ssh Enables SSH service ssl Configures SSL ssl-vpn SSL-VPN Acceleration configuration mode system Enables system settings system-log-to-file Write system log to file telnet Virtual terminal protocol to the system management IP address tunnel Enables the tunneling protocols, i.e., IPsec, PPTP, L2TP, L2F tunnel-guard Enables to set tunnel guard properties user User configuration mode CLI Keystroke Shortcuts The Nortel VPN Router supports some keystroke shortcuts that can be used while in the CLI. Getting to know and understand these shortcuts can be very useful when navigating and editing within the CLI. Table 5-1 shows a list of these shortcuts and what function each of these provides. Table 5-1: CLI Keystroke Shortcuts COMMAND DESCRIPTION Ctrl+A Moves the cursor to the beginning of the line. Ctrl+B Moves the cursor back one character. Ctrl+C Abort. Ctrl+D Deletes a character. Ctrl+E Moves the cursor to the end of the line. Ctrl+F Moves the cursor ahead one character. Ctrl+H & Deletes the character to the left. Ctrl+I & Completes the command. Ctrl+K Deletes all of the following characters. Ctrl+L Re-displays the line. Ctrl+R Re-displays the line. Ctrl+N Moves to the next history command. Ctrl+P Moves to the previous history command. Ctrl+Q Escape. Ctrl+T Transposes characters. Ctrl+U Deletes the entire line. Ctrl+W Deletes the entire word to the left of the cursor. 196 Chapter 5 08_781274 ch05.qxp 6/21/06 10:04 PM Page 196 Table 5-1: (continued) COMMAND DESCRIPTION Ctrl+X Deletes all of the characters to the left of the cursor. Ctrl+Z Used to exit Global Configuration mode. Up arrow Moves to the previous history command. Down arrow Moves to the next history command. ? Accesses the help utility. Esc+C Converts the character at the cursor to an uppercase character. Esc+U Converts the character at the cursor to an uppercase character. Esc+L Converts the character at the cursor to a lowercase character. Esc+B Moves the cursor back one word. Esc+D Deletes the word to the right of the cursor. Esc+F Moves the cursor forward one word. Web-Based Management The VPN Router browser-based interface (BBI) is very useful, helpful, and easy-to-use. As the name implies, it is a browser-based interface, which requires a browser to connect to the interface and use it. The BBI contains a main menu, with each category breaking down into subcategories. Following are the categories that are available on the main menu screen: ■■ System ■■ Services ■■ Routing ■■ QoS ■■ Profiles ■■ Servers ■■ Admin ■■ Status ■■ Help Most administrators prefer using the BBI over the other management options because of its ease of use. If you are not sure of where the subcategory you need is, you can click quickly through the menu categories to find it. If all Management Options and Overview 197 08_781274 ch05.qxp 6/21/06 10:04 PM Page 197 else fails, the BBI contains a very thorough Help utility that explains what each subcategory does. To access the VPN Router through the BBI, the VPN Router must have an interface and management IP assigned to it. This can be set up through the ser- ial interface. Once configured, you only have to open your BBI and enter the management IP address in the URL field of the browser, as shown in Figure 5-1. If you are accessing a new switch for the first time, you will want to use either the Quick Start option or the Guided Config option, which helps with the configuration of the VPN Router. After you have completed the initial con- figuration of the VPN Router, most of the rest of the time you will be accessing the VPN Router to manage the router. The options you have now are to access it via the Manage Switch option or Manage from a Notebook option. NOTE If you have a slow remote connection, you can help speed up the process of accessing the BBI by selecting the Manage from a Notebook option, which is less graphics-heavy and loads quicker. Once you are successfully connected to the VPN Router, you will be prompted to enter the administrative user ID and password. If authenticated, then you will be granted access to the main interface screen. From this screen, you have four options from which to pick (see Figure 5-2). Each of these options includes a brief description on what that particular option is for. Fol- lowing are the options: ■■ Manage Switch: The main management GUI interface used for the day-to-day management of the VPN Router. ■■ Manage from a Notebook: Similar to the manage switch option, but less graphics-intensive. ■■ Quick Start: Used to quickly configure the VPN Router. ■■ Guided Config: Provides hints to assist in the configuration of the VPN Router. If you have successfully logged onto the GUI you will be directed to the main menu window. The main menu window consists of the menu options that are located on the left side of the window. The main screen section of the window is in the lighted shaded area. Buttons in the upper right enable you to log off and link to the Help screen. Figure 5-3 shows an example of the Manage Switch option main menu screen. Figure 5-1: Accessing the management IP address through a browser-based interface 198 Chapter 5 08_781274 ch05.qxp 6/21/06 10:04 PM Page 198 Figure 5-2: The browser interface introduction screen Figure 5-3: The browser-based interface’s main menu screen The menu options on the left side of the browser window contain the cate- gories that are available to browse. Within these categories are the configura- tion options and viewing options for the entire VPN Router. Management Options and Overview 199 08_781274 ch05.qxp 6/21/06 10:04 PM Page 199 System The System category menu within the BBI provides information and configu- ration options for items such as system identity, the LAN interfaces, the WAN interfaces, routing, certificates, and others. Following are the subcategories that can be accessed through the System category: ■■ Identity ■■ ATM ■■ LAN ■■ WAN ■■ Dial Interface ■■ Circuitless IP ■■ IPX ■■ Date and Time ■■ Certificates ■■ Settings ■■ Forwarding Services The Services category menu within the BBI provides information and configu- ration options for the various services that are configured on the VPN Router. System RADIUS settings, switch services, and tunnel types are all accessed through this menu pick. Following are the subcategories that are accessed through the Services category: ■■ Available ■■ Backup Interface ■■ IPSEC ■■ PPTP ■■ FWUA ■■ L2TP ■■ L2F ■■ RADIUS ■■ Firewall/NAT ■■ SYSLOG ■■ SSLTIS 200 Chapter 5 08_781274 ch05.qxp 6/21/06 10:04 PM Page 200 Routing The Routing category within the BBI provides information and configuration options for the various routing support that is configured on the VPN Router. Protocols such as OSPF, RIP, and VRRP are all accessed through this menu pick. Following are the subcategories that are accessed through the Routing category: ■■ Static Routes ■■ OSPF ■■ RIP ■■ Interfaces ■■ Multicast ■■ VRRP ■■ Configuration ■■ Route Table ■■ Access List ■■ Policy ■■ Client-Addr-DIS ■■ Interface GRP ■■ NAT ■■ Status QoS The QoS menu within the BBI provides information and configuration options for the Quality of Service (QoS) parameters that are configured and/or sup- ported on the VPN Router. All QoS and Bandwidth management services are contained and are accessed through this menu pick. Following are the subcat- egories that are accessed through the QoS category: ■■ Classifiers ■■ Interfaces ■■ Bandwidth Mgmt ■■ Call Admission Profiles The Profiles menu within the BBI provides information and configuration options for the various profiles that can be configured on the VPN Router. The Management Options and Overview 201 08_781274 ch05.qxp 6/21/06 10:04 PM Page 201 user profiles and the group profiles for all remote clients are all accessed through this menu pick. Additionally, information on the tunneling protocols, authentication parameters, and encryption information is also accessed here. Following are the subcategories that are accessed through the Profiles category: ■■ Groups ■■ Users ■■ Filters ■■ Hours ■■ Networks ■■ Domains ■■ Branch Office ■■ Client Policy Servers The Servers menu within the BBI provides information and configuration options for the various servers that are configured on the VPN Router. RADIUS server information, LDAP server information, DHCP server infor- mation, and so on are all accessed through this menu pick. Following are the subcategories that are accessed through the Servers category: ■■ RADIUS Authorization ■■ RADIUS Accounting ■■ LDAP ■■ LDAP Proxy ■■ User IP Address ■■ DHCP Relay ■■ DHCP Admin The Admin menu within the BBI provides information pertaining to the various administrative tasks that are configured on the VPN Router. System backups, recovery disks, and system shutdown are all accessed through this menu pick. Following are the subcategories that are accessed through the Admin category: ■■ Administrator ■■ License Keys 202 Chapter 5 08_781274 ch05.qxp 6/21/06 10:04 PM Page 202 ■■ Auto Backup ■■ Tools ■■ Recovery ■■ Upgrades ■■ Configurations ■■ File System ■■ SNMP ■■ SNMP Traps ■■ Shutdown ■■ Quick Start ■■ Guided Configuration Status The Status menu within the BBI provides information and options for the var- ious system status services that are supported on the VPN Router. Within this category, administrators are able to monitor users, traffic patterns, bandwidth requirements, system information, and system hardware information. Follow- ing are the subcategories that are accessed through the Status category: ■■ Sessions ■■ Reports ■■ System ■■ Health Check ■■ Statistics ■■ Accounting ■■ Security LOG ■■ Configuration LOG ■■ System LOG ■■ Event LOG Help The Help menu within the BBI provides information that can assist adminis- trators in configuring and maintaining the VPN Router. This is a handy tool that describes everything pertaining to the VPN Router. A description of all Management Options and Overview 203 08_781274 ch05.qxp 6/21/06 10:04 PM Page 203 BBI categories is contained within the Help category. Following are the sub- categories that are accessed through the Help category: ■■ Help Contents ■■ Support ■■ About VPN Router Administrator To access and manage the Nortel VPN Router, an individual must be assigned administrator rights. There can be more than one administrator, as long as the user has been given the rights to administer the VPN Router. Administration rights can be assigned to an individual through the BBI by going to the following directory: PROFILES → USERS → EDIT. Various admin levels can be assigned to the users that have been given administrative rights. Figure 5-4 shows an example of setting the admin levels on the VPN Router. Following are the admin levels: ■■ None: This value will be assigned to most users. Users given this value for administrative rights do not have rights to manage the VPN Router, nor do they have rights to manage the users of the VPN Router. ■■ Manage: Users given this value for administrative rights have access to view and configure all functions within the VPN Router. This is the highest privilege level that can be assigned to an administrator. ■■ View: Users given this value for administrative rights have access to view all functions within the VPN Router, but do not have the authority to make any changes. Figure 5-4: Setting the administrative rights 204 Chapter 5 08_781274 ch05.qxp 6/21/06 10:04 PM Page 204 File Management You can access the system file directory to find out information on specific files and directories contained on the hard drives on your VPN Router. Through the BBI you can access this information by going to the following directory: ADMIN → FILE SYSTEM. The information contained on this page (see Figure 5-5) shows all drives that are associated with your VPN Router, as well as the files and directories that are stored on those drives. Accessing the file system through the BBI is an excellent way to maintain and manage your file system. It is an easy way to view the files on your drives and to delete any files that are no longer used or are not wanted. If you are experiencing file-retrieval problems, accessing the file system is an easy way for you to begin troubleshooting to see what may be wrong with the file system. You can obtain information such as filename, file size, and the last date modified. All of this information can be beneficial when working with the file system. Figure 5-5: Accessing the file system from the browser-based interface Management Options and Overview 205 08_781274 ch05.qxp 6/21/06 10:04 PM Page 205 [...]... the capability to manage bandwidth to assist in allocating and adjusting bandwidth levels, to provide additional bandwidth for users who require the additional bandwidth, and to reserve bandwidth for those who require less Configuring Bandwidth Management Before bandwidth management can be configured on the Nortel VPN Router, an advanced routing license key is required The advanced routing license... detailed and can be imported into a database or a spreadsheet for tracking and monitoring purposes Information that is gathered is stored on the hard drive of the VPN Router In addition to the accounting log, the VPN Router also stores a backup copy of the RADIUS accounting record and also stores information pertaining to system data (known as the Data Collection Task) Other VPN Router Tools The VPN Router... are stored in the LDAP: ■■ Network user information ■■ File information ■■ Shared printer information ■■ Server information ■■ Shared application information The directory service allows network administrators to organize and manage network resources without users having to be concerned with the network topology and structure The directory service is an interface to the directory where the information... is why it is important to understand the VPN Router and how to manage it effectively This chapter reviewed the Nortel VPN Router and the tools that are available to monitor and manage it effectively An overview of these tools was provided, as well as an introduction to the interface options that are available You should now have a firm understanding of the VPN Router interface and the management functions... through the VPN Router Bandwidth can be managed on all interfaces, as well as the system CPU to ensure reliable bandwidth resources for end-user support Bandwidth management can be configured and maintained on all types of VPN Router tunnels Utilizing tools that are available within the Nortel VPN Router, a network manager can monitor traffic interfaces and CPU utilization to set up and maintain bandwidth... Bandwidth management is used to ensure that there is enough bandwidth to support the network data traffic If there is not enough bandwidth, it is necessary to manage the traffic patterns in a way to ensure that all critical data transfers are reliably delivered to their destinations The Nortel VPN Router supports bandwidth management, which allows administrators to monitor and adjust bandwidth resources on... network One of the things that can be done to try to alleviate this problem is to force the VPN Router to relearn the devices and the paths to get to them Clearing the ARP table is an easy way to force the VPN Router to relearn these paths Within the system tools page of the BBI, you have three ARP options You can delete an entry from the ARP table, show the ARP table, and clear the ARP table Figure 5-16... RADIUS accounting ensures that the VPN Router will not process pending radius updates during the upgrade process Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP) is a client/server protocol that is used for accessing information that is stored within a directory service A directory service stores and organizes information about a network and the resources available within... interface by going to the following directory: STATUS → SECURITY LOG The Security log keeps a record of all activity pertaining to system security All security events are retained within the security log This includes information about user and VPN Router security (both failed attempts and successful attempts) Following is an example of the Security log: *00:09:27 tEvtLgMgr 0 : Security [13] c_check_ca_root:... supports standard data networking tools to assist in monitoring the VPN Router to ensure normal operating status of the router These tools are supported both through the CLI and through the BBI This section introduces these tools and provides examples of them performed through the BBI Trace Route Trace Route is a networking tool that allows a testing device to determine the path that is taken to get from . Options and Overview 205 08_7812 74 ch05.qxp 6/21/06 10: 04 PM Page 205 Checking the Current Status of Your VPN Router The Nortel VPN Router contains tools to assist in monitoring, maintaining, and. 5 08_7812 74 ch05.qxp 6/21/06 10: 04 PM Page 2 04 File Management You can access the system file directory to find out information on specific files and directories contained on the hard drives on your VPN. 5 08_7812 74 ch05.qxp 6/21/06 10: 04 PM Page 200 Routing The Routing category within the BBI provides information and configuration options for the various routing support that is configured on the VPN