Nortel Secure Router 4134 Commissioning NN47263-302 (323249-A) .
Document status: Standard Document version: 01.02 Document date: 2 August 2007 Copyright © 2007, Nortel Networks All Rights Reserved. This document is protected by copyright laws and international treaties. All information, copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks.
Contents New in this release 5 Features 5 User names and passwords 5 System administrator account 5 Alarms and system status 5 Introduction 7 Prerequisites 7 Navigation 7 Secure Router 4134 commissioning 9 Prerequisites 9 Secure Router 4134 commissioning procedures 9 Secure Router 4134 commissioning navigation 11 Commissioning configuration procedures Gathering required information 13 Procedure job aid 13 Connecting a terminal for local access 14 Prerequisites 15 Powering up the Secure Router 41
Contents Configuring the Telnet banner 27 Configuring the Telnet timeout 28 Configuring the host name 29 Configuring the static default route 29 Verifying the next-hop connection 30 Prerequisites 30 Configuring the date 30 Configuring the time 31 Configuring the SNTP client 32 Changing the admin user password 32 Changing the administrator account name 33 Adding users 34 Procedure job aid 35 Removing users 35 Configuring FTP users 36 Pinging a device 36 Prerequisites 36 Saving a configuration 37 Rebooting
New in this release The following section details what’s new in Nortel Secure Router 4134 — Commissioning (NN47263-302) for Release 10.0. Features See the following sections for information about feature changes: • "User names and passwords" (page 5) • "System administrator account" (page 5) • "Alarms and system status" (page 5) User names and passwords The system administrator (the only user with level 1 access) can identify users (that is, login names) who can access the Secure Router 4134.
New in this release Nortel Secure Router 4134 Commissioning NN47263-302 01.02 Standard 10.0 2 August 2007 Copyright © 2007, Nortel Networks .
Introduction This document provides information about the recommended method to commission the Secure Router 4134. For a complete list of Command Line Interface (CLI) commands that you use to monitor and configure the Secure Router 4134, see Nortel Secure Router 4134 — Command Line Reference (NN47263-507). Prerequisites • Hardware installation is complete. • You must have a console cable to connect to the console port on the rear panel of the router.
Introduction Nortel Secure Router 4134 Commissioning NN47263-302 01.02 Standard 10.0 2 August 2007 Copyright © 2007, Nortel Networks .
Secure Router 4134 commissioning You commission the Secure Router 4134 to prepare the unit for software feature configuration. Commissioning includes tasks such as establishing communication with the system, defining boot parameters, configuring usernames and passwords, and establishing remote access. Prerequisites • Ensure the Secure Router 4134 is securely installed in an equipment rack.
Secure Router 4134 commissioning Figure 1 Secure Router 4134 commissioning procedures Nortel Secure Router 4134 Commissioning NN47263-302 01.02 Standard 10.0 2 August 2007 Copyright © 2007, Nortel Networks .
Secure Router 4134 commissioning navigation Figure 2 Secure Router 4134 commissioning procedures (continued) Secure Router 4134 commissioning navigation • "Gathering required information" (page 13) • "Connecting a terminal for local access" (page 14) Nortel Secure Router 4134 Commissioning NN47263-302 01.02 Standard 10.0 2 August 2007 Copyright © 2007, Nortel Networks .
Secure Router 4134 commissioning • "Powering up the Secure Router 4134" (page 16) • "Logging in to the Secure Router 4134" (page 19) • "Defining boot parameters" (page 20) • "Enabling the management LAN port" (page 22) • "Configuring SSH" (page 24) • "Enabling FTP, TFTP, and Telnet" (page 25) • "Verifying the Telnet connection" (page 25) • "Viewing Telnet server settings" (page 26) • "Clearing a Telnet session" (page 26) • "Configuring the Telnet banner" (page 27) • "Configuring the
Commissioning configuration procedures This section includes the recommended method to commission the Secure Router 4134, while ensuring that you limit unauthorized access to the router. Commissioning is the first step following hardware installation. The commissioning task includes the initial procedures required to bring the router online, and to configure appropriate access for remote users.
Commissioning configuration procedures Required information Sample entries Next hop IP address for static route to hosts and servers 11.12.13.14/24 IP address of hosts and servers that access the Secure Router 4134 a.b.c.d/32 Record information here The following figure is an example of a commissioning scenario showing the basic configuration requirements including host name, management interface, and terminals.
Connecting a terminal for local access 15 ATTENTION When powering up for the first time, Nortel recommends that you use a direct console connection to the Secure Router 4134. After you have completed the initial configuration, you can use a remote connection for router management.
Commissioning configuration procedures Figure 4 Connect a local terminal to the Secure Router 4134 Powering up the Secure Router 4134 Power up the Secure Router 4134 to initiate the power-on diagnostics test. The Secure Router 4134 indicates the resulting pass or fail with status LEDs, and by logging results in the event log. Average time for the Secure Router to boot up: 5 minutes. Prerequisites • The Secure Router 4134 is securely mounted and grounded.
Powering up the Secure Router 4134 17 ATTENTION When powering up for the first time, Nortel recommends that you use a direct console connection to the Secure Router 4134. After you have completed the initial configuration, you can use a remote connection for router management. Procedure steps (AC power) Step Action 1 Turn on one power switch at a time (if you installed two AC power supplies). Power switches are on the rear panel of the Secure Router 4134.
Commissioning configuration procedures 2 Verify that diagnostic testing is underway by observing the startup messages on your local terminal. 3 Once the router completes the self-diagnostics tests, verify that the System LED and the power LEDs that correspond to the power supplies installed on your router (PS0 and PS1) are green. 4 Verify that the fan LED on the rear panel of the Secure Router 4134 is green, and air is flowing through the unit.
Logging in to the Secure Router 4134 19 Figure 5 Accessing the bootrom command menu If you accidentally enter the bootrom command menu, you can exit that command menu and restart the normal boot sequence by pressing @ on your keyboard. For detailed information on using the bootrom command menu, see Nortel Secure Router 4134 — Troubleshooting (NN47263-700).
Commissioning configuration procedures Prerequisites • You have securely mounted the Secure Router 4134 in an equipment rack. • You have connected a local terminal to the console port on the rear panel of the Secure Router 4134. • You have powered up the Secure Router 4134. • The boot sequence is complete.
Defining boot parameters 21 Example of defining boot parameters Step Action 1 Access configuration mode: configure terminal 2 Define boot parameters: boot_params The router returns the following: WARNING : Configuration changes not yet saved! 3 When prompted, enter the name of the device from which you prefer the router boots: Boot dev [ftp,cf0,cf1,usb0]: cf0 4 Enter the boot file name (the router provides this information if you have previously configured it): Boot file name: SR4134.
Commissioning configuration procedures 13 Enter the number (0, 1, or 2) that corresponds to the type of bootrom image update that you prefer, or enter 3 if you prefer to not update the bootrom image: Save bootrom image [0:AutoUpdate,1:NormalBTupd,2:GoldenBTupd,3:NoUpd]: 0 If you select 0, 1, or 2, the router returns the following: BOOT PARAMETERS HAVE BEEN SAVED.
Enabling the management LAN port 23 Figure 6 Management port on the rear panel of the Secure Router 4134 Prerequisites • You must be connected to the Secure Router 4134 through the console port. See "Connecting a terminal for local access" (page 14) for information about connecting a terminal to the console port. • You must log in as a user with sufficient permissions to configure the Secure Router 4134. • You must have the IP address and netmask that you want to assign to the management port.
Commissioning configuration procedures configure terminal 2 To identify the management port for configuration, enter: interface ethernet 0/0 3 To configure the management port IP address, enter: ip address —End— Table 2 Variable definitions Variable Value The IP address that you assign to the management port. For example, 10.11.12.13. The network mask that you assign to the management port IP address. For example, 255.255.255.0.
Verifying the Telnet connection 25 save local —End— Enabling FTP, TFTP, and Telnet The default configuration for the Secure Router 4134 includes FTP, TFTP, and Telnet servers disabled. You can enable any and all of these servers to allow this type of access to the Secure Router 4134. Prerequisites • You must assign an IP address to the Secure Router 4134.
Commissioning configuration procedures Procedure steps Step Action 1 To start a Telnet session from your workstation, enter: telnet 2 To log in, enter: login: admin password: setup —End— Viewing Telnet server settings View the Telnet server settings for information about the status of the Telnet server (enabled or disabled) and the Telnet session timeout value.
Configuring the Telnet banner 2 27 To clear a specific Telnet session, enter: clear telnet_session —End— Table 3 Variable definitions Variable Value The Telnet session sequence number. Enter a value from 1 to 16. To quickly disconnect all Telnet sessions, use the command: clear telnet_sessions Configuring the Telnet banner You can customize the banner that appears when users access the router using Telnet services. When configuring the Telnet banner, use \n to begin a new line.
Commissioning configuration procedures Table 4 Variable definitions Variable Value [banner1] An optional parameter that you use to extend the banner text. If you require the banner text be more than 255 characters in length, use banner1 to continue the banner text. [banner2] An optional parameter that you use to extend the banner text. The banner text that you want to appear in Telnet sessions. The banner text can be up to 255 characters in length.
Configuring the static default route 29 Configuring the host name Configure a host name for the Secure Router 4134 to uniquely identify it. Once assigned, the host name becomes the CLI prompt name. ATTENTION Changing the host name later (that is, post commissioning), and committing this change, drops all Telnet and SSH connections. All active console sessions also end.
Commissioning configuration procedures Table 7 Variable definitions Variable Value The IP address and the subnet mask of the destination network. For example, 11.12.13.14/24. Entering the subnet mask is optional. The IP address or interface name of the gateway. For example, 10.11.12.16. Verifying the next-hop connection Use the procedure in this section to verify that the connection from the management interface successfully connects to the next-hop device.
Configuring the time 31 Table 8 Variable definitions Variable Value The current day in relation to the month. Enter a value from 1 to 31. The current month. Enter a value from 1 to 12. The current year. Enter a value from 2000 to 2100.
Commissioning configuration procedures Variable Value The number of hours that your local time is offset from UTC. Enter a value from 0 to 23. For example, if you are in New York, you enter utc - 4. The number of minutes that your local time is offset from UTC. Enter a value from 0 to 59. For example, if you are in New York, you enter utc - 4 0.
Changing the administrator account name 33 password is "setup". Nortel recommends you change the default password as soon as possible to ensure only authorized personnel can access the Secure Router 4134. Procedure steps Step Action 1 To access password configuration mode, enter: password The Secure Router 4134 prompts you for the current user name. 2 Enter the default user name, which is the current user name: admin The Secure Router 4134 prompts you for the old password.
Commissioning configuration procedures Adding users You can identify users (that is, login names) who can access the Secure Router 4134, and assign each user an access privilege (levels 2–4). Only the system administrator (level 1 access) can add, modify, or remove this information from the system.
Removing users 35 Procedure job aid The CLI supports four levels of privilege for users. The following table defines each level. Table 12 CLI user access levels Privilege level Privilege name Definition 1 (highest) PRIVILEGE_ADMIN Admin level can access any command and configure any feature in the router, including user configuration and administration. 2 PRIVILEGE_CONFIGURE Configure level can configure any feature. Cannot add or delete users.
Commissioning configuration procedures Configuring FTP users Procedure steps Step Action 1 To access configuration mode, enter: configure terminal 2 To configure an FTP user, enter a user name: ftp_user 3 At the prompt, enter a password for the FTP user: Please enter new password: 4 At the prompt, re-enter the password: Please re-enter password: If you entered the password correctly, the Secure Router returns a message indicating a successful configuration: pass
Rebooting or resetting the Secure Router 4134 37 Saving a configuration Issue the save command to save the running configuration to a file. You can save the configuration to the local file system, or to a file on the network.
Commissioning configuration procedures reboot 4 When the Secure Router 4134 completes the reboot, save the factory-default settings to the system.cfg file by entering: save local —End— Table 14 Variable definitions Variable Value {system | users} Enter system to remove all information stored in memory, which includes user information, event logs, crash logs, command logs, and boot parameters. Enter users to remove all users and information related to users.
Checking the system for alarms 39 Viewing chassis status Use the procedure in this section to view summary information about the Secure Router 4134 chassis, including its operational status. After you install interface modules, you can use the show chassis command to verify that the Secure Router 4134 recognizes the modules.
Commissioning configuration procedures 2 To view the current alarms for any E1 port on the Secure Router 4134, enter: show module alarms e1 3 To view the current alarms for any CT3 port on the Secure Router 4134, enter: show module alarms ct3 4 To view the current alarms for any serial port on the Secure Router 4134, enter: show module alarms serial 5 To view the current alarms for any HSSI port on the Secure Router 4134, enter: show module alarms hssi
Nortel Secure Router 4134 Commissioning Copyright © 2007 , Nortel Networks All Rights Reserved. Publication: NN47263-302 Document status: Standard Document version: 01.02 Document date: 2 August 2007 To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback This document is protected by copyright laws and international treaties. All information, copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks.