Professional Documents
Culture Documents
322007-A
March 2006
4655 Great America Parkway
Santa Clara, CA 95054
Trademarks
*Nortel, Nortel Networks, the Nortel logo, the Globemark, Unified Networks, and BayStack are trademarks of Nortel Networks.
Adobe and Adobe Reader are trademarks of Adobe Systems Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
The asterisk after a name denotes a trademarked item.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to
the products described in this document without notice.
Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described
herein.
Portions of the code in this software product may be Copyright 1988, Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this
paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution
and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the
University may not be used to endorse or promote products derived from such portions of the software without specific prior written
permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use
and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).
furnished for use with designated hardware or Customer furnished equipment (CFE), Customer is granted a nonexclusive license to use
Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential
information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or
disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement.
Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse
compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d)
sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon
termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly
return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to
determine Customers Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks
to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third
party software.
2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided
AS IS without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS)
FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel
Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties,
and, in such event, the above exclusions may not apply.
3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR
ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO,
CUSTOMERS RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR
CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE
(INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS
OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer
and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow
these limitations or exclusions and, in such event, they may not apply.
4.
General
a.
If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under
this License Agreement is commercial computer software and commercial computer software documentation and, in the event
Software is licensed for or on behalf of the United States Government, the respective rights to the software and software
documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48
C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b.
Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the
terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel
Networks or certify its destruction.
c.
Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customers use of the
Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.
d.
Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e.
The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel
Networks.
f.
This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is
acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
www.nortel.com/support
This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. More specifically, the
site enables you to:
sign up for automatic notification of new software and documentation for Nortel equipment
open and manage technical support cases
www.nortel.com/callus
www.nortel.com/erc
TABLE OF CONTENTS
CONFIGURATION
LAN ................................................................................................................................................... 14
WAN .................................................................................................................................................. 15
T1/T3.................................................................................................................................................. 16
Serial .................................................................................................................................................. 18
PPPoE................................................................................................................................................. 19
Routing............................................................................................................................................... 20
Security .............................................................................................................................................. 21
Setting Up Zones............................................................................................................................ 21
Configuring VPNs.......................................................................................................................... 21
Remote Access ............................................................................................................................... 22
Configuring Security Objects......................................................................................................... 22
Schedules ................................................................................................................................... 22
Application Filters...................................................................................................................... 22
Configuring Firewalls .................................................................................................................... 24
ADMINISTRATION
Administration.................................................................................................................................... 26
User Administration ....................................................................................................................... 26
Boot Administration ....................................................................................................................... 27
Save/Reboot ................................................................................................................................... 28
Host name....................................................................................................................................... 28
Date ................................................................................................................................................ 28
Licenses .......................................................................................................................................... 29
Services Administration ................................................................................................................. 29
Ping................................................................................................................................................. 30
File System Administration............................................................................................................ 30
FIGURES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
TABLES
1
2
Organization
The following tables describe the content and organization of this guide.
Table 1 Guide Organization: Chapters
Chapter
Description
About This Guidedefines the user audience, and describes the organization of this guide, use
of special notices, and other Nortel user guides.
Starting the WebUIdescribes how to access the WebUI and log onto the router. It also
describes the opening screen.
Configurationdescribes the configuration options for the SR1001. This chapter is targeted at
those network administrators who are familiar with the Nortel CLI and routers.
Administrationdescribes basic administrative tasks that can be performed with the WebUI.
Conventions
This guide uses the following typographical conventions:
Description
boldface font
Used for commands that you enter, words that you type, or keyboard keys that you press.
2 CHAPTER 1
Conventions
Notices
Notice paragraphs alert you about issues that require your attention. The following paragraphs describe the
types of notices used in this guide.
NOTE: Notes provide tips and useful information regarding the installation and operation of SR1001s.
ESD: ESD notices provide information about how to avoid discharge of static electricity and subsequent
damage to SR1001s.
CAUTION: Caution notices provide information about how to avoid possible service disruption or
damage to SR1001s.
WARNING: Warning notices provide information about how to avoid personal injury when working
with SR1001s.
Documentation
Nortel user guides, which are provided in portable document format (PDF), are included on the
Nortel Secure Router Documentation CD-ROM that ships with the Models 1001, 1001S, 1002, and
1004 router. The PDF files are also available on the Nortel website: www.nortel.com
To view PDF files, Adobe Acrobat Reader 4.0, or newer, must be installed on your workstation.
If you do not have the Adobe Acrobat Reader installed on your system, you can obtain it free from
the Adobe website: www.adobe.com.
Navigation
Upon inserting the Nortel Secure Router Documentation CD into your CD-ROM drive. Click a link
to open a pdf version of the target document. If you do not have Adobe Acrobat (version 4.0, or later)
or Acrobat Reader installed on your PC, click the Adobe button on the navigation screen to go to the
Adobe website, where you can download a free copy of the Acrobat Reader application.
If a browser session is not opened, click Start\Run, enter the drive letter of your CD-ROM drive in
the Open entry box, and click OK.
Printing Documents
To print any pdf document on the CD, follow this procedure.
1 Open the desired document by clicking the document link in the CD navigation window.
2 Click the Printer icon on the Adobe Acrobat tool bar.
3 In the Windows Print dialog box, select a local default printer in the Printers drop down
selection box.
4 Click OK.
Release Notes
Printed release notes provide the latest information. If release notes are provided with your
product, follow these instructions in addition to those provided in other documentation.
This guide is a condensed version of the SR1001 Installation Guide and is intended for installers
and network administrators familiar with the SR1001.
4 CHAPTER 1
Documentation
This guide is designed to assist users with the initial installation and deployment of the SR1001.
The guide provides a brief overview of the installation and initial configuration processes.
This detailed guide provides a complete description of all Nortel command line interface (CLI)
commands for T1 and E1 circuits.
This guide provides descriptions of commands available for Nortel implementation of BGP,
OSPF, RIP, and other routing protocols.
Overview
The Web Graphical User Interface (GUI, or WebUI) allows web-based security and basic router
configuration. The traditional command line interface (CLI) is still available (as discussed in your router
Installation Guide).
To open the web user interface, you must have:
If you are configuring this router for the first time, you must assign the IP address and other basic
configuration values through the CLI as described in the SR1001 Installation Guide.
NOTE: Before you try to connect to your router, make sure you can ping its IP address. If you
are not able to ping the router, you will not be able to connect to the WebUI.
The Welcome screen appears as shown in Figure 1. Basic information about the WebUI is available
on the screen.
6 CHAPTER 2
Overview
Enter the user name and password (as configured through the CLI) and click Login.
NOTE: Users cannot log in using the WebUI (or Telnet) if the password has not already been
configured. Use the configure password command from the CLI to set the password.
The main screen displays as shown in Figure 2.
The Status screen shows the basic information about your router as well as the status of your LAN
interfaces, WAN bundle status, firewall, and VPN activity.
NOTE: For the best screen viewing, Nortel recommends setting the screen resolution to
1024x768.
Main Tabs
The four main tabs allow you to access Status, Guided Setup, Configuration, and Administration from
every page. Choose Guided Setup which is a wizard-like configuration tool to help you set up VPN,
Firewall, and basic routing specifications. Use this tab if you are new to SR1001s, or if you do not have
expert-level experience configuring advanced networking options.
Or you can choose Configuration which allows you to create the basic configuration manually, and add
more complex configuration specifications.
If you create your basic router configuration using the Guided Setup tab, you can always use the
Configuration tab to make modifications.
Use the Administration tab to set up your router.
Common Functions
On all the interface screens, you will be able to click Help. Help > User Manual provides you with
additional information on a field or the location of a setting. Help > Support Information provides
contact information for getting support with your Nortel products. Help > Technical Support displays
and saves information about your router which is useful to technical support personnel. You will be
prompted to save this information in Flash or on a local PC. You can then send this data to Nortel
Technical Support for further analysis.
8 CHAPTER 2
Overview
Click Alarms to configure the slot (for example, the serial module) on which to capture alarms and to set
the refresh interval. Click Events Log to see any logs which have been recorded.
You can also click Telnet to convert your HTTP or HTTP browser-based connection to a Telnet session.
When you want to leave the WebUI, click Logout.
Common Elements
Every page displays the navigation bar which provides the current position and path and are like bread
crumbs that allow you to get back to where you started as needed.
Click titles to see more detailed status information.
You will see model information in the upper left hand portion of each screen. For example, in Figure 2 the
installed modules are 1 BRI and 1 T1.
3
THE GUIDED SETUP
CONFIGURATION WIZARD
The Guided Setup tab helps you create a basic but powerful and secure configuration for your
router. This is a practical approach to take if you are not experienced in router configurations.
The Guided Setup page is shown in Figure 3.
Notice that tips and hints are included on the lower left portion of the screen.
NOTE: You must make your VPN and Firewall selections here, BEFORE you start to create
your Virtual Private Network (VPN) Setup on page 11 or Firewall Setup on page 12.
10 CHAPTER 3
Basic Setup
To start configuring your router, select the Guide you want and click Apply Settings. In this
case, the Basic Setup LAN configuration/Bundle creation/Default gateway radio button is
selected and the Basic Settings screen displays as shown in Figure 4.
Basic Setup
The basic setup screen divides configuration flow into three steps.
Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen to the saved settings. Click Cancel to return to the previous screen without saving any
changes. When you are finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.
11
Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen. Click Cancel to return to the previous screen without saving any changes. When you are
finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.
12 CHAPTER 3
Firewall Setup
Firewall Setup
After you have configured your VPN configuration, click Zone Setup in the Firewall Setup
section of the Guided Setup screen. Zone Setup allows you to set the environment for your
Ethernet and WAN bundle interfaces.
NOTE: If you configured Zone Setup in the VPN setup section, you do not need to repeat zone
setup here. The values you set in the VPN setup section apply here as well.
To configure your firewall, (after selecting firewall policy on Figure 3) in the Firewall section
of the Guided Setup screen, click either Create Inbound Firewall Policy or Create Outbound
Firewall Policy radio button. Then click Apply Settings. The VPN Setup screen displays as
shown in Figure 6 (which shows an Inbound Firewall Policy screen.
Fill in the fields starting with Step 1. If you make a mistake, click Reset Settings to reset the
screen. Click Cancel to return to the previous screen without saving any changes. When you are
finished, click Apply Settings.
If you need help on a particular field, click Help. Refer to the diagram on the left panel of the
screen for a visual explanation of what each step accomplishes.
13
CONFIGURATION
This chapter describes how to configure the router and users, and change the factory default
configuration.
The Configuration tab is designed for experienced network administrators. All other users should refer to
the Guided Setup tab (see The Guided Setup Configuration Wizard).
To begin manually configuring or modifying your router configuration, click the Configuration tab to
display the main configuration screen shown in Figure 7.
While this tab has no wizard properties it is laid out in a logical, top to bottom order starting with LAN,
WAN, Routing, Security, and finishing with Administration configurations. Each of these sections is
discussed below. Explanations appear on screen for each section and online help is available (click Help).
14 CHAPTER 4
Configuration
LAN
LAN
To see or modify LAN interface settings, click the link for LAN under the Categories section on the left
panel of the screen. The interface settings display as shown in Figure 8.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
15
WAN
To see or modify existing WAN bundle or WAN interface settings, expand the link for WAN under the
Categories section on the left panel of the screen. The bundle interface settings display as shown in
Figure 9.
To create a new bundle, click New to display the Bundle screen. To delete a bundle, click the Delete box
for that bundle.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
To display details about a bundle, click it to display the setting details as shown in Figure 10.
16 CHAPTER 4
Configuration
T1/T3
T1/T3
To see existing T1 or T3 bundle interface settings, expand the link for WAN under the Categories section
on the left panel of the screen. The T1 interface settings display as shown in Figure 9.
Figure 11 T1 Interfaces
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.
Figure 12 T1 Settings
Figure 13 T3 Interfaces
17
Figure 14 T3 Details
The T3 interface details display. You can edit the configuration and click Apply Settings or reset it to
default by clicking Reset Settings.
18 CHAPTER 4
Configuration
Serial
Serial
To see existing serial bundle interface settings, expand the link for WAN under the Categories section on
the left panel of the screen. The Serial interface settings display as shown in Figure 15.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.
19
PPPoE
To see existing PPPoE bundle interface settings, expand the link for WAN under the Categories section on
the left panel of the screen. The Serial interface settings display as shown in Figure 18.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
To display details of a particular interface, click the appropriate entry.
20 CHAPTER 4
Configuration
Routing
Routing
To see or modify route settings, expand the link for Routing under the Categories section on the left panel
of the screen. The route settings display as shown in Figure 20.
To create a new route, click New to display the Routing screen. To delete a route, click the Delete box for
that route. To see route details, click the routing entry.
NOTE: In this release, only Static routing is supported from the WebUI. To configure dynamic
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
21
Security
The security categories allow you to set zones, VPN, Security objects, and Firewall values.
Setting Up Zones
A security zone is a configuration that allows administrators to create unique rules for each zone. These
rules determine how one zone communicates with another, but these rules have no effect on traffic within
a zone.
Each zone can be created to perform specific tasks, and administrators can assign the resources and
privileges to allow these tasks to be performed.
Configuring VPNs
To configure a VPN, expand the Security category, then expand the VPN selection. You can configure
site-to-site and remote access policies. For example, Figure 22 shows the IKE policy configuration
window. Within each area, you can view the policies in place. You can edit a policy by selecting the policy
name. You can create a new policy by clicking New.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
22 CHAPTER 4
Configuration
Security
Remote Access
To allow access to remote users, select Security and expand VPN, then select Remote Access.
Schedules
Schedules are used to control when a zone will be able to perform a task. For example, administrators can
set a schedule as to when the firewall security zone is active. To configure schedules, expand Security
Objects. Select New to create a schedule.
Application Filters
To create HTTP, SMTP, or FTP filters, expand Application Filters. Select the appropriate filter type.
Figure 25 shows an example of HTTP filters.
23
24 CHAPTER 4
Configuration
Security
Configuring Firewalls
To configure firewall policies, expand the Security category, then expand the Firewall selection. You can
configure firewall policies for outbound and inbound traffic. Figure 26 shows outbound policy window.
To create a new firewall policy, click New to display the Firewall screen. To delete a route, click the
Delete box for that route.
Click a policy to view or edit it. Click Apply Settings to save your changes, click Reset Settings to
return to the original screen settings, or click Cancel to close the screen and return to the Configuration
screen without saving any changes.
25
ADMINISTRATION
This chapter describes how to administer the router and users.
The Administration tab is designed for experienced network administrators. .
Click the Administration tab to display the main administration screen shown in Figure 28.
26 CHAPTER 5
Administration
Administration
Administration
Change passwords
Reset dates
Check the status of the boot configuration
Change the hostname or the date and time
Reboot the router
Enable or disable protocols such as TFTP, DHCP, and SNMP.
Perform connection tests by launching pings
Manage the file system
User Administration
The User Administration screen is shown in Figure 28.
27
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
The existing users are shown in Figure 29:
Boot Administration
The Boot Administration screen, which displays the router boot parameter settings, is shown in Figure 28.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
SR1001 Web UI User Guide
Version 8.3.5
28 CHAPTER 5
Administration
Administration
Save/Reboot
The Save/Reboot screen is shown in Figure 28. To save the configuration to onboard Flash, click Save
configuration to local Flash. To reboot the router, click Reboot the device.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
Host name
The Host name screen, which shows the name configured for this device, is shown in Figure 28.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
Date
The Date screen, which displays the current time and date set on the router, is shown in Figure 28. To
change the time and date, enter the appropriate values in the time and date fields.
29
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
Licenses
The Licenses screen is shown in Figure 34. Use this screen to install your licenses. You will need the
license key to install each license successfully.
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
Services Administration
The Services Administration screen is shown in Figure 28. Use this screen to set the various protocols to
be supported on this router.
30 CHAPTER 5
Administration
Administration
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
Ping
The Ping screen is shown in Figure 28. Use this screen to send ICMP packets to the specified device.
NOTE: Sending and ping and receiving ping responses (shown in the Response field) will halt all
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original
settings, or click Cancel to close the screen and return to the main Configuration screen without saving
any changes.
31
Click Apply Settings to save any changes. Click Reset Settings to reset the screen to its original settings,
or click Cancel to close the screen and return to the main Configuration screen without saving any
changes.
32 CHAPTER 5
Administration
Administration