Nortel Networks Nortel Secure Network Access Switch 4050 Manual do Utilizador

Part No. 320818-ADecember 20054655 Great America ParkwaySanta Clara, CA 95054*320818-A*Nortel Secure Network Access Switch 4050 User GuideNortel Secu

10 Contents320818-A Modifying RADIUS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Managing additional RADIUS s

100 Chapter 3 Managing the network access devices320818-A Mapping VLANs by switchTo map VLANs by switch, you must first disable the network access dev

Chapter 3 Managing the network access devices 101Nortel Secure Network Access Switch 4050 User Guide • “Removing VLANs from a switch” on page 102Addin

102 Chapter 3 Managing the network access devices320818-A Removing VLANs from a switchTo remove existing VLANs from the switch, complete the following

Chapter 3 Managing the network access devices 103Nortel Secure Network Access Switch 4050 User Guide If you created the domain manually, the SSH key w

104 Chapter 3 Managing the network access devices320818-A If the network access device defaults, it generates a new public key. You must reimport the

Chapter 3 Managing the network access devices 105Nortel Secure Network Access Switch 4050 User Guide Generating SSH keys for the domain using the SREM

106 Chapter 3 Managing the network access devices320818-A Table 9 describes the fields and controls available from the switch SSH Key screen.2 Click A

Chapter 3 Managing the network access devices 107Nortel Secure Network Access Switch 4050 User Guide The Export Key screen appears (see Figure 13).Fig

108 Chapter 3 Managing the network access devices320818-A 2 Enter the export information in the applicable fields. Table 8 describes the fields availa

Chapter 3 Managing the network access devices 109Nortel Secure Network Access Switch 4050 User Guide Managing SSH keys for Nortel SNA communication us

Contents 11Nortel Secure Network Access Switch 4050 User Guide SRS Rule Expression Constructor . . . . . . . . . . . . . . . . . . . . . . . . . . .

110 Chapter 3 Managing the network access devices320818-A Table 9 describes the fields and controls available from the switch SSH Key screen.2 Click A

Chapter 3 Managing the network access devices 111Nortel Secure Network Access Switch 4050 User Guide The switch SSH Key screen appears (see Figure 14

112 Chapter 3 Managing the network access devices320818-A The Health Check screen appears (see Figure 15).Figure 15 Health Check screen

Chapter 3 Managing the network access devices 113Nortel Secure Network Access Switch 4050 User Guide 2 Enter the health check information in the appli

114 Chapter 3 Managing the network access devices320818-A The Connected Clients screen appears, displaying information about the connection status and

Chapter 3 Managing the network access devices 115Nortel Secure Network Access Switch 4050 User Guide Controlling communication with the network access

116 Chapter 3 Managing the network access devices320818-A To disable or enable the network access device, perform the following steps:1 Select the Sec

117Nortel Secure Network Access Switch 4050 User Guide Chapter 4 Configuring the domainThis chapter includes the following topics:Topic PageConfigurin

118 Chapter 4 Configuring the domain320818-A A Nortel SNAS 4050 domain encompasses all the switches, authentication servers, and remediation servers a

Chapter 4 Configuring the domain 119Nortel Secure Network Access Switch 4050 User Guide • logging traffic with syslog messages• portal settings (see “

12 Contents320818-A Changing a user’s group assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365Changing passwords . . . . . .

120 Chapter 4 Configuring the domain320818-A details on|offloglevel fatal|error|warning| info|debug/cfg/domain #/aaa/tg/quick/cfg/domain #/server port

Chapter 4 Configuring the domain 121Nortel Secure Network Access Switch 4050 User Guide Creating a domain using the CLIYou can create a domain in two

122 Chapter 4 Configuring the domain320818-A When you first create the domain, you are prompted to enter the following parameters:• domain name — a st

Chapter 4 Configuring the domain 123Nortel Secure Network Access Switch 4050 User Guide Figure 17 Creating a domainUsing the Nortel SNAS 4050 domain

124 Chapter 4 Configuring the domain320818-A Depending on the options you select in connection with certificates and creating a test user, the two wiz

Chapter 4 Configuring the domain 125Nortel Secure Network Access Switch 4050 User Guide c To use an existing certificate, enter the applicable certifi

126 Chapter 4 Configuring the domain320818-A c To continue, go to step 8 on page 126.8 Specify whether the SSL server uses chain certificates. 9 If yo

Chapter 4 Configuring the domain 127Nortel Secure Network Access Switch 4050 User Guide 11 To add a network access device, enter the required informat

128 Chapter 4 Configuring the domain320818-A The wizard assigns the following default VLAN IDs:• Green VLAN = VLAN ID 110• Yellow VLAN = VLAN ID 120Yo

Chapter 4 Configuring the domain 129Nortel Secure Network Access Switch 4050 User Guide Deleting a domain using the CLITo delete a domain, use the fol

Contents 13Nortel Secure Network Access Switch 4050 User Guide Setting the portal display language using the CLI . . . . . . . . . . . . . . . . . . .

130 Chapter 4 Configuring the domain320818-A Configuring domain parameters using the CLITo configure the domain, use the following command:/cfg/domain

Chapter 4 Configuring the domain 131Nortel Secure Network Access Switch 4050 User Guide portalAccesses the Portal menu, in order to customize the port

132 Chapter 4 Configuring the domain320818-A Configuring the TunnelGuard check using the CLIBefore an authenticated client is allowed into the network

Chapter 4 Configuring the domain 133Nortel Secure Network Access Switch 4050 User Guide heartbeat <interval>Sets the time interval between check

134 Chapter 4 Configuring the domain320818-A Using the quick TunnelGuard setup wizard in the CLITo configure the settings for the SRS rule check using

Chapter 4 Configuring the domain 135Nortel Secure Network Access Switch 4050 User Guide The TunnelGuard quick setup wizard creates a default SRS rule

136 Chapter 4 Configuring the domain320818-A The Server 1001 menu includes the following options:Tracing SSL traffic using the CLITo verify connectivi

Chapter 4 Configuring the domain 137Nortel Secure Network Access Switch 4050 User Guide The Trace menu displays.The Trace menu includes the following

138 Chapter 4 Configuring the domain320818-A tcpdumpCreates a dump of the TCP traffic flowing between clients and the virtual SSL server. You are prom

Chapter 4 Configuring the domain 139Nortel Secure Network Access Switch 4050 User Guide Configuring SSL settings using the CLITo configure SSL-specifi

14 Contents320818-A Chapter 10: Configuring system settings . . . . . . . . . . . . . . . . . . . . . . . . . 457Configuring the cluster using the CLI

140 Chapter 4 Configuring the domain320818-A The SSL Settings menu includes the following options:/cfg/domain #/server/sslfollowed by:cert <certifi

Chapter 4 Configuring the domain 141Nortel Secure Network Access Switch 4050 User Guide cachain <certificate index list>Specifies the CA certifi

142 Chapter 4 Configuring the domain320818-A Configuring traffic log settings using the CLIYou can configure a syslog server to receive User Datagram

Chapter 4 Configuring the domain 143Nortel Secure Network Access Switch 4050 User Guide To set up a syslog server to receive UDP syslog messages for a

144 Chapter 4 Configuring the domain320818-A Configuring HTTP redirect using the CLIYou can configure the Nortel SNAS 4050 domain to automatically red

Chapter 4 Configuring the domain 145Nortel Secure Network Access Switch 4050 User Guide Configuring advanced settings using the CLIYou can configure t

146 Chapter 4 Configuring the domain320818-A Configuring RADIUS accounting using the CLIThe Nortel SNAS 4050 can be configured to provide support for

Chapter 4 Configuring the domain 147Nortel Secure Network Access Switch 4050 User Guide When you add an external RADIUS accounting server to the confi

148 Chapter 4 Configuring the domain320818-A The Radius Accounting Servers menu includes the following options:/cfg/domain #/aaa/radacct/serversfollow

Chapter 4 Configuring the domain 149Nortel Secure Network Access Switch 4050 User Guide Configuring Nortel SNAS 4050-specific attributes using the CLI

Contents 15Nortel Secure Network Access Switch 4050 User Guide Adding a host interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

150 Chapter 4 Configuring the domain320818-A The VPN Attribute menu includes the following options:Configuring the domain using the SREMTo configure t

Chapter 4 Configuring the domain 151Nortel Secure Network Access Switch 4050 User Guide • portal settings (see “Customizing the portal and user logon”

152 Chapter 4 Configuring the domain320818-A Manually creating a domain using the SREMTo create and configure a domain manually, perform the following

Chapter 4 Configuring the domain 153Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add a Secure Access Domain dialog box appears

154 Chapter 4 Configuring the domain320818-A Using the SREM Domain Quick WizardThe Nortel SNAS 4050 quick setup wizard is similar to the quick setup w

Chapter 4 Configuring the domain 155Nortel Secure Network Access Switch 4050 User Guide To create a domain using the Nortel SNAS 4050 quick setup wiza

156 Chapter 4 Configuring the domain320818-A 2 Click Domain Quick Wizard.The Domain Quick Wizard — General Settings dialog box appears (see Figure 22)

Chapter 4 Configuring the domain 157Nortel Secure Network Access Switch 4050 User Guide The Domain Quick Wizard — Certificate dialog box appears (see

158 Chapter 4 Configuring the domain320818-A 6 Click Next.Organization Name Specifies the registered name of the organization. The organization must o

Chapter 4 Configuring the domain 159Nortel Secure Network Access Switch 4050 User Guide The Domain Quick Wizard — Certificate Chain dialog box appears

16 Contents320818-A Managing RADIUS audit servers using the SREM . . . . . . . . . . . . . . . . . . . . 559Managing RADIUS authentication of system

160 Chapter 4 Configuring the domain320818-A The Domain Quick Wizard — Server dialog box appears (see Figure 25).Figure 25 Domain Quick Wizard – Ser

Chapter 4 Configuring the domain 161Nortel Secure Network Access Switch 4050 User Guide The Domain Quick Wizard — Switch dialog box appears (see Figur

162 Chapter 4 Configuring the domain320818-A The Domain Quick Wizard — Tunnel Guard dialog box appears (see Figure 27).Figure 27 Domain Quick Wizard

Chapter 4 Configuring the domain 163Nortel Secure Network Access Switch 4050 User Guide If there are no problems, then a dialog appears to indicate th

164 Chapter 4 Configuring the domain320818-A Configuring domain parameters using the SREMTo configure a domain, perform the following steps:1 Select t

Chapter 4 Configuring the domain 165Nortel Secure Network Access Switch 4050 User Guide 2 Enter the domain information in the applicable fields. Table

166 Chapter 4 Configuring the domain320818-A Additional domain configuration in the SREMTo configure additional domain settings, there are tabs and tr

Chapter 4 Configuring the domain 167Nortel Secure Network Access Switch 4050 User Guide Table 21 describes the purpose of additional tree components f

168 Chapter 4 Configuring the domain320818-A Configuring the TunnelGuard check using the SREMBefore an authenticated client is allowed into the networ

Chapter 4 Configuring the domain 169Nortel Secure Network Access Switch 4050 User Guide To configure settings for the TunnelGuard host integrity check

Contents 17Nortel Secure Network Access Switch 4050 User Guide Chapter 12: Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

170 Chapter 4 Configuring the domain320818-A 2 Enter the TunnelGuard information in the applicable fields. Table 22 describes the TunnelGuard Configur

Chapter 4 Configuring the domain 171Nortel Secure Network Access Switch 4050 User Guide 3 Click Apply on the toolbar to send the current changes to th

172 Chapter 4 Configuring the domain320818-A Using the TunnelGuard Quick Setup in the SREMTo configure settings for the TunnelGuard host integrity che

Chapter 4 Configuring the domain 173Nortel Secure Network Access Switch 4050 User Guide 2 Enter the TunnelGuard information in the applicable fields.

174 Chapter 4 Configuring the domain320818-A Configuring the SSL server using the SREMTo configure settings for the SSL server, perform the following

Chapter 4 Configuring the domain 175Nortel Secure Network Access Switch 4050 User Guide 2 Enter the server information in the applicable fields. Table

176 Chapter 4 Configuring the domain320818-A Configuring SSL settings using the SREMTo configure SSL-specific settings for the portal server, perform

Chapter 4 Configuring the domain 177Nortel Secure Network Access Switch 4050 User Guide 2 Enter the server information in the applicable fields. Table

178 Chapter 4 Configuring the domain320818-A 3 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the too

Chapter 4 Configuring the domain 179Nortel Secure Network Access Switch 4050 User Guide To set up a syslog server to receive UDP syslog messages for a

18 Contents320818-A Viewing SONMP topology information using the SREM . . . . . . . . . . . . . . . . 675Viewing switch distribution using the SREM

180 Chapter 4 Configuring the domain320818-A 2 Enter the traffic log information in the applicable fields. Table 26 describes the Traffic Log Syslog S

Chapter 4 Configuring the domain 181Nortel Secure Network Access Switch 4050 User Guide Tracing SSL traffic using the SREMTo verify connectivity and t

182 Chapter 4 Configuring the domain320818-A To configure the domain to automatically redirect HTTP requests to the HTTPS server specified for the dom

Chapter 4 Configuring the domain 183Nortel Secure Network Access Switch 4050 User Guide 2 Enter the redirection information in the applicable fields.

184 Chapter 4 Configuring the domain320818-A • cause of terminationConfigure the RADIUS server in accordance with the recommendations in RFC 2866. Cer

Chapter 4 Configuring the domain 185Nortel Secure Network Access Switch 4050 User Guide Contact your RADIUS system administrator for information about

186 Chapter 4 Configuring the domain320818-A 2 Enter the RADIUS accounting information in the applicable fields. Table 27 describes the RADIUS account

Chapter 4 Configuring the domain 187Nortel Secure Network Access Switch 4050 User Guide The Radius Accounting Servers screen appears (see Figure 36).F

188 Chapter 4 Configuring the domain320818-A 3 Enter the RADIUS accounting server information in the applicable fields. Table 29 describes the Radius

Chapter 4 Configuring the domain 189Nortel Secure Network Access Switch 4050 User Guide Deleting a RADIUS accounting server using the SREMTo delete a

Contents 19Nortel Secure Network Access Switch 4050 User Guide Managing Nortel SNAS 4050 devices and software using the SREM . . . . . . . . . 743Mana

190 Chapter 4 Configuring the domain320818-A

191Nortel Secure Network Access Switch 4050 User Guide Chapter 5 Configuring groups and profilesThis chapter includes the following topics:Topic PageO

192 Chapter 5 Configuring groups and profiles320818-A OverviewThis section includes the following topics:• “Groups” on page 192• “Linksets” on page 19

Chapter 5 Configuring groups and profiles 193Nortel Secure Network Access Switch 4050 User Guide Each group’s data include the following configurable

194 Chapter 5 Configuring groups and profiles320818-A LinksetsA linkset is a set of links that display on the portal page, so that the user can easily

Chapter 5 Configuring groups and profiles 195Nortel Secure Network Access Switch 4050 User Guide Extended profilesPassing or failing the SRS rule chec

196 Chapter 5 Configuring groups and profiles320818-A Before you beginBefore you configure groups, client filters, and extended profiles on the Nortel

Chapter 5 Configuring groups and profiles 197Nortel Secure Network Access Switch 4050 User Guide 3 Configure the extended profiles for the group (see

198 Chapter 5 Configuring groups and profiles320818-A Configuring groups using the CLITo create and configure a group, use the following command:/cfg/

Chapter 5 Configuring groups and profiles 199Nortel Secure Network Access Switch 4050 User Guide • number of sessions — the maximum number of simultan

2320818-A Copyright © Nortel Networks Limited 2005. All rights reserved.The information in this document is subject to change without notice. The stat

20 Contents320818-A Configure the network DNS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782Configure the network D

200 Chapter 5 Configuring groups and profiles320818-A Figure 38 shows sample output for the /cfg/domain 1/aaa/group <group ID> command and comma

Chapter 5 Configuring groups and profiles 201Nortel Secure Network Access Switch 4050 User Guide Configuring client filters using the CLITo create and

202 Chapter 5 Configuring groups and profiles320818-A The Client Filter menu includes the following options:/cfg/domain 1/aaa/filter <filter ID>

Chapter 5 Configuring groups and profiles 203Nortel Secure Network Access Switch 4050 User Guide Figure 39 shows sample output for the /cfg/domain 1/a

204 Chapter 5 Configuring groups and profiles320818-A When you first create the profile, you are prompted to enter the following parameters:• client f

Chapter 5 Configuring groups and profiles 205Nortel Secure Network Access Switch 4050 User Guide Figure 40 shows sample output for the /cfg/domain 1/a

206 Chapter 5 Configuring groups and profiles320818-A Mapping linksets to a group or profile using the CLIYou can tailor the portal page for different

Chapter 5 Configuring groups and profiles 207Nortel Secure Network Access Switch 4050 User Guide Figure 41 shows sample output for the /cfg/domain 1/a

208 Chapter 5 Configuring groups and profiles320818-A Creating a default group using the CLITo create a default group, first create a group with exten

Chapter 5 Configuring groups and profiles 209Nortel Secure Network Access Switch 4050 User Guide Using the guide for creating groups If you desire add

Contents 21Nortel Secure Network Access Switch 4050 User Guide CLI shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

210 Chapter 5 Configuring groups and profiles320818-A Adding a group To create and configure a group, perform the following steps:1 Select the Secure

Chapter 5 Configuring groups and profiles 211Nortel Secure Network Access Switch 4050 User Guide 2 Click Add. The Add a Group dialog box appears (see

212 Chapter 5 Configuring groups and profiles320818-A Modifying a groupTo configure a group, perform the following steps:1 Select the Secure Access Do

Chapter 5 Configuring groups and profiles 213Nortel Secure Network Access Switch 4050 User Guide 2 Enter the group information in the applicable field

214 Chapter 5 Configuring groups and profiles320818-A Adding a client filter To create and configure a client filter, perform the following steps:1 Se

Chapter 5 Configuring groups and profiles 215Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add a Client Filter dialog box appear

216 Chapter 5 Configuring groups and profiles320818-A 4 Click Apply.The new client filter now appears in the Client Filters table.5 Click Apply on the

Chapter 5 Configuring groups and profiles 217Nortel Secure Network Access Switch 4050 User Guide Modifying a client filterTo configure a client filter

218 Chapter 5 Configuring groups and profiles320818-A 2 Enter the Client Filter information in the applicable fields. Table 34 describes the Client Fi

Chapter 5 Configuring groups and profiles 219Nortel Secure Network Access Switch 4050 User Guide Configuring extended profiles using the SREMTo view t

22 Contents320818-A Root user password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844Boot user password .

220 Chapter 5 Configuring groups and profiles320818-A Adding an extended profile To create an extended profile for a group, perform the following step

Chapter 5 Configuring groups and profiles 221Nortel Secure Network Access Switch 4050 User Guide 2 Click Add. The Add an Extended Profile dialog box o

222 Chapter 5 Configuring groups and profiles320818-A Modifying an extended profileTo modify an extended profile for a group, perform the following st

Chapter 5 Configuring groups and profiles 223Nortel Secure Network Access Switch 4050 User Guide 2 Enter the Extended Profile information in the appli

224 Chapter 5 Configuring groups and profiles320818-A Mapping linksets to a groupTo map a linkset to a group, select the Secure Access Domain > dom

Chapter 5 Configuring groups and profiles 225Nortel Secure Network Access Switch 4050 User Guide Adding linksets to a groupTo add a linkset to a group

226 Chapter 5 Configuring groups and profiles320818-A Removing linksets from a groupTo remove a linkset from a group, perform the following steps:1 Se

Chapter 5 Configuring groups and profiles 227Nortel Secure Network Access Switch 4050 User Guide Mapping linksets to a profileTo map a linkset to an e

228 Chapter 5 Configuring groups and profiles320818-A Adding linksets to an extended profileTo add a linkset to an extended profile, perform the follo

Chapter 5 Configuring groups and profiles 229Nortel Secure Network Access Switch 4050 User Guide Removing linksets from an extended profileTo remove a

Contents 23Nortel Secure Network Access Switch 4050 User Guide Create a new attribute(Windows 2000 Server and Windows Server 2003) . . . . . . . . . .

230 Chapter 5 Configuring groups and profiles320818-A Creating a default group using the SREM To create a default group, first create a group with ext

Chapter 5 Configuring groups and profiles 231Nortel Secure Network Access Switch 4050 User Guide 2 Enter the AAA information in the applicable fields.

232 Chapter 5 Configuring groups and profiles320818-A

233Nortel Secure Network Access Switch 4050 User Guide Chapter 6 Configuring authenticationThis chapter includes the following topics:Topic PageOvervi

234 Chapter 6 Configuring authentication320818-A OverviewThe Nortel SNAS 4050 controls authentication of clients when they log on to the network.The N

Chapter 6 Configuring authentication 235Nortel Secure Network Access Switch 4050 User Guide Before you beginBefore you configure authentication on the

236 Chapter 6 Configuring authentication320818-A — Vendor-Typeb LDAP servers:— server IP address— port number used for the service— configured account

Chapter 6 Configuring authentication 237Nortel Secure Network Access Switch 4050 User Guide 3 Specify the order in which the authentication methods wi

238 Chapter 6 Configuring authentication320818-A domainid <domain ID>domaintype <domain type>authproto pap|chapv2timeout <interval>/

Chapter 6 Configuring authentication 239Nortel Secure Network Access Switch 4050 User Guide Configuring authentication methods using the CLITo create

24 Contents320818-A

240 Chapter 6 Configuring authentication320818-A When you first create the method, you are prompted to specify the type. For Nortel Secure Network Acc

Chapter 6 Configuring authentication 241Nortel Secure Network Access Switch 4050 User Guide Configuring advanced settings using the CLIYou can configu

242 Chapter 6 Configuring authentication320818-A To configure the current authentication scheme to retrieve user group information from a different au

Chapter 6 Configuring authentication 243Nortel Secure Network Access Switch 4050 User Guide You can perform the following configuration tasks:• “Addin

244 Chapter 6 Configuring authentication320818-A • vendor type for group — corresponds to the Vendor-Type value used in combination with the Vendor-Id

Chapter 6 Configuring authentication 245Nortel Secure Network Access Switch 4050 User Guide Figure 56 shows sample output for the RADIUS method for th

246 Chapter 6 Configuring authentication320818-A The RADIUS menu displays.The RADIUS menu includes the following options:/cfg/domain 1/aaa/auth #/radi

Chapter 6 Configuring authentication 247Nortel Secure Network Access Switch 4050 User Guide Managing RADIUS authentication servers using the CLIYou ca

248 Chapter 6 Configuring authentication320818-A The Radius servers menu includes the following options:/cfg/domain 1/aaa/auth #/radius/serversfollowe

Chapter 6 Configuring authentication 249Nortel Secure Network Access Switch 4050 User Guide Configuring session timeout using the CLIYou can configure

25Nortel Secure Network Access Switch 4050 User Guide PrefaceNortel* Secure Network Access (Nortel SNA) is a clientless solution that provides seamles

250 Chapter 6 Configuring authentication320818-A where auth ID is an integer in the range 1 to 63 that uniquely identifies the authentication method i

Chapter 6 Configuring authentication 251Nortel Secure Network Access Switch 4050 User Guide • if user entries are located in several places in the LDA

252 Chapter 6 Configuring authentication320818-A Figure 57 shows sample output for the LDAP method for the /cfg/domain 1/aaa/auth <auth ID> comm

Chapter 6 Configuring authentication 253Nortel Secure Network Access Switch 4050 User Guide The LDAP menu displays.The LDAP menu includes the followin

254 Chapter 6 Configuring authentication320818-A userattr <names>Refers to one of the following:1. the LDAP attribute that contains the user nam

Chapter 6 Configuring authentication 255Nortel Secure Network Access Switch 4050 User Guide enaldaps true|falseIf true, makes LDAP requests between th

256 Chapter 6 Configuring authentication320818-A Managing LDAP authentication servers using the CLIYou can configure additional LDAP servers for the d

Chapter 6 Configuring authentication 257Nortel Secure Network Access Switch 4050 User Guide del <index number>Removes the specified LDAP server

258 Chapter 6 Configuring authentication320818-A Managing LDAP macros using the CLIYou can create your own macros (or variables), to allow you to retr

Chapter 6 Configuring authentication 259Nortel Secure Network Access Switch 4050 User Guide add <variable name> <LDAP attribute> [<pref

26 Preface320818-A The document provides instructions for initializing and customizing the features using the Command Line Interface (CLI). To learn t

260 Chapter 6 Configuring authentication320818-A Managing Active Directory passwords using the CLIYou can set up a mechanism for clients to change the

Chapter 6 Configuring authentication 261Nortel Secure Network Access Switch 4050 User Guide Configuring local database authentication using the CLIYou

262 Chapter 6 Configuring authentication320818-A where auth ID is an integer in the range 1 to 63 that uniquely identifies the authentication method i

Chapter 6 Configuring authentication 263Nortel Secure Network Access Switch 4050 User Guide • group name — the name of the group to which the specifie

264 Chapter 6 Configuring authentication320818-A Managing the local database using the CLIYou can add users to the database in two ways:• manually, us

Chapter 6 Configuring authentication 265Nortel Secure Network Access Switch 4050 User Guide The Local database menu includes the following options:/cf

266 Chapter 6 Configuring authentication320818-A import <protocol> <server> <filename> <key>Imports a database from the specif

Chapter 6 Configuring authentication 267Nortel Secure Network Access Switch 4050 User Guide Specifying authentication fallback order using the CLIAuth

268 Chapter 6 Configuring authentication320818-A Perform this step even if there is only one method defined on the Nortel SNAS 4050.To specify the aut

Chapter 6 Configuring authentication 269Nortel Secure Network Access Switch 4050 User Guide Configuring authentication using the SREMThe basic steps f

Preface 27Nortel Secure Network Access Switch 4050 User Guide Text conventionsThis guide uses the following text conventions:angle brackets (< >

270 Chapter 6 Configuring authentication320818-A Configuring authentication methods using the SREMTo create and configure an authentication method, pe

Chapter 6 Configuring authentication 271Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add an Authentication Server dialog box op

272 Chapter 6 Configuring authentication320818-A Adding the RADIUS method and serverTo configure the Nortel SNAS 4050 to use an external RADIUS or Ste

Chapter 6 Configuring authentication 273Nortel Secure Network Access Switch 4050 User Guide 2 Enter the authentication server information in the appli

274 Chapter 6 Configuring authentication320818-A • Modify settings for the specific RADIUS configuration (see “Modifying RADIUS configuration settings

Chapter 6 Configuring authentication 275Nortel Secure Network Access Switch 4050 User Guide 2 Modify settings for the authentication method as necessa

276 Chapter 6 Configuring authentication320818-A Modifying RADIUS configuration settingsTo modify the RADIUS method configuration, perform the followi

Chapter 6 Configuring authentication 277Nortel Secure Network Access Switch 4050 User Guide 2 Modify settings for the RADIUS configuration as necessar

278 Chapter 6 Configuring authentication320818-A 3 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the

Chapter 6 Configuring authentication 279Nortel Secure Network Access Switch 4050 User Guide Managing additional RADIUS serversAdditional RADIUS server

28 Preface320818-A Related informationThis section lists information sources that relate to this document.PublicationsRefer to the following publicati

280 Chapter 6 Configuring authentication320818-A The RADIUS Server Table allows you to manage additional RADIUS servers by performing any of the follo

Chapter 6 Configuring authentication 281Nortel Secure Network Access Switch 4050 User Guide 4 Click Apply.The new RADIUS server is automatically assig

282 Chapter 6 Configuring authentication320818-A The RADIUS Servers screen appears (see Figure 69 on page 291).2 Select an RADIUS server entry from th

Chapter 6 Configuring authentication 283Nortel Secure Network Access Switch 4050 User Guide Adding the LDAP method and serverTo configure the Nortel S

284 Chapter 6 Configuring authentication320818-A 3 Click Apply.The LDAP authentication method displays in the Authentication Server Table.4 Click Appl

Chapter 6 Configuring authentication 285Nortel Secure Network Access Switch 4050 User Guide Modifying LDAP method settingsTo modify settings for an ex

286 Chapter 6 Configuring authentication320818-A 2 Modify settings for the authentication method as necessary.Table 45 describes the Configuration fie

Chapter 6 Configuring authentication 287Nortel Secure Network Access Switch 4050 User Guide Modifying LDAP configuration settingsTo modify the LDAP me

288 Chapter 6 Configuring authentication320818-A 2 Modify settings for the LDAP configuration as necessary.Table 46 describes the LDAP Configuration f

Chapter 6 Configuring authentication 289Nortel Secure Network Access Switch 4050 User Guide User Attribute Refers to one of the following:1. the LDAP

Preface 29Nortel Secure Network Access Switch 4050 User Guide • Release Notes for Nortel Ethernet Routing Switch 5500 Series, Software Release 4.3 (21

290 Chapter 6 Configuring authentication320818-A 3 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the

Chapter 6 Configuring authentication 291Nortel Secure Network Access Switch 4050 User Guide Managing additional LDAP serversAdditional LDAP servers ca

292 Chapter 6 Configuring authentication320818-A The LDAP Server Table allows you to manage additional LDAP servers by performing any of the following

Chapter 6 Configuring authentication 293Nortel Secure Network Access Switch 4050 User Guide The new LDAP server is automatically assigned a unique ind

294 Chapter 6 Configuring authentication320818-A 5 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the

Chapter 6 Configuring authentication 295Nortel Secure Network Access Switch 4050 User Guide To manage LDAP macro variables, select the Secure Access D

296 Chapter 6 Configuring authentication320818-A Adding LDAP macrosTo create an LDAP macro variable, perform the following steps:1 Select the Secure A

Chapter 6 Configuring authentication 297Nortel Secure Network Access Switch 4050 User Guide 4 Click Apply.The new LDAP macro is automatically assigned

298 Chapter 6 Configuring authentication320818-A 5 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the

Chapter 6 Configuring authentication 299Nortel Secure Network Access Switch 4050 User Guide Adding the Local methodTo configure the Nortel SNAS 4050 t

3Nortel Secure Network Access Switch 4050 User Guide In addition, the program and information contained herein are licensed only pursuant to a license

30 Preface320818-A • To call a Nortel Technical Solutions Center for assistance, click the CALL US link on the left side of the page to find the telep

300 Chapter 6 Configuring authentication320818-A 2 Enter the authentication server information in the applicable fields.Table 49 describes the Add an

Chapter 6 Configuring authentication 301Nortel Secure Network Access Switch 4050 User Guide Populating the databaseYou can populate the Local database

302 Chapter 6 Configuring authentication320818-A 2 Click Add.The Add a Local User dialog box appears (see Figure 75).Figure 75 Add a Local User3 Ent

Chapter 6 Configuring authentication 303Nortel Secure Network Access Switch 4050 User Guide 4 Click Apply.The new user entry appears in the list of lo

304 Chapter 6 Configuring authentication320818-A Importing a database To import a database of local users, perform the following steps.1 Select the Se

Chapter 6 Configuring authentication 305Nortel Secure Network Access Switch 4050 User Guide 2 Enter the import information in the applicable fields.Ta

306 Chapter 6 Configuring authentication320818-A Modifying Local method settingsTo modify settings for an existing local or LDAP authentication method

Chapter 6 Configuring authentication 307Nortel Secure Network Access Switch 4050 User Guide 2 Modify settings for the authentication method as necessa

308 Chapter 6 Configuring authentication320818-A 2 In the User Name list, select the user you want to edit. The Local Users screen refreshes to displa

Chapter 6 Configuring authentication 309Nortel Secure Network Access Switch 4050 User Guide 3 Modify the local user information in the applicable fiel

31Nortel Secure Network Access Switch 4050 User Guide Chapter 1 OverviewThis chapter includes the following topics:The Nortel SNA solutionNortel Secur

310 Chapter 6 Configuring authentication320818-A 2 In the User Name list, select the user you want to edit. The Local Users screen refreshes to displa

Chapter 6 Configuring authentication 311Nortel Secure Network Access Switch 4050 User Guide 4 Modify the local user information in the applicable fiel

312 Chapter 6 Configuring authentication320818-A Exporting the databaseTo export the database of local users, perform the following steps:1 Select the

Chapter 6 Configuring authentication 313Nortel Secure Network Access Switch 4050 User Guide 2 Enter the export information in the applicable fields.Ta

314 Chapter 6 Configuring authentication320818-A Specifying authentication fallback order using the SREMAuthentication in the Nortel SNAS 4050 solutio

Chapter 6 Configuring authentication 315Nortel Secure Network Access Switch 4050 User Guide To specify authentication fallback order, perform these st

316 Chapter 6 Configuring authentication320818-A 3 Rearrange the list so that the methods appear in the desired order.a Click on a method to select it

317Nortel Secure Network Access Switch 4050 User Guide Chapter 7 TunnelGuard SRS BuilderThis chapter includes the following topics:Topic PageConfiguri

318 Chapter 7 TunnelGuard SRS Builder320818-A Configuring SRS rulesThe building blocks used to construct the Software Requirement Set (SRS) are files

Chapter 7 TunnelGuard SRS Builder 319Nortel Secure Network Access Switch 4050 User Guide • “Software Definition — Available SRS list” on page 323• “Me

32 Chapter 1 Overview320818-A For Nortel, success is delivering technologies providing secure access to your information using security-compliant syst

320 Chapter 7 TunnelGuard SRS Builder320818-A Software Definition Entry menuTable 58 describes important items from the Software Definition Entry menu

Chapter 7 TunnelGuard SRS Builder 321Nortel Secure Network Access Switch 4050 User Guide TunnelGuard Rule menuTable 59 describes important items from

322 Chapter 7 TunnelGuard SRS Builder320818-A SRS definition toolbarThe buttons on the SRS definition toolbar allow you to create, delete, and manage

Chapter 7 TunnelGuard SRS Builder 323Nortel Secure Network Access Switch 4050 User Guide Software Definition — Available SRS listThe available SRS lis

324 Chapter 7 TunnelGuard SRS Builder320818-A Customizing a componentWhen an SRS component is selected by clicking on it, you can customize it using t

Chapter 7 TunnelGuard SRS Builder 325Nortel Secure Network Access Switch 4050 User Guide Memory snapshotThe memory snapshot section in the lower half

326 Chapter 7 TunnelGuard SRS Builder320818-A SRS Rule listThe SRS Rule list shows the existing SRS rules. These rules are retrieved from the Nortel S

Chapter 7 TunnelGuard SRS Builder 327Nortel Secure Network Access Switch 4050 User Guide Once the expression is formed, it is available for rule defin

328 Chapter 7 TunnelGuard SRS Builder320818-A Figure 84 The New SRS window2 Enter a name for the software definition and click OK.For example, to cr

Chapter 7 TunnelGuard SRS Builder 329Nortel Secure Network Access Switch 4050 User Guide Figure 85 The Create New Memory Module SRS window3 In the F

Chapter 1 Overview 33Nortel Secure Network Access Switch 4050 User Guide Java Runtime Environment (JRE) for all browsers:— JRE 1.5.0_04 or later• VoIP

330 Chapter 7 TunnelGuard SRS Builder320818-A If enabled, the client system will be searched for the specified file name, irrespective of path to fold

Chapter 7 TunnelGuard SRS Builder 331Nortel Secure Network Access Switch 4050 User Guide The file/module is added as an entry in the selected software

332 Chapter 7 TunnelGuard SRS Builder320818-A To create a software definition entry for a file not shown in the memory snapshot, perform the following

Chapter 7 TunnelGuard SRS Builder 333Nortel Secure Network Access Switch 4050 User Guide 3 Select the Fetch Module Path from Registry Entry check box,

334 Chapter 7 TunnelGuard SRS Builder320818-A 2 Click the TunnelGuard Rule Definition tab.TunnelGuard rules and expressions with the same names as the

Chapter 7 TunnelGuard SRS Builder 335Nortel Secure Network Access Switch 4050 User Guide 4 Select another expression that you will use to form a new l

336 Chapter 7 TunnelGuard SRS Builder320818-A Figure 88 The Available Expressions screen7 Create a new TunnelGuard Rule.On the TunnelGuard Rule menu

Chapter 7 TunnelGuard SRS Builder 337Nortel Secure Network Access Switch 4050 User Guide The new rule name appears in the TunnelGuard Rule Name column

338 Chapter 7 TunnelGuard SRS Builder320818-A Registry-based rulesTunnelGuard Agent supports checking of on-disk files, running processes, hash checki

Chapter 7 TunnelGuard SRS Builder 339Nortel Secure Network Access Switch 4050 User Guide Table 66 describes supported operands for integer values.The

34 Chapter 1 Overview320818-A Nortel SNAS 4050 functionsThe Nortel SNAS 4050 performs the following functions:• Acts as a web server portal, which is

340 Chapter 7 TunnelGuard SRS Builder320818-A Table 67 describes supported constructs for string-based regular expressions.Table 67 Constructs for s

Chapter 7 TunnelGuard SRS Builder 341Nortel Secure Network Access Switch 4050 User Guide The following are examples of regular expressions for string-

342 Chapter 7 TunnelGuard SRS Builder320818-A Figure 91 Registry Entry page3 Select the Registry Key Path from the Registry Editor.4 Select the Key

Chapter 7 TunnelGuard SRS Builder 343Nortel Secure Network Access Switch 4050 User Guide Manually creating SRS entriesThe administrator tool applet pr

344 Chapter 7 TunnelGuard SRS Builder320818-A Figure 92 Create new OnDisk SRS Entry3 Click Browse Local System to select the File or Module Path. Th

Chapter 7 TunnelGuard SRS Builder 345Nortel Secure Network Access Switch 4050 User Guide 6 Click an option button for either Relative Date/Time Range

346 Chapter 7 TunnelGuard SRS Builder320818-A Figure 93 Create new Memory Module SRS entry3 Click Browse Local System to select the File or Module P

Chapter 7 TunnelGuard SRS Builder 347Nortel Secure Network Access Switch 4050 User Guide 6 Click an option button for Max Version.7 Click an option bu

348 Chapter 7 TunnelGuard SRS Builder320818-A Figure 94 Date/Time RangeAdding comments• “Adding a TunnelGuard rule comment” on page 348• “Adding a s

Chapter 7 TunnelGuard SRS Builder 349Nortel Secure Network Access Switch 4050 User Guide 3 Click the button to display the Rule Comment window (see Fi

Chapter 1 Overview 35Nortel Secure Network Access Switch 4050 User Guide • VoIP — automatic access for VoIP traffic. The network access device places

350 Chapter 7 TunnelGuard SRS Builder320818-A Deleting a software definition1 Click the Software Definition tab.2 In the Software Definition column, s

Chapter 7 TunnelGuard SRS Builder 351Nortel Secure Network Access Switch 4050 User Guide 2 In the Available Expressions area, select the desired expre

352 Chapter 7 TunnelGuard SRS Builder320818-A

353Nortel Secure Network Access Switch 4050 User Guide Chapter 8 Managing system users and groupsThis chapter includes the following topics:Topic Page

354 Chapter 8 Managing system users and groups320818-A User rights and group membershipThere are three groups of system users who routinely access the

Chapter 8 Managing system users and groups 355Nortel Secure Network Access Switch 4050 User Guide Managing system users and groups using the CLITo man

356 Chapter 8 Managing system users and groups320818-A Managing user accounts and passwords using the CLITo change the password for the currently logg

Chapter 8 Managing system users and groups 357Nortel Secure Network Access Switch 4050 User Guide del <username>Removes the specified user accou

358 Chapter 8 Managing system users and groups320818-A Managing user settings using the CLIYou must have administrator rights in order to change a use

Chapter 8 Managing system users and groups 359Nortel Secure Network Access Switch 4050 User Guide To set or change the login password for a specified

36 Chapter 1 Overview320818-A Authentication methodsYou can configure more than one authentication method within a Nortel SNAS 4050 domain. Nortel Sec

360 Chapter 8 Managing system users and groups320818-A To set or change a user’s group assignment, access the Groups menu by using the following comma

Chapter 8 Managing system users and groups 361Nortel Secure Network Access Switch 4050 User Guide In this configuration example, a certificate adminis

362 Chapter 8 Managing system users and groups320818-A —oper—admin— certadminBy default, the admin user is a member of all groups above, and can there

Chapter 8 Managing system users and groups 363Nortel Secure Network Access Switch 4050 User Guide 7 Apply the changes.8 Let the Certificate Administra

364 Chapter 8 Managing system users and groups320818-A 9 Remove the admin user from the certadmin group.Again, this step is only necessary if you want

Chapter 8 Managing system users and groups 365Nortel Secure Network Access Switch 4050 User Guide Changing a user’s group assignmentOnly users who are

366 Chapter 8 Managing system users and groups320818-A 4 Verify and apply the changes.Changing passwordsChanging your own passwordAll users can change

Chapter 8 Managing system users and groups 367Nortel Secure Network Access Switch 4050 User Guide 2 Access the User Menu.Type the passwd command to ch

368 Chapter 8 Managing system users and groups320818-A 2 Access the User Menu.3 Specify the user name of the user whose password you want to change.4

Chapter 8 Managing system users and groups 369Nortel Secure Network Access Switch 4050 User Guide Deleting a userTo delete a user from the system, you

Chapter 1 Overview 37Nortel Secure Network Access Switch 4050 User Guide TunnelGuard host integrity checkThe TunnelGuard application checks client hos

370 Chapter 8 Managing system users and groups320818-A The imminent removal of the cert_admin user is indicated as a pending configuration change by t

Chapter 8 Managing system users and groups 371Nortel Secure Network Access Switch 4050 User Guide The User Table appears (see Figure 96), displaying a

372 Chapter 8 Managing system users and groups320818-A Only the admin user can delete users from the system. Of the three built-in users (admin, oper,

Chapter 8 Managing system users and groups 373Nortel Secure Network Access Switch 4050 User Guide 3 Enter the user information in the applicable field

374 Chapter 8 Managing system users and groups320818-A Setting password expiry using the SREMTo set a password expiry date for all passwords in the sy

Chapter 8 Managing system users and groups 375Nortel Secure Network Access Switch 4050 User Guide 2 Enter the Password Setting information in the appl

376 Chapter 8 Managing system users and groups320818-A Changing your password using the SREMOnly the admin user can change the passwords of other user

Chapter 8 Managing system users and groups 377Nortel Secure Network Access Switch 4050 User Guide 2 Enter the password information in the applicable f

378 Chapter 8 Managing system users and groups320818-A To change the password for another user, perform the following steps:1 Select the System > M

Chapter 8 Managing system users and groups 379Nortel Secure Network Access Switch 4050 User Guide 2 Enter the password information in the applicable f

38 Chapter 1 Overview320818-A Communication channelsCommunications between the Nortel SNAS 4050 and key elements of the Nortel SNA solution are secure

380 Chapter 8 Managing system users and groups320818-A To set a certificate export pass phrase, perform the following steps:1 Select the System > M

Chapter 8 Managing system users and groups 381Nortel Secure Network Access Switch 4050 User Guide 2 Enter the PassPhrase information in the applicable

382 Chapter 8 Managing system users and groups320818-A To manage the group to which a user belongs, select the System > Manage Users > user >

Chapter 8 Managing system users and groups 383Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add a User Group dialog box appears

384 Chapter 8 Managing system users and groups320818-A The user group is immediately removed from the User Group Table.5 Click Apply on the toolbar to

385Nortel Secure Network Access Switch 4050 User Guide Chapter 9 Customizing the portal and user logonThis chapter includes the following topics:Topic

386 Chapter 9 Customizing the portal and user logon320818-A OverviewThe end user accesses the Nortel SNA network through the Nortel SNAS 4050 portal.

Chapter 9 Customizing the portal and user logon 387Nortel Secure Network Access Switch 4050 User Guide • redirects client requests to an authenticatio

388 Chapter 9 Customizing the portal and user logon320818-A Table 75 lists the regular expressions and escape sequences you can use in an Exclude List

Chapter 9 Customizing the portal and user logon 389Nortel Secure Network Access Switch 4050 User Guide Portal displayYou can modify the following feat

Chapter 1 Overview 39Nortel Secure Network Access Switch 4050 User Guide The Nortel SNAS 4050 supports the use of three different SSH host key types:

390 Chapter 9 Customizing the portal and user logon320818-A Default appearanceFigure 104 shows the default portal Home tab.Figure 104 Default appear

Chapter 9 Customizing the portal and user logon 391Nortel Secure Network Access Switch 4050 User Guide • color3 — the fields, information area, and cl

392 Chapter 9 Customizing the portal and user logon320818-A For the commands to configure the colors used on the portal, see “Changing the portal colo

Chapter 9 Customizing the portal and user logon 393Nortel Secure Network Access Switch 4050 User Guide To change the language displayed for tab names,

394 Chapter 9 Customizing the portal and user logon320818-A Linksets and linksYou can add the following types of links to the portal Home tab:• Extern

Chapter 9 Customizing the portal and user logon 395Nortel Secure Network Access Switch 4050 User Guide Planning the linksetsPlan your configuration so

396 Chapter 9 Customizing the portal and user logon320818-A Automatic redirection to internal sitesYou can configure the portal to automatically redir

Chapter 9 Customizing the portal and user logon 397Nortel Secure Network Access Switch 4050 User Guide Managing the end user experienceNortel recommen

398 Chapter 9 Customizing the portal and user logon320818-A 2 Download the JRE installer from the Sun Microsystems Java web site (http://www.java.com)

Chapter 9 Customizing the portal and user logon 399Nortel Secure Network Access Switch 4050 User Guide /cfg/domain 1/dnscapt/exclude listdel <index

4320818-A BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nort

40 Chapter 1 Overview320818-A • fault tolerance — If a Nortel SNAS 4050 device fails, the failure is detected by the other node in the cluster, which

400 Chapter 9 Customizing the portal and user logon320818-A color2 <code>color3 <code>color4 <code>theme default|aqua|apple| jeans|c

Chapter 9 Customizing the portal and user logon 401Nortel Secure Network Access Switch 4050 User Guide Configuring the captive portal using the CLIBy

402 Chapter 9 Customizing the portal and user logon320818-A The DNS Exclude menu includes the following options:Changing the portal language using the

Chapter 9 Customizing the portal and user logon 403Nortel Secure Network Access Switch 4050 User Guide Configuring language support using the CLITo ma

404 Chapter 9 Customizing the portal and user logon320818-A The Language Support menu includes the following options:/cfg/langfollowed by:import <p

Chapter 9 Customizing the portal and user logon 405Nortel Secure Network Access Switch 4050 User Guide Setting the portal display language using the C

406 Chapter 9 Customizing the portal and user logon320818-A Configuring the portal display using the CLITo modify the look and feel of the portal page

Chapter 9 Customizing the portal and user logon 407Nortel Secure Network Access Switch 4050 User Guide redirect <URL>Sets the URL to which clien

408 Chapter 9 Customizing the portal and user logon320818-A linktext <text>Specifies static text to be displayed above the group links on the po

Chapter 9 Customizing the portal and user logon 409Nortel Secure Network Access Switch 4050 User Guide Changing the portal colors using the CLITo cust

Chapter 1 Overview 41Nortel Secure Network Access Switch 4050 User Guide One-armed configurationIn a one-armed configuration, the Nortel SNAS 4050 has

410 Chapter 9 Customizing the portal and user logon320818-A The Portal Colors menu includes the following options:For more information about the porta

Chapter 9 Customizing the portal and user logon 411Nortel Secure Network Access Switch 4050 User Guide The Portal Custom Content menu includes the fol

412 Chapter 9 Customizing the portal and user logon320818-A Configuring linksets using the CLIA linkset is a set of links that display on the portal H

Chapter 9 Customizing the portal and user logon 413Nortel Secure Network Access Switch 4050 User Guide The Linkset menu includes the following options

414 Chapter 9 Customizing the portal and user logon320818-A Configuring links using the CLITo create and configure the links included in the linkset,

Chapter 9 Customizing the portal and user logon 415Nortel Secure Network Access Switch 4050 User Guide The Link menu includes the following options:/c

416 Chapter 9 Customizing the portal and user logon320818-A Configuring external link settings using the CLITo launch the wizard to configure settings

Chapter 9 Customizing the portal and user logon 417Nortel Secure Network Access Switch 4050 User Guide Customizing the portal and logon using the SREM

418 Chapter 9 Customizing the portal and user logon320818-A Figure 105 DNS Capture screenThe DNS Capture screen includes the following components:2

Chapter 9 Customizing the portal and user logon 419Nortel Secure Network Access Switch 4050 User Guide Configuring the DNS Exclude List using the SREM

42 Chapter 1 Overview320818-A Figure 2 illustrates a two-armed configuration.Figure 2 Two-armed configurationNortel SNA configuration and management

420 Chapter 9 Customizing the portal and user logon320818-A 3 To remove an entry from the Exclude List:a In the DNS Exclude List, select the entry you

Chapter 9 Customizing the portal and user logon 421Nortel Secure Network Access Switch 4050 User Guide Configuring language support using the SREMTo m

422 Chapter 9 Customizing the portal and user logon320818-A Viewing predefined languagesTo view predefined languages, click the Pre-defined Languages

Chapter 9 Customizing the portal and user logon 423Nortel Secure Network Access Switch 4050 User Guide b Click Apply on the toolbar to send the curren

424 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the Language information in the applicable fields. Table 80 describes the Import D

Chapter 9 Customizing the portal and user logon 425Nortel Secure Network Access Switch 4050 User Guide Setting the portal display language using the S

426 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the language information in the applicable fields. Table 81 describes the Langauge

Chapter 9 Customizing the portal and user logon 427Nortel Secure Network Access Switch 4050 User Guide Configuring contentTo configure and modify port

428 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the Portal Configuration information in the applicable fields. Table 82 describes

Chapter 9 Customizing the portal and user logon 429Nortel Secure Network Access Switch 4050 User Guide Redirect URL Sets the URL to which clients are

Chapter 1 Overview 43Nortel Secure Network Access Switch 4050 User Guide • Security & Routing Element Manager (SREM)The SREM is a GUI application

430 Chapter 9 Customizing the portal and user logon320818-A Importing bannersTo import a banner to display on the portal Home page, perform the follow

Chapter 9 Customizing the portal and user logon 431Nortel Secure Network Access Switch 4050 User Guide 2 Enter the banner information in the applicabl

432 Chapter 9 Customizing the portal and user logon320818-A Changing the portal colors using the SREMTo customize the colors used for portal display,

Chapter 9 Customizing the portal and user logon 433Nortel Secure Network Access Switch 4050 User Guide 2 Enter the color information in the applicable

434 Chapter 9 Customizing the portal and user logon320818-A Configuring custom content using the SREMTo configure custom content, such as Java applets

Chapter 9 Customizing the portal and user logon 435Nortel Secure Network Access Switch 4050 User Guide Viewing basic information about custom contentT

436 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the basic information in the applicable fields. Table 85 describes the Basics fiel

Chapter 9 Customizing the portal and user logon 437Nortel Secure Network Access Switch 4050 User Guide Importing custom contentTo import custom conten

438 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the import information in the applicable fields. Table 86 describes the Import Con

Chapter 9 Customizing the portal and user logon 439Nortel Secure Network Access Switch 4050 User Guide Exporting custom contentTo export custom conten

44 Chapter 1 Overview320818-A For each VLAN:a Create a DHCP scope.b Specify the IP address range and subnet mask for that scope.c Configure the follow

440 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the export information in the applicable fields. Table 87 describes the Export Con

Chapter 9 Customizing the portal and user logon 441Nortel Secure Network Access Switch 4050 User Guide Creating a linksetTo create a linkset, perform

442 Chapter 9 Customizing the portal and user logon320818-A 2 Click Add.The Add a Linkset dialog box appears (see Figure 118).Figure 118 Add a Links

Chapter 9 Customizing the portal and user logon 443Nortel Secure Network Access Switch 4050 User Guide Modifying a linksetTo modify a linkset, perform

444 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the linkset information in the applicable fields. Table 89 describes the linkset C

Chapter 9 Customizing the portal and user logon 445Nortel Secure Network Access Switch 4050 User Guide Configuring links using the SREMAfter you creat

446 Chapter 9 Customizing the portal and user logon320818-A Creating an external link using the SREMTo create an external link, perform the following

Chapter 9 Customizing the portal and user logon 447Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add a Portal Link dialog box ap

448 Chapter 9 Customizing the portal and user logon320818-A 5 Click Apply.The new external link appears in the Links table.6 Click Apply on the toolba

Chapter 9 Customizing the portal and user logon 449Nortel Secure Network Access Switch 4050 User Guide To create an FTP link, perform the following st

Chapter 1 Overview 45Nortel Secure Network Access Switch 4050 User Guide Use the applicable show commands on the router to verify that DHCP relay has

450 Chapter 9 Customizing the portal and user logon320818-A 4 Enter the link information in the applicable fields. Table 91 describes the Add a Portal

Chapter 9 Customizing the portal and user logon 451Nortel Secure Network Access Switch 4050 User Guide Modifying external link settings using the SREM

452 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the link information in the applicable fields. Table 92 describes the external lin

Chapter 9 Customizing the portal and user logon 453Nortel Secure Network Access Switch 4050 User Guide Modifying FTP link settings using the SREMTo mo

454 Chapter 9 Customizing the portal and user logon320818-A 2 Enter the link information in the applicable fields. Table 93 describes the FTP link Con

Chapter 9 Customizing the portal and user logon 455Nortel Secure Network Access Switch 4050 User Guide The Re Order Links screen appears (see Figure 1

456 Chapter 9 Customizing the portal and user logon320818-A

457Nortel Secure Network Access Switch 4050 User Guide Chapter 10 Configuring system settingsThis chapter includes the following topics:Topic PageConf

458 Chapter 10 Configuring system settings320818-A System settings apply to a cluster as a whole.You can log on to either the Management IP address (M

Chapter 10 Configuring system settings 459Nortel Secure Network Access Switch 4050 User Guide Configuring the cluster using the CLITo configure the cl

46 Chapter 1 Overview320818-A Identify switch ports as either uplink or dynamic. When you configure the uplink ports, you associate the NSNA VLANs wit

460 Chapter 10 Configuring system settings320818-A • disabling SSL traffic trace commands (see “Configuring system settings using the CLI” on page 463

Chapter 10 Configuring system settings 461Nortel Secure Network Access Switch 4050 User Guide del <index number>add <IPaddr> <mask>

462 Chapter 10 Configuring system settings320818-A health <interval>hdown <count>hup <count>/cfg/sys/dns/serverslistdel <index nu

Chapter 10 Configuring system settings 463Nortel Secure Network Access Switch 4050 User Guide show/cfg/sys/adm/sshkeys/knownhostslistdel <index num

464 Chapter 10 Configuring system settings320818-A Configuring system settings using the CLITo view and configure cluster-wide system settings, use th

Chapter 10 Configuring system settings 465Nortel Secure Network Access Switch 4050 User Guide Configuring the Nortel SNAS 4050 host using the CLITo co

466 Chapter 10 Configuring system settings320818-A The Cluster Host menu includes the following options:/cfg/sys/host <host ID>followed by:ip &l

Chapter 10 Configuring system settings 467Nortel Secure Network Access Switch 4050 User Guide portAccesses the Host Port menu, in order to configure p

468 Chapter 10 Configuring system settings320818-A rebootReboots the Nortel SNAS 4050.If the Nortel SNAS 4050 you want to reboot has become isolated f

Chapter 10 Configuring system settings 469Nortel Secure Network Access Switch 4050 User Guide Viewing host informationTo view the host number and IP a

Chapter 1 Overview 47Nortel Secure Network Access Switch 4050 User Guide configuration in the SREM (see “Checking configuration using the SREM” on pag

470 Chapter 10 Configuring system settings320818-A gateway <IPaddr>Sets the default gateway address for the interface. The default gateway is th

Chapter 10 Configuring system settings 471Nortel Secure Network Access Switch 4050 User Guide Configuring static routes using the CLITo manage static

472 Chapter 10 Configuring system settings320818-A The system, host, or interface Routes menu displays.When you add a static route to the system, host

Chapter 10 Configuring system settings 473Nortel Secure Network Access Switch 4050 User Guide The Host Port menu includes the following options:Managi

474 Chapter 10 Configuring system settings320818-A The Interface Ports menu includes the following options:Configuring the Access List using the CLITh

Chapter 10 Configuring system settings 475Nortel Secure Network Access Switch 4050 User Guide The Access List menu displays.The Access List menu inclu

476 Chapter 10 Configuring system settings320818-A The Date and Time menu includes the following options:Managing NTP serversYou can add NTP servers t

Chapter 10 Configuring system settings 477Nortel Secure Network Access Switch 4050 User Guide The NTP Servers menu includes the following options:Conf

478 Chapter 10 Configuring system settings320818-A retransmit <interval>Sets the interval for retransmitting a DNS query. •interval is a positiv

Chapter 10 Configuring system settings 479Nortel Secure Network Access Switch 4050 User Guide Managing DNS serversYou can add up to three DNS servers

48 Chapter 1 Overview320818-A

480 Chapter 10 Configuring system settings320818-A Configuring RSA servers using the CLITo configure the symbolic name for the RSA server and import t

Chapter 10 Configuring system settings 481Nortel Secure Network Access Switch 4050 User Guide The RSA Servers menu includes the following options:Conf

482 Chapter 10 Configuring system settings320818-A The Syslog Servers menu includes the following options:/cfg/sys/syslogfollowed by:listLists the IP

Chapter 10 Configuring system settings 483Nortel Secure Network Access Switch 4050 User Guide Configuring administrative settings using the CLIAdminis

484 Chapter 10 Configuring system settings320818-A auditAccesses the Audit menu, in order to configure RADIUS auditing (see “Configuring RADIUS auditi

Chapter 10 Configuring system settings 485Nortel Secure Network Access Switch 4050 User Guide Enabling TunnelGuard SRS administration using the CLITo

486 Chapter 10 Configuring system settings320818-A During initial setup, there is an option to generate the SSH host keys automatically. To generate a

Chapter 10 Configuring system settings 487Nortel Secure Network Access Switch 4050 User Guide Managing known hosts SSH keys using the CLIYou can paste

488 Chapter 10 Configuring system settings320818-A Configuring RADIUS auditing using the CLIYou can configure the Nortel SNAS 4050 cluster to include

Chapter 10 Configuring system settings 489Nortel Secure Network Access Switch 4050 User Guide The Internet Assigned Numbers Authority (IANA) has desig

49Nortel Secure Network Access Switch 4050 User Guide Chapter 2 Initial setupThis chapter includes the following topics:Topic PageBefore you begin50Ab

490 Chapter 10 Configuring system settings320818-A Managing RADIUS audit servers using the CLITo configure the Nortel SNAS 4050 to use external RADIUS

Chapter 10 Configuring system settings 491Nortel Secure Network Access Switch 4050 User Guide add <IPaddr> <port> <shared secret>Add

492 Chapter 10 Configuring system settings320818-A Configuring authentication of system users using the CLIYou can configure the Nortel SNAS 4050 clus

Chapter 10 Configuring system settings 493Nortel Secure Network Access Switch 4050 User Guide Managing RADIUS authentication servers using the CLITo c

494 Chapter 10 Configuring system settings320818-A The RADIUS Authentication Servers menu includes the following options:/cfg/sys/adm/auth/serversfoll

Chapter 10 Configuring system settings 495Nortel Secure Network Access Switch 4050 User Guide Configuring the cluster using the SREMTo configure the c

496 Chapter 10 Configuring system settings320818-A Configuring system settings using the SREMTo view and configure cluster-wide system settings, perfo

Chapter 10 Configuring system settings 497Nortel Secure Network Access Switch 4050 User Guide 2 Enter the Management IP Address (MIP) information in t

498 Chapter 10 Configuring system settings320818-A Viewing host informationTo display a list of available Nortel SNAS 4050 hosts, select the System &g

Chapter 10 Configuring system settings 499Nortel Secure Network Access Switch 4050 User Guide Viewing and configuring TCP/IP propertiesTo configure ba

5Nortel Secure Network Access Switch 4050 User Guide ContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50 Chapter 2 Initial setup320818-A Before you beginBefore you can set up the Nortel SNAS 4050, you must complete the following tasks:1 Plan the networ

500 Chapter 10 Configuring system settings320818-A 2 Enter the host information in the applicable fields. Table 96 describes the Host fields.3 Click A

Chapter 10 Configuring system settings 501Nortel Secure Network Access Switch 4050 User Guide Additionally, new licenses can be added to a particular

502 Chapter 10 Configuring system settings320818-A Table 97 describes the Global Licenses fields.2 Modify the Auto Refresh and Logging settings, if de

Chapter 10 Configuring system settings 503Nortel Secure Network Access Switch 4050 User Guide Viewing per domain licenses for all hostsTo view license

504 Chapter 10 Configuring system settings320818-A Table 98 describes the Per Domain Licenses fields.2 Modify the Auto Refresh and Logging settings, i

Chapter 10 Configuring system settings 505Nortel Secure Network Access Switch 4050 User Guide Viewing installed licenses for a particular hostTo view

506 Chapter 10 Configuring system settings320818-A Installing a license for a particular hostThe Nortel SNA SSL (portal and Nortel SNAS 4050 domain cl

Chapter 10 Configuring system settings 507Nortel Secure Network Access Switch 4050 User Guide 3 In the SREM, select the System > Hosts > host &g

508 Chapter 10 Configuring system settings320818-A Configuring host interfaces using the SREMThe default IP interface on the Nortel SNAS 4050 host is

Chapter 10 Configuring system settings 509Nortel Secure Network Access Switch 4050 User Guide • “Removing a host interface” on page 514Adding a host i

Chapter 2 Initial setup 51Nortel Secure Network Access Switch 4050 User Guide 4 Establish a console connection to the Nortel SNAS 4050 (see “Establish

510 Chapter 10 Configuring system settings320818-A 4 Click Apply.The new interface appears in the Interfaces table.Gateway Sets the default gateway ad

Chapter 10 Configuring system settings 511Nortel Secure Network Access Switch 4050 User Guide 5 Click Apply on the toolbar to send the current changes

512 Chapter 10 Configuring system settings320818-A 2 Enter the interface information in the applicable fields. Table 100 describes the Interface confi

Chapter 10 Configuring system settings 513Nortel Secure Network Access Switch 4050 User Guide 3 Click Apply on the toolbar to send the current changes

514 Chapter 10 Configuring system settings320818-A Removing a host interfaceTo delete a host interface, perform the following steps:1 Select the Syste

Chapter 10 Configuring system settings 515Nortel Secure Network Access Switch 4050 User Guide Viewing static routes for a clusterTo configure static r

516 Chapter 10 Configuring system settings320818-A Viewing static routes for a hostTo configure static routes for a host, select the System > Hosts

Chapter 10 Configuring system settings 517Nortel Secure Network Access Switch 4050 User Guide Viewing static routes for an interfaceTo configure stati

518 Chapter 10 Configuring system settings320818-A From the selected static route screen, complete the following tasks as necessary:• “Adding a static

Chapter 10 Configuring system settings 519Nortel Secure Network Access Switch 4050 User Guide 4 Click Add.The new route appears in the table.5 Click A

52 Chapter 2 Initial setup320818-A Real IP addressThe Real IP address (RIP) is the Nortel SNAS 4050 device host IP address for network connectivity. T

520 Chapter 10 Configuring system settings320818-A Configuring host ports using the SREMTo configure the connection properties for a port, perform the

Chapter 10 Configuring system settings 521Nortel Secure Network Access Switch 4050 User Guide 2 Select a port to configure from the list.The Port scre

522 Chapter 10 Configuring system settings320818-A 3 Enter the port information in the applicable fields. Table 102 describes the Port fields.4 Click

Chapter 10 Configuring system settings 523Nortel Secure Network Access Switch 4050 User Guide Managing interface ports using the SREMTo view and manag

524 Chapter 10 Configuring system settings320818-A Adding interface portsTo add ports to the selected interface, perform the following steps:1 Select

Chapter 10 Configuring system settings 525Nortel Secure Network Access Switch 4050 User Guide The port is removed from the Port Table.5 Click Apply on

526 Chapter 10 Configuring system settings320818-A The Access List Table appears (see Figure 143).Figure 143 Access ListFrom here, you can manage th

Chapter 10 Configuring system settings 527Nortel Secure Network Access Switch 4050 User Guide The Add Access Host dialog box appears (see Figure 144).

528 Chapter 10 Configuring system settings320818-A 4 Click Yes.The entry disappears from the Access List Table.5 Click Apply on the toolbar to send th

Chapter 10 Configuring system settings 529Nortel Secure Network Access Switch 4050 User Guide You can add NTP servers to the system configuration to e

Chapter 2 Initial setup 53Nortel Secure Network Access Switch 4050 User Guide The Setup Menu displays.2 Select the option for a new installation.3 Spe

530 Chapter 10 Configuring system settings320818-A Adding an NTP serverTo add an additional NTP server, perform the following steps:1 Select the Syste

Chapter 10 Configuring system settings 531Nortel Secure Network Access Switch 4050 User Guide Removing an NTP serverTo remove an existing NTP server f

532 Chapter 10 Configuring system settings320818-A Configuring DNS settings using the SREMTo configure DNS client settings, use the following procedur

Chapter 10 Configuring system settings 533Nortel Secure Network Access Switch 4050 User Guide 2 Enter the DNS Client information in the applicable fie

534 Chapter 10 Configuring system settings320818-A Configuring servers using the SREMTo configure servers, choose from one of the following tasks:• “M

Chapter 10 Configuring system settings 535Nortel Secure Network Access Switch 4050 User Guide From this screen, complete the following tasks as necess

536 Chapter 10 Configuring system settings320818-A 5 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on t

Chapter 10 Configuring system settings 537Nortel Secure Network Access Switch 4050 User Guide Managing DNS serversYou can add up to three DNS servers

538 Chapter 10 Configuring system settings320818-A Adding a DNS serverTo manage DNS servers in the system configuration, perform the following steps:1

Chapter 10 Configuring system settings 539Nortel Secure Network Access Switch 4050 User Guide Removing an existing DNS serverTo remove a DNS server fr

54 Chapter 2 Initial setup320818-A In a two-armed configuration, you are specifying the port you want to use for Nortel SNAS 4050 management traffic.4

540 Chapter 10 Configuring system settings320818-A Managing RSA serversTo manage RSA servers, select the System > Servers > RSA Server Table tab

Chapter 10 Configuring system settings 541Nortel Secure Network Access Switch 4050 User Guide • “Removing the RSA node secret” on page 542• “Importing

542 Chapter 10 Configuring system settings320818-A Removing an existing RSA serverTo remove an existing RSA server, perform the following steps.1 Sele

Chapter 10 Configuring system settings 543Nortel Secure Network Access Switch 4050 User Guide 3 Select the RSA Server sub-tab.The RSA Server screen ap

544 Chapter 10 Configuring system settings320818-A 4 Click Remove Secret Node.The RSA node secret is immediately removed.5 Click Apply on the toolbar

Chapter 10 Configuring system settings 545Nortel Secure Network Access Switch 4050 User Guide 3 Select the Import sdconf.rec tab.The Import sdconf.rec

546 Chapter 10 Configuring system settings320818-A 4 Enter the importing information in the applicable fields. Table 112 describes the Import sdconf.r

Chapter 10 Configuring system settings 547Nortel Secure Network Access Switch 4050 User Guide Configuring SRS control settings using the SREMTo create

548 Chapter 10 Configuring system settings320818-A 2 Enter the SRS Control information in the applicable fields. Table 115 describes the SRS Control S

Chapter 10 Configuring system settings 549Nortel Secure Network Access Switch 4050 User Guide • “Showing SSH keys” on page 549• “Managing Nortel SNAS

Chapter 2 Initial setup 55Nortel Secure Network Access Switch 4050 User Guide 7 Specify whether you are setting up a one-armed or a two-armed configur

550 Chapter 10 Configuring system settings320818-A • RSA and DSA keys — the SECSH Public Key File Format, as described in Internet Draft draft-ietf-se

Chapter 10 Configuring system settings 551Nortel Secure Network Access Switch 4050 User Guide Managing Nortel SNAS 4050 and known host SSH keysYou can

552 Chapter 10 Configuring system settings320818-A 2 To generate the Nortel SNAS 4050 host SSH key:a Enter the host information in applicable fields.

Chapter 10 Configuring system settings 553Nortel Secure Network Access Switch 4050 User Guide Adding an SSH key for a known host using the SREMYou can

554 Chapter 10 Configuring system settings320818-A 2 Enter the remote host information in the applicable fields. Table 115 describes the Add SSH Key f

Chapter 10 Configuring system settings 555Nortel Secure Network Access Switch 4050 User Guide When you add an external RADIUS audit server to the conf

556 Chapter 10 Configuring system settings320818-A Configuring RADIUS auditingTo configure the Nortel SNAS 4050 to support RADIUS auditing, choose fro

Chapter 10 Configuring system settings 557Nortel Secure Network Access Switch 4050 User Guide Configuring RADIUS audit settings using the SREMTo confi

558 Chapter 10 Configuring system settings320818-A describes the Add Audit Configuration fields.3 Click Apply on the toolbar to send the current chang

Chapter 10 Configuring system settings 559Nortel Secure Network Access Switch 4050 User Guide Managing RADIUS audit servers using the SREMTo manage RA

56 Chapter 2 Initial setup320818-A used if no other interface is specified. The default gateway IP address on Interface 2 must be within the same subn

560 Chapter 10 Configuring system settings320818-A Adding a new Audit ServerTo add a new RADIUS audit server, perform the following steps:1 Select the

Chapter 10 Configuring system settings 561Nortel Secure Network Access Switch 4050 User Guide Removing an existing RADIUS audit serverTo remove an exi

562 Chapter 10 Configuring system settings320818-A Managing RADIUS authentication of system users using the SREMYou can configure the Nortel SNAS 4050

Chapter 10 Configuring system settings 563Nortel Secure Network Access Switch 4050 User Guide Configuring RADIUS authentication of system users using

564 Chapter 10 Configuring system settings320818-A 2 Enter the RADIUS authentication information in the applicable fields. Table 118 describes the Rad

Chapter 10 Configuring system settings 565Nortel Secure Network Access Switch 4050 User Guide Managing RADIUS authentication servers using the SREMTo

566 Chapter 10 Configuring system settings320818-A Adding a RADIUS authentication serverTo add a new RADIUS authentication server, perform the followi

Chapter 10 Configuring system settings 567Nortel Secure Network Access Switch 4050 User Guide Removing an existing RADIUS serverTo remove an existing

568 Chapter 10 Configuring system settings320818-A

569Nortel Secure Network Access Switch 4050 User Guide Chapter 11 Managing certificatesThis chapter includes the following topics:Topic PageOverview57

Chapter 2 Initial setup 57Nortel Secure Network Access Switch 4050 User Guide 12 Configure the time settings.13 Specify the NTP server, if applicable.

570 Chapter 11 Managing certificates320818-A OverviewTo use the encryption capabilities of the Nortel SNAS 4050, you must add a key and certificate th

Chapter 11 Managing certificates 571Nortel Secure Network Access Switch 4050 User Guide You can install new certificates or import or renew existing c

572 Chapter 11 Managing certificates320818-A Netscape Enterprise ServerYes No Key only (proprietary format). Requires conversion. For information abou

Chapter 11 Managing certificates 573Nortel Secure Network Access Switch 4050 User Guide Creating certificatesThe basic steps to create a new certifica

574 Chapter 11 Managing certificates320818-A If you use the certificate index number of an installed certificate when adding a new certificate, the in

Chapter 11 Managing certificates 575Nortel Secure Network Access Switch 4050 User Guide The recommended steps to update an existing certificate are:1

576 Chapter 11 Managing certificates320818-A • import certificates and private keys (see “Importing certificates and keys into the Nortel SNAS 4050 us

Chapter 11 Managing certificates 577Nortel Secure Network Access Switch 4050 User Guide Managing and viewing certificates and keys using the CLITo vie

578 Chapter 11 Managing certificates320818-A gensigned server|clientGenerates a certificate that is signed using the private key associated with the c

Chapter 11 Managing certificates 579Nortel Secure Network Access Switch 4050 User Guide Generating and submitting a CSR using the CLITo prepare a CSR

58 Chapter 2 Initial setup320818-A 16 Change the admin user password, if desired.Make sure you remember the password you define for the admin user. Yo

580 Chapter 11 Managing certificates320818-A • to generate a CSR for a new certificate, <cert id> is an unused certificate number• to generate a

Chapter 11 Managing certificates 581Nortel Secure Network Access Switch 4050 User Guide 3 Generate the CSR.After you have provided the required inform

582 Chapter 11 Managing certificates320818-A Figure 166 shows sample output for the /cfg/cert #/request command. For more information about the Certif

Chapter 11 Managing certificates 583Nortel Secure Network Access Switch 4050 User Guide 5 Save the CSR to a file.a Copy the entire CSR, including the

584 Chapter 11 Managing certificates320818-A 8 The CA processes the CSR and returns a signed certificate. Create a backup copy of the certificate (see

Chapter 11 Managing certificates 585Nortel Secure Network Access Switch 4050 User Guide To verify that the current certificate number is not in use by

586 Chapter 11 Managing certificates320818-A Figure 167 shows sample output for the /cfg/cert #/cert command. For more information about the Certifica

Chapter 11 Managing certificates 587Nortel Secure Network Access Switch 4050 User Guide Adding a private key to the Nortel SNAS 4050 using the CLI1 Ac

588 Chapter 11 Managing certificates320818-A Figure 168 shows sample output for the /cfg/cert #/key command. For more information about the Certificat

Chapter 11 Managing certificates 589Nortel Secure Network Access Switch 4050 User Guide To import a certificate and private key into the Nortel SNAS 4

Chapter 2 Initial setup 59Nortel Secure Network Access Switch 4050 User Guide For example, if you entered company.com in the DNS search list, users ca

590 Chapter 11 Managing certificates320818-A 4 If the private key was not included in the certificate file, repeat step 3 on page 589 to import the ke

Chapter 11 Managing certificates 591Nortel Secure Network Access Switch 4050 User Guide Displaying or saving a certificate and key using the CLIYou ca

592 Chapter 11 Managing certificates320818-A 5 Copy the private key, certificate, or both, as required.For the private key, ensure that you include th

Chapter 11 Managing certificates 593Nortel Secure Network Access Switch 4050 User Guide Figure 170 shows sample output for the /cfg/cert #/display com

594 Chapter 11 Managing certificates320818-A Exporting a certificate and key from the Nortel SNAS 4050 using the CLIYou can export certificate files a

Chapter 11 Managing certificates 595Nortel Secure Network Access Switch 4050 User Guide Export format The key and certificate format in which you want

596 Chapter 11 Managing certificates320818-A Figure 171 shows sample output for the /cfg/cert #/export command. For more information about the Certifi

Chapter 11 Managing certificates 597Nortel Secure Network Access Switch 4050 User Guide You are prompted to enter the following parameters. The combin

598 Chapter 11 Managing certificates320818-A Viewing certificates using the SREMTo view basic information about all certificates configured for the No

Chapter 11 Managing certificates 599Nortel Secure Network Access Switch 4050 User Guide 3 Click Yes.The certificate is removed from the Certificates l

6 Contents320818-A Management IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Portal Virtual IP addres

60 Chapter 2 Initial setup320818-A The action to be performed when the TunnelGuard check fails depends on your selection in step f on page 59.Settings

600 Chapter 11 Managing certificates320818-A 5 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the too

Chapter 11 Managing certificates 601Nortel Secure Network Access Switch 4050 User Guide Generating and submitting a CSR using the SREMTo generate a CS

602 Chapter 11 Managing certificates320818-A 2 Enter the certificate information in the applicable fields.Table 125 describes the CA Request fields.Ta

Chapter 11 Managing certificates 603Nortel Secure Network Access Switch 4050 User Guide 3 Click Apply on the toolbar to send the information to the No

604 Chapter 11 Managing certificates320818-A To import a certificate and private key into the Nortel SNAS 4050, perform the following steps.1 Upload t

Chapter 11 Managing certificates 605Nortel Secure Network Access Switch 4050 User Guide 3 Enter the import information in the applicable fields. Table

606 Chapter 11 Managing certificates320818-A To display the current certificate and key or save a copy, perform the following steps:1 Select the Certi

Chapter 11 Managing certificates 607Nortel Secure Network Access Switch 4050 User Guide 2 If you want to encrypt the key, specify a password in the ap

608 Chapter 11 Managing certificates320818-A To export a certificate and key from the Nortel SNAS 4050, perform the following steps.1 Select the Certi

Chapter 11 Managing certificates 609Nortel Secure Network Access Switch 4050 User Guide 2 Enter the export information in the applicable fields. Table

Chapter 2 Initial setup 61Nortel Secure Network Access Switch 4050 User Guide The profiles determine the VLAN to which the user will be allocated. Tab

610 Chapter 11 Managing certificates320818-A 3 Click Apply on the toolbar to export the certificate.The certificate and private key are immediately ex

Chapter 11 Managing certificates 611Nortel Secure Network Access Switch 4050 User Guide The Configuration screen appears (see Figure 172).Figure 178

612 Chapter 11 Managing certificates320818-A Viewing general informationTo view basic information about a certificate on the Nortel SNAS 4050 cluster,

Chapter 11 Managing certificates 613Nortel Secure Network Access Switch 4050 User Guide The Info screen appears (see Figure 179).Figure 179 Info scr

614 Chapter 11 Managing certificates320818-A Viewing certificate subject settingsTo view subject settings for a certificate on the Nortel SNAS 4050 cl

Chapter 11 Managing certificates 615Nortel Secure Network Access Switch 4050 User Guide The Subject screen appears (see Figure 180).Figure 180 Subje

616 Chapter 11 Managing certificates320818-A Organization The registered name of the organization. The organization must own the domain name that appe

617Nortel Secure Network Access Switch 4050 User Guide Chapter 12 Configuring SNMPThis chapter includes the following topics:Topic PageConfiguring SNM

618 Chapter 12 Configuring SNMP320818-A Simple Network Management Protocol (SNMP) is a set of protocols for managing complex networks. SNMP works by s

Chapter 12 Configuring SNMP 619Nortel Secure Network Access Switch 4050 User Guide • SNMP monitors and events (see “Configuring SNMP events using the

62 Chapter 2 Initial setup320818-A Before you beginLog on to the existing Nortel SNAS 4050 device to check the software version and system settings. U

620 Chapter 12 Configuring SNMP320818-A Configuring SNMP settings using the CLITo configure SNMP management of the Nortel SNAS 4050 cluster, use the f

Chapter 12 Configuring SNMP 621Nortel Secure Network Access Switch 4050 User Guide Configuring the SNMP v2 MIB using the CLITo configure parameters in

622 Chapter 12 Configuring SNMP320818-A The SNMPv2-MIB menu includes the following options:Configuring the SNMP community using the CLITo configure th

Chapter 12 Configuring SNMP 623Nortel Secure Network Access Switch 4050 User Guide Configuring SNMPv3 users using the CLIThe Nortel SNAS 4050 manages

624 Chapter 12 Configuring SNMP320818-A • set — USM user is authorized to perform SNMP set requests (write access to the MIB). Write access automatica

Chapter 12 Configuring SNMP 625Nortel Secure Network Access Switch 4050 User Guide The SNMP User menu includes the following options:/cfg/sys/adm/snmp

626 Chapter 12 Configuring SNMP320818-A Configuring SNMP notification targets using the CLISNMP managers function as the notification targets for SNMP

Chapter 12 Configuring SNMP 627Nortel Secure Network Access Switch 4050 User Guide The Notification Target menu includes the following options:Configu

628 Chapter 12 Configuring SNMP320818-A The event menu includes the following options:/cfg/sys/adm/snmp/eventfollowed by:addmonitor [<options>]

Chapter 12 Configuring SNMP 629Nortel Secure Network Access Switch 4050 User Guide addmonitor [<options>] -t <name> <OID> <value

Chapter 2 Initial setup 63Nortel Secure Network Access Switch 4050 User Guide • To change the version on the existing NSNAS, download the desired soft

630 Chapter 12 Configuring SNMP320818-A addmonitor [<options>] -x <name> <OID> [present|absent|changed]Adds an existence monitor and

Chapter 12 Configuring SNMP 631Nortel Secure Network Access Switch 4050 User Guide Configuring SNMP settings using the SREMThis section contains infor

632 Chapter 12 Configuring SNMP320818-A Configuring SNMP using the SREMTo configure SNMP, perform the following steps:1 Select the System > Adminis

Chapter 12 Configuring SNMP 633Nortel Secure Network Access Switch 4050 User Guide 2 Enter the SNMP Configuration information in the applicable fields

634 Chapter 12 Configuring SNMP320818-A Configuring SNMP targets using the SREMSNMP managers function as the notification targets for SNMP monitoring.

Chapter 12 Configuring SNMP 635Nortel Secure Network Access Switch 4050 User Guide Adding SNMP targetsTo add an SNMP target, perform the following ste

636 Chapter 12 Configuring SNMP320818-A 2 Click Add. The Add SNMP Target dialog box appears (see Figure 183).Figure 183 Add SNMP Target

Chapter 12 Configuring SNMP 637Nortel Secure Network Access Switch 4050 User Guide 3 Enter the SNMP target information in the applicable fields. Table

638 Chapter 12 Configuring SNMP320818-A Managing SNMP targetsTo manage SNMP targets, perform the following steps:1 Select the System > Administrati

Chapter 12 Configuring SNMP 639Nortel Secure Network Access Switch 4050 User Guide 2 Modify the SNMP Target information in the applicable fields. Tabl

64 Chapter 2 Initial setup320818-A In a one-armed configuration, you are specifying the port you want to use for all network connectivity, since Inter

640 Chapter 12 Configuring SNMP320818-A A dialog box appears asking for confirmation.4 Click Yes.5 Click Apply on the toolbar to send the current chan

Chapter 12 Configuring SNMP 641Nortel Secure Network Access Switch 4050 User Guide Adding SNMPv3 usersTo add an SNMPv3 user, perform the following ste

642 Chapter 12 Configuring SNMP320818-A 2 Click Add. The Add SNMPv3 User dialog box appears (see Figure 186).Figure 186 Add SNMPv3 User

Chapter 12 Configuring SNMP 643Nortel Secure Network Access Switch 4050 User Guide 3 Enter the SNMPv3 User information in the applicable fields. Table

644 Chapter 12 Configuring SNMP320818-A 4 Click Apply. The new SNMPv3 user appears in the table.5 Click Apply on the toolbar to send the current chang

Chapter 12 Configuring SNMP 645Nortel Secure Network Access Switch 4050 User Guide 2 Modify SNMPv3 User information in the applicable fields, as requi

646 Chapter 12 Configuring SNMP320818-A 3 Click Apply on the toolbar to send the current changes to the Nortel SNAS 4050. Click Commit on the toolbar

Chapter 12 Configuring SNMP 647Nortel Secure Network Access Switch 4050 User Guide Configuring SNMP events using the SREMSNMP events can be added to m

648 Chapter 12 Configuring SNMP320818-A Adding monitor eventsTo add monitor events, perform the following steps:1 Select the System > Administrativ

Chapter 12 Configuring SNMP 649Nortel Secure Network Access Switch 4050 User Guide 2 Click Add.The Add a Monitor dialog box appears. Depending on the

Chapter 2 Initial setup 65Nortel Secure Network Access Switch 4050 User Guide 8 Configure the interface for client portal traffic (Interface 2).a Spec

650 Chapter 12 Configuring SNMP320818-A Depending on the type of monitor selected, the fields displayed on the Configuration tab will change. For desc

Chapter 12 Configuring SNMP 651Nortel Secure Network Access Switch 4050 User Guide Figure 189 Add a Monitor: BooleanFields used to add and configure

652 Chapter 12 Configuring SNMP320818-A For details on adding a Boolean monitor, see “Adding monitor events” on page 648.Threshold monitorsThreshold m

Chapter 12 Configuring SNMP 653Nortel Secure Network Access Switch 4050 User Guide Fields used to add and configure a Threshold monitor are listed in

654 Chapter 12 Configuring SNMP320818-A Existence monitorsExistence monitors check the condition of a monitored OID to see determine if it is present,

Chapter 12 Configuring SNMP 655Nortel Secure Network Access Switch 4050 User Guide For details on adding a Existence monitor, see “Adding monitor even

656 Chapter 12 Configuring SNMP320818-A Adding notification eventsTo add notification events, perform the following steps:1 Select the System > Adm

Chapter 12 Configuring SNMP 657Nortel Secure Network Access Switch 4050 User Guide 2 Click Add. The Add a Notification Event dialog box appears (see F

658 Chapter 12 Configuring SNMP320818-A Removing notification eventsTo delete a notification event, perform the following steps:1 Select the System &g

659Nortel Secure Network Access Switch 4050 User Guide Chapter 13 Viewing system information and performance statisticsThis chapter includes the follo

66 Chapter 2 Initial setup320818-A 12 Wait while the Setup utility finishes processing. When processing is complete, you will see Setup successful.The

660 Chapter 13 Viewing system information and performance statistics320818-A Viewing system information and performance statistics using the CLITo vie

Chapter 13 Viewing system information and performance statistics 661Nortel Secure Network Access Switch 4050 User Guide Viewing system information usi

662 Chapter 13 Viewing system information and performance statistics320818-A The Information menu includes the following options:/infofollowed by:cert

Chapter 13 Viewing system information and performance statistics 663Nortel Secure Network Access Switch 4050 User Guide kick <domain ID> <use

664 Chapter 13 Viewing system information and performance statistics320818-A mac <MACaddr>Displays session information for a client based on a s

Chapter 13 Viewing system information and performance statistics 665Nortel Secure Network Access Switch 4050 User Guide localDisplays the current soft

666 Chapter 13 Viewing system information and performance statistics320818-A Viewing alarm events using the CLITo view active alarms, use the followin

Chapter 13 Viewing system information and performance statistics 667Nortel Secure Network Access Switch 4050 User Guide Viewing log files using the CL

668 Chapter 13 Viewing system information and performance statistics320818-A The CLI reports statistics for all authentication methods configured in t

Chapter 13 Viewing system information and performance statistics 669Nortel Secure Network Access Switch 4050 User Guide Figure 194 shows sample output

Chapter 2 Initial setup 67Nortel Secure Network Access Switch 4050 User Guide 3 To finish connecting the Nortel SNAS 4050 to the rest of the network,

670 Chapter 13 Viewing system information and performance statistics320818-A Viewing all statistics using the CLITo view all available statistics for

Chapter 13 Viewing system information and performance statistics 671Nortel Secure Network Access Switch 4050 User Guide The Information screen appears

672 Chapter 13 Viewing system information and performance statistics320818-A Viewing cluster information using the SREMTo view cluster information, se

Chapter 13 Viewing system information and performance statistics 673Nortel Secure Network Access Switch 4050 User Guide Viewing the controller list us

674 Chapter 13 Viewing system information and performance statistics320818-A Table 143 describes the Controller List fields. Table 143 Controller Li

Chapter 13 Viewing system information and performance statistics 675Nortel Secure Network Access Switch 4050 User Guide Viewing SONMP topology informa

676 Chapter 13 Viewing system information and performance statistics320818-A Table 144 describes the SONMP State fields. Table 144 SONMP State field

Chapter 13 Viewing system information and performance statistics 677Nortel Secure Network Access Switch 4050 User Guide Viewing switch distribution us

678 Chapter 13 Viewing system information and performance statistics320818-A Table 145 describes the Switch Distribution fields. Viewing port informat

Chapter 13 Viewing system information and performance statistics 679Nortel Secure Network Access Switch 4050 User Guide To view port information, sele

68 Chapter 2 Initial setup320818-A Applying and saving the configuration using the CLIIf you have not already done so after each sequence of configura

680 Chapter 13 Viewing system information and performance statistics320818-A Viewing license information using the SREMYou can view information about

Chapter 13 Viewing system information and performance statistics 681Nortel Secure Network Access Switch 4050 User Guide Viewing global license informa

682 Chapter 13 Viewing system information and performance statistics320818-A Table 147 describes the Global Licenses fields. Table 147 Global Licens

Chapter 13 Viewing system information and performance statistics 683Nortel Secure Network Access Switch 4050 User Guide Viewing license information fo

684 Chapter 13 Viewing system information and performance statistics320818-A Table 148 describes the Per Domain Licenses fields. Viewing session detai

Chapter 13 Viewing system information and performance statistics 685Nortel Secure Network Access Switch 4050 User Guide Viewing active sessions using

686 Chapter 13 Viewing system information and performance statistics320818-A Table 149 describes the Sessions parameters. Table 149 Sessions paramet

Chapter 13 Viewing system information and performance statistics 687Nortel Secure Network Access Switch 4050 User Guide Viewing details for a particul

688 Chapter 13 Viewing system information and performance statistics320818-A Table 150 describes the Session Properties parameters. Ending active user

Chapter 13 Viewing system information and performance statistics 689Nortel Secure Network Access Switch 4050 User Guide Figure 204 KickOut User scre

Chapter 2 Initial setup 69Nortel Secure Network Access Switch 4050 User Guide Figure 3 on page 69 shows the location of the Apply and Commit buttons.F

690 Chapter 13 Viewing system information and performance statistics320818-A Viewing the number of active sessions using the SREMTo view the number of

Chapter 13 Viewing system information and performance statistics 691Nortel Secure Network Access Switch 4050 User Guide Viewing alarms using the SREMY

692 Chapter 13 Viewing system information and performance statistics320818-A Viewing active alarms using the SREMTo view the active alarms for the Nor

Chapter 13 Viewing system information and performance statistics 693Nortel Secure Network Access Switch 4050 User Guide Table 153 describes the Active

694 Chapter 13 Viewing system information and performance statistics320818-A Downloading alarms using the SREMTo download an alarm as a logged event,

Chapter 13 Viewing system information and performance statistics 695Nortel Secure Network Access Switch 4050 User Guide Table 154 describes the Downlo

696 Chapter 13 Viewing system information and performance statistics320818-A Viewing the log list using the SREMTo view a list of all active logs, sel

Chapter 13 Viewing system information and performance statistics 697Nortel Secure Network Access Switch 4050 User Guide Downloading log files using th

698 Chapter 13 Viewing system information and performance statistics320818-A Viewing AAA statistics using the SREMYou can view authentication statisti

Chapter 13 Viewing system information and performance statistics 699Nortel Secure Network Access Switch 4050 User Guide Viewing AAA statistics for a h

Contents 7Nortel Secure Network Access Switch 4050 User Guide Mapping VLANs by domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 Chapter 2 Initial setup320818-A

700 Chapter 13 Viewing system information and performance statistics320818-A b Expand the Statistics > AAA > Host Statistics > host navigatio

Chapter 13 Viewing system information and performance statistics 701Nortel Secure Network Access Switch 4050 User Guide Viewing License statisticsTo v

702 Chapter 13 Viewing system information and performance statistics320818-A Viewing RADIUS statisticsTo view RADIUS statistics, select the Radius tab

Chapter 13 Viewing system information and performance statistics 703Nortel Secure Network Access Switch 4050 User Guide For a description of the field

704 Chapter 13 Viewing system information and performance statistics320818-A Viewing Local database statisticsTo view Local database statistics, selec

Chapter 13 Viewing system information and performance statistics 705Nortel Secure Network Access Switch 4050 User Guide Viewing LDAP statisticsTo view

706 Chapter 13 Viewing system information and performance statistics320818-A For a description of the fields, seeTable 159.Table 159 LDAP statistics

Chapter 13 Viewing system information and performance statistics 707Nortel Secure Network Access Switch 4050 User Guide Viewing AAA statistics for the

708 Chapter 13 Viewing system information and performance statistics320818-A •LDAPSelect one of the following tasks:• Viewing License statistics (see

Chapter 13 Viewing system information and performance statistics 709Nortel Secure Network Access Switch 4050 User Guide Viewing License statisticsTo v

71Nortel Secure Network Access Switch 4050 User Guide Chapter 3 Managing the network access devicesThis chapter includes the following topics:Topic Pa

710 Chapter 13 Viewing system information and performance statistics320818-A Logging Enables or disables statistics logging in the specified location.

Chapter 13 Viewing system information and performance statistics 711Nortel Secure Network Access Switch 4050 User Guide Viewing RADIUS statisticsTo vi

712 Chapter 13 Viewing system information and performance statistics320818-A Logging Enables or disables statistics logging in the specified location.

Chapter 13 Viewing system information and performance statistics 713Nortel Secure Network Access Switch 4050 User Guide Viewing Local database statist

714 Chapter 13 Viewing system information and performance statistics320818-A Logging Enables or disables statistics logging in the specified location.

Chapter 13 Viewing system information and performance statistics 715Nortel Secure Network Access Switch 4050 User Guide Viewing LDAP statisticsTo view

716 Chapter 13 Viewing system information and performance statistics320818-A Viewing Ethernet statistics using the SREMYou can view statistics for the

Chapter 13 Viewing system information and performance statistics 717Nortel Secure Network Access Switch 4050 User Guide To view Ethernet interface sta

718 Chapter 13 Viewing system information and performance statistics320818-A Viewing Rx statisticsTo view Rx statistics for an interface, select the R

Chapter 13 Viewing system information and performance statistics 719Nortel Secure Network Access Switch 4050 User Guide Logging Enables or disables st

72 Chapter 3 Managing the network access devices320818-A Before you beginIn Trusted Computing Group (TCG) terminology, the edge switches in a Nortel S

720 Chapter 13 Viewing system information and performance statistics320818-A Viewing Tx statisticsTo view Tx statistics for an interface, select Tx St

Chapter 13 Viewing system information and performance statistics 721Nortel Secure Network Access Switch 4050 User Guide Logging Enables or disables st

722 Chapter 13 Viewing system information and performance statistics320818-A

723Nortel Secure Network Access Switch 4050 User Guide Chapter 14 Maintaining and managing the systemThis chapter includes the following topics:Topic

724 Chapter 14 Maintaining and managing the system320818-A You can perform the following activities to manage and maintain the system and individual N

Chapter 14 Maintaining and managing the system 725Nortel Secure Network Access Switch 4050 User Guide To manage software versions and Nortel SNAS 4050

726 Chapter 14 Maintaining and managing the system320818-A Performing maintenance using the CLITo check the applied configuration and to download log

Chapter 14 Maintaining and managing the system 727Nortel Secure Network Access Switch 4050 User Guide The Maintenance menu includes the following opti

728 Chapter 14 Maintaining and managing the system320818-A dumpstats <protocol> <server> <filename> <all-isds?>Collects curren

Chapter 14 Maintaining and managing the system 729Nortel Secure Network Access Switch 4050 User Guide starttrace <tags> <domain ID> <ou

Chapter 3 Managing the network access devices 73Nortel Secure Network Access Switch 4050 User Guide You require the following information for each net

730 Chapter 14 Maintaining and managing the system320818-A Backing up or restoring the configuration using the CLITo save the system configuration to

Chapter 14 Maintaining and managing the system 731Nortel Secure Network Access Switch 4050 User Guide Table 166 provides more information about the ba

732 Chapter 14 Maintaining and managing the system320818-A gtcfg <protocol> <server> <filename> <passphrase>Restores a configu

Chapter 14 Maintaining and managing the system 733Nortel Secure Network Access Switch 4050 User Guide Managing Nortel SNAS 4050 devices using the CLIT

734 Chapter 14 Maintaining and managing the system320818-A Managing software for a Nortel SNAS 4050 device using the CLITo view, download, and activat

Chapter 14 Maintaining and managing the system 735Nortel Secure Network Access Switch 4050 User Guide The Software Management menu includes the follow

736 Chapter 14 Maintaining and managing the system320818-A Managing and maintaining the system using the SREMPerforming maintenance using the SREMTo p

Chapter 14 Maintaining and managing the system 737Nortel Secure Network Access Switch 4050 User Guide • “Backing up or restoring the configuration usi

738 Chapter 14 Maintaining and managing the system320818-A 2 Enter the Dump information in the applicable fields. Table 167 describes the Dump fields.

Chapter 14 Maintaining and managing the system 739Nortel Secure Network Access Switch 4050 User Guide To start or stop a trace, perform the following

74 Chapter 3 Managing the network access devices320818-A resetenadisdelete/cfg/domain #/vlan add <name> <VLAN ID>del <index>list/cfg

740 Chapter 14 Maintaining and managing the system320818-A 2 Enter the Trace information in the applicable fields. Table 168 describes the Start/Stop

Chapter 14 Maintaining and managing the system 741Nortel Secure Network Access Switch 4050 User Guide Checking configuration using the SREMYou can che

742 Chapter 14 Maintaining and managing the system320818-A Backing up or restoring the configuration using the SREMYou can save the current configurat

Chapter 14 Maintaining and managing the system 743Nortel Secure Network Access Switch 4050 User Guide 2 Enter the Backup/Restore information in the ap

744 Chapter 14 Maintaining and managing the system320818-A • “Rebooting or deleting a Nortel SNAS 4050 device using the SREM” on page 750Managing soft

Chapter 14 Maintaining and managing the system 745Nortel Secure Network Access Switch 4050 User Guide Table 170 describes the Image List fields.The fo

746 Chapter 14 Maintaining and managing the system320818-A Viewing details of the active software imageTo view the details of the currently active sof

Chapter 14 Maintaining and managing the system 747Nortel Secure Network Access Switch 4050 User Guide Activating a software imageTo activate an old or

748 Chapter 14 Maintaining and managing the system320818-A 4 When prompted, click Yes.The Nortel SNAS 4050 reboots when you confirm the Activate comma

Chapter 14 Maintaining and managing the system 749Nortel Secure Network Access Switch 4050 User Guide To download an image from a file exchange server

Chapter 3 Managing the network access devices 75Nortel Secure Network Access Switch 4050 User Guide Adding a network access device using the CLIYou ca

750 Chapter 14 Maintaining and managing the system320818-A 2 Enter the Download Image information in the applicable fields. Table 171 describes the Do

Chapter 14 Maintaining and managing the system 751Nortel Secure Network Access Switch 4050 User Guide To reboot, shut down, or reset the Nortel SNAS 4

752 Chapter 14 Maintaining and managing the system320818-A The command resets the device to its factory default configuration. All IP configuration is

Chapter 14 Maintaining and managing the system 753Nortel Secure Network Access Switch 4050 User Guide The File Download screen appears (see Figure 232

754 Chapter 14 Maintaining and managing the system320818-A Running Nortel SNAS 4050 diagnostics using the SREMTo run basic diagnostics on the Nortel S

Chapter 14 Maintaining and managing the system 755Nortel Secure Network Access Switch 4050 User Guide Table 173 describes the Diagnostics fields. Tabl

756 Chapter 14 Maintaining and managing the system320818-A

757Nortel Secure Network Access Switch 4050 User Guide Chapter 15 Upgrading or reinstalling the softwareThis chapter includes the following topics:The

758 Chapter 15 Upgrading or reinstalling the software320818-A Major release upgrade: This kind of release may contain bug fixes as well as feature enh

Chapter 15 Upgrading or reinstalling the software 759Nortel Secure Network Access Switch 4050 User Guide The set of installed Nortel SNAS 4050 devices

76 Chapter 3 Managing the network access devices320818-A 4 Specify the TCP port for communication between the Nortel SNAS 4050 and the network access

760 Chapter 15 Upgrading or reinstalling the software320818-A If needed, the file name can be prefixed with a search path to the directory on the TFTP

Chapter 15 Upgrading or reinstalling the software 761Nortel Secure Network Access Switch 4050 User Guide When you have downloaded the software upgrade

762 Chapter 15 Upgrading or reinstalling the software320818-A 5 At the Software Management# prompt, enter:6 Log in again and verify the new software v

Chapter 15 Upgrading or reinstalling the software 763Nortel Secure Network Access Switch 4050 User Guide Reinstalling the softwareIf you are adding a

764 Chapter 15 Upgrading or reinstalling the software320818-A • authorization to log on as the boot userIf a software CD was shipped with the Nortel S

Chapter 15 Upgrading or reinstalling the software 765Nortel Secure Network Access Switch 4050 User Guide Reinstalling the software from an external fi

766 Chapter 15 Upgrading or reinstalling the software320818-A e Specify the default gateway IP address. 3 Specify the download details:a protocol for

Chapter 15 Upgrading or reinstalling the software 767Nortel Secure Network Access Switch 4050 User Guide Reinstalling the software from a CDTo reinsta

768 Chapter 15 Upgrading or reinstalling the software320818-A

769Nortel Secure Network Access Switch 4050 User Guide Chapter 16 The Command Line InterfaceThis chapter explains how to access the Nortel SNAS 4050 t

Chapter 3 Managing the network access devices 77Nortel Secure Network Access Switch 4050 User Guide d To continue, go to step 7 on page 77.7 Specify t

770 Chapter 16 The Command Line Interface320818-A When using a Telnet or SSH client to connect to a cluster of Nortel SNAS 4050 devices, always connec

Chapter 16 The Command Line Interface 771Nortel Secure Network Access Switch 4050 User Guide RequirementsTo establish a console connection with the No

772 Chapter 16 The Command Line Interface320818-A Establishing a Telnet connectionA Telnet connection offers the convenience of accessing the Nortel S

Chapter 16 The Command Line Interface 773Nortel Secure Network Access Switch 4050 User Guide Running TelnetOnce the IP parameters on the Nortel SNAS 4

774 Chapter 16 The Command Line Interface320818-A Running an SSH clientConnecting to the Nortel SNAS 4050 using an SSH client is similar to connecting

Chapter 16 The Command Line Interface 775Nortel Secure Network Access Switch 4050 User Guide Accessing the Nortel SNAS 4050 clusterTo enable better No

776 Chapter 16 The Command Line Interface320818-A Access to the Nortel SNAS 4050 CLI and settings is controlled through the use of four predefined use

Chapter 16 The Command Line Interface 777Nortel Secure Network Access Switch 4050 User Guide CLI Main Menu or SetupOnce the Administrator user passwor

778 Chapter 16 The Command Line Interface320818-A If you are automatically disconnected after the specified idle timeout interval, any unapplied confi

779Nortel Secure Network Access Switch 4050 User Guide Chapter 17 Configuration exampleThis chapter provides an example of a basic Nortel SNA configur

78 Chapter 3 Managing the network access devices320818-A Manually adding a switchTo add a network access device and configure it manually, use the fol

780 Chapter 17 Configuration example320818-A Figure 235 Basic configurationTable 176 summarizes the devices connected in this environment and their

Chapter 17 Configuration example 781Nortel Secure Network Access Switch 4050 User Guide Table 177 summarizes the VLANs for the Ethernet Routing Switch

782 Chapter 17 Configuration example320818-A Steps1 “Configure the network DNS server” on page 7822 “Configure the network DHCP server” on page 7833 “

Chapter 17 Configuration example 783Nortel Secure Network Access Switch 4050 User Guide Configure the network DHCP serverTo configure a DHCP scope usi

784 Chapter 17 Configuration example320818-A 4 Enter a descriptive name to identify the new scope (see Figure 238).In this example, you are creating a

Chapter 17 Configuration example 785Nortel Secure Network Access Switch 4050 User Guide 5 Specify the IP address range for the DHCP scope (see Figure

786 Chapter 17 Configuration example320818-A 6 Select the Yes, I want to configure these options now option button on the Configure DHCP Options windo

Chapter 17 Configuration example 787Nortel Secure Network Access Switch 4050 User Guide 7 Enter the IP address of the default gateway (see Figure 241)

788 Chapter 17 Configuration example320818-A 8 Enter the IP address of the DNS server (see Figure 242).Figure 242 Specifying the DNS server9 Repeat

Chapter 17 Configuration example 789Nortel Secure Network Access Switch 4050 User Guide Figure 243 shows the DHCP scopes created for use in this examp

Chapter 3 Managing the network access devices 79Nortel Secure Network Access Switch 4050 User Guide Figure 4 Adding a switch manuallyDeleting a netw

790 Chapter 17 Configuration example320818-A 2 Assign the VLAN port members.Since the edge switches in this example are operating in Layer 2 mode, ena

Chapter 17 Configuration example 791Nortel Secure Network Access Switch 4050 User Guide 7 “Configuring the NSNA ports” on page 7928 “Enabling NSNA glo

792 Chapter 17 Configuration example320818-A Configuring the NSNA uplink filterPassport-8310:6# config filter acl 100 create ip acl-name "dhcp&qu

Chapter 17 Configuration example 793Nortel Secure Network Access Switch 4050 User Guide Configure the Ethernet Routing Switch 5510The following config

794 Chapter 17 Configuration example320818-A Configuring SSHIn this example, the assumption is that the Nortel SNAS 4050 public key has already been u

Chapter 17 Configuration example 795Nortel Secure Network Access Switch 4050 User Guide Configuring the login domain controller filters5510-48T(config

796 Chapter 17 Configuration example320818-A 3 “Adding the network access devices” on page 7984 “Mapping the VLANs” on page 8005 “Enabling the network

Chapter 17 Configuration example 797Nortel Secure Network Access Switch 4050 User Guide Enter a password for the "admin" user: Re-enter to c

798 Chapter 17 Configuration example320818-A Generate and activate the SSH key for communication with the network access devices:>> Main# cfg/do

Chapter 17 Configuration example 799Nortel Secure Network Access Switch 4050 User Guide Adding the Ethernet Routing Switch 8300Add the switch manually

8 Contents320818-A Configuring domain parameters using the SREM . . . . . . . . . . . . . . . . . . . . . . . . 164Additional domain configuration in

80 Chapter 3 Managing the network access devices320818-A The delete command removes the current switch from the control of the Nortel SNAS 4050 cluste

800 Chapter 17 Configuration example320818-A Adding the Ethernet Routing Switch 5510Use the quick switch wizard:>> Main# cfg/domain 1/quickEnter

Chapter 17 Configuration example 801Nortel Secure Network Access Switch 4050 User Guide >> Domain Vlan# applyChanges applied successfully.Enabli

802 Chapter 17 Configuration example320818-A

803Nortel Secure Network Access Switch 4050 User Guide Appendix ACLI referenceThe command line interface (CLI) allows you to view system information a

804 Appendix A CLI reference320818-A Using the CLICLI commands are grouped into a series of menus and submenus (see “CLI Main Menu” on page 812). Each

Appendix A CLI reference 805Nortel Secure Network Access Switch 4050 User Guide pasteRestores a saved configuration that includes private keys. TIP: B

806 Appendix A CLI reference320818-A Command line history and editingYou can use the CLI to retrieve and modify commands entered previously. Table 180

Appendix A CLI reference 807Nortel Secure Network Access Switch 4050 User Guide CLI shortcutsYou can use the following CLI command shortcuts:• “Comman

808 Appendix A CLI reference320818-A You can also use command stacking to proceed one or more levels in the menu system, and go directly to another su

Appendix A CLI reference 809Nortel Secure Network Access Switch 4050 User Guide • To display the active menu:— Ensure that the command line is blank.—

Chapter 3 Managing the network access devices 81Nortel Secure Network Access Switch 4050 User Guide The Switch menu includes the following options:/cf

810 Appendix A CLI reference320818-A If you use the cur command without the sys submenu argument, information related to the Configuration menu and al

Appendix A CLI reference 811Nortel Secure Network Access Switch 4050 User Guide • 255.255.255.0 it can also be expressed as 24• 255.255.255.255 it can

812 Appendix A CLI reference320818-A CLI Main MenuThe Main menu appears after a successful connection and login. Figure 244 represents the Main menu a

Appendix A CLI reference 813Nortel Secure Network Access Switch 4050 User Guide • Maintenance — used for sending technical support information to an e

814 Appendix A CLI reference320818-A Information menuThe Information menu contains commands used to display current information about the Nortel SNAS

Appendix A CLI reference 815Nortel Secure Network Access Switch 4050 User Guide Statistics menuThe Statistics menu contains commands used to view stat

816 Appendix A CLI reference320818-A Configuration menuThe Configuration menu contains commands used to configure the Nortel SNAS 4050. Table 184 list

Appendix A CLI reference 817Nortel Secure Network Access Switch 4050 User Guide /cfg/domain <domain ID>name <name>pvips <IPaddr>aaas

818 Appendix A CLI reference320818-A /cfg/domain #/aaa/auth #/ldapserverssearchbase <DN>groupattr <names>userattr <names>isdbinddn &

Appendix A CLI reference 819Nortel Secure Network Access Switch 4050 User Guide /cfg/domain #/aaa/auth #/localadd <user name> <password> &

82 Chapter 3 Managing the network access devices320818-A Mapping the VLANs using the CLIThe VLANs are configured on the network access devices. You sp

820 Appendix A CLI reference320818-A /cfg/domain #/aaa/auth #/radius/sessiontimvendorid <vendor ID>vendortype <vendor type>enadisConfigure