Panasonic 5500 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Panasonic 5500. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Panasonic 5500 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Panasonic 5500 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Panasonic 5500 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Panasonic 5500
- nom du fabricant et année de fabrication Panasonic 5500
- instructions d'utilisation, de réglage et d’entretien de l'équipement Panasonic 5500
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Panasonic 5500 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Panasonic 5500 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Panasonic en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Panasonic 5500, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Panasonic 5500, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Panasonic 5500. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Identity Engines Ignition Server Ethernet Routing Switc h 8600 8300 1600 5500 5600 4500 2500 Engineering > Switch User Authentication using Identity Engines Ignition Server Technical Configuration Guide Enterprise Networking Solutions Document Date: October 2009 Document Number: NN48500-589 Document Version: 1.0[...]

  • Page 2

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 1 Nortel is a recognized lea der in delivering co mmunications cap abilities that enhance the human experience, ignite and po wer global commerce, an d se cure and prote ct the world’s most critical information. Se[...]

  • Page 3

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 Abstract Revision Control No Date Version Revised by Remarks 1 10/09/2009 1.0 JVE Initial release[...]

  • Page 4

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 1.1 RADIUS S UPPORT ON N ORTEL S WITCHES .................................................................................... 5 1.2 U SER A UTHENTICATION USING ERS160 0, ERS8300, OR ERS8600.........................[...]

  • Page 5

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 Conventions This section describe s the text, image, and comma nd conventions used in this document. Symbols: Tip – Highlights a configura tion or technical tip. Note – Highlights importan t information to the [...]

  • Page 6

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 5 1. Overview: RADIUS User Authentication using Identify Engines This document provides the frame work for implem enting user Authenticati on, Authorization, and Accounting for Nortel switches. 1.1 RADIUS Support on [...]

  • Page 7

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 1.3 User Authentication using ERS5600, ERS5500, ERS4500, or ERS2500 The ERS5600, ERS5500, ERS4500, an d ERS250 0 each support two different user a ccess levels which are read-only or read-write. RADI US attr ibute [...]

  • Page 8

    2. ERS8600 Switch Configuration Example For this configuration example, we will enable RADIUS user authenticatio n on ERS8600-1 using the out-of-band managem ent port. We will configure the Identity Engines RADI US server wit h the following three users: User name with read-only access: 8600ro User name with read-write acce ss: 86 00rw User name wi[...]

  • Page 9

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 2.1 Part 1: Basic AAA Configuation 2.1.1 ERS8600 Configuration Assuming we are usi ng the out-of-band management port. 2.1.1.1 Add out-of-band IP address ERS8600-1 Step 1 – Add out-of-band IP address a nd route 2[...]

  • Page 10

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 2.1.2 ERS 8600 Switch: Verify Operations 2.1.2.1 Verify RADIUS Global Settings Step 1 – Verify that RADIUS has been enabled globally Result: Via 8600-1, verify the following information: Option Verify Acct-enable[...]

  • Page 11

    2.1.3 IDE Setup 2.1.3.1 Configure an Outbound Attribute on Ignition Serv er for VLAN The following chart display s the outbound attr ibute values required by the ERS8600 for each access level for RADIUS vendo r identifier 1584 (Bay Networks) attribute type 192. For this example, we will configure IDE with a ttribute values of 1, 5, and 6. Access Le[...]

  • Page 12

    IDE Step 2 – Go to IDE Step 3 – Via the window, type in a name for the attri bute to be used for access priority (i.e. ERS8600-Access-Priori ty as used in this example), click the radio button, select via and via . Click on when done __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ __[...]

  • Page 13

    IDE Step 4 – Go to IDE Step 5 – Using the Outbound Attribute create d in Step 3, we will first add an attribute value of 1 for read-only-acc ess. Start by entering a name v ia the window (i.e. as used in this example) and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ _____[...]

  • Page 14

    IDE Step 6 – Select the Outbound Attributes na me created in Step 3 (i.e. ERS8600-Access- Priority as used in this example ) via the pull down menu. In the window, enter 1 (i.e. value of 1 signifies read-only - access). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ _____[...]

  • Page 15

    IDE Step 7 – Go to again to create the outboun d attribute for rea d-write -access. Using the Outbound Attribute c reated in Step 3, we will add an attribute v alue of 5 for read- write-access. Start by enterin g a name via the w indo w (i.e. 8600-rw as used in this example) and click on __________ ___________ ____________ ___________ ___________[...]

  • Page 16

    IDE Step 8 –Select the Outbound Attributes name created in Step 3 (i.e. ERS8600-Access- Priority as used in this example ) via the pull down menu. In the windo w , enter 5 (i.e. v alue of 5 signifies read -write- access). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ___[...]

  • Page 17

    IDE Step 9 – Go to again to create the outbound a ttribute for read- write-all-access. Usi ng the Outbound Attribute created in Step 3, we will add an attribute value of 6 for read- write-all-access. Start by entering a name via the w indo w (i.e. 8600-r w a as used in this example) and click on __________ ___________ ____________ ___________ ___[...]

  • Page 18

    IDE Step 10 –Select the Outbound Attributes nam e created in Step 3 (i.e. E RS8600-Access- Priority as used in this example ) via the pull down menu. In the windo w , enter 6 (i.e. value of 6 signifies r ead-write-all- access). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ _________[...]

  • Page 19

    2.1.3.2 Add Users For this configuration example, we will add the following users. User Name Access Level 8600ro Read-Only-A ccess 8600rw Read-Write-A ccess 8600rwa Read-Write-A ll-Access IDE Step 1 – Star t by going to and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ _____[...]

  • Page 20

    IDE Step 2 – Enter the user name for read-only -access via (i.e. 8600ro as used in this example) and e nter the pass word for this user via and . Click on when done. If you wish, y ou can also change the expiry date v ia if you do not wish to use the defa ult se tting of one year __________ ___________ ____________ ___________ ___________ _______[...]

  • Page 21

    IDE Step 3 – Repeat s tep 2 again by clicking on Ne w to add the read-write-acc ess user. Enter the user name for read- write-access via (i.e. 8600r w as used in this example) and enter the pass word for this user via and . Click on when done. If you wish, you can also change the expiry date via if you do not wish to use the default setting o f o[...]

  • Page 22

    IDE Step 4 – Repeat step 2 for the final time by clicking on New to add the read -write-all- access user. Enter the user name fo r read-write-a ll-access via (i.e. 8600rwa as used in this example) and enter the pass word for this user via and . Click on when done. If y ou wish, you can also change the expiry date via if you do not wish to use the[...]

  • Page 23

    2.1.3.3 Add an Access Policy IDE Step 1 – Go to Right-click R and select . Enter a policy name (i.e. ERS8600-Access as used in this example) and click on when do ne __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 2[...]

  • Page 24

    IDE Step 2 – Click on the policy w e just created, i.e. ERS8600-Access, and click on via the tab __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 3[...]

  • Page 25

    IDE Step 3 – Under w indow, select __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 4[...]

  • Page 26

    IDE Step 4 – Go to the and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 5[...]

  • Page 27

    IDE Step 5 – Check off the and click on when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 6[...]

  • Page 28

    IDE Step 6 – Go to the tab and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 7[...]

  • Page 29

    IDE Step 7 – Once the windo w pops up, click on First, we will add a rule for read-o nly-access. When the window pops up , w e w ill na me t he rule as shown below __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 8[...]

  • Page 30

    IDE Step 8 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 2 9[...]

  • Page 31

    IDE Step 9 – For this example, we are simply going to look for the read -only-user user-i d. From , select and scroll do wn and select . Select wi t h of and enter the read-only -access user id, i.e. 8600ro as us ed in this example, in the window as shown belo w. Click on w hen done __________ ___________ ____________ ___________ ___________ ____[...]

  • Page 32

    IDE Step 10 – Via , select . From the window , select the output attribute we created previously named and click on the less-than arro w key to move the attribute to t he w indow __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 1[...]

  • Page 33

    IDE Step 11 – Next, we will add a rule for read-write-access. Start by clicking on and whe n t he windo w pops up, add an appropriate nam e for this rule, i.e. read- write- access as used in this example __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 2[...]

  • Page 34

    IDE Step 12 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 3[...]

  • Page 35

    IDE Step 13 – For this example, w e are simply going to look for the read- write-access u ser- id. From , select and scroll do wn and select . Select wi t h of and enter the read -only-access us er id, i.e. as used in this example, in the window as shown belo w. Click on w hen done __________ ___________ ____________ ___________ ___________ _____[...]

  • Page 36

    IDE Step 14 – Via , select . From the windo w, select the output attribute we created previously named and click on the less-than arr ow key to move the attribute to t he w indow __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 5[...]

  • Page 37

    IDE Step 15 – Finally, we w i ll add a rule for read-write-all-acc ess. Start by clicking on and when the windo w pops up, add an appropriate name for this rule, i.e. as used in this example __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 6[...]

  • Page 38

    IDE Step 16 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 7[...]

  • Page 39

    IDE Step 17 – For this example, we are simply going to look for the read- write-all-access user-id. From , select and scroll down and select . Select wi t h of and enter the rea d-only-access user id, i.e. as used in this example, in the windo w as shown belo w. Click on when done __________ ___________ ____________ ___________ ___________ ______[...]

  • Page 40

    IDE Step 18 – Via , select . From the windo w, select the output attribute we created above na med and click on the less-than arrow key to move the attribute to the wi n d o w __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 3 9[...]

  • Page 41

    IDE Step 19 – When completed, y ou can view the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 0[...]

  • Page 42

    2.1.3.4 Add the Nortel ERS8600-1 s witch as an RADIUS Authenticator For Ignition Server to process t he No rtel switch RADIUS re quests, each switch must be ad ded as an Authenticator. IDE Step 1 – Go to -> For this example, we will create ne w container named by right clicking and selecting __________ ___________ ____________ ___________ ____[...]

  • Page 43

    IDE Step 2 – Go to -> -> and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 2[...]

  • Page 44

    IDE Step 3 – Enter the settings as shown below making sure y ou select the policy we created previously named via . Leave and checked. Click on when done . __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 3[...]

  • Page 45

    2.1.4 Verification 2.1.4.1 Verify User Authentication You can test user authentication for the ERS8600 users configu red on IDE by entering the user name and password. Step 1 – Via Ignition Dashbo ard, select the IP address of the Ignition Server, click on the tab, go to and select the tab. Make y ou select and and the enter a valid user name and[...]

  • Page 46

    Via Dashboard, verify the following information: Option Verify Results If successful, should be displayed 2.1.4.2 Verify user authentication from ERS s witch You can view the authentication detail s via Igni tion Dashboard which prov ides extensive de tails about the device or user. Step 1 – In Dashboard, select the IP address of the Ignition S e[...]

  • Page 47

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 6[...]

  • Page 48

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 7 At minimum, verify the following items: Option Verify Authentication Result If successful, should be displayed. If not, verify the device using the previous step and if th is also fails, verify the Ignition Serve[...]

  • Page 49

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 4 8 2.2 Part 2: ERS8600 Configuration with Specific Commands Disabled In this part, we will use the same configuration used in the previous example, but, we will restrict the read-write ERS8600 user (u ser name = 860[...]

  • Page 50

    2.2.2 IDE Setup 2.2.2.1 Configure Outbound attributes to de ny ERS8600 CLI commands Using the same base configuratio n from the previous step, we will simple add the CLI commands we wish to deny to the read-write user. In this example, this will apply only to the user . IDE Step 1 – IDE already has the vendor speci fic attributes defined, Bay Net[...]

  • Page 51

    IDE Step 3 – Via the window, type in a name for the attri bute to be used to restrict CLI commands (i.e. 8600-Command -Access as used in this ex ample), click the radio button, select via and via . Click on w hen done IDE Step 4 – Go to one more time Via the w indo w, type in a name for the attribute to be used to list the CLI commands (i.e. 86[...]

  • Page 52

    IDE Step 5 – Go to IDE Step 6 – Using the Outbound Attribute crea ted in Step 3, we will add a value of 0 to restrict CLI command acces s. Start by entering a nam e via the window (i.e. ERS8600-Command-Access as used in this exam ple) and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ _[...]

  • Page 53

    IDE Step 7 – Select the Outbound Attributes name crea ted in Step 3 (i.e. ERS8600- Command-Access as used in this e xample) via the pull down menu. In the window, enter 0 (i.e. value of 0 signifies CLI command restriction). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ _[...]

  • Page 54

    IDE Step 8 – Go to again to create the outbound attribute for de ny access to the CLI co mmand ‘config qos’. Using the Outbound Attribute created in Step 4, we will add a string value of “config qos”. Start by entering a name via the w indo w (i.e. 8600-Command-no-QoS as used in this example) and click on __________ ___________ __________[...]

  • Page 55

    IDE Step 9 – Select the Outbound Attributes name crea ted in Step 4 (i.e. ERS8600- Command-List as use d in this example) v ia the pull down menu. In the wi nd o w, e n t e r (i.e. this is the CLI command we wish to restrict). Click on twice w hen done. __________ ___________ ____________ ___________ ___________ ____________ ___________ _________[...]

  • Page 56

    IDE Step 10 – Go to again to create the outbound attribute for de ny access to the CLI comm and ‘config filter’. Using the Outbound Attribute created in Step 4, we will add a string value of “config filter”. Start by entering a name via the w indo w (i.e. 8600-Command-no-filter as used in this example) and click on __________ ___________ [...]

  • Page 57

    IDE Step 11 – Select th e Outbound Attributes name created in Step 4 (i.e. ERS8600- Command-List as use d in this example) v ia the pull down menu. In the wi n d o w, e nt er (i.e. this is the CLI command we wish to restrict). Click on twice w hen done. __________ ___________ ____________ ___________ ___________ ____________ ___________ _________[...]

  • Page 58

    2.2.2.2 Modify the Authorization Policy for the ERS860 0 read-write user IDE Step 1 – Click on the policy created from the prev ious example, i.e. ERS8600-Access, click on the tab, select the via the window, and click on Edit __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ [...]

  • Page 59

    IDE Step 2 – Make sure the read- write-access rule is selected and move all three RADIUS attribute values we just created from the prev ious step from the windo w to the w indow __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 5 8[...]

  • Page 60

    IDE Step 3 – When compl eted, you can vie w the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 5 9[...]

  • Page 61

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 0 2.2.3 Verification Connect to ERS8600 by using telnet with the read-write user accou nt. ERS8600-1 – Verify operation by ty ping in some commands[...]

  • Page 62

    3. ERS5600 Switch Configuration Example For this configuration exa mple, we will enable RADIUS user authenticatio n on ERS500-1 using the switch management po rt. We will co nfigure the Identity Engines RADIUS server with the following two users: User name with read-only access: 5600ro User name with read-write acce ss: 56 00rw __________ _________[...]

  • Page 63

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 2 3.1 ERS5600 Configuration 3.1.1 Enable RADIUS Up to two RADIUS servers are supported on the ERS 5600, 55 00, 4500, or 2500 seri es switches. For this configuration example we will simply configure on e RA DIUS se[...]

  • Page 64

    3.2 IDE Setup 3.2.1 Configure an Outbound Attribute on Ignition Server for Service-Type The following chart display s the outbound attr ibute values required by the ERS5600, ERS5500, ERS4500, or ERS2500 for each access level usin g RADIUS attribute type 6 (Service-Typ e). Registry Value Description ERS Access Level 6 Administrativ e Read-Write-A ll[...]

  • Page 65

    IDE Step 2 – Via the window, type in a name for the attri bute to be used for access priority (i.e. Service-type-ERS as used in this example), click the radio button and select . Click on when done IDE Step 4 – Go to __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ _______[...]

  • Page 66

    IDE Step 5 – Using the Outbound Attribute created in Step 2, we will first add a value of 7 (NAS Prompt) for read -only-access. Start by entering a name via the w indo w (i.e. ERSro as used in this example) and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ______[...]

  • Page 67

    IDE Step 6 – Select the Outbo und Attributes name crea ted in Step 3 (i.e. Service-ty pe-ERS as used in this example) v ia the pull down menu. In the windo w , enter 7 (i.e. value of 7 signifies NAS Pr ompt for read-only - access). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ _____[...]

  • Page 68

    IDE Step 7 – Go to again to create the outboun d attribute for rea d-write -access. Using the Outbound Attribute c reated in Step 2, we will add a value of 6 for read- write-access. Start by entering a name v ia the window (i.e. ERSrwa as used in this example) and click on __________ ___________ ____________ ___________ ___________ ____________ _[...]

  • Page 69

    IDE Step 8 –Select the Outboun d Attributes name created in Step 2 (i.e. Service-ty pe-ERS as used in this example) v ia the pull down menu. In the window, enter 6 (i.e. v alue of 6 signifies Administrativ e for read- write-access). Click on twice when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ____[...]

  • Page 70

    3.2.2 Add Users For this configuration exa mple, we will add the following users User Name Access Level 5600ro Read-Only-A ccess 5600rwa Read-Write-A ll-Access IDE Step 1 – Star t by going to and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 6 9[...]

  • Page 71

    IDE Step 2 – Enter the user name for read-only -access via (i.e. 5600ro as used in this example) and e nter the pass word for this user via and . Click on when done. If you wish, y ou can also change the expiry date via if you do not wish to use the defa ult se tting of one year __________ ___________ ____________ ___________ ___________ ________[...]

  • Page 72

    IDE Step 3 – Repeat s tep 2 again by clicking on Ne w to add the read-write-acc ess user. Enter the user name for read- write-access via (i.e. 5600r w as used in this example) and enter the pass word for this user via and . Click on when done. If you wish, you can also change the expiry date via if you do not wish to use the default setting o f o[...]

  • Page 73

    3.2.3 Add Access Policy IDE Step 1 – Go to Right-click R and select . Enter a policy name, i.e. ERS-access as used in this example and click on when done __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 2[...]

  • Page 74

    IDE Step 2 – Click on the policy w e just created, i.e. ERS-access, and click on via the tab __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 3[...]

  • Page 75

    IDE Step 3 – Under w indow, select __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 4[...]

  • Page 76

    IDE Step 4 – Go to the and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 5[...]

  • Page 77

    IDE Step 5 – Check off the and click on when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 6[...]

  • Page 78

    IDE Step 6 – Go to the tab and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 7[...]

  • Page 79

    IDE Step 7 – Once the windo w pops up, click on First, we will add a rule for read-only . When the window pops up, we will name the rule as shown below __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 8[...]

  • Page 80

    IDE Step 8 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 7 9[...]

  • Page 81

    IDE Step 8 – For this example, we are simply going to look for the read -only-user user-i d. From , select and scroll do wn and select . Select wi t h of and enter the read-only -access user id, i.e. 5600ro as us ed in this example, in the window as shown belo w. Click on w hen done __________ ___________ ____________ ___________ ___________ ____[...]

  • Page 82

    IDE Step 9 – Via , select . From the window, select the output attribute we created above named and click on the less-than arrow key to move the attribute to the wi n d o w __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 1[...]

  • Page 83

    IDE Step 10 – Next, we will add a rule for read-write-access. Start by clicking on and when t he windo w pops up, add an appropriate nam e for this rule, i.e. as used in this example __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 2[...]

  • Page 84

    IDE Step 11 – Click on to add a new constraint __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 3[...]

  • Page 85

    IDE Step 12 – For this example, we are simply going to look for th e read-write user-id. From , select and scroll do wn and select . Select wi t h of and enter the read-write user id, i.e. 5600r wa as used in this ex ample, in the window as shown below. Click on when done __________ ___________ ____________ ___________ ___________ ____________ __[...]

  • Page 86

    IDE Step 13 – Via , select . From the window , select the output attribute we created above na med and click on the less-than arro w key to move the attribute to the wi n d o w __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 5[...]

  • Page 87

    IDE Step 18 – When completed, y ou can view the complete policy by clicking on the button __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 6[...]

  • Page 88

    3.2.4 Add the Nortel ERS5600-1 switch as an RADIUS Authenticator For Ignition Server to process t he No rtel switch RADIUS re quests, each switch must be ad ded as an Authenticator. IDE Step 1 – Go to -> For example, we will create ne w container named by right clicking and selecting . __________ ___________ ____________ ___________ __________[...]

  • Page 89

    IDE Step 2 – Go to -> -> and click on __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 8[...]

  • Page 90

    IDE Step 3 – Enter the settings as shown below making sure y ou select the policy we created abov e named via . Leave and checked. Click on when done. __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 8 9[...]

  • Page 91

    3.3 Verification 3.3.1 Verify User Authentication You can test user authentication for the ERS5600 users configu red on IDE by entering the user name and password. Step 1 – Via Ignition Dashbo ard, select the IP address of the Ignition Server, click on the tab, go to and select the tab. You can also simple test user authenticati on as we did for [...]

  • Page 92

    3.3.2 Verify user authentic ation from ERS switch You can view the authentication detail s via Igni tion Dashboard which prov ides extensive de tails about the device or user. Step 1 – In Dashboard, select the IP address of the Ignition S erver and click on the tab, go to a nd select the tab. Via the message of a v alid user, right-click the mess[...]

  • Page 93

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 2[...]

  • Page 94

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 3 At minimum, verify the following items: Option Verify Authentication Result If successful, should be displayed. If not, verify the device using the previous step and if th is also fails, verify the Ignition Serve[...]

  • Page 95

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 4 4. Software Baseline Product Minimum Software Level Identity Engines 6.0 . 5. Reference Documentation Document Title Publication Number Description Identity Engines Ignition Server, Release 6.0 – Document Colle[...]

  • Page 96

    __________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ ____________ ___________ ___________ 9 5 Contact us If you purchased a service contract for your Nort el product from a di stributor or authorized reseller, contact the techni cal supp ort staff fo r that distributor or reseller for assistance. If you p[...]