BenutzerhandbuchInhaltsverzeichnisNortel Secure Network Access Switch 4050 User Guide1Contents5Preface25Before you begin26Text conventions27Related information28Publications28Online29How to get help29Overview31The Nortel SNA solution31Elements of the NSNA solution32Supported users32Role of the Nortel SNAS 405033Nortel SNAS 4050 clusters39One-armed and two-armed configurations40Nortel SNA configuration and management tools42Nortel SNAS 4050 configuration roadmap43Initial setup49Before you begin50About the IP addresses51Initial setup52Setting up a single Nortel SNAS 4050 device or the first in a cluster52Adding a Nortel SNAS 4050 device to a cluster61Next steps66Applying and saving the configuration67Applying and saving the configuration using the CLI68Applying and saving the configuration using the SREM68Managing the network access devices71Before you begin72Managing network access devices using the CLI73Roadmap of domain commands73Adding a network access device using the CLI75Deleting a network access device using the CLI79Configuring the network access devices using the CLI80Mapping the VLANs using the CLI82Managing SSH keys using the CLI84Monitoring switch health using the CLI89Controlling communication with the network access devices using the CLI90Managing network access devices using the SREM91Adding a network access device using the SREM91Deleting a network access device using the SREM93Configuring the network access devices using the SREM93Mapping the VLANs using the SREM96Managing SSH keys using the SREM102Monitoring switch health using the SREM111Viewing a connected client list using the SREM113Controlling communication with the network access devices using the SREM115Configuring the domain117Configuring the domain using the CLI118Roadmap of domain commands119Creating a domain using the CLI121Deleting a domain using the CLI129Configuring domain parameters using the CLI130Configuring the TunnelGuard check using the CLI132Configuring the SSL server using the CLI135Configuring HTTP redirect using the CLI144Configuring advanced settings using the CLI145Configuring RADIUS accounting using the CLI146Configuring the domain using the SREM150Creating a domain using the SREM151Deleting a domain using the SREM163Configuring domain parameters using the SREM164Configuring the TunnelGuard check using the SREM168Configuring the SSL server using the SREM174Configuring HTTP redirect using the SREM181Configuring RADIUS accounting using the SREM183Configuring groups and profiles191Overview192Groups192Linksets194TunnelGuard SRS rule194Extended profiles195Before you begin196Configuring groups and extended profiles using the CLI196Roadmap of group and profile commands197Configuring groups using the CLI198Configuring client filters using the CLI201Configuring extended profiles using the CLI203Mapping linksets to a group or profile using the CLI206Creating a default group using the CLI208Configuring groups and extended profiles using the SREM208Configuring groups using the SREM208Configuring client filters using the SREM213Configuring extended profiles using the SREM219Mapping linksets to a group or profile using the SREM223Creating a default group using the SREM230Configuring authentication233Overview234Before you begin235Configuring authentication using the CLI236Roadmap of authentication commands237Configuring authentication methods using the CLI239Configuring advanced settings using the CLI241Configuring RADIUS authentication using the CLI242Configuring LDAP authentication using the CLI249Configuring local database authentication using the CLI261Specifying authentication fallback order using the CLI267Configuring authentication using the SREM269Configuring authentication methods using the SREM270Configuring RADIUS authentication using the SREM271Configuring LDAP authentication using the SREM282Configuring local database authentication using the SREM298Specifying authentication fallback order using the SREM314Saving authentication settings316TunnelGuard SRS Builder317Configuring SRS rules318The TunnelGuard user interface318Menu commands319SRS definition toolbar322Software Definition - Available SRS list323SRS Components table323Memory snapshot325TunnelGuard Rule Definition screen325Managing TunnelGuard rules and expressions327Creating a software definition327Adding entries to a software definition328Creating logical expressions333Registry-based rules338Manually creating SRS entries343File age check347Adding comments348Deleting SRS rules and their components349TunnelGuard support for API calls351Making API calls351Managing system users and groups353User rights and group membership354Managing system users and groups using the CLI355Roadmap of system user management commands355Managing user accounts and passwords using the CLI356Managing user settings using the CLI358Managing user groups using the CLI359CLI configuration examples360Managing system users and groups using the SREM370Managing user accounts using the SREM370Setting password expiry using the SREM374Changing your password using the SREM376Changing another user’s password using the SREM377Setting the certificate export passphrase using the SREM379Managing user groups using the SREM381Customizing the portal and user logon385Overview386Captive portal and Exclude List386Portal display389Managing the end user experience397Customizing the portal and logon using the CLI398Roadmap of portal and logon configuration commands398Configuring the captive portal using the CLI401Configuring the Exclude List using the CLI401Changing the portal language using the CLI402Configuring the portal display using the CLI406Changing the portal colors using the CLI409Configuring custom content using the CLI410Configuring linksets using the CLI412Configuring links using the CLI414Customizing the portal and logon using the SREM417Configuring the captive portal using the SREM417Changing the portal language using the SREM420Configuring the portal display using the SREM426Changing the portal colors using the SREM432Configuring custom content using the SREM434Configuring linksets using the SREM440Configuring links using the SREM445Configuring system settings457Configuring the cluster using the CLI459Roadmap of system commands460Configuring system settings using the CLI464Configuring the Nortel SNAS 4050 host using the CLI465Configuring host interfaces using the CLI469Configuring static routes using the CLI471Configuring host ports using the CLI472Managing interface ports using the CLI473Configuring the Access List using the CLI474Configuring date and time settings using the CLI475Configuring DNS servers and settings using the CLI477Configuring RSA servers using the CLI480Configuring syslog servers using the CLI481Configuring administrative settings using the CLI483Enabling TunnelGuard SRS administration using the CLI485Configuring Nortel SNAS 4050 host SSH keys using the CLI485Configuring RADIUS auditing using the CLI488Configuring authentication of system users using the CLI492Configuring the cluster using the SREM495Configuring system settings using the SREM496Configuring a Nortel SNAS 4050 host using the SREM497Configuring host interfaces using the SREM508Configuring static routes using the SREM514Configuring host ports using the SREM520Managing interface ports using the SREM523Configuring the access list using the SREM525Managing date and time settings using the SREM528Configuring DNS settings using the SREM532Configuring servers using the SREM534Configuring administrative settings using the SREM546Configuring SRS control settings using the SREM547Configuring Nortel SNAS 4050 host SSH keys using the SREM548Adding an SSH key for a known host using the SREM553Managing RADIUS audit settings using the SREM554Managing RADIUS authentication of system users using the SREM562Managing certificates569Overview570Key and certificate formats571Creating certificates573Installing certificates and keys573Saving or exporting certificates and keys574Updating certificates574Managing private keys and certificates using the CLI575Roadmap of certificate management commands576Managing and viewing certificates and keys using the CLI577Generating and submitting a CSR using the CLI579Adding a certificate to the Nortel SNAS 4050 using the CLI584Adding a private key to the Nortel SNAS 4050 using the CLI587Importing certificates and keys into the Nortel SNAS 4050 using the CLI588Displaying or saving a certificate and key using the CLI591Exporting a certificate and key from the Nortel SNAS 4050 using the CLI594Generating a test certificate using the CLI596Managing private keys and certificates using the SREM597Viewing certificates using the SREM598Creating a certificate using the SREM599Generating and submitting a CSR using the SREM601Importing a certificate or key using the SREM603Displaying or saving a certificate and key using the SREM605Exporting a certificate and key from the Nortel SNAS 4050 using the SREM607Viewing certificate information using the SREM610Configuring SNMP617Configuring SNMP using the CLI618Roadmap of SNMP commands619Configuring SNMP settings using the CLI620Configuring the SNMP v2 MIB using the CLI621Configuring the SNMP community using the CLI622Configuring SNMPv3 users using the CLI623Configuring SNMP notification targets using the CLI626Configuring SNMP events using the CLI627Configuring SNMP settings using the SREM631Configuring SNMP using the SREM632Configuring SNMP targets using the SREM634Configuring SNMPv3 users using the SREM640Configuring SNMP events using the SREM647Viewing system information and performance statistics659Viewing system information and performance statistics using the CLI660Roadmap of information and statistics commands660Viewing system information using the CLI661Viewing alarm events using the CLI666Viewing log files using the CLI667Viewing AAA statistics using the CLI667Viewing all statistics using the CLI670Viewing system information and performance statistics using the SREM670Viewing local information using the SREM670Viewing cluster information using the SREM672Viewing AAA statistics using the SREM698Viewing Ethernet statistics using the SREM716Maintaining and managing the system723Managing and maintaining the system using the CLI724Roadmap of maintenance and boot commands725Performing maintenance using the CLI726Backing up or restoring the configuration using the CLI730Managing Nortel SNAS 4050 devices using the CLI733Managing software for a Nortel SNAS 4050 device using the CLI734Managing and maintaining the system using the SREM736Performing maintenance using the SREM736Backing up or restoring the configuration using the SREM742Managing Nortel SNAS 4050 devices and software using the SREM743Downloading files using the SREM752Running Nortel SNAS 4050 diagnostics using the SREM754Upgrading or reinstalling the software757Upgrading the Nortel SNAS 4050757Performing minor and major release upgrades758Activating the software upgrade package760Reinstalling the software763Before you begin763Reinstalling the software from an external file server765Reinstalling the software from a CD767The Command Line Interface769Connecting to the Nortel SNAS 4050770Establishing a console connection770Establishing a Telnet connection772Establishing a connection using SSH773Accessing the Nortel SNAS 4050 cluster775CLI Main Menu or Setup777Command line history and editing777Idle timeout777Configuration example779Scenario779Steps782Configure the network DNS server782Configure the network DHCP server783Configure the network core router789Configure the Ethernet Routing Switch 8300 using the CLI790Configure the Ethernet Routing Switch 5510793Configure the Nortel SNAS 4050795CLI reference803Using the CLI804Global commands804Command line history and editing806CLI shortcuts807Using slashes and spaces in commands810IP address and network mask formats810Variables811CLI Main Menu812CLI command reference812Information menu814Statistics menu815Configuration menu816Boot menu835Maintenance menu836Troubleshooting837Troubleshooting tips837Cannot connect to the Nortel SNAS 4050 using Telnet or SSH838Cannot add the Nortel SNAS 4050 to a cluster841Cannot contact the MIP841The Nortel SNAS 4050 stops responding843A user password is lost844A user fails to connect to the Nortel SNAS 4050 domain845Trace tools845System diagnostics847Installed certificates847Network diagnostics847Active alarms and the events log file849Error log files849Syslog messages851Syslog messages by message type851Operating system (OS) messages852System Control Process messages853Traffic Processing Subsystem messages857Start-up messages860AAA subsystem messages861NSNAS subsystem messages863Syslog messages in alphabetical order865Supported MIBs875Supported MIBs875Supported traps879Supported ciphers881Adding User Preferences attribute to Active Directory883Install All Administrative Tools (Windows 2000 Server)883Register the Schema Management dll (Windows Server 2003)883Add the Active Directory Schema Snap-in (Windows 2000 Server and Windows Server 2003)884Permit write operations to the schema (Windows 2000 Server)886Create a new attribute (Windows 2000 Server and Windows Server 2003)887Create the new class888Configuring DHCP to auto-configure IP Phones891Configuring IP Phone auto-configuration892Creating the DHCP options892Configuring the Call Server Information and VLAN Information options896Setting up the IP Phone899Using a Windows domain logon script to launch the Nortel SNAS 4050 portal901Configuring the logon script901Creating a logon script902Creating the script as a batch file902Creating the script as a VBScript file903Assigning the logon script903Software licensing information905Index911Größe: 10,5 MBSeiten: 922Language: EnglishHandbuch öffnen