Nortel 8300 Important Notice
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Router
  5. 8300 Series
  6. Important notice
Nortel 8300 Important Notice

Nortel 8300 Important Notice

Ethernet routing switch administration and security
Hide thumbs Also See for 8300:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Reference Manual
Nortel Ethernet Routing Switch 8300
Important Notice —
Administration and Security
NN46200-601
(216512-D Rev 01)
.

Advertisement

Table of Contents
loading

Related Manuals for Nortel 8300

Summary of Contents for Nortel 8300

  • Page 1 Nortel Ethernet Routing Switch 8300 Important Notice — Administration and Security NN46200-601 (216512-D Rev 01)

  • Page 2: Restricted Rights Legend

    In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to the products described in this document without notice. Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.
  • Page 4 The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. This License Agreement is governed by the laws of the country, in which Customer acquires the Software. If the Software is acquired in the United States, this License Agreement is governed by the laws of the...

  • Page 5: Table Of Contents

    Securing the network management interface with access policies 20 Tables Table 1 Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks Secure and non-secure protocols 15 Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007...
  • Page 6 6 Contents Nortel Ethernet Routing Switch 8300 Important Notice — Administration and Security NN46200-601 3.01 Standard 4.0 27 August 2007 Copyright © 2005-2007, Nortel Networks...

  • Page 7: New In This Release

    "Nortel Secure Network Access" (page changes. Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks 7)section details what is new in Important Notice — Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007 10)for information about feature...
  • Page 8 8 New in this release Nortel Ethernet Routing Switch 8300 Important Notice — Administration and Security NN46200-601 3.01 Standard 4.0 27 August 2007 Copyright © 2005-2007, Nortel Networks...

  • Page 9: Administration And Security

    To maintain the security of your network, Nortel recommends that you disable all non-secure protocols that can be used to communicate with the Ethernet Routing Switch 8300. For more information about network security issues, see Nortel Ethernet Routing Switch 8300 Configuration —...

  • Page 10: Nortel Secure Network Access

    Windows • file system verification and enforcement NSNA supports controlled network access for end users on a Nortel ERS 8300 port. A PC or desktop end user gradually gains access to the corporate network by completing the following: • authentication •...

  • Page 11: Nsna Features

    VoIP traffic to go to anywhere but to a specific subnet. This subnet is specified by the VoIP VLAN. NSNA features NSNA on the Nortel ERS 8300 includes the following features: • "MAC authentication" (page 11) •...

  • Page 12: Port Authentication Modes

    For information about configuring NSNA, see Configuring and Managing Security using the CLI and NNCLI (NN46200-503) and Configuring and Managing Security using Device Manager (NN46200-508). Port authentication modes Nortel supports three modes of port authentication on the ERS 8300: • Default mode •...

  • Page 13: Radius Accounting And Profiling

    SSH Authentication Protocol (SSH-AUTH) • SSH Connection Protocol (SSH-CONN) For more information about SSH v1/v2 and Secure Copy, refer to Nortel Ethernet Routing Switch 8300 Configuration — Security using CLI and NNCLI (NN46200-503) and Nortel Ethernet Routing Switch 8300 Configuration — Security using Device Manager (NN46200-508).

  • Page 14: Password And Snmp Community String Encryption

    14 Administration and Security Password and SNMP community string encryption In the Ethernet Routing Switch 8300 Software Release 2.2, passwords and community strings are stored in encrypted format and are not stored in the configuration file. If the switch is booted for the first time with the Software Release 2.2 image, the community strings are reset to default values and a...

  • Page 15: Secure And Non-Secure Protocols

    SNMPv1, SNMPv2 Rlogin HTTP * Nortel recommends that you use SSHv2 instead of SSHv1. † The DES image must be loaded on the switch to use SNMPv3. ‡ Nortel recommends that you use SSHv2 instead of SSHv1. Disabling non-secure protocols...

  • Page 16: Disabling And Enabling Snmpv1 Or Snmpv2

    ERS-8310:5(config)#no bootconfig flags block-snmp Disabling FTP/TFTP You use the FTP and TFTP protocols to transfer configuration files to and from the Ethernet Routing Switch 8300 device. Use the following commands to disable the FTP and TFTP protocols. CLI interface config bootconfig flags ftpd false...

  • Page 17: Disabling Http

    Enabling secure protocols The following sections describe typical applications for a secure protocol, and how to enable the protocol on the Ethernet Routing Switch 8300. Enabling SSH and SCP To enable the SSH and SCP protocols, you must load the DES encryption image into the Ethernet Routing Switch 8000 Series memory.
  • Page 18 — secure disables SSH and enables non-secure services or use the following NNCLI command in the global configuration mode, which is split as follows: Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007...
  • Page 19 The default value is 60 (seconds). • Use the following CLI command to set the SSH version: Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007 Enabling secure protocols 19...

  • Page 20: Enabling Snmpv3

    Enabling SNMPv3 To enable the SNMPv3 protocol, you must load the DES encryption image into the Ethernet Routing Switch 8300 switch memory. You can obtain the DES encryption image from the Nortel web site. For more information about configuring and enabling SNMPv3, refer to Nortel Ethernet Routing Switch 8300 Configuration —...
  • Page 21 Nortel Ethernet Routing Switch 8300 Configuration — Security using CLI and NNCLI (NN46200-503) and Nortel Ethernet Routing Switch 8300 Configuration — Security using Device Manager (NN46200-508). After you create access policies, enable the access policy feature using the...
  • Page 22 NYK>:5(config)# access-policy policy 2 ftp Allowing network management access for a specific station With the following set of commands, you can create a policy to access the switch for the specified station through SNMP and telnet services only. CLI Interface NYK>:5/config/sys/access-policy# policy 3 NYK>:5/config/sys/access-policy/policy/3# create...
  • Page 23 NYK>:5/config/sys/access-policy/policy/1/service# snmp enable NYK>:5/config/sys/access-policy/policy/1/service# telnet enable NYK>:5/config/sys/access-policy/policy/1/service# tftp enable NYK>:5/config/sys/access-policy/policy/1/service# ftp enable NNCLI Interface Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007 Enabling secure protocols 23...
  • Page 24 NYK>:5(config)# access-policy policy 1 snmp NYK>:5(config)# access-policy policy 1 telnet NYK>:5(config)# access-policy policy 1 tftp NYK>:5(config)# access-policy policy 1 ftp Important Notice — Administration and Security Copyright © 2005-2007, Nortel Networks Nortel Ethernet Routing Switch 8300 NN46200-601 3.01 Standard 4.0 27 August 2007...
  • Page 26 To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback *Nortel, Nortel Networks, the Nortel logo and the Globemark are trademarks of Nortel Networks. IEEE is a trademark of the Institute of Electrical and Electronics Engineers, Inc.

Table of Contents