Verify and apply the changes | Nortel Networks 4050 guide

364Chapter 8 Managing system users and groups

9Remove the admin user from the certadmin group.

Again, this step is only necessary if you want to fully separate the Certificate Administrator user role from the Administrator user role. Note however, that once the admin user is removed from the certadmin group, only a user who is already a member of the certadmin group can grant the admin user certadmin group membership anew.

When the admin user is removed from the certadmin group, only the Certificate Administrator user can access the Certificate menu (/cfg/cert).

>>User# edit admin

>>User admin# groups/list

1:admin

2:oper

3:certadmin

>>Groups# del 3

Note: It is critical that a Certificate Administrator user is created and assigned certadmin group membership before the admin user is removed from the certadmin group. Otherwise there is no way to assign certadmin group membership to a new user, or to restore certadmin group membership to the admin user, should it become necessary.

10Verify and apply the changes.

>>Groups# list

Old:

1:admin

2:oper

3:certadmin Pending:

1:admin

2:oper

>>Groups# apply

320818-A

Image 364

Nortel Networks 4050 manual Verify and apply the changes

Contents

Nortel Secure Network Access Switch 4050 User Guide Copyright Nortel Networks Limited 2005. All rights reserved 320818-A Nortel Secure Network Access Switch 4050 User Guide Licensing General Contents Managing the network access devices Contents Configuring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Before you begin Connect the switch to the networkPreface Text conventions Bold text Related information PublicationsPlain Courier text Example Set Trap Monitor Filters How to get help Online Preface Nortel SNA solution This chapter includes the following topics Supported users Elements of the Nsna solutionOverview Role of the Nortel Snas Nortel Snas 4050 functions Nortel SNA VLANs and filters Groups and profiles Authentication methods TunnelGuard host integrity check About SSH Communication channelsCommunication channels in the Nortel SNA network Nortel Snas 4050 clusters RSA DSA One-armed and two-armed configurations One-armed configuration Two-armed configuration Nortel SNA configuration and management tools Illustrates a two-armed configuration Nortel Snas 4050 configuration roadmap Configure the network Dhcp server Overview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup Management IP address About the IP addressesPortal Virtual IP address Initial setup Log on using the following username and passwordLogin admin Password admin Real IP address Select the option for a new installation Setup Menu displaysEnter port number for the management interface Enter network mask 255.255.255.0 mask Enter Vlan tag id or zero for no Vlan Setup a two armed configuration yes/no no Enter default gateway IP address or blank to skip Specify the MIP for this device or cluster Enter port number for the traffic interfaceEnter IP address for this machine on traffic interface Enter a timezone or select select timezone Configure the time settings Specify the NTP server, if applicableSpecify the DNS server, if applicable Enter NTP server address or blank to skip IPaddr Specify the pVIP of the Nortel Snas 4050 device Change the admin user password, if desiredSpecify a name for the Nortel Snas 4050 domain Create http to https redirect server no Settings created by the quick setup wizard Adding a Nortel Snas 4050 device to a cluster Extended profile details Before you begin Joining a cluster Select the option to join an existing cluster Enter network mask 255.255.255.0 mask Enter the existing admin user password password Specify the MIP of the existing cluster Setup successful Login Next steps Applying and saving the configuration Applying and saving the configuration using the CLI Applying and saving the configuration using the SremCfg/dump Cfg/ptcfg Apply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Managing network access devices using the CLI Roadmap of domain commands Reset Adding a network access device using the CLI Using the quick switch setup wizardSpecify the IP address of the network access device Cfg/domain 1/quick Go to on Nsna communication port5000 Red vlan id of Switch Vlan ID To continue, go to on Switch menu displays Manually adding a switchCfg/domain #/switch switch ID Deleting a network access device using the CLI Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete Configuring the network access devices using the CLI Cfg/domain #/switch switch ID followed by Switch menu includes the following optionsIp IPaddr Mapping the VLANs using the CLI Cfg/domain #/switch #/vlanFollowed by Dis Delete Domain vlan or Switch vlan menu displays Cfg/domain #/switch #/vlan followed byCfg/domain #/switch #/vlan/list Add name Vlan ID Managing SSH keys using the CLI Generating SSH keys for the domain using the CLI For an Ethernet Routing Switch 5510, 5520, orNsnas SSH key menu displays Cfg/domain #/sshkey Nsnas SSH key menu includes the following options Cfg/domain #/switch #/sshkey/exportCfg/domain #/sshkey followed by Shows sample output for the /cfg/domain #/sshkey command Main# /cfg/domain 1/sshkey Cfg/domain #/switch #/sshkey followed by Cfg/domain #/switch #/sshkeyCfg/domain#1/sshkey/export command to Reimporting the network access device SSH key using the CLI Monitoring switch health using the CLICfg/domain #/switch #/hlthchk Enter Apply to apply the change immediately Cfg/domain #/switch #/hlthchk followed by Cfg/domain #/switch #/disHealthCheck menu includes the following options Deadcnt count Managing network access devices using the Srem Adding a network access device using the SremTo add a network access device, use the following steps Cfg/domain #/switch #/ena Add a Switch Add a Switch fields Deleting a network access device using the Srem Configuring the network access devices using the Srem Switch Configuration screen appears see Figure Switch Configuration screen 320818-A Switch Configuration fields Mapping the VLANs using the Srem You can perform the Vlan mapping in two ways Mapping VLANs by domain Domain VLANs screen Adding VLANs to a domain To add VLANs to a domain, complete the following stepsClick Add Add a new Vlan dialog box appears see Figure Add a new Vlan fields Removing VLANs from a domain Mapping VLANs by switch Switch VLANs screen Adding VLANs to a switch To add VLANs to a switch, complete the following steps Managing SSH keys using the Srem Removing VLANs from a switch Managing the network access devices Managing the network access devices Generating SSH keys for the domain using the Srem Key Generation screen appears see Figure Exporting SSH keys for the domain using the Srem Switch SSH Key fields Export Key screen appears see Figure Click Apply on the toolbar to begin the export process Export Key fields Managing SSH keys for Nortel SNA communication using Switch SSH Key screen appears see Figure Reimporting the network access device SSH key using the Srem Monitoring switch health using the Srem Switch SSH Key screen appears see onClick Delete Switch SSH Key Click Import SSH from Switch Health Check screen appears see Figure Health Check screen 320818-A Viewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Configuring the domain Configuring the domain using the CLICfg/domain Logging traffic with syslog messages Captive portal Portal look and feel Linksets Details onoff Creating a domain using the CLI Manually creating a domain using the CLIYou can create a domain in two ways Cfg/domain domain ID 320818-A Main# /cfg/domain Using the Nortel Snas 4050 domain quick setup wizardCfg/quick Specify the certificate to be used by the portal server Main# cfg/quick Configuring the domain Do you want to configure a switch? yes/no no Specify whether the SSL server uses chain certificatesDo you require chain certificates yes/no no Do you want an http to https redirect server yes/no no Do you want to create a tunnelguard test user? yes/no yes Configuring the domain To delete a domain, use the following command Deleting a domain using the CLICfg/domain #/del Configuring domain parameters using the CLI To configure the domain, use the following commandCfg/domain domain ID followed by Pvips IPaddr Httpredir Configuring the TunnelGuard check using the CLI TG menu displays TG menu includes the following optionsCfg/domain #/aaa/tg Cfg/domain #/aaa/tg followed by Cfg/domain #/aaa/tg/status-quo Using the quick TunnelGuard setup wizard in the CLI Cfg/domain #/aaa/tg/quick Configuring the SSL server using the CLI TunnelGuard quick setup wizard creates a default SRS ruleServer 1001 menu displays Main# /cfg/domain #/aaa/tg/quick Tracing SSL traffic using the CLI Server 1001 menu includes the following optionsCfg/domain #/server followed by Interface ID Output mode Ssldump Cfg/domain #/adv/interface command Cfg/domain #/server/trace followed byTcpdump Ping host Configuring SSL settings using the CLI SSL Settings menu displaysDnslookup host Traceroute host SSL Settings menu includes the following options Cfg/domain #/server/ssl followed byCert certificate Index Cachain certificate Index listYes Cfg/domain #/server/ssl/protocol Configuring traffic log settings using the CLI Ena Dis Traffic Log Settings menu displays Traffic Log Settings menu includes the following optionsCfg/domain #/server/adv/traflog Cfg/domain #/server/adv/traflog followed by Configuring Http redirect using the CLI Cfg/domain #/httpredirCfg/domain #/httpredir followed by Redir onoff Configuring advanced settings using the CLI Cfg/sys/host #/interface command seeCfg/domain #/adv Cfg/domain #/adv followed by Configuring Radius accounting using the CLI Managing Radius accounting servers using the CLI Radius Accounting Servers menu displaysCfg/domain #/aaa/radacct Cfg/domain #/aaa/radacct followed by Cfg/domain #/aaa/radacct/servers followed by NSNAS-Portal-ID VPN Attribute menu displaysCfg/domain #/aaa/radacct/vpnattribu Configuring the domain using the Srem VPN Attribute menu includes the following optionsCfg/domain #/aaa/radacct/vpnattribu followed by Vendorid Creating a domain using the Srem Manually creating a domain using the Srem Secure Access Domain Table screen 320818-A Add a Secure Access Domain Add a Secure Access Domain fields Using the Srem Domain Quick Wizard Configuring the domain Click Domain Quick Wizard Domain Quick Wizard General Settings fieldsClick Next Domain Quick Wizard Certificate Domain Quick Wizard Certificate fields Organization name and do not use any of the following Domain Quick Wizard Certificate Chain Domain Quick Wizard Certificate Chain fields Domain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Server fields Domain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Switch fields Domain Quick Wizard Tunnel Guard dialog box appears see Domain Quick Wizard Tunnel Guard fields Deleting a domain using the Srem To delete a domain, perform the following steps Configuring domain parameters using the Srem To configure a domain, perform the following steps Domain Configuration fields Domain domain Configuration screen Additional domain configuration in the SremAdditional domain configuration tabs Additional domain tree components Component Description Configuring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup screen appears see Figure TunnelGuard Quick Setup fields Configuring the SSL server using the Srem Server Configuration screen 320818-A Server Configuration fields Configuring SSL settings using the Srem Server SSL Settings screen 320818-A Server SSL Settings fields ALL@STRENGTH Configuring traffic log settings using the Srem Configuring the domain Server SSL Settings fields Traffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Configuring Http redirect using the Srem Tracing SSL traffic using the Srem Http Redirect screen 320818-A Configuring Radius accounting using the Srem Http Redirect fields Configuring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Adding a Radius accounting server using the Srem Managing Radius accounting servers using the SremRadius accounting Configuration fields Radius Accounting Servers screen appears see Figure Radius Accounting Servers screen Moving a Radius accounting server using the Srem Radius Accounting Server fields Deleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles Configuring groups and profiles OverviewGroups This section includes the following topics Default group Linksets TunnelGuard SRS rule Extended profiles Configuring groups and extended profiles using the CLI Create the SRS rules see TunnelGuard SRS Builder on Roadmap of group and profile commands To create and configure a group, use the following command Configuring groups using the CLICfg/domain 1/aaa/group group ID Restrict Cfg/domain 1/aaa/group # followed byExtend profile ID Comment comment Tgsrs SRS rule nameMain# /cfg/domain 1/AAA/group Configuring client filters using the CLI Cfg/domain 1/aaa/filter filter ID Cfg/domain 1/aaa/filter filter ID followed by Client Filter menu includes the following optionsTg truefalseignore Main# /cfg/domain 1/AAA/filter Configuring extended profiles using the CLICfg/domain 1/aaa/group group IDgroup name/extend Extended Profile menu includes the following options Cfg/domain 1/aaa/group #/extend # followed byFilter name Vlan name Cfg/domain 1/aaa/group #/extend # Linkset DelMain# cfg/domain 1/aaa/group 2/extend Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow Mapping linksets to a group or profile using the CLI Cfg/domain 1/aaa/group #/linksetCfg/domain 1/aaa/group #/extend #/linkset Cfg/domain 1/aaa/group #/extend #/linkset followed by Linksets# add example2 Main# cfg/domain 1/aaa/group 1/linksetLinksets# insert 2 example3 Configuring groups and extended profiles using the Srem Creating a default group using the CLIConfiguring groups using the Srem This section contains the following topics Using the guide for creating groups Click a Guide to Create a Group on the toolbar Adding a group Groups screen 320818-A Click Add Add a Group dialog box appears see Figure Add a Group fields Group Configuration screen appears see Figure To configure a group, perform the following stepsModifying a group Configuring client filters using the Srem Group Configuration fields Adding a client filter Client Filters screen appears see Figure Click Add Add a Client Filter dialog box appears see Figure Add a Client Filter fields Sheet 1 Check using the Srem on Client filter Configuration screen appears see Figure To configure a client filter, perform the following stepsModifying a client filter Client Filters configuration fields Configuring extended profiles using the Srem Adding an extended profile Extended Profiles screen appears see Figure Add an Extended Profile screen Add an Extended Profile fields Extended profiles Configuration screen appears see Figure Modifying an extended profile Mapping linksets to a group or profile using the Srem Extended Profile Configuration fields Mapping linksets to a group Linksets screen for a group To add a linkset to a group, perform the following steps Adding linksets to a groupAdd a Linkset fields Removing linksets from a group Reordering linksets in a group Mapping linksets to a profile Linksets screen for an extended profile Adding linksets to an extended profile Removing linksets from an extended profile Reordering linksets in an extended profile Creating a default group using the Srem AAA Configuration screen 320818-A AAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Roadmap of authentication commands Cfg/domain 1/aaa Command Configuring authentication methods using the CLI Cfg/domain 1/aaa/auth auth ID Radiusldaplocal Cfg/domain 1/aaa/auth auth ID followed byDisplay Local accesses the Local database menu Configuring Radius authentication using the CLI Cfg/domain 1/aaa/auth #/advCfg/domain 1/aaa/auth #/adv followed by Groupauth auth IDs Adding the Radius authentication method using the CLI You can perform the following configuration tasks Configuring authentication Main# /cfg/domain 1/aaa/auth Modifying Radius configuration settings using the CLICfg/domain 1/aaa/auth #/radius Cfg/domain 1/aaa/auth #/radius followed by Type Managing Radius authentication servers using the CLI Timeout intervalRadius servers menu displays Sessiontim Radius servers menu includes the following options Cfg/domain 1/aaa/auth #/radius/servers followed by Configuring session timeout using the CLI Configuring Ldap authentication using the CLICfg/domain 1/aaa/auth #/radius/sessiontim Adding the Ldap authentication method using the CLI Configuring authentication Modifying Ldap configuration settings using the CLI Cfg/domain 1/aaa/auth #/ldap Cfg/domain 1/aaa/auth #/ldap followed by Ldap menu displays Ldap menu includes the following optionsDo not use the isdbinddn and isdbindpas SAMAccountName=bill . The user’s login Isdbindpas passwordUserattr names Ou=Users, dc=example, dc=com . Enauserpre truefalse Enaldaps truefalseActivedire Managing Ldap authentication servers using the CLI Cfg/domain 1/aaa/auth #/ldap/servers Removes the specified Ldap server from the current Cfg/domain 1/aaa/auth #/ldap/ldapmacro Managing Ldap macros using the CLICfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Add variable name Ldap attributePrefix suffix Variable name Managing Active Directory passwords using the CLI Set the Active Directory settings usingActive Directory Settings menu displays Cfg/domain 1/aaa/auth #/ldap/activedire command Configuring local database authentication using the CLI Configuring authentication Authentication menu commands local database Managing the local database using the CLI You can add users to the database in two waysLocal database menu displays Cfg/domain 1/aaa/auth #/local Cur group command Local database menu includes the following optionsCfg/domain 1/aaa/auth #/local followed by TAB or use the /cfg/domain 1/aaa Import protocol Server filename key Specifying authentication fallback order using the CLI Export protocol Cfg/domain 1/aaa/authorder auth ID,auth ID Main# /cfg/domain 1/aaa/authorder Configuring authentication using the Srem Configuring authentication methods using the Srem Authentication Server Table appears see Figure Configuring Radius authentication using the Srem Add an Authentication Server Radius 320818-A Adding the Radius method and server Modifying Radius configuration Add an Authentication Server Radius fields Modifying Radius method settings Configuration 320818-A Configuration fields Modifying Radius configuration settings Radius Configuration screen appears see Figure Radius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Adding a Radius server Add a Radius Server fields Reordering additional Radius servers Configuring authentication Add a Radius Server fieldsRemoving a Radius server Configuring Ldap authentication using the Srem Next steps Add an Authentication Server Ldap fields Adding the Ldap method and server Modifying Ldap configuration Modifying Ldap method settings Configuration fields Modifying Ldap configuration settings Ldap Configuration screen appears see Figure Ldap Configuration fields Ou=Users, dc=example, dc=com. The user Cn=Users, dc=example, dc=com Configuring authentication Ldap Configuration fields Active Directory, on Managing additional Ldap servers Click Apply Adding an Ldap serverAdd an Ldap Server fields Reordering additional Ldap servers Removing an Ldap server Managing Ldap macros Ldap Macros Adding Ldap macros Add an Ldap Macro fields Reordering Ldap macros Removing Ldap macros Configuring local database authentication using the Srem Populate the database see Populating the database on Adding the Local method Add an Authentication Server Local fields Database on Populating the database Adding users to the local databaseYou can populate the Local database in two ways Local Users screen appears see Figure Click Add Add a Local User dialog box appears see Figure Add a Local User fields Configuring authentication Importing a database Import Local User Database 320818-A Modifying Local database configuration Import Local User Database fields Modifying Local method settings Modifying local users Local Users screen appears see on Local Users Configuration 320818-A Modifying local user passwords Local Users Configuration fields Select the Local User Configuration tab Local Users Local User Configuration 320818-A Local Users Local User Configuration fields Exporting the database Export Local User Database 320818-A Export Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder Configuring SRS rules TunnelGuard user interfaceTunnelGuard SRS Builder \tunnelguard\tg.txt Menu commands File menuSoftware Definition menu Describes important items from the File menu Software Definition Entry menu Software Definition Entry menu items Sheet 1 TunnelGuard Rule menu Tool menuDescribes important items from the TunnelGuard Rule menu Describes important items from the Tool menu SRS definition toolbar SRS Definition toolbar item descriptions SRS Components table Software Definition Available SRS listSRS Components table items Customizing a component WINNT%\xxx.dll Memory snapshot TunnelGuard Rule Definition screenSRS Rule toolbar Memory snapshot item descriptions SRS Rule list SRS Rule Expression ConstructorAvailable Expression list Rule Expression Constructor Managing TunnelGuard rules and expressions Creating a software definition Adding entries to a software definition Selecting modules or files from running processes Create New Memory Module SRS window For more information, see Making API calls on Selecting file on disk Select the TunnelGuard Rule Definition tab Create New on Disk SRS Entry window Creating logical expressions Click the TunnelGuard Rule Definition tab TunnelGuard Rule Definition tab Click the Form TunnelGuard Rule Expression button Available Expressions screen New SRS Rule window TunnelGuard Rule Name screen Registry-based rules Registry-only SRS entry Describes supported operands for integer values Supported integer operands Constructs for string based regular expressions Sheet 1 String regular expression Description Creating a registry entry Enter the Key Value Data Expression Registry-based File/ModuleTunnelGuard SRS Builder Registry Entry Manually creating SRS entries Manually creating an OnDisk file entry Create new OnDisk SRS Entry Manually creating a Memory Module entry Create New Memory Module SRS Entry page opens see on Create new Memory Module SRS entry File age check Adding a TunnelGuard rule comment Adding commentsTunnelGuard SRS Builder Date/Time Range Deleting SRS rules and their components Adding a software definition comment Deleting a software definition Deleting a software definition entryDeleting a TunnelGuard rule Deleting an expression TunnelGuard support for API calls Making API calls TunnelGuard SRS Builder 320818-A Chapter Managing system users and groups Managing system users and groups User rights and group membershipGroup membership and user rights Roadmap of system user management commands Managing system users and groups using the CLICfg/sys/user User menu displays User menu includes the following options Managing user accounts and passwords using the CLICfg/sys/user followed by Del username Add username Edit username Managing user settings using the CLICaphrase Managing user groups using the CLI Password userPassword confirm User password Cfg/sys/user/edit username CLI configuration examples Adding a new userThis section includes the following detailed examples Cfg/sys/user/edit username/groups Access the User Menu Main# /cfg/sys/user User# edit certadmin Apply the changes Verify and apply the changes User# edit admin Changing a user’s group assignment Changing passwords Changing your own password Changing another user’s password Type the password command to initialize the password change Deleting a user Managing user accounts using the Srem Managing system users and groups using the SremTo manage users, choose from one of the following tasks User Table Adding new user accounts Click Add Add a User dialog box appears see Figure To remove an existing user, perform the following steps Removing existing user accountsAdd a User fields Setting password expiry using the Srem Password Setting 320818-A Password Settings fields Changing your password using the Srem Change Your Password 320818-A Changing another user’s password using the Srem Click Change PasswordOnly the admin user can change the passwords of other users Change Your Password fields Change User Password 320818-A Setting the certificate export passphrase using the Srem Change User Password fields Set Certificate Export PassPhrase screen appears see Figure Set Certificate Export PassPhrase 320818-A Click Set Pass Phrase Managing user groups using the SremSet Certificate Export PassPhrase fields Choose from the following tasks to manage users groups Adding a user groupTo add a new user group, perform the following steps Click Add Add a User Group dialog box appears see Figure Removing a user groupAdd a User Group fields Managing system users and groups Chapter Customizing the portal and user logon Captive portal and Exclude List Customizing the portal and user logon Exclude List Allowed regular expressions and escape sequences String Usage Expressions Portal display Portal look and feel Default appearance Colors Common colors, with hexadecimal codes Sheet 1 Color Hexadecimal code Language localization Content-Type text/plain charset=iso-8859-1/n Linksets and links Autorun linksets Planning the linksets Macros Examples of redirection URLs and links Automatic redirection to internal sitesExamples of redirection URLs and link text Sheet 1 Managing the end user experience Automatic JRE upload Roadmap of portal and logon configuration commands Customizing the portal and logon using the CLIWindows domain logon script Number Color2 code Configuring the captive portal using the CLI Configuring the Exclude List using the CLIDNS Exclude menu displays Cfg/domain 1/dnscapt DNS Exclude menu includes the following options Changing the portal language using the CLICfg/domain 1/dnscapt/exclude followed by Language Support menu displays Configuring language support using the CLICfg/lang Cfg/lang/import command Language Support menu includes the following optionsCfg/lang followed by Server filename Setting the portal display language using the CLI Cfg/domain 1/portal/langCfg/domain 1/portal/lang followed by Cfg/domain 1/portal/lang/list Configuring the portal display using the CLI RestoreCfg/domain 1/portal Cfg/domain 1/portal followed by Logintext text Redirect URL Linktext text Linkurl onoffLinkcols columns Linkwidth width Portal Colors menu displays Changing the portal colors using the CLICfg/domain 1/portal/colors Configuring custom content using the CLI Portal Custom Content menu displaysCfg/domain 1/portal/content Portal Colors menu includes the following options Portal Custom Content menu includes the following options Cfg/domain 1/portal/content followed byTftpftpscpsftp. The default is tftp Available Configuring linksets using the CLI Cfg/domain 1/linkset linkset ID Linkset menu includes the following options Cfg/domain 1/linkset linkset ID followed byText text Autorun truefalse Configuring links using the CLI Cfg/domain 1/linkset linkset ID/link index Cfg/domain 1/linkset linkset ID/link index followed by Link menu includes the following optionsMove new index Configuring external link settings using the CLI Configuring FTP link settings using the CLICfg/domain 1/linkset linkset ID/link index/ external/quick Cfg/domain 1/linkset linkset ID/link index/ ftp/quick Configuring the captive portal using the Srem Customizing the portal and logon using the SremEnabling DNS capture DNS Capture screen includes the following components DNS Capture fields Click Add Entry appears in the DNS Exclude List Configuring the DNS Exclude List using the SremAdd DNS Domain fields Changing the portal language using the Srem Configuring language support using the Srem Select the System Language tabLanguages sub-tabs appear see Figure Choose from one of the following tasks Viewing predefined languages To view custom languages, use the following procedureViewing and removing custom languages Click the Import/Export Definition tab Importing and exporting language definitionsImport/Export Definition screen appears see Figure Import/Export Definition fields Setting the portal display language using the Srem Configuring the portal display using the Srem Language fields Configuring content Portal Configuration tab appears see Figure Portal Configuration fields Sites, see on Importing banners Import Banner screen 320818-A Import Banner fields Changing the portal colors using the Srem Color Settings screen 320818-A Color Settings fields Configuring custom content using the Srem Viewing basic information about custom content Basics screen appears see Figure Basics fields To import custom content, perform the following steps Importing custom contentImport Content screen appears see Figure Import Content fields To export custom content, perform the following steps Exporting custom contentExport Content screen appears see Figure Configuring linksets using the Srem Export Content fields To create a linkset, perform the following steps Creating a linksetPortal Links screen appears see Figure Click Add Add a Linkset dialog box appears see Figure Add a Linkset Modifying a linkset Linkset Configuration screen appears see FigureTo modify a linkset, perform the following steps Linkset Configuration fields See Linksets and links on Configuring links using the Srem To create an external link, perform the following steps Creating an external link using the SremLinks screen appears see Figure Click Add Add a Portal Link dialog box appears see Figure Add a Portal Link fields Creating an FTP link using the Srem To create an FTP link, perform the following steps Add a Portal Link FTP Add a Portal Link FTP fields External link Configuration screen appears see Figure Modifying external link settings using the SremTo modify a link, perform the following steps External link Configuration fields Reordering links using the Srem on Modifying FTP link settings using the Srem FTP link Configuration screen appears see Figure Reordering links using the Srem FTP link Configuration fields Re Order Links screen appears see Figure Re Order Links fields Customizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Configuring the cluster using the CLI Cfg/sys Roadmap of system commands Parameter Health interval Show Cfg/sys followed by Configuring system settings using the CLIRsa server ID Configuring the Nortel Snas 4050 host using the CLI Cfg/domain #/server/trace/ssldumpCfg/domain #/server/trace/tcpdump Cfg/sys/host host ID Cluster Host menu includes the following options Cfg/sys/host host ID followed by/cfg/sys/host #/interface # Interface number Ports Ports = 1,23Hwplatform Halt Cfg/sys/cur command RebootCfg/sys/host #/delete Configuring host interfaces using the CLI Viewing host informationCfg/sys/host host ID/interface interface ID Cfg/sys/host #/interface interface ID Cfg/sys/host #/interface interface ID followed by Vlanid tagMode Failovertrunking Configuring static routes using the CLI Primary portCfg/sys/routes Cfg/sys/host host ID/routes Configuring host ports using the CLI Cfg/sys/host #/interface #/routes followed byAdd IPaddr mask Gateway Managing interface ports using the CLI Host Port menu includes the following optionsCfg/sys/host #/port port followed by Cfg/sys/host #/interface interface ID/ports Configuring the Access List using the CLI Cfg/sys/host #/ports command seeCfg/sys/accesslist Interface Ports menu includes the following options Configuring date and time settings using the CLI Cfg/sys/accesslist followed byDate and Time menu displays Add IPaddr mask Managing NTP servers Date and Time menu includes the following optionsNTP Servers menu displays Cfg/sys/time followed by Configuring DNS servers and settings using the CLI NTP Servers menu includes the following optionsCfg/sys/time/ntp followed by Cfg/sys/dns Retransmit interval Count countTtl ttl Health interval Cfg/sys/dns/servers Managing DNS serversCfg/sys/dns/servers followed by Configuring RSA servers using the CLI RSA Servers menu displays Switch Software ReleaseMove index number new index number Cfg/sys/rsa Configuring syslog servers using the CLI RSA Servers menu includes the following optionsSyslog Servers menu displays Cfg/sys/rsa followed by Syslog Servers menu includes the following options Cfg/sys/syslog followed byFacility Syslog.conf under Unix Configuring administrative settings using the CLI Administrative Applications menu displaysCfg/sys/adm Cfg/sys/adm followed by Srsadmin AuditAuth Telnet onoff Enabling TunnelGuard SRS administration using the CLI Configuring Nortel Snas 4050 host SSH keys using the CLICfg/sys/adm/srsadmin Cfg/sys/adm/srsadmin followed by Cfg/sys/adm/sshkeys Cfg/sys/adm/sshkeys followed byDraft-ietf-secsh-publickeyfile Knownhosts Managing known hosts SSH keys using the CLI SSH Known Host Keys menu displaysSSH Known Host Keys menu includes the following options Cfg/sys/adm/sshkeys/knownhosts About Radius auditing Configuring Radius auditing using the CLIAbout the vendor-specific attributes Configuring Radius auditing Map this string to the Vendor-Type valueNSNAS-SSL-Audit-Trail Cfg/sys/adm/audit Managing Radius audit servers using the CLI Radius Audit Servers menu displaysRadius Audit Servers menu includes the following options Cfg/sys/adm/audit/servers Adds a Radius audit server to the configuration. You Configuring authentication of system users using the CLI Cfg/sys/adm/auth Fallback onoff Radius Authentication Servers menu displaysCfg/sys/adm/auth/servers Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem Select the System Configuration tab Configuring system settings using the SremSystem Configuration screen appears see Figure Configuring a Nortel Snas 4050 host using the Srem System Configuration fields Hosts Viewing and configuring TCP/IP properties Host Viewing and installing host licenses Host fields Viewing global licenses for all hosts Describes the Global Licenses fields Global Licenses fields Viewing per domain licenses for all hosts Describes the Per Domain Licenses fields Per Domain Licenses fields Viewing installed licenses for a particular host Installing a license for a particular host Install New License Configuring host interfaces using the Srem To continue, choose one of the following procedures Adding a host interface To create a host interface, perform the following stepsSelect the System Hosts host Interfaces tab Add an Interface fields Configuring system settings Add an Interface fields Click Apply New interface appears in the Interfaces table Configuring an existing host interface Interface fields Link is transferred back to the primary port Removing a host interface Configuring static routes using the SremTo delete a host interface, perform the following steps Viewing static routes for a cluster IP Routes Viewing static routes for a host Routes Viewing static routes for an interface Managing static routes Adding a static route Add Route fields Removing a static route Configuring host ports using the Srem Ports Port Port fields Managing interface ports using the Srem Removing interface ports Adding interface portsAdd a Port fields Configuring the access list using the Srem Adding an access list entry Access List Table appears see FigureSelect the System Access List tab Access List Table appears see on Click Add Add Access Host dialog box appears see Figure Removing an Access List entryAdd Access Host fields Managing date and time settings using the Srem Date & Time Select the System Date & Time tab Configuring the date and time settingsDate & Time fields Select the System Date and Time tab Adding an NTP serverAdd NTP Server fields Removing an NTP server Select the System DNS Client Settings tab Configuring DNS settings using the SremDNS Client Settings screen appears see Figure DNS Client Settings fields Configuring servers using the Srem Managing syslog servers Adding a new syslog server From this screen, complete the following tasks as necessaryClick Add Add Syslog Server dialog box appears see Figure Add Syslog Server fields Reordering a new syslog server Removing an existing syslog server Adding a DNS server on Removing an existing DNS server on Select the System Servers DNS Servers tab Adding a DNS serverAdd DNS Server fields Removing an existing DNS server Managing RSA servers RSA Server Table To configure RSA servers, perform the following steps Adding an RSA serverSelect the System Servers RSA Server Table tab Add RSA Server fields Removing an existing RSA server Removing the RSA node secret Describes the RSA Server fields RSA Server fields Click Remove Secret Node Importing sdconf.recSelect an RSA server from the RSA Server Table Select the Import sdconf.rec tab Import sdconf.rec screen appears see Figure Configuring administrative settings using the Srem Import sdconf.rec fields Configuring SRS control settings using the Srem Select from one of the following tasks Configuring Nortel Snas 4050 host SSH keys usingAdd SSH Key fields Showing SSH keys Show SSH Keys Configuring system settings Managing Nortel Snas 4050 and known host SSH keys Click Generate SSH Keys SSH Keys Hosts field Adding an SSH key for a known host using the Srem Add SSH Key Managing Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Configuring Radius audit settings using the Srem Radius audit Configuration Describes the Add Audit Configuration fields Add Audit Configuration fields Managing Radius audit servers using the Srem Select from the following tasks to manage the audit servers Click Add Add Audit Server dialog box appears see Figure Adding a new Audit ServerAdd Audit Server fields Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Managing Radius authentication servers using the Srem Radius Server Table appears see Figure Adding a Radius authentication server Add Radius Server fields Removing an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Key and certificate formats Supported key and certificate formats Sheet 1 320818-A Installing certificates and keys Creating certificates Saving or exporting certificates and keys Updating certificates Managing private keys and certificates using the CLI Roadmap of certificate management commands Cfg/cert cert id Managing and viewing certificates and keys using the CLICfg/cert cert ID followed by /cfg/cert #/show command Cert #/export command Generating and submitting a CSR using the CLIPhrase Cfg/cert #/request CSR information IPip-address Emailemail-address Email Address tester@dummyssltesting.com Generating a CSR Save the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Entire contents of the key, including Add the certificate Enter the following commandLines Cfg/cert #/cert Adding a certificate by pasting Certificate added Certificate 2# apply Add the private key Enter the following command Adding a private key to the Nortel Snas 4050 using the CLICfg/cert #/key Adding a private key by pasting Cfg/cert #/import Certificate and key import information Admin@hostname.isd Anonymous Displaying or saving a certificate and key using the CLI Cfg/cert #/display Copy the private key, certificate, or both, as required Displaying a private key and certificate Cfg/cert #/export Certificate and key export information About the formats, see Key and certificate formats on Generating a test certificate using the CLI Cfg/cert #/test Managing private keys and certificates using the Srem Viewing certificates using the Srem Certificates screen Creating a certificate using the Srem To create a certificate, perform the following stepsSelect the Certificates Certificates tab Add a Certificate Component fields Managing certificates Generating and submitting a CSR using the Srem To generate a CSR, perform the following steps CA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Displaying or saving a certificate and key using the Srem Import Certificate fields Display Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing certificate information using the Srem Viewing configuration details Describes the certificate Configuration fields Configuration screen appears see FigureCertificate Configuration fields Managing certificates Certificate Configuration fields Viewing general information Describes the Info fields Info screen appears see FigureInfo fields Viewing certificate subject settings Managing certificates Info fields Describes the Subject fields Subject screen appears see FigureSubject fields Managing certificates Subject fields Chapter Configuring Snmp Configuring Snmp Configuring Snmp using the CLICfg/sys/adm/snmp Roadmap of Snmp commands Configuring Snmp settings using the CLI Snmp menu displays Snmp menu includes the following options SNMPv2-MIBmenu displays Configuring the Snmp v2 MIB using the CLICfg/sys/adm/snmp/snmpv2-mib Configuring the Snmp community using the CLI SNMPv2-MIBmenu includes the following optionsCfg/sys/adm/snmp/snmpv2-mib followed by Cfg/sys/adm/snmp/community Configuring SNMPv3 users using the CLI Cfg/sys/adm/snmp/users user ID Md5 Sha Des Aes Snmp User menu includes the following options Cfg/sys/adm/snmp/users user ID followed by Notification Target menu displays Configuring Snmp notification targets using the CLICfg/sys/adm/snmp/target target ID Configuring Snmp events using the CLI Notification Target menu includes the following optionsEvent menu displays Version v1v2cv3 Event menu includes the following options Cfg/sys/adm/snmp/event followed byOptions -b name OID op value OID value Options -t nameEvent Options -x name OIDComment name Notification Configuring Snmp settings using the Srem This section contains information about the following topics Configuring Snmp using the Srem To configure SNMP, perform the following steps Snmp Configuration fields Sonmp Configuring Snmp targets using the Srem To add an Snmp target, perform the following steps Adding Snmp targetsSnmp Target Table appears see Figure Click Add Add Snmp Target dialog box appears see Figure Add Snmp Target 320818-A Snmp Target fields Managing Snmp targets Target Settings screen appears see FigureTo manage Snmp targets, perform the following steps Removing Snmp targets Configuring SNMPv3 users using the Srem To add an SNMPv3 user, perform the following steps Adding SNMPv3 usersSNMPv3 User Table appears see Figure Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User 320818-A Add SNMPv3 User fields User Settings screen appears see Figure Managing SNMPv3 users User Settings fields Sheet 1 Configuring Snmp User Settings fields Sheet 2 Removing SNMPv3 users Managing monitor events Configuring Snmp events using the SremTo manage monitor events, select from the following tasks Adding monitor events To add monitor events, perform the following steps Viewing configuration details of monitor events Add a Monitor fields Boolean monitors Removing monitor eventsTo delete a monitor event, perform the following steps Add a Monitor Boolean Boolean monitor fields Sheet 1 Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitors Threshold monitor fields Existence monitors Existence monitor fields Sheet 1 Managing notification events Existence monitor fields Sheet 2 To add notification events, perform the following steps Adding notification eventsNotification Table screen appears see Figure Add a Notification Event Add a Notification Event fields Removing notification events To delete a notification event, perform the following steps 659 Roadmap of information and statistics commands Viewing system information and performance statisticsInfo Stats Viewing system information using the CLI Information menu displays Info followed by Information menu includes the following optionsDomain ID Switchid Info/mac commandKick domain ID Username Info/ip command Switch IDMac MACaddr Username-prefix Local Ethernet Viewing alarm events using the CLI To view active alarms, use the following commandInfo/events Info/events followed by Viewing log files using the CLI Viewing AAA statistics using the CLITo view and download log files, use the following command Logs menu displays Logs menu includes the following options Stats/aaa Stats/aaa followed byTotal Isdhost host ID Main# stats/aaa/dump Viewing local information using the Srem Viewing all statistics using the CLIStats/dump Describes the Information fields Information screen appears see FigureInformation fields Viewing cluster information using the Srem Viewing the controller list using the Srem Describes the Controller List fields Controller List fields Viewing Sonmp topology information using the Srem Describes the Sonmp State fields Sonmp State fields Viewing switch distribution using the Srem Describes the Switch Distribution fields Viewing port information using the SremSwitch Distribution fields Describes the Port Information fields Port Information fields Sheet 1 Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Viewing active sessions using the Srem Sessions screen Describes the Sessions parameters Sessions parameters Viewing details for a particular session Session Properties screen Ending active user sessions Describes the Session Properties parameters Click KickOut KickOut User fields Describes the Number of Sessions fields Viewing the number of active sessions using the SremNumber of Sessions fields Viewing alarms using the Srem Viewing active alarms using the Srem Active Alarms screen 320818-A Describes the Active Alarms fields Active Alarms fields Downloading alarms using the Srem Download Alarms screen 320818-A Describes the Download Alarms fields Managing log files using the SremDownload Alarms fields Viewing the log list using the Srem Logs screen Describes the Download fields Downloading log files using the SremDownload fields Sheet 1 Viewing AAA statistics using the Srem Viewing AAA statistics for a host Hosts table License tab opens see on For a description of the fields, seeTable Viewing License statisticsLicense statistics Sheet 1 Viewing Radius statistics Radius statistics 320818-A Radius statistics Viewing Local database statistics Local DB statistics Sheet 1 Viewing Ldap statistics Ldap statistics Viewing AAA statistics for the domain Statistics table Select one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license For a description of the fields, see Table Viewing Radius Statistics Sheet 1 320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table For a description of the fields seeTable Viewing Rx statisticsViewing Rx statistics Sheet 1 Rx Frames Displays number of errors due to malformed packets Viewing Tx statistics Viewing Tx Statistics Sheet 1 Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Maintaining and managing the system Managing and maintaining the system using the CLIMaint Roadmap of maintenance and boot commands Boot Performing maintenance using the CLI Maintenance menu displays Maintenance menu includes the following options Dumplogs protocol server filename all-isds? Maint followed by All-isds? Starttrace tags Domain ID outputMode Stoptrace Backing up or restoring the configuration using the CLI Cfg/dump passphrase Configuration menu backup and restore commands CfgPtcfg protocol Server filename passphrase Cfg followed by Gtcfg protocolPassphrase Dump passphrase Managing Nortel Snas 4050 devices using the CLI Boot menu displays Boot menu includes the following optionsBoot followed by Software Cfg/sys/host #/reboot command instead Cfg/sys/host #/delete command seeCfg/sys/host #/delete command Boot/software Boot/software followed by Activate commandSoftware Management menu includes the following options Activate version Managing and maintaining the system using the Srem Performing maintenance using the SremUpgradecomplete.pkg Ftp 10.0.0.1 pub/SSL-5.1.1 Dumping logs and status information using the Srem Dumps Click Dump Starting and stopping a trace using the SremDump fields To start or stop a trace, perform the following steps Start/Stop Trace fields Checking configuration using the Srem Click Check Configuration Backing up or restoring the configuration using the Srem Backup & Restore 320818-A Backup & Restore fields If you later restore the configuration, the Certificate Managing software versions using the Srem Image List Following tasks are available from this screen Describes the Image List fieldsImage List fields Select the System Boot Image List tab Viewing details of the active software image Activating a software image Downloading images using the Srem Removing an inactive software image Maintaining and managing the system Rebooting or deleting a Nortel Snas 4050 device using Download Image fields Reboot/Delete ISD Options Downloading files using the Srem Describes the File Download fields File Download screen appears see FigureFile Download fields Running Nortel Snas 4050 diagnostics using the Srem Maintaining and managing the system File Download fields Describes the Diagnostics fields Diagnostics fields Maintaining and managing the system 320818-A Chapter Upgrading or reinstalling the software Upgrading the Nortel Snas Performing minor and major release upgrades Upgrading or reinstalling the software Downloading the software image using the CLI Enter the host name or IP address of the server Activating the software upgrade package Admin@hostname/IP.isd Nsnas At the Software Management# prompt, enter Log in again and verify the new software version Reinstalling the software Before you begin Upgrading or reinstalling the software Reinstalling the software from an external file server Restarting Restarting system Booting LoginAlteon WebSystems, Inc When the installation is complete, remove the CD and reboot Reinstalling the software from a CDRun install-nsnas isd4050 Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Command Line Interface Connecting to the Nortel SnasEstablishing a console connection Console configuration parameters ProcedureRequirements Enabling and restricting Telnet access Establishing a Telnet connection Enabling and restricting SSH access Establishing a connection using SSHRunning Telnet Running an SSH client Accessing the Nortel Snas 4050 cluster For more information, see How to get help on User access levels Command line history and editing CLI Main Menu or SetupIdle timeout Command Line Interface On page 780 illustrates the network configuration Scenario Configuration example Network devices Sheet 1 Configuration example Network devices Sheet 2 Summarizes the VLANs for the Ethernet Routing SwitchVLANs for the Ethernet Routing Switch Configure the network DNS server Steps Configure the network Dhcp server Create a new Dhcp scope see Figure Naming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Enter the IP address of the DNS server see Figure Specifying the DNS server Configure the network core router Shows the Dhcp scopes created for use in this example Configure the Ethernet Routing Switch 8300 using the CLI Steps Configuring the Nortel Snas 4050 pVIP subnet Configuring the VoIP VLANsConfiguring the Red, Yellow, and Green VLANs Enabling SSH Configuring the Nsna uplink filter Configuring the Nsna portsEnabling Nsna globally Add the uplink port Configure the Ethernet Routing Switch Setting the switch IP address Configuring SSH 5510-48Tconfig# ssh5510-48Tconfig#nsna nsnas 10.40.40.0/24 5510-48Tconfig#nsna vlan 240 color voip Configure the Nortel Snas Configuring the login domain controller filters5510-48Tconfig-if#exit 5510-48Tconfig#nsna enable Performing initial setup 10.40.40.1 Completing initial setup Enable SRS administrationEnter a password for the admin user Main# cfg/sys/adm/srsadmin/ena Adding the network access devices Main# cfg/domain 1/sshkey/generateGroup 1# /cfg/domain 1/aaa/tg/quick TG#../group 1/tgsrs srs-rule-test Adding the Ethernet Routing Switch Add the switch manuallyImport the public SSH key from the switch Main# cfg/domain 1/switch 1 Creating Switch Use the quick switch wizard Main# cfg/domain 1/switch 2/sshkey/importMain# cfg/domain 1/switch 1/vlan/add yellow Switch Vlan# ../../vlan/add yellow Enabling the network access devices Main# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/enaSwitch 2# apply Changes applied successfully Domain Vlan# apply Changes applied successfully Configuration example 320818-A Appendix a CLI reference Using the CLI Global commands Paste ExitQuit Netstat Command line history and editing Command stacking You can use the following CLI command shortcutsCommand line history and editing options Sheet 2 CLI shortcuts Command abbreviation Tab completionNTP Servers# ../../dns/servers Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l Using a submenu name as a command argument Configuration# cur sys Using slashes and spaces in commands IP address and network mask formatsIP addresses Network masks Variables Variables CLI command reference CLI Main Menu Appendix a CLI reference Information menu commands Sheet 1 Information menuCerts Sys Statistics menu Configuration menu Configuration menu commands Sheet 1Cfg/cert cert ID Name name Cert Cfg/domain Name name Auth ID RadiusldaplocalAuth #/adv Secondauth auth ID Auth ID for Ldap Cfg/domain #/aaa Servers Auth #/ldap SearchbaseAuth #/ldap/activedire Truefalse Expiredgro Group Auth #/local Password group Cfg/domain #/aaa Add user namePasswd user name Auth #/radius Vendorid vendor ID Profile ID Access rule Number Linkset Del Cfg/domain #/aaa Vendorid vendor IDAuth #/radius Vendortype vendor Type Ena Dis Cfg/domain #/aaa Group #/extend # Del index number Group #/linkset Del index numberRadacct Vpnattribu Ena Dis Cfg/domain #/aaa List Cfg/domain #/aaa/tg Quick Recheck intervalHeartbeat interval Cfg/domain #/adv Interface interface Restore Cfg/domain #/linkset Name nameLinkset ID Text text Linkset #/link index Text text Content Server filename Cfg/domain #/portal Color1 codeColors Color2 code Lang Charset Cfg/domain #/server Sysloghost IPaddr Adv/traflog Udpport portProtocol Ssl2ssl3ssl23tls1 Cfg/domain #/switch Name name Switch ID Type ERS8300ERS5500Switch #/dis Switch #/ena Cfg/domain #/vlan Add name Vlan ID PassphraseCfg/gtcfg protocol Passphrase Cfg/lang Import protocol Cfg/sys/accesslist List Add IPaddr maskCfg/sys/adm Snmp Sonmp onoff Cfg/sys/adm/auth List Shared secretCfg/sys/adm/snmp Ena Versions v1v2cv3 Snmpv2-mib SnmpEnable Disabledenabled Cfg/sys/adm/snmp Ip IPaddrCfg/sys/adm/snmp Addmonitor Event Options -b name Cfg/sys/adm/snmp Name name Users user ID SeclevelDis Cfg/sys/adm/sshkeys Generate Knownhosts Mode fullhalf Cfg/sys/host #/routes Cfg/sys/dns/servers ListInterface #/ports Del port Add port Cfg/sys/host # List Cfg/sys/host Ip IPaddr Host ID SysName nameSysLocatio Cfg/sys/rsa Rsaname name Add IPaddr Cfg/sys/user Password old Password newPassword confirm Username Password user Boot menu Boot menu commandsBoot Software Reboot Delete Boot/software Cur Maintenance menu Maintenance menu commandsMaint Dumplogs protocol All-isds? Chapter Troubleshooting Troubleshooting tips Cannot connect to the Nortel Snas 4050 using Telnet or Verify the current configurationEnable Telnet or SSH access Check the Access List Check the IP address configuration # /cfg/cur sys Cannot add the Nortel Snas 4050 to a cluster Cannot contact the MIP Main# /cfg/sys/accesslist/add Add Interface 1 IP addresses and the MIP to the Access ListEnter network address IP address Enter netmask network mask Telnet or SSH connection to the MIP Nortel Snas 4050 stops respondingConsole connection User password is lost Administrator user passwordOperator user password Root user password Boot user password Trace toolsUser fails to connect to the Nortel Snas 4050 domain Main# maint/starttrace Sample output for the trace command Tag Description Sample output Installed certificates System diagnosticsNetwork diagnostics Cluster Host 1# cur Main# /cfg/sys/curMain# /stats/dump Main# /info/ethernet Active alarms and the events log file Error log files Troubleshooting Appendix B Syslog messages Syslog messages by message type Lists the Emerg operating system messages Operating system OS messagesLists the operating system Critical messages System Control Process messages Operating system messages ErrorLists the operating system Emerg messages About alarm messages Alarm severity and syslog level correspondenceLists the System Control Process Info messages System control process messages Info System Control Process messages Alarm Alarm Audit/ena command About event messagesSystem Control Process messages Event With /cfg/sys/cur Lists the Traffic Processing Error messages Traffic Processing messages Error Sheet 1Traffic Processing Subsystem messages Lists the Traffic Processing Critical messages Css error reason Traffic Processing messages Error Sheet 3 Lists the Traffic Processing Warning messagesTraffic Processing messages Warning Domain #/server/portal Lists the Traffic Processing Info messages Start-up messagesTraffic Processing messages Info Lists the AAA Error messages AAA messages ErrorAAA subsystem messages Lists the Start-up Info messages AAA messages Info Sheet 1 Log value Message Category Contains There are two categories of Nsnas subsystem messages Nsnas subsystem messagesAAA messages Info Sheet 2 Lists the Nsnas Error messages Nsnas ErrorLists the Nsnas Info messages Nsnas Info Sheet 1 Syslog messages in alphabetical order Lists the syslog messages in alphabetical orderNsnas Info Sheet 2 Syslog messages in alphabetical order Sheet 1 Sys/adm/audit/ena command Error Nsnas Syslog messages in alphabetical order Sheet 3 Info AAA Error AAA Syslog messages in alphabetical order Sheet 5 Authenticate is set to off Cfg/domain #/server/portal Syslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Supported MIBs Following MIBs are supported by the Nortel Snas ANAifType-MIB SNMPv2-MIBAppendix C Supported MIBs Supported MIBs Sheet 1 Supported MIBs Sheet 2 ALTEON-ISD-SSL-MIB CLI, using the /cfg/sys/adm/snmp/target command Appendix C Supported MIBs Supported MIBs Sheet 3 Use the CLI command /cfg/sys/adm/snmp/snmpv2-mib Supported trapsDescribes the traps supported by the Nortel Snas Supported traps Appendix C Supported MIBs 320818-A Appendix D Supported ciphers Supported ciphers Appendix D Supported ciphers Install All Administrative Tools Windows 2000 Server Register the Schema Management dll Windows Server Click Start and select Run Nortel Secure Network Access Switch 4050 User Guide Create a shortcut to the console window Permit write operations to the schema Windows 2000 ServerSelect a Title for the Program page displays Nortel Secure Network Access Switch 4050 User Guide Create the new class Add isdUserPrefs attribute to nortelSSLOffload class Add the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Appendix F Configuring Dhcp to auto-configure IP Phones Configuring IP Phone auto-configurationCreating the Dhcp options Dhcp Management Console Predefined Options and Values dialog box opens see Figure Click Add Option Type dialog box opens see on Option Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box displays see Figure Scope Options dialog box Call Server Information string parameter values Setting up the IP Phone Vlan ID Information string parameter valuesPage Configuring the logon script Create the logon script see Creating a logon script on Creating a logon script Using Windows, open a plain text editor, such as NotepadCreating the script as a batch file Assigning the logon script Creating the script as a VBScript file Right-click the Default Domain Policy and select Edit Double-clickDefault Domain PolicyOn the Group Policy tab, click Open Appendix H Software licensing information GNU General Public License Appendix H Software licensing information Appendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Symbols Index Index Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index