Creating certificates | Nortel Networks 4050 specs

Chapter 11 Managing certificates 573

Creating certificates

The basic steps to create a new certificate are:

1Generate a Certificate Signing Request (CSR) (see “Generating and submitting a CSR using the CLI” on page 579 or “Generating and submitting a CSR using the SREM” on page 601).

2Send the CSR to a Certificate Authority (CA), such as Entrust or VeriSign, for certification (see “Generating and submitting a CSR using the CLI” on page 579 or “Generating and submitting a CSR using the SREM” on

page 601).

3Install the signed certificate on the Nortel SNAS 4050 cluster (see “Installing certificates and keys” on page 573).

4Map the installed certificate to the Nortel SNAS 4050 portal server (see “Configuring SSL settings using the CLI” on page 139 or “Configuring SSL settings using the SREM” on page 176).

Installing certificates and keys

There are two ways to install a certificate and key in the Nortel SNAS 4050 cluster:

•by pasting (see “Adding a certificate to the Nortel SNAS 4050 using the CLI” on page 584)

•by importing from a TFTP/FTP/SCP/SFTP server (see “Importing certificates and keys into the Nortel SNAS 4050 using the CLI” on page 588 or “Importing a certificate or key using the SREM” on page 603)

When you generate the CSR, the private key is created and stored in encrypted form on the Nortel SNAS 4050 using the specified certificate number. After you receive the certificate, which contains the corresponding public key, use the same certificate number when you add the certificate to the Nortel SNAS 4050. Otherwise, the private key and the public key in the certificate will not match.

If you do not generate a CSR but obtain the certificate by other means, you must take additional steps to add a private key that corresponds to the public key of the certificate (see “Adding a private key to the Nortel SNAS 4050 using the CLI” on page 587).

Nortel Secure Network Access Switch 4050 User Guide

Image 573

Nortel Networks 4050 manual Creating certificates, Installing certificates and keys

Contents

Nortel Secure Network Access Switch 4050 User Guide 320818-A Copyright Nortel Networks Limited 2005. All rights reserved Licensing Nortel Secure Network Access Switch 4050 User Guide General Contents Contents Managing the network access devices Configuring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Connect the switch to the network Before you beginPreface Bold text Text conventions Publications Related informationPlain Courier text Example Set Trap Monitor Filters Online How to get help Preface This chapter includes the following topics Nortel SNA solution Elements of the Nsna solution Supported usersOverview Role of the Nortel Snas Nortel SNA VLANs and filters Nortel Snas 4050 functions Groups and profiles Authentication methods TunnelGuard host integrity check Communication channels About SSHCommunication channels in the Nortel SNA network RSA DSA Nortel Snas 4050 clusters One-armed and two-armed configurations Two-armed configuration One-armed configuration Illustrates a two-armed configuration Nortel SNA configuration and management tools Configure the network Dhcp server Nortel Snas 4050 configuration roadmap Overview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup About the IP addresses Management IP addressPortal Virtual IP address Log on using the following username and password Initial setupLogin admin Password admin Real IP address Setup Menu displays Select the option for a new installationEnter port number for the management interface Enter Vlan tag id or zero for no Vlan Enter network mask 255.255.255.0 mask Enter default gateway IP address or blank to skip Setup a two armed configuration yes/no no Enter port number for the traffic interface Specify the MIP for this device or clusterEnter IP address for this machine on traffic interface Enter a timezone or select select timezone Specify the NTP server, if applicable Configure the time settingsSpecify the DNS server, if applicable Enter NTP server address or blank to skip IPaddr Change the admin user password, if desired Specify the pVIP of the Nortel Snas 4050 deviceSpecify a name for the Nortel Snas 4050 domain Create http to https redirect server no Settings created by the quick setup wizard Extended profile details Adding a Nortel Snas 4050 device to a cluster Before you begin Select the option to join an existing cluster Joining a cluster Enter network mask 255.255.255.0 mask Specify the MIP of the existing cluster Enter the existing admin user password password Next steps Setup successful Login Applying and saving the configuration Applying and saving the configuration using the Srem Applying and saving the configuration using the CLICfg/dump Cfg/ptcfg Apply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Roadmap of domain commands Managing network access devices using the CLI Reset Using the quick switch setup wizard Adding a network access device using the CLISpecify the IP address of the network access device Cfg/domain 1/quick Nsna communication port5000 Go to on To continue, go to on Red vlan id of Switch Vlan ID Manually adding a switch Switch menu displaysCfg/domain #/switch switch ID Cfg/domain #/switch #/dis Cfg/domain #/switch #/delete Deleting a network access device using the CLI Configuring the network access devices using the CLI Switch menu includes the following options Cfg/domain #/switch switch ID followed byIp IPaddr Cfg/domain #/switch #/vlan Mapping the VLANs using the CLIFollowed by Dis Delete Cfg/domain #/switch #/vlan followed by Domain vlan or Switch vlan menu displaysCfg/domain #/switch #/vlan/list Add name Vlan ID Managing SSH keys using the CLI For an Ethernet Routing Switch 5510, 5520, or Generating SSH keys for the domain using the CLINsnas SSH key menu displays Cfg/domain #/sshkey Cfg/domain #/switch #/sshkey/export Nsnas SSH key menu includes the following optionsCfg/domain #/sshkey followed by Main# /cfg/domain 1/sshkey Shows sample output for the /cfg/domain #/sshkey command Cfg/domain #/switch #/sshkey Cfg/domain #/switch #/sshkey followed byCfg/domain#1/sshkey/export command to Monitoring switch health using the CLI Reimporting the network access device SSH key using the CLICfg/domain #/switch #/hlthchk Enter Apply to apply the change immediately Cfg/domain #/switch #/dis Cfg/domain #/switch #/hlthchk followed byHealthCheck menu includes the following options Deadcnt count Adding a network access device using the Srem Managing network access devices using the SremTo add a network access device, use the following steps Cfg/domain #/switch #/ena Add a Switch fields Add a Switch Configuring the network access devices using the Srem Deleting a network access device using the Srem Switch Configuration screen 320818-A Switch Configuration screen appears see Figure Switch Configuration fields You can perform the Vlan mapping in two ways Mapping the VLANs using the Srem Domain VLANs screen Mapping VLANs by domain To add VLANs to a domain, complete the following steps Adding VLANs to a domainClick Add Add a new Vlan dialog box appears see Figure Add a new Vlan fields Removing VLANs from a domain Switch VLANs screen Mapping VLANs by switch To add VLANs to a switch, complete the following steps Adding VLANs to a switch Removing VLANs from a switch Managing SSH keys using the Srem Managing the network access devices Managing the network access devices Key Generation screen appears see Figure Generating SSH keys for the domain using the Srem Switch SSH Key fields Exporting SSH keys for the domain using the Srem Export Key screen appears see Figure Export Key fields Click Apply on the toolbar to begin the export process Switch SSH Key screen appears see Figure Managing SSH keys for Nortel SNA communication using Reimporting the network access device SSH key using the Srem Switch SSH Key screen appears see on Monitoring switch health using the SremClick Delete Switch SSH Key Click Import SSH from Switch Health Check screen 320818-A Health Check screen appears see Figure Viewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Configuring the domain using the CLI Configuring the domainCfg/domain Captive portal Portal look and feel Linksets Logging traffic with syslog messages Details onoff Manually creating a domain using the CLI Creating a domain using the CLIYou can create a domain in two ways Cfg/domain domain ID 320818-A Using the Nortel Snas 4050 domain quick setup wizard Main# /cfg/domainCfg/quick Main# cfg/quick Specify the certificate to be used by the portal server Configuring the domain Specify whether the SSL server uses chain certificates Do you want to configure a switch? yes/no noDo you require chain certificates yes/no no Do you want an http to https redirect server yes/no no Do you want to create a tunnelguard test user? yes/no yes Configuring the domain Deleting a domain using the CLI To delete a domain, use the following commandCfg/domain #/del To configure the domain, use the following command Configuring domain parameters using the CLICfg/domain domain ID followed by Pvips IPaddr Httpredir TG menu displays TG menu includes the following options Configuring the TunnelGuard check using the CLICfg/domain #/aaa/tg Cfg/domain #/aaa/tg followed by Cfg/domain #/aaa/tg/status-quo Cfg/domain #/aaa/tg/quick Using the quick TunnelGuard setup wizard in the CLI TunnelGuard quick setup wizard creates a default SRS rule Configuring the SSL server using the CLIServer 1001 menu displays Main# /cfg/domain #/aaa/tg/quick Server 1001 menu includes the following options Tracing SSL traffic using the CLICfg/domain #/server followed by Interface ID Ssldump Output mode Cfg/domain #/server/trace followed by Cfg/domain #/adv/interface commandTcpdump Ping host SSL Settings menu displays Configuring SSL settings using the CLIDnslookup host Traceroute host Cfg/domain #/server/ssl followed by SSL Settings menu includes the following optionsCert certificate Index Index list Cachain certificateYes Cfg/domain #/server/ssl/protocol Ena Dis Configuring traffic log settings using the CLI Traffic Log Settings menu includes the following options Traffic Log Settings menu displaysCfg/domain #/server/adv/traflog Cfg/domain #/server/adv/traflog followed by Cfg/domain #/httpredir Configuring Http redirect using the CLICfg/domain #/httpredir followed by Redir onoff Cfg/sys/host #/interface command see Configuring advanced settings using the CLICfg/domain #/adv Cfg/domain #/adv followed by Configuring Radius accounting using the CLI Radius Accounting Servers menu displays Managing Radius accounting servers using the CLICfg/domain #/aaa/radacct Cfg/domain #/aaa/radacct followed by Cfg/domain #/aaa/radacct/servers followed by VPN Attribute menu displays NSNAS-Portal-IDCfg/domain #/aaa/radacct/vpnattribu VPN Attribute menu includes the following options Configuring the domain using the SremCfg/domain #/aaa/radacct/vpnattribu followed by Vendorid Creating a domain using the Srem Secure Access Domain Table screen 320818-A Manually creating a domain using the Srem Add a Secure Access Domain fields Add a Secure Access Domain Using the Srem Domain Quick Wizard Configuring the domain Domain Quick Wizard General Settings fields Click Domain Quick WizardClick Next Domain Quick Wizard Certificate fields Domain Quick Wizard Certificate Organization name and do not use any of the following Domain Quick Wizard Certificate Chain fields Domain Quick Wizard Certificate Chain Domain Quick Wizard Server fields Domain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Switch fields Domain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Tunnel Guard fields Domain Quick Wizard Tunnel Guard dialog box appears see To delete a domain, perform the following steps Deleting a domain using the Srem To configure a domain, perform the following steps Configuring domain parameters using the Srem Domain Configuration fields Additional domain configuration in the Srem Domain domain Configuration screenAdditional domain configuration tabs Component Description Additional domain tree components Configuring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on TunnelGuard Quick Setup screen appears see Figure Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup fields Server Configuration screen 320818-A Configuring the SSL server using the Srem Server Configuration fields Server SSL Settings screen 320818-A Configuring SSL settings using the Srem ALL@STRENGTH Server SSL Settings fields Configuring the domain Server SSL Settings fields Configuring traffic log settings using the Srem Traffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Tracing SSL traffic using the Srem Configuring Http redirect using the Srem Http Redirect screen 320818-A Http Redirect fields Configuring Radius accounting using the Srem Configuring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Managing Radius accounting servers using the Srem Adding a Radius accounting server using the SremRadius accounting Configuration fields Radius Accounting Servers screen Radius Accounting Servers screen appears see Figure Radius Accounting Server fields Moving a Radius accounting server using the Srem Deleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles Overview Configuring groups and profilesGroups This section includes the following topics Default group TunnelGuard SRS rule Linksets Extended profiles Create the SRS rules see TunnelGuard SRS Builder on Configuring groups and extended profiles using the CLI Roadmap of group and profile commands Configuring groups using the CLI To create and configure a group, use the following commandCfg/domain 1/aaa/group group ID Cfg/domain 1/aaa/group # followed by RestrictExtend profile ID Tgsrs SRS rule name Comment commentMain# /cfg/domain 1/AAA/group Cfg/domain 1/aaa/filter filter ID Configuring client filters using the CLI Client Filter menu includes the following options Cfg/domain 1/aaa/filter filter ID followed byTg truefalseignore Configuring extended profiles using the CLI Main# /cfg/domain 1/AAA/filterCfg/domain 1/aaa/group group IDgroup name/extend Cfg/domain 1/aaa/group #/extend # followed by Extended Profile menu includes the following optionsFilter name Vlan name Linkset Del Cfg/domain 1/aaa/group #/extend #Main# cfg/domain 1/aaa/group 2/extend Extended Profile 1# ../extend 2/filter tgfailed/vlan Yellow Cfg/domain 1/aaa/group #/linkset Mapping linksets to a group or profile using the CLICfg/domain 1/aaa/group #/extend #/linkset Cfg/domain 1/aaa/group #/extend #/linkset followed by Main# cfg/domain 1/aaa/group 1/linkset Linksets# add example2Linksets# insert 2 example3 Creating a default group using the CLI Configuring groups and extended profiles using the SremConfiguring groups using the Srem This section contains the following topics Click a Guide to Create a Group on the toolbar Using the guide for creating groups Groups screen 320818-A Adding a group Add a Group fields Click Add Add a Group dialog box appears see Figure To configure a group, perform the following steps Group Configuration screen appears see FigureModifying a group Group Configuration fields Configuring client filters using the Srem Client Filters screen appears see Figure Adding a client filter Add a Client Filter fields Sheet 1 Click Add Add a Client Filter dialog box appears see Figure Check using the Srem on To configure a client filter, perform the following steps Client filter Configuration screen appears see FigureModifying a client filter Client Filters configuration fields Configuring extended profiles using the Srem Extended Profiles screen appears see Figure Adding an extended profile Add an Extended Profile fields Add an Extended Profile screen Modifying an extended profile Extended profiles Configuration screen appears see Figure Extended Profile Configuration fields Mapping linksets to a group or profile using the Srem Linksets screen for a group Mapping linksets to a group Adding linksets to a group To add a linkset to a group, perform the following stepsAdd a Linkset fields Reordering linksets in a group Removing linksets from a group Linksets screen for an extended profile Mapping linksets to a profile Adding linksets to an extended profile Reordering linksets in an extended profile Removing linksets from an extended profile AAA Configuration screen 320818-A Creating a default group using the Srem AAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Cfg/domain 1/aaa Roadmap of authentication commands Command Cfg/domain 1/aaa/auth auth ID Configuring authentication methods using the CLI Cfg/domain 1/aaa/auth auth ID followed by RadiusldaplocalDisplay Local accesses the Local database menu Cfg/domain 1/aaa/auth #/adv Configuring Radius authentication using the CLICfg/domain 1/aaa/auth #/adv followed by Groupauth auth IDs You can perform the following configuration tasks Adding the Radius authentication method using the CLI Configuring authentication Modifying Radius configuration settings using the CLI Main# /cfg/domain 1/aaa/authCfg/domain 1/aaa/auth #/radius Type Cfg/domain 1/aaa/auth #/radius followed by Timeout interval Managing Radius authentication servers using the CLIRadius servers menu displays Sessiontim Cfg/domain 1/aaa/auth #/radius/servers followed by Radius servers menu includes the following options Configuring Ldap authentication using the CLI Configuring session timeout using the CLICfg/domain 1/aaa/auth #/radius/sessiontim Adding the Ldap authentication method using the CLI Configuring authentication Cfg/domain 1/aaa/auth #/ldap Modifying Ldap configuration settings using the CLI Ldap menu displays Ldap menu includes the following options Cfg/domain 1/aaa/auth #/ldap followed byDo not use the isdbinddn and isdbindpas Isdbindpas password SAMAccountName=bill . The user’s loginUserattr names Ou=Users, dc=example, dc=com . Enaldaps truefalse Enauserpre truefalseActivedire Cfg/domain 1/aaa/auth #/ldap/servers Managing Ldap authentication servers using the CLI Removes the specified Ldap server from the current Managing Ldap macros using the CLI Cfg/domain 1/aaa/auth #/ldap/ldapmacroCfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Ldap attribute Add variable namePrefix suffix Variable name Set the Active Directory settings using Managing Active Directory passwords using the CLIActive Directory Settings menu displays Cfg/domain 1/aaa/auth #/ldap/activedire command Configuring local database authentication using the CLI Configuring authentication Authentication menu commands local database You can add users to the database in two ways Managing the local database using the CLILocal database menu displays Cfg/domain 1/aaa/auth #/local Local database menu includes the following options Cur group commandCfg/domain 1/aaa/auth #/local followed by TAB or use the /cfg/domain 1/aaa Server filename key Import protocol Export protocol Specifying authentication fallback order using the CLI Main# /cfg/domain 1/aaa/authorder Cfg/domain 1/aaa/authorder auth ID,auth ID Configuring authentication using the Srem Authentication Server Table appears see Figure Configuring authentication methods using the Srem Configuring Radius authentication using the Srem Adding the Radius method and server Add an Authentication Server Radius 320818-A Add an Authentication Server Radius fields Modifying Radius configuration Configuration 320818-A Modifying Radius method settings Configuration fields Radius Configuration screen appears see Figure Modifying Radius configuration settings Radius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Add a Radius Server fields Adding a Radius server Configuring authentication Add a Radius Server fields Reordering additional Radius serversRemoving a Radius server Next steps Configuring Ldap authentication using the Srem Adding the Ldap method and server Add an Authentication Server Ldap fields Modifying Ldap configuration Modifying Ldap method settings Configuration fields Ldap Configuration screen appears see Figure Modifying Ldap configuration settings Ldap Configuration fields Cn=Users, dc=example, dc=com Ou=Users, dc=example, dc=com. The user Active Directory, on Configuring authentication Ldap Configuration fields Managing additional Ldap servers Adding an Ldap server Click ApplyAdd an Ldap Server fields Removing an Ldap server Reordering additional Ldap servers Managing Ldap macros Ldap Macros Add an Ldap Macro fields Adding Ldap macros Removing Ldap macros Reordering Ldap macros Populate the database see Populating the database on Configuring local database authentication using the Srem Adding the Local method Database on Add an Authentication Server Local fields Adding users to the local database Populating the databaseYou can populate the Local database in two ways Local Users screen appears see Figure Add a Local User fields Click Add Add a Local User dialog box appears see Figure Configuring authentication Import Local User Database 320818-A Importing a database Import Local User Database fields Modifying Local database configuration Modifying Local method settings Local Users screen appears see on Modifying local users Local Users Configuration 320818-A Local Users Configuration fields Modifying local user passwords Local Users Local User Configuration 320818-A Select the Local User Configuration tab Local Users Local User Configuration fields Export Local User Database 320818-A Exporting the database Export Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder TunnelGuard user interface Configuring SRS rulesTunnelGuard SRS Builder \tunnelguard\tg.txt File menu Menu commandsSoftware Definition menu Describes important items from the File menu Software Definition Entry menu items Sheet 1 Software Definition Entry menu Tool menu TunnelGuard Rule menuDescribes important items from the TunnelGuard Rule menu Describes important items from the Tool menu SRS Definition toolbar item descriptions SRS definition toolbar Software Definition Available SRS list SRS Components tableSRS Components table items WINNT%\xxx.dll Customizing a component TunnelGuard Rule Definition screen Memory snapshotSRS Rule toolbar Memory snapshot item descriptions SRS Rule Expression Constructor SRS Rule listAvailable Expression list Rule Expression Constructor Creating a software definition Managing TunnelGuard rules and expressions Selecting modules or files from running processes Adding entries to a software definition Create New Memory Module SRS window For more information, see Making API calls on Select the TunnelGuard Rule Definition tab Selecting file on disk Create New on Disk SRS Entry window Creating logical expressions TunnelGuard Rule Definition tab Click the TunnelGuard Rule Definition tab Click the Form TunnelGuard Rule Expression button New SRS Rule window Available Expressions screen TunnelGuard Rule Name screen Registry-only SRS entry Registry-based rules Supported integer operands Describes supported operands for integer values String regular expression Description Constructs for string based regular expressions Sheet 1 Creating a registry entry Registry-based File/Module Enter the Key Value Data ExpressionTunnelGuard SRS Builder Registry Entry Manually creating an OnDisk file entry Manually creating SRS entries Create new OnDisk SRS Entry Create New Memory Module SRS Entry page opens see on Manually creating a Memory Module entry Create new Memory Module SRS entry File age check Adding comments Adding a TunnelGuard rule commentTunnelGuard SRS Builder Date/Time Range Adding a software definition comment Deleting SRS rules and their components Deleting a software definition entry Deleting a software definitionDeleting a TunnelGuard rule Deleting an expression Making API calls TunnelGuard support for API calls TunnelGuard SRS Builder 320818-A Chapter Managing system users and groups User rights and group membership Managing system users and groupsGroup membership and user rights Managing system users and groups using the CLI Roadmap of system user management commandsCfg/sys/user Managing user accounts and passwords using the CLI User menu displays User menu includes the following optionsCfg/sys/user followed by Add username Del username Managing user settings using the CLI Edit usernameCaphrase Password user Managing user groups using the CLIPassword confirm User password Cfg/sys/user/edit username Adding a new user CLI configuration examplesThis section includes the following detailed examples Cfg/sys/user/edit username/groups Main# /cfg/sys/user Access the User Menu User# edit certadmin Apply the changes Verify and apply the changes Changing a user’s group assignment User# edit admin Changing your own password Changing passwords Changing another user’s password Type the password command to initialize the password change Deleting a user Managing system users and groups using the Srem Managing user accounts using the SremTo manage users, choose from one of the following tasks User Table Click Add Add a User dialog box appears see Figure Adding new user accounts Removing existing user accounts To remove an existing user, perform the following stepsAdd a User fields Password Setting 320818-A Setting password expiry using the Srem Password Settings fields Change Your Password 320818-A Changing your password using the Srem Click Change Password Changing another user’s password using the SremOnly the admin user can change the passwords of other users Change Your Password fields Change User Password 320818-A Change User Password fields Setting the certificate export passphrase using the Srem Set Certificate Export PassPhrase 320818-A Set Certificate Export PassPhrase screen appears see Figure Managing user groups using the Srem Click Set Pass PhraseSet Certificate Export PassPhrase fields Adding a user group Choose from the following tasks to manage users groupsTo add a new user group, perform the following steps Removing a user group Click Add Add a User Group dialog box appears see FigureAdd a User Group fields Managing system users and groups Chapter Customizing the portal and user logon Customizing the portal and user logon Captive portal and Exclude List Exclude List String Usage Expressions Allowed regular expressions and escape sequences Portal look and feel Portal display Colors Default appearance Color Hexadecimal code Common colors, with hexadecimal codes Sheet 1 Language localization Content-Type text/plain charset=iso-8859-1/n Autorun linksets Linksets and links Macros Planning the linksets Automatic redirection to internal sites Examples of redirection URLs and linksExamples of redirection URLs and link text Sheet 1 Automatic JRE upload Managing the end user experience Customizing the portal and logon using the CLI Roadmap of portal and logon configuration commandsWindows domain logon script Number Color2 code Configuring the Exclude List using the CLI Configuring the captive portal using the CLIDNS Exclude menu displays Cfg/domain 1/dnscapt Changing the portal language using the CLI DNS Exclude menu includes the following optionsCfg/domain 1/dnscapt/exclude followed by Configuring language support using the CLI Language Support menu displaysCfg/lang Language Support menu includes the following options Cfg/lang/import commandCfg/lang followed by Server filename Cfg/domain 1/portal/lang Setting the portal display language using the CLICfg/domain 1/portal/lang followed by Cfg/domain 1/portal/lang/list Restore Configuring the portal display using the CLICfg/domain 1/portal Cfg/domain 1/portal followed by Redirect URL Logintext text Linkurl onoff Linktext textLinkcols columns Linkwidth width Changing the portal colors using the CLI Portal Colors menu displaysCfg/domain 1/portal/colors Portal Custom Content menu displays Configuring custom content using the CLICfg/domain 1/portal/content Portal Colors menu includes the following options Cfg/domain 1/portal/content followed by Portal Custom Content menu includes the following optionsTftpftpscpsftp. The default is tftp Available Cfg/domain 1/linkset linkset ID Configuring linksets using the CLI Cfg/domain 1/linkset linkset ID followed by Linkset menu includes the following optionsText text Autorun truefalse Cfg/domain 1/linkset linkset ID/link index Configuring links using the CLI Link menu includes the following options Cfg/domain 1/linkset linkset ID/link index followed byMove new index Configuring FTP link settings using the CLI Configuring external link settings using the CLICfg/domain 1/linkset linkset ID/link index/ external/quick Cfg/domain 1/linkset linkset ID/link index/ ftp/quick Customizing the portal and logon using the Srem Configuring the captive portal using the SremEnabling DNS capture DNS Capture fields DNS Capture screen includes the following components Configuring the DNS Exclude List using the Srem Click Add Entry appears in the DNS Exclude ListAdd DNS Domain fields Changing the portal language using the Srem Select the System Language tab Configuring language support using the SremLanguages sub-tabs appear see Figure Choose from one of the following tasks To view custom languages, use the following procedure Viewing predefined languagesViewing and removing custom languages Importing and exporting language definitions Click the Import/Export Definition tabImport/Export Definition screen appears see Figure Import/Export Definition fields Setting the portal display language using the Srem Language fields Configuring the portal display using the Srem Portal Configuration tab appears see Figure Configuring content Portal Configuration fields Sites, see on Import Banner screen 320818-A Importing banners Import Banner fields Color Settings screen 320818-A Changing the portal colors using the Srem Color Settings fields Configuring custom content using the Srem Basics screen appears see Figure Viewing basic information about custom content Basics fields Importing custom content To import custom content, perform the following stepsImport Content screen appears see Figure Import Content fields Exporting custom content To export custom content, perform the following stepsExport Content screen appears see Figure Export Content fields Configuring linksets using the Srem Creating a linkset To create a linkset, perform the following stepsPortal Links screen appears see Figure Add a Linkset Click Add Add a Linkset dialog box appears see Figure Linkset Configuration screen appears see Figure Modifying a linksetTo modify a linkset, perform the following steps See Linksets and links on Linkset Configuration fields Configuring links using the Srem Creating an external link using the Srem To create an external link, perform the following stepsLinks screen appears see Figure Add a Portal Link fields Click Add Add a Portal Link dialog box appears see Figure Creating an FTP link using the Srem Add a Portal Link FTP To create an FTP link, perform the following steps Add a Portal Link FTP fields Modifying external link settings using the Srem External link Configuration screen appears see FigureTo modify a link, perform the following steps Reordering links using the Srem on External link Configuration fields FTP link Configuration screen appears see Figure Modifying FTP link settings using the Srem FTP link Configuration fields Reordering links using the Srem Re Order Links fields Re Order Links screen appears see Figure Customizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Cfg/sys Configuring the cluster using the CLI Roadmap of system commands Parameter Health interval Show Configuring system settings using the CLI Cfg/sys followed byRsa server ID Cfg/domain #/server/trace/ssldump Configuring the Nortel Snas 4050 host using the CLICfg/domain #/server/trace/tcpdump Cfg/sys/host host ID Cfg/sys/host host ID followed by Cluster Host menu includes the following options/cfg/sys/host #/interface # Interface number Ports = 1,23 PortsHwplatform Halt Reboot Cfg/sys/cur commandCfg/sys/host #/delete Viewing host information Configuring host interfaces using the CLICfg/sys/host host ID/interface interface ID Cfg/sys/host #/interface interface ID Vlanid tag Cfg/sys/host #/interface interface ID followed byMode Failovertrunking Primary port Configuring static routes using the CLICfg/sys/routes Cfg/sys/host host ID/routes Cfg/sys/host #/interface #/routes followed by Configuring host ports using the CLIAdd IPaddr mask Gateway Host Port menu includes the following options Managing interface ports using the CLICfg/sys/host #/port port followed by Cfg/sys/host #/interface interface ID/ports Cfg/sys/host #/ports command see Configuring the Access List using the CLICfg/sys/accesslist Interface Ports menu includes the following options Cfg/sys/accesslist followed by Configuring date and time settings using the CLIDate and Time menu displays Add IPaddr mask Date and Time menu includes the following options Managing NTP serversNTP Servers menu displays Cfg/sys/time followed by NTP Servers menu includes the following options Configuring DNS servers and settings using the CLICfg/sys/time/ntp followed by Cfg/sys/dns Count count Retransmit intervalTtl ttl Health interval Managing DNS servers Cfg/sys/dns/serversCfg/sys/dns/servers followed by RSA Servers menu displays Switch Software Release Configuring RSA servers using the CLIMove index number new index number Cfg/sys/rsa RSA Servers menu includes the following options Configuring syslog servers using the CLISyslog Servers menu displays Cfg/sys/rsa followed by Cfg/sys/syslog followed by Syslog Servers menu includes the following optionsFacility Syslog.conf under Unix Administrative Applications menu displays Configuring administrative settings using the CLICfg/sys/adm Cfg/sys/adm followed by Audit SrsadminAuth Telnet onoff Configuring Nortel Snas 4050 host SSH keys using the CLI Enabling TunnelGuard SRS administration using the CLICfg/sys/adm/srsadmin Cfg/sys/adm/srsadmin followed by Cfg/sys/adm/sshkeys followed by Cfg/sys/adm/sshkeysDraft-ietf-secsh-publickeyfile Knownhosts SSH Known Host Keys menu displays Managing known hosts SSH keys using the CLISSH Known Host Keys menu includes the following options Cfg/sys/adm/sshkeys/knownhosts Configuring Radius auditing using the CLI About Radius auditingAbout the vendor-specific attributes Map this string to the Vendor-Type value Configuring Radius auditingNSNAS-SSL-Audit-Trail Cfg/sys/adm/audit Radius Audit Servers menu displays Managing Radius audit servers using the CLIRadius Audit Servers menu includes the following options Cfg/sys/adm/audit/servers Adds a Radius audit server to the configuration. You Cfg/sys/adm/auth Configuring authentication of system users using the CLI Radius Authentication Servers menu displays Fallback onoffCfg/sys/adm/auth/servers Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem Configuring system settings using the Srem Select the System Configuration tabSystem Configuration screen appears see Figure System Configuration fields Configuring a Nortel Snas 4050 host using the Srem Hosts Host Viewing and configuring TCP/IP properties Host fields Viewing and installing host licenses Viewing global licenses for all hosts Global Licenses fields Describes the Global Licenses fields Viewing per domain licenses for all hosts Per Domain Licenses fields Describes the Per Domain Licenses fields Viewing installed licenses for a particular host Installing a license for a particular host Install New License To continue, choose one of the following procedures Configuring host interfaces using the Srem To create a host interface, perform the following steps Adding a host interfaceSelect the System Hosts host Interfaces tab Add an Interface fields Click Apply New interface appears in the Interfaces table Configuring system settings Add an Interface fields Configuring an existing host interface Interface fields Link is transferred back to the primary port Configuring static routes using the Srem Removing a host interfaceTo delete a host interface, perform the following steps IP Routes Viewing static routes for a cluster Routes Viewing static routes for a host Managing static routes Viewing static routes for an interface Add Route fields Adding a static route Removing a static route Ports Configuring host ports using the Srem Port Port fields Managing interface ports using the Srem Adding interface ports Removing interface portsAdd a Port fields Configuring the access list using the Srem Access List Table appears see Figure Adding an access list entrySelect the System Access List tab Access List Table appears see on Click Add Removing an Access List entry Add Access Host dialog box appears see FigureAdd Access Host fields Date & Time Managing date and time settings using the Srem Configuring the date and time settings Select the System Date & Time tabDate & Time fields Adding an NTP server Select the System Date and Time tabAdd NTP Server fields Removing an NTP server Configuring DNS settings using the Srem Select the System DNS Client Settings tabDNS Client Settings screen appears see Figure DNS Client Settings fields Managing syslog servers Configuring servers using the Srem From this screen, complete the following tasks as necessary Adding a new syslog serverClick Add Add Syslog Server dialog box appears see Figure Add Syslog Server fields Removing an existing syslog server Reordering a new syslog server Adding a DNS server on Removing an existing DNS server on Adding a DNS server Select the System Servers DNS Servers tabAdd DNS Server fields Removing an existing DNS server RSA Server Table Managing RSA servers Adding an RSA server To configure RSA servers, perform the following stepsSelect the System Servers RSA Server Table tab Add RSA Server fields Removing the RSA node secret Removing an existing RSA server RSA Server fields Describes the RSA Server fields Importing sdconf.rec Click Remove Secret NodeSelect an RSA server from the RSA Server Table Import sdconf.rec screen appears see Figure Select the Import sdconf.rec tab Import sdconf.rec fields Configuring administrative settings using the Srem Configuring SRS control settings using the Srem Configuring Nortel Snas 4050 host SSH keys using Select from one of the following tasksAdd SSH Key fields Show SSH Keys Showing SSH keys Configuring system settings Managing Nortel Snas 4050 and known host SSH keys SSH Keys Hosts field Click Generate SSH Keys Add SSH Key Adding an SSH key for a known host using the Srem Managing Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Radius audit Configuration Configuring Radius audit settings using the Srem Add Audit Configuration fields Describes the Add Audit Configuration fields Select from the following tasks to manage the audit servers Managing Radius audit servers using the Srem Adding a new Audit Server Click Add Add Audit Server dialog box appears see FigureAdd Audit Server fields Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Radius Server Table appears see Figure Managing Radius authentication servers using the Srem Add Radius Server fields Adding a Radius authentication server Removing an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Supported key and certificate formats Sheet 1 Key and certificate formats 320818-A Creating certificates Installing certificates and keys Updating certificates Saving or exporting certificates and keys Managing private keys and certificates using the CLI Roadmap of certificate management commands Managing and viewing certificates and keys using the CLI Cfg/cert cert idCfg/cert cert ID followed by /cfg/cert #/show command Generating and submitting a CSR using the CLI Cert #/export commandPhrase CSR information Cfg/cert #/request Emailemail-address IPip-address Generating a CSR Email Address tester@dummyssltesting.com Save the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Add the certificate Enter the following command Entire contents of the key, includingLines Cfg/cert #/cert Certificate added Certificate 2# apply Adding a certificate by pasting Adding a private key to the Nortel Snas 4050 using the CLI Add the private key Enter the following commandCfg/cert #/key Adding a private key by pasting Certificate and key import information Cfg/cert #/import Anonymous Admin@hostname.isd Cfg/cert #/display Displaying or saving a certificate and key using the CLI Copy the private key, certificate, or both, as required Displaying a private key and certificate Certificate and key export information Cfg/cert #/export About the formats, see Key and certificate formats on Cfg/cert #/test Generating a test certificate using the CLI Managing private keys and certificates using the Srem Certificates screen Viewing certificates using the Srem To create a certificate, perform the following steps Creating a certificate using the SremSelect the Certificates Certificates tab Add a Certificate Component fields Managing certificates To generate a CSR, perform the following steps Generating and submitting a CSR using the Srem CA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Import Certificate fields Displaying or saving a certificate and key using the Srem Display Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing configuration details Viewing certificate information using the Srem Configuration screen appears see Figure Describes the certificate Configuration fieldsCertificate Configuration fields Viewing general information Managing certificates Certificate Configuration fields Info screen appears see Figure Describes the Info fieldsInfo fields Managing certificates Info fields Viewing certificate subject settings Subject screen appears see Figure Describes the Subject fieldsSubject fields Managing certificates Subject fields Chapter Configuring Snmp Configuring Snmp using the CLI Configuring SnmpCfg/sys/adm/snmp Roadmap of Snmp commands Snmp menu displays Snmp menu includes the following options Configuring Snmp settings using the CLI Configuring the Snmp v2 MIB using the CLI SNMPv2-MIBmenu displaysCfg/sys/adm/snmp/snmpv2-mib SNMPv2-MIBmenu includes the following options Configuring the Snmp community using the CLICfg/sys/adm/snmp/snmpv2-mib followed by Cfg/sys/adm/snmp/community Cfg/sys/adm/snmp/users user ID Configuring SNMPv3 users using the CLI Des Aes Md5 Sha Cfg/sys/adm/snmp/users user ID followed by Snmp User menu includes the following options Configuring Snmp notification targets using the CLI Notification Target menu displaysCfg/sys/adm/snmp/target target ID Notification Target menu includes the following options Configuring Snmp events using the CLIEvent menu displays Version v1v2cv3 Cfg/sys/adm/snmp/event followed by Event menu includes the following optionsOptions -b name OID op value Options -t name OID valueEvent OID Options -x nameComment name Notification This section contains information about the following topics Configuring Snmp settings using the Srem To configure SNMP, perform the following steps Configuring Snmp using the Srem Sonmp Snmp Configuration fields Configuring Snmp targets using the Srem Adding Snmp targets To add an Snmp target, perform the following stepsSnmp Target Table appears see Figure Add Snmp Target 320818-A Click Add Add Snmp Target dialog box appears see Figure Snmp Target fields Target Settings screen appears see Figure Managing Snmp targetsTo manage Snmp targets, perform the following steps Removing Snmp targets Configuring SNMPv3 users using the Srem Adding SNMPv3 users To add an SNMPv3 user, perform the following stepsSNMPv3 User Table appears see Figure Add SNMPv3 User 320818-A Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User fields Managing SNMPv3 users User Settings screen appears see Figure User Settings fields Sheet 1 Removing SNMPv3 users Configuring Snmp User Settings fields Sheet 2 Configuring Snmp events using the Srem Managing monitor eventsTo manage monitor events, select from the following tasks To add monitor events, perform the following steps Adding monitor events Add a Monitor fields Viewing configuration details of monitor events Removing monitor events Boolean monitorsTo delete a monitor event, perform the following steps Boolean monitor fields Sheet 1 Add a Monitor Boolean Threshold monitors Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitor fields Existence monitor fields Sheet 1 Existence monitors Existence monitor fields Sheet 2 Managing notification events Adding notification events To add notification events, perform the following stepsNotification Table screen appears see Figure Add a Notification Event fields Add a Notification Event To delete a notification event, perform the following steps Removing notification events 659 Viewing system information and performance statistics Roadmap of information and statistics commandsInfo Stats Information menu displays Viewing system information using the CLI Information menu includes the following options Info followed byDomain ID Info/mac command SwitchidKick domain ID Username Switch ID Info/ip commandMac MACaddr Username-prefix Ethernet Local To view active alarms, use the following command Viewing alarm events using the CLIInfo/events Info/events followed by Viewing AAA statistics using the CLI Viewing log files using the CLITo view and download log files, use the following command Logs menu displays Logs menu includes the following options Stats/aaa followed by Stats/aaaTotal Isdhost host ID Main# stats/aaa/dump Viewing all statistics using the CLI Viewing local information using the SremStats/dump Information screen appears see Figure Describes the Information fieldsInformation fields Viewing cluster information using the Srem Viewing the controller list using the Srem Controller List fields Describes the Controller List fields Viewing Sonmp topology information using the Srem Sonmp State fields Describes the Sonmp State fields Viewing switch distribution using the Srem Viewing port information using the Srem Describes the Switch Distribution fieldsSwitch Distribution fields Port Information fields Sheet 1 Describes the Port Information fields Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Sessions screen Viewing active sessions using the Srem Sessions parameters Describes the Sessions parameters Session Properties screen Viewing details for a particular session Describes the Session Properties parameters Ending active user sessions KickOut User fields Click KickOut Viewing the number of active sessions using the Srem Describes the Number of Sessions fieldsNumber of Sessions fields Viewing alarms using the Srem Active Alarms screen 320818-A Viewing active alarms using the Srem Active Alarms fields Describes the Active Alarms fields Download Alarms screen 320818-A Downloading alarms using the Srem Managing log files using the Srem Describes the Download Alarms fieldsDownload Alarms fields Logs screen Viewing the log list using the Srem Downloading log files using the Srem Describes the Download fieldsDownload fields Sheet 1 Viewing AAA statistics using the Srem Hosts table Viewing AAA statistics for a host License tab opens see on Viewing License statistics For a description of the fields, seeTableLicense statistics Sheet 1 Radius statistics 320818-A Viewing Radius statistics Radius statistics Local DB statistics Sheet 1 Viewing Local database statistics Viewing Ldap statistics Ldap statistics Statistics table Viewing AAA statistics for the domain Select one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license Viewing Radius Statistics Sheet 1 For a description of the fields, see Table 320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table Viewing Rx statistics For a description of the fields seeTableViewing Rx statistics Sheet 1 Rx Frames Displays number of errors due to malformed packets Viewing Tx Statistics Sheet 1 Viewing Tx statistics Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Managing and maintaining the system using the CLI Maintaining and managing the systemMaint Boot Roadmap of maintenance and boot commands Maintenance menu displays Performing maintenance using the CLI Dumplogs protocol server filename all-isds? Maintenance menu includes the following options All-isds? Maint followed by Domain ID output Starttrace tagsMode Stoptrace Cfg/dump passphrase Backing up or restoring the configuration using the CLI Cfg Configuration menu backup and restore commandsPtcfg protocol Server filename passphrase Gtcfg protocol Cfg followed byPassphrase Dump passphrase Boot menu displays Boot menu includes the following options Managing Nortel Snas 4050 devices using the CLIBoot followed by Software Cfg/sys/host #/delete command see Cfg/sys/host #/reboot command insteadCfg/sys/host #/delete command Boot/software Activate command Boot/software followed bySoftware Management menu includes the following options Activate version Performing maintenance using the Srem Managing and maintaining the system using the SremUpgradecomplete.pkg Ftp 10.0.0.1 pub/SSL-5.1.1 Dumps Dumping logs and status information using the Srem Starting and stopping a trace using the Srem Click DumpDump fields To start or stop a trace, perform the following steps Start/Stop Trace fields Click Check Configuration Checking configuration using the Srem Backup & Restore 320818-A Backing up or restoring the configuration using the Srem If you later restore the configuration, the Certificate Backup & Restore fields Image List Managing software versions using the Srem Describes the Image List fields Following tasks are available from this screenImage List fields Viewing details of the active software image Select the System Boot Image List tab Activating a software image Removing an inactive software image Downloading images using the Srem Maintaining and managing the system Download Image fields Rebooting or deleting a Nortel Snas 4050 device using Reboot/Delete ISD Options Downloading files using the Srem File Download screen appears see Figure Describes the File Download fieldsFile Download fields Maintaining and managing the system File Download fields Running Nortel Snas 4050 diagnostics using the Srem Diagnostics fields Describes the Diagnostics fields Maintaining and managing the system 320818-A Upgrading the Nortel Snas Chapter Upgrading or reinstalling the software Upgrading or reinstalling the software Performing minor and major release upgrades Enter the host name or IP address of the server Downloading the software image using the CLI Admin@hostname/IP.isd Activating the software upgrade package Nsnas Log in again and verify the new software version At the Software Management# prompt, enter Before you begin Reinstalling the software Upgrading or reinstalling the software Reinstalling the software from an external file server Booting Login Restarting Restarting systemAlteon WebSystems, Inc Reinstalling the software from a CD When the installation is complete, remove the CD and rebootRun install-nsnas isd4050 Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Connecting to the Nortel Snas Command Line InterfaceEstablishing a console connection Procedure Console configuration parametersRequirements Establishing a Telnet connection Enabling and restricting Telnet access Establishing a connection using SSH Enabling and restricting SSH accessRunning Telnet Running an SSH client For more information, see How to get help on Accessing the Nortel Snas 4050 cluster User access levels CLI Main Menu or Setup Command line history and editingIdle timeout Command Line Interface Scenario On page 780 illustrates the network configuration Network devices Sheet 1 Configuration example Summarizes the VLANs for the Ethernet Routing Switch Configuration example Network devices Sheet 2VLANs for the Ethernet Routing Switch Steps Configure the network DNS server Create a new Dhcp scope see Figure Configure the network Dhcp server Naming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Specifying the DNS server Enter the IP address of the DNS server see Figure Shows the Dhcp scopes created for use in this example Configure the network core router Steps Configure the Ethernet Routing Switch 8300 using the CLI Configuring the VoIP VLANs Configuring the Nortel Snas 4050 pVIP subnetConfiguring the Red, Yellow, and Green VLANs Enabling SSH Configuring the Nsna ports Configuring the Nsna uplink filterEnabling Nsna globally Add the uplink port Setting the switch IP address Configure the Ethernet Routing Switch 5510-48Tconfig# ssh Configuring SSH5510-48Tconfig#nsna nsnas 10.40.40.0/24 5510-48Tconfig#nsna vlan 240 color voip Configuring the login domain controller filters Configure the Nortel Snas5510-48Tconfig-if#exit 5510-48Tconfig#nsna enable 10.40.40.1 Performing initial setup Enable SRS administration Completing initial setupEnter a password for the admin user Main# cfg/sys/adm/srsadmin/ena Main# cfg/domain 1/sshkey/generate Adding the network access devicesGroup 1# /cfg/domain 1/aaa/tg/quick TG#../group 1/tgsrs srs-rule-test Add the switch manually Adding the Ethernet Routing SwitchImport the public SSH key from the switch Main# cfg/domain 1/switch 1 Creating Switch Main# cfg/domain 1/switch 2/sshkey/import Use the quick switch wizardMain# cfg/domain 1/switch 1/vlan/add yellow Switch Vlan# ../../vlan/add yellow Main# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/ena Enabling the network access devicesSwitch 2# apply Changes applied successfully Domain Vlan# apply Changes applied successfully Configuration example 320818-A Appendix a CLI reference Global commands Using the CLI Exit PasteQuit Netstat Command line history and editing You can use the following CLI command shortcuts Command stackingCommand line history and editing options Sheet 2 CLI shortcuts Tab completion Command abbreviationNTP Servers# ../../dns/servers Main# cfg/sys/time/ntp/list Main# c/sy/t/n/l Configuration# cur sys Using a submenu name as a command argument IP address and network mask formats Using slashes and spaces in commandsIP addresses Network masks Variables Variables CLI Main Menu CLI command reference Appendix a CLI reference Information menu Information menu commands Sheet 1Certs Sys Statistics menu Configuration menu commands Sheet 1 Configuration menuCfg/cert cert ID Name name Cert Auth ID Radiusldaplocal Cfg/domain Name nameAuth #/adv Secondauth auth ID Auth ID for Ldap Auth #/ldap Searchbase Cfg/domain #/aaa ServersAuth #/ldap/activedire Truefalse Expiredgro Group Cfg/domain #/aaa Add user name Auth #/local Password groupPasswd user name Auth #/radius Vendorid vendor ID Cfg/domain #/aaa Vendorid vendor ID Profile ID Access rule Number Linkset DelAuth #/radius Vendortype vendor Type Ena Dis Cfg/domain #/aaa Group #/linkset Del index number Group #/extend # Del index numberRadacct Vpnattribu Ena Dis Cfg/domain #/aaa List Recheck interval Cfg/domain #/aaa/tg QuickHeartbeat interval Cfg/domain #/adv Interface interface Cfg/domain #/linkset Name name RestoreLinkset ID Text text Linkset #/link index Text text Cfg/domain #/portal Color1 code Content Server filenameColors Color2 code Lang Charset Adv/traflog Udpport port Cfg/domain #/server Sysloghost IPaddrProtocol Ssl2ssl3ssl23tls1 Switch ID Type ERS8300ERS5500 Cfg/domain #/switch Name nameSwitch #/dis Switch #/ena Passphrase Cfg/domain #/vlan Add name Vlan IDCfg/gtcfg protocol Passphrase Cfg/lang Import protocol Add IPaddr mask Cfg/sys/accesslist ListCfg/sys/adm Snmp Sonmp onoff Shared secret Cfg/sys/adm/auth ListCfg/sys/adm/snmp Ena Versions v1v2cv3 Disabledenabled Cfg/sys/adm/snmp Ip IPaddr Snmpv2-mib SnmpEnableCfg/sys/adm/snmp Addmonitor Event Options -b name Users user ID Seclevel Cfg/sys/adm/snmp Name nameDis Cfg/sys/adm/sshkeys Generate Knownhosts Cfg/sys/dns/servers List Mode fullhalf Cfg/sys/host #/routesInterface #/ports Del port Add port Cfg/sys/host # List Host ID SysName name Cfg/sys/host Ip IPaddrSysLocatio Cfg/sys/rsa Rsaname name Password new Add IPaddr Cfg/sys/user Password oldPassword confirm Username Password user Boot menu commands Boot menuBoot Software Reboot Delete Boot/software Cur Maintenance menu commands Maintenance menuMaint Dumplogs protocol All-isds? Troubleshooting tips Chapter Troubleshooting Verify the current configuration Cannot connect to the Nortel Snas 4050 using Telnet orEnable Telnet or SSH access Check the Access List Check the IP address configuration # /cfg/cur sys Cannot contact the MIP Cannot add the Nortel Snas 4050 to a cluster Add Interface 1 IP addresses and the MIP to the Access List Main# /cfg/sys/accesslist/addEnter network address IP address Enter netmask network mask Nortel Snas 4050 stops responding Telnet or SSH connection to the MIPConsole connection Administrator user password User password is lostOperator user password Root user password Trace tools Boot user passwordUser fails to connect to the Nortel Snas 4050 domain Main# maint/starttrace Tag Description Sample output Sample output for the trace command System diagnostics Installed certificatesNetwork diagnostics Main# /cfg/sys/cur Cluster Host 1# curMain# /stats/dump Main# /info/ethernet Error log files Active alarms and the events log file Troubleshooting Syslog messages by message type Appendix B Syslog messages Operating system OS messages Lists the Emerg operating system messagesLists the operating system Critical messages Operating system messages Error System Control Process messagesLists the operating system Emerg messages Alarm severity and syslog level correspondence About alarm messagesLists the System Control Process Info messages System control process messages Info Alarm System Control Process messages Alarm About event messages Audit/ena commandSystem Control Process messages Event With /cfg/sys/cur Traffic Processing messages Error Sheet 1 Lists the Traffic Processing Error messagesTraffic Processing Subsystem messages Lists the Traffic Processing Critical messages Css error reason Lists the Traffic Processing Warning messages Traffic Processing messages Error Sheet 3Traffic Processing messages Warning Domain #/server/portal Start-up messages Lists the Traffic Processing Info messagesTraffic Processing messages Info AAA messages Error Lists the AAA Error messagesAAA subsystem messages Lists the Start-up Info messages Log value Message Category Contains AAA messages Info Sheet 1 Nsnas subsystem messages There are two categories of Nsnas subsystem messagesAAA messages Info Sheet 2 Nsnas Error Lists the Nsnas Error messagesLists the Nsnas Info messages Nsnas Info Sheet 1 Lists the syslog messages in alphabetical order Syslog messages in alphabetical orderNsnas Info Sheet 2 Syslog messages in alphabetical order Sheet 1 Sys/adm/audit/ena command Syslog messages in alphabetical order Sheet 3 Error Nsnas Info AAA Syslog messages in alphabetical order Sheet 5 Error AAA Cfg/domain #/server/portal Authenticate is set to off Syslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Following MIBs are supported by the Nortel Snas Supported MIBs SNMPv2-MIB ANAifType-MIBAppendix C Supported MIBs Supported MIBs Sheet 1 ALTEON-ISD-SSL-MIB Supported MIBs Sheet 2 Appendix C Supported MIBs Supported MIBs Sheet 3 CLI, using the /cfg/sys/adm/snmp/target command Supported traps Use the CLI command /cfg/sys/adm/snmp/snmpv2-mibDescribes the traps supported by the Nortel Snas Supported traps Appendix C Supported MIBs 320818-A Supported ciphers Appendix D Supported ciphers Appendix D Supported ciphers Register the Schema Management dll Windows Server Install All Administrative Tools Windows 2000 Server Click Start and select Run Nortel Secure Network Access Switch 4050 User Guide Permit write operations to the schema Windows 2000 Server Create a shortcut to the console windowSelect a Title for the Program page displays Nortel Secure Network Access Switch 4050 User Guide Add isdUserPrefs attribute to nortelSSLOffload class Create the new class Add the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Configuring IP Phone auto-configuration Appendix F Configuring Dhcp to auto-configure IP PhonesCreating the Dhcp options Dhcp Management Console Click Add Option Type dialog box opens see on Predefined Options and Values dialog box opens see Figure Option Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box Scope Options dialog box displays see Figure Call Server Information string parameter values Vlan ID Information string parameter values Setting up the IP PhonePage Create the logon script see Creating a logon script on Configuring the logon script Using Windows, open a plain text editor, such as Notepad Creating a logon scriptCreating the script as a batch file Creating the script as a VBScript file Assigning the logon script Double-clickDefault Domain Policy Right-click the Default Domain Policy and select EditOn the Group Policy tab, click Open Appendix H Software licensing information Appendix H Software licensing information GNU General Public License Appendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Index Symbols Index Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index