- Computers & electronics
- Software
- Nortel Networks
- Nortel Secure Network Access Switch 4050
- User's manual
Maintaining and managing the system. Nortel Networks Nortel Secure Network Access Switch 4050
Add to my manuals922 Pages
advertisement
Chapter 14
Maintaining and managing the system
This chapter includes the following topics:
Topic
Managing and maintaining the system using the CLI
Roadmap of maintenance and boot commands
Performing maintenance using the CLI
Backing up or restoring the configuration using the CLI
Managing Nortel SNAS 4050 devices using the CLI
Managing software for a Nortel SNAS 4050 device using the CLI
Managing and maintaining the system using the SREM
Performing maintenance using the SREM
Backing up or restoring the configuration using the SREM
Managing Nortel SNAS 4050 devices and software using the SREM
Downloading files using the SREM
Running Nortel SNAS 4050 diagnostics using the SREM
Page
723
Nortel Secure Network Access Switch 4050 User Guide
724 Chapter 14 Maintaining and managing the system
You can perform the following activities to manage and maintain the system and individual Nortel SNAS 4050 devices:
• maintenance, in order to collect information for troubleshooting and technical
support purposes (see “Performing maintenance using the CLI” on page 726
or
“Performing maintenance using the SREM” on page 736 ):
• Dump log file or system internal status information and send it to a file exchange server.
• Check connectivity between the Nortel SNAS 4050 and all configured gateways, routers, and servers.
• Start and stop tracing to log information about a client session. You can limit the trace to specific features, such as SSL handshake; authentication method, user name, group, and profile; DNS lookups; and the
TunnelGuard check.
You can use the trace feature as a debugging tool (for example, to find out
why authentication fails). For sample CLI outputs, see “Trace tools” on page 845 .
• configuration backup and restore (see
“Backing up or restoring the configuration using the CLI” on page 730
or “Backing up or restoring the configuration using the SREM” on page 742 )
•
software and device management (see “Managing Nortel SNAS 4050 devices using the CLI” on page 733
and
“Managing software for a Nortel SNAS 4050 device using the CLI” on page 734
, or
“Managing Nortel SNAS 4050 devices and software using the SREM” on page 743 ):
• Manage software versions and activate software upgrades.
• Shut down or reboot a particular Nortel SNAS 4050 device that has become isolated from the cluster.
• Reset the configuration of a particular Nortel SNAS 4050 device back to factory defaults.
Managing and maintaining the system using the CLI
To perform maintenance activities, access the Maintenance menu by using the following command:
/maint
320818-A
Chapter 14 Maintaining and managing the system 725
To manage software versions and Nortel SNAS 4050 devices, connect to the particular Nortel SNAS 4050 device using Telnet, SSH, or a console connection.
Do not connect to the Management IP address (MIP). Access the Boot menu by using the following command:
/boot
Roadmap of maintenance and boot commands
The following roadmap lists the CLI commands to perform maintenance and software and device management activities. Use this list as a quick reference or click on any entry for more information:
Command
Parameter
/cfg/ptcfg <protocol> <server>
/cfg/gtcfg <protocol> <server>
Nortel Secure Network Access Switch 4050 User Guide
726 Chapter 14 Maintaining and managing the system
Command Parameter
Performing maintenance using the CLI
To check the applied configuration and to download log file and system status information for technical support purposes, use the following command:
/maint
The Maintenance menu displays.
320818-A
Chapter 14 Maintaining and managing the system 727
The Maintenance menu includes the following options:
/maint followed by: dumplogs <protocol>
<server> <filename>
<all-isds?>
Collects system log file information and sends it to a file on the specified file exchange server. The information can then be used for technical support purposes. You are prompted to provide the following parameters if you do not specify them in the command:
•
• protocol is the export protocol. Options are tftp|ftp|sftp.
The default is tftp .
server is the host name or IP address of the file exchange server.
•
• filename is the name of the destination log file on the file exchange server. The file is in gzip compressed tar format.
all-isds?
specifies whether the information is to be collected from all Nortel SNAS 4050 devices in the cluster or only from the device to which you are connected. Valid options are y (= yes, all) or n
(= no, single).
If you specify n (= no) and you are connected to the
MIP, information will be collected for the Nortel
SNAS 4050 device currently in control of the MIP.
• for FTP and SFTP, user name and password.
The file sent to the file exchange server does not contain any sensitive information related to the system configuration, such as private keys.
Nortel Secure Network Access Switch 4050 User Guide
728 Chapter 14 Maintaining and managing the system
/maint followed by: dumpstats <protocol>
<server> <filename>
<all-isds?> chkcfg
Collects current system internal status information and sends it to a file on the specified file exchange server.
The information can then be used for technical support purposes. You are prompted to provide the following parameters if you do not specify them in the command:
•
• protocol is the export protocol. Options are tftp|ftp|sftp.
The default is tftp .
server is the host name or IP address of the file exchange server.
•
• filename is the name of the destination file on the file exchange server. The file is in gzip compressed tar format.
all-isds?
specifies whether the information is to be collected from all Nortel SNAS 4050 devices in the cluster or only from the device to which you are connected. Valid options are y (= yes, all) or n
(= no, single).
If you specify n (= no) and you are connected to the
MIP, information will be collected for the Nortel
SNAS 4050 device currently in control of the MIP.
• for FTP and SFTP, user name and password.
Checks if the Nortel SNAS 4050 is able to contact gateways, routers, DNS servers, and authentication servers in the system configuration. The command also checks if the Nortel SNAS 4050 can connect to web servers specified in group links. The CLI displays the result of the connectivity check as well as the method used for the check (for example, ping).
The following is sample output for the chkcfg command:
Checking configuration from
192.168.128.210
Testing /cfg/sys/host 1/gateway:
192.168.128.3... ping ok
Testing /cfg/sys/dns/servers:
192.168.128.1... dns ok
Testing /cfg/vpn 1/aaa/group 1/ link 1:www.cnn.com:80... tcp ok
All tests completed successfully
320818-A
Chapter 14 Maintaining and managing the system 729
/maint followed by: starttrace <tags>
<domain ID> <output
mode> stoptrace
Logs information pertaining to a client session.
You are prompted to provide the following information:
• tags — specifies the specific features or subsystems to which you want to limit tracing. The options are: all — logs all information. The default is all.
aaa — logs authentication method, user name, group, and extended profile dns — logs failed DNS lookups made during the session ssl — logs information related to the SSL handshake procedure (for example, the cipher used)
• tg — logs information related to the TunnelGuard check (for example, TunnelGuard session status and the SRS rule check result) snas — logs operations and events of Nortel
SNA-controlled switches
Enter the desired tag or a comma-separated list of tags (for example, enter aaa or aaa,dns ). To trace all features, press Enter to accept the default.
domain ID — specifies the Nortel SNAS 4050 domain to which you want to limit tracing. The default is all. To trace all domains, enter 0 or press
Enter.
•
Note: With Nortel Secure Network Access Switch
Software Release 1.0, there is only one domain in the system.
output mode — options are: interactive — the information will be logged directly in the CLI when a client authenticates to the portal tftp|ftp|sftp — the information will be logged to a file exchange server. You are prompted to provide the server information.
For sample output from the starttrace command,
.
Stops tracing. If you selected interactive mode for the starttrace command and information has been logged to the CLI, press Enter to redisplay the CLI prompt.
Nortel Secure Network Access Switch 4050 User Guide
730 Chapter 14 Maintaining and managing the system
Backing up or restoring the configuration using the CLI
To save the system configuration to a file on a file exchange server, use the following command:
/cfg/ptcfg <protocol> <server> <filename> <passphrase>
To restore the system configuration, use the following command:
/cfg/gtcfg <protocol> <server> <filename> <passphrase>
You can also dump the system configuration to the screen and then use copy-and-paste to save it to a text file. To perform a configuration dump, use the following command:
/cfg/dump [<passphrase>]
320818-A
Chapter 14 Maintaining and managing the system 731
provides more information about the backup and restore commands on the Configuration menu.
Table 166 Configuration menu backup and restore commands
/cfg followed by: ptcfg <protocol>
<server> <filename>
<passphrase>
Saves the current configuration, including private keys and certificates, to a file on the specified file exchange server. You can later use this file to restore the configuration by using the gtcfg command. You are prompted to provide the following information:
• protocol is the export protocol. Options are tftp|ftp|scp|sftp.
The default is tftp .
•
• server is the host name or IP address of the file exchange server.
filename is the name of the destination file on the file exchange server.
• passphrase is a password phrase required to protect the private keys in the configuration. If you later restore the configuration using the gtcfg command, you will be prompted for this password phrase.
• for FTP, SCP, and SFTP, user name and password
Note: If you have fully separated the Administrator user role from the Certificate Administrator user role, the export passphrase defined by the Certificate
Administrator is used to protect the private keys in the configuration, and this is transparent to the user. If you later restore the configuration using the gtcfg command, the Certificate Administrator must enter the correct passphrase. For more information on separating the Administrator user role from the
Certificate Administrator user role, see “Adding a new user” on page 360
.
Nortel Secure Network Access Switch 4050 User Guide
732 Chapter 14 Maintaining and managing the system
Table 166 Configuration menu backup and restore commands
/cfg followed by: gtcfg <protocol>
<server> <filename>
<passphrase> dump [<passphrase>]
Restores a configuration, including private keys and certificates, from a file on the specified file exchange server. You are prompted to provide the following information:
•
• protocol is the import protocol. Options are tftp|ftp|scp|sftp.
The default is tftp .
server is the host name or IP address of the file exchange server.
•
• filename is the name of the file on the file exchange server.
passphrase is the password phrase specified when the configuration file was saved to the server using the ptcfg command.
• for FTP, SCP, and SFTP, user name and password
Note: If you have fully separated the Administrator user role from the Certificate Administrator user role, the
Certificate Administrator must enter the correct passphrase. The Certificate Administrator defined the passphrase using the /cfg/sys/user/ caphrase command (see
Dumps the current configuration on screen in a format that allows you to restore the configuration without downloading the configuration to a file server.
You are prompted to specify if you wish to include private keys in the configuration dump. If you do, then you are prompted to provide a password phrase in order to protect the private keys. The password phrase you specify applies to all private keys. If you later restore the configuration, you will be prompted for this password phrase.
Save the configuration to a text file by performing a copy-and-paste operation to a text editor. You can later restore the configuration by using the global paste command, at any command prompt in the CLI, to paste the contents of the saved text file. On pasting, the content is batch processed by the Nortel SNAS 4050.
To view the pending configuration changes resulting from the batch processing, use the diff command. To apply the configuration changes, use the apply command.
320818-A
Chapter 14 Maintaining and managing the system 733
Managing Nortel SNAS 4050 devices using the CLI
To manage Nortel SNAS 4050 software and devices, use the following command:
/boot
The Boot menu displays.
The Boot menu includes the following options:
/boot followed by: software halt
Accesses the Software Management menu, in order to view, download, and activate software versions (see
“Managing software for a Nortel SNAS 4050 device using the CLI” on page 734 ).
Stops the Nortel SNAS 4050 device to which you are connected (using Telnet, SSH, or a console connection). If you have a Telnet or SSH connection to the Management IP address (MIP), use the
/cfg/sys/host #/ halt command instead (see
).
Note: Always use the halt command before turning off the device.
Nortel Secure Network Access Switch 4050 User Guide
734 Chapter 14 Maintaining and managing the system
/boot followed by: reboot delete
Reboots the Nortel SNAS 4050 device to which you are connected (using Telnet, SSH, or a console connection). If you have a Telnet or SSH connection to the Management IP address (MIP), use the
/cfg/sys/host #/reboot command instead
(see
).
Resets the Nortel SNAS 4050 device to which you are connected (using Telnet, SSH, or a console connection) to its factory default configuration. All IP configuration is lost. The software itself remains intact.
After executing the delete command, you can only access the device using a console connection. Log on as the Admin user (user name: admin, password: admin) to enter the Setup menu.
Note: If you receive a warning that the device you are trying to delete has no contact with any other master
Nortel SNAS 4050 device in the cluster, also connect to the MIP (using Telnet or SSH) and delete the Nortel
SNAS 4050 device from the cluster by using the
/cfg/sys/host #/delete command (see
).
The /boot/delete command is primarily intended for when you want to delete a Nortel SNAS 4050 device in one of the following situations :
• The device has become isolated from the cluster,
• The device has been physically removed from the cluster without first performing the
/cfg/sys/host #/delete command.
In these situations, you must use the /boot/delete command to present the Setup menu, from which you can perform the new and join commands.
Managing software for a Nortel SNAS 4050 device using the CLI
To view, download, and activate software versions for the Nortel SNAS 4050 device to which you are connected, use the following command:
/boot/software
The Software Management menu displays.
320818-A
Chapter 14 Maintaining and managing the system 735
The Software Management menu includes the following options:
/boot/software followed by: cur activate <version>
Displays the status of the software versions on the particular device to which are connected. The status options are:
•
• permanent — the software version that is currently operational old — the software version that preceded the currently operational software version
• unpacked — the software upgrade package has been downloaded but not yet activated
If you activate a software version indicated as either unpacked or old , the status of that version is propagated to permanent . The software status change occurs after the Nortel SNAS 4050 device performs a reboot.
Activates a downloaded software upgrade package that the cur command indicates as unpacked . If serious problems occur when the new software version runs, you can switch back to the previous version by activating the software version that the cur command indicates as old .
The Nortel SNAS 4050 reboots when you confirm the activate command.
Note: When you activate a software upgrade on a
Nortel SNAS 4050 device, all the Nortel SNAS 4050 devices in the cluster reboot. All active sessions are lost.
Nortel Secure Network Access Switch 4050 User Guide
736 Chapter 14 Maintaining and managing the system
/boot/software followed by: download <protocol>
<server> <filename> del
Downloads a new software package from the specified file exchange server, in order to perform a minor or major upgrade. You are prompted to provide the following parameters if you do not specify them in the command:
•
• protocol is the import protocol. Options are tftp|ftp|scp|sftp.
The default is tftp .
server is the host name or IP address of the file exchange server.
• filename is the name of the software upgrade package. Software upgrade packages typically have the .pkg file name extension.
• for FTP, SCP, and SFTP, user name and password
If you include a directory path and file name
(separated by a forward slash (/)) on the same line as the FTP server host name or IP address when you run the command, make sure you put the combined directory path and file name string within double quotation marks. For example:
>> Software Management# download ftp 10.0.0.1 “pub/SSL-5.1.1upgrade_complete.pkg”
If you are using anonymous mode when downloading the software package from an FTP server, the Nortel SNAS 4050 uses the following string as the password (for logging purposes): admin@<hostname>.isd
Removes a software package that has been downloaded but not yet activated (status is unpacked ). You cannot delete software versions with any other status (see the cur command).
Managing and maintaining the system using the SREM
Performing maintenance using the SREM
To perform maintenance activities, choose from one of the following tasks:
•
“Dumping logs and status information using the SREM” on page 737
•
“Starting and stopping a trace using the SREM” on page 738
320818-A
Chapter 14 Maintaining and managing the system 737
•
“Backing up or restoring the configuration using the SREM” on page 742
•
“Checking configuration using the SREM” on page 741
Dumping logs and status information using the SREM
You can dump logs and statistics about the current internal status of the system to a file exchange server. The information can then be used for technical support purposes.
To dump logs or statistics, perform the following steps:
1 Select the System > Maintenance > Dumps tab.
The Dumps screen appears (see
Figure 223 Dumps
Nortel Secure Network Access Switch 4050 User Guide
738 Chapter 14 Maintaining and managing the system
2
Enter the Dump information in the applicable fields. Table 167 describes the
Dump fields.
Table 167 Dump fields
Field
Dumplogs/Dumpstats
Protocol
Hostname/IP Address
Filename
Collect info for all iSDs
Username
Password
Description
Specifies whether to dump logs or statistics.
Specifies the export protocol. Options are FTP, TFTP,
SFTP. The default is FTP.
Specifies the host name or IP address of the file exchange server.
Specifies the name of the destination file on the file exchange server. The file is in gzip compressed tar format.
Specifies whether the information is to be collected from all
Nortel SNAS 4050 devices in the cluster or only from the device to which you are connected. The options are yes (= all) or no (= single device). The default is no.
Specifies the user name to access a file exchange server.
For FTP and SFTP.
Specifies the password to access a file exchange server.
For FTP and SFTP.
3 Click Dump.
Starting and stopping a trace using the SREM
You can perform a trace to log information about a client session.
320818-A
Chapter 14 Maintaining and managing the system 739
To start or stop a trace, perform the following steps:
1 Select the System > Maintenance > Start/Stop Trace tab.
The Start/Stop Trace screen appears (see Figure 224
).
Figure 224 Start/Stop Trace
Nortel Secure Network Access Switch 4050 User Guide
740 Chapter 14 Maintaining and managing the system
2 Enter the Trace information in the applicable fields.
Start/Stop Trace fields.
Table 168 Start/Stop Trace fields
Field
Trace type
Domain
Protocol
Hostname
Username
Password
Remote Filename
Description
Specifies the specific features or subsystems to which you want to limit tracing. Options are:
• aaa — logs authentication method, user name, group, and extended profile
• dns — logs failed DNS lookups made during the session
• ssl — logs information related to the SSL handshake procedure (for example, the cipher used)
• tg — logs information related to the TunnelGuard check
(for example, TunnelGuard session status and the SRS rule check result)
• snas — logs operations and events of Nortel
SNA-controlled switches
To trace all available types, choose the Select all available option.
Note: If listed, the following options are not supported in
Nortel Secure Network Access Switch
Software Release 1.0: pptp, upref, smb, ftp.
Specifies the Nortel SNAS 4050 domain to which you want to limit tracing.
Specifies the file export protocol. The options are TFTP,
FTP, SFTP. The default is TFTP.
Specifies the hostname or IP address of the host where a trace file is created.
Specifies the user name to access a file exchange server.
For FTP and SFTP.
Specifies the password to access a file exchange server.
For FTP and SFTP.
Specifies the file name for the remote trace file.
3 To start the trace, click Start Trace.
4 To stop the trace, click Stop Trace.
320818-A
Chapter 14 Maintaining and managing the system 741
Checking configuration using the SREM
You can check connectivity to verify that the Nortel SNAS 4050 is able to contact gateways, routers, DNS servers, and authentication servers in the system configuration. The command also checks if the Nortel SNAS 4050 can connect to web servers specified in group links. The SREM displays the result of the connectivity check as well as the method used for the check (for example, ping).
To check the configuration, perform the following steps:
1 Select the System > Maintenance > Check Configuration tab.
The Check Configuration screen appears (see
).
Figure 225 Check Configuration
2 Click Check Configuration.
3 When the check is complete, results are displayed on the screen.
Nortel Secure Network Access Switch 4050 User Guide
742 Chapter 14 Maintaining and managing the system
Backing up or restoring the configuration using the SREM
You can save the current configuration, including private keys and certificates, to a file on the specified file exchange server as backup. You can later use this backup file to restore the configuration.
To create a backup of your system or restore the configuration from an existing backup, perform the following steps:
1 Select the System > Maintenance > Backup & Restore tab.
The Backup & Restore screen appears (see
Figure 226 Backup & Restore
320818-A
Chapter 14 Maintaining and managing the system 743
2
Enter the Backup/Restore information in the applicable fields. Table 169
describes the Backup & Restore fields.
Table 169 Backup & Restore fields
Field
Backup/Restore
Protocol
Hostname
Filename
Private Key password
Username
Password
Description
Specifies whether to back up or restore the configuration.
Specifies the protocol to use to export or import the backup file. The options are TFTP, FTP, SFTP. The default is TFTP.
Specifies the host name or IP address of the file exchange server.
Specifies the name of the backup file on the file exchange server.
Specifies a password phrase used to protect the private keys in the configuration.
Note: If you have fully separated the Administrator user role from the Certificate Administrator user role, the export passphrase defined by the Certificate Administrator is used to protect the private keys in the configuration when performing the backup, and this is transparent to the user.
If you later restore the configuration, the Certificate
Administrator must enter the correct passphrase. For more information on separating the Administrator user role from
the Certificate Administrator user role, see “User rights and group membership” on page 354 .
For FTP and SFTP, the user name to access the file exchange server.
For FTP and SFTP, the password to access the file exchange server.
3 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Managing Nortel SNAS 4050 devices and software using the SREM
To configure boot settings, choose from one of the following tasks:
•
“Managing software versions using the SREM” on page 744
•
“Downloading images using the SREM” on page 748
Nortel Secure Network Access Switch 4050 User Guide
744 Chapter 14 Maintaining and managing the system
•
“Rebooting or deleting a Nortel SNAS 4050 device using the SREM” on page 750
Managing software versions using the SREM
To manage software images and perform upgrades on the Nortel SNAS 4050 device to which you are connected, select the System > Boot > Image List tab.
The Image List screen appears (see Figure 227 ), listing a history of the Nortel
SNAS 4050 software versions used on this device.
Figure 227 Image List
320818-A
Chapter 14 Maintaining and managing the system 745
describes the Image List fields.
Table 170 Image List fields
Field
Index
Name
Status
Description
Displays the software version.
Displays the name of the Nortel SNAS 4050 device.
Displays the status of the software version on the particular device to which are connected. The status options are:
• permanent operational
— the software version that is currently
•
• old — the software version that preceded the currently operational software version unpacked — the software upgrade package has been downloaded but not yet activated
If you activate a software version indicated as either unpacked or old , the status of that version is propagated to permanent . The software status change occurs after the Nortel SNAS 4050 device performs a reboot.
The following tasks are available from this screen:
•
“Viewing details of the active software image” on page 746
•
“Activating a software image” on page 747
•
“Removing an inactive software image” on page 748
Nortel Secure Network Access Switch 4050 User Guide
746 Chapter 14 Maintaining and managing the system
Viewing details of the active software image
To view the details of the currently active software image on the Nortel
SNAS 4050 device to which you are connected, perform the following steps:
1 Select the System > Boot > Image List tab.
The Image List screen appears (see Figure 227 on page 744 ).
2 Select the image with a Status of permanent from the Image List.
The Image screen appears, displaying information about the active image (see
Figure 228 ). For a description of each field that is displayed, see
“Managing software versions using the SREM” on page 744
.
Figure 228 Image
320818-A
Chapter 14 Maintaining and managing the system 747
Activating a software image
To activate an old or unpacked software image on the Nortel SNAS 4050 device to which you are connected, perform the following steps:
1 Select the System > Boot > Image List tab.
The Image List screen appears (see Figure 227 on page 744 ).
2 Select an image with a Status of either old or unpacked from the Image List.
The Image screen appears, displaying information about the selected image
(see
Figure 229 ). For a description of each field that is displayed, see
“Managing software versions using the SREM” on page 744 .
Figure 229 Image
3 Click Activate to make the selected image active.
A confirmation dialog box appears.
Nortel Secure Network Access Switch 4050 User Guide
748 Chapter 14 Maintaining and managing the system
4 When prompted, click Yes.
The Nortel SNAS 4050 reboots when you confirm the Activate command.
Note: When you activate a software upgrade on a Nortel SNAS 4050 device, all the Nortel SNAS 4050 devices in the cluster reboot. All active sessions are lost.
Removing an inactive software image
To remove an inactive software images on the Nortel SNAS 4050 device to which you are connected, perform the following steps:
1 Select the System > Boot > Image List tab.
The Image List screen appears (see Figure 227 on page 744 ).
2 Select an inactive image from the table.
Inactive images have a Status of old or unpacked in the Image List.
3 Click Delete.
A confirmation dialog box appears.
4 When prompted, click Yes.
The image is removed from the Image List
The active image cannot be removed from the Nortel SNAS 4050 device. To remove the active image, you must first select another available image to activate
(see
“Activating a software image” on page 747 ).
Downloading images using the SREM
Before you can perform a software upgrade, you must download the image file.
320818-A
Chapter 14 Maintaining and managing the system 749
To download an image from a file exchange server, perform the following steps:
1 Select the System > Boot > Download Image tab.
The Download Image screen appears (see
Figure 230 Download Image
Nortel Secure Network Access Switch 4050 User Guide
750 Chapter 14 Maintaining and managing the system
2
Enter the Download Image information in the applicable fields. Table 171
describes the Download Image fields.
Table 171 Download Image fields
Field
Download Type
Host
Filename
Username
Password
Description
Specifies the import protocol. The options are TFTP, FTP,
SCP, SFTP. The default is TFTP.
Specifies the host name or IP address of the file exchange server.
Specifies the name of the software upgrade package.
Software upgrade packages typically have the .pkg file name extension.
For FTP, SCP, and SFTP, the user name to access the file exchange server.
For FTP, SCP, and SFTP, the password to access the file exchange server.
If you are using anonymous mode when downloading the software package from an FTP server, the Nortel
SNAS 4050 uses the following string as the password (for logging purposes): admin@<hostname>.isd
3 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Rebooting or deleting a Nortel SNAS 4050 device using the
SREM
You can shut down or reboot a Nortel SNAS 4050 device that has become isolated from the cluster. You can reset a Nortel SNAS 4050 device to its factory default configuration.
320818-A
Chapter 14 Maintaining and managing the system 751
To reboot, shut down, or reset the Nortel SNAS 4050 device to which you are connected, perform the following steps:
1 Select the System > Boot > Reboot/Delete ISD Options tab.
The Reboot/Delete ISD Options screen appears (see Figure 231
).
Figure 231 Reboot/Delete ISD Options
2 To reboot the Nortel SNAS 4050 device to which you are connected, click
Reboot. When prompted, click Yes.
3 To shut down the Nortel SNAS 4050 device to which you are connected, click
Halt. When prompted, click Yes.
Always use this command before turning off the device.
4 To reset the Nortel SNAS 4050 device to which you are connected, click
Delete. When prompted, click Yes.
Nortel Secure Network Access Switch 4050 User Guide
752 Chapter 14 Maintaining and managing the system
The command resets the device to its factory default configuration. All
IP configuration is lost. The software itself remains intact. After executing the delete command, you can only access the device using a console connection and performing the initial setup.
If you receive a warning that the device you are trying to delete has no contact with any other master Nortel SNAS 4050 device in the cluster, also connect to the MIP and delete the Nortel SNAS 4050 device from the cluster by using the delete command on the System > Hosts screen.
The delete command on the Reboot/Delete ISD Options tab is primarily intended for when you want to delete a Nortel SNAS 4050 device in one of the following situations:
• The device has become isolated from the cluster,
• The device has been physically removed from the cluster without first executing the delete command on the System > Hosts screen.
Downloading files using the SREM
To download files to the Nortel SNAS 4050 using the SREM, select the File
Download tab.
320818-A
Chapter 14 Maintaining and managing the system 753
The File Download screen appears (see Figure 232
).
Figure 232 File Download screen
describes the File Download fields.
Table 172 File Download fields
Field
Download Type
Host Name
Username
Password
Description
The file download protocol. The options are FTP, SFTP, and SCP. The default is SFTP.
The host name or IP address of the file exchange server.
The user name and password to access the file exchange server.
The user name and password to access the file exchange server.
Nortel Secure Network Access Switch 4050 User Guide
754 Chapter 14 Maintaining and managing the system
Table 172 File Download fields
Field
Remote File Path
Local Directory
Description
The remote path where the file resides.
The local directory used to save the downloaded file.
Running Nortel SNAS 4050 diagnostics using the SREM
To run basic diagnostics on the Nortel SNAS 4050, select the Diagnostics tab.
The Diagnostics screen appears (see
Figure 233 Diagnostics screen
320818-A
Chapter 14 Maintaining and managing the system 755
describes the Diagnostics fields.
Table 173 Diagnostics fields
Field
Operation
IP Address or Host Name
Description
The diagnostic operation to perform. The options are:
• Ping — verify station-to-station connectivity across the network.
• TraceRoute — identify the route used for station-to-station connectivity across the network.
• NSLookup — find the IP address or host name of a machine. In order to use this command, the Nortel
SNAS 4050 must be configured use a DNS server.
The default operation is Ping.
The IP address or Host name on which to perform the diagnostic operation.
Nortel Secure Network Access Switch 4050 User Guide
756 Chapter 14 Maintaining and managing the system
320818-A
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 1 Nortel Secure Network Access Switch 4050 User Guide
- 5 Contents
- 25 Preface
- 26 Before you begin
- 27 Text conventions
- 28 Related information
- 28 Publications
- 29 Online
- 29 How to get help
- 31 Overview
- 31 The Nortel SNA solution
- 32 Elements of the NSNA solution
- 32 Supported users
- 33 Role of the Nortel SNAS 4050
- 39 Nortel SNAS 4050 clusters
- 40 One-armed and two-armed configurations
- 42 Nortel SNA configuration and management tools
- 43 Nortel SNAS 4050 configuration roadmap
- 49 Initial setup
- 50 Before you begin
- 51 About the IP addresses
- 52 Initial setup
- 52 Setting up a single Nortel SNAS 4050 device or the first in a cluster
- 61 Adding a Nortel SNAS 4050 device to a cluster
- 66 Next steps
- 67 Applying and saving the configuration
- 68 Applying and saving the configuration using the CLI
- 68 Applying and saving the configuration using the SREM
- 71 Managing the network access devices
- 72 Before you begin
- 73 Managing network access devices using the CLI
- 73 Roadmap of domain commands
- 75 Adding a network access device using the CLI
- 79 Deleting a network access device using the CLI
- 80 Configuring the network access devices using the CLI
- 82 Mapping the VLANs using the CLI
- 84 Managing SSH keys using the CLI
- 89 Monitoring switch health using the CLI
- 90 Controlling communication with the network access devices using the CLI
- 91 Managing network access devices using the SREM
- 91 Adding a network access device using the SREM
- 93 Deleting a network access device using the SREM
- 93 Configuring the network access devices using the SREM
- 96 Mapping the VLANs using the SREM
- 102 Managing SSH keys using the SREM
- 111 Monitoring switch health using the SREM
- 113 Viewing a connected client list using the SREM
- 115 Controlling communication with the network access devices using the SREM
- 117 Configuring the domain
- 118 Configuring the domain using the CLI
- 119 Roadmap of domain commands
- 121 Creating a domain using the CLI
- 129 Deleting a domain using the CLI
- 130 Configuring domain parameters using the CLI
- 132 Configuring the TunnelGuard check using the CLI
- 135 Configuring the SSL server using the CLI
- 144 Configuring HTTP redirect using the CLI
- 145 Configuring advanced settings using the CLI
- 146 Configuring RADIUS accounting using the CLI
- 150 Configuring the domain using the SREM
- 151 Creating a domain using the SREM
- 163 Deleting a domain using the SREM
- 164 Configuring domain parameters using the SREM
- 168 Configuring the TunnelGuard check using the SREM
- 174 Configuring the SSL server using the SREM
- 181 Configuring HTTP redirect using the SREM
- 183 Configuring RADIUS accounting using the SREM
- 191 Configuring groups and profiles
- 192 Overview
- 192 Groups
- 194 Linksets
- 194 TunnelGuard SRS rule
- 195 Extended profiles
- 196 Before you begin
- 196 Configuring groups and extended profiles using the CLI
- 197 Roadmap of group and profile commands
- 198 Configuring groups using the CLI
- 201 Configuring client filters using the CLI
- 203 Configuring extended profiles using the CLI
- 206 Mapping linksets to a group or profile using the CLI
- 208 Creating a default group using the CLI
- 208 Configuring groups and extended profiles using the SREM
- 208 Configuring groups using the SREM
- 213 Configuring client filters using the SREM
- 219 Configuring extended profiles using the SREM
- 223 Mapping linksets to a group or profile using the SREM
- 230 Creating a default group using the SREM
- 233 Configuring authentication
- 234 Overview
- 235 Before you begin
- 236 Configuring authentication using the CLI
- 237 Roadmap of authentication commands
- 239 Configuring authentication methods using the CLI
- 241 Configuring advanced settings using the CLI
- 242 Configuring RADIUS authentication using the CLI
- 249 Configuring LDAP authentication using the CLI
- 261 Configuring local database authentication using the CLI
- 267 Specifying authentication fallback order using the CLI
- 269 Configuring authentication using the SREM
- 270 Configuring authentication methods using the SREM
- 271 Configuring RADIUS authentication using the SREM
- 282 Configuring LDAP authentication using the SREM
- 298 Configuring local database authentication using the SREM
- 314 Specifying authentication fallback order using the SREM
- 316 Saving authentication settings
- 317 TunnelGuard SRS Builder
- 318 Configuring SRS rules
- 318 The TunnelGuard user interface
- 319 Menu commands
- 322 SRS definition toolbar
- 323 Software Definition - Available SRS list
- 323 SRS Components table
- 325 Memory snapshot
- 325 TunnelGuard Rule Definition screen
- 327 Managing TunnelGuard rules and expressions
- 327 Creating a software definition
- 328 Adding entries to a software definition
- 333 Creating logical expressions
- 338 Registry-based rules
- 343 Manually creating SRS entries
- 347 File age check
- 348 Adding comments
- 349 Deleting SRS rules and their components
- 351 TunnelGuard support for API calls
- 351 Making API calls
- 353 Managing system users and groups
- 354 User rights and group membership
- 355 Managing system users and groups using the CLI
- 355 Roadmap of system user management commands
- 356 Managing user accounts and passwords using the CLI
- 358 Managing user settings using the CLI
- 359 Managing user groups using the CLI
- 360 CLI configuration examples
- 370 Managing system users and groups using the SREM
- 370 Managing user accounts using the SREM
- 374 Setting password expiry using the SREM
- 376 Changing your password using the SREM
- 377 Changing another user’s password using the SREM
- 379 Setting the certificate export passphrase using the SREM
- 381 Managing user groups using the SREM
- 385 Customizing the portal and user logon
- 386 Overview
- 386 Captive portal and Exclude List
- 389 Portal display
- 397 Managing the end user experience
- 398 Customizing the portal and logon using the CLI
- 398 Roadmap of portal and logon configuration commands
- 401 Configuring the captive portal using the CLI
- 401 Configuring the Exclude List using the CLI
- 402 Changing the portal language using the CLI
- 406 Configuring the portal display using the CLI
- 409 Changing the portal colors using the CLI
- 410 Configuring custom content using the CLI
- 412 Configuring linksets using the CLI
- 414 Configuring links using the CLI
- 417 Customizing the portal and logon using the SREM
- 417 Configuring the captive portal using the SREM
- 420 Changing the portal language using the SREM
- 426 Configuring the portal display using the SREM
- 432 Changing the portal colors using the SREM
- 434 Configuring custom content using the SREM
- 440 Configuring linksets using the SREM
- 445 Configuring links using the SREM
- 457 Configuring system settings
- 459 Configuring the cluster using the CLI
- 460 Roadmap of system commands
- 464 Configuring system settings using the CLI
- 465 Configuring the Nortel SNAS 4050 host using the CLI
- 469 Configuring host interfaces using the CLI
- 471 Configuring static routes using the CLI
- 472 Configuring host ports using the CLI
- 473 Managing interface ports using the CLI
- 474 Configuring the Access List using the CLI
- 475 Configuring date and time settings using the CLI
- 477 Configuring DNS servers and settings using the CLI
- 480 Configuring RSA servers using the CLI
- 481 Configuring syslog servers using the CLI
- 483 Configuring administrative settings using the CLI
- 485 Enabling TunnelGuard SRS administration using the CLI
- 485 Configuring Nortel SNAS 4050 host SSH keys using the CLI
- 488 Configuring RADIUS auditing using the CLI
- 492 Configuring authentication of system users using the CLI
- 495 Configuring the cluster using the SREM
- 496 Configuring system settings using the SREM
- 497 Configuring a Nortel SNAS 4050 host using the SREM
- 508 Configuring host interfaces using the SREM
- 514 Configuring static routes using the SREM
- 520 Configuring host ports using the SREM
- 523 Managing interface ports using the SREM
- 525 Configuring the access list using the SREM
- 528 Managing date and time settings using the SREM
- 532 Configuring DNS settings using the SREM
- 534 Configuring servers using the SREM
- 546 Configuring administrative settings using the SREM
- 547 Configuring SRS control settings using the SREM
- 548 Configuring Nortel SNAS 4050 host SSH keys using the SREM
- 553 Adding an SSH key for a known host using the SREM
- 554 Managing RADIUS audit settings using the SREM
- 562 Managing RADIUS authentication of system users using the SREM
- 569 Managing certificates
- 570 Overview
- 571 Key and certificate formats
- 573 Creating certificates
- 573 Installing certificates and keys
- 574 Saving or exporting certificates and keys
- 574 Updating certificates
- 575 Managing private keys and certificates using the CLI
- 576 Roadmap of certificate management commands
- 577 Managing and viewing certificates and keys using the CLI
- 579 Generating and submitting a CSR using the CLI
- 584 Adding a certificate to the Nortel SNAS 4050 using the CLI
- 587 Adding a private key to the Nortel SNAS 4050 using the CLI
- 588 Importing certificates and keys into the Nortel SNAS 4050 using the CLI
- 591 Displaying or saving a certificate and key using the CLI
- 594 Exporting a certificate and key from the Nortel SNAS 4050 using the CLI
- 596 Generating a test certificate using the CLI
- 597 Managing private keys and certificates using the SREM
- 598 Viewing certificates using the SREM
- 599 Creating a certificate using the SREM
- 601 Generating and submitting a CSR using the SREM
- 603 Importing a certificate or key using the SREM
- 605 Displaying or saving a certificate and key using the SREM
- 607 Exporting a certificate and key from the Nortel SNAS 4050 using the SREM
- 610 Viewing certificate information using the SREM
- 617 Configuring SNMP
- 618 Configuring SNMP using the CLI
- 619 Roadmap of SNMP commands
- 620 Configuring SNMP settings using the CLI
- 621 Configuring the SNMP v2 MIB using the CLI
- 622 Configuring the SNMP community using the CLI
- 623 Configuring SNMPv3 users using the CLI
- 626 Configuring SNMP notification targets using the CLI
- 627 Configuring SNMP events using the CLI
- 631 Configuring SNMP settings using the SREM
- 632 Configuring SNMP using the SREM
- 634 Configuring SNMP targets using the SREM
- 640 Configuring SNMPv3 users using the SREM
- 647 Configuring SNMP events using the SREM
- 659 Viewing system information and performance statistics
- 660 Viewing system information and performance statistics using the CLI
- 660 Roadmap of information and statistics commands
- 661 Viewing system information using the CLI
- 666 Viewing alarm events using the CLI
- 667 Viewing log files using the CLI
- 667 Viewing AAA statistics using the CLI
- 670 Viewing all statistics using the CLI
- 670 Viewing system information and performance statistics using the SREM
- 670 Viewing local information using the SREM
- 672 Viewing cluster information using the SREM
- 698 Viewing AAA statistics using the SREM
- 716 Viewing Ethernet statistics using the SREM
- 723 Maintaining and managing the system
- 724 Managing and maintaining the system using the CLI
- 725 Roadmap of maintenance and boot commands
- 726 Performing maintenance using the CLI
- 730 Backing up or restoring the configuration using the CLI
- 733 Managing Nortel SNAS 4050 devices using the CLI
- 734 Managing software for a Nortel SNAS 4050 device using the CLI
- 736 Managing and maintaining the system using the SREM
- 736 Performing maintenance using the SREM
- 742 Backing up or restoring the configuration using the SREM
- 743 Managing Nortel SNAS 4050 devices and software using the SREM
- 752 Downloading files using the SREM
- 754 Running Nortel SNAS 4050 diagnostics using the SREM
- 757 Upgrading or reinstalling the software
- 757 Upgrading the Nortel SNAS 4050
- 758 Performing minor and major release upgrades
- 760 Activating the software upgrade package
- 763 Reinstalling the software
- 763 Before you begin
- 765 Reinstalling the software from an external file server
- 767 Reinstalling the software from a CD
- 769 The Command Line Interface
- 770 Connecting to the Nortel SNAS 4050
- 770 Establishing a console connection
- 772 Establishing a Telnet connection
- 773 Establishing a connection using SSH
- 775 Accessing the Nortel SNAS 4050 cluster
- 777 CLI Main Menu or Setup
- 777 Command line history and editing
- 777 Idle timeout
- 779 Configuration example
- 779 Scenario
- 782 Steps
- 782 Configure the network DNS server
- 783 Configure the network DHCP server
- 789 Configure the network core router
- 790 Configure the Ethernet Routing Switch 8300 using the CLI
- 793 Configure the Ethernet Routing Switch 5510
- 795 Configure the Nortel SNAS 4050
- 803 CLI reference
- 804 Using the CLI
- 804 Global commands
- 806 Command line history and editing
- 807 CLI shortcuts
- 810 Using slashes and spaces in commands
- 810 IP address and network mask formats
- 811 Variables
- 812 CLI Main Menu
- 812 CLI command reference
- 814 Information menu
- 815 Statistics menu
- 816 Configuration menu
- 835 Boot menu
- 836 Maintenance menu
- 837 Troubleshooting
- 837 Troubleshooting tips
- 838 Cannot connect to the Nortel SNAS 4050 using Telnet or SSH
- 841 Cannot add the Nortel SNAS 4050 to a cluster
- 841 Cannot contact the MIP
- 843 The Nortel SNAS 4050 stops responding
- 844 A user password is lost
- 845 A user fails to connect to the Nortel SNAS 4050 domain
- 845 Trace tools
- 847 System diagnostics
- 847 Installed certificates
- 847 Network diagnostics
- 849 Active alarms and the events log file
- 849 Error log files
- 851 Syslog messages
- 851 Syslog messages by message type
- 852 Operating system (OS) messages
- 853 System Control Process messages
- 857 Traffic Processing Subsystem messages
- 860 Start-up messages
- 861 AAA subsystem messages
- 863 NSNAS subsystem messages
- 865 Syslog messages in alphabetical order
- 875 Supported MIBs
- 875 Supported MIBs
- 879 Supported traps
- 881 Supported ciphers
- 883 Adding User Preferences attribute to Active Directory
- 883 Install All Administrative Tools (Windows 2000 Server)
- 883 Register the Schema Management dll (Windows Server 2003)
- 884 Add the Active Directory Schema Snap-in (Windows 2000 Server and Windows Server 2003)
- 886 Permit write operations to the schema (Windows 2000 Server)
- 887 Create a new attribute (Windows 2000 Server and Windows Server 2003)
- 888 Create the new class
- 891 Configuring DHCP to auto-configure IP Phones
- 892 Configuring IP Phone auto-configuration
- 892 Creating the DHCP options
- 896 Configuring the Call Server Information and VLAN Information options
- 899 Setting up the IP Phone
- 901 Using a Windows domain logon script to launch the Nortel SNAS 4050 portal
- 901 Configuring the logon script
- 902 Creating a logon script
- 902 Creating the script as a batch file
- 903 Creating the script as a VBScript file
- 903 Assigning the logon script
- 905 Software licensing information
- 911 Index