Nortel Networks NN47230-301 User Manual

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 (320199-D)

Document status: Standard Document version: 02.01 Document date: 16 July 2007

The information in this document is subject to change without notice. The statements, conﬁgurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products speciﬁed in this document. The information in this document is proprietary to Nortel Networks Inc.

The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. The software license agreement is included in this document.

Trademarks

*Nortel, Nortel Networks, the Nortel logo, the Globemark, Passport, BayStack, and Contivity are trademarks of Nortel Networks.

All other products or services may be trademarks or registered trademarks of their respective owners.

The asterisk after a name denotes a trademarked item.

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Export

This product, software and related technology is subject to U.S. export control and may be subject to export or import regulations in other countries. Purchaser must strictly comply with all such laws and regulations. A license to export or reexport may be required by the U.S. Department of Commerce.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves the right to make changes to the products described in this document without notice.

Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without speciﬁc prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION,THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).

Licensing

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit

ttp://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

This product includes software developed by the Apache Software Foundation (h

Portions of the TunnelGuard code include software licensed from The Legion of the Bouncy Castle.

ttp://www.apache.org/).

Nortel Networks Inc. software license agreement

This Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and afﬁliates ("Nortel Networks"). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price.

"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or afﬁliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.

Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the

1. Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as conﬁdential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify,transferor distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modiﬁcations unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneﬁciaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN

ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneﬁciary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

General

4. a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks

Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections

12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer

fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction.

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from

Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the action

arose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement between

Customer and Nortel Networks.

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software.

If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.

Preface 9

Before you begin 9 Text conventions 10 Related information 11

How to get help 12

Chapter 1 Installing SREM 15

SREM installation precautions 15 System requirements 16 Removing previous versions of SREM 16

Installing SREM on your system 21

Chapter 2 SREM Screen Descriptions 27

SREM window areas 27

Indicator icons 33 Screen icons 34 Right-click menu 35

Publications 11 Online 12

Accessing the uninstall application 17 Uninstalling SREM 17

Menus 29 Toolbar items 32

Chapter 3 Using SREM 37

Accessing the SREM software 37

Opening SREM 38 Quitting SREM 38

Viewing SREM online help 38 Conﬁguring SREM settings 40 Managing network access devices from the SREM 41

Adding a new network access device 42

Deleting a network access device 44

Grouping network access devices in SREM 44

Modifying network information 46

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

6 Contents

Logging into a network access device 46

Saving a network conﬁguration 47

Opening a network conﬁguration 47 Changing information within the SREM 48

Cutting, copying, and pasting data between devices 49

Changing ﬁeld values in the SREM 50 Managing changes within the SREM 50

Applying and saving individual changes 50

Applying and saving groups of changes 51 Managing logs and statistics within the SREM 52 Using the Log Browser tool 54

Index 57 Figures

Figure 1 Introduction 18 Figure 2 Uninstall Options 19 Figure 3 Choose Product Features 20 Figure 4 Uninstall Complete 21 Figure 5 InstallAnywhere 21 Figure 6 Introduction 22 Figure 7 Close all running instances of Security and Routing Element

Manager 22 Figure 8 Choose Install Folder 23 Figure 9 Choose Shortcut Folder 24 Figure 10 Launching uninstaller 24 Figure 11 Pre-Installation Summary 25 Figure 12 Install Complete 26 Figure 13 Main SREM screen 28 Figure 14 SREM toolbar 32 Figure 15 Change Manager tab 34 Figure 16 Statistics Manager tab 35 Figure 17 Right-click menu example 35 Figure 18 SREM online help 39 Figure 19 Options dialog box 40 Figure 20 New Device screen 43 Figure 21 Right-click menu 45 Figure 22 New Sub Network dialog box 45 Figure 23 Save dialog box 47 Figure 24 Open dialog box 48 Figure 25 Right-click menu 49 Figure 26 Paste As dialog box 49 Figure 27 Change Manager tab 52 Figure 28 Statistics Manager tab 53 Figure 29 Log Browser 54 Figure 30 Retrieval Criteria — Deﬁnition View 55 Figure 31 Retrieval Criteria — Summary View 56

Tables

Table 1 SREM Descriptions 27

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

Table 2 Main SREM window 27 Table 3 File menu 29 Table 4 Edit menu 30 Table 5 View menu 30 Table 6 Tools menu 31 Table 7 Window menu 31 Table 8 Help menu 32 Table 9 Toolbar items 32 Table 10 Indicator icons 33 Table 11 Screen icons 34 Table 12 Right-click menu options 36 Table 13 Online help icons 39 Table 14 SREM Options 41 Table 15 New Device ﬁelds 43 Table 16 SREM Options 52

Contents 7

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

8 Contents

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

Preface

This document provides generic instructions for installing and using the Security & Routing Element Manager (SREM) software.

Security & Routing Element Manager (SREM) is a graphical user interface (GUI) that runs in an online, interactive mode. SREM allows the management of multiple devices (for example, the Nortel SNAS 4050) from one application. To use SREM, you must have network connectivity to a management station running SREM in one of the supported environments.

Before you begin

This guide is intended for network administrators who have the following background:

•

basic knowledge of networks, Ethernet bridging, and IP routing

•

familiarity with networking concepts and terminology

•

experience with windowing systems or GUIs

• basic knowledge of network topologies

Before using this guide, you must complete the following procedures. For a new switch:

Step Action 1

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

Install the switch. For installation instructions, see Nortel Secure Network Access

Switch 4050 Installation Guide (320846-A). Connect the switch to the network.

For more information, see Nortel Secure Network Access Solution Guide (320817-A).

Complete the basic switch conﬁguration using CLI commands. For more information, see Nortel Secure Network Access Switch

4050 User Guide (320818-A).

NN47230-301 02.01 Standard

1.6.1 16 July 2007

10 Preface

Text conventions

This guide uses the following text conventions:

angle brackets (< >) Enter text based on the description inside the brackets.

—End—

Do not type the brackets when entering the command.

Example: If the command syntax is

ping <ip_address>, you enter

ping 192.32.10.12

bold body text

Objects such as window names, dialog box names, and icons, as well as user interface objects such as buttons, tabs, and menu items.

bold Courier text

Command names, options, and text that you must enter.

Example: Use the dinfo command.

Example: Enter show ip {alerts|routes}.

braces ({}) Required elements in syntax descriptions where there

is more than one option. You must choose only one of the options. Do not type the braces when entering the command.

Example: If the command syntax is

show ip {alerts|routes}, you must enter either show ip alerts or show ip routes, but not

both.

brackets ([ ]) Optional elements in syntax descriptions. Do not type

the brackets when entering the command.

ellipsis points (. . . ) Repeat the last element of the command as needed.

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

Example: If the command syntax is show ip interfaces [-alerts], you can enter either show ip interfaces or show ip interfaces -alerts.

Example: If the command syntax is ethernet/2/1 [<parameter> <value>]... , you enter ethernet/2/1 and as many parameter-value pairs as needed.

NN47230-301 02.01 Standard

1.6.1 16 July 2007

Related information 11

italic text Variables in command syntax descriptions. Also

indicates new terms and book titles. Where a variable is two or more words, the words are connected by an underscore.

Example: If the command syntax is

show at <valid_route>, valid_route is one variable and you substitute one

value for it.

plain Courier text

separator ( > ) Menu paths.

vertical line ( | ) Options for command keywords and arguments. Enter

Command syntax and system output, for example, prompts and system messages.

Example: Set Trap Monitor Filters

Example: Protocols > IP identifies the IP command on the Protocols menu.

only one of the options. Do not type the vertical line when entering the command.

Related information

This section lists information sources that relate to this document.

Publications

Refer to the following publications for information on the Nortel SNA solution:

•

Nortel Secure Network Access Solution Guide (320817-A)

•

Nortel Secure Network Access Switch 4050 Installation Guide (320846-A)

• Nortel Secure Network Access Switch 4050 User Guide (320818-A)

•

Installing and Using the Security & Routing Element Manager (SREM) (320199-B)

•

Release Notes for Nortel Ethernet Routing Switch 5500 Series, Software Release 4.3 (217468-B)

•

Release Notes for the Ethernet Routing Switch 8300, Software Release

2.2.8 (316811-E)

Example: If the command syntax is

show ip {alerts|routes}, you enter either show ip alerts or show ip routes, but not

both.

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

12 Preface

Online

•

Release Notes for the Nortel Secure Network Access Solution, Software Release 1.0 (320850-A)

•

Release Notes for Enterprise Switch Manager (ESM), Software Release

5.1 (209960-H)

• Using Enterprise Switch Manager Release 5.1 (208963-F)

To access Nortel technical documentation online, go to the Nortel web site:

www

nortel.com/support

You can download current versions of technical documentation. To locate documents, browse by category or search using the product name or number.

You can print the technical manuals and release notes free, directly from the Internet. Use Adobe* Reader* to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to the Adobe Systems site at w

ww.adobe.com to download a free copy

of Adobe Reader.

How to get help

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.

If you purchased a Nortel service program, use the w web page to locate information to contact Nortel for assistance:

•

An Express Routing Code (ERC) is available for many Nortel products and services. When you use an ERC, your call is routed to a technical support person who specializes in supporting that product or service. To locate the ERC for your product or service, go to the w and follow these links:

Step Action 1

ww.nortel.com/help

To obtain Nortel Technical Support contact information, click the CONTACT US link on the left side of the page.

To call a Nortel Technical Solutions Center for assistance, click the CALL US link on the left side of the page to ﬁnd the telephone number for your region.

ww.nortel.com/help web page

Click CONTACT US on the left side of the HELP web page.

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

Click Technical Support on the CONTACT US web page.

NN47230-301 02.01 Standard

1.6.1 16 July 2007

How to get help 13

Click Express Routing Codes on the TECHNICAL SUPPORT web page.

—End—

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

14 Preface

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

Chapter 1 Installing SREM

The Security & Router Element Manager (SREM) is a graphical user interface that allows users to conﬁgure and monitor a variety of devices, including the Nortel Secure Network Access Switch 4050 (Nortel SNAS

4050) and the Nortel Secure Router 6200 Series. SREM runs in an online, interactive mode, and allows the management of

multiple devices from a single application. This chapter includes the following topics:

Topic

"SREM installation precautions" (page 15) "System requirements" (page 16) "Removing previous versions of SREM" (page 16) "Installing SREM on your system" (page 21)

•

"SREM installation precautions" (page 15)

•

"System requirements" (page 16)

•

"Removing previous versions of SREM" (page 16)

•

"Installing SREM on your system" (page 21)

SREM installation precautions

The following warnings apply to SREM on all operating environments:

•

If you have other Nortel devices in your network, and are running earlier versions of SREM software, you must install the newest version of SREM in order to access the switches running the latest software.

•

To maintain multiple versions of SREM on your system, choose a different installation folder for each new version of SREM.

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

16 Chapter 1 Installing SREM

To replace an existing version of SREM, you must complete the uninstall process ﬁrst. The uninstall process is launched when:

— the SREM uninstall process is started manually (see "Accessing the

uninstall application" (page 17) "Accessing the uninstall application" (page 17))

— the install folder selected during an SREM installation already

contains a version of the software

•

SREM saves the IP addresses that are visited to an encrypted network conﬁguration (.xvn) ﬁle. Uninstalling SREM does not remove this settings ﬁle.

For details about creating a network conﬁguration ﬁle, refer to "Saving

a network conﬁguration" (page 47) "Saving a network conﬁguration" (page 47).

• The network conﬁguration ﬁle containing IP addresses visited from a

previous SREM version is automatically used by a newly installed SREM version. If you do not wish to use the existing network conﬁguration ﬁle, rename or delete the network conﬁguration ﬁle before starting the SREM.

System requirements

Before you install SREM, ensure that you have the current installation ﬁle and that your system meets the following minimum requirements:

•

Java Runtime Environment 1.4.2_02 or later (w

• Win 2k, Win NT 4.0 or later, Windows XP

•

Hardware: P3 1.2 GHz or higher

•

Memory: 512 MB

•

Hard drive space: 72.5 MB

Removing previous versions of SREM

Removing previous versions of SREM is an optional process. Multiple versions of SREM can exist on one system, as long as each version is installed in a separate location. If you decide to allow previous versions of SREM to remain, then you must choose a different folder to use during the installation process.

For details about the Uninstall process, refer to "Uninstalling SREM" (page

17) "Uninstalling SREM" (page 17).

ww.java.com/)

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

Accessing the uninstall application

If you attempt to install SREM in a folder that already contains a version of the software, then you are prompted to uninstall the existing version automatically before completing the install process.

There are also two ways to access the SREM uninstall application manually:

•

"Using the Start Menu shortcut" (page 17)

•

"Using Windows Explorer" (page 17)

•

"Using the Start Menu shortcut" (page 17)

•

"Using Windows Explorer" (page 17)

Using the Start Menu shortcut

Remove existing versions of SREM software with the Uninstall Security & Routing Element Manager option, created in the Windows Start menu during installation.

For example, to remove SREM from a Windows XP system using the default program group, choose the following option from the Windows Start menu:

All Programs > Nortel Networks Device Manager > Uninstall Security & Routing Element Manager.

Removing previous versions of SREM 17

Using Windows Explorer

If no program group was added to the Windows Start menu during installation, then complete the following steps to access the SREM uninstall software:

Step Action 1

Navigate to the folder where the SREM software is installed using Windows Explorer.

2 3

Open the Uninstall_Security & Routing Element Manager sub-folder. Run the Uninstall Security & Routing Element Manager.exe ﬁle.

Note: If more than one version of SREM software is installed, be sure that you select the correct software version to uninstall.

Uninstalling SREM

Use the following procedure to remove SREM from your system.

—End—

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

NN47230-301 02.01 Standard

1.6.1 16 July 2007

18 Chapter 1 Installing SREM

Step Action 1

Start the SREM uninstall application.

Note: The uninstall process can be started using steps described in "Accessing the uninstall application" (page 17)

"Accessing the uninstall application" (page 17), or by attempting

to install SREM into a directory that contains an existing SREM installation.

The Uninstall Security & Routing Element Manager Introduction screen appears(Figure 1 "Introduction" (page 18)).

Figure 1 Introduction

Nortel Secure Network Access Switch Software Release 1.6.1

Installing and Using Security and Routing Element Manager (SREM)

Click Next. The Uninstall Options screen appears (Figure 2 "Uninstall Options"

(page 19)).

NN47230-301 02.01 Standard

1.6.1 16 July 2007

+ 42 hidden pages