Manuals / Nortel Networks / Computer Equipment / Network Card

Nortel Networks 4050 manual Managing SSH keys using the CLI

Models: 4050

1 922

Download 922 pages 38.09 Kb

Page 84

84Chapter 3 Managing the network access devices

Managing SSH keys using the CLI

The Nortel SNAS 4050 and the network access devices controlled by the Nortel SNAS 4050 domain exchange public keys so that they can authenticate themselves to each other in future SSH communications.

To enable secure communication between the Nortel SNAS 4050 and the network access device, do the following:

1Generate an SSH public key for the Nortel SNAS 4050 domain (see “Generating SSH keys for the domain using the CLI” on page 85), if necessary. Apply the change immediately.

If you created the domain manually, the SSH key was generated automatically (see “Manually creating a domain using the CLI” on page 121).

Note: The SSH key for the Nortel SNAS 4050 domain is not the same as the SSH key generated during initial setup for all Nortel SNAS 4050 hosts in the cluster (see “Initial setup”, step 15 on page 57).

2Export the Nortel SNAS 4050 public key to each network access device.

•For an Ethernet Routing Switch 8300:

Use the /cfg/domain #/switch #/sshkey/export command to export the key directly to the switch (see “Managing SSH keys for Nortel SNA communication using the CLI” on page 88).

•For an Ethernet Routing Switch 5510, 5520, or 5530:

Use the /cfg/domain #/sshkey/export command to upload the key to a TFTP server, for manual retrieval from the switch (see “Generating SSH keys for the domain using the CLI” on page 85). For information about downloading the key from the server to the switch, see Release Notes for Nortel Ethernet Routing Switch 5500 Series, Software Release 4.3 (217468-B).

320818-A

Image 84

Nortel Networks 4050 manual Managing SSH keys using the CLI

Contents

Nortel Secure Network Access Switch 4050 User Guide Copyright Nortel Networks Limited 2005. All rights reserved 320818-ANortel Secure Network Access Switch 4050 User Guide LicensingGeneral Contents Managing the network access devices ContentsConfiguring the domain Configuring groups and profiles Configuring authentication 233 TunnelGuard SRS Builder Managing system users and groups Customizing the portal and user logon Setting the portal display language using the CLI Configuring system settings Adding a host interface Managing certificates Configuring Snmp Maintaining and managing the system Upgrading or reinstalling the software Appendix a CLI reference Troubleshooting 837 Appendix C Supported MIBs Appendix H Software licensing information Index Contents 320818-A Preface Connect the switch to the network Before you beginPreface Text conventions Bold textRelated information PublicationsPlain Courier text Example Set Trap Monitor FiltersHow to get help OnlinePreface Nortel SNA solution This chapter includes the following topicsElements of the Nsna solution Supported usersOverview Role of the Nortel Snas Nortel Snas 4050 functions Nortel SNA VLANs and filtersGroups and profiles Authentication methods TunnelGuard host integrity check Communication channels About SSHCommunication channels in the Nortel SNA network Nortel Snas 4050 clusters RSA DSAOne-armed and two-armed configurations One-armed configuration Two-armed configurationNortel SNA configuration and management tools Illustrates a two-armed configurationNortel Snas 4050 configuration roadmap Configure the network Dhcp serverOverview Overview Overview Overview Overview 320818-A Chapter Initial setup Initial setup About the IP addresses Management IP addressPortal Virtual IP address Initial setup Log on using the following username and passwordLogin admin Password admin Real IP addressSetup Menu displays Select the option for a new installationEnter port number for the management interface Enter network mask 255.255.255.0 mask Enter Vlan tag id or zero for no VlanSetup a two armed configuration yes/no no Enter default gateway IP address or blank to skipSpecify the MIP for this device or cluster Enter port number for the traffic interfaceEnter IP address for this machine on traffic interface Enter a timezone or select select timezoneConfigure the time settings Specify the NTP server, if applicableSpecify the DNS server, if applicable Enter NTP server address or blank to skip IPaddrChange the admin user password, if desired Specify the pVIP of the Nortel Snas 4050 deviceSpecify a name for the Nortel Snas 4050 domain Create http to https redirect server no Settings created by the quick setup wizard Adding a Nortel Snas 4050 device to a cluster Extended profile detailsBefore you begin Joining a cluster Select the option to join an existing clusterEnter network mask 255.255.255.0 mask Enter the existing admin user password password Specify the MIP of the existing clusterSetup successful Login Next stepsApplying and saving the configuration Applying and saving the configuration using the CLI Applying and saving the configuration using the SremCfg/dump Cfg/ptcfgApply and Commit buttons Initial setup 320818-A Chapter Managing the network access devices Managing the network access devices Managing network access devices using the CLI Roadmap of domain commandsReset Adding a network access device using the CLI Using the quick switch setup wizardSpecify the IP address of the network access device Cfg/domain 1/quickGo to on Nsna communication port5000Red vlan id of Switch Vlan ID To continue, go to onManually adding a switch Switch menu displaysCfg/domain #/switch switch ID Deleting a network access device using the CLI Cfg/domain #/switch #/dis Cfg/domain #/switch #/deleteConfiguring the network access devices using the CLI Switch menu includes the following options Cfg/domain #/switch switch ID followed byIp IPaddr Mapping the VLANs using the CLI Cfg/domain #/switch #/vlanFollowed by Dis DeleteDomain vlan or Switch vlan menu displays Cfg/domain #/switch #/vlan followed byCfg/domain #/switch #/vlan/list Add name Vlan IDManaging SSH keys using the CLI Generating SSH keys for the domain using the CLI For an Ethernet Routing Switch 5510, 5520, orNsnas SSH key menu displays Cfg/domain #/sshkeyCfg/domain #/switch #/sshkey/export Nsnas SSH key menu includes the following optionsCfg/domain #/sshkey followed by Shows sample output for the /cfg/domain #/sshkey command Main# /cfg/domain 1/sshkeyCfg/domain #/switch #/sshkey Cfg/domain #/switch #/sshkey followed byCfg/domain#1/sshkey/export command to Reimporting the network access device SSH key using the CLI Monitoring switch health using the CLICfg/domain #/switch #/hlthchk Enter Apply to apply the change immediatelyCfg/domain #/switch #/hlthchk followed by Cfg/domain #/switch #/disHealthCheck menu includes the following options Deadcnt countManaging network access devices using the Srem Adding a network access device using the SremTo add a network access device, use the following steps Cfg/domain #/switch #/enaAdd a Switch Add a Switch fieldsDeleting a network access device using the Srem Configuring the network access devices using the SremSwitch Configuration screen appears see Figure Switch Configuration screen 320818-ASwitch Configuration fields Mapping the VLANs using the Srem You can perform the Vlan mapping in two waysMapping VLANs by domain Domain VLANs screenAdding VLANs to a domain To add VLANs to a domain, complete the following stepsClick Add Add a new Vlan dialog box appears see Figure Add a new Vlan fieldsRemoving VLANs from a domain Mapping VLANs by switch Switch VLANs screenAdding VLANs to a switch To add VLANs to a switch, complete the following stepsManaging SSH keys using the Srem Removing VLANs from a switchManaging the network access devices Managing the network access devices Generating SSH keys for the domain using the Srem Key Generation screen appears see FigureExporting SSH keys for the domain using the Srem Switch SSH Key fieldsExport Key screen appears see Figure Click Apply on the toolbar to begin the export process Export Key fieldsManaging SSH keys for Nortel SNA communication using Switch SSH Key screen appears see FigureReimporting the network access device SSH key using the Srem Monitoring switch health using the Srem Switch SSH Key screen appears see onClick Delete Switch SSH Key Click Import SSH from SwitchHealth Check screen appears see Figure Health Check screen 320818-AViewing a connected client list using the Srem Connected Clients fields Managing the network access devices Switch Configuration screen Chapter Configuring the domain Configuring the domain using the CLI Configuring the domainCfg/domain Logging traffic with syslog messages Captive portal Portal look and feel LinksetsDetails onoff Creating a domain using the CLI Manually creating a domain using the CLIYou can create a domain in two ways Cfg/domain domain ID320818-A Using the Nortel Snas 4050 domain quick setup wizard Main# /cfg/domainCfg/quick Specify the certificate to be used by the portal server Main# cfg/quickConfiguring the domain Do you want to configure a switch? yes/no no Specify whether the SSL server uses chain certificatesDo you require chain certificates yes/no no Do you want an http to https redirect server yes/no noDo you want to create a tunnelguard test user? yes/no yes Configuring the domain Deleting a domain using the CLI To delete a domain, use the following commandCfg/domain #/del Configuring domain parameters using the CLI To configure the domain, use the following commandCfg/domain domain ID followed by Pvips IPaddrHttpredir Configuring the TunnelGuard check using the CLI TG menu displays TG menu includes the following optionsCfg/domain #/aaa/tg Cfg/domain #/aaa/tg followed byCfg/domain #/aaa/tg/status-quo Using the quick TunnelGuard setup wizard in the CLI Cfg/domain #/aaa/tg/quickConfiguring the SSL server using the CLI TunnelGuard quick setup wizard creates a default SRS ruleServer 1001 menu displays Main# /cfg/domain #/aaa/tg/quickTracing SSL traffic using the CLI Server 1001 menu includes the following optionsCfg/domain #/server followed by Interface IDOutput mode SsldumpCfg/domain #/adv/interface command Cfg/domain #/server/trace followed byTcpdump Ping hostConfiguring SSL settings using the CLI SSL Settings menu displaysDnslookup host Traceroute hostSSL Settings menu includes the following options Cfg/domain #/server/ssl followed byCert certificate IndexCachain certificate Index listYes Cfg/domain #/server/ssl/protocolConfiguring traffic log settings using the CLI Ena DisTraffic Log Settings menu displays Traffic Log Settings menu includes the following optionsCfg/domain #/server/adv/traflog Cfg/domain #/server/adv/traflog followed byConfiguring Http redirect using the CLI Cfg/domain #/httpredirCfg/domain #/httpredir followed by Redir onoffConfiguring advanced settings using the CLI Cfg/sys/host #/interface command seeCfg/domain #/adv Cfg/domain #/adv followed byConfiguring Radius accounting using the CLI Managing Radius accounting servers using the CLI Radius Accounting Servers menu displaysCfg/domain #/aaa/radacct Cfg/domain #/aaa/radacct followed byCfg/domain #/aaa/radacct/servers followed by VPN Attribute menu displays NSNAS-Portal-IDCfg/domain #/aaa/radacct/vpnattribu Configuring the domain using the Srem VPN Attribute menu includes the following optionsCfg/domain #/aaa/radacct/vpnattribu followed by VendoridCreating a domain using the Srem Manually creating a domain using the Srem Secure Access Domain Table screen 320818-AAdd a Secure Access Domain Add a Secure Access Domain fieldsUsing the Srem Domain Quick Wizard Configuring the domain Domain Quick Wizard General Settings fields Click Domain Quick WizardClick Next Domain Quick Wizard Certificate Domain Quick Wizard Certificate fieldsOrganization name and do not use any of the following Domain Quick Wizard Certificate Chain Domain Quick Wizard Certificate Chain fieldsDomain Quick Wizard Server dialog box appears see Figure Domain Quick Wizard Server fieldsDomain Quick Wizard Switch dialog box appears see Figure Domain Quick Wizard Switch fieldsDomain Quick Wizard Tunnel Guard dialog box appears see Domain Quick Wizard Tunnel Guard fieldsDeleting a domain using the Srem To delete a domain, perform the following stepsConfiguring domain parameters using the Srem To configure a domain, perform the following stepsDomain Configuration fields Additional domain configuration in the Srem Domain domain Configuration screenAdditional domain configuration tabs Additional domain tree components Component DescriptionConfiguring the TunnelGuard check using the Srem TunnelGuard Configuration screen appears see Figure TunnelGuard Configuration fields Groups using the Srem on Using the TunnelGuard Quick Setup in the Srem TunnelGuard Quick Setup screen appears see FigureTunnelGuard Quick Setup fields Configuring the SSL server using the Srem Server Configuration screen 320818-AServer Configuration fields Configuring SSL settings using the Srem Server SSL Settings screen 320818-AServer SSL Settings fields ALL@STRENGTHConfiguring traffic log settings using the Srem Configuring the domain Server SSL Settings fieldsTraffic Log Syslog Settings screen appears see Figure Traffic Log Syslog Settings fields Configuring Http redirect using the Srem Tracing SSL traffic using the SremHttp Redirect screen 320818-A Configuring Radius accounting using the Srem Http Redirect fieldsConfiguring Nortel Snas 4050-specific attributes using Radius accounting Configuration screen appears see Figure Managing Radius accounting servers using the Srem Adding a Radius accounting server using the SremRadius accounting Configuration fields Radius Accounting Servers screen appears see Figure Radius Accounting Servers screenMoving a Radius accounting server using the Srem Radius Accounting Server fieldsDeleting a Radius accounting server using the Srem Configuring the domain 320818-A Chapter Configuring groups and profiles Configuring groups and profiles OverviewGroups This section includes the following topicsDefault group Linksets TunnelGuard SRS ruleExtended profiles Configuring groups and extended profiles using the CLI Create the SRS rules see TunnelGuard SRS Builder onRoadmap of group and profile commands Configuring groups using the CLI To create and configure a group, use the following commandCfg/domain 1/aaa/group group ID Cfg/domain 1/aaa/group # followed by RestrictExtend profile ID Tgsrs SRS rule name Comment commentMain# /cfg/domain 1/AAA/group Configuring client filters using the CLI Cfg/domain 1/aaa/filter filter IDClient Filter menu includes the following options Cfg/domain 1/aaa/filter filter ID followed byTg truefalseignore Configuring extended profiles using the CLI Main# /cfg/domain 1/AAA/filterCfg/domain 1/aaa/group group IDgroup name/extend Extended Profile menu includes the following options Cfg/domain 1/aaa/group #/extend # followed byFilter name Vlan nameCfg/domain 1/aaa/group #/extend # Linkset DelMain# cfg/domain 1/aaa/group 2/extend Extended Profile 1# ../extend 2/filter tgfailed/vlan YellowMapping linksets to a group or profile using the CLI Cfg/domain 1/aaa/group #/linksetCfg/domain 1/aaa/group #/extend #/linkset Cfg/domain 1/aaa/group #/extend #/linkset followed byMain# cfg/domain 1/aaa/group 1/linkset Linksets# add example2Linksets# insert 2 example3 Configuring groups and extended profiles using the Srem Creating a default group using the CLIConfiguring groups using the Srem This section contains the following topicsUsing the guide for creating groups Click a Guide to Create a Group on the toolbarAdding a group Groups screen 320818-AClick Add Add a Group dialog box appears see Figure Add a Group fieldsTo configure a group, perform the following steps Group Configuration screen appears see FigureModifying a group Configuring client filters using the Srem Group Configuration fieldsAdding a client filter Client Filters screen appears see FigureClick Add Add a Client Filter dialog box appears see Figure Add a Client Filter fields Sheet 1Check using the Srem on To configure a client filter, perform the following steps Client filter Configuration screen appears see FigureModifying a client filter Client Filters configuration fields Configuring extended profiles using the Srem Adding an extended profile Extended Profiles screen appears see FigureAdd an Extended Profile screen Add an Extended Profile fieldsExtended profiles Configuration screen appears see Figure Modifying an extended profileMapping linksets to a group or profile using the Srem Extended Profile Configuration fieldsMapping linksets to a group Linksets screen for a groupAdding linksets to a group To add a linkset to a group, perform the following stepsAdd a Linkset fields Removing linksets from a group Reordering linksets in a groupMapping linksets to a profile Linksets screen for an extended profileAdding linksets to an extended profile Removing linksets from an extended profile Reordering linksets in an extended profileCreating a default group using the Srem AAA Configuration screen 320818-AAAA Configuration fields Configuring groups and profiles 320818-A Chapter Configuring authentication Configuring authentication Before you begin Configuring authentication using the CLI Roadmap of authentication commands Cfg/domain 1/aaaCommand Configuring authentication methods using the CLI Cfg/domain 1/aaa/auth auth IDCfg/domain 1/aaa/auth auth ID followed by RadiusldaplocalDisplay Local accesses the Local database menu Configuring Radius authentication using the CLI Cfg/domain 1/aaa/auth #/advCfg/domain 1/aaa/auth #/adv followed by Groupauth auth IDsAdding the Radius authentication method using the CLI You can perform the following configuration tasksConfiguring authentication Modifying Radius configuration settings using the CLI Main# /cfg/domain 1/aaa/authCfg/domain 1/aaa/auth #/radius Cfg/domain 1/aaa/auth #/radius followed by TypeManaging Radius authentication servers using the CLI Timeout intervalRadius servers menu displays SessiontimRadius servers menu includes the following options Cfg/domain 1/aaa/auth #/radius/servers followed byConfiguring Ldap authentication using the CLI Configuring session timeout using the CLICfg/domain 1/aaa/auth #/radius/sessiontim Adding the Ldap authentication method using the CLI Configuring authentication Modifying Ldap configuration settings using the CLI Cfg/domain 1/aaa/auth #/ldapLdap menu displays Ldap menu includes the following options Cfg/domain 1/aaa/auth #/ldap followed byDo not use the isdbinddn and isdbindpas SAMAccountName=bill . The user’s login Isdbindpas passwordUserattr names Ou=Users, dc=example, dc=com .Enaldaps truefalse Enauserpre truefalseActivedire Managing Ldap authentication servers using the CLI Cfg/domain 1/aaa/auth #/ldap/serversRemoves the specified Ldap server from the current Managing Ldap macros using the CLI Cfg/domain 1/aaa/auth #/ldap/ldapmacroCfg/domain 1/aaa/auth #/ldap/ldapmacro followed by Add variable name Ldap attributePrefix suffix Variable nameManaging Active Directory passwords using the CLI Set the Active Directory settings usingActive Directory Settings menu displays Cfg/domain 1/aaa/auth #/ldap/activedire commandConfiguring local database authentication using the CLI Configuring authentication Authentication menu commands local database Managing the local database using the CLI You can add users to the database in two waysLocal database menu displays Cfg/domain 1/aaa/auth #/localCur group command Local database menu includes the following optionsCfg/domain 1/aaa/auth #/local followed by TAB or use the /cfg/domain 1/aaaImport protocol Server filename keySpecifying authentication fallback order using the CLI Export protocolCfg/domain 1/aaa/authorder auth ID,auth ID Main# /cfg/domain 1/aaa/authorderConfiguring authentication using the Srem Configuring authentication methods using the Srem Authentication Server Table appears see FigureConfiguring Radius authentication using the Srem Add an Authentication Server Radius 320818-A Adding the Radius method and serverModifying Radius configuration Add an Authentication Server Radius fieldsModifying Radius method settings Configuration 320818-AConfiguration fields Modifying Radius configuration settings Radius Configuration screen appears see FigureRadius Configuration fields Configuring authentication Radius Configuration fields Managing additional Radius servers Adding a Radius server Add a Radius Server fieldsConfiguring authentication Add a Radius Server fields Reordering additional Radius serversRemoving a Radius server Configuring Ldap authentication using the Srem Next stepsAdd an Authentication Server Ldap fields Adding the Ldap method and serverModifying Ldap configuration Modifying Ldap method settings Configuration fields Modifying Ldap configuration settings Ldap Configuration screen appears see FigureLdap Configuration fields Ou=Users, dc=example, dc=com. The user Cn=Users, dc=example, dc=comConfiguring authentication Ldap Configuration fields Active Directory, onManaging additional Ldap servers Adding an Ldap server Click ApplyAdd an Ldap Server fields Reordering additional Ldap servers Removing an Ldap serverManaging Ldap macros Ldap Macros Adding Ldap macros Add an Ldap Macro fieldsReordering Ldap macros Removing Ldap macrosConfiguring local database authentication using the Srem Populate the database see Populating the database onAdding the Local method Add an Authentication Server Local fields Database onPopulating the database Adding users to the local databaseYou can populate the Local database in two ways Local Users screen appears see FigureClick Add Add a Local User dialog box appears see Figure Add a Local User fieldsConfiguring authentication Importing a database Import Local User Database 320818-AModifying Local database configuration Import Local User Database fieldsModifying Local method settings Modifying local users Local Users screen appears see onLocal Users Configuration 320818-A Modifying local user passwords Local Users Configuration fieldsSelect the Local User Configuration tab Local Users Local User Configuration 320818-ALocal Users Local User Configuration fields Exporting the database Export Local User Database 320818-AExport Local User Database fields Specifying authentication fallback order using the Srem Authentication Server Order Saving authentication settings Chapter TunnelGuard SRS Builder Configuring SRS rules TunnelGuard user interfaceTunnelGuard SRS Builder \tunnelguard\tg.txtMenu commands File menuSoftware Definition menu Describes important items from the File menuSoftware Definition Entry menu Software Definition Entry menu items Sheet 1TunnelGuard Rule menu Tool menuDescribes important items from the TunnelGuard Rule menu Describes important items from the Tool menuSRS definition toolbar SRS Definition toolbar item descriptionsSoftware Definition Available SRS list SRS Components tableSRS Components table items Customizing a component WINNT%\xxx.dllMemory snapshot TunnelGuard Rule Definition screenSRS Rule toolbar Memory snapshot item descriptionsSRS Rule list SRS Rule Expression ConstructorAvailable Expression list Rule Expression ConstructorManaging TunnelGuard rules and expressions Creating a software definitionAdding entries to a software definition Selecting modules or files from running processesCreate New Memory Module SRS window For more information, see Making API calls on Selecting file on disk Select the TunnelGuard Rule Definition tabCreate New on Disk SRS Entry window Creating logical expressions Click the TunnelGuard Rule Definition tab TunnelGuard Rule Definition tabClick the Form TunnelGuard Rule Expression button Available Expressions screen New SRS Rule windowTunnelGuard Rule Name screen Registry-based rules Registry-only SRS entryDescribes supported operands for integer values Supported integer operandsConstructs for string based regular expressions Sheet 1 String regular expression DescriptionCreating a registry entry Registry-based File/Module Enter the Key Value Data ExpressionTunnelGuard SRS Builder Registry Entry Manually creating SRS entries Manually creating an OnDisk file entryCreate new OnDisk SRS Entry Manually creating a Memory Module entry Create New Memory Module SRS Entry page opens see onCreate new Memory Module SRS entry File age check Adding comments Adding a TunnelGuard rule commentTunnelGuard SRS Builder Date/Time Range Deleting SRS rules and their components Adding a software definition commentDeleting a software definition Deleting a software definition entryDeleting a TunnelGuard rule Deleting an expressionTunnelGuard support for API calls Making API callsTunnelGuard SRS Builder 320818-A Chapter Managing system users and groups User rights and group membership Managing system users and groupsGroup membership and user rights Managing system users and groups using the CLI Roadmap of system user management commandsCfg/sys/user Managing user accounts and passwords using the CLI User menu displays User menu includes the following optionsCfg/sys/user followed by Del username Add usernameManaging user settings using the CLI Edit usernameCaphrase Managing user groups using the CLI Password userPassword confirm User password Cfg/sys/user/edit usernameCLI configuration examples Adding a new userThis section includes the following detailed examples Cfg/sys/user/edit username/groupsAccess the User Menu Main# /cfg/sys/userUser# edit certadmin Apply the changes Verify and apply the changes User# edit admin Changing a user’s group assignmentChanging passwords Changing your own passwordChanging another user’s password Type the password command to initialize the password change Deleting a user Managing system users and groups using the Srem Managing user accounts using the SremTo manage users, choose from one of the following tasks User Table Adding new user accounts Click Add Add a User dialog box appears see FigureRemoving existing user accounts To remove an existing user, perform the following stepsAdd a User fields Setting password expiry using the Srem Password Setting 320818-APassword Settings fields Changing your password using the Srem Change Your Password 320818-AChanging another user’s password using the Srem Click Change PasswordOnly the admin user can change the passwords of other users Change Your Password fieldsChange User Password 320818-A Setting the certificate export passphrase using the Srem Change User Password fieldsSet Certificate Export PassPhrase screen appears see Figure Set Certificate Export PassPhrase 320818-AManaging user groups using the Srem Click Set Pass PhraseSet Certificate Export PassPhrase fields Adding a user group Choose from the following tasks to manage users groupsTo add a new user group, perform the following steps Removing a user group Click Add Add a User Group dialog box appears see FigureAdd a User Group fields Managing system users and groups Chapter Customizing the portal and user logon Captive portal and Exclude List Customizing the portal and user logonExclude List Allowed regular expressions and escape sequences String Usage ExpressionsPortal display Portal look and feelDefault appearance ColorsCommon colors, with hexadecimal codes Sheet 1 Color Hexadecimal codeLanguage localization Content-Type text/plain charset=iso-8859-1/n Linksets and links Autorun linksetsPlanning the linksets MacrosAutomatic redirection to internal sites Examples of redirection URLs and linksExamples of redirection URLs and link text Sheet 1 Managing the end user experience Automatic JRE uploadCustomizing the portal and logon using the CLI Roadmap of portal and logon configuration commandsWindows domain logon script Number Color2 code Configuring the captive portal using the CLI Configuring the Exclude List using the CLIDNS Exclude menu displays Cfg/domain 1/dnscaptChanging the portal language using the CLI DNS Exclude menu includes the following optionsCfg/domain 1/dnscapt/exclude followed by Configuring language support using the CLI Language Support menu displaysCfg/lang Cfg/lang/import command Language Support menu includes the following optionsCfg/lang followed by Server filenameSetting the portal display language using the CLI Cfg/domain 1/portal/langCfg/domain 1/portal/lang followed by Cfg/domain 1/portal/lang/listConfiguring the portal display using the CLI RestoreCfg/domain 1/portal Cfg/domain 1/portal followed byLogintext text Redirect URLLinktext text Linkurl onoffLinkcols columns Linkwidth widthChanging the portal colors using the CLI Portal Colors menu displaysCfg/domain 1/portal/colors Configuring custom content using the CLI Portal Custom Content menu displaysCfg/domain 1/portal/content Portal Colors menu includes the following optionsPortal Custom Content menu includes the following options Cfg/domain 1/portal/content followed byTftpftpscpsftp. The default is tftp AvailableConfiguring linksets using the CLI Cfg/domain 1/linkset linkset IDLinkset menu includes the following options Cfg/domain 1/linkset linkset ID followed byText text Autorun truefalseConfiguring links using the CLI Cfg/domain 1/linkset linkset ID/link indexLink menu includes the following options Cfg/domain 1/linkset linkset ID/link index followed byMove new index Configuring external link settings using the CLI Configuring FTP link settings using the CLICfg/domain 1/linkset linkset ID/link index/ external/quick Cfg/domain 1/linkset linkset ID/link index/ ftp/quickCustomizing the portal and logon using the Srem Configuring the captive portal using the SremEnabling DNS capture DNS Capture screen includes the following components DNS Capture fieldsConfiguring the DNS Exclude List using the Srem Click Add Entry appears in the DNS Exclude ListAdd DNS Domain fields Changing the portal language using the Srem Configuring language support using the Srem Select the System Language tabLanguages sub-tabs appear see Figure Choose from one of the following tasksTo view custom languages, use the following procedure Viewing predefined languagesViewing and removing custom languages Importing and exporting language definitions Click the Import/Export Definition tabImport/Export Definition screen appears see Figure Import/Export Definition fields Setting the portal display language using the Srem Configuring the portal display using the Srem Language fieldsConfiguring content Portal Configuration tab appears see FigurePortal Configuration fields Sites, see on Importing banners Import Banner screen 320818-AImport Banner fields Changing the portal colors using the Srem Color Settings screen 320818-AColor Settings fields Configuring custom content using the Srem Viewing basic information about custom content Basics screen appears see FigureBasics fields Importing custom content To import custom content, perform the following stepsImport Content screen appears see Figure Import Content fields Exporting custom content To export custom content, perform the following stepsExport Content screen appears see Figure Configuring linksets using the Srem Export Content fieldsCreating a linkset To create a linkset, perform the following stepsPortal Links screen appears see Figure Click Add Add a Linkset dialog box appears see Figure Add a LinksetLinkset Configuration screen appears see Figure Modifying a linksetTo modify a linkset, perform the following steps Linkset Configuration fields See Linksets and links onConfiguring links using the Srem Creating an external link using the Srem To create an external link, perform the following stepsLinks screen appears see Figure Click Add Add a Portal Link dialog box appears see Figure Add a Portal Link fieldsCreating an FTP link using the Srem To create an FTP link, perform the following steps Add a Portal Link FTPAdd a Portal Link FTP fields Modifying external link settings using the Srem External link Configuration screen appears see FigureTo modify a link, perform the following steps External link Configuration fields Reordering links using the Srem onModifying FTP link settings using the Srem FTP link Configuration screen appears see FigureReordering links using the Srem FTP link Configuration fieldsRe Order Links screen appears see Figure Re Order Links fieldsCustomizing the portal and user logon 320818-A Chapter Configuring system settings Configuring system settings Configuring the cluster using the CLI Cfg/sysRoadmap of system commands Parameter Health interval Show Configuring system settings using the CLI Cfg/sys followed byRsa server ID Configuring the Nortel Snas 4050 host using the CLI Cfg/domain #/server/trace/ssldumpCfg/domain #/server/trace/tcpdump Cfg/sys/host host IDCluster Host menu includes the following options Cfg/sys/host host ID followed by/cfg/sys/host #/interface # Interface numberPorts Ports = 1,23Hwplatform HaltReboot Cfg/sys/cur commandCfg/sys/host #/delete Configuring host interfaces using the CLI Viewing host informationCfg/sys/host host ID/interface interface ID Cfg/sys/host #/interface interface IDCfg/sys/host #/interface interface ID followed by Vlanid tagMode FailovertrunkingConfiguring static routes using the CLI Primary portCfg/sys/routes Cfg/sys/host host ID/routesConfiguring host ports using the CLI Cfg/sys/host #/interface #/routes followed byAdd IPaddr mask GatewayManaging interface ports using the CLI Host Port menu includes the following optionsCfg/sys/host #/port port followed by Cfg/sys/host #/interface interface ID/portsConfiguring the Access List using the CLI Cfg/sys/host #/ports command seeCfg/sys/accesslist Interface Ports menu includes the following optionsConfiguring date and time settings using the CLI Cfg/sys/accesslist followed byDate and Time menu displays Add IPaddr maskManaging NTP servers Date and Time menu includes the following optionsNTP Servers menu displays Cfg/sys/time followed byConfiguring DNS servers and settings using the CLI NTP Servers menu includes the following optionsCfg/sys/time/ntp followed by Cfg/sys/dnsRetransmit interval Count countTtl ttl Health intervalManaging DNS servers Cfg/sys/dns/serversCfg/sys/dns/servers followed by Configuring RSA servers using the CLI RSA Servers menu displays Switch Software ReleaseMove index number new index number Cfg/sys/rsaConfiguring syslog servers using the CLI RSA Servers menu includes the following optionsSyslog Servers menu displays Cfg/sys/rsa followed bySyslog Servers menu includes the following options Cfg/sys/syslog followed byFacility Syslog.conf under UnixConfiguring administrative settings using the CLI Administrative Applications menu displaysCfg/sys/adm Cfg/sys/adm followed bySrsadmin AuditAuth Telnet onoffEnabling TunnelGuard SRS administration using the CLI Configuring Nortel Snas 4050 host SSH keys using the CLICfg/sys/adm/srsadmin Cfg/sys/adm/srsadmin followed byCfg/sys/adm/sshkeys Cfg/sys/adm/sshkeys followed byDraft-ietf-secsh-publickeyfile KnownhostsManaging known hosts SSH keys using the CLI SSH Known Host Keys menu displaysSSH Known Host Keys menu includes the following options Cfg/sys/adm/sshkeys/knownhostsConfiguring Radius auditing using the CLI About Radius auditingAbout the vendor-specific attributes Configuring Radius auditing Map this string to the Vendor-Type valueNSNAS-SSL-Audit-Trail Cfg/sys/adm/auditManaging Radius audit servers using the CLI Radius Audit Servers menu displaysRadius Audit Servers menu includes the following options Cfg/sys/adm/audit/serversAdds a Radius audit server to the configuration. You Configuring authentication of system users using the CLI Cfg/sys/adm/authRadius Authentication Servers menu displays Fallback onoffCfg/sys/adm/auth/servers Cfg/sys/adm/auth/servers followed by Configuring the cluster using the Srem Configuring system settings using the Srem Select the System Configuration tabSystem Configuration screen appears see Figure Configuring a Nortel Snas 4050 host using the Srem System Configuration fieldsHosts Viewing and configuring TCP/IP properties HostViewing and installing host licenses Host fieldsViewing global licenses for all hosts Describes the Global Licenses fields Global Licenses fieldsViewing per domain licenses for all hosts Describes the Per Domain Licenses fields Per Domain Licenses fieldsViewing installed licenses for a particular host Installing a license for a particular host Install New License Configuring host interfaces using the Srem To continue, choose one of the following proceduresAdding a host interface To create a host interface, perform the following stepsSelect the System Hosts host Interfaces tab Add an Interface fieldsConfiguring system settings Add an Interface fields Click Apply New interface appears in the Interfaces tableConfiguring an existing host interface Interface fields Link is transferred back to the primary port Configuring static routes using the Srem Removing a host interfaceTo delete a host interface, perform the following steps Viewing static routes for a cluster IP RoutesViewing static routes for a host RoutesViewing static routes for an interface Managing static routesAdding a static route Add Route fieldsRemoving a static route Configuring host ports using the Srem PortsPort Port fields Managing interface ports using the Srem Adding interface ports Removing interface portsAdd a Port fields Configuring the access list using the Srem Adding an access list entry Access List Table appears see FigureSelect the System Access List tab Access List Table appears see on Click AddRemoving an Access List entry Add Access Host dialog box appears see FigureAdd Access Host fields Managing date and time settings using the Srem Date & TimeConfiguring the date and time settings Select the System Date & Time tabDate & Time fields Adding an NTP server Select the System Date and Time tabAdd NTP Server fields Removing an NTP server Configuring DNS settings using the Srem Select the System DNS Client Settings tabDNS Client Settings screen appears see Figure DNS Client Settings fields Configuring servers using the Srem Managing syslog serversAdding a new syslog server From this screen, complete the following tasks as necessaryClick Add Add Syslog Server dialog box appears see Figure Add Syslog Server fieldsReordering a new syslog server Removing an existing syslog serverAdding a DNS server on Removing an existing DNS server on Adding a DNS server Select the System Servers DNS Servers tabAdd DNS Server fields Removing an existing DNS server Managing RSA servers RSA Server TableTo configure RSA servers, perform the following steps Adding an RSA serverSelect the System Servers RSA Server Table tab Add RSA Server fieldsRemoving an existing RSA server Removing the RSA node secretDescribes the RSA Server fields RSA Server fieldsImporting sdconf.rec Click Remove Secret NodeSelect an RSA server from the RSA Server Table Select the Import sdconf.rec tab Import sdconf.rec screen appears see FigureConfiguring administrative settings using the Srem Import sdconf.rec fieldsConfiguring SRS control settings using the Srem Configuring Nortel Snas 4050 host SSH keys using Select from one of the following tasksAdd SSH Key fields Showing SSH keys Show SSH KeysConfiguring system settings Managing Nortel Snas 4050 and known host SSH keys Click Generate SSH Keys SSH Keys Hosts fieldAdding an SSH key for a known host using the Srem Add SSH KeyManaging Radius audit settings using the Srem About the vendor-specific attributes Configuring Radius auditing Configuring Radius audit settings using the Srem Radius audit ConfigurationDescribes the Add Audit Configuration fields Add Audit Configuration fieldsManaging Radius audit servers using the Srem Select from the following tasks to manage the audit serversAdding a new Audit Server Click Add Add Audit Server dialog box appears see FigureAdd Audit Server fields Removing an existing Radius audit server Managing Radius authentication of system users using Configuring Radius authentication of system users using Radius Authentication Configuration fields Managing Radius authentication servers using the Srem Radius Server Table appears see FigureAdding a Radius authentication server Add Radius Server fieldsRemoving an existing Radius server Configuring system settings 320818-A Chapter Managing certificates Managing certificates Key and certificate formats Supported key and certificate formats Sheet 1320818-A Installing certificates and keys Creating certificatesSaving or exporting certificates and keys Updating certificatesManaging private keys and certificates using the CLI Roadmap of certificate management commands Managing and viewing certificates and keys using the CLI Cfg/cert cert idCfg/cert cert ID followed by /cfg/cert #/show command Generating and submitting a CSR using the CLI Cert #/export commandPhrase Cfg/cert #/request CSR informationIPip-address Emailemail-addressEmail Address tester@dummyssltesting.com Generating a CSRSave the CSR to a file Adding a certificate to the Nortel Snas 4050 using the CLI Entire contents of the key, including Add the certificate Enter the following commandLines Cfg/cert #/certAdding a certificate by pasting Certificate added Certificate 2# applyAdding a private key to the Nortel Snas 4050 using the CLI Add the private key Enter the following commandCfg/cert #/key Adding a private key by pasting Cfg/cert #/import Certificate and key import informationAdmin@hostname.isd AnonymousDisplaying or saving a certificate and key using the CLI Cfg/cert #/displayCopy the private key, certificate, or both, as required Displaying a private key and certificate Cfg/cert #/export Certificate and key export informationAbout the formats, see Key and certificate formats on Generating a test certificate using the CLI Cfg/cert #/testManaging private keys and certificates using the Srem Viewing certificates using the Srem Certificates screenCreating a certificate using the Srem To create a certificate, perform the following stepsSelect the Certificates Certificates tab Add a Certificate Component fieldsManaging certificates Generating and submitting a CSR using the Srem To generate a CSR, perform the following stepsCA Request fields Importing a certificate or key using the Srem Import Certificate screen 320818-A Displaying or saving a certificate and key using the Srem Import Certificate fieldsDisplay Certificate screen 320818-A Display Certificates fields Export Certificate screen 320818-A Export Certificate fields Viewing certificate information using the Srem Viewing configuration detailsConfiguration screen appears see Figure Describes the certificate Configuration fieldsCertificate Configuration fields Managing certificates Certificate Configuration fields Viewing general informationInfo screen appears see Figure Describes the Info fieldsInfo fields Viewing certificate subject settings Managing certificates Info fieldsSubject screen appears see Figure Describes the Subject fieldsSubject fields Managing certificates Subject fields Chapter Configuring Snmp Configuring Snmp using the CLI Configuring SnmpCfg/sys/adm/snmp Roadmap of Snmp commands Configuring Snmp settings using the CLI Snmp menu displays Snmp menu includes the following optionsConfiguring the Snmp v2 MIB using the CLI SNMPv2-MIBmenu displaysCfg/sys/adm/snmp/snmpv2-mib Configuring the Snmp community using the CLI SNMPv2-MIBmenu includes the following optionsCfg/sys/adm/snmp/snmpv2-mib followed by Cfg/sys/adm/snmp/communityConfiguring SNMPv3 users using the CLI Cfg/sys/adm/snmp/users user IDMd5 Sha Des AesSnmp User menu includes the following options Cfg/sys/adm/snmp/users user ID followed byConfiguring Snmp notification targets using the CLI Notification Target menu displaysCfg/sys/adm/snmp/target target ID Configuring Snmp events using the CLI Notification Target menu includes the following optionsEvent menu displays Version v1v2cv3Event menu includes the following options Cfg/sys/adm/snmp/event followed byOptions -b name OID op valueOptions -t name OID valueEvent Options -x name OIDComment name NotificationConfiguring Snmp settings using the Srem This section contains information about the following topicsConfiguring Snmp using the Srem To configure SNMP, perform the following stepsSnmp Configuration fields SonmpConfiguring Snmp targets using the Srem Adding Snmp targets To add an Snmp target, perform the following stepsSnmp Target Table appears see Figure Click Add Add Snmp Target dialog box appears see Figure Add Snmp Target 320818-ASnmp Target fields Target Settings screen appears see Figure Managing Snmp targetsTo manage Snmp targets, perform the following steps Removing Snmp targets Configuring SNMPv3 users using the Srem Adding SNMPv3 users To add an SNMPv3 user, perform the following stepsSNMPv3 User Table appears see Figure Click Add Add SNMPv3 User dialog box appears see Figure Add SNMPv3 User 320818-AAdd SNMPv3 User fields User Settings screen appears see Figure Managing SNMPv3 usersUser Settings fields Sheet 1 Configuring Snmp User Settings fields Sheet 2 Removing SNMPv3 usersConfiguring Snmp events using the Srem Managing monitor eventsTo manage monitor events, select from the following tasks Adding monitor events To add monitor events, perform the following stepsViewing configuration details of monitor events Add a Monitor fieldsRemoving monitor events Boolean monitorsTo delete a monitor event, perform the following steps Add a Monitor Boolean Boolean monitor fields Sheet 1Configuring Snmp Boolean monitor fields Sheet 2 Threshold monitorsThreshold monitor fields Existence monitors Existence monitor fields Sheet 1Managing notification events Existence monitor fields Sheet 2Adding notification events To add notification events, perform the following stepsNotification Table screen appears see Figure Add a Notification Event Add a Notification Event fieldsRemoving notification events To delete a notification event, perform the following steps659 Roadmap of information and statistics commands Viewing system information and performance statisticsInfo StatsViewing system information using the CLI Information menu displaysInformation menu includes the following options Info followed byDomain ID Switchid Info/mac commandKick domain ID UsernameInfo/ip command Switch IDMac MACaddr Username-prefixLocal EthernetViewing alarm events using the CLI To view active alarms, use the following commandInfo/events Info/events followed byViewing log files using the CLI Viewing AAA statistics using the CLITo view and download log files, use the following command Logs menu displays Logs menu includes the following optionsStats/aaa Stats/aaa followed byTotal Isdhost host IDMain# stats/aaa/dump Viewing all statistics using the CLI Viewing local information using the SremStats/dump Information screen appears see Figure Describes the Information fieldsInformation fields Viewing cluster information using the Srem Viewing the controller list using the Srem Describes the Controller List fields Controller List fieldsViewing Sonmp topology information using the Srem Describes the Sonmp State fields Sonmp State fieldsViewing switch distribution using the Srem Viewing port information using the Srem Describes the Switch Distribution fieldsSwitch Distribution fields Describes the Port Information fields Port Information fields Sheet 1Viewing license information using the Srem Viewing global license information Nortel Snas 4050, SSL is the only type of license Viewing license information for a domain Viewing session details using the Srem Viewing active sessions using the Srem Sessions screenDescribes the Sessions parameters Sessions parametersViewing details for a particular session Session Properties screenEnding active user sessions Describes the Session Properties parametersClick KickOut KickOut User fieldsViewing the number of active sessions using the Srem Describes the Number of Sessions fieldsNumber of Sessions fields Viewing alarms using the Srem Viewing active alarms using the Srem Active Alarms screen 320818-ADescribes the Active Alarms fields Active Alarms fieldsDownloading alarms using the Srem Download Alarms screen 320818-AManaging log files using the Srem Describes the Download Alarms fieldsDownload Alarms fields Viewing the log list using the Srem Logs screenDownloading log files using the Srem Describes the Download fieldsDownload fields Sheet 1 Viewing AAA statistics using the Srem Viewing AAA statistics for a host Hosts tableLicense tab opens see on Viewing License statistics For a description of the fields, seeTableLicense statistics Sheet 1 Viewing Radius statistics Radius statistics 320818-ARadius statistics Viewing Local database statistics Local DB statistics Sheet 1Viewing Ldap statistics Ldap statistics Viewing AAA statistics for the domain Statistics tableSelect one of the following tasks Viewing License statistics For the Nortel Snas 4050, SSL is the only type of license For a description of the fields, see Table Viewing Radius Statistics Sheet 1320818-A Viewing Local database statistics Logging Accepted Rejected Viewing Ldap Statistics Sheet 1 Viewing Ethernet statistics using the Srem Ethernet Interface table Viewing Rx statistics For a description of the fields seeTableViewing Rx statistics Sheet 1 Rx Frames Displays number of errors due to malformed packets Viewing Tx statistics Viewing Tx Statistics Sheet 1Information, see Configuring host ports using the Srem Page Chapter Maintaining and managing the system Managing and maintaining the system using the CLI Maintaining and managing the systemMaint Roadmap of maintenance and boot commands BootPerforming maintenance using the CLI Maintenance menu displaysMaintenance menu includes the following options Dumplogs protocol server filename all-isds?Maint followed by All-isds?Starttrace tags Domain ID outputMode StoptraceBacking up or restoring the configuration using the CLI Cfg/dump passphraseConfiguration menu backup and restore commands CfgPtcfg protocol Server filename passphraseCfg followed by Gtcfg protocolPassphrase Dump passphraseManaging Nortel Snas 4050 devices using the CLI Boot menu displays Boot menu includes the following optionsBoot followed by SoftwareCfg/sys/host #/reboot command instead Cfg/sys/host #/delete command seeCfg/sys/host #/delete command Boot/softwareBoot/software followed by Activate commandSoftware Management menu includes the following options Activate versionManaging and maintaining the system using the Srem Performing maintenance using the SremUpgradecomplete.pkg Ftp 10.0.0.1 pub/SSL-5.1.1Dumping logs and status information using the Srem DumpsStarting and stopping a trace using the Srem Click DumpDump fields To start or stop a trace, perform the following steps Start/Stop Trace fields Checking configuration using the Srem Click Check ConfigurationBacking up or restoring the configuration using the Srem Backup & Restore 320818-ABackup & Restore fields If you later restore the configuration, the CertificateManaging software versions using the Srem Image ListDescribes the Image List fields Following tasks are available from this screenImage List fields Select the System Boot Image List tab Viewing details of the active software imageActivating a software image Downloading images using the Srem Removing an inactive software imageMaintaining and managing the system Rebooting or deleting a Nortel Snas 4050 device using Download Image fieldsReboot/Delete ISD Options Downloading files using the Srem File Download screen appears see Figure Describes the File Download fieldsFile Download fields Running Nortel Snas 4050 diagnostics using the Srem Maintaining and managing the system File Download fieldsDescribes the Diagnostics fields Diagnostics fieldsMaintaining and managing the system 320818-A Chapter Upgrading or reinstalling the software Upgrading the Nortel SnasPerforming minor and major release upgrades Upgrading or reinstalling the softwareDownloading the software image using the CLI Enter the host name or IP address of the serverActivating the software upgrade package Admin@hostname/IP.isdNsnas At the Software Management# prompt, enter Log in again and verify the new software versionReinstalling the software Before you beginUpgrading or reinstalling the software Reinstalling the software from an external file server Booting Login Restarting Restarting systemAlteon WebSystems, Inc Reinstalling the software from a CD When the installation is complete, remove the CD and rebootRun install-nsnas isd4050 Upgrading or reinstalling the software 320818-A Chapter Command Line Interface Connecting to the Nortel Snas Command Line InterfaceEstablishing a console connection Procedure Console configuration parametersRequirements Enabling and restricting Telnet access Establishing a Telnet connectionEstablishing a connection using SSH Enabling and restricting SSH accessRunning Telnet Running an SSH client Accessing the Nortel Snas 4050 cluster For more information, see How to get help onUser access levels CLI Main Menu or Setup Command line history and editingIdle timeout Command Line Interface On page 780 illustrates the network configuration ScenarioConfiguration example Network devices Sheet 1Summarizes the VLANs for the Ethernet Routing Switch Configuration example Network devices Sheet 2VLANs for the Ethernet Routing Switch Configure the network DNS server StepsConfigure the network Dhcp server Create a new Dhcp scope see FigureNaming the new Dhcp scope 320818-A Specify the IP address range for the Dhcp scope see Figure Choosing to configure additional options 320818-A Enter the IP address of the default gateway see Figure Enter the IP address of the DNS server see Figure Specifying the DNS serverConfigure the network core router Shows the Dhcp scopes created for use in this exampleConfigure the Ethernet Routing Switch 8300 using the CLI StepsConfiguring the Nortel Snas 4050 pVIP subnet Configuring the VoIP VLANsConfiguring the Red, Yellow, and Green VLANs Enabling SSHConfiguring the Nsna uplink filter Configuring the Nsna portsEnabling Nsna globally Add the uplink portConfigure the Ethernet Routing Switch Setting the switch IP addressConfiguring SSH 5510-48Tconfig# ssh5510-48Tconfig#nsna nsnas 10.40.40.0/24 5510-48Tconfig#nsna vlan 240 color voipConfigure the Nortel Snas Configuring the login domain controller filters5510-48Tconfig-if#exit 5510-48Tconfig#nsna enablePerforming initial setup 10.40.40.1Completing initial setup Enable SRS administrationEnter a password for the admin user Main# cfg/sys/adm/srsadmin/enaAdding the network access devices Main# cfg/domain 1/sshkey/generateGroup 1# /cfg/domain 1/aaa/tg/quick TG#../group 1/tgsrs srs-rule-testAdding the Ethernet Routing Switch Add the switch manuallyImport the public SSH key from the switch Main# cfg/domain 1/switch 1 Creating SwitchUse the quick switch wizard Main# cfg/domain 1/switch 2/sshkey/importMain# cfg/domain 1/switch 1/vlan/add yellow Switch Vlan# ../../vlan/add yellowEnabling the network access devices Main# cfg/domain 1/switch 1/ena Switch 1# ../switch 2/enaSwitch 2# apply Changes applied successfully Domain Vlan# apply Changes applied successfullyConfiguration example 320818-A Appendix a CLI reference Using the CLI Global commandsPaste ExitQuit NetstatCommand line history and editing Command stacking You can use the following CLI command shortcutsCommand line history and editing options Sheet 2 CLI shortcutsCommand abbreviation Tab completionNTP Servers# ../../dns/servers Main# cfg/sys/time/ntp/list Main# c/sy/t/n/lUsing a submenu name as a command argument Configuration# cur sysUsing slashes and spaces in commands IP address and network mask formatsIP addresses Network masksVariables VariablesCLI command reference CLI Main MenuAppendix a CLI reference Information menu commands Sheet 1 Information menuCerts SysStatistics menu Configuration menu Configuration menu commands Sheet 1Cfg/cert cert ID Name name CertCfg/domain Name name Auth ID RadiusldaplocalAuth #/adv Secondauth auth ID Auth ID for LdapCfg/domain #/aaa Servers Auth #/ldap SearchbaseAuth #/ldap/activedire Truefalse Expiredgro GroupAuth #/local Password group Cfg/domain #/aaa Add user namePasswd user name Auth #/radius Vendorid vendor IDProfile ID Access rule Number Linkset Del Cfg/domain #/aaa Vendorid vendor IDAuth #/radius Vendortype vendor Type Ena Dis Cfg/domain #/aaaGroup #/extend # Del index number Group #/linkset Del index numberRadacct Vpnattribu Ena Dis Cfg/domain #/aaa ListCfg/domain #/aaa/tg Quick Recheck intervalHeartbeat interval Cfg/domain #/adv Interface interfaceRestore Cfg/domain #/linkset Name nameLinkset ID Text text Linkset #/link index Text textContent Server filename Cfg/domain #/portal Color1 codeColors Color2 code Lang CharsetCfg/domain #/server Sysloghost IPaddr Adv/traflog Udpport portProtocol Ssl2ssl3ssl23tls1Cfg/domain #/switch Name name Switch ID Type ERS8300ERS5500Switch #/dis Switch #/enaCfg/domain #/vlan Add name Vlan ID PassphraseCfg/gtcfg protocol Passphrase Cfg/lang Import protocolCfg/sys/accesslist List Add IPaddr maskCfg/sys/adm Snmp Sonmp onoffCfg/sys/adm/auth List Shared secretCfg/sys/adm/snmp Ena Versions v1v2cv3Snmpv2-mib SnmpEnable Disabledenabled Cfg/sys/adm/snmp Ip IPaddrCfg/sys/adm/snmp Addmonitor Event Options -b nameCfg/sys/adm/snmp Name name Users user ID SeclevelDis Cfg/sys/adm/sshkeys Generate KnownhostsMode fullhalf Cfg/sys/host #/routes Cfg/sys/dns/servers ListInterface #/ports Del port Add port Cfg/sys/host # ListCfg/sys/host Ip IPaddr Host ID SysName nameSysLocatio Cfg/sys/rsa Rsaname nameAdd IPaddr Cfg/sys/user Password old Password newPassword confirm Username Password userBoot menu Boot menu commandsBoot Software Reboot Delete Boot/software CurMaintenance menu Maintenance menu commandsMaint Dumplogs protocol All-isds?Chapter Troubleshooting Troubleshooting tipsCannot connect to the Nortel Snas 4050 using Telnet or Verify the current configurationEnable Telnet or SSH access Check the Access ListCheck the IP address configuration # /cfg/cur sys Cannot add the Nortel Snas 4050 to a cluster Cannot contact the MIPAdd Interface 1 IP addresses and the MIP to the Access List Main# /cfg/sys/accesslist/addEnter network address IP address Enter netmask network mask Nortel Snas 4050 stops responding Telnet or SSH connection to the MIPConsole connection User password is lost Administrator user passwordOperator user password Root user passwordBoot user password Trace toolsUser fails to connect to the Nortel Snas 4050 domain Main# maint/starttraceSample output for the trace command Tag Description Sample outputSystem diagnostics Installed certificatesNetwork diagnostics Cluster Host 1# cur Main# /cfg/sys/curMain# /stats/dump Main# /info/ethernetActive alarms and the events log file Error log filesTroubleshooting Appendix B Syslog messages Syslog messages by message typeOperating system OS messages Lists the Emerg operating system messagesLists the operating system Critical messages Operating system messages Error System Control Process messagesLists the operating system Emerg messages About alarm messages Alarm severity and syslog level correspondenceLists the System Control Process Info messages System control process messages InfoSystem Control Process messages Alarm AlarmAudit/ena command About event messagesSystem Control Process messages Event With /cfg/sys/curLists the Traffic Processing Error messages Traffic Processing messages Error Sheet 1Traffic Processing Subsystem messages Lists the Traffic Processing Critical messagesCss error reason Traffic Processing messages Error Sheet 3 Lists the Traffic Processing Warning messagesTraffic Processing messages Warning Domain #/server/portalStart-up messages Lists the Traffic Processing Info messagesTraffic Processing messages Info Lists the AAA Error messages AAA messages ErrorAAA subsystem messages Lists the Start-up Info messagesAAA messages Info Sheet 1 Log value Message Category ContainsNsnas subsystem messages There are two categories of Nsnas subsystem messagesAAA messages Info Sheet 2 Lists the Nsnas Error messages Nsnas ErrorLists the Nsnas Info messages Nsnas Info Sheet 1Syslog messages in alphabetical order Lists the syslog messages in alphabetical orderNsnas Info Sheet 2 Syslog messages in alphabetical order Sheet 1Sys/adm/audit/ena command Error Nsnas Syslog messages in alphabetical order Sheet 3Info AAA Error AAA Syslog messages in alphabetical order Sheet 5Authenticate is set to off Cfg/domain #/server/portalSyslog messages in alphabetical order Sheet 7 Root filesystem repaired Syslog messages in alphabetical order Sheet 9 Unable to use the certificate for Supported MIBs Following MIBs are supported by the Nortel SnasANAifType-MIB SNMPv2-MIBAppendix C Supported MIBs Supported MIBs Sheet 1Supported MIBs Sheet 2 ALTEON-ISD-SSL-MIBCLI, using the /cfg/sys/adm/snmp/target command Appendix C Supported MIBs Supported MIBs Sheet 3Use the CLI command /cfg/sys/adm/snmp/snmpv2-mib Supported trapsDescribes the traps supported by the Nortel Snas Supported trapsAppendix C Supported MIBs 320818-A Appendix D Supported ciphers Supported ciphersAppendix D Supported ciphers Install All Administrative Tools Windows 2000 Server Register the Schema Management dll Windows ServerClick Start and select Run Nortel Secure Network Access Switch 4050 User Guide Permit write operations to the schema Windows 2000 Server Create a shortcut to the console windowSelect a Title for the Program page displays Nortel Secure Network Access Switch 4050 User Guide Create the new class Add isdUserPrefs attribute to nortelSSLOffload classAdd the nortelSSLOffload Class to the User Class 320818-A Appendix F Configuring Dhcp to auto-configure IP Phones Configuring IP Phone auto-configuration Appendix F Configuring Dhcp to auto-configure IP PhonesCreating the Dhcp options Dhcp Management Console Predefined Options and Values dialog box opens see Figure Click Add Option Type dialog box opens see onOption Type dialog box Option Type dialog box field values for Vlan Information Scope Options dialog box displays see Figure Scope Options dialog boxCall Server Information string parameter values Setting up the IP Phone Vlan ID Information string parameter valuesPage Configuring the logon script Create the logon script see Creating a logon script onUsing Windows, open a plain text editor, such as Notepad Creating a logon scriptCreating the script as a batch file Assigning the logon script Creating the script as a VBScript fileDouble-clickDefault Domain Policy Right-click the Default Domain Policy and select EditOn the Group Policy tab, click Open Appendix H Software licensing information GNU General Public License Appendix H Software licensing informationAppendix H Software licensing information Appendix H Software licensing information Apache Software License, Version Bouncy Castle license Symbols IndexIndex Index DNS Index Local authentication database Add users Cannot contact Index See also SRS rule SSL Index Index