Panasonic 5500 Switch manual

Summary of contents each page of manual

Page 1

Identity Engines Ignition Server Ethernet Routing Switc h 8600 8300 1600 5500 5600 4500 2500 Engineering > Switch User Authentication using Identity Engines Ignition Server Technical Configuration Guide Enterprise Networking Solutions Document Date: October 2009 Document Number: NN48500-589 Document Version: 1.
Page 2

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 1 Nortel is a recognized lea der in delivering co mmunications cap abilities that enhance the human experience, ignite and po wer global commerce, an d se cure and prote ct the world’s most critical information.
Page 3

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 Abstract Revision Control No Date Version Revised by Remarks 1 10/09/2009 1.
Page 4

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 1.1 RADIUS S UPPORT ON N ORTEL S WITCHES ..........................................................................
Page 5

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 Conventions This section describe s the text, image, and comma nd conventions used in this document. Symbols: Tip – Highlights a configura tion or technical tip.
Page 6

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 5 1. Overview: RADIUS User Authentication using Identify Engines This document provides the frame work for implem enting user Authenticati on, Authorization, and Accounting for Nortel switches.
Page 7

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 1.3 User Authentication using ERS5600, ERS5500, ERS4500, or ERS2500 The ERS5600, ERS5500, ERS4500, an d ERS250 0 each support two different user a ccess levels which are read-only or read-write.
Page 8

2. ERS8600 Switch Configuration Example For this configuration example, we will enable RADIUS user authenticatio n on ERS8600-1 using the out-of-band managem ent port.
Page 9

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 2.1 Part 1: Basic AAA Configuation 2.1.1 ERS8600 Configuration Assuming we are usi ng the out-of-band management port.
Page 10

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 2.1.2 ERS 8600 Switch: Verify Operations 2.
Page 11

2.1.3 IDE Setup 2.1.3.1 Configure an Outbound Attribute on Ignition Serv er for VLAN The following chart display s the outbound attr ibute values required by the ERS8600 for each access level for RADIUS vendo r identifier 1584 (Bay Networks) attribute type 192.
Page 12

IDE Step 2 – Go to IDE Step 3 – Via the window, type in a name for the attri bute to be used for access priority (i.e. ERS8600-Access-Priori ty as used in this example), click the radio button, select via and via .
Page 13

IDE Step 4 – Go to IDE Step 5 – Using the Outbound Attribute create d in Step 3, we will first add an attribute value of 1 for read-only-acc ess. Start by entering a name v ia the window (i.
Page 14

IDE Step 6 – Select the Outbound Attributes na me created in Step 3 (i.e. ERS8600-Access- Priority as used in this example ) via the pull down menu. In the window, enter 1 (i.
Page 15

IDE Step 7 – Go to again to create the outboun d attribute for rea d-write -access. Using the Outbound Attribute c reated in Step 3, we will add an attribute v alue of 5 for read- write-access.
Page 16

IDE Step 8 –Select the Outbound Attributes name created in Step 3 (i.e. ERS8600-Access- Priority as used in this example ) via the pull down menu. In the windo w , enter 5 (i.
Page 17

IDE Step 9 – Go to again to create the outbound a ttribute for read- write-all-access. Usi ng the Outbound Attribute created in Step 3, we will add an attribute value of 6 for read- write-all-access.
Page 18

IDE Step 10 –Select the Outbound Attributes nam e created in Step 3 (i.e. E RS8600-Access- Priority as used in this example ) via the pull down menu. In the windo w , enter 6 (i.e. value of 6 signifies r ead-write-all- access). Click on twice when done.
Page 19

2.1.3.2 Add Users For this configuration example, we will add the following users. User Name Access Level 8600ro Read-Only-A ccess 8600rw Read-Write-A ccess 8600rwa Read-Write-A ll-Access IDE Step 1 �.
Page 20

IDE Step 2 – Enter the user name for read-only -access via (i.e. 8600ro as used in this example) and e nter the pass word for this user via and . Click on when done.
Page 21

IDE Step 3 – Repeat s tep 2 again by clicking on Ne w to add the read-write-acc ess user. Enter the user name for read- write-access via (i.e. 8600r w as used in this example) and enter the pass word for this user via and .
Page 22

IDE Step 4 – Repeat step 2 for the final time by clicking on New to add the read -write-all- access user. Enter the user name fo r read-write-a ll-access via (i.e. 8600rwa as used in this example) and enter the pass word for this user via and . Click on when done.
Page 23

2.1.3.3 Add an Access Policy IDE Step 1 – Go to Right-click R and select . Enter a policy name (i.e. ERS8600-Access as used in this example) and click on when do ne __________ ___________ __________.
Page 24

IDE Step 2 – Click on the policy w e just created, i.e. ERS8600-Access, and click on via the tab __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____.
Page 25

IDE Step 3 – Under w indow, select __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 4.
Page 26

IDE Step 4 – Go to the and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 5.
Page 27

IDE Step 5 – Check off the and click on when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 6.
Page 28

IDE Step 6 – Go to the tab and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 7.
Page 29

IDE Step 7 – Once the windo w pops up, click on First, we will add a rule for read-o nly-access. When the window pops up , w e w ill na me t he rule as shown below __________ ___________ ___________.
Page 30

IDE Step 8 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 9.
Page 31

IDE Step 9 – For this example, we are simply going to look for the read -only-user user-i d. From , select and scroll do wn and select . Select wi t h of and enter the read-only -access user id, i.e. 8600ro as us ed in this example, in the window as shown belo w.
Page 32

IDE Step 10 – Via , select . From the window , select the output attribute we created previously named and click on the less-than arro w key to move the attribute to t he w indow __________ ________.
Page 33

IDE Step 11 – Next, we will add a rule for read-write-access. Start by clicking on and whe n t he windo w pops up, add an appropriate nam e for this rule, i.
Page 34

IDE Step 12 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 3.
Page 35

IDE Step 13 – For this example, w e are simply going to look for the read- write-access u ser- id. From , select and scroll do wn and select . Select wi t h of and enter the read -only-access us er id, i.e. as used in this example, in the window as shown belo w.
Page 36

IDE Step 14 – Via , select . From the windo w, select the output attribute we created previously named and click on the less-than arr ow key to move the attribute to t he w indow __________ ________.
Page 37

IDE Step 15 – Finally, we w i ll add a rule for read-write-all-acc ess. Start by clicking on and when the windo w pops up, add an appropriate name for this rule, i.
Page 38

IDE Step 16 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 7.
Page 39

IDE Step 17 – For this example, we are simply going to look for the read- write-all-access user-id. From , select and scroll down and select . Select wi t h of and enter the rea d-only-access user id, i.e. as used in this example, in the windo w as shown belo w.
Page 40

IDE Step 18 – Via , select . From the windo w, select the output attribute we created above na med and click on the less-than arrow key to move the attribute to the wi n d o w __________ ___________.
Page 41

IDE Step 19 – When completed, y ou can view the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ___________.
Page 42

2.1.3.4 Add the Nortel ERS8600-1 s witch as an RADIUS Authenticator For Ignition Server to process t he No rtel switch RADIUS re quests, each switch must be ad ded as an Authenticator.
Page 43

IDE Step 2 – Go to -> -> and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 2.
Page 44

IDE Step 3 – Enter the settings as shown below making sure y ou select the policy we created previously named via . Leave and checked. Click on when done .
Page 45

2.1.4 Verification 2.1.4.1 Verify User Authentication You can test user authentication for the ERS8600 users configu red on IDE by entering the user name and password. Step 1 – Via Ignition Dashbo ard, select the IP address of the Ignition Server, click on the tab, go to and select the tab.
Page 46

Via Dashboard, verify the following information: Option Verify Results If successful, should be displayed 2.1.4.2 Verify user authentication from ERS s witch You can view the authentication detail s via Igni tion Dashboard which prov ides extensive de tails about the device or user.
Page 47

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 6.
Page 48

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 7 At minimum, verify the following items: Option Verify Authentication Result If successful, should be displayed.
Page 49

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 8 2.2 Part 2: ERS8600 Configuration with Specific Commands Disab.
Page 50

2.2.2 IDE Setup 2.2.2.1 Configure Outbound attributes to de ny ERS8600 CLI commands Using the same base configuratio n from the previous step, we will simple add the CLI commands we wish to deny to the read-write user. In this example, this will apply only to the user .
Page 51

IDE Step 3 – Via the window, type in a name for the attri bute to be used to restrict CLI commands (i.e. 8600-Command -Access as used in this ex ample), click the radio button, select via and via . Click on w hen done IDE Step 4 – Go to one more time Via the w indo w, type in a name for the attribute to be used to list the CLI commands (i.
Page 52

IDE Step 5 – Go to IDE Step 6 – Using the Outbound Attribute crea ted in Step 3, we will add a value of 0 to restrict CLI command acces s. Start by entering a nam e via the window (i.
Page 53

IDE Step 7 – Select the Outbound Attributes name crea ted in Step 3 (i.e. ERS8600- Command-Access as used in this e xample) via the pull down menu. In the window, enter 0 (i.e. value of 0 signifies CLI command restriction). Click on twice when done.
Page 54

IDE Step 8 – Go to again to create the outbound attribute for de ny access to the CLI co mmand ‘config qos’. Using the Outbound Attribute created in Step 4, we will add a string value of “config qos”. Start by entering a name via the w indo w (i.
Page 55

IDE Step 9 – Select the Outbound Attributes name crea ted in Step 4 (i.e. ERS8600- Command-List as use d in this example) v ia the pull down menu. In the wi nd o w, e n t e r (i.e. this is the CLI command we wish to restrict). Click on twice w hen done.
Page 56

IDE Step 10 – Go to again to create the outbound attribute for de ny access to the CLI comm and ‘config filter’. Using the Outbound Attribute created in Step 4, we will add a string value of “config filter”. Start by entering a name via the w indo w (i.
Page 57

IDE Step 11 – Select th e Outbound Attributes name created in Step 4 (i.e. ERS8600- Command-List as use d in this example) v ia the pull down menu. In the wi n d o w, e nt er (i.e. this is the CLI command we wish to restrict). Click on twice w hen done.
Page 58

2.2.2.2 Modify the Authorization Policy for the ERS860 0 read-write user IDE Step 1 – Click on the policy created from the prev ious example, i.e. ERS8600-Access, click on the tab, select the via th.
Page 59

IDE Step 2 – Make sure the read- write-access rule is selected and move all three RADIUS attribute values we just created from the prev ious step from the windo w to the w indow __________ _________.
Page 60

IDE Step 3 – When compl eted, you can vie w the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ___________.
Page 61

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 0 2.2.3 Verification Connect to ERS8600 by using telnet with the read-write user accou nt.
Page 62

3. ERS5600 Switch Configuration Example For this configuration exa mple, we will enable RADIUS user authenticatio n on ERS500-1 using the switch management po rt.
Page 63

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 2 3.1 ERS5600 Configuration 3.1.1 Enable RADIUS Up to two RADIUS servers are supported on the ERS 5600, 55 00, 4500, or 2500 seri es switches.
Page 64

3.2 IDE Setup 3.2.1 Configure an Outbound Attribute on Ignition Server for Service-Type The following chart display s the outbound attr ibute values required by the ERS5600, ERS5500, ERS4500, or ERS2500 for each access level usin g RADIUS attribute type 6 (Service-Typ e).
Page 65

IDE Step 2 – Via the window, type in a name for the attri bute to be used for access priority (i.e. Service-type-ERS as used in this example), click the radio button and select .
Page 66

IDE Step 5 – Using the Outbound Attribute created in Step 2, we will first add a value of 7 (NAS Prompt) for read -only-access. Start by entering a name via the w indo w (i.
Page 67

IDE Step 6 – Select the Outbo und Attributes name crea ted in Step 3 (i.e. Service-ty pe-ERS as used in this example) v ia the pull down menu. In the windo w , enter 7 (i.e. value of 7 signifies NAS Pr ompt for read-only - access). Click on twice when done.
Page 68

IDE Step 7 – Go to again to create the outboun d attribute for rea d-write -access. Using the Outbound Attribute c reated in Step 2, we will add a value of 6 for read- write-access.
Page 69

IDE Step 8 –Select the Outboun d Attributes name created in Step 2 (i.e. Service-ty pe-ERS as used in this example) v ia the pull down menu. In the window, enter 6 (i.e. v alue of 6 signifies Administrativ e for read- write-access). Click on twice when done.
Page 70

3.2.2 Add Users For this configuration exa mple, we will add the following users User Name Access Level 5600ro Read-Only-A ccess 5600rwa Read-Write-A ll-Access IDE Step 1 – Star t by going to and cl.
Page 71

IDE Step 2 – Enter the user name for read-only -access via (i.e. 5600ro as used in this example) and e nter the pass word for this user via and . Click on when done.
Page 72

IDE Step 3 – Repeat s tep 2 again by clicking on Ne w to add the read-write-acc ess user. Enter the user name for read- write-access via (i.e. 5600r w as used in this example) and enter the pass word for this user via and .
Page 73

3.2.3 Add Access Policy IDE Step 1 – Go to Right-click R and select . Enter a policy name, i.e. ERS-access as used in this example and click on when done __________ ___________ ____________ ________.
Page 74

IDE Step 2 – Click on the policy w e just created, i.e. ERS-access, and click on via the tab __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ________.
Page 75

IDE Step 3 – Under w indow, select __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 4.
Page 76

IDE Step 4 – Go to the and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 5.
Page 77

IDE Step 5 – Check off the and click on when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 6.
Page 78

IDE Step 6 – Go to the tab and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 7.
Page 79

IDE Step 7 – Once the windo w pops up, click on First, we will add a rule for read-only . When the window pops up, we will name the rule as shown below __________ ___________ ____________ __________.
Page 80

IDE Step 8 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 9.
Page 81

IDE Step 8 – For this example, we are simply going to look for the read -only-user user-i d. From , select and scroll do wn and select . Select wi t h of and enter the read-only -access user id, i.e. 5600ro as us ed in this example, in the window as shown belo w.
Page 82

IDE Step 9 – Via , select . From the window, select the output attribute we created above named and click on the less-than arrow key to move the attribute to the wi n d o w __________ ___________ __.
Page 83

IDE Step 10 – Next, we will add a rule for read-write-access. Start by clicking on and when t he windo w pops up, add an appropriate nam e for this rule, i.
Page 84

IDE Step 11 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 3.
Page 85

IDE Step 12 – For this example, we are simply going to look for th e read-write user-id. From , select and scroll do wn and select . Select wi t h of and enter the read-write user id, i.e. 5600r wa as used in this ex ample, in the window as shown below.
Page 86

IDE Step 13 – Via , select . From the window , select the output attribute we created above na med and click on the less-than arro w key to move the attribute to the wi n d o w __________ __________.
Page 87

IDE Step 18 – When completed, y ou can view the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ___________.
Page 88

3.2.4 Add the Nortel ERS5600-1 switch as an RADIUS Authenticator For Ignition Server to process t he No rtel switch RADIUS re quests, each switch must be ad ded as an Authenticator. IDE Step 1 – Go to -> For example, we will create ne w container named by right clicking and selecting .
Page 89

IDE Step 2 – Go to -> -> and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 8.
Page 90

IDE Step 3 – Enter the settings as shown below making sure y ou select the policy we created abov e named via . Leave and checked. Click on when done.
Page 91

3.3 Verification 3.3.1 Verify User Authentication You can test user authentication for the ERS5600 users configu red on IDE by entering the user name and password. Step 1 – Via Ignition Dashbo ard, select the IP address of the Ignition Server, click on the tab, go to and select the tab.
Page 92

3.3.2 Verify user authentic ation from ERS switch You can view the authentication detail s via Igni tion Dashboard which prov ides extensive de tails about the device or user. Step 1 – In Dashboard, select the IP address of the Ignition S erver and click on the tab, go to a nd select the tab.
Page 93

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 2.
Page 94

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 3 At minimum, verify the following items: Option Verify Authentication Result If successful, should be displayed.
Page 95

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 4 4. Software Baseline Product Minimum Software Level Identity Engines 6.0 . 5. Reference Documentation Document Title Publication Number Description Identity Engines Ignition Server, Release 6.
Page 96

__________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 5 Contact us If you purchased a service contract for your Nort el product from a di stributor or authorized reseller, contact the techni cal supp ort staff fo r that distributor or reseller for assistance.

Read the Panasonic 5500 manual - avoid problems

An important point after buying a device Panasonic 5500 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:

to know how to properly use the device
to know how to perform maintenance/ periodic checks of correct operation of the product Panasonic 5500
to know what to do in case of failure Panasonic 5500

If you have not bought Panasonic 5500 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Panasonic 5500 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Panasonic 5500 you will learn all the available features of the product, as well as information on its operation. The information that you get Panasonic 5500 will certainly help you make a decision on the purchase.

If you already are a holder of Panasonic 5500, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Panasonic 5500.

However, one of the most important roles played by the user manual is to help in solving problems with Panasonic 5500. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Panasonic 5500 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center

Panasonic 5500 manual

Share URL

Similar manuals

Share URL

Similar manuals

Summary of contents each page of manual

Page 1

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9

Page 10

Page 11

Page 12

Page 13

Page 14

Page 15

Page 16

Page 17

Page 18

Page 19

Page 20

Page 21

Page 22

Page 23

Page 24

Page 25

Page 26

Page 27

Page 28

Page 29

Page 30

Page 31

Page 32

Page 33

Page 34

Page 35

Page 36

Page 37

Page 38

Page 39

Page 40

Page 41

Page 42

Page 43

Page 44

Page 45

Page 46

Page 47

Page 48

Page 49

Page 50

Page 51

Page 52

Page 53

Page 54

Page 55

Page 56

Page 57

Page 58

Page 59

Page 60

Page 61

Page 62

Page 63

Page 64

Page 65

Page 66

Page 67

Page 68

Page 69

Page 70

Page 71

Page 72

Page 73

Page 74