Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
31323334353637383940
Chapter 4 Troubleshooting Routers and Embedded Systems VPN-1/FireWall-1 configuration for a Nortel (Bay Networks) BayRS router
Advanced Technical Reference Guide 4.1 June 2000 34
2. Press the "SNMP Info..." button to Enter the "SNMP Information" window, and in it change the values of
both "Read" and "Write" fields to the new community you've defined previously using the Nortel (Bay)
Site Manager.
Make rules which have either "Routers" or the specific router in the "Install On" field.
Warning - Make sure that you are not adding rules which block SNMP communication between
VPN-1/FireWall-1 and the router, and from the Site Manager to the router.
3. Install the policy. This should load the access list on the router.
Further security considerations
After you've done all the above, note the following considerations:
1. Preventing illegal SNMP access to your router:
Using Configuration Manager, as described above, erase the default "Public" community, or make it
READ ONLY.
Whatever access list you make, it is recommended you allow SNMP connections to the router only
from the VPN-1/FireWall-1 site and from the Site Manager. No other SNMP connections to the router
should be allowed (this, of course, doesn't include SNMP THROUGH the router, to different locations,
which is simply a matter of your security policy choices).
2. It is recommended that you copy the configuration file on the router to a special file called "config"(no
extensions), which is the default configuration file, used when the router comes up from a failure (when
turned on, after a power supply failure, etc.). This, of course, should only be done after you verified
everything is OK with your configuration file.
BayRS Router Commands
There are some important commands that can be run on the Technicians Interface (TI).
To log into the TI (the command line of the router) you can telnet, or use a console, to connect to the router and
login in as user “Manager” without any password. The exception to this is the BayRS 5000 in which each slot
functions as a separate router and is configured separately. In this case, when connecting to the BayRS 5000
you will be presented with a menu displaying all the boards currently installed. Select the one you wish to
configure and then select the TI option.
The following are a list of typical commands that can be run on the command line of the router.
Router Log Command:
Display all log messages from the firewall code running on slot 3 for example:
log -fwitdf –eRFWALL –s3
Router Status Commands
To show the current state and ip address of all the circuits/interfaces:
show ip circuit
To show the currently established TCP connections (connections to the router itself):
show tcp connections
Router Kernel Information Commands
To show the amount of RAM on each slot:
get wfHwEntry.31.*