There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You’ll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you’ll need to factory reset the switch.
Note: I’m still trying to figure out the best way to display the CLI stuff… if I use the PRE HTML tag the font is really too small, if I don’t use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.
Nortel Ethernet Routing Switch 5500 Series (v5.1)
Here’s how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).
5520-48T-PWR>enable 5520-48T-PWR#config term Enter configuration commands, one per line. End with CNTL/Z.
What’s the syntax to set the read-only and read-write passwords?
5520-48T-PWR(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password.
We’ll use the commands below to set the read-only (RO) password to “readonlypassword” and the ready-write (RW) passwords to “readwritepassword”;
5520-48T-PWR(config)#cli password read-only readonlypassword 5520-48T-PWR(config)#cli password read-write readwritepassword
What is the syntax to enable the passwords on the serial and telnet interfaces?
5520-48T-PWR(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. tacacs Use TACACS+ AAA services 5520-48T-PWR(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication. tacacs Use TACACS+ AAA services
We’ll use the commands below to set the serial and telnet interface to use the local passwords we’ve just configured above. You could also use RADIUS and TACACS authentication if you set it up.
5520-48T-PWR(config)#cli password serial local 5520-48T-PWR(config)#cli password telnet local
And let’s not forget to save the configuration file (even though the switch should auto-save it).
5520-48T-PWR(config)#copy config nvram 5520-48T-PWR(config)#exit 5520-48T-PWR#disable 5520-48T-PWR>
Nortel Ethernet Routing Switch 4500 Series (v5.0)
The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.
4548GT-PWR(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password. 4548GT-PWR(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. 4548GT-PWR(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication.
Nortel Ethernet Switch 460/470 (v3.7.2)
The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.
470-48T>enable 470-48T#config term Enter configuration commands, one per line. End with CNTL/Z. 470-48T(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password. 470-48T(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. 470-48T(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication.
Hopefully this should help a few folks out.
Cheers!
Hi Mike.
I´m trying to implement Radius authentication over 5520 and 460 switches. I have cisco routers too, and it´s working on it. But I don´t know what I need to make it works on Nortel switches. I´m trying with the user rw, RW, rwa, bsrw and when I see the log on Radius server, send me a message with successful authentication, but in the switch send me a message “access denied … radius”, there is a document from Nortel with the configuration, but I miss something and I can´t figure out what I´m missing.
Do you have any experience with Radius authentication on 5520 and 460 switches?
Thanks.
Hi Gabriel,
Thankfully Nortel has already document how to use a RADIUS server for authentication of administrative access.
http://www.michaelfmcnamara.com/files/2008_03_26_Authentication_Authorization_and_Accounting_for_ERS_and_ES_TCG_NN48500558.pdf
Good Luck!
Thanks, I already saw that document, but I didn´t knew what I´m missing. In this moment is working, the problem was with a Radius attibute that I had to configure on Radius server.
Just to share:
If you want read-only access, you need to configure by user:
You need to add attribute “User name” (in conditions for the policy that you are configuring) with a value of the username that you have, eg. gabrielpalafox
Add to this you need the Attribute of “Service-Type” with the value of NAS prompt.
If you want read-write access, you need to configure by user:
You need to add attribute “User name” (in conditions for the policy that you are configuring)
Add to this you need the Attribute of “Service-Type” with the value of Administrative.
Hope this could helps for your community.
Thanks.
How configure device manager may 1612 don´t conect to device manager usin te snmp v1, v2
Tanks for your help
Hi Fernando,
You should have a look at this post.
You need to configure the SNMP community strings. You can try these commands (depending on the software release you are running on the switch);
Good Luck!
Hi Michael, tanks for your help.
The DVM return the error mensage
172.16.X.X tinme out. This could be due to:
1. No route to device.
2. Network is busy.
3. SNMP service disable on device.
4. Invalid read community.
5. Try to access a device trough stanby CPU.
Tanks
Fernando
Hi Fernando,
You’ll need to troubleshoot the problem.
Has this ever worked? Is SNMP disabled on the switch? Are there any access policies restricting/blocking SNMP access?
Assuming you have basic connectivity, out of the box the read and write SNMP community strings are public and private respectively. You should only need to change the SNMP community strings – commands provided above.
If someone else as performed additional configurations beyond ‘out of the box’ you’ll need to troubleshoot further.
Good Luck!
Hi Michael,
Do you have experience with ERS8600 and tacacs +?
I configured ERS8600 v5.1.3.1 with TACACS+ but when the tacacs is down I can not authenticate using local users (RWA,RW,RO…), such as ERS5520 usually do.
Has anyone checked?
Thanks
Gus
I’ve never tested this scenario… not currently using either RADIUS or TACACS+ for authentication.
Cheers!
Hello sir,I have a problem when i create password in swtich 3524GT with this command “cli password serial local” then i cannot in configure command
Do you have any advice for me ?It’s very important to me.thank you for taking the time.
I’m not sure I understand your question. I’m guessing that English is not your native language. What error message do you receive? You can add a ? ad the end of “cli password” to see what command verbs are available.
Cheers!
Hello Michael,
I need your help, I want to configure de password RO and RW, but I don´t want that the username is showin in the show run, ej:
! username “RO” “********” ro
! username “RW” “********” rw
I want:
! cli password switch read-only “**************”
! cli password switch read-write “**************”
help me to konw what´s the process?
thank´s
Not possible… you would need to submit a feature request to Extreme (formerly Avaya).
Cheers!
I have configured a Nortel 5698 switch to use TACTICS on Telnet and I have it working but after I login I am being put directly into the CLI. I want to run the telnet configuration menu. Is there a way to start the configuration menu from the CLI?
i want to know after factory reset how can i set console password for my avaya switch and also when i am trying to access the switch from gui i ony get the web interface but i am unable to open anything