Nortel Secure Router 2330/4134 Commissioning. Release: 10.2 Document Revision: NN

Similar documents
Commissioning Avaya Secure Router 2330/4134

Hardware Installation Guide Installation (x3350)

Bring-up the Router. Boot the Router

RC001-NMS1 (REV.C) User Manual

Installing the Cisco Unified Videoconferencing 3545 MCU

Lab 7 Configuring Basic Router Settings with IOS CLI

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

DGS-3630-Series Switches

Network Configuration Example

Cajun P333R. Quick Start Guide. Unpack 1. Rack mount (optional) 2. Power up 3. Connect the cables 4. Configure 5. Run Web-based Manager (optional)

Management Software AT-S79. User s Guide. For use with the AT-GS950/16 and AT-GS950/24 Smart Switches. Version Rev.

Initial Configuration for the Switch

Index. B Boot software 5-2 Bridging architecture 7-6 Broadcast filter 8-55 limiting 8-22 Buffer port 7-9 Syslog 8-17, 8-20

Setting Up Your Cisco Unified Videoconferencing 3515 MCU

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Bring-up the Router. Boot the Router

24-Port 100/1000X SFP + 4-Port 10G SFP+ Managed. Metro Ethernet Switch MGSW-28240F. Quick Installation Guide

Configuring Host Router and Cisco Analog Video Gateway Module Interfaces

Configuring the Management Interface and Security

24-Port Gigabit with 4 Optional 10G Slots. Layer 3 Managed Stackable Switch XGS Quick Installation Guide

Installing and Managing the Switch

Using the Cisco NX-OS Setup Utility

F5 WANJet 200. Quick Start Guide. Quick Start Overview

User and System Administration

SCS100/200/400 Quick Start Guide

16/24-Port 10/100/1000T 802.3at PoE + 2-Port 100/1000X SFP Managed Switch GS P2S GS P2S. Quick Installation Guide

Chassis Display Tasks

Using the Cisco NX-OS Setup Utility

Troubleshooting. General System Checks. Troubleshooting Components. Send documentation comments to

Powering On the Cisco VG224 Voice Gateway

for Hardware Installation: IG550 Integrated Gateway

NCOM SERIAL DEVICE SERVER 1XX SERIES USER S MANUAL

Initial Configuration on ML-Series Card

1. Which OSI layers offers reliable, connection-oriented data communication services?

FortiTester Handbook VERSION FortiTester Handbook Fortinet Technologies Inc.

Codian IP VCR IP VCR 2200 Series

Setting Up Your Cisco Unified Videoconferencing 3500 Gateway

L2+ Managed PoE Switch GS-5220 PoE Series

24-Port Gigabit with 4 Optional 10G Slots. Layer 3 Managed Stackable Switch XGS / XGS Quick Installation Guide

DX Application Acceleration Platform Quick Start

RC NMS1 (REV.B) User Manual. Beijing Raisecom Science & Technology Co., Ltd

SSL VPN Reinstallation

Configuring Cisco Prime NAM

Industrial Serial Device Server

16/24/48-Port 10/100/1000T + 2/4-Port 100/1000X SFP Managed Switch GS T2S/GS T2S/GS T4S. Quick Installation Guide

48-Port 10/100/1000Base-T with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

L2+ 24-Port Gigabit Managed Switch with. Hardware Layer3 IPv4/IPv6 Static Routing GS S8C GS S8CR. Quick Installation Guide

L2+ Managed Metro Ethernet Switch MGSW / MGSD Series

Startup Guide. for Local Managers. Version 5.1 January

Using Cisco IOS XE Software

Logging in to the CLI

Nortel Secure Router 4134 Server Module with SCS. User Guide. Release: Document Revision: NN

DX 32xx and DX 36xx Quick Start

Avaya P133G2. Quick Start Guide. Unpack. Rack mount (optional) Power up 3. Connect the cables 4. Configure 5. Run Web-based Manager (optional)

Total Control System Application Guide

WLM1200-RMTS User s Guide

Getting Started with the VG248

Cisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.2

Using the Web-Browser and CLI Interfaces

Lab 3: Basic Device Configuration

Nortel Media Application Server 5.1. Installation NN

NetVanta Series (with 56K/64K Network Interface Module)

HP Load Balancing Module

VERTICAL HORIZON VH-2402S FAST ETHERNET SWITCH MANAGEMENT GUIDE

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Management Software AT-S70. User s Guide. CONVERTEON Media Converter Products. Version Rev. B

Nortel IP Phone 1120E User Guide

L2+ Managed Gigabit Switch WGSW series

ST-HVR8704 ST-HVR8708 ST-HVR8716. Professional Digital Video Recorders QUICK START GUIDE

NN Nortel Communication Server 1000 Linux Platform Base and Applications Installation and Commissioning

SCOPIA 100 MCU Quick Start

Configurations for the Layer 3 Switch Router

Configuration Guide. Upgrading AOS Firmware L1-29.1D July 2011

UTM Content Security Gigabit Gateway CS-950

NetVanta Series (with E1/FE1 or E1/FE1 with G.703 Drop Network Interface Module)

L2+ Managed Gigabit/10 Gigabit Ethernet Switch GS-5220 Series

Industrial 24-Port 10/100/1000Mbps Managed Gigabit. Switch (-40~75 degrees C) with 4 Shared SFP Ports IGSW-24040T. Quick Installation Guide

Peplink SD Switch User Manual. Published on October 25th, 2018

FortiTester 2.1. Handbook

Setting Up the Sensor

Command Line Interface

NCOM SERIAL DEVICE SERVER 4XX SERIES USER S MANUAL

McAfee Network Security Platform

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

28-Port 10/100/1000Mbps with. 4 Shared SFP Managed Gigabit Switch WGSW / WGSW-28040P. Quick Installation Guide

Management Security Switch SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P. Quick Installation Guide

HES-3106 SERIES 6 PORTS 10/100/1000BASE-T ETHERNET MANAGED SWITCH

Juniper Secure Analytics Quick Start Guide

Quick Install Guide. ibypass TM I2BP-4x Rev A 11/14

rbox610 Series Robust Din-rail Fanless Embedded System Web Configuration and App Software User s Manual

Out-of-Band Management

L2/L4 Managed Gigabit Ethernet Switch GS-4210 Ultra PoE Series

Installation and Configuration Guide

Luminato. Quick Start Manual. Teleste Corporation. Luminato First Time Installation. SW version 1.1.2

Configuring the Switch with the CLI-Based Setup Program

Multi-port Coax + 2-port 10/100/1000T + 2-port. 100/1000X SFP Long Reach PoE over Coaxial. Managed Switch LRP-822CS / LRP-1622CS

Assigning the Switch IP Address and Default Gateway

Cascade Sensor Installation Guide. Version 8.2 March 2009

24-Port Gigabit + 4-Port 10G SFP+ Slot. Layer 3 Stackable Managed Switch XGS Quick Installation Guide

Cisco TelePresence Supervisor MSE 8050

Transcription:

Release: 10.2 Document Revision: 03.01 www.nortel.com NN47263-302.

. Release: 10.2 Publication: NN47263-302 Document release date: 7 September 2009 While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE. All other trademarks are the property of their respective owners.

. Contents 3 New in this release 5 Features 5 Configuring daylight saving time 5 Reverse Telnet 5 Confirmation prompt appears on deleting a configuration file 5 Displaying the SNTP configuration 5 Quotes no longer required as delimiter for banner text configuration 5 Disabling the USB port on the Secure Router 4134 6 SR2330 hardware 6 Introduction 7 Navigation 7 Secure Router 2330/4134 commissioning 9 Secure Router 2330/4134 commissioning procedures 9 Secure Router 2330/4134 commissioning navigation 11 the Secure Router 2330/4134 15 Gathering required information 15 Procedure job aid 15 Connecting a terminal for local access 17 Powering up the Secure Router 2330/4134 19 Logging in to the Secure Router 2330/4134 22 Defining boot parameters 23 Viewing boot parameters and software image information 25 Enabling the management LAN port 25 Disabling the USB port on the Secure Router 4134 27 Configuring SSH 28 Enabling FTP, TFTP, and Telnet 29 Verifying the Telnet connection 29 Viewing Telnet server settings 30 Clearing a Telnet session 30 Configuring the Telnet banner 31 Configuring the Telnet timeout 32 Configuring the host name 32

4 Configuring the static default route 33 Verifying the next-hop connection 34 Configuring the date 34 Configuring the time 35 Configuring the SNTP client 36 Displaying the SNTP configuration 36 Configuring daylight saving time 37 Example of configuring daylight saving time 38 Changing the admin user password 40 Changing the administrator account name 40 Adding users 41 Procedure job aid 42 Removing users 42 Configuring FTP users 43 Pinging a device 43 Saving a configuration 44 Deleting a configuration file 44 Rebooting or resetting the Secure Router 2330/4134 45 Powering down the Secure Router 2330/4134 46 Viewing the Secure Router 2330/4134 configuration 47 Viewing chassis status 47 Viewing interface module configuration 48 Checking the system for alarms 48 Checking the system status 49 Configuring reverse Telnet on the Secure Router 4134 49

. New in this release 5 The following section details what s new in Nortel Secure Router 2330/4134 (NN47263-302) for Release 10.2. Features See the following sections for information about feature changes: Configuring daylight saving time Release 10.2 supports the daylight saving time (DST) feature, which allows you to configure a time offset for daylight saving. For more information, see Configuring daylight saving time (page 37). Reverse Telnet On the Secure Router 4134, Reverse Telnet allows you to Telnet to a device and then console to another device from there for remote management. For example, you can Telnet to the Secure Router 4134, and then console into a switch, modem, or any other device that has a console port. The Secure Router 2330 does not have an AUX port and therefore cannot support reverse Telnet. For more information, see Configuring reverse Telnet on the Secure Router 4134 (page 49). Confirmation prompt appears on deleting a configuration file When you delete a configuration file from the Secure Router, a prompt now appears to confirm the operation. For more information, see Deleting a configuration file (page 44). Displaying the SNTP configuration A new procedure for displaying the SNTP configuration is now added. For more information, see Displaying the SNTP configuration (page 36). Quotes no longer required as delimiter for banner text configuration When configuring the Telnet banner, With Release 10.2 and later, you no longer need to use quotes ("") as a delimiter for the banner text. For more information, see Configuring the Telnet banner (page 31).

6 New in this release Disabling the USB port on the Secure Router 4134 To provide additional security on the router, you can optionally disable the rear-panel USB port on the Secure Router 4134. The Secure Router 2330 does not support a USB port. For more information, see Disabling the USB port on the Secure Router 4134 (page 27). SR2330 hardware This document is updated to include the supported Nortel Secure Router 2330 (SR2330) procedures.

. Introduction 7 This document provides information about the recommended method to commission the Secure Router 2330/4134. For a complete list of Command Line Interface (CLI) commands that you use to monitor and configure the Secure Router 2330/4134, see Nortel Secure Router 2330/4134 Command Line Reference (NN47263-507). Prerequisites Hardware installation is complete. You must have a console cable to connect to the console port of the router. You must have an Ethernet cable to connect to the management port of the router. Be familiar with using the CLI and interpreting partial configuration procedures. See Using the Command Line Interface (NN47263-506). Navigation Secure Router 2330/4134 commissioning (page 9) the Secure Router 2330/4134 (page 15)

8 Introduction

. Secure Router 2330/4134 commissioning 9 You commission the Secure Router 2330/4134 to prepare the unit for software feature configuration. includes tasks such as establishing communication with the system, defining boot parameters, configuring usernames and passwords, and establishing remote access. Prerequisites Ensure the Secure Router 2330/4134 is securely installed in an equipment rack. Secure Router 2330/4134 commissioning procedures This task flow shows you the sequence of procedures you perform to commission the Secure Router 2330/4134. To link to any procedure, go to Secure Router 2330/4134 commissioning navigation (page 11).

10 Secure Router 2330/4134 commissioning Figure 1 Secure Router 2330/4134 commissioning procedures

Secure Router 2330/4134 commissioning navigation 11 Figure 2 Secure Router 2330/4134 commissioning procedures (continued) Secure Router 2330/4134 commissioning navigation Gathering required information (page 15) Connecting a terminal for local access (page 17)

12 Secure Router 2330/4134 commissioning Powering up the Secure Router 2330/4134 (page 19) Logging in to the Secure Router 2330/4134 (page 22) Defining boot parameters (page 23) Enabling the management LAN port (page 25) Disabling the USB port on the Secure Router 4134 (page 27) Configuring SSH (page 28) Enabling FTP, TFTP, and Telnet (page 29) Verifying the Telnet connection (page 29) Viewing Telnet server settings (page 30) Clearing a Telnet session (page 30) Configuring the Telnet banner (page 31) Configuring the Telnet timeout (page 32) Configuring the host name (page 32) Configuring the static default route (page 33) Verifying the next-hop connection (page 34) Configuring the date (page 34) Configuring the time (page 35) Configuring the SNTP client (page 36) Displaying the SNTP configuration (page 36) Configuring daylight saving time (page 37) Changing the admin user password (page 40) Changing the administrator account name (page 40) Adding users (page 41) Removing users (page 42) Configuring FTP users (page 43) Pinging a device (page 43) Saving a configuration (page 44) Deleting a configuration file (page 44) Rebooting or resetting the Secure Router 2330/4134 (page 45) Powering down the Secure Router 2330/4134 (page 46) Viewing the Secure Router 2330/4134 configuration (page 47) Viewing chassis status (page 47)

Secure Router 2330/4134 commissioning navigation 13 Viewing interface module configuration (page 48) Checking the system for alarms (page 48) Checking the system status (page 49) Configuring reverse Telnet on the Secure Router 4134 (page 49)

14 Secure Router 2330/4134 commissioning

. the Secure Router 2330/4134 15 This section includes the recommended method to commission the Secure Router 2330/4134, while ensuring that you limit unauthorized access to the router. is the first step following hardware installation. The commissioning task includes the initial procedures required to bring the router online, and to configure appropriate access for remote users. Gathering required information Before you begin, gather all the information you require to complete the commissioning steps. 1 Record all the required information for commissioning your Secure Router 2330/4134 in the following table. Procedure job aid Table 1 Gathering required information Required information Sample entries Record information here New password for admin user Host name Management IP address and mask kevx fremont 10.11.12.13 255.255.255.0

16 the Secure Router 2330/4134 Required information Sample entries Record information here Next hop IP address for static route to hosts and servers IP address of hosts and servers that access the Secure Router 2330/4134 11.12.13.14/24 a.b.c.d/32 The following figure is an example of a commissioning scenario showing the basic configuration requirements including host name, management interface, and terminals. Figure 3 scenario The following figure shows the same commissioning example scenario but with the Secure Router 2330.

Connecting a terminal for local access 17 Figure 4 Secure Router 2330 scenario Connecting a terminal for local access Connect a local terminal to the console port of the Secure Router 2330/4134. This local connection provides communication with the system during commissioning. ATTENTION When powering up for the first time, Nortel recommends that you use a direct console connection to the Secure Router 2330/4134. After you have completed the initial configuration, you can use a remote connection for router management. Prerequisites You have a PC running HyperTerminal or similar terminal emulation program with the following communication protocol settings: 9600 bps 8 data bits 1 stop bit

18 the Secure Router 2330/4134 No flow control No parity Ensure you have the supplied console cable (shipped with the chassis). Ensure you have the supplied female DB-9 to RJ-45 adapter if you require it for connection to your terminal or PC. Ensure you have the Secure Router 2330/4134 securely installed in the equipment rack. 1 Insert the male RJ-45 connector in the console port of the Secure Router 2330/4134. 2 Connect the female DB-9 to RJ-45 adapter to the opposite end of the console cable, if necessary. 3 Insert the RJ-45 or female DB-9 connector (dependent on your equipment) in a terminal or PC. Procedure job aid The following figure shows how to connect a terminal to the Secure Router 4134 for local access. Figure 5 Connect a local terminal to the Secure Router 4134

Powering up the Secure Router 2330/4134 19 The following figure shows how to connect a terminal to the Secure Router 2330 for local access. Figure 6 Connect a local terminal to the Secure Router 2330 Powering up the Secure Router 2330/4134 Power up the Secure Router 2330/4134 to initiate the power-on diagnostics test. The Secure Router 2330/4134 indicates the resulting pass or fail with status LEDs, and by logging results in the event log. Average time for the Secure Router to boot up: 5 minutes. Prerequisites The Secure Router 2330/4134 is securely mounted and grounded. For information about installing the Secure Router 4134 chassis, see Nortel Secure Router 4134 Installation Chassis (NN47263-300). For information about installing the Secure Router 2330 chassis, see Nortel Secure Router 2330 Installation Chassis (NN47263-304). For information about installing the power supplies, interface modules, and other hardware components, see Installation Hardware Components (NN47263-301). A local terminal is connected to the Secure Router console port (the console port is located on the rear panel of the Secure Router 4134 and the front panel of the Secure Router 2330). Ensure you have powered up the terminal or PC.

20 the Secure Router 2330/4134 DANGER Risk of electric shock Ensure the Secure Router 2330/4134 is properly grounded. For information about grounding the Secure Router 4134, see Nortel Secure Router 4134 Installation Chassis (NN47263-300). For information about grounding the Secure Router 2330, see Nortel Secure Router 2330 Installation Chassis (NN47263-304). ATTENTION When powering up for the first time, Nortel recommends that you use a direct console connection to the Secure Router 2330/4134. After you have completed the initial configuration, you can use a remote connection for router management. (AC power) 1 Connect power cables for AC power supplies. On the Secure Router 2330, no power switch exists, and so the router begins to power up as soon as the power cable is connected. 2 On the Secure Router 4134, turn on one power switch at a time (if you installed two AC power supplies). Power switches are on the rear panel of the Secure Router 4134. The fans start immediately, and the LEDs cycle. 3 Verify that diagnostic testing is underway by observing the startup messages on your local terminal. 4 Once the router completes the self-diagnostics tests, verify that the System LED and, on the Secure Router 4134, the power

Powering up the Secure Router 2330/4134 21 LEDs that correspond to the power supplies installed on your router (PS0 and PS1) are green. 5 Verify that the fan LED on the rear panel of the Secure Router 2330/4134 is green, and air is flowing through the unit. (DC power on Secure Router 4134) 1 Connect power cables for DC power supplies. 2 Turn on the DC power source. The fans start immediately, and the LEDs cycle. 3 Verify that diagnostic testing is underway by observing the startup messages on your local terminal. 4 Once the router completes the self-diagnostics tests, verify that the System LED and the power LEDs that correspond to the power supplies installed on your router (PS0 and PS1) are green. 5 Verify that the fan LED on the rear panel of the Secure Router 4134 is green, and air is flowing through the unit. For troubleshooting information, see Troubleshooting (NN47263-700). When the Secure Router 2330/4134 begins powering up, the boot sequence displays messages on the terminal or PC that you connected to the console port. A prompt displays at the beginning of the boot sequence indicating that you can stop the auto-boot sequence by pressing any key. The Secure Router 2330/4134 waits for 5 seconds for input from you before beginning the boot sequence. If you press a key and stop the auto-boot sequence, the Secure Router 2330/4134 displays the bootrom command menu. The following figure shows the prompt to stop the auto-boot sequence and enter the bootrom command area.

22 the Secure Router 2330/4134 Figure 7 Accessing the bootrom command menu If you accidentally enter the bootrom command menu, you can exit that command menu and restart the normal boot sequence by pressing @ on your keyboard. For detailed information on using the bootrom command menu, see Nortel Secure Router 2330/4134 Troubleshooting (NN47263-700). Logging in to the Secure Router 2330/4134 The first time you log on to the Secure Router 2330/4134 CLI, you perform initial configuration such as the following: Configure the IP address for the management port. Configure the next-hop (gateway IP address). Enable remote access. Use the procedure in this section to log on to the Secure Router 2330/4134 for the first time. Prerequisites You have securely mounted the Secure Router 2330/4134 in an equipment rack. You have connected a local terminal to the console port of the Secure Router 2330/4134. You have powered up the Secure Router 2330/4134. The boot sequence is complete.

Defining boot parameters 23 1 To log on to the Secure Router 2330/4134 CLI for the first time, enter the default user name and password: login: admin password: setup Defining boot parameters You can configure boot parameters for the Secure Router 2330/4134, if necessary. You configure boot parameters only if you are having issues to boot the router. For example, you can change the device from which the router boots (that is, the device that has the software image) if you want to try to boot the device from a software image on an FTP server in the network. The boot parameters are relevant to the boot process only. Any network addressing that you configure for boot parameters is independent of the normal IP addresses that the router uses in runtime. The addresses you configure in the boot parameters can be the same as or different from the IP addresses you configure for normal operation. After the Secure Router 2330/4134 boots, the router no longer uses the information in the boot parameters, but rather the router uses what you have configured in the system.cfg file. The Secure Router 2330/4134 provides two bootrom images for redundancy: normal bootrom the default boot image saved in the normal boot area, and used as your working bootrom image golden bootrom the backup boot image saved in the golden boot area, and used if the normal bootrom image is corrupted For more information about troubleshooting the Secure Router 2330/4134, see Troubleshooting (NN47263-700). 1 To access configuration mode, enter: configure terminal

24 the Secure Router 2330/4134 2 To define the boot parameters, enter: boot_params Example of defining boot parameters 1 Access configuration mode: configure terminal 2 Define boot parameters: boot_params The router returns the following: WARNING : Configuration changes not yet saved! 3 When prompted, enter the name of the device from which you prefer the router boots: Boot dev [ftp,cf0,cf1,usb0]: cf0 4 Enter the boot file name (the router provides this information if you have previously configured it): Boot file name: SR4134.Z 5 Enter the name of the server you use to download the software image (the router provides this information if you have previously configured it): Server name: sunserver 6 Enter the server IP address (the router provides this information if you have previously configured it): Server IP address: 10.10.11.12 7 Enter the router IP address (the router provides this information if you have previously configured it): My IP address: 10.10.13.14 8 Enter the subnet mask (the router provides this information if you have previously configured it): My subnet mask: 255.255.255.0 9 Enter the gateway IP address (the router provides this information if you have previously configured it): Gateway IP address: 10.10.15.16 10 Enter your user name and password: User name: kevx Password: kevx 11 Enter 0 to disable or 1 to enable the checksum feature: Checksum enable [0:Disable,1:Enable]: 1 12 Enter 0 to disable or 1 to enable the display of the image header contents: Show header enable [0:Disable,1:Enable]: 1

Enabling the management LAN port 25 13 Enter the number (0, 1, or 2) that corresponds to the type of bootrom image update that you prefer, or enter 3 if you prefer to not update the bootrom image: Save bootrom image [0:AutoUpdate,1:NormalBTupd,2: GoldenBTupd,3:NoUpd]: 0 If you select 0, 1, or 2, the router returns the following: BOOT PARAMETERS HAVE BEEN SAVED. 14 Reboot the Secure Router 2330/4134 to activate changes, or continue with your configuration: DO YOU WANT TO REBOOT: (Y/N)? y Viewing boot parameters and software image information Use the procedures in this section to view the boot parameters configuration and to display information for the normal and golden bootrom images. 1 To view the boot parameters configuration, enter show boot_params 2 To view bootrom image information, enter: file show_boot Enabling the management LAN port Enable a management Local Area Network (LAN) port on the Secure Router 4134 for network management access. To enable the management port, you assign it an IP address. The Secure Router 2330 does not support a dedicated management LAN port. You can use one of the front panel Ethernet ports as a management LAN port. ATTENTION The Secure Router 4134 management Ethernet interface (FE 0/0) on the rear panel does not support jumbo frames. Therefore, the management port Maximum Transmission Unit (MTU) can be configured with a value in the range of 64 to 1500 bytes.

26 the Secure Router 2330/4134 ATTENTION The Secure Router 4134 management Ethernet interface (FE 0/0) does not support routing or multicast. The following figure shows the location of the management port on the rear panel of the Secure Router 4134. Figure 8 Management port on the rear panel of the Secure Router 4134 Prerequisites You must be connected to the Secure Router 2330/4134 through the console port. See Connecting a terminal for local access (page 17) for information about connecting a terminal to the console port. You must log in as a user with sufficient permissions to configure the Secure Router 2330/4134. You must have the IP address and netmask that you want to assign to the management port.

Disabling the USB port on the Secure Router 4134 27 The following procedure uses Ethernet port 0/0 (on the rear of the Secure Router 4134) for the management port. You can also use port 0/1 or port 0/2 on the front panel of the Secure Router 4134 for management purposes. Ethernet port 0/0 is a 10/100 Base-T port. Ethernet ports 0/1 and 0/2 are 10/100/1000 Base-T ports. On the Secure Router 2330, you can use one of the front panel Ethernet ports as a management port. 1 To access configuration mode, enter: configure terminal 2 To identify the management port for configuration, enter: interface ethernet 0/0 3 To configure the management port IP address, enter: ip address <ipaddr> <netmask> 4 To configure the speed and mode of the port, enter: speed <10 100 1000 auto> mode <full_duplex half_ duplex> Table 2 Variable definitions Variable Value <10 100 1000 auto> The speed of the interface. Enter auto for auto-negotiation. Note that Ethernet port 0/0 is a 10/100 Base-T port. <full_duplex half_duplex> <ipaddr> <netmask> The port mode. The default value is half_duplex. The IP address that you assign to the management port. For example, 10.11.12.13. The network mask that you assign to the management port IP address. For example, 255.255.255.0. Disabling the USB port on the Secure Router 4134 To provide additional security on the router, you can optionally disable the rear-panel USB port. The Secure Router 2330 does not support a USB port.

28 the Secure Router 2330/4134 1 To access configuration mode, enter: configure terminal 2 To disable the USB port, enter: no usb enable 3 To display the status of the USB port, enter: show usb_userstat 4 To re-enable the USB port, as required, enter: usb enable Configuring SSH You can enable an SSH connection for remote access. To generate a key and enable SSH, use the procedures in this section. 1 To access configuration mode, enter: configure terminal 2 To access the SSH key generation subtree, enter: ssh_keygen 3 To generate the DSA key, enter: generate dsa 4 To generate the RSA key, enter: generate rsa 5 To exit the SSH key generation subtree, enter: exit 6 To enable the SSH connection, enter: ssh_server enable 7 To save the configuration, enter: save local

Verifying the Telnet connection 29 Enabling FTP, TFTP, and Telnet The default configuration for the Secure Router 2330/4134 includes FTP, TFTP, and Telnet servers disabled. You can enable any and all of these servers to allow this type of access to the Secure Router 2330/4134. Prerequisites You must assign an IP address to the Secure Router 2330/4134. 1 To access configuration mode, enter: configure terminal 2 To enable the FTP service, enter: ftp_server 3 To enable the TFTP service, enter: tftp_server 4 To enable the Telnet service, enter: telnet_server Verifying the Telnet connection Verify the Telnet connection to ensure that users can successfully access the Secure Router 2330/4134 using remote access. Prerequisites The IP address of the management interface on the Secure Router 2330/4134 must be configured. You must have the IP address of the management interface on the router. You must have a terminal or workstation connected to the Ethernet LAN. 1 To start a Telnet session from your workstation, enter: telnet <ipaddr>

30 the Secure Router 2330/4134 2 To log in, enter: login: admin password: setup Viewing Telnet server settings View the Telnet server settings for information about the status of the Telnet server (enabled or disabled) and the Telnet session timeout value. 1 To view information about the Telnet server settings, enter: show telnet Clearing a Telnet session You can disconnect a specific Telnet session, if necessary, or you can disconnect all Telnet sessions simultaneously. 1 To view the list of users currently connected using a Telnet session to find the Telnet session sequence numbers, enter: show users The following figure shows an example of the Telnet session sequence numbers for users remotely connected to the router.

Configuring the Telnet banner 31 2 To clear a specific Telnet session, enter: clear telnet_session <value> Table 3 Variable definitions Variable <value> Value The Telnet session sequence number. Enter a value from 1 to 16. To quickly disconnect all Telnet sessions, use the command: clear telnet_sessions Configuring the Telnet banner You can customize the banner that appears when users access the router using Telnet services. When configuring the Telnet banner, use \n to begin a new line. With Release 10.2 and later, you no longer need to use quotes ("") as a delimiter for the banner text. 1 To access configuration mode, enter: configure terminal 2 To configure the Telnet banner, enter: telnet_banner banner <string> [banner1] [banner2] Table 4 Variable definitions Variable [banner1] Value An optional parameter that you use to extend the banner text. If you require the banner text be more than 255 characters in length, use banner1 <string> to continue the banner text.

32 the Secure Router 2330/4134 Table 4 Variable definitions (cont d.) Variable [banner2] <string> Value An optional parameter that you use to extend the banner text. The banner text that you want to appear in Telnet sessions. The banner text can be up to 255 characters in length. Use \n to begin a new line within the banner. Configuring the Telnet timeout You can configure the timeout value for Telnet sessions. A Telnet session disconnects if it remains inactive for the configured session duration. 1 To access configuration mode, enter: configure terminal 2 To configure the Telnet timeout value, enter: telnet_timeout <value> Table 5 Variable definitions Variable Value <value> Enter the time in seconds (from 0 to 3600) after which inactive Telnet sessions automatically disconnect. The default value is 900 seconds. If you enter a value of 0 seconds, inactive Telnet sessions do not automatically disconnect. Configuring the host name Configure a host name for the Secure Router 2330/4134 to uniquely identify it. Once assigned, the host name becomes the CLI prompt name.

Configuring the static default route 33 ATTENTION Changing the host name later (that is, post commissioning), and committing this change, drops all Telnet and SSH connections. All active console sessions also end. 1 To access configuration mode, enter: configure terminal 2 To configure the host name for the Secure Router 2330/4134, enter: hostname <WORD> Table 6 Variable definitions Variable <WORD> Value The name you want to assign to the Secure Router 2330/4134. Configuring the static default route Configure a static route to specify a preferred route to a destination. You can identify the gateway, or next-hop, for a static route by specifying one of the following: IP address of a directly connected interface name of a local interface such as ethernet0/0 1 To access configuration mode, enter: configure terminal 2 To configure the gateway route, enter: ip route <netaddr/mask> <gateway>

34 the Secure Router 2330/4134 Table 7 Variable definitions Variable <netaddr/mask> <gateway> Value The IP address and the subnet mask of the destination network. For example, 11.12.13.14/24. Entering the subnet mask is optional. The IP address or interface name of the gateway. For example, 10.11.12.16. Verifying the next-hop connection Use the procedure in this section to verify that the connection from the management interface successfully connects to the next-hop device. Prerequisites You must have the IP address of the next-hop device. 1 To ping the next-hop device, enter: ping <ipaddr> Configuring the date To configure the date, you enter the month, day, and year. 1 To access configuration mode, enter: configure terminal 2 To configure the date, enter: date <month> <day> <year>

Configuring the time 35 Table 8 Variable definitions Variable <day> <month> <year> Value The current day in relation to the month. Enter a value from 1 to 31. The current month. Enter a value from 1 to 12. The current year. Enter a value from 2000 to 2100. Configuring the time To set the current time for the Secure Router 2330/4134, you specify the time in relation to Coordinated Universal Time (UTC): time zone offset ahead (+) or behind (-) UTC number of hours ahead or behind UTC number of minutes ahead or behind UTC 1 To access configuration mode, enter: configure terminal 2 To configure your local time, enter: utc <+ -> <hour offset> <minute offset> Table 9 Variable definitions Variable Value <+ -> The time zone offset. Enter + to indicate that your time zone is ahead of UTC. Enter - to indicate that your time zone is behind UTC. For example, if you are in New York, you enter utc -.

36 the Secure Router 2330/4134 Table 9 Variable definitions (cont d.) Variable <hour offset> <minute offset> Value The number of hours that your local time is offset from UTC. Enter a value from 0 to 23. For example, if you are in New York, you enter utc - 4. The number of minutes that your local time is offset from UTC. Enter a value from 0 to 59. For example, if you are in New York, you enter utc - 4 0. Configuring the SNTP client The Simple Network Time Protocol (SNTP) synchronizes the internal clocks of various network devices across large, diverse networks to universal standard time. Use the procedure in this section to enable the SNTP client on the Secure Router 2330/4134. 1 To access configuration mode, enter: configure terminal 2 To set the location of the SNTP server, enter: sntp server {ipaddr hostname} 3 To set the timeout value for the response from the server, enter: sntp timeout <value> Table 10 Variable definitions Variable {ipaddr hostname} <value> Value The IP address or host name of the broadcast server. The default value is any broadcast server. The timeout value in seconds. The default timeout value is 1024 seconds. Displaying the SNTP configuration Use this procedure to display the SNTP configuration.

Configuring daylight saving time 37 Procedure 1 1 To display the SNTP configuration, enter: show sntp Configuring daylight saving time The daylight saving time (DST) feature allows you to configure a time offset for daylight saving. Use the procedure in this section to configure DST on the Secure Router 2330/4134. Procedure 2 1 To access configuration mode, enter: configure terminal 2 To configure the DST offset, enter: dst set <device location> <start hour> <start minute> <start week of month> <start day of week> <start month> <end hour> <end minute> <end week of month> <end day of week> <end month> <dst duration hrs> <dst duration minutes> 3 To enable DST, enter: dst enable 4 To disable DST, enter: no dst enable 5 To display the DST configuration and status, enter: show dst

38 the Secure Router 2330/4134 Table 11 Variable definitions Variable <device location> <start hour> Value Specifies the location of the device. Specifies the start hour (00-23), in other words, the hour at which the DST offset time begins. <start minute> Specifies the start minute (00-59) <start week of month> Specifies the start week of <start month> (1-4) <start day of week> Specifies the start day of week (0 - sunday, 6 - saturday) <start month> Specifies the start month of year (1-12) <end hour> Specifies the end hour (00-23), in other words, the hour at which the DST offset time ends. <end minute> Specifies the end minute (00-59) <end week of month> Specifies the end week of <end month> (1-4) <end day of week> Specifies the end day of week (0 - sunday, 6 - saturday) <end month> Specifies the end month of year (1-12) <dst duration hrs> <dst duration minutes> Example of configuring daylight saving time Consider the following DST scenario: DST start: 2nd Sunday of April at 2:00 AM DST end: 2nd Sunday of October at 2:00 AM Offset time amount: 1:00 hours To achieve this configuration, consider the following: Specifies the number of offset hours to add to the time at the start of DST (and remove at the end of DST). Specifies the number of offset minutes to add to the time at the start of DST (and remove at the end of DST).

Configuring daylight saving time 39 Parameter DST start: 2nd Sunday of April at 2:00 AM DST end: 2nd Sunday of October at 2:00 AM start hour 2 - - start minute 0 - - start week of month 2 - - start day of week 0 - - start month 4 - - end hour - 2 - end minute - 0 - end week of month - 2 - end day of week - 0 - end month - 10 - dst duration hrs - - 1 dst duration minutes - - 0 To configure DST for this example, use the following procedure. Procedure 3 Offset time amount: 1:00 hours 1 To enter configuration mode, enter: configure terminal 2 To configure the DST for this example, enter: dst set LOCATION 2 0 20420201010 3 To enable DST, enter: dst enable This configuration provides the following outcome: For year 2009: DST start: SUN APR 12 02:00:00 2009 DST end: SUN OCT 11 02:00:00 2009

40 the Secure Router 2330/4134 For year 2010: DST start: SUN APR 11 02:00:00 2010 DST end: SUN OCT 10 02:00:00 2010 Changing the admin user password The system administrator login consists of two components: the account name and the password. The initial login name is always "admin". You can change this after logging in for the first time. The default administrative password is "setup". Nortel recommends you change the default password as soon as possible to ensure only authorized personnel can access the Secure Router 2330/4134. 1 To access password configuration mode, enter: password The Secure Router 2330/4134 prompts you for the current user name. 2 Enter the default user name, which is the current user name: admin The Secure Router 2330/4134 prompts you for the old password. 3 Enter the default password, which is the current password: setup The Secure Router 2330/4134 prompts you for the new password. 4 Enter your new password. The Secure Router 2330/4134 prompts you to verify the new password. 5 Re-enter your new password. A message appears that confirms that the password is changed. Changing the administrator account name Use the procedure in this section to change the administrator login name (Level 1 access) to a user-specified name. The default login name for the Secure Router 2330/4134 is "admin". The administrator login name can be from 3 to 39 characters in length.

Adding users 41 1 To access configuration mode, enter: configure terminal 2 To change the login name, enter: admin_name <WORD> The Secure Router 2330/4134 displays a message that confirms the login name is successfully changed. Adding users You can identify users (that is, login names) who can access the Secure Router 2330/4134, and assign each user an access privilege (levels 2 4). Only the system administrator (level 1 access) can add, modify, or remove this information from the system. 1 To access configuration mode, enter: configure terminal 2 Enter the user name and access level: user <username> level <value> The Secure Router 2330/4134 prompts you to enter a password for this user. 3 Enter a password (from 0 to 10 characters) for the new user. The Secure Router 2330/4134 prompts you to re-enter the password. 4 Re-enter the password for the new user. The Secure Router 2330/4134 confirms that the password is set and confirms the name of the new user is added.

42 the Secure Router 2330/4134 Table 12 Variable definitions Variable <username> <value> Value The user name you want to add to the Secure Router 2330/4134. The user name can contain up to 39 characters. The access level assigned to the user. Values are 2 4. The lower the access level value, the higher the access privileges. For example, a user with an access level of 2 has more privileges than a user with an access level 3 or 4. Procedure job aid The CLI supports four levels of privilege for users. The following table defines each level. Table 13 CLI user access levels Privilege level Privilege name Definition 1 (highest) PRIVILEGE_ADMIN Admin level can access any command and configure any feature in the router, including user configuration and administration. 2 PRIVILEGE_CONFIGURE Configure level can configure any feature. Cannot add or delete users. 3 PRIVILEGE_TEST Test level can only run diagnostic tests. Cannot access configuration commands. 4 (lowest) PRIVILEGE_NORMAL Normal level can only enter show or display commands. Removing users The system administrator can remove configured user names from the Secure Router 2330/4134. ATTENTION To reset a user password, you must delete and then recreate the user account.

Pinging a device 43 1 To access configuration mode, enter: configure terminal 2 To remove a user, enter: no user <username> Configuring FTP users 1 To access configuration mode, enter: configure terminal 2 To configure an FTP user, enter a user name: ftp_user <username> 3 At the prompt, enter a password for the FTP user: Please enter new password: <password> 4 At the prompt, re-enter the password: Please re-enter password: <password> If you entered the password correctly, the Secure Router returns a message indicating a successful configuration: password is set Pinging a device Ping a device to verify the connection between the Secure Router 2330/4134 and that network device. If the network device sends a ping reply, a message indicates that the specified IP address is alive and can communicate with the router. If the router does not receive a reply, the message indicates that the address is not responding. Prerequisites You must physically connect the Secure Router 2330/4134 to the network. You must physically connect the specific network device to the network.

44 the Secure Router 2330/4134 1 Ping the network device: ping <ipaddr> Saving a configuration Issue the save command to save the running configuration to a file. You can save the configuration to the local file system, or to a file on the network. 1 To save the configuration to the local file system, enter: save local [file <filename>] 2 To save the configuration to a network file, enter: save network <ipaddr> <path> Table 14 Variable definitions Variable [file <filename>] <ipaddr> <path> Value The name of the file to which the configuration is saved. This is an optional parameter. The configuration is saved to the system default file (system.cfg) if you do not specify a filename. The IP address of the device on which you store the network configuration file. The full path of the remote configuration file. Deleting a configuration file Delete the.cfg file to remove a configuration file from the flash. Use this command with caution as it can delete all current configurations from the router. If you do not specify a filename, the command deletes the system.cfg file by default.

Rebooting or resetting the Secure Router 2330/4134 45 Procedure 4 1 To delete the current configuration file, enter: clear cfg_file [<filename>] A prompt appears asking you to confirm the operation. 2 Enter y to delete, or n to cancel the operation. Table 15 Variable definitions Variable [<filename>] Value The name of the file to delete. This is an optional parameter. if You do not specify a filename, the router deletes the system default file (system.cfg). Rebooting or resetting the Secure Router 2330/4134 Reset and reboot the Secure Router 2330/4134 properly to avoid file system corruption. Resetting the router returns it to a factory-default configuration. Rebooting the router shuts down and restarts the system. The procedure in this section shows you how to reset the configuration on the Secure Router 2330/4134, reboot the router to restore the factory-default settings, and save the factory-default settings to the configuration file. ATTENTION If you have the Mediation Server Module installed on the SR4134, there is a 2-minute delay after you issue the reboot command while the router waits for the module to shut down. The chassis reboots automatically when the Mediation Server Module completes shutdown. 1 To access configuration mode, enter: configure terminal 2 To reset the Secure Router 2330/4134, enter: system reset-to-factory {system users} 3 To exit configuration mode, enter: exit

46 the Secure Router 2330/4134 4 To reboot the Secure Router 2330/4134, enter: reboot Issue the reboot command from the CLI root. 5 When the Secure Router 2330/4134 completes the reboot, save the factory-default settings to the system.cfg file by entering: save local Table 16 Variable definitions Variable {system users} Value Enter system to remove all information stored in memory, which includes user information, event logs, crash logs, command logs, and boot parameters. Enter users to remove all users and information related to users. Powering down the Secure Router 2330/4134 Use the procedure in this section if you must power down the Secure Router 2330/4134. For example, Nortel strongly recommends that you power down the router to install an interface module in a slot in which that module has not previously been installed. You must also power down the Secure Router 4134 before opening the service access panel on the rear of the router, or when removing the cover from the Secure Router 2330. Prerequisites Ensure you have backed up your system configuration. Use the save local command to save your configuration. 1 To shut down the system, enter: reboot If you have the Mediation Server Module installed on the SR4134, there is a 2-minute delay after you issue the reboot command while the router waits for the module to shut down. The chassis reboots automatically when the Mediation Server Module completes shutdown.

Viewing chassis status 47 2 When the system restarts (you will see memory tests begin on your console), power down the Secure Router 4134 by putting the power switch (or power switches if you have more than one power supply installed) in the "off" position. To power down the Secure Router 2330, disconnect the power cord. Viewing the Secure Router 2330/4134 configuration View the Secure Router 2330/4134 configuration to understand the current state of the system software. For more information about using commands, see Nortel Secure Router 2330/4134 Using the Command Line Interface (NN47263-506). For a complete list of CLI commands, see Command Line Reference (NN47263-507). 1 To view the current configuration, enter: show configuration running You can also enter show running-config to view the current configuration. 2 To view the configuration that is stored in Flash, enter: show configuration stored You can also enter show startup-config to view the stored configuration. Viewing chassis status Use the procedure in this section to view summary information about the Secure Router 2330/4134 chassis, including its operational status. After you install interface modules, you can use the show chassis command to verify that the Secure Router 2330/4134 recognizes the modules.

48 the Secure Router 2330/4134 1 To view summary information about the Secure Router 2330/4134, enter: show chassis Viewing interface module configuration Use the procedure in this section to quickly check the state and configuration of installed interface modules. 1 To view the configuration of interface modules installed in your Secure Router 2330/4134, enter: show module configuration all 2 To view the configuration of individual interface modules, enter: show module configuration [t1 e1 ct3 serial hssi t3] <slot/port> Checking the system for alarms The Secure Router 2330/4134 reports alarms when it detects irregular conditions in incoming signals to the interface modules. Use the show module alarms command to quickly check for any irregularities. 1 To view the current alarms for any T1 WAN link on the Secure Router 2330/4134, enter: show module alarms t1 <slot/port> 2 To view the current alarms for any E1 port on the Secure Router 2330/4134, enter: show module alarms e1 <slot/port> 3 To view the current alarms for any CT3 port on the Secure Router 4134, enter: show module alarms ct3 <slot/port>

Configuring reverse Telnet on the Secure Router 4134 49 4 To view the current alarms for any serial port on the Secure Router 2330/4134, enter: show module alarms serial <slot/port> 5 To view the current alarms for any HSSI port on the Secure Router 4134, enter: show module alarms hssi <slot/port> 6 To view the current alarms for any T3 port on the Secure Router 4134, enter: show module alarms t3 <slot/port> Checking the system status You can view the operating status and current configuration of each WAN, Ethernet, or serial interface using the show module configuration command. Refer to Command Line Reference (NN47263-507) for a complete list of CLI commands for the Secure Router 2330/4134. 1 View the operating status of all installed interface modules: show module configuration all Configuring reverse Telnet on the Secure Router 4134 Reverse Telnet gives you the ability to Telnet to a device, and then use a console connection to connect to another device from there. For example, you can Telnet to a router, and then connect into a switch, modem, or any other device that has a console port. There are many devices that do not have remote access built into them, and the only access option for these devices is a console session. With reverse Telnet, you can remotely manage these type of devices through the Secure Router 4134. The Secure Router 2330 does not have an AUX port and therefore cannot support reverse Telnet. 1 Connect a straight-through cable from the console port of the console-only device to the AUX port on the Secure Router 4134.

50 the Secure Router 2330/4134 2 In the CLI, to enter configuration mode, enter: configure termainal 3 To specify reverse Telnet configuration, enter: reverse_telnet The following steps allow you to configure the AUX port of the Secure Router 4134 with the proper settings for the console connection to the remote device. 4 To configure the baud rate, enter: set_baud_rate <baud_rate> 5 To configure the data bits, enter: set_data_bits <data_bits> 6 To configure the flow control, enter: set_flow_control <flow-control> 7 To configure the parity, enter: set_parity <parity> 8 To configure the stop bits, enter: set_stop_bits <stop_bits> 9 To configure the revers telnet port, enter: telnet_port <telnet_port> 10 To configure the timeout, enter: telnet_timeout <telnet_timeout> 11 To enable reverse Telnet, enter: [no] enable Table 17 Variable definitions Variable <baud_rate> <data_bits> <flow-control> Value Sets the speed of the AUX port. Range is 50-115200 (default 9600). Configures the data bits on the AUX port. Configures flow control on the AUX port. Range: 0-none, 1-software, 2-hardware (default: 0).

Configuring reverse Telnet on the Secure Router 4134 51 Table 17 Variable definitions (cont d.) Variable <parity> <stop_bits> <telnet_port> <telnet_timeout> [no] enable Value Sets parity of the AUX port. Range: 0-none, 1-odd, 2-even (default: no parity). Configures the number of stop bits on the AUX port. Range: 1-2 (default 1). Specifies the Telnet port which reverse Telnet listens on to establish the remote console though the AUX port. Range :2000-65535 (default 2001). Specifies the timeout for the reverse telnet session in seconds. Range: 0 ( disable timeout) - 7200 (default 600). Activates the reverse Telnet functionality on the router. The no option deactivates reverse Telnet.

52 the Secure Router 2330/4134

Release: 10.2 Publication: NN47263-302 Document revision: 03.01 Document release date: 7 September 2009 While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE. All other trademarks are the property of their respective owners. To provide feedback or to report a problem in this document, go to www.nortel.com/documentfeedback. www.nortel.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback