Main
Page
Contents
Configuring the domain 79
Configuration of the RADIUS server 127
Configuration of Microsoft NAP Interoperability 139
Configuring groups and profiles 149
Configuring authentication 171
Managing system users and groups 211
Customizing the portal and user logon 227
Configuring system settings 257
Managing certificates 297
Configuring SNMP 323
Viewing system information and performance statistics 337
Maintaining and managing the system 351
Upgrading or reinstalling the software 367
The Command Line Interface 377
Configuration example 385
Troubleshooting 403
Page
Page
Software license
Nortel Networks software license agreement
1.
2.
3.
4.
a.
b.
c.
d.
e.
Page
New in this release
Other changes
Introduction
Text conventions
Page
Related information
Publications
Page
Overview
The Nortel SNAS
Supporting additional users with the software license le
Role of the Nortel SNAS
Page
Page
Groups and profiles
Authentication methods
Nortel Health Agent host integrity check
Multi-OS Applet Support
Page
Nortel SNAS clusters
Interface conguration
One armed configuration
Nortel SNAS conguration and management tools
Nortel SNAS conguration roadmap
Page
Page
Initial setup
About the IP addresses Management IP address
Portal Virtual IP address
Real IP address
Initial setup
Setting up a single Nortel SNAS device or the rst in a cluster
Page
WARNING
Page
Page
restricted in accordance with the rights specified in the access rules for the group.
The default is restricted.
Settings created by the quick setup wizard
Adding a Nortel SNAS device to a cluster
Before you begin
Joining a cluster
Page
Page
Next steps
Applying and saving the conguration
Page
Managing the network access devices
Managing network access devices
Roadmap of domain switch commands
Page
Adding a network access devices
Using the quick switch setup wizard
Page
Manually adding a switch
Deleting a network access devices
Conguring the network access devices
To configure a network access devices in the Nortel SNAS domain, use
/cfg/domain #/switch <switch ID>
switch ID is the ID or name of the switch you want to configure.
The Switch menu appears. The Switch menu includes the following options:
Mapping the VLANs
Page
Managing SSH keys
Page
Generating SSH keys for the domain
To generate, view, and export the public SSH key for the domain, use the
Page
The SSH Key menu appears. The SSH Key menu includes the following options:
Reimporting the network access devices SSH key
Monitoring switch health
Controlling communication with the network access devices
Conguring SSCPLite
Conguring SNMP Proles
Conguring SNMP Versions
Conguring SSCPLite Community
Conguring SNMP Templates
Page
Conguring the domain
Conguring the domain
Page
Roadmap of domain commands
Page
Using the Nortel SNAS domain quick setup wizard in the CLI
Page
Page
Deleting a domain
Conguring domain parameters
Page
Page
Conguring the Nortel Health Agent check
Page
Page
Using the quick Nortel Health Agent setup wizard in the CLI
Conguring the SSL server
The server number assigned to the portal server configured for the domain is server 1001.
To configure the portal server used in the domain, use the following
The Server 1001 menu appears. The Server 1001 menu includes the following options:
Tracing SSL traffic
The Trace menu appears. The Trace menu includes the following options:
Page
Page
Configuring SSL settings
To configure SSL-specific settings for the portal server, use the following
The SSL Settings menu appears. The SSL Settings menu includes the following options:
Page
Configuring traffic log settings
Conguring HTTP redirect
Browser-Based Management Conguration
Browser-Based Management Conguration with SSL
Conguring advanced settings
Conguring RADIUS accounting
Managing RADIUS accounting servers
To configure the Nortel SNAS to use external RADIUS accounting servers, use the following command:
Page
Configuring Nortel SNAS -specific attributes
Conguring local DHCP services
Page
DHCP Settings menu
The DHCP settings menu includes the following options:
Filter DHCP subnet type
Standard DHCP subnet type
Managing local DHCP leases
The following commands are provided for managing DHCP leases:
Creation of the location
Creation of the locations
Conguring Lumension PatchLink integration
Page
Page
Conguration of the RADIUS server
Overview of RADIUS server
802.1x functionality
Roadmap of RADIUS server conguration commands
Conguration of the RADIUS server
To configure the RADIUS server, use the following command
The RADIUS Server menu appears. The RADIUS Server menu includes the following options:
Conguration of the client
To configure the client, use the following command:
The RADIUS Clients menu appears. The RADIUS Clients menu includes the following options:
Conguration of the realms
To configure the realms, use the following command:
Page
Conguration of the dictionary
To configure the dictionary, use the following command:
Page
Page
Page
Select the server certicate
Select the server certificate from the list, use the following command:
This includes the following options:
Select the CA certicate
Select the server certificate from the list, use the following command:
This includes the following options:
Conguration of Microsoft NAP Interoperability
This chapter includes the following topics:
Roadmap of NAP conguration commands
Conguration of NAP Interoperability
Probation Settings
Remote Network Policy Servers
To create the remote network policy servers, use the following command:
The Remote Network Policy Servers menu includes the following
Page
Page
Page
Page
Conguring groups and proles
Overview
Groups
Default group
Linksets
SRS rule
Extended proles
Page
Conguring groups and extended proles
Roadmap of group and prole commands
Page
Page
Page
Page
Page
Page
Page
Page
Conguring client lters
The Client Filter menu includes the following options:
Page
The Extended Profile menu appears.
The Extended Profile menu includes the following options:
Creating RADIUS attributes to a group
Mapping linksets to a group or prole
Page
Creating a default group
Page
Conguring authentication
Overview
Page
Conguring authentication
Roadmap of authentication commands
Page
Page
Conguring authentication methods
Page
Conguring advanced settings
Conguring RADIUS authentication
Adding the RADIUS authentication method
Modifying RADIUS configuration settings
Page
Managing RADIUS authentication servers
The Radius servers menu appears. The Radius servers menu includes the following options:
Configuring session timeout
The Session Timeout menu appears. The Session Timeout menu includes the following options:
Conguring LDAP authentication
Adding the LDAP authentication method
Modifying LDAP configuration settings
To modify settings for the specific LDAP configuration, use the following
The LDAP menu appears. The LDAP menu includes the following options:
Page
Page
Managing LDAP authentication servers
The LDAP servers menu includes the following options:
Managing LDAP macros
Page
Group Search Configuration
Managing Active Directory passwords
Configuring Advanced LDAP Settings
Conguring local database authentication
Adding the local database authentication method
Managing the local portal database
Page
Page
Page
Managing the local MAC database
Page
Specifying authentication fallback order
Page
Managing system users and groups
User rights and group membership
Managing system users and groups
Roadmap of system user management commands
Managing user accounts and passwords
The User menu appears. The User menu includes the following options:
Page
Page
Managing user settings
Managing user groups
CLI conguration examples
Adding a new user
Page
Changing a users group assignment
Page
Changing passwords
Page
Deleting a user
Page
Customizing the portal and user logon
Overview
Captive portal and Exclude List
Portal display
Portal look and feel
Page
Page
Self service portal
Linksets and links
Macros
Automatic redirection to internal sites
Examples of redirection URLs and links
Managing the end user experience
Automatic JRE upload
Windows domain logon script
Customizing the portal and logon
Roadmap of portal and logon conguration commands
Page
Conguring the captive portal
Conguring the Exclude List
Changing the portal language
4Set the portal to display the new language (see Setting the portal display language (page 243)).
Configuring language support
To manage the language definition files in the system, use the following
The Language Support menu appears. The Language Support menu includes the following options:
Setting the portal display language
To set the preferred language for the portal display, use the following
Conguring the portal display
The Portal menu appears. The Portal menu includes the following options:
Page
Page
Page
Changing the portal colors
To customize the colors used for the portal display, use the following
The Portal Colors menu appears. The Portal Colors menu includes the following options:
For more information about the portal colors and themes, see Colors (page 231) .
Conguring custom content
To add custom content, such as Java applets, to the portal, use the
Conguring linksets
Page
Conguring links
To create and configure the links included in the linkset, use the following
/cfg/doamin #/linkset <linkset ID> /link <index>
index is an integer in the range 1 to 256 that indicates the position of the link in the linkset.
Page
Configuring external link settings
Page
Conguring system settings
This chapter includes the following topics:
Conguring the cluster
To configure the cluster, access the System menu by using the following
Page
Page
Page
Page
Conguring system settings
To view and configure cluster-wide system settings, use the following
The System menu appears. The System menu includes the following options:
Page
Conguring the Nortel SNAS host
Page
Page
Page
Viewing host information
Conguring host interfaces
Page
Conguring static routes
To manage static routes for a particular interface, use the following
Conguring host ports
Managing interface ports
Conguring the Access List
Conguring date and time settings
Conguring DNS servers and settings
To configure DNS settings for the cluster, use the following command:
The DNS Settings menu appears. The DNS Settings menu includes the following options:
Managing DNS servers
Page
Conguring RSA servers
The RSA Servers menu appears.
The RSA Servers menu includes the following options:
Conguring syslog servers
Page
Page
Enabling TunnelGuardSRS administration
Conguring Nortel SNAS host SSH keys
Managing known hosts SSH keys
The SSH Known Host Keys menu includes the following options:
Conguring RADIUS auditing
About RADIUS auditing
About the vendor-specific attributes
Configuring RADIUS auditing
Managing RADIUS audit servers
To configure the Nortel SNAS to use external RADIUS audit servers, use
The RADIUS Audit Servers menu appears. The RADIUS Audit Servers menu includes the following options:
Conguring authentication of system users
The Authentication menu appears. The Authentication menu includes the following options:
Managing RADIUS authentication servers
Conguration of auto blacklisting
To create the auto blacklisting, use the following command:
The Auto Blacklisting menu appears. The Auto Blacklisting menu includes the following options:
Conguration of harden password
To configure harden password, use the following command:
The Harden Password menu appears. The Harden Password menu includes the following options:
Page
Managing certicates
Overview
Key and certicate formats
Creating certicates
Installing certicates and keys
Saving or exporting certicates and keys
Updating certicates
Managing private keys and certicates
Roadmap of certicate management commands
Managing and viewing certicates and keys
Page
Page
Generating and submitting a CSR
parameters. The combined length of the parameters cannot exceed 225 bytes.
Identifier
domain name
Page
Page
Adding a certicate to the Nortel SNAS
Page
Adding a private key to the Nortel SNAS
Page
Importing certicates and keys into the Nortel SNAS
Page
Displaying or saving a certicate and key
Page
Exporting a certicate and key from the Nortel SNAS
Generating a test certicate
Page
Page
Conguring SNMP
Conguring SNMP
Roadmap of SNMP commands
Conguring SNMP settings
To configure SNMP management of the Nortel SNAS cluster, use the
The SNMP menu appears. The SNMP menu includes the following options:
Conguring the SNMP v2 MIB
To configure parameters in the standard SNMPv2 MIB, use the following
The SNMPv2-MIB menu appears. The SNMPv2-MIB menu includes the following options:
Conguring the SNMP community
Page
Conguring SNMP notication targets
target ID is a positive integer that uniquely identifies the notification target in the cluster.
Conguring SNMP events
Page
Page
Page
Viewing system information and performance statistics
Viewing system information and performance statistics
Roadmap of information and statistics commands
Page
Viewing system information
The Information menu appears. The Information menu includes the following options:
Page
Page
Page
Page
Viewing alarm events
To view active alarms, use the following command:
The Events menu appears. The Events menu includes the following options:
Viewing log les
Page
Kicking by username or address
Nortel SNAS TPS Interface
Page
Maintaining and managing the system
Managing and maintaining the system
Roadmap of maintenance and boot commands
Performing maintenance
The Maintenance menu appears. The Maintenance menu includes the following options:
Page
Page
Backing up or restoring the conguration
To save the system configuration to a file on a file exchange server, use
/cfg/ptcfg <protocol> <host name or IP address of server> <filename on server>
Page
Page
Conguring the Nortel SNAS scheduler
The Scheduler menu appears. The Scheduler menu includes the following options:
Addition of a scheduled task
To add a scheduled task, use the following command:
This includes the following fields:
Page
Managing Nortel SNAS devices
To manage Nortel SNAS software and devices, use the following
The Boot menu appears.
The Boot menu includes the following options:
Managing software for a Nortel SNAS device
The Software Management menu appears. The Software Management menu includes the following options:
Page
Page
Page
Upgrading or reinstalling the software
Upgrading the Nortel SNAS
Performing minor and major release upgrades
Downloading the software image
Activating the software upgrade package
Page
Page
Reinstalling the software
Before you begin
Reinstalling the software from an external le server
Page
Reinstalling the software from a CD
Page
The Command Line Interface
Connecting to the Nortel SNAS
Establishing a console connection
Requirements
Procedure steps
Establishing a Telnet connection
Enabling and restricting Telnet access
Running Telnet
Establishing a connection using SSH
Enabling and restricting SSH access
Running an SSH client
Accessing the Nortel SNAS cluster
Page
CLI Main Menu or Setup
Command line history and editing
Idle timeout
Page
Conguration example
Scenario
Page
Steps
1. 2. 3. 4.
Page
Page
Page
Page
Congure the network core router
Configuring the Nortel SNAS pVIP subnet
Creating port-based VLANs
Configuring the VoIP VLANs
Configuring the Red, Yellow, and Green VLANs
Configuring the NSNA uplink filter
Page
Page
Completing initial setup
Adding the network access devices
Page
Mapping the VLANs
Enabling the network access devices
Page
Troubleshooting
Enable Telnet or SSH access
Check the Access List
Check the IP address configuration
Cannot add the Nortel SNAS to a cluster
Cannot contact the MIP
Check the Access List
Add Interface 1 IP addresses and the MIP to the Access List
The Nortel SNAS stops responding Telnet or SSH connection to the MIP
Console connection
A user password is lost
Administrator user password
Operator user password
Root user password
Boot user password
Trace tools
System diagnostics
Installed certicates
Network diagnostics
Page
Active alarms and the events log le
Error log les
CLI reference
Using the CLI
Global commands
Page
Command line history and editing
CLI shortcuts
Command stacking
Command abbreviation
Tab completion
Using a submenu name as a command argument
Using slashes and spaces in commands
CLI Main Menu
CLI command reference
Information menu
Statistics menu
Conguration menu
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Boot menu
Maintenance menu
Page
Syslog messages
Operating system (OS) messages
System Control Process messages
About alarm messages
Page
About event messages
Trafc ProcessingSubsystem messages
Page
Page
Table 82 "Traffic Processing messagesINFO" (page 460) lists the Traffic Processing INFO messages.
Start-up messages
AAA subsystem messages
Page
NSNAS subsystem messages
There are two categories of NSNAS subsystem messages:
Table 86 "NSNASERROR" (page 463) lists the NSNAS ERROR messages.
Table 87 "NSNASINFO" (page 464) lists the NSNAS INFO messages.
Page
Syslog messages in alphabetical order
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Supported MIBs
Supported MIBs
Page
Page
Page
Supported traps
Table 90 "Supported traps" (page 481) describes the traps supported by the Nortel SNAS.
Page
Supported ciphers
Page
Adding User Preferences attribute to Active Directory
Add the Active Directory Schema Snap-in (Windows 2000 Server and Windows Server 2003)
Page
Create a shortcut to the console window
Permit write operations to the schema (Windows 2000 Server)
Create a new attribute (Windows 2000 Server and Windows Server 2003)
Create the new class
Add isdUserPrefs attribute to nortelSSLOffload class
Add the nortelSSLOffload Class to the User Class
Page
Conguring DHCP to auto-congure IP Phones
Conguring IP Phone auto-conguration
Creating the DHCP options
Page
Page
Conguring the Call Server Information and VLAN Information options
Page
Page
Setting up the IP Phone
Using a Windows domain logon script to launch the Nortel SNAS portal
Conguring the logon script
Creating a logon script
Assigning the logon script
Page
Software licensing information
OpenSSL License issues
Original SSLeay License
GNU General Public License
Page
Page
Page
Page
Apache Software License, Version 1.1
Bouncy Castle license
Page
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Y
Page
Page
Nortel Secure Network Access Switch
Using the Command Line Interface
