Enterasys ANG-3000 Series Application Note Download Page 12 | Manualshive

Page: 12 / 14

background image

Page 12 of 14

AVN-AN-MGMT-R10

Configuring the ANG-3000/7000 series Management Interface

Application Note

Installing and Configuring the Management Interface Card

To begin configuring IP services, change directory to:

/usr/indus/ipsec

Defining the Selector

The following command applies rules to SNMP, TELNET, HTTPS and ICMP protocols
(and their associated port numbers) originating from a Class C, 192.168.100.0 network.
The HTTPS selector identifies the type of traffic that is used to manage the ANG with
the Web Config configuration utility. Note that the defined port number is 8080 rather
than the standard HTTPS port number of 443. This is an Enterasys ANG-specific
implementation; the underlying protocol and security remains standard SSL.

The configuration defines named selectors to reach the “local” interface from the
given “remote” network outside the interface. The combination of protocols and ports
define the IP service to which access is restricted. The specific “local” interface is
specified later when binding the corresponding rule to a particular physical interface
(that is, the management interface).

ipsecSelector -a -n SNMP -o physical -r 192.168.100.0/24 -p UDP -v 161 -w 0

ipsecSelector -a -n TELNET -o physical -r 192.168.100.0/24 -p TCP -v 23 -w 0

ipsecSelector -a -n HTTPS -o physical -r 192.168.100.0/24 -p TCP -v 8080 -w 0

ipsecSelector -a -n ICMP -o physical -r 192.168.100.0/24 -p ICMP

The command switches are defined as follows:

Defining the Rules

After the Selectors have been configured, you must define the rules the ANG will use
to perform a particular action on the selectors. The following command applies the

pass

Rule to all selectors.

ipsecRule -a -n SNMP -s SNMP -w pass

ipsecRule -a -n TELNET -s TELNET -w pass

-a

Adds a Selector

-n

Defines the Selector name (SNMP, TELNET, HTTP(S), ICMP, for example)

-o

Sets the local address - virtual or physical (the address of the interface the selector is
applied to)

-r

Specifies the remote address

-p

Specifies the protocol (ANY, TCP, UDP, ICMP, GRE)

-v

Sets the local port number (0 for any)

-w

Sets the remote local port number (0 for any)

«
...
10
11
12
13
14
»

Summary of Contents for ANG-3000 Series

Page 1: ...tp services In large enterprises the management network is often reserved for the IT department s discreet handling of all corporate management functions To understand how the ANG 3000 7000 series s m...

Page 2: ...elector ipsecRule and ipsecSpd commands NOTE Refer to the application note ANG Configuration Using the Command Line Interface for more details about the irc and ipsec commands Installing the Managemen...

Page 3: ...t is netadmin and press ENTER 4 Type your password the default is netadmin and press ENTER 5 Login as superuser by typing su and press ENTER 6 Type the default password welcome and press ENTER 7 Save...

Page 4: ...the ANG from the Rack 13 Remove the ANG from the rack Remove the Cover Follow the instructions below to remove the cover which is attached to the ANG by one screw Figure 5 Top Cover Mounting Screw Lo...

Page 5: ...move back about 1 2 inch Press your fingers in the three indents on the cover and apply pressure toward the rear of the ANG Refer to Figure 6 Figure 6 Top Cover Screw Removed 3 From the rear of the AN...

Page 6: ...stall upgrades are located as shown in Figure 8 Figure 8 Hardware PCI Slot Location Removing the Card Holding Plate To remove the card flange holding plate remove the two screws as shown in Figure 8 T...

Page 7: ...low to install the management interface card shown in Figure 10 Figure 10 Management Card 1 Remove the Insert from the back of the ANG as shown in Figure 11 NOTE Note how this blank plate is mounted t...

Page 8: ...Figure 12 Figure 12 Orientation of Management Card for Installation 3 Remove the PCI riser from the unit 4 Align the management card fingers with the connector as shown in Figure 13 and plug the card...

Page 9: ...14 Figure 14 Aligning the Management Card flange with the PCI Connector 6 Insert the PCI riser into the PCI connector 7 Replace the card flange holding plate with the two mounting screws This holding...

Page 10: ...low the cover to seat itself on top of the chassis sides If the cover does not seat in the chassis sides the slots are not aligned with the screw inserts Move the cover back or forward accordingly to...

Page 11: ...and press ENTER 5 Change directory to the irc directory Type the following and press ENTER cd usr indus irc 6 Examine the ircipaddr command parameters below ircipaddr n management i ANG IP address m A...

Page 12: ...which access is restricted The specific local interface is specified later when binding the corresponding rule to a particular physical interface that is the management interface ipsecSelector a n SN...

Page 13: ...e list of rules defined in the SPD The example below restricts SNMP TELNET HTTPS and ICMP traffic to the Management Interface from the 192 168 100 0 network Similar services can be defined and applied...

Page 14: ...rmation about Enterasys Networks consult the following table Please include your name title company and phone number in all correspondence Enterasys Networks offers 7x24 customer support by calling 1...

Reviews:

No comments

Related manuals for ANG-3000 Series

Brand: Wiznet Pages: 53

Brand: Advantech Pages: 78

Brand: Omron Pages: 11

Brand: Omron Pages: 78

Brand: QEI Pages: 43

Brand: QEI Pages: 48

Brand: QEI Pages: 45

Brand: Planet Networking & Communication Pages: 2

Brand: Packet Power Pages: 2

Harmony IP I/O8

Brand: Encom Pages: 44

Brand: Riello UPS Pages: 14

PowerMaster-360

Brand: Visonic Pages: 65

Brand: Universal Remote Control Pages: 26

Brand: Philio Pages: 16

Brand: SICK Pages: 130

Brand: Pirelli Pages: 149

Brand: 2N Telekomunikace Pages: 5

Brand: Juniper Pages: 188

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands