2. Panasonic
  3. 8000

Panasonic 8000, Router 8000 User manual

  • Hello! I am an AI chatbot trained to assist you with the Panasonic 8000 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Nortel Secure Router 8000 Series
Troubleshooting - VAS
Release:
Document Revision:
5.3
01.01
www.nortel.com
NN46240-709 324767-A
Nortel Secure Router 8000 Series
Release: 5.3
Publication: NN46240-709
Document status: Standard
Document release date: 30 March 2009
Copyright © 2009 Nortel Networks
All Rights Reserved.
Printed in Canada, India, and the United States of America
LEGAL NOTICE
While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
ATTENTION
For information about the safety precautions, read "Safety messages" in this guide.
For information about the software license, read "Software license" in this guide.
Nortel Secure Router 8000 Series
Troubleshooting - VAS Contents
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
i
Contents
About this document.......................................................................................................................1
1 AAA troubleshooting................................................................................................................1-1
1.1 AAA overview.............................................................................................................................................1-2
1.1.1 AAA, RADIUS, and HWTACACS...................................................................................................1-2
1.1.2 Domains and address pool.................................................................................................................1-4
1.1.3 Schemes and modes ..........................................................................................................................1-5
1.1.4 Server templates ................................................................................................................................1-6
1.2 Troubleshooting local user authentication...................................................................................................1-6
1.2.1 Typical networking............................................................................................................................1-6
1.2.2 Configuration notes...........................................................................................................................1-7
1.2.3 Troubleshooting flowchart ................................................................................................................1-9
1.2.4 Troubleshooting procedure................................................................................................................1-9
1.3 Troubleshooting RADIUS authentication..................................................................................................1-10
1.3.1 Typical networking..........................................................................................................................1-11
1.3.2 Configuration notes.........................................................................................................................1-11
1.3.3 Troubleshooting flowchart ..............................................................................................................1-14
1.3.4 Troubleshooting procedure..............................................................................................................1-15
1.4 Troubleshooting HWTACAS authentication.............................................................................................1-17
1.4.1 Typical networking..........................................................................................................................1-17
1.4.2 Configuration notes.........................................................................................................................1-17
1.4.3 Troubleshooting flowchart ..............................................................................................................1-21
1.4.4 Troubleshooting procedure..............................................................................................................1-22
1.5 Troubleshooting cases ...............................................................................................................................1-23
1.5.1 FTP user fails to pass through RADIUS authentication..................................................................1-23
1.5.2 HWTACACS user fails to get the delivered address.......................................................................1-25
1.6 FAQs..........................................................................................................................................................1-26
1.7 Diagnostic tools.........................................................................................................................................1-30
1.7.1 Display commands ..........................................................................................................................1-30
1.7.2 Debugging commands.....................................................................................................................1-32
2 IPSec and IKE troubleshooting ...............................................................................................2-1
2.1 IPSec and IKE overview .............................................................................................................................2-3
Contents
Nortel Secure Router 8000 Series
Troubleshooting - VAS
ii
Nortel Networks Inc.
Issue 01.01 (30 March 2009)
2.2 Troubleshooting manual IPSec SA setup.....................................................................................................2-6
2.2.1 Typical networking............................................................................................................................2-6
2.2.2 Configuration notes...........................................................................................................................2-6
2.2.3 Troubleshooting flowchart ..............................................................................................................2-11
2.2.4 Troubleshooting procedure..............................................................................................................2-12
2.3 Troubleshooting ISAKMP SA...................................................................................................................2-14
2.3.1 Typical networking..........................................................................................................................2-14
2.3.2 Configuration notes.........................................................................................................................2-15
2.3.3 Troubleshooting flowchart ..............................................................................................................2-19
2.3.4 Troubleshooting procedure..............................................................................................................2-21
2.4 Troubleshooting SA setup using an IPSec policy template .......................................................................2-24
2.4.1 Typical networking..........................................................................................................................2-24
2.4.2 Configuration notes.........................................................................................................................2-25
2.4.3 Troubleshooting flowchart ..............................................................................................................2-30
2.4.4 Troubleshooting procedure..............................................................................................................2-31
2.5 Troubleshooting NAT traversal in the IPSec tunnel ..................................................................................2-32
2.5.1 Typical networking..........................................................................................................................2-33
2.5.2 Configuration notes.........................................................................................................................2-33
2.5.3 Troubleshooting flowchart ..............................................................................................................2-40
2.5.4 Troubleshooting procedure..............................................................................................................2-41
2.6 Troubleshooting GRE over IPSec or L2TP over IPSec .............................................................................2-42
2.6.1 Typical networking..........................................................................................................................2-42
2.6.2 Configuration notes.........................................................................................................................2-43
2.6.3 Troubleshooting flowchart ..............................................................................................................2-46
2.6.4 Troubleshooting procedure..............................................................................................................2-47
2.7 Troubleshooting cases ...............................................................................................................................2-48
2.8 FAQs..........................................................................................................................................................2-49
2.9 Diagnostic tools.........................................................................................................................................2-50
2.9.1 Display commands ..........................................................................................................................2-50
2.9.2 Debugging commands.....................................................................................................................2-59
3 Firewall troubleshooting ..........................................................................................................3-1
3.1 Firewall........................................................................................................................................................3-2
3.2 Troubleshooting the firewall........................................................................................................................3-2
3.2.1 Networking environment...................................................................................................................3-3
3.2.2 Configuration notes...........................................................................................................................3-3
3.2.3 Diagnostic flowchart .........................................................................................................................3-3
3.2.4 Troubleshooting procedures ..............................................................................................................3-5
3.3 FAQs............................................................................................................................................................3-6
3.4 Diagnostic tools...........................................................................................................................................3-6
4 NAT troubleshooting ................................................................................................................4-1
4.1 NAT.............................................................................................................................................................4-2
Nortel Secure Router 8000 Series
Troubleshooting - VAS Contents
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
iii
4.1.1 NAT attributes ...................................................................................................................................4-2
4.1.2 NAT modes........................................................................................................................................4-3
4.1.3 Special protocols supported by the address translation .....................................................................4-3
4.2 Troubleshooting NAT Troubleshooting .......................................................................................................4-4
4.2.1 Typical Networking...........................................................................................................................4-4
4.2.2 Configuration notes...........................................................................................................................4-5
4.2.3 Troubleshooting flowchart ................................................................................................................4-6
4.2.4 Troubleshooting procedures ..............................................................................................................4-8
4.3 Troubleshooting cases .................................................................................................................................4-9
4.3.1 Internal Network Cannot Successfully Ping the External Network After NAT Is Configured on the
Router.........................................................................................................................................................4-9
4.4 FAQs..........................................................................................................................................................4-10
4.5 Diagnostic tools.........................................................................................................................................4-11
4.5.1 Display commands ..........................................................................................................................4-11
4.5.2 Debugging commands.....................................................................................................................4-19
Index ................................................................................................................................................ i-1
Nortel Secure Router 8000 Series
Troubleshooting - VAS Figures
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
v
Figures
Figure 1-1 RADIUS message structure ............................................................................................................1-2
Figure 1-2 Attribute format...............................................................................................................................1-3
Figure 1-3 Networking diagram of local authentication...................................................................................1-7
Figure 1-4 Troubleshooting flowchart of local user authentication..................................................................1-9
Figure 1-5 Networking diagram of RADIUS authentication..........................................................................1-11
Figure 1-6 Troubleshooting flowchart of RADIUS authentication.................................................................1-14
Figure 1-7 Networking diagram of HWTACAS authentication .....................................................................1-17
Figure 1-8 Troubleshooting flowchart of HWTACACS authentication .........................................................1-21
Figure 1-9 Networking diagram of RADIUS authentication..........................................................................1-23
Figure 1-10 Networking diagram of HWTACAS authentication ...................................................................1-25
Figure 2-1 Format of the transport mode packets.............................................................................................2-4
Figure 2-2 Format of the tunnel mode packets.................................................................................................2-4
Figure 2-3 Networking diagram of the manual IPSec SA setup .......................................................................2-6
Figure 2-4 Troubleshooting flowchart of IPSec SA manual setup..................................................................2-11
Figure 2-5 Networking diagram of setting up ISAKMP IPSec ......................................................................2-15
Figure 2-6 Troubleshooting flowchart of SA setup in Phase 1 .......................................................................2-20
Figure 2-7 Troubleshooting flowchart of SA setup in Phase 2 .......................................................................2-21
Figure 2-8 Networking diagram of setting up SA using an IPSec policy template.........................................2-25
Figure 2-9 Troubleshooting flowchart of setting up IPSec SA using an IPSec policy template.....................2-30
Figure 2-10 Networking diagram of IPSec NAT ............................................................................................2-33
Figure 2-11 Troubleshooting flowchart of NAT traversal in IPSec ................................................................2-40
Figure 2-12 Networking diagram of configuring IPSec .................................................................................2-43
Figure 2-13 Troubleshooting flowchart of GRE over IPSec...........................................................................2-46
Figure 2-14 Networking diagram of IPSec setup ...........................................................................................2-48
Figure 3-1 Networking of the firewall..............................................................................................................3-3
Figure 3-2 Diagnostic flowchart for faults on the firewall ...............................................................................3-4
Figures
Nortel Secure Router 8000 Series
Troubleshooting - VAS
vi
Nortel Networks Inc.
Issue 01.01 (30 March 2009)
Figure 4-1 NAT principles................................................................................................................................4-2
Figure 4-2 NAPT working mode......................................................................................................................4-3
Figure 4-3 NAT networking..............................................................................................................................4-4
Figure 4-4 Networking of the load balancing, flow control and BT speed control on the NAT server ............4-5
Figure 4-5 troubleshooting flowchart ...............................................................................................................4-7
Figure 4-6 Internal network fails to ping the external network ........................................................................4-9
Nortel Secure Router 8000 Series
Troubleshooting - VAS Contents
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
i
Contents
About this document.......................................................................................................................1
Nortel Secure Router 8000 Series
Troubleshooting - VAS About this document
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
1
About this document
Overview
This section describes the organization of this document, product version, intended audience,
conventions, and update history.
Related versions
The following table lists the product versions related to this document.
Product Name Version
Nortel Secure Router 8000 Series V200R005
Intended audience
This document is intended for the following audience:
z
network operators
z
network administrators
z
network maintenance engineers
Organization
This document consists of three chapters related to Value Added Service (VAS)
troubleshooting and is organized as follows.
Chapter Description
1 AAA troubleshooting This chapter describes the troubleshooting procedure for the
Authentication, Authorization, and Accounting (AAA)
protocol; frequently asked questions (FAQ); and diagnostic
tools.
About this document
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2
Nortel Networks Inc.
Issue 01.01 (30 March 2009)
Chapter Description
2 IPSec and IKE
troubleshooting
This chapter describes troubleshooting procedures for IP
Security (IPSec) and Internet Key Exchange (IKE), FAQs,
and diagnostic tools.
3 Firewall
Troubleshooting
This chapter describes the troubleshooting procedure for
Firewall, FAQs, and diagnostic tools.
4 NAT troubleshooting This chapter describes the troubleshooting procedure for
Network Address Translation (NAT), FAQs, and diagnostic
tools.
Conventions
This section describes the symbol and text conventions used in this document
Symbol conventions
Symbol Description
Indicates a hazard with a high level of risk that, if not avoided,
can result in death or serious injury.
Indicates a hazard with a medium or low level of risk that, if
not avoided, can result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided,
can cause equipment damage, data loss, and performance
degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman font.
Boldface
Names of files, directories, folders, and users are in
boldface. For example, log on as the user root.
Italic Book titles are in italics.
Courier New
Terminal display is in Courier New font.
Nortel Secure Router 8000 Series
Troubleshooting - VAS About this document
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
3
Command conventions
Convention Description
Boldface
The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... } Alternative items are grouped in braces and separated by
vertical bars. You can select one item.
[ x | y | ... ] Optional alternative items are grouped in square brackets
and separated by vertical bars. You can select one item or
no item.
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. You can select a minimum of one item or a
maximum of all items.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets
and separated by vertical bars. You can select no item or
multiple items.
&<1-n> The parameter before the ampersand sign (&) can be
repeated 1 to n times.
# A line starting with the number sign (#) contains comments.
GUI conventions
Convention Description
Boldface
Buttons, menus, parameters, tabs, windows, and dialog box
titles are in boldface. For example, click OK.
> Multilevel menus are in boldface and separated by the
right-angled bracket sign (>). For example, choose File >
Create > Folder.
Keyboard operation
Format Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, Ctrl+Alt+A
means press the three keys concurrently.
Key 1, Key 2 Press the keys in sequence. For example, Alt, A means
press the two keys in sequence.
About this document
Nortel Secure Router 8000 Series
Troubleshooting - VAS
4
Nortel Networks Inc.
Issue 01.01 (30 March 2009)
Mouse operation
Action Description
Click Select and release the primary mouse button without
moving the pointer.
Double-click Press the primary mouse button twice quickly without
moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a new position.
Update history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 1.0 ( 6 June 2008 )
This is the first commercial release of this document.
Nortel Secure Router 8000 Series
Troubleshooting - VAS Contents
Issue 01.01 (30 March 2009) Nortel Networks Inc. i
Contents
1 AAA troubleshooting................................................................................................................1-1
1.1 AAA overview...............................................................................................................................................1-1
1.1.1 AAA, RADIUS, and HWTACACS......................................................................................................1-2
1.1.2 Domains and address pool ...................................................................................................................1-4
1.1.3 Schemes and modes .............................................................................................................................1-4
1.1.4 Server templates...................................................................................................................................1-5
1.2 Troubleshooting local user authentication.....................................................................................................1-6
1.2.1 Typical networking ..............................................................................................................................1-6
1.2.2 Configuration notes..............................................................................................................................1-7
1.2.3 Troubleshooting flowchart ...................................................................................................................1-9
1.3 Troubleshooting RADIUS authentication ...................................................................................................1-10
1.3.1 Typical networking ............................................................................................................................1-11
1.3.2 Configuration notes............................................................................................................................1-11
1.3.3 Troubleshooting flowchart .................................................................................................................1-14
1.3.4 Troubleshooting procedure ................................................................................................................1-15
1.4 Troubleshooting cases .................................................................................................................................1-17
1.4.1 FTP user fails to pass through RADIUS authentication.....................................................................1-17
1.4.2 HWTACACS user fails to get the delivered address......................................................................... 1-17
1.5 FAQs ...........................................................................................................................................................1-19
1.6 Diagnostic tools...........................................................................................................................................1-22
1.6.1 Display commands.............................................................................................................................1-22
1.6.2 Debugging commands........................................................................................................................1-25
Nortel Secure Router 8000 Series
Troubleshooting - VAS Figures
Issue 01.01 (30 March 2009) Nortel Networks Inc. iii
Figures
Figure 1-1 RADIUS message structure..............................................................................................................1-2
Figure 1-2 Attribute format ................................................................................................................................1-3
Figure 1-3 Networking diagram of local authentication.....................................................................................1-6
Figure 1-4 Troubleshooting flowchart of local user authentication....................................................................1-9
Figure 1-5 Networking diagram of RADIUS authentication............................................................................1-11
Figure 1-6 Troubleshooting flowchart of RADIUS authentication ..................................................................1-14
Figure 1-7 Networking diagram of HWTACAS authentication...................................................................... 1-15
Figure 1-8 Troubleshooting flowchart of HWTACACS authentication .......................................................... 1-16
Figure 1-9 Networking diagram of RADIUS authentication............................................................................1-17
Figure 1-10 Networking diagram of HWTACAS authentication .....................................................................1-19
Nortel Secure Router 8000 Series
Troubleshooting - VAS 1 AAA troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 1-1
1 AAA troubleshooting
About this chapter
The following table shows the contents of this chapter.
Section Description
1.1 AAA overview This section describes the concepts you need to know
before troubleshooting Authentication, Authorization, and
Accounting (AAA).
1.2 Troubleshooting local user
authentication
This section contains configuration notes for local user
authentication, and provides the local user authentication
troubleshooting flowchart and procedure for a typical
local user authentication network.
1.3 Troubleshooting RADIUS
authentication
This section contains configuration notes for RADIUS
authentication, and provides the RADIUS authentication
troubleshooting flowchart and procedure for a typical
RADIUS authentication network.
1.4 Troubleshooting cases This section presents several troubleshooting cases.
1.5 FAQs This section lists frequently asked questions (FAQs) and
their answers.
1.6 Diagnostic tools This section describes common diagnostic tools: display
commands and debugging commands.
1.1 AAA overview
This section describes the basic concepts of AAA, RADIUS, and HWTACACS.
1 AAA troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
1-2 Nortel Networks Inc. Issue 01.01 (30 March 2009)
1.1.1 AAA and RADIUS
AAA
Authentication, Authorization, and Accounting (AAA) contains the following three types of
security services.
z
Authentication: specifies what type of user can access the network.
z
Authorization: specifies what type of service the user can use.
z
Accounting: records the network resource utilization of the user.
AAA adopts the client/server model, in which the client runs on the resource side and the
server stores information about the user. This model is extensible and provides an effective
way to manage users.
The two communication protocols used between the client and the server are as follows:
z
Remote Authentication Dial-In User Service (RADIUS) protocol
z
Huawei Terminal Access Controller Access Control System (HWTACACS) protocol
(HWTACACS is an enhancement of TACACS)
RADIUS
RADIUS is used for communication between the Network Access Server (NAS) and the
RADIUS server on the application layer.
RADIUS adopts the client/server model in which the client runs on the resource side and the
server stores information about the user.
To ensure reliability, RADIUS supports User Datagram Protocol (UDP) packets and a
retransmission and backup server mechanism. The authentication and accounting ports used
by RADIUS are 1645/1646 or 1812/1813.
Figure 1-1 shows the RADIUS packet format.
Figure 1-1 RADIUS message structure
Authenticator
Code Identifier Length
Attribute......
01234567012345670123456701234567
1
2
3
4
5
6
The following list describes the RADIUS message structure:
z
Code—contains 1 byte, indicating the RADIUS message type. The common code values
are as follows.
/