Distribution fields Viewing port information using the SremDescribes the Switch Distribution fields Port Information fields Sheet 1 Describes the Port Information fields Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Sessions screen Viewing active sessions using the Srem Sessions parameters Describes the Sessions parameters Session Properties screen Viewing details for a particular session Describes the Session Properties parameters Ending active user sessions KickOut User fields Click KickOut Number of Sessions fields Viewing the number of active sessions using the SremDescribes the Number of Sessions fields Viewing alarms using the Srem Active Alarms screen 320818-A Viewing active alarms using the Srem Active Alarms fields Describes the Active Alarms fields Download Alarms screen 320818-A Downloading alarms using the Srem Download Alarms fields Managing log files using the SremDescribes the Download Alarms fields Logs screen Viewing the log list using the Srem Download fields Sheet 1 Downloading log files using the SremDescribes the Download fields Viewing AAA statistics using the Srem Hosts table Viewing AAA statistics for a host License tab opens see on License statistics Sheet 1 Viewing License statisticsFor a description of the fields, seeTable Radius statistics 320818-A Viewing Radius statistics Radius statistics Local DB statistics Sheet 1 Viewing Local database statistics Viewing Ldap statistics Ldap statistics Statistics table Viewing AAA statistics for the domain Select one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license Viewing Radius Statistics Sheet 1 For a description of the fields, see Table 320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table Viewing Rx statistics Sheet 1 Viewing Rx statisticsFor a description of the fields seeTable Rx Frames Displays number of errors due to malformed packets Viewing Tx Statistics Sheet 1 Viewing Tx statistics Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Maint Managing and maintaining the system using the CLIMaintaining and managing the system Boot Roadmap of maintenance and boot commands Maintenance menu displays Performing maintenance using the CLI Dumplogs protocol server filename all-isds? Maintenance menu includes the following options All-isds? Maint followed by Stoptrace Starttrace tagsDomain ID output Mode Cfg/dump passphrase Backing up or restoring the configuration using the CLI Server filename passphrase Configuration menu backup and restore commandsCfg Ptcfg protocol Dump passphrase Cfg followed byGtcfg protocol Passphrase Software Managing Nortel Snas 4050 devices using the CLIBoot menu displays Boot menu includes the following options Boot followed by Boot/software Cfg/sys/host #/reboot command insteadCfg/sys/host #/delete command see Cfg/sys/host #/delete command Activate version Boot/software followed byActivate command Software Management menu includes the following options Ftp 10.0.0.1 pub/SSL-5.1.1 Managing and maintaining the system using the SremPerforming maintenance using the Srem Upgradecomplete.pkg Dumps Dumping logs and status information using the Srem Dump fields Starting and stopping a trace using the SremClick Dump To start or stop a trace, perform the following steps Start/Stop Trace fields Click Check Configuration Checking configuration using the Srem Backup & Restore 320818-A Backing up or restoring the configuration using the Srem If you later restore the configuration, the Certificate Backup & Restore fields Image List Managing software versions using the Srem Image List fields Describes the Image List fieldsFollowing tasks are available from this screen Viewing details of the active software image Select the System Boot Image List tab Activating a software image Removing an inactive software image Downloading images using the Srem Maintaining and managing the system Download Image fields Rebooting or deleting a Nortel Snas 4050 device using Reboot/Delete ISD Options Downloading files using the Srem File Download fields File Download screen appears see FigureDescribes the File Download fields Maintaining and managing the system File Download fields Running Nortel Snas 4050 diagnostics using the Srem Diagnostics fields Describes the Diagnostics fields Maintaining and managing the system 320818-A Upgrading the Nortel Snas Chapter Upgrading or reinstalling the software Upgrading or reinstalling the software Performing minor and major release upgrades Enter the host name or IP address of the server Downloading the software image using the CLI Admin@hostname/IP.isd Activating the software upgrade package Nsnas Log in again and verify the new software version At the Software Management# prompt, enter Before you begin Reinstalling the software Upgrading or reinstalling the software Reinstalling the software from an external file server Alteon WebSystems, Inc Booting LoginRestarting Restarting system Run install-nsnas isd4050 Reinstalling the software from a CDWhen the installation is complete, remove the CD and reboot Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Establishing a console connection Connecting to the Nortel SnasCommand Line Interface Requirements ProcedureConsole configuration parameters Establishing a Telnet connection Enabling and restricting Telnet access Running Telnet Establishing a connection using SSHEnabling and restricting SSH access Running an SSH client For more information, see How to get help on Accessing the Nortel Snas 4050 cluster User access levels Idle timeout CLI Main Menu or SetupCommand line history and editing Command Line Interface Scenario On page 780 illustrates the network configuration Network devices Sheet 1 Configuration example VLANs for the Ethernet Routing Switch Summarizes the VLANs for the Ethernet Routing SwitchConfiguration example Network devices Sheet 2 Steps Configure the network DNS server Create a new Dhcp scope see Figure Configure the network Dhcp server Naming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Specifying the DNS server Enter the IP address of the DNS server see Figure Shows the Dhcp scopes created for use in this example Configure the network core router Steps Configure the Ethernet Routing Switch 8300 using the CLI Enabling SSH Configuring the Nortel Snas 4050 pVIP subnetConfiguring the VoIP VLANs Configuring the Red, Yellow, and Green VLANs Add the uplink port Configuring the Nsna uplink filterConfiguring the Nsna ports Enabling Nsna globally Setting the switch IP address Configure the Ethernet Routing Switch 5510-48Tconfig#nsna vlan 240 color voip Configuring SSH5510-48Tconfig# ssh 5510-48Tconfig#nsna nsnas 10.40.40.0/24 5510-48Tconfig#nsna enable Configure the Nortel SnasConfiguring the login domain controller filters 5510-48Tconfig-if#exit 10.40.40.1 Performing initial setup Main# cfg/sys/adm/srsadmin/ena Completing initial setupEnable SRS administration Enter a password for the admin user TG#../group 1/tgsrs srs-rule-test Adding the network access devicesMain# cfg/domain 1/sshkey/generate Group 1# /cfg/domain 1/aaa/tg/quick Main# cfg/domain 1/switch 1 Creating Switch Adding the Ethernet Routing SwitchAdd the switch manually Import the public SSH key from the switch Switch Vlan# ../../vlan/add yellow Use the quick switch wizardMain# cfg/domain 1/switch 2/sshkey/import Main# cfg/domain 1/switch 1/vlan/add yellow Domain Vlan# apply Changes applied successfully Enabling the network access devicesMain# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena Switch 2# apply Changes applied successfully Configuration example 320818-A Appendix a CLI reference Global commands Using the CLI Netstat PasteExit Quit Command line history and editing CLI shortcuts Command stackingYou can use the following CLI command shortcuts Command line history and editing options Sheet 2 Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l Command abbreviationTab completion NTP Servers# ../../dns/servers Configuration# cur sys Using a submenu name as a command argument Network masks Using slashes and spaces in commandsIP address and network mask formats IP addresses Variables Variables CLI Main Menu CLI command reference Appendix a CLI reference Sys Information menu commands Sheet 1Information menu Certs Statistics menu Cert Configuration menuConfiguration menu commands Sheet 1 Cfg/cert cert ID Name name Auth ID for Ldap Cfg/domain Name nameAuth ID Radiusldaplocal Auth #/adv Secondauth auth ID Expiredgro Group Cfg/domain #/aaa ServersAuth #/ldap Searchbase Auth #/ldap/activedire Truefalse Auth #/radius Vendorid vendor ID Auth #/local Password groupCfg/domain #/aaa Add user name Passwd user name Type Ena Dis Cfg/domain #/aaa Profile ID Access rule Number Linkset DelCfg/domain #/aaa Vendorid vendor ID Auth #/radius Vendortype vendor Ena Dis Cfg/domain #/aaa List Group #/extend # Del index numberGroup #/linkset Del index number Radacct Vpnattribu Cfg/domain #/adv Interface interface Cfg/domain #/aaa/tg QuickRecheck interval Heartbeat interval Linkset #/link index Text text RestoreCfg/domain #/linkset Name name Linkset ID Text text Lang Charset Content Server filenameCfg/domain #/portal Color1 code Colors Color2 code Ssl2ssl3ssl23tls1 Cfg/domain #/server Sysloghost IPaddrAdv/traflog Udpport port Protocol Switch #/ena Cfg/domain #/switch Name nameSwitch ID Type ERS8300ERS5500 Switch #/dis Passphrase Cfg/lang Import protocol Cfg/domain #/vlan Add name Vlan IDPassphrase Cfg/gtcfg protocol Sonmp onoff Cfg/sys/accesslist ListAdd IPaddr mask Cfg/sys/adm Snmp Versions v1v2cv3 Cfg/sys/adm/auth ListShared secret Cfg/sys/adm/snmp Ena Event Options -b name Snmpv2-mib SnmpEnableDisabledenabled Cfg/sys/adm/snmp Ip IPaddr Cfg/sys/adm/snmp Addmonitor Knownhosts Cfg/sys/adm/snmp Name nameUsers user ID Seclevel Dis Cfg/sys/adm/sshkeys Generate Add port Cfg/sys/host # List Mode fullhalf Cfg/sys/host #/routesCfg/sys/dns/servers List Interface #/ports Del port Cfg/sys/rsa Rsaname name Cfg/sys/host Ip IPaddrHost ID SysName name SysLocatio Username Password user Add IPaddr Cfg/sys/user Password oldPassword new Password confirm Reboot Delete Boot/software Cur Boot menuBoot menu commands Boot Software All-isds? Maintenance menuMaintenance menu commands Maint Dumplogs protocol Troubleshooting tips Chapter Troubleshooting Check the Access List Cannot connect to the Nortel Snas 4050 using Telnet orVerify the current configuration Enable Telnet or SSH access Check the IP address configuration # /cfg/cur sys Cannot contact the MIP Cannot add the Nortel Snas 4050 to a cluster Enter network address IP address Enter netmask network mask Add Interface 1 IP addresses and the MIP to the Access ListMain# /cfg/sys/accesslist/add Console connection Nortel Snas 4050 stops respondingTelnet or SSH connection to the MIP Root user password User password is lostAdministrator user password Operator user password Main# maint/starttrace Boot user passwordTrace tools User fails to connect to the Nortel Snas 4050 domain Tag Description Sample output Sample output for the trace command Network diagnostics System diagnosticsInstalled certificates Main# /info/ethernet Cluster Host 1# curMain# /cfg/sys/cur Main# /stats/dump Error log files Active alarms and the events log file Troubleshooting Syslog messages by message type Appendix B Syslog messages Lists the operating system Critical messages Operating system OS messagesLists the Emerg operating system messages Lists the operating system Emerg messages Operating system messages ErrorSystem Control Process messages System control process messages Info About alarm messagesAlarm severity and syslog level correspondence Lists the System Control Process Info messages Alarm System Control Process messages Alarm With /cfg/sys/cur Audit/ena commandAbout event messages System Control Process messages Event Lists the Traffic Processing Critical messages Lists the Traffic Processing Error messagesTraffic Processing messages Error Sheet 1 Traffic Processing Subsystem messages Css error reason Domain #/server/portal Traffic Processing messages Error Sheet 3Lists the Traffic Processing Warning messages Traffic Processing messages Warning Traffic Processing messages Info Start-up messagesLists the Traffic Processing Info messages Lists the Start-up Info messages Lists the AAA Error messagesAAA messages Error AAA subsystem messages Log value Message Category Contains AAA messages Info Sheet 1 AAA messages Info Sheet 2 Nsnas subsystem messagesThere are two categories of Nsnas subsystem messages Nsnas Info Sheet 1 Lists the Nsnas Error messagesNsnas Error Lists the Nsnas Info messages Syslog messages in alphabetical order Sheet 1 Syslog messages in alphabetical orderLists the syslog messages in alphabetical order Nsnas Info Sheet 2 Sys/adm/audit/ena command Syslog messages in alphabetical order Sheet 3 Error Nsnas Info AAA Syslog messages in alphabetical order Sheet 5 Error AAA Cfg/domain #/server/portal Authenticate is set to off Syslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Following MIBs are supported by the Nortel Snas Supported MIBs Supported MIBs Sheet 1 ANAifType-MIBSNMPv2-MIB Appendix C Supported MIBs ALTEON-ISD-SSL-MIB Supported MIBs Sheet 2 Appendix C Supported MIBs Supported MIBs Sheet 3 CLI, using the /cfg/sys/adm/snmp/target command Supported traps Use the CLI command /cfg/sys/adm/snmp/snmpv2-mibSupported traps Describes the traps supported by the Nortel Snas Appendix C Supported MIBs 320818-A Supported ciphers Appendix D Supported ciphers Appendix D Supported ciphers Register the Schema Management dll Windows Server Install All Administrative Tools Windows 2000 Server Click Start and select Run Nortel Secure Network Access Switch 4050 User Guide Select a Title for the Program page displays Permit write operations to the schema Windows 2000 ServerCreate a shortcut to the console window Nortel Secure Network Access Switch 4050 User Guide Add isdUserPrefs attribute to nortelSSLOffload class Create the new class Add the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Creating the Dhcp options Configuring IP Phone auto-configurationAppendix F Configuring Dhcp to auto-configure IP Phones Dhcp Management Console Click Add Option Type dialog box opens see on Predefined Options and Values dialog box opens see Figure Option Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box Scope Options dialog box displays see Figure Call Server Information string parameter values Vlan ID Information string parameter values Setting up the IP PhonePage Create the logon script see Creating a logon script on Configuring the logon script Creating the script as a batch file Using Windows, open a plain text editor, such as NotepadCreating a logon script Creating the script as a VBScript file Assigning the logon script On the Group Policy tab, click Open Double-clickDefault Domain PolicyRight-click the Default Domain Policy and select Edit Appendix H Software licensing information Appendix H Software licensing information GNU General Public License Appendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Index Symbols Index Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index