Page 1
Nortel Secure Router 8000 Series
Configuration Guide - Basic
Configuration
Release:
Document Revision:
5.3
01.01
www.nortel.com
NN46240-501 324555-A Rev01
Page 2
Nortel Secure Router 8000 Series
Release: 5.3
Publication: NN46240-501
Document Revision: 01.01
Document status: Standard
Document release date: 30 March 2009
Copyright © 2009 Nortel Networks
All Rights Reserved.
Printed in Canada, India, and the United States of America
LEGAL NOTICE
While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
ATTENTION
For information about the safety precautions, read "Safety messages" in this guide.
For information about the software license, read "Software license" in this guide.
Page 3
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
About this document.......................................................................................................................1
1 Product overview........................................................................................................................1-1
1.1 Introduction.................................................................................................................................................1-2
1.1.1 Secure Router 8000 Series ................................................................................................................1-2
1.1.2 Architecture.......................................................................................................................................1-2
1.1.3 Versatile Routing Platform................................................................................................................1-3
1.2 Functional features......................................................................................................................................1-3
1.3 Functions.....................................................................................................................................................1-9
1.3.1 File system ......................................................................................................................................1-10
1.3.2 SNMP configuration........................................................................................................................1-10
1.3.3 Terminal services.............................................................................................................................1-10
1.3.4 High Availability.............................................................................................................................1-11
1.3.5 Interfaces.........................................................................................................................................1-12
1.3.6 Link layer protocols ........................................................................................................................1-12
1.3.7 IP services.......................................................................................................................................1-12
1.3.8 Unicast routing protocols ................................................................................................................1-13
1.3.9 Multicast routing protocols .............................................................................................................1-14
1.3.10 MPLS features...............................................................................................................................1-14
1.3.11 VPN services.................................................................................................................................1-15
1.3.12 QoS................................................................................................................................................1-15
1.3.13 Security features............................................................................................................................1-17
2 Configuration environment setup ..........................................................................................2-1
2.1 Introduction.................................................................................................................................................2-2
2.1.1 Console port configuration................................................................................................................2-2
2.1.2 Telnet configuration ..........................................................................................................................2-2
2.1.3 AUX port configuration.....................................................................................................................2-3
2.2 Establishing the local configuration environment through the console port................................................2-3
2.2.1 Establishing the configuration task ...................................................................................................2-3
2.2.2 Establishing the physical connection.................................................................................................2-4
2.2.3 Configuring terminals........................................................................................................................2-4
2.2.4 Logging on to the router....................................................................................................................2-4
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
i
Page 4
Nortel Secure Router 8000 Series
2.3 Establishing the configuration environment through Telnet........................................................................2-4
2.3.1 Establishing the configuration task ...................................................................................................2-4
2.3.2 Establishing the physical connection.................................................................................................2-5
2.3.3 Configuring logon user parameters...................................................................................................2-5
2.3.4 Logging on from the Telnet client.....................................................................................................2-5
2.4 Establishing the configuration environment through the AUX port............................................................2-6
2.4.1 Establishing the configuration task ...................................................................................................2-6
2.4.2 Establishing the physical connection.................................................................................................2-6
2.4.3 Initializing and configuring the modem on the interface...................................................................2-7
2.4.4 Configuring the connection between the remote terminal and the router..........................................2-7
2.4.5 Logging on to the router....................................................................................................................2-7
2.5 Configuration examples...............................................................................................................................2-7
2.5.1 Example of logging on through the console port..............................................................................2-7
2.5.2 Example of logging on through Telnet............................................................................................2-10
2.5.3 Example of logging on through the AUX port................................................................................2-11
Configuration Guide - Basic Configuration
3 CLI overview...............................................................................................................................3-1
3.1 Introduction.................................................................................................................................................3-2
3.1.1 CLI characteristics.............................................................................................................................3-2
3.1.2 Command levels................................................................................................................................3-3
3.1.3 Command line views.........................................................................................................................3-3
3.1.4 Regular expressions...........................................................................................................................3-3
3.2 Configuring the command line view...........................................................................................................3-4
3.3 CLI online Help...........................................................................................................................................3-7
3.4 CLI error messages......................................................................................................................................3-8
3.5 Command history........................................................................................................................................3-8
3.6 Editing characteristics .................................................................................................................................3-9
3.7 Display characteristics.................................................................................................................................3-9
3.8 Outputting the display ...............................................................................................................................3-10
3.8.1 V iewing the display.........................................................................................................................3-10
3.8.2 Filtering the display.........................................................................................................................3-10
3.9 Filtering information through regular expressions ....................................................................................3-10
3.10 Shortcut keys...........................................................................................................................................3-11
3.10.1 Classifying shortcut keys...............................................................................................................3-11
3.10.2 Defining shortcut keys...................................................................................................................3-13
3.10.3 Using shortcut keys.......................................................................................................................3-13
3.11 Configuration examples...........................................................................................................................3-14
3.11.1 Example for using shortcut keys ...................................................................................................3-14
4 Basic configuration ....................................................................................................................4-1
4.1 Introduction.................................................................................................................................................4-2
4.1.1 Extension of command levels............................................................................................................4-2
4.1.2 Extension of user levels.....................................................................................................................4-2
ii
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 5
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
4.2 Configuring the basic system environment.................................................................................................4-2
4.2.1 Establishing the configuration task ...................................................................................................4-2
4.2.2 Configuring the device name ............................................................................................................4-3
4.2.3 Configuring the system clock............................................................................................................4-4
4.2.4 Configuring the header text...............................................................................................................4-4
4.2.5 Configuring the password for switching user levels..........................................................................4-5
4.2.6 Switching user levels.........................................................................................................................4-5
4.2.7 Locking the user interface.................................................................................................................4-6
4.2.8 Configuring command privilege levels.............................................................................................4-6
4.2.9 Displaying system status messages...................................................................................................4-6
5 User management.......................................................................................................................5-1
5.1 Introduction.................................................................................................................................................5-2
5.1.1 User interface view............................................................................................................................5-2
5.1.2 User management..............................................................................................................................5-3
5.2 Configuring a user interface........................................................................................................................5-4
5.2.1 Establishing the configuration task ...................................................................................................5-4
5.2.2 Transmitting m essages between user interfaces................................................................................5-6
5.2.3 Configuring asynchronous interface attributes..................................................................................5-6
5.2.4 Setting terminal attributes .................................................................................................................5-7
5.2.5 Configuring the user interface priority..............................................................................................5-7
5.2.6 Configuring modem attributes...........................................................................................................5-8
5.2.7 Configuring an auto-execute command.............................................................................................5-8
5.2.8 Configuring the redirection function.................................................................................................5-9
5.2.9 Configuring the call-in or call-out restrictions of the VTY user interface.........................................5-9
5.2.10 Configuring the maximum number of VTY user interfaces..........................................................5-10
5.2.11 Configuring the authentication timeout for VTY users .................................................................5-10
5.2.12 Disconnecting a user interface.......................................................................................................5-11
5.2.13 Checking the configuration...........................................................................................................5-11
5.3 Configuring user management...................................................................................................................5-11
5.3.1 Establishing the configuration task .................................................................................................5-11
5.3.2 Configuring the authentication mode..............................................................................................5-12
5.3.3 Configuring the authentication password ........................................................................................5-13
5.3.4 Configuring the user name and password for AAA local authentication.........................................5-13
5.3.5 Configuring the user priority...........................................................................................................5-14
5.3.6 Checking the configuration.............................................................................................................5-14
5.4 Configuring local user management..........................................................................................................5-14
5.4.1 Establishing the configuration task .................................................................................................5-14
5.4.2 Creating the local user account........................................................................................................5-15
5.4.3 Configuring the service type of the local user.................................................................................5-15
5.4.4 Configuring FTP directory authority for the local user...................................................................5-16
5.4.5 Configuring the local user status.....................................................................................................5-16
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
iii
Page 6
Nortel Secure Router 8000 Series
5.4.6 Configuring the local user priority..................................................................................................5-17
5.4.7 Configuring the access restriction of the local user.........................................................................5-17
5.4.8 Checking the configuration.............................................................................................................5-17
5.5 Configuration examples.............................................................................................................................5-18
5.5.1 Example of logging on to the router through password authentication...........................................5-18
5.5.2 Example of logging on to the router through AAA.........................................................................5-19
Configuration Guide - Basic Configuration
6 File system management ..........................................................................................................6-1
6.1 Introduction.................................................................................................................................................6-2
6.1.1 File system ........................................................................................................................................6-2
6.1.2 Storage devices..................................................................................................................................6-2
6.1.3 Files...................................................................................................................................................6-2
6.1.4 Directories.........................................................................................................................................6-2
6.2 Managing directories...................................................................................................................................6-2
6.2.1 Establishing the configuration task ...................................................................................................6-2
6.2.2 Viewing the current directory............................................................................................................6-3
6.2.3 Switching the directory .....................................................................................................................6-3
6.2.4 Displaying the files in a directory .....................................................................................................6-4
6.2.5 Creating a directory...........................................................................................................................6-4
6.2.6 Deleting a directory...........................................................................................................................6-4
6.3 Managing files.............................................................................................................................................6-5
6.3.1 Displaying the contents of a file........................................................................................................6-5
6.3.2 Copying a file....................................................................................................................................6-6
6.3.3 Moving a file.....................................................................................................................................6-6
6.3.4 Renaming a file.................................................................................................................................6-6
6.3.5 Deleting a file....................................................................................................................................6-7
6.3.6 Deleting files in the recycle bin.........................................................................................................6-7
6.3.7 Restoring files...................................................................................................................................6-7
6.4 Configuring batch configuration .................................................................................................................6-8
6.5 Managing storage devices...........................................................................................................................6-8
6.6 Configuring prompt modes..........................................................................................................................6-9
6.7 Example of configuring directory management........................................................................................6-10
7 Configuration file management..............................................................................................7-1
7.1 Introduction.................................................................................................................................................7-2
7.1.1 Configuration file..............................................................................................................................7-2
7.1.2 Configuration files and current configurations..................................................................................7-2
7.2 Displaying the configuration of the router...................................................................................................7-2
7.2.1 Viewing the intial configuration........................................................................................................7-2
7.2.2 Viewing the current configuration.....................................................................................................7-3
7.2.3 Viewing the running configuration in the current view.....................................................................7-3
7.3 Saving the current configuration .................................................................................................................7-3
7.4 Clearing the running information................................................................................................................7-3
iv
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 7
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
7.5 Comparing configuration files.....................................................................................................................7-4
8 FTP, TFTP, and Xmodem..........................................................................................................8-1
8.1 Introduction.................................................................................................................................................8-2
8.1.1 FTP....................................................................................................................................................8-2
8.1.2 TFTP .................................................................................................................................................8-2
8.1.3 Xmodem............................................................................................................................................8-2
8.2 Configuring the router to be the FTP server................................................................................................8-3
8.2.1 Establishing the configuration task ...................................................................................................8-3
8.2.2 Enabling the FTP server....................................................................................................................8-4
8.2.3 Configuring the timeout period.........................................................................................................8-4
8.2.4 Configuring the local user name and password.................................................................................8-4
8.2.5 Configuring service types and authorization information.................................................................8-5
8.2.6 Checking the configuration...............................................................................................................8-5
8.3 Configuring FTP ACL................................................................................................................................. 8-6
8.3.1 Establishing the configuration task ...................................................................................................8-6
8.3.2 Enabling the FTP server....................................................................................................................8-6
8.3.3 Configuring the basic ACL................................................................................................................8-7
8.3.4 Configuring the basic FTP ACL........................................................................................................8-7
8.4 Configuring the router to be the FTP client.................................................................................................8-8
8.4.1 Establishing the configuration task ...................................................................................................8-8
8.4.2 Logging on to the FTP server............................................................................................................8-8
8.4.3 Configuring the file transmission mode............................................................................................8-9
8.4.4 Viewing online Help for the FTP command......................................................................................8-9
8.4.5 Uploading or downloadi ng fil e s........................................................................................................8-9
8.4.6 Managing directories.......................................................................................................................8-10
8.4.7 Managing files.................................................................................................................................8-11
8.4.8 Changing logon users......................................................................................................................8-11
8.4.9 Disconnecting FTP..........................................................................................................................8-11
8.5 Configuring TFTP.....................................................................................................................................8-12
8.5.1 Establishing the configuration task .................................................................................................8-12
8.5.2 Downloading files through TFTP....................................................................................................8-12
8.5.3 Uploading files through TFTP.........................................................................................................8-13
8.6 Limiting access to the TFTP server...........................................................................................................8-13
8.6.1 Establishing the configuration task .................................................................................................8-13
8.6.2 Configuring the basic ACL..............................................................................................................8-14
8.6.3 Configuring the basic TFTP ACL....................................................................................................8-14
8.7 Configuring Xmodem................................................................................................................................8-14
8.7.1 Establishing the configuration task .................................................................................................8-14
8.7.2 Retrieving a file through Xmodem..................................................................................................8-15
8.8 Configuration examples.............................................................................................................................8-15
8.8.1 Example of configuring the FTP server...........................................................................................8-15
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
v
Page 8
Nortel Secure Router 8000 Series
8.8.2 Example of configuring FTP ACL.................................................................................................. 8-17
8.8.3 Example of configuring the FTP client...........................................................................................8-19
8.8.4 Example of configuring TFTP.........................................................................................................8-20
8.8.5 Example of configuring XModem...................................................................................................8-22
Configuration Guide - Basic Configuration
9 Telnet and SSH...........................................................................................................................9-1
9.1 Introduction.................................................................................................................................................9-2
9.1.1 Overview of user logon.....................................................................................................................9-2
9.1.2 Telnet terminal services.....................................................................................................................9-2
9.1.3 SSH terminal services.......................................................................................................................9-4
9.2 Configuring Telnet terminal services...........................................................................................................9-6
9.2.1 Establishing the configuration task ...................................................................................................9-6
9.2.2 Establishing a Telnet connection.......................................................................................................9-7
9.2.3 Scheduling Telnet disconnection.......................................................................................................9-7
9.2.4 Checking the configuration...............................................................................................................9-8
9.3 Configuring SSH terminal services .............................................................................................................9-8
9.3.1 Establishing the configuration task ...................................................................................................9-8
9.3.2 Configuring SSH for the VTY user interface....................................................................................9-9
9.3.3 Generating the local RSA key pair..................................................................................................9-10
9.3.4 Authenticating the SSH client through the password......................................................................9-10
9.3.5 Authenticating the SSH client through RSA ...................................................................................9-11
9.3.6 Configuring basic authentication information for the SSH user......................................................9-12
9.3.7 Authorizing the SSH user through the command line interface ......................................................9-12
9.3.8 Checking the configuration.............................................................................................................9-12
9.4 Maintaining Telnet and SSH......................................................................................................................9-13
9.4.1 Debugging Telnet terminal services................................................................................................9-13
9.4.2 Debugging SSH termin al services...................................................................................................9-13
9.5 Configuration examples.............................................................................................................................9-14
9.5.1 Example of configuring Telnet terminal services............................................................................9-14
9.5.2 Example of configuring password authentication...........................................................................9-16
9.5.3 Example of configuring RSA authentication...................................................................................9-17
10 Router maintenance...............................................................................................................10-1
10.1 Introduction.............................................................................................................................................10-2
10.1.1 Device operation management......................................................................................................10-2
10.1.2 Electronic label..............................................................................................................................10-2
10.2 Powering off the FIC/HIC.......................................................................................................................10-2
10.2.1 Establishing the configuration task ...............................................................................................10-2
10.2.2 Powering off the FIC/HIC.............................................................................................................10-3
10.2.3 Checking the configuration ...........................................................................................................10-3
10.3 Managing the device operation................................................................................................................10-4
10.3.1 Establishing the configuration task ...............................................................................................10-4
10.3.2 Specifying the slave RPU..............................................................................................................10-5
vi
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 9
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
10.3.3 Restarting the router......................................................................................................................10-5
10.3.4 Performing the master/slave switchover........................................................................................10-6
10.4 Monitoring the router status ....................................................................................................................10-7
10.4.1 Displaying the basic device information.......................................................................................10-7
10.4.2 Displaying the system version information...................................................................................10-7
10.4.3 Displaying RPU restart information..............................................................................................10-8
10.5 Configuring the electronic label.............................................................................................................. 10-9
10.5.1 Establishing the configuration task ...............................................................................................10-9
10.5.2 Querying the electronic label.........................................................................................................10-9
10.5.3 Backing up the electronic label.....................................................................................................10-9
11 System software upgrade .....................................................................................................11-1
11.1 Introduction .............................................................................................................................................11-2
11.1.1 System software upgrade...............................................................................................................11-2
11.1.2 License ..........................................................................................................................................11-2
11.2 Uploading the system software and license files.....................................................................................11-3
11.2.1 Establishing the configuration task................................................................................................11-3
11.2.2 Uploading the system software and license to the master RPU..................................................11-3
11.2.3 Copying the system software and license to the slave RPU..........................................................11-4
11.2.4 Checking the configuration ...........................................................................................................11-4
11.3 Specifying the system software for the next router startup......................................................................11-5
11.3.1 Establishing the cofiguration task..................................................................................................11-5
11.3.2 Specifying the system software for the next startup of the master RPU........................................11-5
11.3.3 Specifying the system software for the next startup of the slave RPU..........................................11-6
11.3.4 Checking the configuration ...........................................................................................................11-6
12 Patch management .................................................................................................................12-1
12.1 Introduction.............................................................................................................................................12-2
12.2 Checking the system for running patches................................................................................................12-3
12.2.1 Establishing the configuration task ...............................................................................................12-3
12.2.2 Checking for a running patch on the RPU.....................................................................................12-3
12.3 Uploading a patch....................................................................................................................................12-4
12.3.1 Establishing the configuration task ...............................................................................................12-4
12.3.2 Uploading a patch to the root directory of the flash of the master RPU........................................12-4
12.3.3 Copying a patch to the root directory of the flash of the slav e RPU .............................................12-5
12.4 Installing a patch on the RPU..................................................................................................................12-5
12.4.1 Establishing the configuration task ...............................................................................................12-5
12.4.2 Uploading the RPU patch..............................................................................................................12-6
12.4.3 Activating the RPU patch.............................................................................................................. 12-6
12.4.4 Running the RPU patch................................................................................................................. 12-6
12.5 Canceling the RPU patch.........................................................................................................................12-6
12.5.1 Establishing the configuration task ...............................................................................................12-6
12.5.2 Deactivating the RPU patch ..........................................................................................................12-7
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
vii
Page 10
Nortel Secure Router 8000 Series
12.6 Removing the RPU patch........................................................................................................................12-7
12.6.1 Establishing the configuration task ...............................................................................................12-7
12.6.2 Deleting the RPU patch.................................................................................................................12-8
Configuration Guide - Basic Configuration
A Glossary .................................................................................................................................... A-1
B Acronyms and abbreviations .................................................................................................B-1
Index ................................................................................................................................................ i-1
viii
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 11
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Figures
Figure 1-1 Architecture.....................................................................................................................................1-3
Figure 2-1 Networking diagram of logging on through the console port.........................................................2-8
Figure 2-2 New connection..............................................................................................................................2-8
Figure 2-3 Setting the port................................................................................................................................2-9
Figure 2-4 Setting the port communication parameters....................................................................................2-9
Figure 2-5 Establishing the configuration environment through the wide area network (WAN) ...................2-10
Figure 2-6 Running the Telnet program on the PC.........................................................................................2-11
Figure 2-7 Establishing the remote configuration environment .....................................................................2-11
Figure 8-1 Using FTP to download files......................................................................................................... 8-16
Figure 8-2 FTP ACL.......................................................................................................................................8-18
Figure 8-3 Configuring the FTP client............................................................................................................8-19
Figure 8-4 Using TFTP to download files......................................................................................................8-21
Figure 8-5 Setting the base directory of the TFTP server...............................................................................8-21
Figure 8-6 Specifying the file to send.............................................................................................................8-23
Figure 9-1 Telnet client services.......................................................................................................................9-3
Figure 9-2 Telnet redirection services...............................................................................................................9-3
Figure 9-3 Usage of Telnet shortcut keys .........................................................................................................9-3
Figure 9-4 Establishing an SSH channel in a LAN ..........................................................................................9-5
Figure 9-5 Establishing an SSH channel in a WAN..........................................................................................9-5
Figure 9-6 Networking diagram for Telnet mode...........................................................................................9-14
Figure 9-7 Networking diagram of SSH password authentication .................................................................9-16
Figure 9-8 Accessing the router from the client software...............................................................................9-17
Figure 9-9 Networking di agram of RSA ........................................................................................................9-18
Figure 12-1 Conversion of patch status..........................................................................................................12-2
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
ix
Page 12
Page 13
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Tables
Table 1-1 System service features.....................................................................................................................1-3
Table 3-1 Command line views........................................................................................................................3-5
Table 3-2 Common CLI error messages...........................................................................................................3-8
Table 3-3 Access the command history.............................................................................................................3-8
Table 3-4 Editing functions...............................................................................................................................3-9
Table 3-5 Display functions............................................................................................................................3-10
Table 3-6 Metacharacters................................................................................................................................3-10
Table 3-7 System-defined shortcut keys.........................................................................................................3-12
Table 5-1 Examples of absolute numbering......................................................................................................5-2
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
xi
Page 14
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
About this document....................................................................................................................... 1
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
i
Page 15
Page 16
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration About this document
About this document
Overview
This section describes the organization of this document, product version, intended audience,
conventions, and update history.
Related versions
The following table lists the product versions related to this document.
Product name Version
Nortel Secure Router 8000 Series Nortel Secure Router 8000 Series
Intended audience
This document is intended for the following audience:
z
network operators
z
network administrators
z
network maintenance engineers
Organization
This document consists of twelve chapters and is or ga ni zed as follow s.
Chapter Content
1 Product overview This chapter describes the architecture, features, and main
2 Establishment of the
Configuration Environment
Issue 5.3 (30 March 2009)
functions of the Nortel Secure Router 8000 Series.
This chapter describes the procedures to set up the
configuration environment through the console port, Telnet,
and the AUX port.
Nortel Networks Inc.
1
Page 17
About this document
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Chapter Content
3 CLI overview This chapter describes the command line interface (CLI),
command levels, command views, and hot keys.
4 Basic configuration This chapter describes how to configure the basic system
environment on the router.
5 User management This chapter describes the basic concepts of the user
interface and user management.
6 File System This chapter describes the file system and its configuration.
7 Management of
Configuration Files
8 FTP, TFTP, and
Xmodem
9 Telnet and SSH This chapter provides an overv iew of Telnet and Secure
10 Router maintenance This chapter describes the principles and concepts of router
11 System software
upgrade
12 Patch management This chapter describes the principles and concepts of patch
Appendix A Glossary and
Appendix B Acronyms and
Abbreviations
Index This chapter lists important key words used in this manual
This chapter describes how to manage the configuration
file.
This chapter describes how to configure the basic functions
of the File Transfer Protocol (FTP) server, and how to
upload and download files through FTP, Trivial File
Transfer Protocol (TFTP), and Xmodem.
Shell (SSH) and describes how to log on to the router
through Telnet and configure the router.
maintenance.
This chapter describes the principles and concepts of
system software upgrades.
management.
This chapter contains a glossary and list of frequently used
acronyms and abbreviations.
to help you access information quickly.
Conventions
This section describes the symbol and text conventions used in this document.
Symbol conventions
The following table describes the symbols that are used in this document.
Symbol Description
2
Indicates a hazard with a high level of risk that, if not avoided,
can result in death or serious injury.
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 18
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration About this document
Symbol Description
Indicates a hazard with a medium or low level of risk that, if
not avoided, can result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided,
can cause equipment damage, data loss, and performance
degradation, or unexpected results.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman font.
Boldface
Italic Book titles are in italics.
Courier New
Command conventions
Convention Description
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
Names of files, directories, folders, and users are in
boldface. For example, log on as the user root.
Terminal display is in Courier New font.
Boldface
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in square brackets [ ] are
{ x | y | ... } Alternative items are grouped in braces and separated by
[ x | y | ... ] Optional alternative items are grouped in square brackets
{ x | y | ... } * Alternative items are grouped in braces and separated by
[ x | y | ... ] *
Issue 5.3 (30 March 2009)
The keywords of a command line are in boldface.
optional.
vertical bars. You select one item.
and separated by vertical bars. You select one item or no
item.
vertical bars. You can select a minimum of one item or a
maximum of all items.
Optional alternative items are grouped in square brackets
and separated by vertical bars. You can select no item or
multiple items.
Nortel Networks Inc.
3
Page 19
About this document
Convention Description
&<1-n> The parameter before the ampersand sign (&) can be
# A line starting with the number sign (#) contains comments.
GUI conventions
Convention Description
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
repeated 1 to n times.
Boldface
> Multilevel menus are in boldface and separated by the
Keyboard operation
Format Description
Key
Key 1+Key 2
Key 1, Key 2 Press the keys in turn. For example, Alt, A means press the
Mouse operation
Buttons, menus, parameters, tabs, windows, and dialog box
titles are in boldface. For example, click OK.
right-angled bracket sign (>). For example, choose File >
Create > Folder.
Press the key. For example, press Enter and press Tab.
Press the keys concurrently. For example, Ctrl+Alt+A
means press the three keys concurrently.
two keys in turn.
4
Action Description
Click Select and release the primary mouse button without
moving the pointer.
Double-click Press the primary mouse button twice continuously and
quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a new position.
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Page 20
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration About this document
Update history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 01(2008-06-06)
This is the first release of this document.
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
5
Page 21
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
1 Product overview........................................................................................................................1-1
1.1 Introduction...................................................................................................................................................1-2
1.1.1 Secure Router 8000 Series...................................................................................................................1-2
1.1.2 Architecture..........................................................................................................................................1-2
1.1.3 Versatile Routing Platform...................................................................................................................1-3
1.2 Functional features........................................................................................................................................1-3
1.3 Functions.......................................................................................................................................................1-9
1.3.1 File system.........................................................................................................................................1-10
1.3.2 SNMP configuration..........................................................................................................................1-10
1.3.3 Terminal services ...............................................................................................................................1-10
1.3.4 High Availability................................................................................................................................1-11
1.3.5 Interfaces............................................................................................................................................1-12
1.3.6 Link layer protocols ...........................................................................................................................1-12
1.3.7 IP services..........................................................................................................................................1-12
1.3.8 Unicast routing protocols...................................................................................................................1-13
1.3.9 Multicast routing protocols................................................................................................................1-14
1.3.10 MPLS features .................................................................................................................................1-14
1.3.11 VPN services....................................................................................................................................1-15
1.3.12 QoS..................................................................................................................................................1-15
1.3.13 Security features...............................................................................................................................1-17
Issue 5.3 (30 March 2009) Nortel Networks Inc.
i
Page 22
Page 23
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Figures
Figure 1-1 Architecture ......................................................................................................................................1-3
Issue 5.3 (30 March 2009) Nortel Networks Inc.
iii
Page 24
Page 25
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Tables
Table 1-1 System service features ......................................................................................................................1-3
Issue 5.3 (30 March 2009) Nortel Networks Inc.
v
Page 26
Page 27
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
1 Product overview
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
1.1 Introduction aracteristics of the Secure This section describes the ch
Router 8000 Series.
1.2 Functional features s the functional features of the
1.3 Functions This section describes the main functions of the Secure
This section describe
Secure Router 8000 Series.
Router 8000 Series.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-1
Page 28
1 Product overview
1.1 Introduction
This section describes the characteristics of the Secure Router 8000 Series:
z
Secure Router 8000 Series
z
Architecture
z
Versatile Routing Platform
1.1.1 Secure Router 8000 Series
The Secure Router 8000 Series routers are grouped into SR8002, SR8004, SR8008, and
SR8012 routers based on the number of slots. The equipment structure and the system of the
SR8012 are similar to the SR8008. All of the routers have a modular architecture and provide
optional multifunctional interface modules such as the High-speed Interface Card (HIC) and
Flexible Interface Card (FIC).
The Secure Router 8000 Series routers provide a coherent network interface, user interface,
and management interface, as well as flexibility and configurability. The routers integrate
technologies such as Multiprotocol Label Switching (MPLS), Virtual Private Network (VPN),
Quality of Service (QoS), traffic engineering, multicast, and user management. The routers
also support link layer protocols. In networking applications, as high-performance
convergence devices, the routers can provide overall service processing capacity and flexible
network solutions, thus improving network value and reducing costs.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
1.1.2 Architecture
Based on the TCP/IP structure model, the Secure Router 8000 Series supports multiple data
link layer protocols, network layer protocols, and application layer protocols, as shown in
Figure 1-1.
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-2
Page 29
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Figure 1-1 Architecture
Service Control Plane(SCP)
Protocol Client
AAA/Local-MCM
Data Forwarding Plane(DFP)
FE API
FEC
FE DRV
FE
General Control Plane(GCP)
Routing
URP4/6 MRP4/6
VPN_ExTE_Ex
RM4/6
IP Stack
Application Layer
Socket Layer
TCP4/6 UDP4/6
IP4/6 ICMP4/6
Net Interface
IFNET/PPP/ETH/
ATM/Tunnel
System Service Plane(SSP)
OSAL
Operating System
L2VPN/L3VPN
CSPF/CR-LDP/
RSVP-TE
Security
FireWall/ACL/
BW-M/QoSM/
RPC
IPC
VPN
MPLS
NAT
QoS
RSVP
System Manage
Plane(SMP)
Config Management
CLI/SNMP/WebUI
CMO
Information
Management
Trace/State Multi
Languages
Device
Management
Hot Plug
Switch Over
1.1.3 Versatile Routing Platform
Versatile Routing Platform (VRP) is a proprietary network operating system platform,
developed for Nortel data communication products. VRP has a modular architecture and can
provide rich functional features and scalability based on applications.
With TCP/IP as its core protocol suite, VRP performs the following functions:
z
integrates routing, QoS, VPN, security, and IP voice in the operating system
z
provides enhanced data forwarding capabilities for routing equipment by using IP
TurboEngine technology
z
provides various hardware platforms with a consistent network interface, user interface,
and management interface
z
provides users with flexible application solutions
1.2 Functional features
This section describes the functional features of the Secure Router 8000 Series.
Table 1-1 System service features
Service features Description
Network
interconnection
Issue 5.3 (30 March 2009) Nortel Networks Inc.
LAN
protocol
Ethernet
VLAN
1-3
Page 30
1 Product overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Service features Description
Network protocol
Link layer
protocol
PPP and MP
HDLC (High-level Data Link Control)
Frame Relay
ATM
PPPoE, IPoA, PPPoA, and PPPoEoA
IP service ARP
Domain name resolution
NAT
IP unnumbered address
DHCP relay and DHCP server
IP policy-based routing
IP packet filtering
Protocol
stacks
IPv4 and IPv6 dual protocol stacks
IPv6 forwarding through the hardware
IPv4 routing Static route management
Dynamic unicast routing protocols:
z
RIP-1/RIP-2
z
OSPF
z
IS-IS
z
BGP-4/MBGP/BGP VPN V4
Routing policies
IPv6 routing IPv4-to-IPv6 transition technologies: manual
tunnel configuration, automatic tunnel
configuration, 6to4 tunnel, NAT-PT on the
hardware
IPv6 static route, BGP4/BGP4+, RIPng,
OSPFv3, and ISISv6 dynamic routing protocol
IPv6 MIB: ICMPv6 MIB, UDP6 MIB, TCP6
MIB, and IPv6 MIB
IP multicast
protocols
IGMP
PIM-DM, PIM-SM
PIM-SSM
MBGP
MSDP
MPLS MPLS Basic MPLS forwarding
MPLS LDP
MPLS TE
MPLS QoS
Hierarchy of PE (HoPE)
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-4
Page 31
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Service features Description
VPN
L2VPN MPLS L2VPN (Martini, Kompella, CCC and
SVC)
VPLS
L2TP
PWE3 Single- and multi-hop PWs in LDP mode
Static PW, dynamic PW, and RSVP-PW
LSP, GRE, and TE tunnels
Pseudo wire templates
Interconnection with different media
PW QoS
Encapsulation modes: Ethernet, VLAN, FR, PPP,
HDLC, ATM-n-to-1, ATM-1-to-1, and
ATM-SDU
Multi-hop LDP-PW loop detection
PWE3 inter-AS
Interworking between PWE3 and VPLS
ATM QoS class, CLP, DSCP, 801.1p, and MPLS
EXP mapping
ATM OAM transparent transmission
Network security
L3VPN MPLS/BGP VPN, serving as PE/ P
Inter-AS VPN
Hierarchy of VPN (HoVPN)
GRE
AAA service CHAP authentication
PAP authentication
RADIUS
HWTACACS
Local user management
IPSec
encryption
IKE and IPSec through hardware, including IKE
negotiation, IPSec packet process, and SA
management
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-5
Page 32
1 Product overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Service features Description
NetStream Making a NetStream flow with a septet,
including the source IP address, destination IP
address, source port number, destination port
number, IP protocol type, IP TOS, and ingress
information
Recording and measuring traffic information
Routing and peer entity information: next-hop
address, source AS number, destination AS
number, source address mask, destination
address mask
Exporting statistics packets in V5, V8, and V9
formats
Convergence according to AS, protocol-port,
source-prefix, destination-prefix, prefix, and ToS
Connecting normal aging and compelled aging
configured by users
Monitoring TCP link state
Making a flow with fragments (the first
fragment)
NAT NetStream
Inbound/outbound NetStream of MPLS
Collecting packet information in either definite
proportion or random proportion
Multicast data flow
ATM, POS, ETH (including high-speed and
low-speed card FE/GE), VLAN subinterface, E1,
HSSI, and CE1 statistics
NAT Pure IP address translation, and simultaneous
translation of IP address and port number
Load balancing between multiple public network
egresses
Internal servers
Hybrid addressing of internal networks
Various NAT ALGs
One public network to multiple private networks,
and one private network to multiple public
networks
Traffic limit and rate limit to specific users
Traffic limit to BT
NAT statistics
NAT log
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-6
Page 33
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Service features Description
Device reliability
Other
security
features
Terminal access security
IP packet filtering (interface-based ACL and
time-range based ACL)
Firewall (packet filtering firewall and state
firewall)
Port mirroring
Unicast Reverse Path Forwarding (URPF)
Hierarchical protection of commands to ensure that unauthorized
users have no access to the router
Redundancy
hot backup
1:1 backup of RPU and NPU
Power 1+1 redundancy backup
Power, fan, and service interface module hot
plugging as well as automatic adjustment of fan
rotate speed
GR Protocol-level GR: IS-IS, OSPF, BGP, and LDP
FRR IP FRR
MPLS TE FRR
VPN FRR
LDP FRR
BFD Creating, deleting, and modifying a BFD session
Bidirectional fault detection for links
Deleting faults in asynchronous and query modes
BFD detection of single- and multi-hop links
Providing link state information for the
application layer by BFD
Automatic switchover for protection
Other
features
Backup center
VRRP
Next-hop backup
Maintainability Automatic fault diagnosis function
Remote configuration and maintenance through AUX
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-7
Page 34
1 Product overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Service features Description
QoS
Traffic
classification
Simple traffic classification
Complex traffic classification, based on the port
number and Layer 2, Layer 3, and Layer 4 packet
information
Traffic
policing and
shaping
Traffic policing and shaping based on srTCM
and trTCM
Services such as EF and AF based on Diff-Serv
GTS
Congestion
LLS, LLQ, NLS, PQ, CQ, WFQ, and CBWFQ
management
Congestion
RED, WRED, and SARED
avoidance
Policy-based
routing
Route redirection, and distribution of the LSP
explicit route of MPLS
MPLS QoS Mapping between DSCP and EXP at the domain
boundary
L2 QoS 802.1p mark and DSCP/IP precedence mark
HQoS Hierarchical QoS
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-8
Page 35
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Service features Description
Configuration
management
Command
line interface
Local configuration through the console port
Local configuration or remote configuration
through the AUX port
Local configuration or remote configuration
through Telnet
Local configuration or remote configuration
through SSH logon
Hierarchical command protection to prevent
unauthorized users from accessing the router
Detailed debugging information for diagnosing
network faults
Network test tools such as tracert and ping
commands to quickly diagnose the network
The Telnet command to log on to and manage
other routers
FTP server/client to download and upload
configuration files and application programs
through FTP
TFTP client to download and upload
configuration files and application programs
through TFTP
Xmodem to download configuration files and
application programs locally using the Xmodem
protocol
Log function
Virtual file system
User interface configuration: multiple modes of
authentication and authorization for users
Time service Time zone
NTP server and NTP client
Online
service
Information
processing
center
Network
management
Online loading
Online upgrade
Outputting alarm and log information to the log
host and logon user terminal through SNMP
Agent and cache buffer
SNMP V1/V2c/VC3
RMON and RMON2
1.3 Functions
This section describes the following main functions of the Secure Router 8000 Series:
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-9
Page 36
1 Product overview
z
File system
z
SNMP configuration
z
Terminal services
z
High A vailability
z
Link layer protocols
z
IP services
z
Multicast routing protocols
z
VPN services
z
QoS
z
Security features
1.3.1 File system
The Secure Router 8000 Series provides the following rich file system functions:
z
facilitates management of the files and directories in a storage device
z
supports operations such as deleting a file, recovering deleted files, clearing files in the
recycle bin, displaying file contents, renaming files, copying files, moving files, running
batch processing files, and displaying information about a specifie d or priva te f ile
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
The Secure Router 8000 Series supports the following file transmission services:
z
File transmission service between remote hosts through FTP:
− FTP server service: Log on to a router for file access by running the FTP client
program.
− FTP client service: Log on to a router with a terminal emulation program or Telnet,
and run an FTP command to connect with the remote FTP server to access the files on
the remote host.
z
TFTP-based file transmission for environments with simple client-server interworking
z
Xmodem-based file transmission that can be applied to the AUX port to support
128-byte packets and Cyclical Redundancy Check (CRC).
HyperTerminal has the function to send files.
1.3.2 SNMP configuration
The Secure Router 8000 Series supports Simple Network Management Protocol (SNMP) to
perform the following functions:
z
transmit management information between any two points
z
enable administrators to retrieve information, modify information, locate faults, perform
fault diagnosis, perform capacity planning, and generate reports from any node on the
network
The Secure Router 8000 Series SNMP Agent supports public Management Information Bases
(MIB) prescribed by a series of RFCs, and those defined by Nortel, to implement real-time
monitoring of a high number of network devices.
1.3.3 Terminal services
This section describes the terminal services supported by the Secure Router 8000 Series.
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-10
Page 37
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Telnet service
The Secure Router 8000 Series supports the Telnet server and Telnet client services. You can
log on to a specified router port from your PC by running the Telnet client, and then initiate
communication with the device connecting to the asynchronous serial port of the router. You
can use this method to remotely configure and maintain the device.
Secure Shell (SSH) terminal service
Network attacks are usually triggered by the Telnet service that is provided by the server. As
the Telnet protocol does not provide a secure authentication mode, and the data transmitted
over TCP is in plain text, this challenges network security.
The Secure Router 8000 Series provides Secure Shell (SSH) service and supports password,
RSA authentication, DES, and 3DES encryption. SSH features make it possible to implement
secure remote access over nonsecure networks:
z
The user name and password for communication between the SSH client and server are
encrypted, which prevents the password from being intercepted.
z
The SSH service encrypts the data in transmission to ensure the security and reliability of
the data.
z
RSA authentication ensures secure key exchange and a secure session by generating a
public key and a private key according to the encryption principal for asymmetric
encryption systems.
1.3.4 High Availability
The Secure Router 8000 Series ensures the network availability through redundancy of key
modules, High Availability (HA) of
Graceful Restart (GR).
Redundancy of key modules
The Secure Router 8000 Series can work with a single Routing Process Unit (RPU) or two
RPUs in redundancy. The RPU of the Secure Router 8000 Series supports hot backup.
The Secure Router 8000 Series supports the following two switchover methods:
z
automatic switchover
z
forcible switchover
The Secure Router 8000 Series supports backup of the management bus and 1+1 backup for
the power module. The LPU, the power module, and the fan modules are hot swappable.
IP/MPLS Fast Reroute
Fast Reroute (FRR) can minimize data loss due to network faults. The switch time can be less
than 50 milliseconds (ms).
The Secure Router 8000 Series provides the following FRR functions:
Line Processing Units (LPUs), Fast Reroute (FRR), and
z
IP FRR
z
LDP FRR
z
TE FRR
z
VPN FRR
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-11
Page 38
1 Product overview
Graceful Restart
Graceful Restart (GR) is a key technology for providing HA. Network administrators or faults
can trigger GR. GR due to network faults does not delete the routing information in the
routing or forwarding table or reset the LPU, so services are not interrupted.
The Secure Router 8000 Series supports system-based GR and protocol-based GR.
Protocol-based GR includes the following:
z
z
z
z
z
1.3.5 Interfaces
The Secure Router 8000 Series supports the following rich interface types:
z
z
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
BGP GR
OSPF GR
IS-IS GR
MPLS LDP GR
L3 VPN GR
Physical interface (the LAN interface and the WAN interface). The Secure Router 8000
Series supports the following physical interfaces:
− Ethernet interface
− POS interface
− CPOS interface
− ATM interface
− E1/CE1/CT1/CE3
Logical interface (not physical, but configured to perform data exchange). The Secure
Router 8000 Series supports the following logical interfaces:
− subinterface
− virtual Ethernet interface
− loopback interface
− null interface
− tunnel interface
1.3.6 Link layer protocols
The Secure Router 8000 Series supports link layer protocols, including PPP, HDLC, ATM, IP
over ATM, 1483B, RPR, RRPP, and FR.
The Secure Router 8000 Series supports the following:
z
the VLAN function under the IEEE 802.1Q specification
z
IP packet forwarding between different VLANs
z
intercommunication with the devices of third-party vendors
z
data forwarding between several VLANs on a single physical Ethernet interface by
creating subinterfaces (each of which acts as an independent Ethernet interface) for each
Ethernet interface, which saves interface resources
1.3.7 IP services
This section describes the IP services supported by the Secure Router 8000 Series.
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-12
Page 39
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Flexible IP address configuration
The Secure Router 8000 Series provides rich applications based on IP address:
z
Support for multiple secondary IP addresses: Each interface can be configured with a
primary IP address and several subordinate IP addresses to connect to different subnets.
This improves networking efficie ncy.
z
IP address-negotiable: Users who access the Internet through an Internet service provider
(ISP) are usually allocated addresses by a remote server. This requires the interface to be
encapsulated with PPP and configured as IP address-negotiable so that it can accept the
IP addresses allocated by the peer end through PPP negotiation.
z
IP unnumbered: To enable an interface that is not configured with an address to operate
normally, you can borrow the IP address of another interface.
Address Resolution Protocol functions
The Secure Router 8000 Series supports dynamic and static Address Resolution Protocol
(ARP) functions.
Under special circumstances (for example, if some fixed IP addresses are available on the
LAN gateway), you can use the static ARP function to bind these IP addresses to a specified
network interface card. This ensures that the packets heading for these addresses are
forwarded by the gateway. If you need to filter illegal IP addresses, you can configure the
static ARP table manually.
DHCP relay
Standard Dynamic Host Configuration Protocol (DHCP) is applicable in cases where the
DHCP client and server lie on the same subnet. To provide dynamic host configuration for
clients on different subnets, you must configure a DHCP server for every subnet. This
approach is not economical.
The Secure Router 8000 Series uses the DHCP relay function to complete the following tasks:
z
provide relay service for DHCP clients and servers across different subnets
z
transmit DHCP packets to the destination DHCP server (or client) crossing the subnet
relay, so the DHCP clients of different subnets can share one DHCP server and, therefore,
centralized management of client information.
Policy-based routing
Policy-based routing is a route selection mechanism that is based on a customized policy. The
Secure Router 8000 Series supports routing based on input packet information such as source
address and address length.
Multicast packets are usually forwarded according to the routing table; however, with
policy-based routing, you can forward multicasting packets according to a customized policy
for multicast traffic.
1.3.8 Unicast routing protocols
In terms of routing protocols, the Secure Router 8000 Series supports the following:
z
static routing and dynamic routing protocols such as RIP, OSPF, IS-IS, and BGP
z
centralized management of the routes discovered by these protocols
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-13
Page 40
1 Product overview
z
varying routing policies and sharing of routes discovered by bot h st atic and dynamic
routing protocols
In networking practice, the routing table is always large, while the memory of the router is
limited. To resolve this issue, the Secure Router 8000 Series provides a size control
mechanism for routing tables. It monitors the current free memory of the system, based on
which it decides whether to add routes to the routing table and whether to keep the connection
of the routing protocol. In addition, the Secure Router 8000 Series supports load sharing and
route backup functions.
1.3.9 Multicast routing protocols
This section describes the multicast routing protocols supported by the Secure Router 8000
Series.
Internet Group Management Protocol
The Secure Router 8000 Series supports the Internet Group Management Protocol (IGMP)
that is used to establish and maintain multicast members between the IP host and the directly
connected multicast routers.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Multicast routing protocol support
The Secure Router 8000 Series supports multicast routing protocols as follows:
z
Protocol Independent Multicast-Dense Mode (PIM-DM) and Protocol Independent
Multicast-Sparse Mode (PIM-SM) (used in the same area)
z
Multicast Source Discovery Protocol (MSDP) and Multiprotocol Border Gateway
Protocol (MBGP) (used between areas)
1.3.10 MPLS features
Multiprotocol Label Switching (MPLS) uses short labels with a fixed length to encapsulate
network layer packets. MPLS performs the following functions:
z
acts as an intermediate layer between the network and link layers
z
provides connection-oriented network services through the services obtained from link
layer protocols such as PPP and FR
The Secure Router 8000 Series forms forwarding equivalence classes (FECs) based on
information such as the IP address prefix, and performs the following roles:
z
generates the label-forwarding table
z
forwards traffic information of different FECs (with different label fields in the headers)
through the different label switch paths (LSPs)
MPLS supports the following:
z
policy- and constraint-based routing (such as limitations based on the VPN and Diff-Serv)
on LSPs, which enables you to select a router from the MPLS network to establish an
LSP
z
LSP tunneling technology with a label stack at both the ingress and egress of a tunnel to
perform tunnel nesting and to meet different application requirements
The Secure Router 8000 Series provides the following MPLS functions:
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-14
Page 41
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
z
accelerated packet forwarding
z
MPLS VPN applications, interworking between various types of VPNs, and networking
applications such as traffic engineering, QoS, and Diff-Serv
The Secure Router 8000 Series MPLS function supports Layer 3 and Layer 2 protocols such
as IP, FR, ATM, and Ethernet. MPLS provides an Operation, Administration and Maintenance
(OAM) mechanism without dependence on the upper or lower layers in the TCP-IP protocol
suite.
The IP Telecommunication Network (IPTN) supported by the Secure Router 8000 Series is
based on IP network technologies. IPTN meets end-to-end QoS, reduces the investment of
carriers, and creates value-added telecommunication network solutions.
1.3.11 VPN services
This section describes the Virtual Private Network (VPN) services supported by the Secure
Router 8000 Series.
IP VPN
The Generic Routing Encapsulation (GRE) protocol is used to encapsula te pac ke ts of certain
network layer protocols (such as IP and IPX packets) so that these packets can be transmitted
in a network running another network layer protocol (such as IP). As a tunnel protocol, GRE
uses the tunnel technology in the protocol layer.
GRE can be used to perform the following functions:
z
transmit local multiprotocol network data through the single-protocol backbone network
z
extend a network that is limited by hops, such as an IPX network
z
connect the separated subnets for a VPN.
z
access MPLS VPN through GRE tunnels
Layer 2 VPN
The Secure Router 8000 Series provides Layer 2 VPN services based on MPLS. It supports
VPLS, Martini MPLS L2VPN, Kompella MPLS L2VPN, CCC MPLS L2VPN, and SVC
MPLS L2VPN to carry VLL services, and it supports PWE3.
MPLS/BGP Layer 3 VPN
The Secure Router 8000 Series implements MPLS/BGP Layer 3 VPN and provides carriers
with end-to-end VPN solutions as follows:
z
Carrier’s carrier
z
Inter-AS VPN
z
HoVPN
z
RRVPN
1.3.12 QoS
This section describes the Secure Router 8000 Series support for Quality of Service (QoS).
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-15
Page 42
1 Product overview
Traffic policing
The Secure Router 8000 Series supports parameters such as the committed rate, the peak rate,
the committed burst size, and the maximu m burst size for every type of flow according to the
Service Level Agreements (SLA). For traffic beyond the SLA, the router can pass or drop the
flow.
Traffic policing does not influence the forwarding performance of a device because a
hardware coprocessor is used internally to implement the Committed Access Rate (CAR).
Congestion management
The Secure Router 8000 Series uses the Weighted Random Early Detection (WRED)
congestion control mechanism. The Secure Router 8000 Series can configure individual
congestion control algorithms for each priority queue on the port.
Traffic shaping
The Secure Router 8000 Series uses the Generic Traffic Shaping (GTS) algorithm to buffer
packets, to avoid the congestion of downstream devices, and to reduce the drop of packets.
The Secure Router 8000 Series supports shaping for services like
Assured Forwarding (AF) to smooth the transmission rate of Diff-Serv services to the
and
downstream traffic.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Expedited Forwarding (EF)
Traffic classification
The Secure Router 8000 Series supports simple and complex traffic classification.
If no QoS guarantee or traffic classification is required, or if there are no rules to match
packets after traffic classification, the device processes the packets with the Best-Effort (BE)
service.
VPN QoS
As a QoS Policy Propagation through the Border Gateway Protocol (QPPB) policy, VPN QoS
can transmit private network routes through BGP, which extends the QoS Policy Propagation
through the Border Gateway Protocol (QPPB) application in the Layer 3 VPN environment.
VPN QoS can be applied to VPN instances and VPNv4.
When VPN QoS is applied to the private network route of a specific VPN instance, the
inbound and outbound route policy should be applied to the VPN instance. If VPN QoS is
applied to the private network route of all VPN instances, the inbound and outbound route
policy should be applied to the VPNv4 neigh bors of BGP.
FR QoS
Frame Relay (FR) has its own QoS that can be configured with Permanent Virtual Paths(PVCs)
to provide flexible services for customers.
The Secure Router 8000 Series supports multiple FR QoS technologies like FRTS, FRTP, FR
congestion management, FR queue management, and FR fragmentation.
Nortel Networks Inc. Issue 5.3 (15 January 2009)
1-16
Page 43
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuratio n 1 Product overview
Hierarchical QoS
Hierarchical QoS (HQoS) is a QoS technology that can control traffic and perform queue
scheduling simultaneously on the basis of the user’s priority. HQoS uses a two-level
scheduling mode:
z
Priority Queue (PQ)
z
Confirmed Bandwidth Priority Queue (CBPQ)
HQoS supports complete traffic statistics. You can view the bandwidth usage of all services
and distribute bandwidth properly according to traffic analysis.
1.3.13 Security features
To ensure security, the Secure Router 8000 Series performs the following functions:
z
performs Authentication, Authorization and Accounting (AAA) functions
z
builds up distributed client/server secure access applications based on the ITU-T
RADIUS protocol specifications
z
provides AAA services for local, logon, and dial-up users to prevent unauthorized access
based on the Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) specification
The Secure Router 8000 Series supports protocol security authentication as follows:
z
PPP supports PAP and CHAP authentication modes.
z
Routing protocols including RIPv2, OSPF, IS-IS, and BGP support plain text
authentication and MD5 encrypted text authentication.
z
SNMP supports SNMPv3 encryption and authentication.
The Secure Router 8000 Series supports the mirroring function. With mirroring, the system
sends a copy of the packet on the current node to one specific packet analysis device from an
observing port without interrupting services. You can define the mirroring port number and
connect the port with the packet analysis device to monitor traffic.
In compliance with the command levels, users are divided into four levels. A user can use
only the commands with levels no higher than the user’s level.
The Secure Router 8000 Series supports the Network Address Translation (NAT) function and
relays the access between private and public networks. It converts a private IP address to a
public IP address or changes the mix of internal IP address and port to a mix of external IP
address and port. This enables the hosts of an internal network to access Internet resources
without risking the privacy of the internal network.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
1-17
Page 44
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
2 Configuration environment setup ..........................................................................................2-1
2.1 Introduction...................................................................................................................................................2-2
2.1.1 Console port configuration...................................................................................................................2-2
2.1.2 Telnet configuration.............................................................................................................................2-2
2.1.3 AUX port configuration.......................................................................................................................2-3
2.2 Establishing the local configuration environment through the console port.................................................2-3
2.2.1 Establishing the configuration task ......................................................................................................2-3
2.2.2 Establishing the physical connection ...................................................................................................2-4
2.2.3 Configuring terminals ..........................................................................................................................2-4
2.2.4 Logging on to the router.......................................................................................................................2-4
2.3 Establishing the configuration environment through Telnet..........................................................................2-4
2.3.1 Establishing the configuration task ......................................................................................................2-4
2.3.2 Establishing the physical connection ...................................................................................................2-5
2.3.3 Configuring logon user parameters......................................................................................................2-5
2.3.4 Logging on from the Telnet client........................................................................................................ 2-5
2.4 Establishing the configuration environment through the AUX port..............................................................2-6
2.4.1 Establishing the configuration task ......................................................................................................2-6
2.4.2 Establishing the physical connection ...................................................................................................2-6
2.4.3 Initializing and configuring the modem on the interface .....................................................................2-7
2.4.4 Configuring the connection between the remote terminal and the router ............................................2-7
2.4.5 Logging on to the router.......................................................................................................................2-7
2.5 Configuration examples................................................................................................................................2-7
2.5.1 Example of logging on through the console port.................................................................................2-7
2.5.2 Example of logging on through Telnet...............................................................................................2-10
2.5.3 Example of logging on through the AUX port...................................................................................2-11
Issue 5.3 (30 March 2009) Nortel Networks Inc.
i
Page 45
Page 46
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Figures
Figure 2-1 Networking diagram of logging on through the console port...........................................................2-8
Figure 2-2 New connection................................................................................................................................2-8
Figure 2-3 Setting the port..................................................................................................................................2-9
Figure 2-4 Setting the port communication parameters......................................................................................2-9
Figure 2-5 Establishing the configuration environment through the wide area network (WAN).....................2-10
Figure 2-6 Running the Telnet program on the PC...........................................................................................2-11
Figure 2-7 Establishing the remote configuration environment.......................................................................2-11
Issue 5.3 (30 March 2009) Nortel Networks Inc.
iii
Page 47
Page 48
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
2 Configuration environment setup
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
2.1 Introduction This section describes the three methods for establishing
the configuration environment.
2.2 Establishing the l
configuration environment
through the consol
2.3 Establishing the
configuration environment
through Telnet
2.4 Establishing the
configuration environment
through the AUX port
2.5 Configuration examples This section provides examples of establishing
e
ocal
This section describes how to establish the configuration
environment through the cons
Example of logging on through the conso
See “
This section describes how to establish the configuration
environment through Telnet.
See “Example of logging on through Telnet.”
This section describes how to establish the conf
environment through the AUX
See “Example of logging on through the AUX port.”
configuration environments.
ole port.
le port.”
iguration
port.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
2-1
Page 49
2 Configuration environment setup
2.1 Introduction
This section describes the following three methods for establishing the configuration
environment:
z
Console port configuration
z
Telnet configuration
z
AUX port configuration
2.1.1 Console port configuration
Applicable environment
You can configure the router by local logon.
Applications
Use the console port to configure the router in the following situations:
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
z
The router is powered on for the first time.
z
The configuration environment cannot be established through Telnet or the AUX port.
2.1.2 Telnet configuration
Applicable environment
You can configure the router by local or remote logon.
Applications
Preconfigure the IP addresses of interfaces on the router, the user account, the logon
authentication, and the incoming and outgoing call restriction. Also, ensure that directly
connected or reachable routes exist between terminals and the router.
The destination router authenticates the user based on the configured parameters in three
modes:
z
Password authentication: the logon user must enter the correct password.
z
AAA local authentication: the logon user must enter the correct user name and password.
z
Non-authentication: the logon user is not required to enter the user name or password.
If the logon succeeds, a command line prompt such as
interface. Enter the command to check the running status of the router or to configure the
router. Enter ? for help.
Nortel appears on the Telnet client
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-2
Page 50
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
NOTE
If you modify the IP address of the router when you configure the router through Telnet, the
modification can disconnect Telnet. If necessary, set up the connection again after you enter a new IP
address.
2.1.3 AUX port configuration
Applicable environment
You can configure the router by remote logon.
Applications
If you cannot configure the router by local logon and no reachable route to other routers exists,
connect the PC and the router through the
Pre-enable the modem dial-up of the AUX port through the console port and configure the
user name and password.
Public Switched Telephone Network (PSTN).
2.2 Establishing the local configuration environment through the console port
2.2.1 Establishing the configuration task
Applicable environment
If you log in to the router for the first time or perform the local configuration, you need to log
in to the router through the Console port.
Preconfiguration tasks
Before you configure the router through the console port, complete the following tasks:
z
Prepare the PC/terminal (including the serial port and RS-232 cable).
z
Install a terminal emulation program on the PC (such as Windows XP HyperTerminal).
Data preparation
To configure the router, you need the following data.
No. Data
1 Terminal communication parameters (including baud rate, data bit, parity, stop
bit, and flow control)
Issue 5.3 (30 March 2009) Nortel Networks Inc.
2-3
Page 51
2 Configuration environment setup
Configuration procedures
No. Procedure
1 Establishing the physical connection
2 Configuring terminals
3 Logging on to the router
2.2.2 Establishing the physical connection
Do as follows on the router:
Step 1 Connect the COM port on the PC and the console port on the router by cable.
Step 2 Power on all devices to perform a self-check.
----End
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
2.2.3 Configuring terminals
Do as follows on the PC:
Run the terminal emulation program on the PC, setting the communication parameter of the
terminal to 9600 bps, data bit to 8, and stop bit to 1. Specify no parity and no flow control.
2.2.4 Logging on to the router
Do as follows on the PC:
Press Enter until a command line prompt such as Nortel appears, and then enter the
configuration environment in the user view.
2.3 Establishing the configuration environment through Telnet
2.3.1 Establishing the configuration task
Applicable environment
You can configure the router by local logon or remote logon through Telnet.
Preconfiguration tasks
Before you configure the router through Telnet, complete the following tasks:
z
Power on devices and perform a self-check.
z
Prepare the PC (including the serial port and Ethernet crossover/direct network cable).
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-4
Page 52
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
Data preparation
To configure the router through Telnet, you need the following data.
No. Data
1 IP address of the PC
2 IP address of the Ethernet interface on the router
3 User information accessed through Telnet (including the user name, password,
and authentication mode)
Configuration procedures
No. Procedure
1 Establishing the physical connection
2 Configuring logon user parameters
3 Logging on from the Telnet client
2.3.2 Establishing the physical connection
Connect the router and the PC directly, or connect the router and the PC respectively to the
network through the network cable.
2.3.3 Configuring logon user parameters
Do as follows on the router:
Step 1 Configure the authentication mode of logon users.
Step 2 Configure the authority limitation of logon users.
For more information, see Chapter 5, “User management.”
----End
2.3.4 Logging on from the Telnet client
Do as follows on the PC:
Step 1 Run the Telnet client program on the PC, and enter the IP address of the interface on the
destination router that provides the Telnet service.
Step 2 In the logon window, enter the user name and password. After authentication, a command line
prompt such as
----End
Issue 5.3 (30 March 2009) Nortel Networks Inc.
Nortel appears. Enter the configuration environment in the user view.
2-5
Page 53
Nortel Secure Router 8000 Series
2 Configuration environment setup
Configuration Guide - Basic Configuration
2.4 Establishing the configuration environment through the AUX port
2.4.1 Establishing the configuration task
Applicable environment
If you cannot configure the router by local logon and no reachable route to other routers exists,
connect the serial port of the PC and the AUX port of the router through the modem.
Preconfiguration tasks
Before you configure the router through AUX port dial-up, complete the following tasks:
z
Prepare the PC/terminal (including the serial port and RS-232 cable).
z
Prepare the PC terminal emulation program (such as Windows XP HyperTerminal).
z
Prepare two modems.
Data preparation
To configure the router, you need the following data.
No. Data
1 Type of terminals
2 Terminal communication parameters
3 Modem communication parameters
Configuration procedures
No. Procedure
1 Establishing the physical connection
2 Initializing and configuring the modem on the interface
3 Configuring the connection between the remote terminal and the router
4 Logging on to the router
2.4.2 Establishing the physical connection
Step 1 Connect the modem with the PC and the network.
Step 2 Connect the modem with the router through the AUX port and the network.
----End
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-6
Page 54
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
2.4.3 Initializing and configuring the modem on the interface
Do as follows on the router:
Step 1 Configure the authentication mode of logon users.
Step 2 Configure the authority limitation of logon users.
For more information, see Nortel Secure Router 8000 Series Configuration – Security
(NN46240-600).
----End
2.4.4 Configuring the connection between the remote terminal and the router
Do as follows on the terminal PC:
Step 1 Run a terminal emulation program on the PC (such as Windows XP HyperTerminal) to enter
the Connection Description window.
Step 2 Enter the connection name of the PC and the router, such as Dial.
Step 3 Click OK to enter the Connect To window.
Step 4 Enter the parameters and select options as required.
Step 5 Click OK to enter the Connect window.
Step 6 Click Dial.
----End
2.4.5 Logging on to the router
In the logon window, enter the user name and password.
After configuration, a command line prompt such as Nortel appears. Enter the configuration
environment in the user view.
2.5 Configuration examples
2.5.1 Example of logging on through the console port
Networking requirements
Initialize the configuration of the router when the router is powered on for the first time.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
2-7
Page 55
2 Configuration environment setup
Figure 2-1 Networking diagram of logging on through the console port
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
PC
Configuration roadmap
z
Connect the PC and the router through the console port.
z
Configure the parameters on the PC end.
z
Log on to the router.
Data preparation
z
terminal communication parameters (including baud rate, data bit, parity, stop bit, and
flow control)
Configuration procedure
Step 1 Connect the serial port of the PC (or terminal) to the console port of the router through
standard RS-232 configuration cable. The local configuration environment is established.
Step 2 Run the terminal emulation program on the PC. Configure the terminal communication
parameters to 9600 bps, data bit to 8, and stop bit to 1. Specify no parity and no flow control
as shown in
Figure 2-2 to Figure 2-4.
Router
Figure 2-2 New connection
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-8
Page 56
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
Figure 2-3 Setting the port
Figure 2-4 Setting the port communication parameters
Power on the router to perform a self-check. The system performs automatic configuration.
When the self-check finishes, you are prompted to press Enter until a command line prompt
such as
Issue 5.3 (30 March 2009) Nortel Networks Inc.
Nortel appears.
2-9
Page 57
2 Configuration environment setup
Configuration Guide - Basic Configuration
Enter the command to check the running status of the router or configure the router, or enter ?
for help.
For more information, see the following chapters in this document.
----End
2.5.2 Example of logging on through Telnet
Networking requirements
You can log on to the router on other network segments through the PC or other terminals to
perform remote maintenance.
Figure 2-5 Establishing the configuration environment through the wide area network (WAN)
GE1/0/0
202.38.160.92/16
WAN
Nortel Secure Router 8000 Series
PC Router
Configuration roadmap
z
Establish the physical connection.
z
Configure user logon parameters.
z
Log on to the router from the client side.
Data preparation
z
IP address of the PC
z
IP address of the Ethernet interface on the router
z
user information accessed through Telnet (including the user name, password, and
authentication mode)
Configuration procedure
Step 1 Connect the PC and the router respectively to the network.
Step 2 Configure logon user parameters.
Target
Router
# Configure the logon address:
<Nortel> system-view
[Nortel] interface GigabitEthernet 1/0/0
[Nortel-GigabitEthernet1/0/0] ip address 202.38.160.92 255.255.0.0
[Nortel-GigabitEthernet1/0/0] quit
# Configure the logon authentication mode:
[Nortel] aaa
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-10
Page 58
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 2 Configuration environment setup
[Nortel-aaa] local-user nortel password cipher test2
[Nortel-aaa] local-user nortel service-type telnet
[Nortel-aaa] local-user nortel level 3
[Nortel-aaa] quit
[Nortel] user-interface vty 0 4
[Nortel-ui-vty0-14] authentication-mode aaa
Step 3 Configure the client logging on to the router.
Run Telnet on the PC, as shown in
Figure 2-6 Running the Telnet program on the PC
Step 4 Click OK.
In the logon window, enter the user name and password. After authentication, a command line
prompt such as
----End
Figure 2-6.
Nortel appears. Enter the configuration environment in the user view.
2.5.3 Example of logging on through the AUX port
Networking requirements
If you cannot configure the router by local logon and no reachable route to other routers exists,
connect the serial port of the PC and the AUX port of the router through the modem. The
detailed configuration environment is shown in
Figure 2-7 Establishing the remote configuration environment
Modem
PSTN
COM
PC
Modem
Figure 2-7.
AUX
Router
Issue 5.3 (30 March 2009) Nortel Networks Inc.
2-11
Page 59
2 Configuration environment setup
Configuration roadmap
z
Establish the physical connection.
z
Configure modem parameters.
z
Configure the AUX port to support modem dial-up.
Data preparation
z
type of terminals
z
terminal communication parameters
z
modem communication parameters
Configuration procedure
Step 1 Establish the physical connection as shown in Figure 2-7.
Step 2 Configure the AUX port to support modem dial-up.
<Nortel> system-view
[Nortel] aaa
[Nortel-local-aaa-server] local-user nortel password cipher test1
[Nortel-local-aaa-server] local-user nortel service-type terminal
[Nortel-local-aaa-server] local-user nortel level 3
[Nortel-local-aaa-server] quit
[Nortel] user-interface aux 0
[Nortel-ui-aux0] authentication-mode aaa
[Nortel-ui-aux0] modem both
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Step 3 Configure modem parameters.
# Run the PC emulation terminal; refer to “
through the console port
.”
Press Enter on the PC emulation terminal until a modem command line prompt such as >
appears.
Configure the modem to meet AUX communication requirements.
For details, see the modem documentation.
Step 4 Log on to the router.
In the remote terminal emulation program, enter the user name and password.
After authentication, a command line prompt such as
check the running status of the router or configure the router. Enter ? for help.
For detailed operations, see the following chapters in this document.
----End
Establishing the local configuration environment
Nortel appears. Enter the command to
Nortel Networks Inc. Issue 5.3 (30 March 2009)
2-12
Page 60
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
3 CLI overview...............................................................................................................................3-1
3.1 Introduction...................................................................................................................................................3-2
3.1.1 CLI characteristics...............................................................................................................................3-2
3.1.2 Command levels...................................................................................................................................3-3
3.1.3 Command line views............................................................................................................................3-3
3.1.4 Regular expressions.............................................................................................................................3-3
3.2 Configuring the command line view.............................................................................................................3-4
3.3 CLI online Help.............................................................................................................................................3-7
3.4 CLI error messages .......................................................................................................................................3-8
3.5 Command history..........................................................................................................................................3-8
3.6 Editing characteristics ...................................................................................................................................3-9
3.7 Display characteristics...................................................................................................................................3-9
3.8 Outputting the display.................................................................................................................................3-10
3.8.1 V iewing the display............................................................................................................................3-10
3.8.2 Filtering the display ...........................................................................................................................3-10
3.9 Filtering information through regular expressions......................................................................................3-10
3.10 Shortcut keys.............................................................................................................................................3-11
3.10.1 Classifying shortcut keys .................................................................................................................3-11
3.10.2 Defining shortcut keys.....................................................................................................................3-13
3.10.3 Using shortcut keys..........................................................................................................................3-13
3.11 Configuration examples ............................................................................................................................3-14
3.11.1 Example for using shortcut keys......................................................................................................3-14
Issue 5.3 (30 March 2009) Nortel Networks Inc.
i
Page 61
Page 62
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Tables
Table 3-1 Command line views..........................................................................................................................3-5
Table 3-2 Common CLI error messages.............................................................................................................3-8
Table 3-3 Access the command history ..............................................................................................................3-8
Table 3-4 Editing functions ................................................................................................................................3-9
Table 3-5 Display functions..............................................................................................................................3-10
Table 3-6 Metacharacters..................................................................................................................................3-10
Table 3-7 System-defined shortcut keys...........................................................................................................3-12
Issue 5.3 (30 March 2009) Nortel Networks Inc.
iii
Page 63
Page 64
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
3 CLI overview
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
3.1 Introduction This section describes the basic concepts of the command
line interface (CLI).
3.2 Configuring the com
line view
3.3 CLI online Help This section describes how to use the CLI online Help.
3.4 CLI error messages This section describes the CLI error messages.
3.5 Command history This section describes the command history.
3.6 Editing characteristics This section describes how to use the editing functions.
3.7 Display characteristics This section describes how to use the display functions.
3.8 Outputting the display This section describes how to output the display.
3.9 Filtering information
through regular expressions
mand This section describes the command view.
This section describes how to use regular expressions.
3.10 Shortcut keys This section describes how to use shortcut keys.
3.11 Configuration examples This section provides examples for using shortcut keys.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-1
Page 65
3 CLI overview
3.1 Introduction
This section describes the concepts you should know before you configure the command line
interface (CLI).
z
CLI characteristics
z
Command levels
z
Command line views
z
Regular expressions
3.1.1 CLI characteristics
The appearance of a command line prompt indicates entry to the CLI. Users can configure
and manage routers by entering a series of configuration commands in the CLI.
The CLI has the following characteristics:
z
enables local or remote configuration through the AUX port
z
enables local configuration through the console port.
z
enables local or remote configuration through Telnet or Secure Shell (SSH).
z
allows logging on to the asynchronous serial interface of a router through modem dial-up
to perform remote configuration
z
provides a user interface view through which terminal users can perform specific
configuration
z
provides hierarchical command protection for users of different levels (that is, it supports
running commands based on the corresponding level)
z
provides local authentication, password authen tic ati on , and Authentication,
Authorization and Accounting (AAA) to prevent unauthorized users from accessing the
router
z
allows the user to enter ? for online Help at any time
z
provides network testing commands such as tracert and ping for diagnosing network
faults
z
provides detailed debugging information for diagnosing network faults
z
uses the telnet command to directly log on to and manage other routers
z
provides FTP service for uploading and downloading files
z
provides a function that is similar to DOS-Key for running a history command
z
provides a command line interpreter, which provides intelligent command resolution
methods such as key word fuzzy match and context conjunction
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-2
Page 66
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
NOTE
z
The system supports commands with a maximum of 256 characters. The command can be in an
incomplete form.
z
The system saves an incomplete command to the configuration files in the complete form; therefore,
the command may have more than 256 characters. However, when the system is restarted, the
incomplete command cannot be restored, so note the length of incomplete commands.
3.1.2 Command levels
The system uses a hierarchical protection mode that has 16 command levels in increasing
order.
By default, the commands are registered as one of the following four levels:
z
Visit level: Commands of this level include commands of the network diagnosis tool
(such as ping and tracert) and commands that start from the local device and visit an
external device (including Telnet client side, SSH client side, and Rlogin).
z
Monitoring level: Commands of this level, including the display command and the
debugging command, are used for tasks such as system maintenance and service fault
diagnosis.
z
Configuration level: Commands of this level are service configuration commands that
provide direct network service to the user, including routing and network layer
commands.
z
Management level: Commands of this level are commands that influence the base
operation of the system and provide support to the service. They include file system
commands, File Transfer Protocol (FTP) commands, Trivial File Transfer Protocol
(TFTP) commands, Xmodem downloading commands, configuration file switching
commands, power supply control commands, backup board control commands, user
management commands, level setting commands, and system internal parameter setting
commands.
NOTE
z
The default command level may be higher than the command level defined according to the
command rules in the application.
z
Logon users have the same four levels as the command levels. Logon users can use only the
commands of the levels that are equal to or lower than their own levels. For more information about
logon user levels, see Chapter 5 "User management."
3.1.3 Command line views
The system provides command line views, which correspond to command interfaces. Each
command is registered and runs only in a specific command view.
3.1.4 Regular expressions
When you output information, you can use regular expressions in commands to filter out
unnecessary content and display only the necessary content.
In the commands that support regular expressions, you can use three kinds of filtering modes
to filter the output: | { begin | exclude | include } regular-expression.
z
begin: Displays information that begins with the line that matches regular-expression.
z
exclude: Displays information that excludes lines that match regular-expression.
z
include: Displays information that includes lines that match regular-expression.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-3
Page 67
3 CLI overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
You can also specify the filtering mode when the information is displayed on the screen. If a
large amount of information is output and displayed on the screen, you can specify the
filtering mode in the prompt ---- More ----.
z
/regular-expression: Displays information that begins with the line that matches regular
expression.
z
-regular-expression: Displays information that excludes lines that match regular
expression.
z
+regular-expression: Displays information that includes lines that match regular
expression.
Regular expressions are used to filter the output. When using the metacharacter {}, if the
number of matching times exceeds the scope specified in {}, the matching times out and the
information cannot be displayed normally.
The system provides display commands for displaying the system status. When you display
the system status, you can add the regular expressions | { begin | exclude | include }
regular-expression to the specified commands to filter the information.
z
begin regular-expression: Displays information that begins with the line that matches
regular-expression.
z
exclude text: Displays information that excludes lines that match regular-expression.
z
include text: Displays information that includes lines that match regular-expression.
3.2 Configuring the command line view
# Establish a connection with the router. If the router uses the default configuration, you can
enter the user view with the prompt <Nortel>.
# Type system-view to enter the system view.
<Nortel> system-view
[Nortel]
# Type aaa in the system view to enter the AAA view.
[Nortel] aaa
[Nortel-aaa]
NOTE
The prompt Nortel indicates the default router name. The prompt <> indicates the user view, and the
prompt [] indicates other views.
Some commands that are implemented in the system view can also be implemented in the
other views; however, the function implemented is associated with the command view. For
example, the mpls command (for starting MPLS) can be run in the system view to enable the
MPLS capability globally. It can also be run in the interface view to enable the MPLS
capability on the interface.
Table 3-1 shows the command line views.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-4
Page 68
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
Table 3-1 Command line views
View Description
aaa AAA view
aaa-accounting AAA accounting view
aaa-authen AAA authentication view
aaa-author AAA authorization view
aaa-domain AAA domain view
aaa-recording AAA recording view
acl-adv Advanced ACL view
acl-basic Basic ACL view
acl-if ACL view based on interface
aspf-policy ASPF policy view
Atm ATM interface v iew
Atm-class ATM view
Atm-pvc ATM PVC view
aux AUX interface view
bgp BGP view
bgp-af-l2vpn BGP AF Layer 2 VPN view
bgp-af-vpnv4 BGP AF VPNv4 view
bgp-af-vpn-instance BGP AF VPN instance view
vpls-family VPLS address family view
cpos CPOS interface view
dhcp DHCP address pool view
e1 E1 interface view
e3 E3 interface view
ethernet Ethernet interface view
explicit-path Explicit path view
fr-class Frame relay view
ftp-client FTP client view
GigabitEthernet GE interface view
hwtacacs HWTACACS view
ike-proposal IKE view
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-5
Page 69
3 CLI overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
View Description
ipsec-policy-isakmp IPSec policy Isakmp view
ipsec-policy-manual IPSec policy manual view
ipsec-policy-template IPSec policy template view
ipsec-proposal IPSec view
isis IS-IS view
l2tp Layer 2 TP view
loopback Loopback interface view
mp-group Mp-group interface view
mpls MPLS view
mpls-l2vpn MPLS-Layer 2 VPN view
mpls-ldp MPLS-LDP view
null Null interface view
ospf OSPF view
ospf-area OSPF area view
policy-based-route Policy-based route view
pos POS interface view
radius RADIUS view
rip RIP view
rip-af-vpn-instance RIP AF VPN instance view
ripng RIPng view
route-policy Route policy view
rsa-key-code RSA key code view
rsa-public-key RSA public key view
serial Serial interface view
shell Shell view
system System view
t1 T1 interface view
t3 T3 interface view
tunnel Tunnel interface view
tunnel-policy Tunnel policy view
user-interface User interface view
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-6
Page 70
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
View Description
virtual-ethernet Virtual Ethernet interface view
virtual-template Virtual template interface view
vpn-instance VPN instance view
3.3 CLI online Help
The CLI provides two online Help systems: full help and partial help. You can obtain help in
these systems as follows:
z
Full help
# Enter ? in any command line view to display all the commands and their simple
descriptions.
<Nortel> ?
# Enter a command and ? separated by a space. If the key word is at this position, all key
words and their simple descriptions are displayed. For example:
<Nortel> language-mode ?
chinese Chinese environment
English English environment
In this example, Chinese and English are keywords; Chinese environment and English
environment describe the keywords respectively.
# Enter a command and ? separated by a space. If a parameter is at this position, the
related parameter names and parameter descriptions are displayed. For example:
[Nortel] display aaa ?
configuration AAA configuration
[Nortel] display aaa configuration?
<cr>
In this example, configuration is the parameter name, and AAA configuration is the
description of the parameter; <cr> indicates that no parameter is at this position. The
command is repeated in the next command line. You can press Enter to run the
command.
z
Partial help
# Enter a character string and ? to display all commands that begin with the character
string.
<Nortel> d?
debugging delete dir display
# Enter a command followed by ? to display all the key words that begin with the
character string.
<Nortel> display v?
version virtual-access vlan vpls vrrp vsi
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-7
Page 71
3 CLI overview
3.4 CLI error messages
If a user enters incorrect commands, the grammar check fails and the CLI reports error
messages to the user. If all of the commands are correct, the grammar check passes.
describes common error messages.
Table 3-2 Comm on CLI err or messages
Error messages Cause of the error
Incomplete command Incomplete command entered.
Too many parameters Too many parameters entered.
Ambiguous command Indefinite parameters entered.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Table 3-2
The command cannot be found. Unrecognized command
The key word cannot be found.
A parameter type error occurred. Wrong parameter
The parameter value exceeds the boundary.
3.5 Command history
The CLI automatically saves a command history for each user. This function is similar to the
DOS-Key. By default, the CLI saves a maximum of 10 commands for each user.
describes the command history operations. You can run the saved history command at any
time.
Table 3-3 Access the command history
Action Key or command Result
Display the
command
history.
Access the last
history
command.
Access the
next history
command.
display
history-command
Up cursor key
↑ or Ctrl+P
Down cursor key ↓
or Ctrl+N
Table 3-3
Display the user’s command history.
Display the last history command if an earlier
history command exists. Otherwise, the alarm
bell rings.
Display the next history command if a later
history command exists. Otherwise, the command
is cleared and the alarm bell rings.
NOTE
On the Windows 9X HyperTerminal, the cursor key ↑ is invalid because the Windows 9 HyperTerminal
defines keys differently. In this case, you can replace the cursor key ↑ with Ctrl+P.
When you use the history command, note the following:
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-8
Page 72
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
z
The saved history commands are the same as those entered by users. For example, if the
user enters an incomplete command, the saved command is also incomplete.
z
If the user runs the same command several times, the earliest command is saved. If the
command is entered in different forms, each form is considered a different command.
For example, if the display ip routing-table command is run several times, only one
history command is saved. If the display ip routing command and the display ip
routing-table command are run, two history commands are saved.
3.6 Editing characteristics
The CLI provides basic command editing functions and supports multiline editing as shown in
Table 3-4. The maximum length of each command is 256 characters.
Table 3-4 Editing functions
Key Function
Common key Inserts a character at the current position of the cursor if the
editing buffer is not full and the cursor moves rightward.
Otherwise, the alarm bell rings.
Backspace Deletes the character to the left of the cursor and the cursor
moves leftward. When the cursor reaches the head of the
command, the alarm bell rings.
Left cursor key ← or
Ctrl+B
Right cursor key → or
Ctrl+F
Moves the cursor to the left one character space. When the
cursor reaches the head of the command, the alarm bell rings.
Moves the cursor to the right one character space. When the
cursor reaches the end of the command, the alarm bell rings.
Tab Press Tab after you type an incomplete key word and the
system runs the partial help:
z
If the matching key word is unique, the system replaces the
typed word with the complete key word and displays it in a
new line with the cursor one space behind.
z
If there are several matches or no match, the system
displays the prefix first. Press Tab to view the matching
key words one by one. The cursor appears at the end of the
word; you can type a space to enter the next word.
z
If you enter an incorrect key word, press Tab and your
input is displayed in a new line.
3.7 Display characteristics
The CLI provides the following display characteristics:
z
The prompt and Help information can be displayed in both Chinese and English.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-9
Page 73
3 CLI overview
z
When the information displayed exceeds a full screen, the CLI provides a pause function.
Table 3-5 describes the three display functions.
Table 3-5 Display functions
Key Function
Ctrl+C Stops the display and running of the command.
Space Continues to display the information on the next screen.
Enter Continues to display the information on the next line.
3.8 Outputting the display
3.8.1 Viewing the display
Do as follows on the router:
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Run:
display current-configuration
The current configuration is displayed.
3.8.2 Filtering the display
Do as follows on the router:
Run:
display current-configuration | include ip
The commands that include ip are displayed.
3.9 Filtering information through regular expressions
When you output information, you can use regular expressions to filter the displayed
information. A regular expression is a tool for matching and replacing modes. You construct
the matching mode based on rules, and then match the mode with the target object.
To help you construct the matching mode, you can use special characters called
metacharacters with regular expressions. Metacharacters are used to define the matching
modes of other characters in the regular expression.
Table 3-6 describes metacharacters.
Table 3-6 Metac harac ters
Metacharacter Connotation
\ Escape character
. Matches any single character including a space, except for \n.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-10
Page 74
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
Metacharacter Connotation
* Characters on the left of this metacharacter appear 0 or many times
continuously in the target object.
+ Characters on the left of this metacharacter appear 1 or many times
continuously in the target object.
| An OR relationship exists between characters on the left and right
of this metacharacter.
^ Characters on the right of this metacharacter must appear at the
beginning of the target object.
$ Characters on the left of this metacharacter must appear at the end
of the target object.
[xyz] Matches the character listed in the square brackets.
[^xyz] Matches any character that is not listed in the square brackets (^ is
on the left of the character).
[a-z] Matches any character within the specified range.
[^a-z] Matches any character that is not within the specified range.
{n} The matches appear n times (n is a non-negative integer).
{n,} The matches appear for at least n times (n is a non-negative integer).
{n,m} The matches appear for n–m times (m and n are non-negative
integers and n is smaller than or equal to m).
Note that there is no space between n and m.
For example:
^ip: matches the target object that begins with the character string ip.
ip$: matches the target object that ends with the character string ip.
The simplest regular expressions do not contain any metacharacters. For example, when a
regular expression is defined as hello, it matches only the character string hello.
3.10 Shortcut keys
3.10.1 Classifying shortcut keys
The shortcut keys in the system are classified into the following types:
z
User-oriented and user-defined shortcut keys: CTRL_G, CTRL_L and CTRL_O. The
user can associate these shortcut keys with any commands. When the shortcut keys are
pressed, the system automatically runs the corresponding command. For information
about defining shortcut keys, see “
z
System-defined shortcut keys: These are shortcut keys with fixed functions defined by
the system.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
Table 3-7 lists the system-defined shortcut keys.
Defining shortcut keys.”
3-11
Page 75
3 CLI overview
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
NOTE
Different terminal software programs define these keys differently. Therefore, the shortcut keys on the
terminal may be different from those listed in this section.
Table 3-7 System -defined sh ortcut keys
Key Function
CTRL_A The cursor moves to the beginning of the current
line.
CTRL_B The cursor moves to the left one character space.
CTRL_C Terminates the running function.
CTRL_D Deletes the character at the cursor position.
CTRL_E The cursor moves to the end of the current line.
CTRL_F The cursor moves to the right one character space.
CTRL_H Deletes one character to the left of the cursor.
CTRL_K Terminates the outbound connection.
CTRL_N Displays the n ext command in the history command
buffer.
CTRL_P Displays the previous command in history command
buffer.
CTRL_R Redisplays the information of the current line.
CTRL_SHIFT_V Pastes the contents on the clipboard.
CTRL_T Kill outgoin g connection when connecting.
CTRL_U Delete all characters up to the cursor.
CTRL_W Deletes a character string or character to the left of
the cursor.
CTRL_X Deletes all the characters to the left of the cursor.
CTRL_Y Deletes all the characters to the right of the cursor.
CTRL_Z Returns to the user view.
CTRL_] Terminates the inbound or redirection connections.
ESC_B The cursor moves to the left one word space.
ESC_D Deletes a word to the right of the cursor.
ESC_F The cursor moves rightward to the end of the next
word.
ESC_N The cursor moves down to the next line.
ESC_P The cursor moves up to the previous line.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-12
Page 76
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configurati o n 3 CLI overview
Key Function
ESC_SHIFT_< Sets the position of the cursor to the beginning of the
clipboard.
ESC_SHIFT_< Sets the position of the cursor to the end of the
clipboard.
3.10.2 Defining shortcut keys
NOTE
When you define shortcut keys, use double quotation marks to define the command if it contains several
command words (that is, spaces exist in the command).
Configure shortcut keys as follows in the system view.
Action Command
Define shortcut
hotkey { CTRL_G | CTRL_L | CTRL_O } command-text
keys.
3.10.3 Using shortcut keys
z
You can press the shortcut keys wherever you can type a command. The system then
displays the full corresponding command.
z
If you type part of a command and do not press Enter, you can press the shortcut keys to
clear the input and display the full corresponding command. This operation has the same
effect as deleting all commands and then reentering the complete command.
z
The shortcut keys are run as commands; the syntax is recorded in the command buffer
and log for fault location and querying.
NOTE
The terminal in use can affect the functions of the shortcut keys. For example, if the customized shortcut
keys of the terminal conflict with those of the router, the input shortcut keys are captured by the terminal
program and, therefore, the shortcut keys do not function.
Run the following command in any view to display the shortcut keys.
Action Command
View the shortcut keys.
display hotkey
Issue 5.3 (30 March 2009) Nortel Networks Inc.
3-13
Page 77
3 CLI overview
3.11 Configuration examples
3.11.1 Example for using shortcut keys
Defining shortcut keys
Step 1 Associate Ctrl_G with the display ip routing-table command and run the shortcut keys.
<Nortel> system-view
[Nortel] hotkey ctrl_g display ip routing-table
Step 2 Press Ctrl+G when the prompt Nortel appears.
[Nortel] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
51.51.51.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.2.0.0/16 Direct 0 0 D 100.2.150.51 GigabitEthernet0/0/0
100.2.150.51/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.2.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
----End
Copying commands using shortcut keys
Step 1 Enter the command in any view.
# Move the cursor to the beginning of the command and press ESC_SHIFT_<. Move the
cursor to the end and press ESC_SHIFT_>. Then, press CTRL_Cf to copy the command.
<Nortel> display ip routing-table
Step 2 Run the display clipboard command to view the contents on the clipboard.
<Nortel> display clipboard
---------------- CLIPBOARD----------------display ip routing-table
Step 3 Press Ctrl+Shift+V to paste the contents of clipboard.
<Nortel> display ip routing-table
----End
Nortel Networks Inc. Issue 5.3 (30 March 2009)
3-14
Page 78
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
4 Basic configuration ....................................................................................................................4-1
4.1 Introduction...................................................................................................................................................4-2
4.1.1 Extension of command levels ..............................................................................................................4-2
4.1.2 Extension of user levels.......................................................................................................................4-2
4.2 Configuring the basic system environment...................................................................................................4-2
4.2.1 Establishing the configuration task ......................................................................................................4-2
4.2.2 Configuring the device name...............................................................................................................4-3
4.2.3 Configuring the system clock ..............................................................................................................4-4
4.2.4 Configuring the header text..................................................................................................................4-4
4.2.5 Configuring the password for switching user levels............................................................................4-5
4.2.6 Switching user levels...........................................................................................................................4-5
4.2.7 Locking the user interface....................................................................................................................4-6
4.2.8 Configuring command privilege levels................................................................................................4-6
4.2.9 Displaying system status messages......................................................................................................4-6
Issue 5.3 (30 March 2009) Nortel Networks Inc.
i
Page 79
Page 80
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 4 Basic configuration
4 Basic configuration
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
4.1 Introduction This section provides an introduction to basic
configuration.
4.2 Configuring the basic
system environment
This section describes how to configure the basic system
environment on the router.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
4-1
Page 81
4 Basic configuration
4.1 Introduction
Before you configure the services, you need to configure the basic system environment,
including the system name and system time.
4.1.1 Extension of command levels
By default, the product supports command levels 0 to 3, which correspond to visit, monitoring,
configuration, and management respectively. This limited number of command levels cannot
meet the requirements of managing authorization of users at the device end. In the networking
environment, the product cannot interwork with devices that support command levels 0 to 15.
By extending command levels, you can advance in batches the command levels 0 to 3 to
levels 0 to 15.
If the levels of commands are not modified separately, all the command levels are adjusted
after they are advanced in batches:
z
Commands at levels 0 and 1 remain unchanged.
z
Commands at level 2 are advanced to level 10.
z
Commands at level 3 are advanced to level 15.
z
No commands exist at levels 2 to 9 and 11 to 14.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Command levels 2 to 9 and 11 to 14 do not correspond to the visit, monitoring, configuration,
and management levels. You can adjust commands to levels 2 to 9 and 11 to 14 to manage
authorization of users.
You perform the advancement of command levels 2 and 3 to levels 10 and 15, respectively, in batches at
one time.
4.1.2 Extension of user levels
If you advance the command levels to 0 and 15, you should also advance the user levels to 0
and 15 from the previous levels 0 to 3.
4.2 Configuring the basic system environment
4.2.1 Establishing the configuration task
Applicable environment
Before you configure the services, you need to configure the basic system environment to
meet your requirements.
Preconfiguration tasks
Before you configure the basic system environment, power on the router.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
4-2
Page 82
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 4 Basic configuration
Data preparation
To configure the basic system environment, you need the following data.
No. Data
1 Language mode
2 System time
3 Host name
4 Password for switching user levels
5 Command level
6 Logon information
Configuration procedures
No. Procedure
1 Configuring the device name
2 Configuring the system clock
3 Configuring the header text
4 Configuring the password for switching user levels
5 Switching user levels
6 Locking the user interface
7 Configuring command privilege levels
8 Displaying system status messages
4.2.2 Configuring the device name
Do as follows on the router:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
sysname host-name
This command configures the device name.
----End
Issue 5.3 (30 March 2009) Nortel Networks Inc.
4-3
Page 83
4 Basic configuration
You can change the name of the router that appears in the command prompt.
4.2.3 Configuring the system clock
Do as follows on the router:
Step 1 Run:
clock datetime HH:MM:SS YYYY-MM-DD
This command configures the Universal Time Coordinate (UTC) standard time.
Step 2 Run:
clock timezone time-zone-name { add | minus } offset
This command configures the time zone.
Step 3 Run:
clock daylight-saving-time time-zone-name one-year start-time start-data end-time
end-data offset
Or:
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
clock daylight-saving-time time-zone-name repeating start-time {{ first | second | third
| fourth | fifth | last } weekday month | start-date } end-time { end-year month { first
| second | third | fourth | fifth | last } weekday month | end-date } offset [ start-year
[ end-year ] ]
This command configures daylight saving time.
----End
To guarantee compatibility with other devices, you must accurately set the system time. You
can also configure the time zone and daylight saving time.
4.2.4 Configuring the header text
Do as follows on the router:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
header login { information text | file file-name }
This command configures the header text during logon.
Step 3 Run:
header shell { information text | file file-name }
This command configures the header text after logon.
----End
Nortel Networks Inc. Issue 5.3 (30 March 2009)
4-4
Page 84
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 4 Basic configuration
Header text is the prompt displayed by the system when users connect to the router, log on, or
begin configuration. Configure the header text to provide detailed information.
4.2.5 Configuring the password for switching user levels
z
When simple password is used, the password is saved in the configuration files in simple
text. Logon users with a lower access level can retrieve the password by viewing the
configuration. This can cause security problems. Therefore, you can use cipher to save the
password in encrypted text.
z
When cipher password is used, the password cannot be retrieved from the system. Do not
lose or forget the password.
Do as follows on the router:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
super password [ level user-level ] { simple | cipher } password
This command configures the password for switching user levels.
----End
When users log on to the router with a lower user level, they can switch to a super user level
to perform advanced operations by entering the corresponding password. The password must
be preconfigured.
4.2.6 Switching user levels
Do as follows on the router:
Run:
super [ level ]
This command switches the user level.
To switch from a lower level to a higher level, the user must enter an accurate password.
When configuring the switchover of user levels on the router, you can perform HWTACACS
authentication. For configuration details, see Nortel Secure Router 8000 Series Configuration
Guide - Security (NN46240-600).
Issue 5.3 (30 March 2009) Nortel Networks Inc.
4-5
Page 85
4 Basic configuration
NOTE
When a logon user of a lower level switches to a higher level through super, the system automatically
sends trap messages and records the switchover in the log. When the user switches to a lower level, the
system only records the switchover in the log.
Configuration Guide - Basic Configuration
4.2.7 Locking the user interface
Do as follows on the router:
Run:
lock
This command locks the user interface.
When you leave the terminal, you can lock the user interface to prevent unauthorized users
from operating the interface. You must enter the correct password to unlock the user interface.
4.2.8 Configuring command privilege levels
Do as follows on the router:
Step 1 Run:
Nortel Secure Router 8000 Series
system-view
The system view appears.
Step 2 Run:
command-privilege level rearrange
This command advances the command levels in batches.
Step 3 Run:
command-privilege level level view view-name command-key
This command configures the command level.
----End
NOTE
z
All commands have default views and privileges and need not be reconfigured.
z
When you run the command-privilege level rearrange command, the system prompts you to
configure a super password that corresponds to level-15 users, if it is not already configured. If N is
selected, you need to set a password. If Y is selected, the command levels are advanced in batches.
In the latter case, the user levels can be advanced only when you log on to the router through the
console port.
4.2.9 Displaying system status messages
You can use the display commands to view the following status messages:
z
system configuration message
z
system working status message
z
system statistics message
z
restart message on Active Main Board (AMB)
Nortel Networks Inc. Issue 5.3 (30 March 2009)
4-6
Page 86
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 4 Basic configuration
The following sections show only the system display commands. For information about
display commands for protocols and interfaces, see the related sections in this document.
You can run the following commands in all views.
Commands displaying system configuration
Run the following commands as required:
z
display version: displays the system edition.
z
display clock: displays the system time.
z
display users [ all ]: displays the terminal user.
z
display saved-configuration: displays the original configuration.
z
display current-configuration: displays the current configuration.
Commands displaying system status
Run the following commands as required:
z
display debugging [ interface interface-type interface-number ] [ module-name ]:
displays the debugging status.
z
display this: displays the configuration of the current view.
Commands displaying system statistics
Run the following commands as required:
z
display diagnostic-information [ file-name ]: displays system diagnosis information.
When the system fails or performs routine maintenance, you need to collect detailed
information to locate the fault. However, there are many display commands. You can use the
display diagnostic-information command to collect the running information of the current
modules in the system.
The display diagnostic-information command collects all display information of the
following commands: display clock, display version, display cpu , display interface,
display current-configuration, display saved-configuration, and display
history-command.
Displaying RPU restart information
Run one or both of the following commands as required:
z
display system restart: displays information about the last 10 AMB restarts.
z
display system slave-restart: displays information abo ut the las t 10 Slave Ma in B oard
(SMB) restarts.
The restart time and possible causes are displayed.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
4-7
Page 87
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Contents
5 User management.......................................................................................................................5-1
5.1 Introduction...................................................................................................................................................5-2
5.1.1 User interface view..............................................................................................................................5-2
5.1.2 User management.................................................................................................................................5-3
5.2 Configuring a user interface..........................................................................................................................5-4
5.2.1 Establishing the configuration task ......................................................................................................5-4
5.2.2 Transmitting m essages between user interfaces...................................................................................5-6
5.2.3 Configuring asynchronous interface attributes ....................................................................................5-6
5.2.4 Setting terminal attributes....................................................................................................................5-6
5.2.5 Configuring the user interface priority.................................................................................................5-7
5.2.6 Configuring modem attributes.............................................................................................................5-8
5.2.7 Configuring an auto-execute command...............................................................................................5-8
5.2.8 Configuring the redirection function....................................................................................................5-9
5.2.9 Configuring the call-in or call-out restrictions of the VTY user interface ...........................................5-9
5.2.10 Configuring the maximum number of VTY user interfaces.............................................................5-10
5.2.11 Configuring the authentication timeout for VTY users....................................................................5-10
5.2.12 Disconnecting a user interface.........................................................................................................5-11
5.2.13 Checking the configuration..............................................................................................................5-11
5.3 Configuring user management....................................................................................................................5-12
5.3.1 Establishing the configuration task ....................................................................................................5-12
5.3.2 Configuring the authentication mode.................................................................................................5-12
5.3.3 Configuring the authentication password...........................................................................................5-13
5.3.4 Configuring the user name and password for AAA local authentication...........................................5-13
5.3.5 Configuring the user priority..............................................................................................................5-14
5.3.6 Checking the configuration................................................................................................................5-14
5.4 Configuring local user management............................................................................................................5-14
5.4.1 Establishing the configuration task ....................................................................................................5-14
5.4.2 Creating the local user account..........................................................................................................5-15
5.4.3 Configuring the service type of the local user....................................................................................5-16
5.4.4 Configuring FTP directory authority for the local user......................................................................5-16
5.4.5 Configuring the local user status........................................................................................................5-16
5.4.6 Configuring the local user priority.....................................................................................................5-17
Issue 5.3 (30 March 2009) Nortel Networks Inc.
i
Page 88
Nortel Secure Router 8000 Series
5.4.7 Configuring the access restriction of the local user ...........................................................................5-17
5.4.8 Checking the configuration................................................................................................................5-18
5.5 Configuration examples..............................................................................................................................5-18
5.5.1 Example of logging on to the router through password authentication..............................................5-18
5.5.2 Example of logging on to the router through AAA............................................................................5-19
Configuration Guide - Basic Configuration
Nortel Networks Inc. Issue 5.3 (30 March 2009)
ii
Page 89
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Tables
Table 5-1 Examples of absolute numbering........................................................................................................5-2
Issue 5.3 (30 March 2009) Nortel Networks Inc.
iii
Page 90
Page 91
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 5 User management
5 User management
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
5.1 Introduction ser
5.2 Configuring a user
interface
5.3 Configuring user scribes how to manage and authenticate
management
5.4 Configuring local user
management
5.5 Configuration examples This section provides examples for logging on to the
This section describes the basic concepts of the u
interface and user
This section describes how to configure and manage the
physical and logical interfaces i
interactive mode.
This section de
users that log on to the router.
This secti
management.
router.
on describes how to configure local user
management.
n asynchronous
Issue 5.3 (30 March 2009) Nortel Networks Inc.
5-1
Page 92
5 User management
5.1 Introduction
This section describes the concepts you need to know before you configure user management:
z
User interface view
z
User management
5.1.1 User interface view
The user interface view is a command line view that you can use to configure and manage all
the physical and logical interfaces in asynchronous mode.
User interfaces supported by the system
The system supports the following user interfaces:
z
Console port (CON)—The console port is a serial port provided by the main control unit
of the router. The main control unit provides one EIA/TIA-232 DCE console port for
local configuration by directly connecting a terminal to a router.
z
Auxiliary port (AUX)—The main control unit of a router provides the auxiliary port,
which is a line device port. The main control unit has one EIA/TIA-232 DTE AUX port,
and is used by a terminal to access the router through the modem.
z
Virtual type line (VTY)—The virtual port is a logical terminal line. A VTY is the Telnet
connection with the router through a terminal, and is used for local or remote access to
the router.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
User interface numbering
The user interface numbering methods are as follows:
z
Relative numbering—The format of relative numbering is user interface type + number.
Relative numbering is used to uniquely identify a single interface or a group of user
interfaces of the same type. It must comply with the following rules:
− Number of the console port: CON 0
− Number of the auxiliary port: AUX 0
− Number of the VTY: VTY 0 for the first line, VTY 1 for the second line, and so on
z
Absolute numbering—Specifies a user interface or a group of user interfaces.
The starting number is 0 and the rest is in the sequence of CON > AUX > VTY. There is
only a single console port and AUX port and 15 VTY interfaces. You can use the
user-interface maximum-vty command to set the maximum number of user interfaces.
The default number is 5.
Table 5-1 shows the absolute numbers of the user interfaces in the system.
Table 5-1 Exam ples of absolut e num bering
Absolute number User interface
0 CON0
33 AUX0
Nortel Networks Inc. Issue 5.3 (30 March 2009)
5-2
Page 93
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 5 User management
Absolute number User interface
34 The first virtual interface (VTY0)
35 The second virtual interface (VTY1)
36 The third virtual interface (VTY2)
37 The fourth virtual interface (VTY3)
38 The fifth virtual interface (VTY4)
NOTE
For different types of devices, the absolute numbers of the AUX interface and the VTY interface may
vary.
The numbers from 1 to 32 are reserved for TTY user interfaces.
Run the display user-interface command to view the ab solute number of user interfaces.
5.1.2 User management
When a router is powered on for the first time, the user name and password are not configured.
As a result, any user can configure the router by connecting a PC through the console port.
A remote user can access the router through Telnet if the router is configured with the IP
address of the Routing Process Unit
accesses the network by establishing a Point-to-Point Protocol (PPP) connection with the
router.
Configure the user name and password for the router to ensure network security and to
improve user management.
User classification
Users of a router are classified as follows, based on the available services:
z
z
z
z
z
(RPU) or that of the interface board. The remote user
HyperTerminal users: Access the router through the console port or the AUX port.
Telnet users: Access the router through Telnet.
File Transfer Protocol (FTP) users: Establish FTP connections with the router to transfer
files.
Point-to-Point Protocol (PPP) users: Establish PPP connections (such as dialing and
PPPoA) with the router to access the network.
Secure Shell (SSH) users: Establish SSH connections with the router to access the
network.
User level
The system provides hierarchical management of HyperTerminal users and Telnet users.
Logon users have the same 16 levels as commands. They are marked from 0 to15. The higher
the mark, the higher the priority.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
5-3
Page 94
5 User management
A user can access commands with a level equal to or lower than the user’s level. For example,
if the user level is 2, the user can access commands with the level 0, 1, or 2. A user with the
level 3 can access all the commands.
NOTE
For information about command levels, see Chapter 3, “CLI Overview.”
User authentication
After user configuration, the system authenticates users when they access the router. The four
types of user authentication are as follows:
z
Nonauthentication: A user accesses the router without the user name and password. This
type is not recommended due to security reasons.
z
Password authentication: A user accesses the router with only the password, but not the
user name. This type is safer than nonauthentication.
z
Authentication, Authorization and Accounting (AAA) authentication: AAA supports
local authentication and remote authentication. A user requires both the user name and
password to access the router in local authentication. The remote authentication scheme
cooperates with the AAA server, which authenticates PPP users.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
AAA local authentication authenticates Telnet and HyperTerminal users.
User planning
The network administrator provides a user plan based on specific requirements:
z
At least one HyperTerminal user is created on a router.
z
A Telnet user is created for remote access.
z
An FTP user uploads or downloads files on a router from a remote location.
z
A PPP user can access networks through PPP connections.
NOTE
z
For information about configuring FTP users, see Chapter 8, “FTP, TFTP, and Xmodem.”
z
For information about configuring PPP users, see Nortel Secure Router 8000 Series Configuration
Guide - Security (NN46240-600).
5.2 Configuring a user interface
5.2.1 Establishing the configuration task
Applicable environment
To guarantee a secure logon, do as follows:
z
Confirm the user interface type and configure the logon parameters for the user interface.
z
Classify the logon user level and configure the authentication mode for the user.
z
Configure the terminal services.
This section describes how to configure a user interface.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
5-4
Page 95
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 5 User management
Preconfiguration tasks
Before you configure a user interface, complete the following tasks:
z
Power on the router.
z
Connect the PC with the router.
Data preparation
To configure a user interface, you need the following data.
No. Data
1 Transmission rate (optional)
2 Flow control mode (optional)
3 Parity mode (optional)
4 Stop bits (optional)
5 Data bits (optional)
6 Terminal user timeout (optional)
7 Length of the terminal screen (optional)
NOTE
The default values for these data items are stored on the router and do not need additional configuration.
Configuration procedures
No. Procedure
1 Transmitting messages between user interfaces
2 Configuring asynchronous interface attributes
3 Setting terminal attributes
4 Configuring the user interface
5 Configuring modem attributes
6 Configuring an auto-execute command
7 Configuring the redirection function
8 Configuring the call-in or call-out restrictions of the VTY user interface
9 Configuring the maximum number of VTY user interfaces
10 Configuring the authentication timeout for VTY users
11 Disconnecting a user interface
12 Checking the configuration
Issue 5.3 (30 March 2009) Nortel Networks Inc.
5-5
Page 96
Nortel Secure Router 8000 Series
5 User management
NOTE
You can configure one or more user interfaces simultaneously in any view.
Configuration Guide - Basic Configuration
5.2.2 Transmitting messages between user interfaces
Do as follows on the router that the user logs on to:
Run:
send { all | ui-number | ui-type ui-number1 }
The message is transmitted between the user interfaces.
5.2.3 Configuring asynchronous interface attributes
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view appears.
Step 3 (Optional) Run:
speed speed-value
The transmission rate is set.
By default, the transmission rate is 9600 bit/s. By default, the value is 9600 bit/s.
Step 4 (Optional) Run:
flow-control { hardware | none | software }
The flow control mode is set. By default, the flow-control mode is none.
Step 5 (Optional) Run:
parity { even | mark | none | odd | space }
The parity mode is set.
By default, the value is none.
Step 6 (Optional) Run:
stopbits { 1.5 | 1 | 2 }
The stop bit is set.
By default, the value is 1 bit.
Step 7 (Optional) Run:
databits { 5 | 6 | 7 | 8 }
The data bit is set.
Nortel Networks Inc. Issue 5.3 (30 March 2009)
5-6
Page 97
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 5 User management
By default, the data bit is 8.
----End
5.2.4 Setting terminal attributes
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view appears.
Step 3 Run:
Shell
The terminal service starts.
Step 4 Run:
idle-timeout minutes [ seconds ]
This command configures the timeout period.
Step 5 Run:
screen-length screen-length
This command configures the terminal screen length.
Step 6 Run:
history-command max-size size-value
This command configures the history command buffer.
----End
5.2.5 Configuring the user interface priority
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view appears.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
5-7
Page 98
5 User management
Step 3 Run:
user privilege level level
This command configures the priority of the user interface.
----End
5.2.6 Configuring modem attributes
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface aux 0
The user interface view appears.
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Step 3 Run:
modem timer answer seconds
This command configures the interval between the system receiving the ring signal and
waiting for CD_UP. The interval is the time from the modem answer to carrier detection.
Step 4 Run:
modem auto-answer
This command configures automatic answer.
Step 5 Run:
modem [ both | call-in ]
This command configures incoming and outgoing calls.
----End
5.2.7 Configuring an auto-execute command
z
Use the auto-execute command command carefully because it can cause failure of the
system configuration through the user interface.
z
Before you configure this command and save the configuration, ensure that you can
remove the configuration by logging on to the system in other ways, such as logging on
the router through the console port
Do as follows on the router that the user logs on to:
Nortel Networks Inc. Issue 5.3 (30 March 2009)
5-8
Page 99
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 5 User management
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface aux 0
The user interface view appears.
Step 3 Run:
auto-execute command command
This command configures the auto-execute command.
----End
5.2.8 Configuring the redirection function
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view appears.
Step 3 Run:
redirect
This command enables the Telnet redirection function.
----End
5.2.9 Configuring the call-in or call-out restrictions of the VTY user interface
Do as follows on the router that the user logs on to:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view appears.
Issue 5.3 (30 March 2009) Nortel Networks Inc.
5-9
Page 100
5 User management
Step 3
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Run:
acl acl-number { inbound | outbound }
This com
mand configures the call-in and call-out restrictions of the VTY user interface.
----End
5.2.10 Confi f VTY user interfaces
Step 1
Step 2
guring the maximum number o
follows on the router that the user logs on to:
Do as
Run:
system-view
stem view appears.
The sy
Run:
user-interface maximum-vty number
This com
mand configures the maximum number of VTY user interfaces.
----End
In Step 2, y
ou can configure the maximum number of users that can log on to the router at the
same time.
If the maximum number of VTY user interfaces that you configure is
less than the current
maximum number of interfaces, no other configuration is required.
If the maximum number of VTY user interfaces that you configure is greater than the current
maximum number of interfaces, you must configure the authent ica tion mode and password
for the newly added user interfaces. By de
fault, the newly added user interfaces use password
authentication. The prompt is as follows:
Warning:Login password has not been set!
For example, if the current maximum number of VTY users is 5 and you need to change th
maximum number to 15, run the authentication-mode and set authentication password
commands to configure the authentication m
interfaces. The configura
<Nortel> system-view
[Nortel] user-interface maximum-vty 15
[Nortel] user-interface vty 5 14
[Nortel-ui-vty5-14] authentication-mode password
[Nortel-ui-vty5-14] set authentication password cipher nortel
5.2.11 Confi out for VTY users
Step 1
guring the authentication time
follows on the router that the user logs on to:
Do as
Run:
system-view
tion is as follows:
ode and the password for 5-14 VTY user
e
stem view appears.
The sy
Nortel Networks Inc. Issue 5.3 (30 March 2009)
5-10
Loading...