In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to the products described in this document without notice. Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3
(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.
Page 4
The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. This License Agreement is governed by the laws of the country, in which Customer acquires the Software. If the Software is acquired in the United States, this License Agreement is governed by the laws of the...
To maintain the security of your network, Nortel recommends that you disable all non-secure protocols that can be used to communicate with the Ethernet Routing Switch 8300. For more information about network security issues, see Nortel Ethernet Routing Switch 8300 Configuration —...
Windows • file system verification and enforcement NSNA supports controlled network access for end users on a Nortel ERS 8300 port. A PC or desktop end user gradually gains access to the corporate network by completing the following: • authentication •...
VoIP traffic to go to anywhere but to a specific subnet. This subnet is specified by the VoIP VLAN. NSNA features NSNA on the Nortel ERS 8300 includes the following features: • "MAC authentication" (page 11) •...
For information about configuring NSNA, see Configuring and Managing Security using the CLI and NNCLI (NN46200-503) and Configuring and Managing Security using Device Manager (NN46200-508). Port authentication modes Nortel supports three modes of port authentication on the ERS 8300: • Default mode •...
SSH Authentication Protocol (SSH-AUTH) • SSH Connection Protocol (SSH-CONN) For more information about SSH v1/v2 and Secure Copy, refer to Nortel Ethernet Routing Switch 8300 Configuration — Security using CLI and NNCLI (NN46200-503) and Nortel Ethernet Routing Switch 8300 Configuration — Security using Device Manager (NN46200-508).
14 Administration and Security Password and SNMP community string encryption In the Ethernet Routing Switch 8300 Software Release 2.2, passwords and community strings are stored in encrypted format and are not stored in the configuration file. If the switch is booted for the first time with the Software Release 2.2 image, the community strings are reset to default values and a...
SNMPv1, SNMPv2 Rlogin HTTP * Nortel recommends that you use SSHv2 instead of SSHv1. † The DES image must be loaded on the switch to use SNMPv3. ‡ Nortel recommends that you use SSHv2 instead of SSHv1. Disabling non-secure protocols...
ERS-8310:5(config)#no bootconfig flags block-snmp Disabling FTP/TFTP You use the FTP and TFTP protocols to transfer configuration files to and from the Ethernet Routing Switch 8300 device. Use the following commands to disable the FTP and TFTP protocols. CLI interface config bootconfig flags ftpd false...
Enabling secure protocols The following sections describe typical applications for a secure protocol, and how to enable the protocol on the Ethernet Routing Switch 8300. Enabling SSH and SCP To enable the SSH and SCP protocols, you must load the DES encryption image into the Ethernet Routing Switch 8000 Series memory.
Enabling SNMPv3 To enable the SNMPv3 protocol, you must load the DES encryption image into the Ethernet Routing Switch 8300 switch memory. You can obtain the DES encryption image from the Nortel web site. For more information about configuring and enabling SNMPv3, refer to Nortel Ethernet Routing Switch 8300 Configuration —...
Page 21
Nortel Ethernet Routing Switch 8300 Configuration — Security using CLI and NNCLI (NN46200-503) and Nortel Ethernet Routing Switch 8300 Configuration — Security using Device Manager (NN46200-508). After you create access policies, enable the access policy feature using the...
Page 22
NYK>:5(config)# access-policy policy 2 ftp Allowing network management access for a specific station With the following set of commands, you can create a policy to access the switch for the specified station through SNMP and telnet services only. CLI Interface NYK>:5/config/sys/access-policy# policy 3 NYK>:5/config/sys/access-policy/policy/3# create...
Page 26
To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback *Nortel, Nortel Networks, the Nortel logo and the Globemark are trademarks of Nortel Networks. IEEE is a trademark of the Institute of Electrical and Electronics Engineers, Inc.