Manuals / Nortel Networks / Computer Equipment / Network Card

Nortel Networks 4050 Key and certificate formats, Supported key and certificate formats Sheet 1

Models: 4050

1 922

Download 922 pages 38.09 Kb

Page 571

Chapter 11 Managing certificates 571

You can install new certificates or import or renew existing certificates.

Note: The Nortel SNAS 4050 supports keys and certificates created by using Apache-SSL, OpenSSL, or Stronghold SSL. However, for greater security, Nortel recommends creating keys and generating certificate signing requests from within the Nortel SNAS 4050 system using the CLI or SREM. This way, the encrypted private key never leaves the Nortel SNAS 4050 and is invisible to the user.

Key and certificate formats

The Nortel SNAS 4050 supports importing, saving, and exporting private keys and certificates in a number of standard formats. Table 120 summarizes the supported formats.

Table 120 Supported key and certificate formats (Sheet 1 of 2)

Format	Import/Add	Export/Save	Comment

PEM*	Yes	Yes	Encrypts the private key. Combines the private key and
			certificate in the same file.

DER	Yes	Yes	Does not encrypt the private key. Allows you to store
			the private key and certificate in separate files.

NET	Yes	Yes	Encrypts the private key. Allows you to store the
			private key and certificate in separate files.

PKCS12	Yes	Yes	Encrypts the private key. Combines the private key and
(also known as PFX)			certificate in the same file. Most browsers allow
(also known as PFX)			importing a combined key and certificate file in the
			importing a combined key and certificate file in the
			PKCS12 format.

PKCS7	Yes	No	Certificate only.

PKCS8	Yes	No	Key only (used in WebLogic).

MS IIS 4	Yes	No	Key only (proprietary format).

*You must use the PEM format when:

• you save keys and certificates by copying

• you add a key or certificate by pasting

Nortel Secure Network Access Switch 4050 User Guide

Image 571

Nortel Networks 4050 manual Key and certificate formats, Supported key and certificate formats Sheet 1

Contents

Nortel Secure Network Access Switch 4050 User Guide 320818-A Copyright Nortel Networks Limited 2005. All rights reservedLicensing Nortel Secure Network Access Switch 4050 User GuideGeneral Contents Contents Managing the network access devicesConfiguring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Before you begin Connect the switch to the networkPreface Bold text Text conventionsExample Set Trap Monitor Filters Related informationPublications Plain Courier textOnline How to get helpPreface This chapter includes the following topics Nortel SNA solutionSupported users Elements of the Nsna solutionOverview Role of the Nortel Snas Nortel SNA VLANs and filters Nortel Snas 4050 functionsGroups and profiles Authentication methods TunnelGuard host integrity check About SSH Communication channelsCommunication channels in the Nortel SNA network RSA DSA Nortel Snas 4050 clustersOne-armed and two-armed configurations Two-armed configuration One-armed configurationIllustrates a two-armed configuration Nortel SNA configuration and management toolsConfigure the network Dhcp server Nortel Snas 4050 configuration roadmapOverview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup Management IP address About the IP addressesPortal Virtual IP address Real IP address Initial setupLog on using the following username and password Login admin Password adminSelect the option for a new installation Setup Menu displaysEnter port number for the management interface Enter Vlan tag id or zero for no Vlan Enter network mask 255.255.255.0 maskEnter default gateway IP address or blank to skip Setup a two armed configuration yes/no noEnter a timezone or select select timezone Specify the MIP for this device or clusterEnter port number for the traffic interface Enter IP address for this machine on traffic interfaceEnter NTP server address or blank to skip IPaddr Configure the time settingsSpecify the NTP server, if applicable Specify the DNS server, if applicableSpecify the pVIP of the Nortel Snas 4050 device Change the admin user password, if desiredSpecify a name for the Nortel Snas 4050 domain Create http to https redirect server no Settings created by the quick setup wizard Extended profile details Adding a Nortel Snas 4050 device to a clusterBefore you begin Select the option to join an existing cluster Joining a clusterEnter network mask 255.255.255.0 mask Specify the MIP of the existing cluster Enter the existing admin user password passwordNext steps Setup successful LoginApplying and saving the configuration Cfg/ptcfg Applying and saving the configuration using the CLIApplying and saving the configuration using the Srem Cfg/dumpApply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Roadmap of domain commands Managing network access devices using the CLIReset Cfg/domain 1/quick Adding a network access device using the CLIUsing the quick switch setup wizard Specify the IP address of the network access deviceNsna communication port5000 Go to onTo continue, go to on Red vlan id of Switch Vlan IDSwitch menu displays Manually adding a switchCfg/domain #/switch switch ID Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete Deleting a network access device using the CLIConfiguring the network access devices using the CLI Cfg/domain #/switch switch ID followed by Switch menu includes the following optionsIp IPaddr Dis Delete Mapping the VLANs using the CLICfg/domain #/switch #/vlan Followed byAdd name Vlan ID Domain vlan or Switch vlan menu displaysCfg/domain #/switch #/vlan followed by Cfg/domain #/switch #/vlan/listManaging SSH keys using the CLI Cfg/domain #/sshkey Generating SSH keys for the domain using the CLIFor an Ethernet Routing Switch 5510, 5520, or Nsnas SSH key menu displaysNsnas SSH key menu includes the following options Cfg/domain #/switch #/sshkey/exportCfg/domain #/sshkey followed by Main# /cfg/domain 1/sshkey Shows sample output for the /cfg/domain #/sshkey commandCfg/domain #/switch #/sshkey followed by Cfg/domain #/switch #/sshkeyCfg/domain#1/sshkey/export command to Enter Apply to apply the change immediately Reimporting the network access device SSH key using the CLIMonitoring switch health using the CLI Cfg/domain #/switch #/hlthchkDeadcnt count Cfg/domain #/switch #/hlthchk followed byCfg/domain #/switch #/dis HealthCheck menu includes the following optionsCfg/domain #/switch #/ena Managing network access devices using the SremAdding a network access device using the Srem To add a network access device, use the following stepsAdd a Switch fields Add a SwitchConfiguring the network access devices using the Srem Deleting a network access device using the SremSwitch Configuration screen 320818-A Switch Configuration screen appears see FigureSwitch Configuration fields You can perform the Vlan mapping in two ways Mapping the VLANs using the SremDomain VLANs screen Mapping VLANs by domainAdd a new Vlan fields Adding VLANs to a domainTo add VLANs to a domain, complete the following steps Click Add Add a new Vlan dialog box appears see FigureRemoving VLANs from a domain Switch VLANs screen Mapping VLANs by switchTo add VLANs to a switch, complete the following steps Adding VLANs to a switchRemoving VLANs from a switch Managing SSH keys using the SremManaging the network access devices Managing the network access devices Key Generation screen appears see Figure Generating SSH keys for the domain using the SremSwitch SSH Key fields Exporting SSH keys for the domain using the SremExport Key screen appears see Figure Export Key fields Click Apply on the toolbar to begin the export processSwitch SSH Key screen appears see Figure Managing SSH keys for Nortel SNA communication usingReimporting the network access device SSH key using the Srem Click Import SSH from Switch Monitoring switch health using the SremSwitch SSH Key screen appears see on Click Delete Switch SSH KeyHealth Check screen 320818-A Health Check screen appears see FigureViewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Configuring the domain Configuring the domain using the CLICfg/domain Captive portal Portal look and feel Linksets Logging traffic with syslog messagesDetails onoff Cfg/domain domain ID Creating a domain using the CLIManually creating a domain using the CLI You can create a domain in two ways320818-A Main# /cfg/domain Using the Nortel Snas 4050 domain quick setup wizardCfg/quick Main# cfg/quick Specify the certificate to be used by the portal serverConfiguring the domain Do you want an http to https redirect server yes/no no Do you want to configure a switch? yes/no noSpecify whether the SSL server uses chain certificates Do you require chain certificates yes/no noDo you want to create a tunnelguard test user? yes/no yes Configuring the domain To delete a domain, use the following command Deleting a domain using the CLICfg/domain #/del Pvips IPaddr Configuring domain parameters using the CLITo configure the domain, use the following command Cfg/domain domain ID followed byHttpredir Cfg/domain #/aaa/tg followed by Configuring the TunnelGuard check using the CLITG menu displays TG menu includes the following options Cfg/domain #/aaa/tgCfg/domain #/aaa/tg/status-quo Cfg/domain #/aaa/tg/quick Using the quick TunnelGuard setup wizard in the CLIMain# /cfg/domain #/aaa/tg/quick Configuring the SSL server using the CLITunnelGuard quick setup wizard creates a default SRS rule Server 1001 menu displaysInterface ID Tracing SSL traffic using the CLIServer 1001 menu includes the following options Cfg/domain #/server followed bySsldump Output modePing host Cfg/domain #/adv/interface commandCfg/domain #/server/trace followed by TcpdumpTraceroute host Configuring SSL settings using the CLISSL Settings menu displays Dnslookup hostIndex SSL Settings menu includes the following optionsCfg/domain #/server/ssl followed by Cert certificateCfg/domain #/server/ssl/protocol Cachain certificateIndex list YesEna Dis Configuring traffic log settings using the CLICfg/domain #/server/adv/traflog followed by Traffic Log Settings menu displaysTraffic Log Settings menu includes the following options Cfg/domain #/server/adv/traflogRedir onoff Configuring Http redirect using the CLICfg/domain #/httpredir Cfg/domain #/httpredir followed byCfg/domain #/adv followed by Configuring advanced settings using the CLICfg/sys/host #/interface command see Cfg/domain #/advConfiguring Radius accounting using the CLI Cfg/domain #/aaa/radacct followed by Managing Radius accounting servers using the CLIRadius Accounting Servers menu displays Cfg/domain #/aaa/radacctCfg/domain #/aaa/radacct/servers followed by NSNAS-Portal-ID VPN Attribute menu displaysCfg/domain #/aaa/radacct/vpnattribu Vendorid Configuring the domain using the SremVPN Attribute menu includes the following options Cfg/domain #/aaa/radacct/vpnattribu followed byCreating a domain using the Srem Secure Access Domain Table screen 320818-A Manually creating a domain using the SremAdd a Secure Access Domain fields Add a Secure Access DomainUsing the Srem Domain Quick Wizard Configuring the domain Click Domain Quick Wizard Domain Quick Wizard General Settings fieldsClick Next Domain Quick Wizard Certificate fields Domain Quick Wizard CertificateOrganization name and do not use any of the following Domain Quick Wizard Certificate Chain fields Domain Quick Wizard Certificate ChainDomain Quick Wizard Server fields Domain Quick Wizard Server dialog box appears see FigureDomain Quick Wizard Switch fields Domain Quick Wizard Switch dialog box appears see FigureDomain Quick Wizard Tunnel Guard fields Domain Quick Wizard Tunnel Guard dialog box appears seeTo delete a domain, perform the following steps Deleting a domain using the SremTo configure a domain, perform the following steps Configuring domain parameters using the SremDomain Configuration fields Domain domain Configuration screen Additional domain configuration in the SremAdditional domain configuration tabs Component Description Additional domain tree componentsConfiguring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on TunnelGuard Quick Setup screen appears see Figure Using the TunnelGuard Quick Setup in the SremTunnelGuard Quick Setup fields Server Configuration screen 320818-A Configuring the SSL server using the SremServer Configuration fields Server SSL Settings screen 320818-A Configuring SSL settings using the SremALL@STRENGTH Server SSL Settings fieldsConfiguring the domain Server SSL Settings fields Configuring traffic log settings using the SremTraffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Tracing SSL traffic using the Srem Configuring Http redirect using the SremHttp Redirect screen 320818-A Http Redirect fields Configuring Radius accounting using the SremConfiguring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Adding a Radius accounting server using the Srem Managing Radius accounting servers using the SremRadius accounting Configuration fields Radius Accounting Servers screen Radius Accounting Servers screen appears see FigureRadius Accounting Server fields Moving a Radius accounting server using the SremDeleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles This section includes the following topics Configuring groups and profilesOverview GroupsDefault group TunnelGuard SRS rule LinksetsExtended profiles Create the SRS rules see TunnelGuard SRS Builder on Configuring groups and extended profiles using the CLIRoadmap of group and profile commands To create and configure a group, use the following command Configuring groups using the CLICfg/domain 1/aaa/group group ID Restrict Cfg/domain 1/aaa/group # followed byExtend profile ID Comment comment Tgsrs SRS rule nameMain# /cfg/domain 1/AAA/group Cfg/domain 1/aaa/filter filter ID Configuring client filters using the CLICfg/domain 1/aaa/filter filter ID followed by Client Filter menu includes the following optionsTg truefalseignore Main# /cfg/domain 1/AAA/filter Configuring extended profiles using the CLICfg/domain 1/aaa/group group IDgroup name/extend Vlan name Extended Profile menu includes the following optionsCfg/domain 1/aaa/group #/extend # followed by Filter nameExtended Profile 1# ../extend 2/filter tgfailed/vlan Yellow Cfg/domain 1/aaa/group #/extend #Linkset Del Main# cfg/domain 1/aaa/group 2/extendCfg/domain 1/aaa/group #/extend #/linkset followed by Mapping linksets to a group or profile using the CLICfg/domain 1/aaa/group #/linkset Cfg/domain 1/aaa/group #/extend #/linksetLinksets# add example2 Main# cfg/domain 1/aaa/group 1/linksetLinksets# insert 2 example3 This section contains the following topics Configuring groups and extended profiles using the SremCreating a default group using the CLI Configuring groups using the SremClick a Guide to Create a Group on the toolbar Using the guide for creating groupsGroups screen 320818-A Adding a groupAdd a Group fields Click Add Add a Group dialog box appears see FigureGroup Configuration screen appears see Figure To configure a group, perform the following stepsModifying a group Group Configuration fields Configuring client filters using the SremClient Filters screen appears see Figure Adding a client filterAdd a Client Filter fields Sheet 1 Click Add Add a Client Filter dialog box appears see FigureCheck using the Srem on Client filter Configuration screen appears see Figure To configure a client filter, perform the following stepsModifying a client filter Client Filters configuration fields Configuring extended profiles using the Srem Extended Profiles screen appears see Figure Adding an extended profileAdd an Extended Profile fields Add an Extended Profile screenModifying an extended profile Extended profiles Configuration screen appears see FigureExtended Profile Configuration fields Mapping linksets to a group or profile using the SremLinksets screen for a group Mapping linksets to a groupTo add a linkset to a group, perform the following steps Adding linksets to a groupAdd a Linkset fields Reordering linksets in a group Removing linksets from a groupLinksets screen for an extended profile Mapping linksets to a profileAdding linksets to an extended profile Reordering linksets in an extended profile Removing linksets from an extended profileAAA Configuration screen 320818-A Creating a default group using the SremAAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Cfg/domain 1/aaa Roadmap of authentication commandsCommand Cfg/domain 1/aaa/auth auth ID Configuring authentication methods using the CLIRadiusldaplocal Cfg/domain 1/aaa/auth auth ID followed byDisplay Local accesses the Local database menu Groupauth auth IDs Configuring Radius authentication using the CLICfg/domain 1/aaa/auth #/adv Cfg/domain 1/aaa/auth #/adv followed byYou can perform the following configuration tasks Adding the Radius authentication method using the CLIConfiguring authentication Main# /cfg/domain 1/aaa/auth Modifying Radius configuration settings using the CLICfg/domain 1/aaa/auth #/radius Type Cfg/domain 1/aaa/auth #/radius followed bySessiontim Managing Radius authentication servers using the CLITimeout interval Radius servers menu displaysCfg/domain 1/aaa/auth #/radius/servers followed by Radius servers menu includes the following optionsConfiguring session timeout using the CLI Configuring Ldap authentication using the CLICfg/domain 1/aaa/auth #/radius/sessiontim Adding the Ldap authentication method using the CLI Configuring authentication Cfg/domain 1/aaa/auth #/ldap Modifying Ldap configuration settings using the CLICfg/domain 1/aaa/auth #/ldap followed by Ldap menu displays Ldap menu includes the following optionsDo not use the isdbinddn and isdbindpas Ou=Users, dc=example, dc=com . SAMAccountName=bill . The user’s loginIsdbindpas password Userattr namesEnauserpre truefalse Enaldaps truefalseActivedire Cfg/domain 1/aaa/auth #/ldap/servers Managing Ldap authentication servers using the CLIRemoves the specified Ldap server from the current Cfg/domain 1/aaa/auth #/ldap/ldapmacro Managing Ldap macros using the CLICfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Variable name Add variable nameLdap attribute Prefix suffixCfg/domain 1/aaa/auth #/ldap/activedire command Managing Active Directory passwords using the CLISet the Active Directory settings using Active Directory Settings menu displaysConfiguring local database authentication using the CLI Configuring authentication Authentication menu commands local database Cfg/domain 1/aaa/auth #/local Managing the local database using the CLIYou can add users to the database in two ways Local database menu displaysTAB or use the /cfg/domain 1/aaa Cur group commandLocal database menu includes the following options Cfg/domain 1/aaa/auth #/local followed byServer filename key Import protocolExport protocol Specifying authentication fallback order using the CLIMain# /cfg/domain 1/aaa/authorder Cfg/domain 1/aaa/authorder auth ID,auth IDConfiguring authentication using the Srem Authentication Server Table appears see Figure Configuring authentication methods using the SremConfiguring Radius authentication using the Srem Adding the Radius method and server Add an Authentication Server Radius 320818-AAdd an Authentication Server Radius fields Modifying Radius configurationConfiguration 320818-A Modifying Radius method settingsConfiguration fields Radius Configuration screen appears see Figure Modifying Radius configuration settingsRadius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Add a Radius Server fields Adding a Radius serverReordering additional Radius servers Configuring authentication Add a Radius Server fieldsRemoving a Radius server Next steps Configuring Ldap authentication using the SremAdding the Ldap method and server Add an Authentication Server Ldap fieldsModifying Ldap configuration Modifying Ldap method settings Configuration fields Ldap Configuration screen appears see Figure Modifying Ldap configuration settingsLdap Configuration fields Cn=Users, dc=example, dc=com Ou=Users, dc=example, dc=com. The userActive Directory, on Configuring authentication Ldap Configuration fieldsManaging additional Ldap servers Click Apply Adding an Ldap serverAdd an Ldap Server fields Removing an Ldap server Reordering additional Ldap serversManaging Ldap macros Ldap Macros Add an Ldap Macro fields Adding Ldap macrosRemoving Ldap macros Reordering Ldap macrosPopulate the database see Populating the database on Configuring local database authentication using the SremAdding the Local method Database on Add an Authentication Server Local fieldsLocal Users screen appears see Figure Populating the databaseAdding users to the local database You can populate the Local database in two waysAdd a Local User fields Click Add Add a Local User dialog box appears see FigureConfiguring authentication Import Local User Database 320818-A Importing a databaseImport Local User Database fields Modifying Local database configurationModifying Local method settings Local Users screen appears see on Modifying local usersLocal Users Configuration 320818-A Local Users Configuration fields Modifying local user passwordsLocal Users Local User Configuration 320818-A Select the Local User Configuration tabLocal Users Local User Configuration fields Export Local User Database 320818-A Exporting the databaseExport Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder \tunnelguard\tg.txt Configuring SRS rulesTunnelGuard user interface TunnelGuard SRS BuilderDescribes important items from the File menu Menu commandsFile menu Software Definition menuSoftware Definition Entry menu items Sheet 1 Software Definition Entry menuDescribes important items from the Tool menu TunnelGuard Rule menuTool menu Describes important items from the TunnelGuard Rule menuSRS Definition toolbar item descriptions SRS definition toolbarSRS Components table Software Definition Available SRS listSRS Components table items WINNT%\xxx.dll Customizing a componentMemory snapshot item descriptions Memory snapshotTunnelGuard Rule Definition screen SRS Rule toolbarRule Expression Constructor SRS Rule listSRS Rule Expression Constructor Available Expression listCreating a software definition Managing TunnelGuard rules and expressionsSelecting modules or files from running processes Adding entries to a software definitionCreate New Memory Module SRS window For more information, see Making API calls on Select the TunnelGuard Rule Definition tab Selecting file on diskCreate New on Disk SRS Entry window Creating logical expressions TunnelGuard Rule Definition tab Click the TunnelGuard Rule Definition tabClick the Form TunnelGuard Rule Expression button New SRS Rule window Available Expressions screenTunnelGuard Rule Name screen Registry-only SRS entry Registry-based rulesSupported integer operands Describes supported operands for integer valuesString regular expression Description Constructs for string based regular expressions Sheet 1Creating a registry entry Enter the Key Value Data Expression Registry-based File/ModuleTunnelGuard SRS Builder Registry Entry Manually creating an OnDisk file entry Manually creating SRS entriesCreate new OnDisk SRS Entry Create New Memory Module SRS Entry page opens see on Manually creating a Memory Module entryCreate new Memory Module SRS entry File age check Adding a TunnelGuard rule comment Adding commentsTunnelGuard SRS Builder Date/Time Range Adding a software definition comment Deleting SRS rules and their componentsDeleting an expression Deleting a software definitionDeleting a software definition entry Deleting a TunnelGuard ruleMaking API calls TunnelGuard support for API callsTunnelGuard SRS Builder 320818-A Chapter Managing system users and groups Managing system users and groups User rights and group membershipGroup membership and user rights Roadmap of system user management commands Managing system users and groups using the CLICfg/sys/user User menu displays User menu includes the following options Managing user accounts and passwords using the CLICfg/sys/user followed by Add username Del usernameEdit username Managing user settings using the CLICaphrase Cfg/sys/user/edit username Managing user groups using the CLIPassword user Password confirm User passwordCfg/sys/user/edit username/groups CLI configuration examplesAdding a new user This section includes the following detailed examplesMain# /cfg/sys/user Access the User MenuUser# edit certadmin Apply the changes Verify and apply the changes Changing a user’s group assignment User# edit adminChanging your own password Changing passwordsChanging another user’s password Type the password command to initialize the password change Deleting a user Managing user accounts using the Srem Managing system users and groups using the SremTo manage users, choose from one of the following tasks User Table Click Add Add a User dialog box appears see Figure Adding new user accountsTo remove an existing user, perform the following steps Removing existing user accountsAdd a User fields Password Setting 320818-A Setting password expiry using the SremPassword Settings fields Change Your Password 320818-A Changing your password using the SremChange Your Password fields Changing another user’s password using the SremClick Change Password Only the admin user can change the passwords of other usersChange User Password 320818-A Change User Password fields Setting the certificate export passphrase using the SremSet Certificate Export PassPhrase 320818-A Set Certificate Export PassPhrase screen appears see FigureClick Set Pass Phrase Managing user groups using the SremSet Certificate Export PassPhrase fields Choose from the following tasks to manage users groups Adding a user groupTo add a new user group, perform the following steps Click Add Add a User Group dialog box appears see Figure Removing a user groupAdd a User Group fields Managing system users and groups Chapter Customizing the portal and user logon Customizing the portal and user logon Captive portal and Exclude ListExclude List String Usage Expressions Allowed regular expressions and escape sequencesPortal look and feel Portal displayColors Default appearanceColor Hexadecimal code Common colors, with hexadecimal codes Sheet 1Language localization Content-Type text/plain charset=iso-8859-1/n Autorun linksets Linksets and linksMacros Planning the linksetsExamples of redirection URLs and links Automatic redirection to internal sitesExamples of redirection URLs and link text Sheet 1 Automatic JRE upload Managing the end user experienceRoadmap of portal and logon configuration commands Customizing the portal and logon using the CLIWindows domain logon script Number Color2 code Cfg/domain 1/dnscapt Configuring the captive portal using the CLIConfiguring the Exclude List using the CLI DNS Exclude menu displaysDNS Exclude menu includes the following options Changing the portal language using the CLICfg/domain 1/dnscapt/exclude followed by Language Support menu displays Configuring language support using the CLICfg/lang Server filename Cfg/lang/import commandLanguage Support menu includes the following options Cfg/lang followed byCfg/domain 1/portal/lang/list Setting the portal display language using the CLICfg/domain 1/portal/lang Cfg/domain 1/portal/lang followed byCfg/domain 1/portal followed by Configuring the portal display using the CLIRestore Cfg/domain 1/portalRedirect URL Logintext textLinkwidth width Linktext textLinkurl onoff Linkcols columnsPortal Colors menu displays Changing the portal colors using the CLICfg/domain 1/portal/colors Portal Colors menu includes the following options Configuring custom content using the CLIPortal Custom Content menu displays Cfg/domain 1/portal/contentAvailable Portal Custom Content menu includes the following optionsCfg/domain 1/portal/content followed by Tftpftpscpsftp. The default is tftpCfg/domain 1/linkset linkset ID Configuring linksets using the CLIAutorun truefalse Linkset menu includes the following optionsCfg/domain 1/linkset linkset ID followed by Text textCfg/domain 1/linkset linkset ID/link index Configuring links using the CLICfg/domain 1/linkset linkset ID/link index followed by Link menu includes the following optionsMove new index Cfg/domain 1/linkset linkset ID/link index/ ftp/quick Configuring external link settings using the CLIConfiguring FTP link settings using the CLI Cfg/domain 1/linkset linkset ID/link index/ external/quickConfiguring the captive portal using the Srem Customizing the portal and logon using the SremEnabling DNS capture DNS Capture fields DNS Capture screen includes the following componentsClick Add Entry appears in the DNS Exclude List Configuring the DNS Exclude List using the SremAdd DNS Domain fields Changing the portal language using the Srem Choose from one of the following tasks Configuring language support using the SremSelect the System Language tab Languages sub-tabs appear see FigureViewing predefined languages To view custom languages, use the following procedureViewing and removing custom languages Click the Import/Export Definition tab Importing and exporting language definitionsImport/Export Definition screen appears see Figure Import/Export Definition fields Setting the portal display language using the Srem Language fields Configuring the portal display using the SremPortal Configuration tab appears see Figure Configuring contentPortal Configuration fields Sites, see on Import Banner screen 320818-A Importing bannersImport Banner fields Color Settings screen 320818-A Changing the portal colors using the SremColor Settings fields Configuring custom content using the Srem Basics screen appears see Figure Viewing basic information about custom contentBasics fields To import custom content, perform the following steps Importing custom contentImport Content screen appears see Figure Import Content fields To export custom content, perform the following steps Exporting custom contentExport Content screen appears see Figure Export Content fields Configuring linksets using the SremTo create a linkset, perform the following steps Creating a linksetPortal Links screen appears see Figure Add a Linkset Click Add Add a Linkset dialog box appears see FigureModifying a linkset Linkset Configuration screen appears see FigureTo modify a linkset, perform the following steps See Linksets and links on Linkset Configuration fieldsConfiguring links using the Srem To create an external link, perform the following steps Creating an external link using the SremLinks screen appears see Figure Add a Portal Link fields Click Add Add a Portal Link dialog box appears see FigureCreating an FTP link using the Srem Add a Portal Link FTP To create an FTP link, perform the following stepsAdd a Portal Link FTP fields External link Configuration screen appears see Figure Modifying external link settings using the SremTo modify a link, perform the following steps Reordering links using the Srem on External link Configuration fieldsFTP link Configuration screen appears see Figure Modifying FTP link settings using the SremFTP link Configuration fields Reordering links using the SremRe Order Links fields Re Order Links screen appears see FigureCustomizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Cfg/sys Configuring the cluster using the CLIRoadmap of system commands Parameter Health interval Show Cfg/sys followed by Configuring system settings using the CLIRsa server ID Cfg/sys/host host ID Configuring the Nortel Snas 4050 host using the CLICfg/domain #/server/trace/ssldump Cfg/domain #/server/trace/tcpdumpInterface number Cluster Host menu includes the following optionsCfg/sys/host host ID followed by /cfg/sys/host #/interface #Halt PortsPorts = 1,23 HwplatformCfg/sys/cur command RebootCfg/sys/host #/delete Cfg/sys/host #/interface interface ID Configuring host interfaces using the CLIViewing host information Cfg/sys/host host ID/interface interface IDFailovertrunking Cfg/sys/host #/interface interface ID followed byVlanid tag ModeCfg/sys/host host ID/routes Configuring static routes using the CLIPrimary port Cfg/sys/routesGateway Configuring host ports using the CLICfg/sys/host #/interface #/routes followed by Add IPaddr maskCfg/sys/host #/interface interface ID/ports Managing interface ports using the CLIHost Port menu includes the following options Cfg/sys/host #/port port followed byInterface Ports menu includes the following options Configuring the Access List using the CLICfg/sys/host #/ports command see Cfg/sys/accesslistAdd IPaddr mask Configuring date and time settings using the CLICfg/sys/accesslist followed by Date and Time menu displaysCfg/sys/time followed by Managing NTP serversDate and Time menu includes the following options NTP Servers menu displaysCfg/sys/dns Configuring DNS servers and settings using the CLINTP Servers menu includes the following options Cfg/sys/time/ntp followed byHealth interval Retransmit intervalCount count Ttl ttlCfg/sys/dns/servers Managing DNS serversCfg/sys/dns/servers followed by Cfg/sys/rsa Configuring RSA servers using the CLIRSA Servers menu displays Switch Software Release Move index number new index numberCfg/sys/rsa followed by Configuring syslog servers using the CLIRSA Servers menu includes the following options Syslog Servers menu displaysSyslog.conf under Unix Syslog Servers menu includes the following optionsCfg/sys/syslog followed by FacilityCfg/sys/adm followed by Configuring administrative settings using the CLIAdministrative Applications menu displays Cfg/sys/admTelnet onoff SrsadminAudit AuthCfg/sys/adm/srsadmin followed by Enabling TunnelGuard SRS administration using the CLIConfiguring Nortel Snas 4050 host SSH keys using the CLI Cfg/sys/adm/srsadminKnownhosts Cfg/sys/adm/sshkeysCfg/sys/adm/sshkeys followed by Draft-ietf-secsh-publickeyfileCfg/sys/adm/sshkeys/knownhosts Managing known hosts SSH keys using the CLISSH Known Host Keys menu displays SSH Known Host Keys menu includes the following optionsAbout Radius auditing Configuring Radius auditing using the CLIAbout the vendor-specific attributes Cfg/sys/adm/audit Configuring Radius auditingMap this string to the Vendor-Type value NSNAS-SSL-Audit-TrailCfg/sys/adm/audit/servers Managing Radius audit servers using the CLIRadius Audit Servers menu displays Radius Audit Servers menu includes the following optionsAdds a Radius audit server to the configuration. You Cfg/sys/adm/auth Configuring authentication of system users using the CLIFallback onoff Radius Authentication Servers menu displaysCfg/sys/adm/auth/servers Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem Select the System Configuration tab Configuring system settings using the SremSystem Configuration screen appears see Figure System Configuration fields Configuring a Nortel Snas 4050 host using the SremHosts Host Viewing and configuring TCP/IP propertiesHost fields Viewing and installing host licensesViewing global licenses for all hosts Global Licenses fields Describes the Global Licenses fieldsViewing per domain licenses for all hosts Per Domain Licenses fields Describes the Per Domain Licenses fieldsViewing installed licenses for a particular host Installing a license for a particular host Install New License To continue, choose one of the following procedures Configuring host interfaces using the SremAdd an Interface fields Adding a host interfaceTo create a host interface, perform the following steps Select the System Hosts host Interfaces tabClick Apply New interface appears in the Interfaces table Configuring system settings Add an Interface fieldsConfiguring an existing host interface Interface fields Link is transferred back to the primary port Removing a host interface Configuring static routes using the SremTo delete a host interface, perform the following steps IP Routes Viewing static routes for a clusterRoutes Viewing static routes for a hostManaging static routes Viewing static routes for an interfaceAdd Route fields Adding a static routeRemoving a static route Ports Configuring host ports using the SremPort Port fields Managing interface ports using the Srem Removing interface ports Adding interface portsAdd a Port fields Configuring the access list using the Srem Access List Table appears see on Click Add Adding an access list entryAccess List Table appears see Figure Select the System Access List tabAdd Access Host dialog box appears see Figure Removing an Access List entryAdd Access Host fields Date & Time Managing date and time settings using the SremSelect the System Date & Time tab Configuring the date and time settingsDate & Time fields Select the System Date and Time tab Adding an NTP serverAdd NTP Server fields Removing an NTP server Select the System DNS Client Settings tab Configuring DNS settings using the SremDNS Client Settings screen appears see Figure DNS Client Settings fields Managing syslog servers Configuring servers using the SremAdd Syslog Server fields Adding a new syslog serverFrom this screen, complete the following tasks as necessary Click Add Add Syslog Server dialog box appears see FigureRemoving an existing syslog server Reordering a new syslog serverAdding a DNS server on Removing an existing DNS server on Select the System Servers DNS Servers tab Adding a DNS serverAdd DNS Server fields Removing an existing DNS server RSA Server Table Managing RSA serversAdd RSA Server fields To configure RSA servers, perform the following stepsAdding an RSA server Select the System Servers RSA Server Table tabRemoving the RSA node secret Removing an existing RSA serverRSA Server fields Describes the RSA Server fieldsClick Remove Secret Node Importing sdconf.recSelect an RSA server from the RSA Server Table Import sdconf.rec screen appears see Figure Select the Import sdconf.rec tabImport sdconf.rec fields Configuring administrative settings using the SremConfiguring SRS control settings using the Srem Select from one of the following tasks Configuring Nortel Snas 4050 host SSH keys usingAdd SSH Key fields Show SSH Keys Showing SSH keysConfiguring system settings Managing Nortel Snas 4050 and known host SSH keys SSH Keys Hosts field Click Generate SSH KeysAdd SSH Key Adding an SSH key for a known host using the SremManaging Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Radius audit Configuration Configuring Radius audit settings using the SremAdd Audit Configuration fields Describes the Add Audit Configuration fieldsSelect from the following tasks to manage the audit servers Managing Radius audit servers using the SremClick Add Add Audit Server dialog box appears see Figure Adding a new Audit ServerAdd Audit Server fields Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Radius Server Table appears see Figure Managing Radius authentication servers using the SremAdd Radius Server fields Adding a Radius authentication serverRemoving an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Supported key and certificate formats Sheet 1 Key and certificate formats320818-A Creating certificates Installing certificates and keysUpdating certificates Saving or exporting certificates and keysManaging private keys and certificates using the CLI Roadmap of certificate management commands Cfg/cert cert id Managing and viewing certificates and keys using the CLICfg/cert cert ID followed by /cfg/cert #/show command Cert #/export command Generating and submitting a CSR using the CLIPhrase CSR information Cfg/cert #/requestEmailemail-address IPip-addressGenerating a CSR Email Address tester@dummyssltesting.comSave the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Cfg/cert #/cert Entire contents of the key, includingAdd the certificate Enter the following command LinesCertificate added Certificate 2# apply Adding a certificate by pastingAdd the private key Enter the following command Adding a private key to the Nortel Snas 4050 using the CLICfg/cert #/key Adding a private key by pasting Certificate and key import information Cfg/cert #/importAnonymous Admin@hostname.isdCfg/cert #/display Displaying or saving a certificate and key using the CLICopy the private key, certificate, or both, as required Displaying a private key and certificate Certificate and key export information Cfg/cert #/exportAbout the formats, see Key and certificate formats on Cfg/cert #/test Generating a test certificate using the CLIManaging private keys and certificates using the Srem Certificates screen Viewing certificates using the SremAdd a Certificate Component fields Creating a certificate using the SremTo create a certificate, perform the following steps Select the Certificates Certificates tabManaging certificates To generate a CSR, perform the following steps Generating and submitting a CSR using the SremCA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Import Certificate fields Displaying or saving a certificate and key using the SremDisplay Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing configuration details Viewing certificate information using the SremDescribes the certificate Configuration fields Configuration screen appears see FigureCertificate Configuration fields Viewing general information Managing certificates Certificate Configuration fieldsDescribes the Info fields Info screen appears see FigureInfo fields Managing certificates Info fields Viewing certificate subject settingsDescribes the Subject fields Subject screen appears see FigureSubject fields Managing certificates Subject fields Chapter Configuring Snmp Configuring Snmp Configuring Snmp using the CLICfg/sys/adm/snmp Roadmap of Snmp commands Snmp menu displays Snmp menu includes the following options Configuring Snmp settings using the CLISNMPv2-MIBmenu displays Configuring the Snmp v2 MIB using the CLICfg/sys/adm/snmp/snmpv2-mib Cfg/sys/adm/snmp/community Configuring the Snmp community using the CLISNMPv2-MIBmenu includes the following options Cfg/sys/adm/snmp/snmpv2-mib followed byCfg/sys/adm/snmp/users user ID Configuring SNMPv3 users using the CLIDes Aes Md5 ShaCfg/sys/adm/snmp/users user ID followed by Snmp User menu includes the following optionsNotification Target menu displays Configuring Snmp notification targets using the CLICfg/sys/adm/snmp/target target ID Version v1v2cv3 Configuring Snmp events using the CLINotification Target menu includes the following options Event menu displaysOID op value Event menu includes the following optionsCfg/sys/adm/snmp/event followed by Options -b nameOID value Options -t nameEvent Notification Options -x nameOID Comment nameThis section contains information about the following topics Configuring Snmp settings using the SremTo configure SNMP, perform the following steps Configuring Snmp using the SremSonmp Snmp Configuration fieldsConfiguring Snmp targets using the Srem To add an Snmp target, perform the following steps Adding Snmp targetsSnmp Target Table appears see Figure Add Snmp Target 320818-A Click Add Add Snmp Target dialog box appears see FigureSnmp Target fields Managing Snmp targets Target Settings screen appears see FigureTo manage Snmp targets, perform the following steps Removing Snmp targets Configuring SNMPv3 users using the Srem To add an SNMPv3 user, perform the following steps Adding SNMPv3 usersSNMPv3 User Table appears see Figure Add SNMPv3 User 320818-A Click Add Add SNMPv3 User dialog box appears see FigureAdd SNMPv3 User fields Managing SNMPv3 users User Settings screen appears see FigureUser Settings fields Sheet 1 Removing SNMPv3 users Configuring Snmp User Settings fields Sheet 2Managing monitor events Configuring Snmp events using the SremTo manage monitor events, select from the following tasks To add monitor events, perform the following steps Adding monitor eventsAdd a Monitor fields Viewing configuration details of monitor eventsBoolean monitors Removing monitor eventsTo delete a monitor event, perform the following steps Boolean monitor fields Sheet 1 Add a Monitor BooleanThreshold monitors Configuring Snmp Boolean monitor fields Sheet 2Threshold monitor fields Existence monitor fields Sheet 1 Existence monitorsExistence monitor fields Sheet 2 Managing notification eventsTo add notification events, perform the following steps Adding notification eventsNotification Table screen appears see Figure Add a Notification Event fields Add a Notification EventTo delete a notification event, perform the following steps Removing notification events659 Stats Roadmap of information and statistics commandsViewing system information and performance statistics InfoInformation menu displays Viewing system information using the CLIInfo followed by Information menu includes the following optionsDomain ID Username SwitchidInfo/mac command Kick domain IDUsername-prefix Info/ip commandSwitch ID Mac MACaddrEthernet LocalInfo/events followed by Viewing alarm events using the CLITo view active alarms, use the following command Info/eventsLogs menu displays Logs menu includes the following options Viewing log files using the CLIViewing AAA statistics using the CLI To view and download log files, use the following commandIsdhost host ID Stats/aaaStats/aaa followed by TotalMain# stats/aaa/dump Viewing local information using the Srem Viewing all statistics using the CLIStats/dump Describes the Information fields Information screen appears see FigureInformation fields Viewing cluster information using the Srem Viewing the controller list using the Srem Controller List fields Describes the Controller List fieldsViewing Sonmp topology information using the Srem Sonmp State fields Describes the Sonmp State fieldsViewing switch distribution using the Srem Describes the Switch Distribution fields Viewing port information using the SremSwitch Distribution fields Port Information fields Sheet 1 Describes the Port Information fieldsViewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Sessions screen Viewing active sessions using the SremSessions parameters Describes the Sessions parametersSession Properties screen Viewing details for a particular sessionDescribes the Session Properties parameters Ending active user sessionsKickOut User fields Click KickOutDescribes the Number of Sessions fields Viewing the number of active sessions using the SremNumber of Sessions fields Viewing alarms using the Srem Active Alarms screen 320818-A Viewing active alarms using the SremActive Alarms fields Describes the Active Alarms fieldsDownload Alarms screen 320818-A Downloading alarms using the SremDescribes the Download Alarms fields Managing log files using the SremDownload Alarms fields Logs screen Viewing the log list using the SremDescribes the Download fields Downloading log files using the SremDownload fields Sheet 1 Viewing AAA statistics using the Srem Hosts table Viewing AAA statistics for a hostLicense tab opens see on For a description of the fields, seeTable Viewing License statisticsLicense statistics Sheet 1 Radius statistics 320818-A Viewing Radius statisticsRadius statistics Local DB statistics Sheet 1 Viewing Local database statisticsViewing Ldap statistics Ldap statistics Statistics table Viewing AAA statistics for the domainSelect one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license Viewing Radius Statistics Sheet 1 For a description of the fields, see Table320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table For a description of the fields seeTable Viewing Rx statisticsViewing Rx statistics Sheet 1 Rx Frames Displays number of errors due to malformed packets Viewing Tx Statistics Sheet 1 Viewing Tx statisticsInformation, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Maintaining and managing the system Managing and maintaining the system using the CLIMaint Boot Roadmap of maintenance and boot commandsMaintenance menu displays Performing maintenance using the CLIDumplogs protocol server filename all-isds? Maintenance menu includes the following optionsAll-isds? Maint followed byStoptrace Starttrace tagsDomain ID output ModeCfg/dump passphrase Backing up or restoring the configuration using the CLIServer filename passphrase Configuration menu backup and restore commandsCfg Ptcfg protocolDump passphrase Cfg followed byGtcfg protocol PassphraseSoftware Managing Nortel Snas 4050 devices using the CLIBoot menu displays Boot menu includes the following options Boot followed byBoot/software Cfg/sys/host #/reboot command insteadCfg/sys/host #/delete command see Cfg/sys/host #/delete commandActivate version Boot/software followed byActivate command Software Management menu includes the following optionsFtp 10.0.0.1 pub/SSL-5.1.1 Managing and maintaining the system using the SremPerforming maintenance using the Srem Upgradecomplete.pkgDumps Dumping logs and status information using the SremClick Dump Starting and stopping a trace using the SremDump fields To start or stop a trace, perform the following steps Start/Stop Trace fields Click Check Configuration Checking configuration using the SremBackup & Restore 320818-A Backing up or restoring the configuration using the SremIf you later restore the configuration, the Certificate Backup & Restore fieldsImage List Managing software versions using the SremFollowing tasks are available from this screen Describes the Image List fieldsImage List fields Viewing details of the active software image Select the System Boot Image List tabActivating a software image Removing an inactive software image Downloading images using the SremMaintaining and managing the system Download Image fields Rebooting or deleting a Nortel Snas 4050 device usingReboot/Delete ISD Options Downloading files using the Srem Describes the File Download fields File Download screen appears see FigureFile Download fields Maintaining and managing the system File Download fields Running Nortel Snas 4050 diagnostics using the SremDiagnostics fields Describes the Diagnostics fieldsMaintaining and managing the system 320818-A Upgrading the Nortel Snas Chapter Upgrading or reinstalling the softwareUpgrading or reinstalling the software Performing minor and major release upgradesEnter the host name or IP address of the server Downloading the software image using the CLIAdmin@hostname/IP.isd Activating the software upgrade packageNsnas Log in again and verify the new software version At the Software Management# prompt, enterBefore you begin Reinstalling the softwareUpgrading or reinstalling the software Reinstalling the software from an external file server Restarting Restarting system Booting LoginAlteon WebSystems, Inc When the installation is complete, remove the CD and reboot Reinstalling the software from a CDRun install-nsnas isd4050 Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Command Line Interface Connecting to the Nortel SnasEstablishing a console connection Console configuration parameters ProcedureRequirements Establishing a Telnet connection Enabling and restricting Telnet accessEnabling and restricting SSH access Establishing a connection using SSHRunning Telnet Running an SSH client For more information, see How to get help on Accessing the Nortel Snas 4050 clusterUser access levels Command line history and editing CLI Main Menu or SetupIdle timeout Command Line Interface Scenario On page 780 illustrates the network configurationNetwork devices Sheet 1 Configuration exampleConfiguration example Network devices Sheet 2 Summarizes the VLANs for the Ethernet Routing SwitchVLANs for the Ethernet Routing Switch Steps Configure the network DNS serverCreate a new Dhcp scope see Figure Configure the network Dhcp serverNaming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Specifying the DNS server Enter the IP address of the DNS server see FigureShows the Dhcp scopes created for use in this example Configure the network core routerSteps Configure the Ethernet Routing Switch 8300 using the CLIEnabling SSH Configuring the Nortel Snas 4050 pVIP subnetConfiguring the VoIP VLANs Configuring the Red, Yellow, and Green VLANsAdd the uplink port Configuring the Nsna uplink filterConfiguring the Nsna ports Enabling Nsna globallySetting the switch IP address Configure the Ethernet Routing Switch5510-48Tconfig#nsna vlan 240 color voip Configuring SSH5510-48Tconfig# ssh 5510-48Tconfig#nsna nsnas 10.40.40.0/245510-48Tconfig#nsna enable Configure the Nortel SnasConfiguring the login domain controller filters 5510-48Tconfig-if#exit10.40.40.1 Performing initial setupMain# cfg/sys/adm/srsadmin/ena Completing initial setupEnable SRS administration Enter a password for the admin userTG#../group 1/tgsrs srs-rule-test Adding the network access devicesMain# cfg/domain 1/sshkey/generate Group 1# /cfg/domain 1/aaa/tg/quickMain# cfg/domain 1/switch 1 Creating Switch Adding the Ethernet Routing SwitchAdd the switch manually Import the public SSH key from the switchSwitch Vlan# ../../vlan/add yellow Use the quick switch wizardMain# cfg/domain 1/switch 2/sshkey/import Main# cfg/domain 1/switch 1/vlan/add yellowDomain Vlan# apply Changes applied successfully Enabling the network access devicesMain# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena Switch 2# apply Changes applied successfullyConfiguration example 320818-A Appendix a CLI reference Global commands Using the CLINetstat PasteExit QuitCommand line history and editing CLI shortcuts Command stackingYou can use the following CLI command shortcuts Command line history and editing options Sheet 2Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l Command abbreviationTab completion NTP Servers# ../../dns/serversConfiguration# cur sys Using a submenu name as a command argumentNetwork masks Using slashes and spaces in commandsIP address and network mask formats IP addressesVariables VariablesCLI Main Menu CLI command referenceAppendix a CLI reference Sys Information menu commands Sheet 1Information menu CertsStatistics menu Cert Configuration menuConfiguration menu commands Sheet 1 Cfg/cert cert ID Name nameAuth ID for Ldap Cfg/domain Name nameAuth ID Radiusldaplocal Auth #/adv Secondauth auth IDExpiredgro Group Cfg/domain #/aaa ServersAuth #/ldap Searchbase Auth #/ldap/activedire TruefalseAuth #/radius Vendorid vendor ID Auth #/local Password groupCfg/domain #/aaa Add user name Passwd user nameType Ena Dis Cfg/domain #/aaa Profile ID Access rule Number Linkset DelCfg/domain #/aaa Vendorid vendor ID Auth #/radius Vendortype vendorEna Dis Cfg/domain #/aaa List Group #/extend # Del index numberGroup #/linkset Del index number Radacct VpnattribuCfg/domain #/adv Interface interface Cfg/domain #/aaa/tg QuickRecheck interval Heartbeat intervalLinkset #/link index Text text RestoreCfg/domain #/linkset Name name Linkset ID Text textLang Charset Content Server filenameCfg/domain #/portal Color1 code Colors Color2 codeSsl2ssl3ssl23tls1 Cfg/domain #/server Sysloghost IPaddrAdv/traflog Udpport port ProtocolSwitch #/ena Cfg/domain #/switch Name nameSwitch ID Type ERS8300ERS5500 Switch #/disPassphrase Cfg/lang Import protocol Cfg/domain #/vlan Add name Vlan IDPassphrase Cfg/gtcfg protocolSonmp onoff Cfg/sys/accesslist ListAdd IPaddr mask Cfg/sys/adm SnmpVersions v1v2cv3 Cfg/sys/adm/auth ListShared secret Cfg/sys/adm/snmp EnaEvent Options -b name Snmpv2-mib SnmpEnableDisabledenabled Cfg/sys/adm/snmp Ip IPaddr Cfg/sys/adm/snmp AddmonitorKnownhosts Cfg/sys/adm/snmp Name nameUsers user ID Seclevel Dis Cfg/sys/adm/sshkeys GenerateAdd port Cfg/sys/host # List Mode fullhalf Cfg/sys/host #/routesCfg/sys/dns/servers List Interface #/ports Del portCfg/sys/rsa Rsaname name Cfg/sys/host Ip IPaddrHost ID SysName name SysLocatioUsername Password user Add IPaddr Cfg/sys/user Password oldPassword new Password confirmReboot Delete Boot/software Cur Boot menuBoot menu commands Boot SoftwareAll-isds? Maintenance menuMaintenance menu commands Maint Dumplogs protocolTroubleshooting tips Chapter TroubleshootingCheck the Access List Cannot connect to the Nortel Snas 4050 using Telnet orVerify the current configuration Enable Telnet or SSH accessCheck the IP address configuration # /cfg/cur sys Cannot contact the MIP Cannot add the Nortel Snas 4050 to a clusterMain# /cfg/sys/accesslist/add Add Interface 1 IP addresses and the MIP to the Access ListEnter network address IP address Enter netmask network mask Telnet or SSH connection to the MIP Nortel Snas 4050 stops respondingConsole connection Root user password User password is lostAdministrator user password Operator user passwordMain# maint/starttrace Boot user passwordTrace tools User fails to connect to the Nortel Snas 4050 domainTag Description Sample output Sample output for the trace commandInstalled certificates System diagnosticsNetwork diagnostics Main# /info/ethernet Cluster Host 1# curMain# /cfg/sys/cur Main# /stats/dumpError log files Active alarms and the events log fileTroubleshooting Syslog messages by message type Appendix B Syslog messagesLists the Emerg operating system messages Operating system OS messagesLists the operating system Critical messages System Control Process messages Operating system messages ErrorLists the operating system Emerg messages System control process messages Info About alarm messagesAlarm severity and syslog level correspondence Lists the System Control Process Info messagesAlarm System Control Process messages AlarmWith /cfg/sys/cur Audit/ena commandAbout event messages System Control Process messages EventLists the Traffic Processing Critical messages Lists the Traffic Processing Error messagesTraffic Processing messages Error Sheet 1 Traffic Processing Subsystem messagesCss error reason Domain #/server/portal Traffic Processing messages Error Sheet 3Lists the Traffic Processing Warning messages Traffic Processing messages WarningLists the Traffic Processing Info messages Start-up messagesTraffic Processing messages Info Lists the Start-up Info messages Lists the AAA Error messagesAAA messages Error AAA subsystem messagesLog value Message Category Contains AAA messages Info Sheet 1There are two categories of Nsnas subsystem messages Nsnas subsystem messagesAAA messages Info Sheet 2 Nsnas Info Sheet 1 Lists the Nsnas Error messagesNsnas Error Lists the Nsnas Info messagesSyslog messages in alphabetical order Sheet 1 Syslog messages in alphabetical orderLists the syslog messages in alphabetical order Nsnas Info Sheet 2Sys/adm/audit/ena command Syslog messages in alphabetical order Sheet 3 Error NsnasInfo AAA Syslog messages in alphabetical order Sheet 5 Error AAACfg/domain #/server/portal Authenticate is set to offSyslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Following MIBs are supported by the Nortel Snas Supported MIBsSupported MIBs Sheet 1 ANAifType-MIBSNMPv2-MIB Appendix C Supported MIBsALTEON-ISD-SSL-MIB Supported MIBs Sheet 2Appendix C Supported MIBs Supported MIBs Sheet 3 CLI, using the /cfg/sys/adm/snmp/target commandSupported traps Use the CLI command /cfg/sys/adm/snmp/snmpv2-mibSupported traps Describes the traps supported by the Nortel SnasAppendix C Supported MIBs 320818-A Supported ciphers Appendix D Supported ciphersAppendix D Supported ciphers Register the Schema Management dll Windows Server Install All Administrative Tools Windows 2000 ServerClick Start and select Run Nortel Secure Network Access Switch 4050 User Guide Create a shortcut to the console window Permit write operations to the schema Windows 2000 ServerSelect a Title for the Program page displays Nortel Secure Network Access Switch 4050 User Guide Add isdUserPrefs attribute to nortelSSLOffload class Create the new classAdd the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Appendix F Configuring Dhcp to auto-configure IP Phones Configuring IP Phone auto-configurationCreating the Dhcp options Dhcp Management Console Click Add Option Type dialog box opens see on Predefined Options and Values dialog box opens see FigureOption Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box Scope Options dialog box displays see FigureCall Server Information string parameter values Vlan ID Information string parameter values Setting up the IP PhonePage Create the logon script see Creating a logon script on Configuring the logon scriptCreating a logon script Using Windows, open a plain text editor, such as NotepadCreating the script as a batch file Creating the script as a VBScript file Assigning the logon scriptRight-click the Default Domain Policy and select Edit Double-clickDefault Domain PolicyOn the Group Policy tab, click Open Appendix H Software licensing information Appendix H Software licensing information GNU General Public LicenseAppendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Index SymbolsIndex Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index