• November 29, 2020, 04:59:01 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ERS4500 management config for the slow  (Read 1794 times)

0 Members and 1 Guest are viewing this topic.

Offline darkfader

  • Rookie
  • **
  • Posts: 9
ERS4500 management config for the slow
« on: April 29, 2015, 09:40:49 AM »
Hi,

I'm looking for some help getting through setup of management on my switches.
There's 4 switches and their management config, so far, is different. I want to clean it up.
(When I set everything up I lost a lot of time due to not knowing that VLACP and LACP are incompatible :)

What I'd like to do and whats puzzling me:

  • Enable SSH access on all switches
  • Allow access to it from the management subnet
  • NOT have a password on the serial line
  • Have telnet disabled
  • Have http web interface disabled
  • Have the web interface on SSL enabled
  • With password
  • Only from the same subnet
  • Have SNMP access from the same subnet, with a v3 readonly view to 1.3.6.1 EVERYTHING (the default views don't show the fan state...) but still have no single damn write view.
Is this config a reasonable goal?

My problem is with things like:
  • Which command sets the password for "LOCAL" access?
  • I see how to set a telnet password, but not how to set a SSH password?
  • If that's the same command, how can I be sure that disabling telnet won't disable SSH?
  • Why won't the switch with password-policy enabled accept a password like A!b$3Cd7?
  • How do you restart the https webserver if it suddenly dies during snmp config?
  • Why does it ask a password on this switch on http but gives me https access on the other one.
  • Why are the passwords not cleartexted if i do "no password security"

I looked for example at this document
....en.wikiversity.org/wiki/Avaya_Task_Training%5CERS-5500%5CBasic_Security
and this one:
...www.sharontools.com/blog/tips/nortel-snmp-snmpv3-and-ssh/

and I've also worked with a lot of the Nortel/Avaya manuals but that was also just partially helpful.

I feel a bit like i'm getting a lesson on contradictive information.


I thought about splitting this into multiple posts, but I'm not sure if it would be any better.
Any help would be very appreciated.

If you have a similar config, could you share a show current-config without the non-auth / sensitive data and a few comments?
« Last Edit: April 29, 2015, 12:11:42 PM by darkfader »


Offline darkfader

  • Rookie
  • **
  • Posts: 9
Re: ERS4500 management config for the slow
« Reply #1 on: April 29, 2015, 04:01:20 PM »
I've gone over the Avaya manual some more today and partially progressed. :>

The ipmgr rules apply to all services if you have the "use list" setting in the web ui.
I don't know what setting correlates with that.

Firefox is utterly unwilling to connect to the switches complaining about the TLS version.
Firefox being Firefox I have no idea if it's really a TLS issue or just SSL not working.

SNMPv2 access (ro) looks quite OK
SNMPv3 access is linked to the 'root' view i created that lists +1 as it's OID.
Nonetheless you can't access anything below 1, i.e. 1.3.6.1


I was able to set up an RW user via CLI, but not to rename it.
Once I had the RW user the communities section of the SNMP management area of the web ui was no longer accessible. Accessing it logged me out of the web ui.

While I appgreciate all the new features Nortel/Avaya had added, I really miss the old JDM.
Parts of the new manager feel like it was written after a few too many beers.