Nortel Networks BCM50a Remote Management Limitations

Chapter 17 Remote Management 187

BCM50a Integrated Router Configuration — Advanced

Remote Management Limitations

Remote management over LAN or WAN does not work when:

1A filter in menu 3.1 (LAN) or in menu 11.1.4 (WAN) is applied to block a

Telnet, FTP, or Web service.

2You disable that service in menu 24.11.

3The IP address in the Secured Client IP field (menu 24.11) does not match

the client IP address. If it does not match, the BCM50a Integrated Router

disconnects the session immediately.

4There is already another remote management session of the same type (web,

FTP or Telnet) running. Only one remote management session of the same

type can run at one time.

5There is a web remote management session running with a Telnet session. A

Telnet session is disconnected if you begin a web session; it does not begin if

a Web session is already running.

6There is a firewall rule that blocks remote management.

Certificate Press [SPACE BAR] and then [ENTER] to select the certificate that

the BCM50a Integrated Router uses to identify itself. The BCM50a

Integrated Router is the SSL server and must always authenticate

itself to the SSL client (the computer that requests the HTTPS

connection with the BCM50a Integrated Router).

Authenticate Client

Certificates

Select Yes by pressing [SPACE BAR], then [ENTER] to require the

SSL client to authenticate itself to the BCM50a Integrated Router by

sending the BCM50a Integrated Router a certificate. To do that, the

SSL client must have a CA-signed certificate from a CA that has

been imported as a trusted CA on the BCM50a Integrated Router

(see Appendix C, “Importing certificates,” on page 209 for details).

After you fill this menu, press [ENTER] at the message "Press ENTER to Confirm or ESC

to Cancel" to save your configuration, or press [ESC] to cancel.

Table 40 Menu 24.11 – Remote Management control

Field Description

Contents

Main Page Contents Chapter 1 Getting to know your BCM50a Integrated Router. . . . . . . . . . . . . . . . . . . . 29 Page Page Page Page Page Page Page Page Page Figures Page Page Page Page Page Tables Page Page Page Preface Before you begin Text conventions Related publications Hard-copy technical manuals How to get help USA and Canada Authorized Distributors Technical Support - GNTS/GNPS Presales Support (CSAN) EMEA (Europe, Middle East, Africa) Technical Support - CTAS CALA (Caribbean & Latin America) Technical Support - CTAS APAC (Asia Pacific) Technical Support - GNTS Page Page Chapter 1 Getting to know your BCM50a Integrated Router Introducing the BCM50a Integrated Router Features Physical features High-speed Internet access ADSL standards Networking compatibility Multiplexing Encapsulation Four-Port switch Nonphysical features Page Page Page Page Upgrade BCM50a Integrated Router Firmware Embedded FTP and TFTP Servers Applications for the BCM50a Integrated Router Secure broadband internet access and VPN Page Chapter 2 Introducing the SMT Introduction to the SMT Initial screen Logging on to the SMT Navigating the SMT interface Chapter 2 Introducing the SMT 41 Main menu Table 2 Main menu commands 42 Chapter 2 Introducing the SMT Table 3 describes the fields in Figure 4. Figure 4 Main menu Table 3 Main menu summary Changing the system password Page SMT menu 1 - general setup Introduction to general setup Configuring general setup Table 4 describes the fields in Figure 7. Page Configuring dynamic DNS Chapter 2 SMT menu 1 - general setup 49 Follow the instructions in Table 5 to configure Dynamic DNS parameters. Figure 8 Menu 1.1 Configure Dynamic DNS Table 5 Configure dynamic DNS menu fields 50 Chapter 2 SMT menu 1 - general setup traffic is redirected to a URL that you have previously specified (see Table 5 Configure dynamic DNS menu fields Page Page Page 54 Chapter 3 WAN Setup Table 6 describes the fields in Figure 9. Figure 9 Menu 2 WAN Setup Table 6 Menu 2 WAN setup Chapter 3 WAN Setup 55 Traffic redirect setup Table 6 Menu 2 WAN setup 56 Chapter 3 WAN Setup Table 7 describes the fields in Figure 10. Figure 10 Menu 2.2 Traffic Redirect Setup Table 7 Menu 2.2 Traffic Redirect Setup Chapter 4 LAN setup TCP/IP and DHCP ethernet setup menu Chapter 4 LAN setup 59 Figure 14 Menu 3.2 TCP/IP and DHCP Ethernet setup Follow the instructions in Table 8 to configure the DHCP fields. Table 8 DHCP Ethernet setup menu fields 60 Chapter 4 LAN setup Table 8 DHCP Ethernet setup menu fields Chapter 4 LAN setup 61 Use the instructions in Table 9 to configure TCP/IP parameters for the LAN port. IP Alias Setup Table 9 LAN TCP/IP setup menu fields 62 Chapter 4 LAN setup Use the instructions in Table 10 to configure IP Alias parameters.s Figure 15 Menu 3.2.1 IP Alias setup Table 10 IP Alias setup menu field Chapter 4 LAN setup 63 Table 10 IP Alias setup menu field Page Chapter 5 Internet access Internet access configuration 66 Chapter 5 Internet access Table 11 describes the fields in Figure 16. Figure 16 Menu 4 Internet Access Setup Table 11 Menu 4 Internet access setup Basic setup complete Page Chapter 6 Remote Node setup Introduction to Remote Node setup Outgoing Authentication Protocol Nailed-Up Connection Remote Node setup Remote Node profile Encapsulation and Multiplexing scenarios Page Chapter 6 Remote Node setup 73 Table 12 Menu 11.1 Remote Node Profile (continued) 74 Chapter 6 Remote Node setup Edit IP/Bridge Table 12 Menu 11.1 Remote Node Profile (continued) Chapter 6 Remote Node setup 75 Figure 19 Menu 11.3 Remote Node Network Layer Options Table 13 explains fields in Figure 19. Table 13 Menu 11.3 Remote Node Network Layer Options 76 Chapter 6 Remote Node setup Table 13 Menu 11.3 Remote Node Network Layer Options (continued) Remote Node filter 78 Chapter 6 Remote Node setup Figure 20 Menu 11.1.4 Remote Node Filter (Ethernet Encapsulation) Figure 21 Menu 11.1.4 Remote Node Filter (PPPoE or PPPoA Encapsulation) To configure the parameters for traffic redirect, see Traffic redirect setup on page 55. Editing ATM Layer Options VC-based Multiplexing (non-PPP Encapsulation) LLC-based Multiplexing or PPP Encapsulation 80 Chapter 6 Remote Node setup Figure 23 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation Advance Setup Options In menu 11.1, select PPPoE in the Encapsulation field. Chapter 6 Remote Node setup 81 Figure 25 Menu 11.8 Advance Setup Options Table 14 describes the fields in Figure 25. Table 14 Menu 11.8 Advance Setup Options Page Page Page Chapter 7 IP Static Route Setup 85 Table 15 describes the fields in Figure 27. Figure 27 Menu 12.1 Edit IP Static Route Table 15 IP Static Route Menu Fields Page Chapter 8 Dial-in User Setup Dial-in User Setup Table 16 describes the fields in Figure 29. Chapter 9 Network Address Translation (NAT) Using NAT SUA (Single User Account) Versus NAT Applying NAT Page Chapter 9 Network Address Translation (NAT) 91 Table 17 describes the fields in Figure 31. Figure 31 Menu 11.3 Applying NAT to the Remote Node Table 17 Applying NAT in Menus 4 & 11.3 NAT setup Address Mapping Sets SUA Address Mapping Set 94 Chapter 9 Network Address Translation (NAT) Table 18 explains the fields in Figure 34. Figure 34 Menu 15.1.255 SUA Address Mapping Rules Note: Menu 15.1.255 is read-only. Table 18 SUA Address Mapping Rules User-Defined Address Mapping Sets Ordering your rules Page 98 Chapter 9 Network Address Translation (NAT) Table 20 describes the fields in Figure 36. Figure 36 Menu 15.1.1.1: Editing or configuring an individual rule in a set Table 20 Menu 15.1.1.1: Editing or configuring an individual rule in a set Configuring a server behind NAT Page Chapter 9 Network Address Translation (NAT) 101 Figure 38 15.2.1 NAT Server Configuration The following table describes the fields in this screen. Table 21 15.2.1: NAT Server Configuration Page General NAT examples Internet access only Page Page Example 3: Multiple public IP addresses with inside servers Page Figure 47 shows how to configure the first rule. Page Page Chapter 9 Network Address Translation (NAT) 111 Figure 49 Example 3: Menu 15.2 Configuring Trigger Port forwarding Note: Only one LAN computer can use a trigger port (range) at a time. Enter 3 in menu 15 to display Menu 15.3 Trigger Port Setup, shown in Figure 50. 112 Chapter 9 Network Address Translation (NAT) Table 22 describes the fields in Figure 50. Figure 50 Menu 15.3 Trigger Port Setup Table 22 Menu 15.3: Trigger Port setup description Page Page Chapter 10 Introducing the firewall Using SMT menus Activating the firewall Note: Configure the firewall rules using the WebGUI or CLI commands. Chapter 11 Filter configuration Introduction to filters Filter Structure Chapter 11 Filter configuration 119 Figure 54 Filter rule process Execute Filter Rule Filter Set Forward Drop Check Next Rule Configuring a Filter Set Page 122 Chapter 11 Filter configuration The next section provides information on configuring the filter rules. Table 23 Abbreviations used in the Filter Rules Summary Menu Table 24 Rule abbreviations used Configuring a Filter Rule Configuring a TCP/IP Filter Rule 124 Chapter 11 Filter configuration Table 25 describes how to configure your TCP/IP filter rule. Figure 57 Menu 21.1.1.1 TCP/IP Filter Rule Page Figure 58 illustrates the logic flow of an IP filter. Chapter 11 Filter configuration 127 Figure 58 Executing an IP filter Configuring a Generic Filter Rule Chapter 11 Filter configuration 129 Table 26 describes the fields in the Generic Filter Rule menu. Figure 59 Menu 21.1.1.1 Generic Filter Rule Table 26 Generic Filter Rule Menu fields 130 Chapter 11 Filter configuration Example Filter Table 26 Generic Filter Rule Menu fields Page Page Filter Types and NAT Firewall Versus Filters Applying a Filter Applying LAN Filters Applying Remote Node Filters Page Page 138 Chapter 12 SNMP Configuration Table 27 describes the SNMP configuration parameters. Figure 66 Menu 22 SNMP Configuration Table 27 SNMP Configuration Menu Fields Chapter 12 SNMP Configuration 139 SNMP Traps Table 28 SNMP Traps Page Chapter 13 System security System security System password 142 Chapter 13 System security Configuring external RADIUS server Figure 69 Menu 23.2 System Security RADIUS server Enter 23 in the main menu to display Menu 23 System security. Figure 68 Menu 23 System Security Chapter 13 System security 143 Table 29 describes the fields in Figure 69. Table 29 Menu 23.2 System Security: RADIUS Server Page Page System Status Page System information and console port speed System Information 150 Chapter 14 System information and diagnosis Figure 73 Menu 24.2.1 System Maintenance Information Table 31 Menu 24.2.1 System Maintenance: Information Console port speed Log and trace Syslog logging Chapter 14 System information and diagnosis 153 CDR Table 32 System Maintenance Menu Syslog Parameters Packet triggered Filter log PPP log 156 Chapter 14 System information and diagnosis Firewall log Figure 77 Call-Triggering packet example Call-Triggering packet Page WAN DHCP Page Page Chapter 15 Firmware and configuration file maintenance Filename conventions Backup configuration Backup configuration Using the FTP command from the command line 164 Chapter 15 Firmware and configuration file maintenance Example of FTP commands from the command line Figure 81 FTP Session Example GUI-based FTP clients Table 35 describes some of the commands that you can see in GUI-based FTP clients. TFTP and FTP over WAN Management Limitations Backup configuration using TFTP TFTP command example GUI-based TFTP clients Restore configuration Restore Using FTP Page Restore using FTP session example Uploading Firmware and Configuration Files Firmware file upload 170 Chapter 15 Firmware and configuration file maintenance Figure 84 Telnet Into Menu 24.7.1 Upload System Firmware Figure 85 Telnet Into Menu 24.7.2 System Maintenance Configuration file upload The screen shown in Figure 85 appears when you access menu 24.7.2 via Telnet. FTP file upload command from the DOS prompt example FTP Session Example of Firmware File Upload TFTP file upload TFTP upload command example Page Chapter 16 System Maintenance menus 8 to 10 Command Interpreter mode Command syntax Command usage Call control support Budget management Chapter 16 System Maintenance menus 8 to 10 179 Figure 89 Budget Management Table 37 Budget management 180 Chapter 16 System Maintenance menus 8 to 10 Call History Table 38 describes the fields in Figure 90. Figure 90 Call History Table 38 Call History Fields Time and Date setting 182 Chapter 16 System Maintenance menus 8 to 10 Table 39 describes the fields in Figure 92. Figure 92 Menu 24.10 System Maintenance: Time and Date Setting Table 39 Time and Date Setting Fields Chapter 16 System Maintenance menus 8 to 10 183 Table 39 Time and Date Setting Fields Page Chapter 17 Remote Management Remote Management 186 Chapter 17 Remote Management Table 40 describes the fields in Figure 93. Figure 93 Menu 24.11 Remote Management Control Table 40 Menu 24.11 Remote Management control Remote Management Limitations Page Chapter 18 Call scheduling Introduction Page Chapter 18 Call scheduling 191 Table 41 Menu 26.1 Schedule Set Setup Page Appendix A Setting up your computer IP address Windows 95/98/Me Installing components Configuring Page Page Page Page Page Macintosh OS 8/9 Page Macintosh OS X Page Appendix B Triangle Route The Ideal Setup The Triangle Route Problem The Triangle Route Solutions IP aliasing BCM50a Integrated Router Page Page Page Importing the BCM50a Integrated Router Certificate into Internet Explorer Page Page Page Page Enrolling and Importing SSL Client Certificates Page Page Page Page Page Page Page Page Page Appendix D PPPoE PPPoE in action Benefits of PPPoE Traditional dial-up scenario How PPPoE works BCM50a Integrated Router as a PPPoE client Page Page 229 Appendix E Hardware specifications Figure 134 Ethernet cable pin assignments Cable pin assignments Table 42 General specifications Page Appendix F IP subnetting IP addressing IP classes Page Subnet masks Subnetting Example: two subnets Page Example: four subnets Example: eight subnets Subnetting with Class A and Class B networks. Page Page Appendix G Command Interpreter Command Syntax Command usage 242 Appendix G Command Interpreter Sys commands Page Page Page Page Page Page Appendix G Command Interpreter 249 Exit Command Ethernet Commands Table 57 Exit Command Table 58 Ether Commands 250 Appendix G Command Interpreter IP commands Table 58 Ether Commands Page Page Page Page Page Page Appendix G Command Interpreter 257 IPSec commands Page Page Page Page Page Page Page Page 266 Appendix G Command Interpreter WAN Commands Table 61 WAN Commands Appendix G Command Interpreter 267 Table 61 WAN Commands (continued) 268 Appendix G Command Interpreter Sys firewall commands firewall active yes to turn on the firewall. Table 62 Sys firewall commands Appendix G Command Interpreter 269 Bandwidth management commands Page Page 272 Appendix G Command Interpreter Certificates commands All of these commands start with certificates. my_cert list to display all of your certificate names and basic information. Page Page Page Page Page Page Appendix H NetBIOS filter commands Introduction 280 Appendix H NetBIOS filter commands Display NetBIOS filter settings Figure 135 NetBIOS Display Filter Settings Command Example NetBIOS filter configuration where <type> identifies which NetBIOS filter (numbered 0-3) to configure. Table 65 NetBIOS filter default settings Example commands Appendix I Enhanced DHCP option commands Enhanced DHCP option commands introduction Specifying the Nortel BCM50 IP address Nortel BCM50 DHCP server options BCM50 DHCP server settings 284 Appendix I Enhanced DHCP option commands Use this command to configure the Nortel BCM50 DHCP servers settings. BCM50 IP sets override setting Nortel i2004 IP phone options VoIP server settings assignment VLAN ID assignment Nortel WLAN handsets 2210 & 2211 phone options TFTP server IP address assignment WLAN IP Telephony Manager IP Address Assignment 289 Appendix J Log descriptions This appendix provides descriptions of log messages. Table 66 System error logs Table 67 System maintenance logs 290 Appendix J Log descriptions Table 68 UPnP logs Table 69 Content filtering logs Table 67 System maintenance logs Appendix J Log descriptions 291 Table 70 Attack logs 292 Appendix J Log descriptions See Table 73 for type and code details. Table 70 Attack logs Page Page See Table 73 for type and code details. 296 Appendix J Log descriptions Table 72 ACL setting notes Table 73 ICMP notes Appendix J Log descriptions 297 VPN/IPSec logs Table 74 Sys log Table 73 ICMP notes Page VPN responder IPSec log 300 Appendix J Log descriptions Table 75 Sample IKE key exchange logs Appendix J Log descriptions 301 Table 75 Sample IKE key exchange logs 302 Appendix J Log descriptions Table 76 shows sample log messages during packet transmission. Table 76 Sample IPSec logs during packet transmission Table 77 RFC-2408 ISAKMP payload types Appendix J Log descriptions 303 Table 77 RFC-2408 ISAKMP payload types Table 78 PKI logs 304 Appendix J Log descriptions Table 79 Certificate path verification failure reason codes Table 78 PKI logs Appendix J Log descriptions 305 Log commands Table 79 Certificate path verification failure reason codes Configuring what you want the BCM50a Integrated Router to log Displaying logs Log command example Page Appendix K Brute force password guessing protection Page Index Numbers A B C F G H I L M N O P S T U V