Nortel Secure Network Access Switch 4050 User Guide
320818-A
Copyright Nortel Networks Limited 2005. All rights reserved
Licensing
Nortel Secure Network Access Switch 4050 User Guide
General
Contents
Contents
Managing the network access devices
Configuring the domain
Configuring groups and profiles
Configuring authentication 233
TunnelGuard SRS Builder
Managing system users and groups
Customizing the portal and user logon
Setting the portal display language using the CLI
Configuring system settings
Adding a host interface
Managing certificates
Configuring Snmp
Maintaining and managing the system
Upgrading or reinstalling the software
Appendix a CLI reference
Troubleshooting 837
Appendix C Supported MIBs
Appendix H Software licensing information Index
Contents 320818-A
Preface
Before you begin
Connect the switch to the network
Preface
Bold text
Text conventions
Publications
Related information
Plain Courier text
Example Set Trap Monitor Filters
Online
How to get help
Preface
This chapter includes the following topics
Nortel SNA solution
Supported users
Elements of the Nsna solution
Overview
Role of the Nortel Snas
Nortel SNA VLANs and filters
Nortel Snas 4050 functions
Groups and profiles
Authentication methods
TunnelGuard host integrity check
About SSH
Communication channels
Communication channels in the Nortel SNA network
RSA DSA
Nortel Snas 4050 clusters
One-armed and two-armed configurations
Two-armed configuration
One-armed configuration
Illustrates a two-armed configuration
Nortel SNA configuration and management tools
Configure the network Dhcp server
Nortel Snas 4050 configuration roadmap
Overview
Overview
Overview
Overview
Overview 320818-A
Chapter Initial setup
Initial setup
Management IP address
About the IP addresses
Portal Virtual IP address
Log on using the following username and password
Initial setup
Login admin Password admin
Real IP address
Select the option for a new installation
Setup Menu displays
Enter port number for the management interface
Enter Vlan tag id or zero for no Vlan
Enter network mask 255.255.255.0 mask
Enter default gateway IP address or blank to skip
Setup a two armed configuration yes/no no
Enter port number for the traffic interface
Specify the MIP for this device or cluster
Enter IP address for this machine on traffic interface
Enter a timezone or select select timezone
Specify the NTP server, if applicable
Configure the time settings
Specify the DNS server, if applicable
Enter NTP server address or blank to skip IPaddr
Specify the pVIP of the Nortel Snas 4050 device
Change the admin user password, if desired
Specify a name for the Nortel Snas 4050 domain
Create http to https redirect server no
Settings created by the quick setup wizard
Extended profile details
Adding a Nortel Snas 4050 device to a cluster
Before you begin
Select the option to join an existing cluster
Joining a cluster
Enter network mask 255.255.255.0 mask
Specify the MIP of the existing cluster
Enter the existing admin user password password
Next steps
Setup successful Login
Applying and saving the configuration
Applying and saving the configuration using the Srem
Applying and saving the configuration using the CLI
Cfg/dump
Cfg/ptcfg
Apply and Commit buttons
Initial setup 320818-A
Chapter Managing the network access devices
Managing the network access devices
Roadmap of domain commands
Managing network access devices using the CLI
Reset
Using the quick switch setup wizard
Adding a network access device using the CLI
Specify the IP address of the network access device
Cfg/domain 1/quick
Nsna communication port5000
Go to on
To continue, go to on
Red vlan id of Switch Vlan ID
Switch menu displays
Manually adding a switch
Cfg/domain #/switch switch ID
Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete
Deleting a network access device using the CLI
Configuring the network access devices using the CLI
Cfg/domain #/switch switch ID followed by
Switch menu includes the following options
Ip IPaddr
Cfg/domain #/switch #/vlan
Mapping the VLANs using the CLI
Followed by
Dis Delete
Cfg/domain #/switch #/vlan followed by
Domain vlan or Switch vlan menu displays
Cfg/domain #/switch #/vlan/list
Add name Vlan ID
Managing SSH keys using the CLI
For an Ethernet Routing Switch 5510, 5520, or
Generating SSH keys for the domain using the CLI
Nsnas SSH key menu displays
Cfg/domain #/sshkey
Nsnas SSH key menu includes the following options
Cfg/domain #/switch #/sshkey/export
Cfg/domain #/sshkey followed by
Main# /cfg/domain 1/sshkey
Shows sample output for the /cfg/domain #/sshkey command
Cfg/domain #/switch #/sshkey followed by
Cfg/domain #/switch #/sshkey
Cfg/domain#1/sshkey/export command to
Monitoring switch health using the CLI
Reimporting the network access device SSH key using the CLI
Cfg/domain #/switch #/hlthchk
Enter Apply to apply the change immediately
Cfg/domain #/switch #/dis
Cfg/domain #/switch #/hlthchk followed by
HealthCheck menu includes the following options
Deadcnt count
Adding a network access device using the Srem
Managing network access devices using the Srem
To add a network access device, use the following steps
Cfg/domain #/switch #/ena
Add a Switch fields
Add a Switch
Configuring the network access devices using the Srem
Deleting a network access device using the Srem
Switch Configuration screen 320818-A
Switch Configuration screen appears see Figure
Switch Configuration fields
You can perform the Vlan mapping in two ways
Mapping the VLANs using the Srem
Domain VLANs screen
Mapping VLANs by domain
To add VLANs to a domain, complete the following steps
Adding VLANs to a domain
Click Add Add a new Vlan dialog box appears see Figure
Add a new Vlan fields
Removing VLANs from a domain
Switch VLANs screen
Mapping VLANs by switch
To add VLANs to a switch, complete the following steps
Adding VLANs to a switch
Removing VLANs from a switch
Managing SSH keys using the Srem
Managing the network access devices
Managing the network access devices
Key Generation screen appears see Figure
Generating SSH keys for the domain using the Srem
Switch SSH Key fields
Exporting SSH keys for the domain using the Srem
Export Key screen appears see Figure
Export Key fields
Click Apply on the toolbar to begin the export process
Switch SSH Key screen appears see Figure
Managing SSH keys for Nortel SNA communication using
Reimporting the network access device SSH key using the Srem
Switch SSH Key screen appears see on
Monitoring switch health using the Srem
Click Delete Switch SSH Key
Click Import SSH from Switch
Health Check screen 320818-A
Health Check screen appears see Figure
Viewing a connected client list using the Srem
Connected Clients fields
Managing the network access devices
Switch Configuration screen
Chapter Configuring the domain
Configuring the domain
Configuring the domain using the CLI
Cfg/domain
Captive portal Portal look and feel Linksets
Logging traffic with syslog messages
Details onoff
Manually creating a domain using the CLI
Creating a domain using the CLI
You can create a domain in two ways
Cfg/domain domain ID
320818-A
Main# /cfg/domain
Using the Nortel Snas 4050 domain quick setup wizard
Cfg/quick
Main# cfg/quick
Specify the certificate to be used by the portal server
Configuring the domain
Specify whether the SSL server uses chain certificates
Do you want to configure a switch? yes/no no
Do you require chain certificates yes/no no
Do you want an http to https redirect server yes/no no
Do you want to create a tunnelguard test user? yes/no yes
Configuring the domain
To delete a domain, use the following command
Deleting a domain using the CLI
Cfg/domain #/del
To configure the domain, use the following command
Configuring domain parameters using the CLI
Cfg/domain domain ID followed by
Pvips IPaddr
Httpredir
TG menu displays TG menu includes the following options
Configuring the TunnelGuard check using the CLI
Cfg/domain #/aaa/tg
Cfg/domain #/aaa/tg followed by
Cfg/domain #/aaa/tg/status-quo
Cfg/domain #/aaa/tg/quick
Using the quick TunnelGuard setup wizard in the CLI
TunnelGuard quick setup wizard creates a default SRS rule
Configuring the SSL server using the CLI
Server 1001 menu displays
Main# /cfg/domain #/aaa/tg/quick
Server 1001 menu includes the following options
Tracing SSL traffic using the CLI
Cfg/domain #/server followed by
Interface ID
Ssldump
Output mode
Cfg/domain #/server/trace followed by
Cfg/domain #/adv/interface command
Tcpdump
Ping host
SSL Settings menu displays
Configuring SSL settings using the CLI
Dnslookup host
Traceroute host
Cfg/domain #/server/ssl followed by
SSL Settings menu includes the following options
Cert certificate
Index
Index list
Cachain certificate
Yes
Cfg/domain #/server/ssl/protocol
Ena Dis
Configuring traffic log settings using the CLI
Traffic Log Settings menu includes the following options
Traffic Log Settings menu displays
Cfg/domain #/server/adv/traflog
Cfg/domain #/server/adv/traflog followed by
Cfg/domain #/httpredir
Configuring Http redirect using the CLI
Cfg/domain #/httpredir followed by
Redir onoff
Cfg/sys/host #/interface command see
Configuring advanced settings using the CLI
Cfg/domain #/adv
Cfg/domain #/adv followed by
Configuring Radius accounting using the CLI
Radius Accounting Servers menu displays
Managing Radius accounting servers using the CLI
Cfg/domain #/aaa/radacct
Cfg/domain #/aaa/radacct followed by
Cfg/domain #/aaa/radacct/servers followed by
NSNAS-Portal-ID
VPN Attribute menu displays
Cfg/domain #/aaa/radacct/vpnattribu
VPN Attribute menu includes the following options
Configuring the domain using the Srem
Cfg/domain #/aaa/radacct/vpnattribu followed by
Vendorid
Creating a domain using the Srem
Secure Access Domain Table screen 320818-A
Manually creating a domain using the Srem
Add a Secure Access Domain fields
Add a Secure Access Domain
Using the Srem Domain Quick Wizard
Configuring the domain
Click Domain Quick Wizard
Domain Quick Wizard General Settings fields
Click Next
Domain Quick Wizard Certificate fields
Domain Quick Wizard Certificate
Organization name and do not use any of the following
Domain Quick Wizard Certificate Chain fields
Domain Quick Wizard Certificate Chain
Domain Quick Wizard Server fields
Domain Quick Wizard Server dialog box appears see Figure
Domain Quick Wizard Switch fields
Domain Quick Wizard Switch dialog box appears see Figure
Domain Quick Wizard Tunnel Guard fields
Domain Quick Wizard Tunnel Guard dialog box appears see
To delete a domain, perform the following steps
Deleting a domain using the Srem
To configure a domain, perform the following steps
Configuring domain parameters using the Srem
Domain Configuration fields
Domain domain Configuration screen
Additional domain configuration in the Srem
Additional domain configuration tabs
Component Description
Additional domain tree components
Configuring the TunnelGuard check using the Srem
TunnelGuard Configuration screen appears see Figure
TunnelGuard Configuration fields
Groups using the Srem on
TunnelGuard Quick Setup screen appears see Figure
Using the TunnelGuard Quick Setup in the Srem
TunnelGuard Quick Setup fields
Server Configuration screen 320818-A
Configuring the SSL server using the Srem
Server Configuration fields
Server SSL Settings screen 320818-A
Configuring SSL settings using the Srem
ALL@STRENGTH
Server SSL Settings fields
Configuring the domain Server SSL Settings fields
Configuring traffic log settings using the Srem
Traffic Log Syslog Settings screen appears see Figure
Traffic Log Syslog Settings fields
Tracing SSL traffic using the Srem
Configuring Http redirect using the Srem
Http Redirect screen 320818-A
Http Redirect fields
Configuring Radius accounting using the Srem
Configuring Nortel Snas 4050-specific attributes using
Radius accounting Configuration screen appears see Figure
Adding a Radius accounting server using the Srem
Managing Radius accounting servers using the Srem
Radius accounting Configuration fields
Radius Accounting Servers screen
Radius Accounting Servers screen appears see Figure
Radius Accounting Server fields
Moving a Radius accounting server using the Srem
Deleting a Radius accounting server using the Srem
Configuring the domain 320818-A
Chapter Configuring groups and profiles
Overview
Configuring groups and profiles
Groups
This section includes the following topics
Default group
TunnelGuard SRS rule
Linksets
Extended profiles
Create the SRS rules see TunnelGuard SRS Builder on
Configuring groups and extended profiles using the CLI
Roadmap of group and profile commands
To create and configure a group, use the following command
Configuring groups using the CLI
Cfg/domain 1/aaa/group group ID
Restrict
Cfg/domain 1/aaa/group # followed by
Extend profile ID
Comment comment
Tgsrs SRS rule name
Main# /cfg/domain 1/AAA/group
Cfg/domain 1/aaa/filter filter ID
Configuring client filters using the CLI
Cfg/domain 1/aaa/filter filter ID followed by
Client Filter menu includes the following options
Tg truefalseignore
Main# /cfg/domain 1/AAA/filter
Configuring extended profiles using the CLI
Cfg/domain 1/aaa/group group IDgroup name/extend
Cfg/domain 1/aaa/group #/extend # followed by
Extended Profile menu includes the following options
Filter name
Vlan name
Linkset Del
Cfg/domain 1/aaa/group #/extend #
Main# cfg/domain 1/aaa/group 2/extend
Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow
Cfg/domain 1/aaa/group #/linkset
Mapping linksets to a group or profile using the CLI
Cfg/domain 1/aaa/group #/extend #/linkset
Cfg/domain 1/aaa/group #/extend #/linkset followed by
Linksets# add example2
Main# cfg/domain 1/aaa/group 1/linkset
Linksets# insert 2 example3
Creating a default group using the CLI
Configuring groups and extended profiles using the Srem
Configuring groups using the Srem
This section contains the following topics
Click a Guide to Create a Group on the toolbar
Using the guide for creating groups
Groups screen 320818-A
Adding a group
Add a Group fields
Click Add Add a Group dialog box appears see Figure
Group Configuration screen appears see Figure
To configure a group, perform the following steps
Modifying a group
Group Configuration fields
Configuring client filters using the Srem
Client Filters screen appears see Figure
Adding a client filter
Add a Client Filter fields Sheet 1
Click Add Add a Client Filter dialog box appears see Figure
Check using the Srem on
Client filter Configuration screen appears see Figure
To configure a client filter, perform the following steps
Modifying a client filter
Client Filters configuration fields
Configuring extended profiles using the Srem
Extended Profiles screen appears see Figure
Adding an extended profile
Add an Extended Profile fields
Add an Extended Profile screen
Modifying an extended profile
Extended profiles Configuration screen appears see Figure
Extended Profile Configuration fields
Mapping linksets to a group or profile using the Srem
Linksets screen for a group
Mapping linksets to a group
To add a linkset to a group, perform the following steps
Adding linksets to a group
Add a Linkset fields
Reordering linksets in a group
Removing linksets from a group
Linksets screen for an extended profile
Mapping linksets to a profile
Adding linksets to an extended profile
Reordering linksets in an extended profile
Removing linksets from an extended profile
AAA Configuration screen 320818-A
Creating a default group using the Srem
AAA Configuration fields
Configuring groups and profiles 320818-A
Chapter Configuring authentication
Configuring authentication
Before you begin
Configuring authentication using the CLI
Cfg/domain 1/aaa
Roadmap of authentication commands
Command
Cfg/domain 1/aaa/auth auth ID
Configuring authentication methods using the CLI
Radiusldaplocal
Cfg/domain 1/aaa/auth auth ID followed by
Display
Local accesses the Local database menu
Cfg/domain 1/aaa/auth #/adv
Configuring Radius authentication using the CLI
Cfg/domain 1/aaa/auth #/adv followed by
Groupauth auth IDs
You can perform the following configuration tasks
Adding the Radius authentication method using the CLI
Configuring authentication
Main# /cfg/domain 1/aaa/auth
Modifying Radius configuration settings using the CLI
Cfg/domain 1/aaa/auth #/radius
Type
Cfg/domain 1/aaa/auth #/radius followed by
Timeout interval
Managing Radius authentication servers using the CLI
Radius servers menu displays
Sessiontim
Cfg/domain 1/aaa/auth #/radius/servers followed by
Radius servers menu includes the following options
Configuring session timeout using the CLI
Configuring Ldap authentication using the CLI
Cfg/domain 1/aaa/auth #/radius/sessiontim
Adding the Ldap authentication method using the CLI
Configuring authentication
Cfg/domain 1/aaa/auth #/ldap
Modifying Ldap configuration settings using the CLI
Cfg/domain 1/aaa/auth #/ldap followed by
Ldap menu displays Ldap menu includes the following options
Do not use the isdbinddn and isdbindpas
Isdbindpas password
SAMAccountName=bill . The user’s login
Userattr names
Ou=Users, dc=example, dc=com .
Enauserpre truefalse
Enaldaps truefalse
Activedire
Cfg/domain 1/aaa/auth #/ldap/servers
Managing Ldap authentication servers using the CLI
Removes the specified Ldap server from the current
Cfg/domain 1/aaa/auth #/ldap/ldapmacro
Managing Ldap macros using the CLI
Cfg/domain 1/aaa/auth #/ldap/ldapmacro followed by
Ldap attribute
Add variable name
Prefix suffix
Variable name
Set the Active Directory settings using
Managing Active Directory passwords using the CLI
Active Directory Settings menu displays
Cfg/domain 1/aaa/auth #/ldap/activedire command
Configuring local database authentication using the CLI
Configuring authentication
Authentication menu commands local database
You can add users to the database in two ways
Managing the local database using the CLI
Local database menu displays
Cfg/domain 1/aaa/auth #/local
Local database menu includes the following options
Cur group command
Cfg/domain 1/aaa/auth #/local followed by
TAB or use the /cfg/domain 1/aaa
Server filename key
Import protocol
Export protocol
Specifying authentication fallback order using the CLI
Main# /cfg/domain 1/aaa/authorder
Cfg/domain 1/aaa/authorder auth ID,auth ID
Configuring authentication using the Srem
Authentication Server Table appears see Figure
Configuring authentication methods using the Srem
Configuring Radius authentication using the Srem
Adding the Radius method and server
Add an Authentication Server Radius 320818-A
Add an Authentication Server Radius fields
Modifying Radius configuration
Configuration 320818-A
Modifying Radius method settings
Configuration fields
Radius Configuration screen appears see Figure
Modifying Radius configuration settings
Radius Configuration fields
Configuring authentication Radius Configuration fields
Managing additional Radius servers
Add a Radius Server fields
Adding a Radius server
Reordering additional Radius servers
Configuring authentication Add a Radius Server fields
Removing a Radius server
Next steps
Configuring Ldap authentication using the Srem
Adding the Ldap method and server
Add an Authentication Server Ldap fields
Modifying Ldap configuration
Modifying Ldap method settings
Configuration fields
Ldap Configuration screen appears see Figure
Modifying Ldap configuration settings
Ldap Configuration fields
Cn=Users, dc=example, dc=com
Ou=Users, dc=example, dc=com. The user
Active Directory, on
Configuring authentication Ldap Configuration fields
Managing additional Ldap servers
Click Apply
Adding an Ldap server
Add an Ldap Server fields
Removing an Ldap server
Reordering additional Ldap servers
Managing Ldap macros
Ldap Macros
Add an Ldap Macro fields
Adding Ldap macros
Removing Ldap macros
Reordering Ldap macros
Populate the database see Populating the database on
Configuring local database authentication using the Srem
Adding the Local method
Database on
Add an Authentication Server Local fields
Adding users to the local database
Populating the database
You can populate the Local database in two ways
Local Users screen appears see Figure
Add a Local User fields
Click Add Add a Local User dialog box appears see Figure
Configuring authentication
Import Local User Database 320818-A
Importing a database
Import Local User Database fields
Modifying Local database configuration
Modifying Local method settings
Local Users screen appears see on
Modifying local users
Local Users Configuration 320818-A
Local Users Configuration fields
Modifying local user passwords
Local Users Local User Configuration 320818-A
Select the Local User Configuration tab
Local Users Local User Configuration fields
Export Local User Database 320818-A
Exporting the database
Export Local User Database fields
Specifying authentication fallback order using the Srem
Authentication Server Order
Saving authentication settings
Chapter TunnelGuard SRS Builder
TunnelGuard user interface
Configuring SRS rules
TunnelGuard SRS Builder
\tunnelguard\tg.txt
File menu
Menu commands
Software Definition menu
Describes important items from the File menu
Software Definition Entry menu items Sheet 1
Software Definition Entry menu
Tool menu
TunnelGuard Rule menu
Describes important items from the TunnelGuard Rule menu
Describes important items from the Tool menu
SRS Definition toolbar item descriptions
SRS definition toolbar
SRS Components table
Software Definition Available SRS list
SRS Components table items
WINNT%\xxx.dll
Customizing a component
TunnelGuard Rule Definition screen
Memory snapshot
SRS Rule toolbar
Memory snapshot item descriptions
SRS Rule Expression Constructor
SRS Rule list
Available Expression list
Rule Expression Constructor
Creating a software definition
Managing TunnelGuard rules and expressions
Selecting modules or files from running processes
Adding entries to a software definition
Create New Memory Module SRS window
For more information, see Making API calls on
Select the TunnelGuard Rule Definition tab
Selecting file on disk
Create New on Disk SRS Entry window
Creating logical expressions
TunnelGuard Rule Definition tab
Click the TunnelGuard Rule Definition tab
Click the Form TunnelGuard Rule Expression button
New SRS Rule window
Available Expressions screen
TunnelGuard Rule Name screen
Registry-only SRS entry
Registry-based rules
Supported integer operands
Describes supported operands for integer values
String regular expression Description
Constructs for string based regular expressions Sheet 1
Creating a registry entry
Enter the Key Value Data Expression
Registry-based File/Module
TunnelGuard SRS Builder Registry Entry
Manually creating an OnDisk file entry
Manually creating SRS entries
Create new OnDisk SRS Entry
Create New Memory Module SRS Entry page opens see on
Manually creating a Memory Module entry
Create new Memory Module SRS entry
File age check
Adding a TunnelGuard rule comment
Adding comments
TunnelGuard SRS Builder Date/Time Range
Adding a software definition comment
Deleting SRS rules and their components
Deleting a software definition entry
Deleting a software definition
Deleting a TunnelGuard rule
Deleting an expression
Making API calls
TunnelGuard support for API calls
TunnelGuard SRS Builder 320818-A
Chapter Managing system users and groups
Managing system users and groups
User rights and group membership
Group membership and user rights
Roadmap of system user management commands
Managing system users and groups using the CLI
Cfg/sys/user
User menu displays User menu includes the following options
Managing user accounts and passwords using the CLI
Cfg/sys/user followed by
Add username
Del username
Edit username
Managing user settings using the CLI
Caphrase
Password user
Managing user groups using the CLI
Password confirm User password
Cfg/sys/user/edit username
Adding a new user
CLI configuration examples
This section includes the following detailed examples
Cfg/sys/user/edit username/groups
Main# /cfg/sys/user
Access the User Menu
User# edit certadmin
Apply the changes
Verify and apply the changes
Changing a user’s group assignment
User# edit admin
Changing your own password
Changing passwords
Changing another user’s password
Type the password command to initialize the password change
Deleting a user
Managing user accounts using the Srem
Managing system users and groups using the Srem
To manage users, choose from one of the following tasks
User Table
Click Add Add a User dialog box appears see Figure
Adding new user accounts
To remove an existing user, perform the following steps
Removing existing user accounts
Add a User fields
Password Setting 320818-A
Setting password expiry using the Srem
Password Settings fields
Change Your Password 320818-A
Changing your password using the Srem
Click Change Password
Changing another user’s password using the Srem
Only the admin user can change the passwords of other users
Change Your Password fields
Change User Password 320818-A
Change User Password fields
Setting the certificate export passphrase using the Srem
Set Certificate Export PassPhrase 320818-A
Set Certificate Export PassPhrase screen appears see Figure
Click Set Pass Phrase
Managing user groups using the Srem
Set Certificate Export PassPhrase fields
Choose from the following tasks to manage users groups
Adding a user group
To add a new user group, perform the following steps
Click Add Add a User Group dialog box appears see Figure
Removing a user group
Add a User Group fields
Managing system users and groups
Chapter Customizing the portal and user logon
Customizing the portal and user logon
Captive portal and Exclude List
Exclude List
String Usage Expressions
Allowed regular expressions and escape sequences
Portal look and feel
Portal display
Colors
Default appearance
Color Hexadecimal code
Common colors, with hexadecimal codes Sheet 1
Language localization
Content-Type text/plain charset=iso-8859-1/n
Autorun linksets
Linksets and links
Macros
Planning the linksets
Examples of redirection URLs and links
Automatic redirection to internal sites
Examples of redirection URLs and link text Sheet 1
Automatic JRE upload
Managing the end user experience
Roadmap of portal and logon configuration commands
Customizing the portal and logon using the CLI
Windows domain logon script
Number
Color2 code
Configuring the Exclude List using the CLI
Configuring the captive portal using the CLI
DNS Exclude menu displays
Cfg/domain 1/dnscapt
DNS Exclude menu includes the following options
Changing the portal language using the CLI
Cfg/domain 1/dnscapt/exclude followed by
Language Support menu displays
Configuring language support using the CLI
Cfg/lang
Language Support menu includes the following options
Cfg/lang/import command
Cfg/lang followed by
Server filename
Cfg/domain 1/portal/lang
Setting the portal display language using the CLI
Cfg/domain 1/portal/lang followed by
Cfg/domain 1/portal/lang/list
Restore
Configuring the portal display using the CLI
Cfg/domain 1/portal
Cfg/domain 1/portal followed by
Redirect URL
Logintext text
Linkurl onoff
Linktext text
Linkcols columns
Linkwidth width
Portal Colors menu displays
Changing the portal colors using the CLI
Cfg/domain 1/portal/colors
Portal Custom Content menu displays
Configuring custom content using the CLI
Cfg/domain 1/portal/content
Portal Colors menu includes the following options
Cfg/domain 1/portal/content followed by
Portal Custom Content menu includes the following options
Tftpftpscpsftp. The default is tftp
Available
Cfg/domain 1/linkset linkset ID
Configuring linksets using the CLI
Cfg/domain 1/linkset linkset ID followed by
Linkset menu includes the following options
Text text
Autorun truefalse
Cfg/domain 1/linkset linkset ID/link index
Configuring links using the CLI
Cfg/domain 1/linkset linkset ID/link index followed by
Link menu includes the following options
Move new index
Configuring FTP link settings using the CLI
Configuring external link settings using the CLI
Cfg/domain 1/linkset linkset ID/link index/ external/quick
Cfg/domain 1/linkset linkset ID/link index/ ftp/quick
Configuring the captive portal using the Srem
Customizing the portal and logon using the Srem
Enabling DNS capture
DNS Capture fields
DNS Capture screen includes the following components
Click Add Entry appears in the DNS Exclude List
Configuring the DNS Exclude List using the Srem
Add DNS Domain fields
Changing the portal language using the Srem
Select the System Language tab
Configuring language support using the Srem
Languages sub-tabs appear see Figure
Choose from one of the following tasks
Viewing predefined languages
To view custom languages, use the following procedure
Viewing and removing custom languages
Click the Import/Export Definition tab
Importing and exporting language definitions
Import/Export Definition screen appears see Figure
Import/Export Definition fields
Setting the portal display language using the Srem
Language fields
Configuring the portal display using the Srem
Portal Configuration tab appears see Figure
Configuring content
Portal Configuration fields
Sites, see on
Import Banner screen 320818-A
Importing banners
Import Banner fields
Color Settings screen 320818-A
Changing the portal colors using the Srem
Color Settings fields
Configuring custom content using the Srem
Basics screen appears see Figure
Viewing basic information about custom content
Basics fields
To import custom content, perform the following steps
Importing custom content
Import Content screen appears see Figure
Import Content fields
To export custom content, perform the following steps
Exporting custom content
Export Content screen appears see Figure
Export Content fields
Configuring linksets using the Srem
To create a linkset, perform the following steps
Creating a linkset
Portal Links screen appears see Figure
Add a Linkset
Click Add Add a Linkset dialog box appears see Figure
Modifying a linkset
Linkset Configuration screen appears see Figure
To modify a linkset, perform the following steps
See Linksets and links on
Linkset Configuration fields
Configuring links using the Srem
To create an external link, perform the following steps
Creating an external link using the Srem
Links screen appears see Figure
Add a Portal Link fields
Click Add Add a Portal Link dialog box appears see Figure
Creating an FTP link using the Srem
Add a Portal Link FTP
To create an FTP link, perform the following steps
Add a Portal Link FTP fields
External link Configuration screen appears see Figure
Modifying external link settings using the Srem
To modify a link, perform the following steps
Reordering links using the Srem on
External link Configuration fields
FTP link Configuration screen appears see Figure
Modifying FTP link settings using the Srem
FTP link Configuration fields
Reordering links using the Srem
Re Order Links fields
Re Order Links screen appears see Figure
Customizing the portal and user logon 320818-A
Chapter Configuring system settings
Configuring system settings
Cfg/sys
Configuring the cluster using the CLI
Roadmap of system commands
Parameter
Health interval
Show
Cfg/sys followed by
Configuring system settings using the CLI
Rsa server ID
Cfg/domain #/server/trace/ssldump
Configuring the Nortel Snas 4050 host using the CLI
Cfg/domain #/server/trace/tcpdump
Cfg/sys/host host ID
Cfg/sys/host host ID followed by
Cluster Host menu includes the following options
/cfg/sys/host #/interface #
Interface number
Ports = 1,23
Ports
Hwplatform
Halt
Cfg/sys/cur command
Reboot
Cfg/sys/host #/delete
Viewing host information
Configuring host interfaces using the CLI
Cfg/sys/host host ID/interface interface ID
Cfg/sys/host #/interface interface ID
Vlanid tag
Cfg/sys/host #/interface interface ID followed by
Mode
Failovertrunking
Primary port
Configuring static routes using the CLI
Cfg/sys/routes
Cfg/sys/host host ID/routes
Cfg/sys/host #/interface #/routes followed by
Configuring host ports using the CLI
Add IPaddr mask
Gateway
Host Port menu includes the following options
Managing interface ports using the CLI
Cfg/sys/host #/port port followed by
Cfg/sys/host #/interface interface ID/ports
Cfg/sys/host #/ports command see
Configuring the Access List using the CLI
Cfg/sys/accesslist
Interface Ports menu includes the following options
Cfg/sys/accesslist followed by
Configuring date and time settings using the CLI
Date and Time menu displays
Add IPaddr mask
Date and Time menu includes the following options
Managing NTP servers
NTP Servers menu displays
Cfg/sys/time followed by
NTP Servers menu includes the following options
Configuring DNS servers and settings using the CLI
Cfg/sys/time/ntp followed by
Cfg/sys/dns
Count count
Retransmit interval
Ttl ttl
Health interval
Cfg/sys/dns/servers
Managing DNS servers
Cfg/sys/dns/servers followed by
RSA Servers menu displays Switch Software Release
Configuring RSA servers using the CLI
Move index number new index number
Cfg/sys/rsa
RSA Servers menu includes the following options
Configuring syslog servers using the CLI
Syslog Servers menu displays
Cfg/sys/rsa followed by
Cfg/sys/syslog followed by
Syslog Servers menu includes the following options
Facility
Syslog.conf under Unix
Administrative Applications menu displays
Configuring administrative settings using the CLI
Cfg/sys/adm
Cfg/sys/adm followed by
Audit
Srsadmin
Auth
Telnet onoff
Configuring Nortel Snas 4050 host SSH keys using the CLI
Enabling TunnelGuard SRS administration using the CLI
Cfg/sys/adm/srsadmin
Cfg/sys/adm/srsadmin followed by
Cfg/sys/adm/sshkeys followed by
Cfg/sys/adm/sshkeys
Draft-ietf-secsh-publickeyfile
Knownhosts
SSH Known Host Keys menu displays
Managing known hosts SSH keys using the CLI
SSH Known Host Keys menu includes the following options
Cfg/sys/adm/sshkeys/knownhosts
About Radius auditing
Configuring Radius auditing using the CLI
About the vendor-specific attributes
Map this string to the Vendor-Type value
Configuring Radius auditing
NSNAS-SSL-Audit-Trail
Cfg/sys/adm/audit
Radius Audit Servers menu displays
Managing Radius audit servers using the CLI
Radius Audit Servers menu includes the following options
Cfg/sys/adm/audit/servers
Adds a Radius audit server to the configuration. You
Cfg/sys/adm/auth
Configuring authentication of system users using the CLI
Fallback onoff
Radius Authentication Servers menu displays
Cfg/sys/adm/auth/servers
Cfg/sys/adm/auth/servers followed by
Configuring the cluster using the Srem
Select the System Configuration tab
Configuring system settings using the Srem
System Configuration screen appears see Figure
System Configuration fields
Configuring a Nortel Snas 4050 host using the Srem
Hosts
Host
Viewing and configuring TCP/IP properties
Host fields
Viewing and installing host licenses
Viewing global licenses for all hosts
Global Licenses fields
Describes the Global Licenses fields
Viewing per domain licenses for all hosts
Per Domain Licenses fields
Describes the Per Domain Licenses fields
Viewing installed licenses for a particular host
Installing a license for a particular host
Install New License
To continue, choose one of the following procedures
Configuring host interfaces using the Srem
To create a host interface, perform the following steps
Adding a host interface
Select the System Hosts host Interfaces tab
Add an Interface fields
Click Apply New interface appears in the Interfaces table
Configuring system settings Add an Interface fields
Configuring an existing host interface
Interface fields
Link is transferred back to the primary port
Removing a host interface
Configuring static routes using the Srem
To delete a host interface, perform the following steps
IP Routes
Viewing static routes for a cluster
Routes
Viewing static routes for a host
Managing static routes
Viewing static routes for an interface
Add Route fields
Adding a static route
Removing a static route
Ports
Configuring host ports using the Srem
Port
Port fields
Managing interface ports using the Srem
Removing interface ports
Adding interface ports
Add a Port fields
Configuring the access list using the Srem
Access List Table appears see Figure
Adding an access list entry
Select the System Access List tab
Access List Table appears see on Click Add
Add Access Host dialog box appears see Figure
Removing an Access List entry
Add Access Host fields
Date & Time
Managing date and time settings using the Srem
Select the System Date & Time tab
Configuring the date and time settings
Date & Time fields
Select the System Date and Time tab
Adding an NTP server
Add NTP Server fields
Removing an NTP server
Select the System DNS Client Settings tab
Configuring DNS settings using the Srem
DNS Client Settings screen appears see Figure
DNS Client Settings fields
Managing syslog servers
Configuring servers using the Srem
From this screen, complete the following tasks as necessary
Adding a new syslog server
Click Add Add Syslog Server dialog box appears see Figure
Add Syslog Server fields
Removing an existing syslog server
Reordering a new syslog server
Adding a DNS server on Removing an existing DNS server on
Select the System Servers DNS Servers tab
Adding a DNS server
Add DNS Server fields
Removing an existing DNS server
RSA Server Table
Managing RSA servers
Adding an RSA server
To configure RSA servers, perform the following steps
Select the System Servers RSA Server Table tab
Add RSA Server fields
Removing the RSA node secret
Removing an existing RSA server
RSA Server fields
Describes the RSA Server fields
Click Remove Secret Node
Importing sdconf.rec
Select an RSA server from the RSA Server Table
Import sdconf.rec screen appears see Figure
Select the Import sdconf.rec tab
Import sdconf.rec fields
Configuring administrative settings using the Srem
Configuring SRS control settings using the Srem
Select from one of the following tasks
Configuring Nortel Snas 4050 host SSH keys using
Add SSH Key fields
Show SSH Keys
Showing SSH keys
Configuring system settings
Managing Nortel Snas 4050 and known host SSH keys
SSH Keys Hosts field
Click Generate SSH Keys
Add SSH Key
Adding an SSH key for a known host using the Srem
Managing Radius audit settings using the Srem
About the vendor-specific attributes
Configuring Radius auditing
Radius audit Configuration
Configuring Radius audit settings using the Srem
Add Audit Configuration fields
Describes the Add Audit Configuration fields
Select from the following tasks to manage the audit servers
Managing Radius audit servers using the Srem
Click Add Add Audit Server dialog box appears see Figure
Adding a new Audit Server
Add Audit Server fields
Removing an existing Radius audit server
Managing Radius authentication of system users using
Configuring Radius authentication of system users using
Radius Authentication Configuration fields
Radius Server Table appears see Figure
Managing Radius authentication servers using the Srem
Add Radius Server fields
Adding a Radius authentication server
Removing an existing Radius server
Configuring system settings 320818-A
Chapter Managing certificates
Managing certificates
Supported key and certificate formats Sheet 1
Key and certificate formats
320818-A
Creating certificates
Installing certificates and keys
Updating certificates
Saving or exporting certificates and keys
Managing private keys and certificates using the CLI
Roadmap of certificate management commands
Cfg/cert cert id
Managing and viewing certificates and keys using the CLI
Cfg/cert cert ID followed by
/cfg/cert #/show command
Cert #/export command
Generating and submitting a CSR using the CLI
Phrase
CSR information
Cfg/cert #/request
Emailemail-address
IPip-address
Generating a CSR
Email Address tester@dummyssltesting.com
Save the CSR to a file
Adding a certificate to the Nortel Snas 4050 using the CLI
Add the certificate Enter the following command
Entire contents of the key, including
Lines
Cfg/cert #/cert
Certificate added Certificate 2# apply
Adding a certificate by pasting
Add the private key Enter the following command
Adding a private key to the Nortel Snas 4050 using the CLI
Cfg/cert #/key
Adding a private key by pasting
Certificate and key import information
Cfg/cert #/import
Anonymous
Admin@hostname.isd
Cfg/cert #/display
Displaying or saving a certificate and key using the CLI
Copy the private key, certificate, or both, as required
Displaying a private key and certificate
Certificate and key export information
Cfg/cert #/export
About the formats, see Key and certificate formats on
Cfg/cert #/test
Generating a test certificate using the CLI
Managing private keys and certificates using the Srem
Certificates screen
Viewing certificates using the Srem
To create a certificate, perform the following steps
Creating a certificate using the Srem
Select the Certificates Certificates tab
Add a Certificate Component fields
Managing certificates
To generate a CSR, perform the following steps
Generating and submitting a CSR using the Srem
CA Request fields
Importing a certificate or key using the Srem
Import Certificate screen 320818-A
Import Certificate fields
Displaying or saving a certificate and key using the Srem
Display Certificate screen 320818-A
Display Certificates fields
Export Certificate screen 320818-A
Export Certificate fields
Viewing configuration details
Viewing certificate information using the Srem
Describes the certificate Configuration fields
Configuration screen appears see Figure
Certificate Configuration fields
Viewing general information
Managing certificates Certificate Configuration fields
Describes the Info fields
Info screen appears see Figure
Info fields
Managing certificates Info fields
Viewing certificate subject settings
Describes the Subject fields
Subject screen appears see Figure
Subject fields
Managing certificates Subject fields
Chapter Configuring Snmp
Configuring Snmp
Configuring Snmp using the CLI
Cfg/sys/adm/snmp
Roadmap of Snmp commands
Snmp menu displays Snmp menu includes the following options
Configuring Snmp settings using the CLI
SNMPv2-MIBmenu displays
Configuring the Snmp v2 MIB using the CLI
Cfg/sys/adm/snmp/snmpv2-mib
SNMPv2-MIBmenu includes the following options
Configuring the Snmp community using the CLI
Cfg/sys/adm/snmp/snmpv2-mib followed by
Cfg/sys/adm/snmp/community
Cfg/sys/adm/snmp/users user ID
Configuring SNMPv3 users using the CLI
Des Aes
Md5 Sha
Cfg/sys/adm/snmp/users user ID followed by
Snmp User menu includes the following options
Notification Target menu displays
Configuring Snmp notification targets using the CLI
Cfg/sys/adm/snmp/target target ID
Notification Target menu includes the following options
Configuring Snmp events using the CLI
Event menu displays
Version v1v2cv3
Cfg/sys/adm/snmp/event followed by
Event menu includes the following options
Options -b name
OID op value
OID value
Options -t name
Event
OID
Options -x name
Comment name
Notification
This section contains information about the following topics
Configuring Snmp settings using the Srem
To configure SNMP, perform the following steps
Configuring Snmp using the Srem
Sonmp
Snmp Configuration fields
Configuring Snmp targets using the Srem
To add an Snmp target, perform the following steps
Adding Snmp targets
Snmp Target Table appears see Figure
Add Snmp Target 320818-A
Click Add Add Snmp Target dialog box appears see Figure
Snmp Target fields
Managing Snmp targets
Target Settings screen appears see Figure
To manage Snmp targets, perform the following steps
Removing Snmp targets
Configuring SNMPv3 users using the Srem
To add an SNMPv3 user, perform the following steps
Adding SNMPv3 users
SNMPv3 User Table appears see Figure
Add SNMPv3 User 320818-A
Click Add Add SNMPv3 User dialog box appears see Figure
Add SNMPv3 User fields
Managing SNMPv3 users
User Settings screen appears see Figure
User Settings fields Sheet 1
Removing SNMPv3 users
Configuring Snmp User Settings fields Sheet 2
Managing monitor events
Configuring Snmp events using the Srem
To manage monitor events, select from the following tasks
To add monitor events, perform the following steps
Adding monitor events
Add a Monitor fields
Viewing configuration details of monitor events
Boolean monitors
Removing monitor events
To delete a monitor event, perform the following steps
Boolean monitor fields Sheet 1
Add a Monitor Boolean
Threshold monitors
Configuring Snmp Boolean monitor fields Sheet 2
Threshold monitor fields
Existence monitor fields Sheet 1
Existence monitors
Existence monitor fields Sheet 2
Managing notification events
To add notification events, perform the following steps
Adding notification events
Notification Table screen appears see Figure
Add a Notification Event fields
Add a Notification Event
To delete a notification event, perform the following steps
Removing notification events
659
Viewing system information and performance statistics
Roadmap of information and statistics commands
Info
Stats
Information menu displays
Viewing system information using the CLI
Info followed by
Information menu includes the following options
Domain ID
Info/mac command
Switchid
Kick domain ID
Username
Switch ID
Info/ip command
Mac MACaddr
Username-prefix
Ethernet
Local
To view active alarms, use the following command
Viewing alarm events using the CLI
Info/events
Info/events followed by
Viewing AAA statistics using the CLI
Viewing log files using the CLI
To view and download log files, use the following command
Logs menu displays Logs menu includes the following options
Stats/aaa followed by
Stats/aaa
Total
Isdhost host ID
Main# stats/aaa/dump
Viewing local information using the Srem
Viewing all statistics using the CLI
Stats/dump
Describes the Information fields
Information screen appears see Figure
Information fields
Viewing cluster information using the Srem
Viewing the controller list using the Srem
Controller List fields
Describes the Controller List fields
Viewing Sonmp topology information using the Srem
Sonmp State fields
Describes the Sonmp State fields
Viewing switch distribution using the Srem
Describes the Switch Distribution fields
Viewing port information using the Srem
Switch Distribution fields
Port Information fields Sheet 1
Describes the Port Information fields
Viewing license information using the Srem
Viewing global license information
Nortel Snas 4050, SSL is the only type of license
Viewing license information for a domain
Viewing session details using the Srem
Sessions screen
Viewing active sessions using the Srem
Sessions parameters
Describes the Sessions parameters
Session Properties screen
Viewing details for a particular session
Describes the Session Properties parameters
Ending active user sessions
KickOut User fields
Click KickOut
Describes the Number of Sessions fields
Viewing the number of active sessions using the Srem
Number of Sessions fields
Viewing alarms using the Srem
Active Alarms screen 320818-A
Viewing active alarms using the Srem
Active Alarms fields
Describes the Active Alarms fields
Download Alarms screen 320818-A
Downloading alarms using the Srem
Describes the Download Alarms fields
Managing log files using the Srem
Download Alarms fields
Logs screen
Viewing the log list using the Srem
Describes the Download fields
Downloading log files using the Srem
Download fields Sheet 1
Viewing AAA statistics using the Srem
Hosts table
Viewing AAA statistics for a host
License tab opens see on
For a description of the fields, seeTable
Viewing License statistics
License statistics Sheet 1
Radius statistics 320818-A
Viewing Radius statistics
Radius statistics
Local DB statistics Sheet 1
Viewing Local database statistics
Viewing Ldap statistics
Ldap statistics
Statistics table
Viewing AAA statistics for the domain
Select one of the following tasks
Viewing License statistics
For the Nortel Snas 4050, SSL is the only type of license
Viewing Radius Statistics Sheet 1
For a description of the fields, see Table
320818-A
Viewing Local database statistics
Logging Accepted Rejected
Viewing Ldap Statistics Sheet 1
Viewing Ethernet statistics using the Srem
Ethernet Interface table
For a description of the fields seeTable
Viewing Rx statistics
Viewing Rx statistics Sheet 1
Rx Frames Displays number of errors due to malformed packets
Viewing Tx Statistics Sheet 1
Viewing Tx statistics
Information, see Configuring host ports using the Srem
Page
Chapter Maintaining and managing the system
Maintaining and managing the system
Managing and maintaining the system using the CLI
Maint
Boot
Roadmap of maintenance and boot commands
Maintenance menu displays
Performing maintenance using the CLI
Dumplogs protocol server filename all-isds?
Maintenance menu includes the following options
All-isds?
Maint followed by
Domain ID output
Starttrace tags
Mode
Stoptrace
Cfg/dump passphrase
Backing up or restoring the configuration using the CLI
Cfg
Configuration menu backup and restore commands
Ptcfg protocol
Server filename passphrase
Gtcfg protocol
Cfg followed by
Passphrase
Dump passphrase
Boot menu displays Boot menu includes the following options
Managing Nortel Snas 4050 devices using the CLI
Boot followed by
Software
Cfg/sys/host #/delete command see
Cfg/sys/host #/reboot command instead
Cfg/sys/host #/delete command
Boot/software
Activate command
Boot/software followed by
Software Management menu includes the following options
Activate version
Performing maintenance using the Srem
Managing and maintaining the system using the Srem
Upgradecomplete.pkg
Ftp 10.0.0.1 pub/SSL-5.1.1
Dumps
Dumping logs and status information using the Srem
Click Dump
Starting and stopping a trace using the Srem
Dump fields
To start or stop a trace, perform the following steps
Start/Stop Trace fields
Click Check Configuration
Checking configuration using the Srem
Backup & Restore 320818-A
Backing up or restoring the configuration using the Srem
If you later restore the configuration, the Certificate
Backup & Restore fields
Image List
Managing software versions using the Srem
Following tasks are available from this screen
Describes the Image List fields
Image List fields
Viewing details of the active software image
Select the System Boot Image List tab
Activating a software image
Removing an inactive software image
Downloading images using the Srem
Maintaining and managing the system
Download Image fields
Rebooting or deleting a Nortel Snas 4050 device using
Reboot/Delete ISD Options
Downloading files using the Srem
Describes the File Download fields
File Download screen appears see Figure
File Download fields
Maintaining and managing the system File Download fields
Running Nortel Snas 4050 diagnostics using the Srem
Diagnostics fields
Describes the Diagnostics fields
Maintaining and managing the system 320818-A
Upgrading the Nortel Snas
Chapter Upgrading or reinstalling the software
Upgrading or reinstalling the software
Performing minor and major release upgrades
Enter the host name or IP address of the server
Downloading the software image using the CLI
Admin@hostname/IP.isd
Activating the software upgrade package
Nsnas
Log in again and verify the new software version
At the Software Management# prompt, enter
Before you begin
Reinstalling the software
Upgrading or reinstalling the software
Reinstalling the software from an external file server
Restarting Restarting system
Booting Login
Alteon WebSystems, Inc
When the installation is complete, remove the CD and reboot
Reinstalling the software from a CD
Run install-nsnas isd4050
Upgrading or reinstalling the software 320818-A
Chapter Command Line Interface
Command Line Interface
Connecting to the Nortel Snas
Establishing a console connection
Console configuration parameters
Procedure
Requirements
Establishing a Telnet connection
Enabling and restricting Telnet access
Enabling and restricting SSH access
Establishing a connection using SSH
Running Telnet
Running an SSH client
For more information, see How to get help on
Accessing the Nortel Snas 4050 cluster
User access levels
Command line history and editing
CLI Main Menu or Setup
Idle timeout
Command Line Interface
Scenario
On page 780 illustrates the network configuration
Network devices Sheet 1
Configuration example
Configuration example Network devices Sheet 2
Summarizes the VLANs for the Ethernet Routing Switch
VLANs for the Ethernet Routing Switch
Steps
Configure the network DNS server
Create a new Dhcp scope see Figure
Configure the network Dhcp server
Naming the new Dhcp scope 320818-A
Specify the IP address range for the Dhcp scope see Figure
Choosing to configure additional options 320818-A
Enter the IP address of the default gateway see Figure
Specifying the DNS server
Enter the IP address of the DNS server see Figure
Shows the Dhcp scopes created for use in this example
Configure the network core router
Steps
Configure the Ethernet Routing Switch 8300 using the CLI
Configuring the VoIP VLANs
Configuring the Nortel Snas 4050 pVIP subnet
Configuring the Red, Yellow, and Green VLANs
Enabling SSH
Configuring the Nsna ports
Configuring the Nsna uplink filter
Enabling Nsna globally
Add the uplink port
Setting the switch IP address
Configure the Ethernet Routing Switch
5510-48Tconfig# ssh
Configuring SSH
5510-48Tconfig#nsna nsnas 10.40.40.0/24
5510-48Tconfig#nsna vlan 240 color voip
Configuring the login domain controller filters
Configure the Nortel Snas
5510-48Tconfig-if#exit
5510-48Tconfig#nsna enable
10.40.40.1
Performing initial setup
Enable SRS administration
Completing initial setup
Enter a password for the admin user
Main# cfg/sys/adm/srsadmin/ena
Main# cfg/domain 1/sshkey/generate
Adding the network access devices
Group 1# /cfg/domain 1/aaa/tg/quick
TG#../group 1/tgsrs srs-rule-test
Add the switch manually
Adding the Ethernet Routing Switch
Import the public SSH key from the switch
Main# cfg/domain 1/switch 1 Creating Switch
Main# cfg/domain 1/switch 2/sshkey/import
Use the quick switch wizard
Main# cfg/domain 1/switch 1/vlan/add yellow
Switch Vlan# ../../vlan/add yellow
Main# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena
Enabling the network access devices
Switch 2# apply Changes applied successfully
Domain Vlan# apply Changes applied successfully
Configuration example 320818-A
Appendix a CLI reference
Global commands
Using the CLI
Exit
Paste
Quit
Netstat
Command line history and editing
You can use the following CLI command shortcuts
Command stacking
Command line history and editing options Sheet 2
CLI shortcuts
Tab completion
Command abbreviation
NTP Servers# ../../dns/servers
Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l
Configuration# cur sys
Using a submenu name as a command argument
IP address and network mask formats
Using slashes and spaces in commands
IP addresses
Network masks
Variables
Variables
CLI Main Menu
CLI command reference
Appendix a CLI reference
Information menu
Information menu commands Sheet 1
Certs
Sys
Statistics menu
Configuration menu commands Sheet 1
Configuration menu
Cfg/cert cert ID Name name
Cert
Auth ID Radiusldaplocal
Cfg/domain Name name
Auth #/adv Secondauth auth ID
Auth ID for Ldap
Auth #/ldap Searchbase
Cfg/domain #/aaa Servers
Auth #/ldap/activedire Truefalse
Expiredgro Group
Cfg/domain #/aaa Add user name
Auth #/local Password group
Passwd user name
Auth #/radius Vendorid vendor ID
Cfg/domain #/aaa Vendorid vendor ID
Profile ID Access rule Number Linkset Del
Auth #/radius Vendortype vendor
Type Ena Dis Cfg/domain #/aaa
Group #/linkset Del index number
Group #/extend # Del index number
Radacct Vpnattribu
Ena Dis Cfg/domain #/aaa List
Recheck interval
Cfg/domain #/aaa/tg Quick
Heartbeat interval
Cfg/domain #/adv Interface interface
Cfg/domain #/linkset Name name
Restore
Linkset ID Text text
Linkset #/link index Text text
Cfg/domain #/portal Color1 code
Content Server filename
Colors Color2 code
Lang Charset
Adv/traflog Udpport port
Cfg/domain #/server Sysloghost IPaddr
Protocol
Ssl2ssl3ssl23tls1
Switch ID Type ERS8300ERS5500
Cfg/domain #/switch Name name
Switch #/dis
Switch #/ena
Passphrase
Cfg/domain #/vlan Add name Vlan ID
Cfg/gtcfg protocol
Passphrase Cfg/lang Import protocol
Add IPaddr mask
Cfg/sys/accesslist List
Cfg/sys/adm Snmp
Sonmp onoff
Shared secret
Cfg/sys/adm/auth List
Cfg/sys/adm/snmp Ena
Versions v1v2cv3
Disabledenabled Cfg/sys/adm/snmp Ip IPaddr
Snmpv2-mib SnmpEnable
Cfg/sys/adm/snmp Addmonitor
Event Options -b name
Users user ID Seclevel
Cfg/sys/adm/snmp Name name
Dis Cfg/sys/adm/sshkeys Generate
Knownhosts
Cfg/sys/dns/servers List
Mode fullhalf Cfg/sys/host #/routes
Interface #/ports Del port
Add port Cfg/sys/host # List
Host ID SysName name
Cfg/sys/host Ip IPaddr
SysLocatio
Cfg/sys/rsa Rsaname name
Password new
Add IPaddr Cfg/sys/user Password old
Password confirm
Username Password user
Boot menu commands
Boot menu
Boot Software
Reboot Delete Boot/software Cur
Maintenance menu commands
Maintenance menu
Maint Dumplogs protocol
All-isds?
Troubleshooting tips
Chapter Troubleshooting
Verify the current configuration
Cannot connect to the Nortel Snas 4050 using Telnet or
Enable Telnet or SSH access
Check the Access List
Check the IP address configuration
# /cfg/cur sys
Cannot contact the MIP
Cannot add the Nortel Snas 4050 to a cluster
Main# /cfg/sys/accesslist/add
Add Interface 1 IP addresses and the MIP to the Access List
Enter network address IP address Enter netmask network mask
Telnet or SSH connection to the MIP
Nortel Snas 4050 stops responding
Console connection
Administrator user password
User password is lost
Operator user password
Root user password
Trace tools
Boot user password
User fails to connect to the Nortel Snas 4050 domain
Main# maint/starttrace
Tag Description Sample output
Sample output for the trace command
Installed certificates
System diagnostics
Network diagnostics
Main# /cfg/sys/cur
Cluster Host 1# cur
Main# /stats/dump
Main# /info/ethernet
Error log files
Active alarms and the events log file
Troubleshooting
Syslog messages by message type
Appendix B Syslog messages
Lists the Emerg operating system messages
Operating system OS messages
Lists the operating system Critical messages
System Control Process messages
Operating system messages Error
Lists the operating system Emerg messages
Alarm severity and syslog level correspondence
About alarm messages
Lists the System Control Process Info messages
System control process messages Info
Alarm
System Control Process messages Alarm
About event messages
Audit/ena command
System Control Process messages Event
With /cfg/sys/cur
Traffic Processing messages Error Sheet 1
Lists the Traffic Processing Error messages
Traffic Processing Subsystem messages
Lists the Traffic Processing Critical messages
Css error reason
Lists the Traffic Processing Warning messages
Traffic Processing messages Error Sheet 3
Traffic Processing messages Warning
Domain #/server/portal
Lists the Traffic Processing Info messages
Start-up messages
Traffic Processing messages Info
AAA messages Error
Lists the AAA Error messages
AAA subsystem messages
Lists the Start-up Info messages
Log value Message Category Contains
AAA messages Info Sheet 1
There are two categories of Nsnas subsystem messages
Nsnas subsystem messages
AAA messages Info Sheet 2
Nsnas Error
Lists the Nsnas Error messages
Lists the Nsnas Info messages
Nsnas Info Sheet 1
Lists the syslog messages in alphabetical order
Syslog messages in alphabetical order
Nsnas Info Sheet 2
Syslog messages in alphabetical order Sheet 1
Sys/adm/audit/ena command
Syslog messages in alphabetical order Sheet 3
Error Nsnas
Info AAA
Syslog messages in alphabetical order Sheet 5
Error AAA
Cfg/domain #/server/portal
Authenticate is set to off
Syslog messages in alphabetical order Sheet 7
Root filesystem repaired
Syslog messages in alphabetical order Sheet 9
Unable to use the certificate for
Following MIBs are supported by the Nortel Snas
Supported MIBs
SNMPv2-MIB
ANAifType-MIB
Appendix C Supported MIBs
Supported MIBs Sheet 1
ALTEON-ISD-SSL-MIB
Supported MIBs Sheet 2
Appendix C Supported MIBs Supported MIBs Sheet 3
CLI, using the /cfg/sys/adm/snmp/target command
Supported traps
Use the CLI command /cfg/sys/adm/snmp/snmpv2-mib
Describes the traps supported by the Nortel Snas
Supported traps
Appendix C Supported MIBs 320818-A
Supported ciphers
Appendix D Supported ciphers
Appendix D Supported ciphers
Register the Schema Management dll Windows Server
Install All Administrative Tools Windows 2000 Server
Click Start and select Run
Nortel Secure Network Access Switch 4050 User Guide
Create a shortcut to the console window
Permit write operations to the schema Windows 2000 Server
Select a Title for the Program page displays
Nortel Secure Network Access Switch 4050 User Guide
Add isdUserPrefs attribute to nortelSSLOffload class
Create the new class
Add the nortelSSLOffload Class to the User Class
320818-A
Appendix F Configuring Dhcp to auto-configure IP Phones
Appendix F Configuring Dhcp to auto-configure IP Phones
Configuring IP Phone auto-configuration
Creating the Dhcp options
Dhcp Management Console
Click Add Option Type dialog box opens see on
Predefined Options and Values dialog box opens see Figure
Option Type dialog box
Option Type dialog box field values for Vlan Information
Scope Options dialog box
Scope Options dialog box displays see Figure
Call Server Information string parameter values
Vlan ID Information string parameter values
Setting up the IP Phone
Page
Create the logon script see Creating a logon script on
Configuring the logon script
Creating a logon script
Using Windows, open a plain text editor, such as Notepad
Creating the script as a batch file
Creating the script as a VBScript file
Assigning the logon script
Right-click the Default Domain Policy and select Edit
Double-clickDefault Domain Policy
On the Group Policy tab, click Open
Appendix H Software licensing information
Appendix H Software licensing information
GNU General Public License
Appendix H Software licensing information
Appendix H Software licensing information
Apache Software License, Version
Bouncy Castle license
Index
Symbols
Index
Index
DNS
Index
Local authentication database Add users
Cannot contact
Index
See also SRS rule
SSL
Index
Index
