fibeair ip-10g ip-10e user guide rev d.01
Post on 02-Mar-2016
63 Views
Preview:
TRANSCRIPT
-
Copyright 2014 by Ceragon Networks Ltd. All rights reserved.
FibeAir IP-10G and IP-10E User Guide
DOC-00034612 (Rev D.01)
Hardware Release: R2 and R3
Software Release: i7.1.2
BM-0252-0
June 2014
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 2 of 596
Notice
This document contains information that is proprietary to Ceragon Networks Ltd. No part of this publication may be reproduced, modified, or distributed without prior written authorization of Ceragon Networks Ltd. This document is provided as is, without warranty of any kind.
Trademarks
Ceragon Networks, FibeAir and CeraView are trademarks of Ceragon Networks Ltd., registered in the United States and other countries.
Ceragon is a trademark of Ceragon Networks Ltd., registered in various countries.
CeraMap, PolyView, EncryptAir, ConfigAir, CeraMon, EtherAir, CeraBuild, CeraWeb, and QuickAir, are trademarks of Ceragon Networks Ltd.
Other names mentioned in this publication are owned by their respective holders.
Statement of Conditions
The information contained in this document is subject to change without notice. Ceragon Networks Ltd. shall not be liable for errors contained herein or for incidental or consequential damage in connection with the furnishing, performance, or use of this document or equipment supplied with it.
Open Source Statement
The Product may use open source software, among them O/S software released under the GPL or GPL alike license ("GPL License"). Inasmuch that such software is being used, it is released under the GPL License, accordingly. Some software might have changed. The complete list of the software being used in this product including their respective license and the aforementioned
public available changes is accessible on http://www.gnu.org/licenses/.
Information to User
Any changes or modifications of equipment not expressly approved by the manufacturer could void the users authority to operate the equipment and the warranty for such equipment.
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 3 of 596
Table of Contents
1. Introduction .................................................................................................... 16
1.1 About the CeraWeb EMS (Web EMS) ......................................................................... 17 1.1.1 Browser behavior with Web EMS ................................................................................ 17
1.2 Reference Guide to Web EMS Menu Structure ........................................................... 18
2. Getting Started................................................................................................ 24
2.1 Establishing a Connection with the IDU ....................................................................... 25
2.2 Launching the Web EMS ............................................................................................. 26
2.3 Configuring IP Addresses ............................................................................................ 27
3. Configuring Secured Access Protocols ........................................................ 28
3.1 Security Overview ........................................................................................................ 29 3.1.1 Defenses in Management Communication Channels .................................................. 29 3.1.2 Defenses in User and System Authentication Procedures .......................................... 30
3.1.2.1 User Identification ........................................................................................ 30 3.1.2.2 Remote Authentication ................................................................................ 30 3.1.2.3 Authorization ................................................................................................ 30 3.1.2.4 RADIUS Support .......................................................................................... 31 3.1.2.5 Attack Types Addressed .............................................................................. 31
3.1.3 Secure Communication Channels ............................................................................... 31 3.1.3.1 SSH (Secured Shell).................................................................................... 31 3.1.3.2 HTTPS (Hypertext Transfer Protocol Secure) ............................................. 31 3.1.3.3 SFTP (Secure FTP) ..................................................................................... 32 3.1.3.4 Creation of Certificate Signing Request (CSR) File .................................... 32 3.1.3.5 SNMP .......................................................................................................... 33 3.1.3.6 Server authentication (SSL / SLLv3) ........................................................... 33 3.1.3.7 Encryption .................................................................................................... 33 3.1.3.8 SSH.............................................................................................................. 33
3.1.4 Security Log ................................................................................................................. 34
3.2 Configuring SNMP ....................................................................................................... 36 3.2.1 Configuring SNMPv3 Parameters ................................................................................ 36
3.3 Configuring Secure Communication Channels ............................................................ 38 3.3.1 Configuring Inactivity Timeout ...................................................................................... 38 3.3.2 Secure File Transfer and Server Authentication .......................................................... 39 3.3.3 Configuring HTTPS (Hypertext Transfer Protocol Secure) .......................................... 40 3.3.4 Downloading a Certificate ............................................................................................ 41 3.3.5 Configuring the Security File Name, Type and Format ................................................ 41 3.3.6 Enabling the CA Certificate .......................................................................................... 42 3.3.7 Configuring FTP or SFTP (Secure FTP) ...................................................................... 42 3.3.8 Generating a Certificate Signing Request (CSR) File .................................................. 43 3.3.9 Generating a Security Certificate from a CSR File ...................................................... 45
4. Working with Configuration Files .................................................................. 46
4.1 Archiving the Configuration .......................................................................................... 47 4.1.1 Creating a Configuration Archive File .......................................................................... 47 4.1.2 Viewing Configuration Archive Creation Status ........................................................... 47 4.1.3 Uploading a Configuration Archive File ........................................................................ 48
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 4 of 596
4.1.4 Viewing Configuration Archive Upload Status ............................................................. 48 4.1.5 Creating a Unit Information Archive File ...................................................................... 48 4.1.6 Viewing Unit Information Archive Creation Status ....................................................... 48 4.1.7 Uploading a Unit Information Archive File.................................................................... 49 4.1.8 Viewing Unit Information Archive Upload Status ......................................................... 49 4.1.9 Downloading a Configuration Archive File ................................................................... 49 4.1.10 Viewing configuration file download status .................................................................. 49 4.1.11 Uploading a Configuration Archive File ........................................................................ 50 4.1.12 Viewing configuration file installation status................................................................. 50
4.2 Restoring the Default Configuration ............................................................................. 51
4.3 Resetting the Unit ......................................................................................................... 51
4.4 Viewing the Configuration Log File .............................................................................. 52
5. Configuring Users and Password Security .................................................. 53
5.1 Configuring RADIUS .................................................................................................... 54
5.2 Adding Users ................................................................................................................ 56
5.3 Deleting Users .............................................................................................................. 57
5.4 Changing Your Password ............................................................................................ 58
5.5 Configuring a Timeout for Inactive Users..................................................................... 59
6. Configuring Software ..................................................................................... 60
6.1 Configuring IDU Software ............................................................................................ 61 6.1.1 Viewing IDU Version Information ................................................................................. 62 6.1.2 Downloading IDU Software Files ................................................................................. 63 6.1.3 Upgrading the IDU Software Version ........................................................................... 64 6.1.4 Rolling Back a Software Upgrade ................................................................................ 66
6.2 Configuring RFU Software and Firmware .................................................................... 67 6.2.1 Viewing RFU Version Information ................................................................................ 68 6.2.2 Updating the RFU Software Version ............................................................................ 70
7. Configuring and Viewing Basic System Information ................................... 71
7.1 Configuring and Viewing Unit System Information ...................................................... 72
7.2 Configuring System Date and Time ............................................................................. 73
7.3 Configuring Network Timing Protocol (NTP) Parameters ............................................ 74
7.4 Configuring Unit Serial and Part Numbers ................................................................... 75
7.5 Viewing System Application Files ................................................................................ 76
8. Configuring Feature and Capacity Licenses ................................................ 77
8.1 Viewing Current License Details .................................................................................. 78
8.2 Loading a New License Key ........................................................................................ 79
8.3 Working with a Demo License ..................................................................................... 81
8.4 Viewing Licensed Usage and Features ....................................................................... 82
9. Configuring Unit Management ....................................................................... 84
9.1 Management Overview ................................................................................................ 85
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 5 of 596
9.2 Configuring the Management Ports ............................................................................. 86
9.3 Configuring Out-of-Band Management ........................................................................ 88
9.4 Configuring In-Band Management ............................................................................... 89 9.4.1 Configuring In-Band Management in a 1+1 Link ......................................................... 90 9.4.2 In-Band Management in Nodal Configurations ............................................................ 92 9.4.3 GbE In-Band Management in a Node .......................................................................... 94 9.4.4 In-Band Management Isolation in Smart Pipe Mode ................................................... 95 9.4.5 Limiting the Ethernet MTU for Management Packets .................................................. 96
10. Configuring Traffic Interfaces ........................................................................ 97
10.1 Configuring the Ethernet Switching Mode.................................................................... 98 10.1.1 Switch Configurations Overview .................................................................................. 99 10.1.2 Configuring Smart Pipe Switch Mode ........................................................................ 101 10.1.3 Configuring Managed and Metro Switch Mode .......................................................... 102
10.2 Configuring Ethernet Ports ......................................................................................... 104 10.2.1 Configuring a Single Pipe Port ................................................................................... 104 10.2.2 Configuring a Managed Switch or Metro Switch Port ................................................ 106
10.3 Configuring Shared VLAN Disabling .......................................................................... 108
10.4 Assigning VLANs to a Port ......................................................................................... 110
10.5 Configuring Automatic State Propagation .................................................................. 111
10.6 Configuring LAGs ....................................................................................................... 114 10.6.1 LAG Overview ............................................................................................................ 115 10.6.2 Creating a LAG .......................................................................................................... 117 10.6.3 Configuring a LAG ...................................................................................................... 118 10.6.4 Removing Ports from a LAG ...................................................................................... 120 10.6.5 Configuring LAG Load Balancing ............................................................................... 121
10.7 Configuring Peer Port Settings .................................................................................. 122
10.8 Configuring E1/DS1 Interfaces .................................................................................. 123
10.9 Configuring STM-1/OC-3 Interfaces .......................................................................... 125
10.10 Configuring Pseudowire ............................................................................................. 128 10.10.1 Pseudowire Overview ................................................................................ 129 10.10.2 Configuring an Ethernet Port for Pseudowire ............................................ 131 10.10.3 Configuring the Pseudowire TDM Ports .................................................... 133 10.10.4 Configuring TDM Trails for Pseudowire ..................................................... 136 10.10.5 Configuring Pseudowire Synchronization .................................................. 137 10.10.6 Configuring the Pseudowire T-Card .......................................................... 139 10.10.7 Configuring Pseudowire Profiles ............................................................... 141 10.10.8 Configuring SOAM ..................................................................................... 144
10.10.8.1 Configuring MDs ........................................................................................ 144 10.10.8.2 Configuring MAs ........................................................................................ 146
10.10.9 Configuring Pseudowire Encapsulation (Tunnels) .................................... 148 10.10.9.1 Adding a Tunnel ......................................................................................... 148 10.10.9.2 Deleting a Tunnel ....................................................................................... 150
10.10.10 Configuring Tunnel Groups and Pseudowire Path Protection ................... 151 10.10.10.1 Adding a Tunnel Group ........................................................................ 152 10.10.10.2 Forcing a Switchover ............................................................................ 152 10.10.10.3 Deleting a Tunnel Group ...................................................................... 153
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 6 of 596
10.10.11 Configuring DS0 Bundles .......................................................................... 154 10.10.12 Configuring Pseudowire Services .............................................................. 156
11. Configuring Auxiliary Channels .................................................................. 159
11.1 Configuring the Wayside Channel ............................................................................. 160
11.2 Configuring the User Channel .................................................................................... 161
11.3 Viewing the EOW Channel Status ............................................................................. 162
12. Configuring the Radio Parameters .............................................................. 163
12.1 Enabling and Disabling the Radio .............................................................................. 164
12.2 Configuring the Radio Frequencies ........................................................................... 165
12.3 Specifying the Radio Link ID ...................................................................................... 166
12.4 Configuring the Remote Radio IP Address ................................................................ 167
12.5 Configuring the Radio Thresholds ............................................................................. 168 12.5.1 Radio Threshold Levels ............................................................................................. 169 12.5.2 RSL and TSL Thresholds ........................................................................................... 170 12.5.3 MSE Threshold .......................................................................................................... 170 12.5.4 XPI Threshold ............................................................................................................ 171 12.5.5 Ethernet Throughput Threshold ................................................................................. 171 12.5.6 Ethernet Capacity Threshold ..................................................................................... 172 12.5.7 Ethernet Utilization Threshold .................................................................................... 172
12.6 Enabling RSL Degradation Alarms ............................................................................ 173
12.7 Selecting a Radio Script and Configuring ACM ......................................................... 174 12.7.1 ACM Radio Scripts ..................................................................................................... 175 12.7.2 ACM with 1+1 HSB Protection ................................................................................... 177 12.7.3 ACM Adaptive Power ................................................................................................. 178 12.7.4 Enabling Alarms on MRMC Profile Degradation ........................................................ 180 12.7.5 Activating an Asymmetrical Script .............................................................................. 181
12.8 Configuring Compression........................................................................................... 182 12.8.1 Configuring Enhanced Header Compression ............................................................ 183
12.8.1.1 Enhanced Header Compression Flow Type Bitmask and Supported Configurations ............................................................................................ 184
12.8.1.2 Enhanced Header Compression Compatibility .......................................... 186
12.9 Configuring Radio Traffic Priorities ............................................................................ 187
12.10 Configuring the Power Options and Green Mode ...................................................... 189 12.10.1 Configuring ATPC Override ....................................................................... 190 12.10.2 Configuring Green Mode ........................................................................... 192
13. Configuring QoS and Enhanced QoS ......................................................... 193
13.1 QoS Overview ............................................................................................................ 194 13.1.1 Standard QoS Overview ............................................................................................ 194
13.1.1.1 Standard QoS Classifier ............................................................................ 194 13.1.1.2 Standard QoS Policers .............................................................................. 195 13.1.1.3 Queue Management, Scheduling, and Shaping ........................................ 196
13.1.2 Enhanced QoS Overview ........................................................................................... 197 13.1.2.1 Queue Management .................................................................................. 199 13.1.2.2 Scheduling and Shaping ............................................................................ 200
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 7 of 596
13.1.2.3 Configurable P-Bit and CFI/DEI Re-Marking ............................................. 201
13.2 Configuring Standard QoS ......................................................................................... 202 13.2.1 Opening the QoS & Rate Limiting Page .................................................................... 203 13.2.2 Configuring the Classification Settings ...................................................................... 204 13.2.3 Configuring the Egress Scheduler ............................................................................. 205 13.2.4 Configuring Ingress Rate Limiting .............................................................................. 206 13.2.5 Remapping P-Bits ...................................................................................................... 207 13.2.6 Configuring VLAN-ID to Queue .................................................................................. 208 13.2.7 Assigning IP P-Bits to Queue ..................................................................................... 209 13.2.8 Assigning Queues According to P-Bits ...................................................................... 210 13.2.9 Assigning Queue Weights .......................................................................................... 210 13.2.10 Configuring Policers................................................................................... 211 13.2.11 Defining the Static MAC Table .................................................................. 212 13.2.12 Copying QoS Settings from One Port to Another ...................................... 213
13.3 Configuring Enhanced QoS ....................................................................................... 214 13.3.1 Preparing the System for Enhanced QoS .................................................................. 214
13.3.1.1 Classifying In-Band Management Traffic................................................... 214 13.3.1.2 Disabling the QoS Egress Shaper ............................................................. 215
13.3.2 Enabling Enhanced QoS ............................................................................................ 216 13.3.3 Configuring Queue Size ............................................................................................. 217 13.3.4 Configuring Enhanced QoS Classification ................................................................. 218
13.3.4.1 Configuring Services.................................................................................. 218 13.3.4.2 Configuring the egress CoS and Color Modifier (Marker) ......................... 219 13.3.4.3 Enabling Classification Rules .................................................................... 220 13.3.4.4 Setting the Default Classification Settings ................................................. 221 13.3.4.5 Configuring First Hierarchy Classification Rules ....................................... 223 13.3.4.6 Configuring Second Hierarchy Classification Rules .................................. 227 13.3.4.7 Configuring Third Hierarchy Classification Rules ...................................... 229
13.3.5 Configuring Egress Policers ....................................................................................... 235 13.3.5.1 Policer per Cos Option............................................................................... 238
13.3.6 Configuring WRED ..................................................................................................... 239 13.3.7 Configuring the Egress Shaper and Scheduler ......................................................... 241
13.4 Configuring Frame Cut-Through ................................................................................ 243
14. Setting Up Protected Configurations .......................................................... 244
14.1 Protection Overview ................................................................................................... 245
14.2 Configuring 1+1 HSB ................................................................................................. 246 14.2.1 1+1 HSB Overview ..................................................................................................... 247
14.2.1.1 Revertive 1+1 HSB Protection ................................................................... 247 14.2.2 Configuring 1+1 HSB Protection in a New Standalone System ................................ 249 14.2.3 Replacing the Standby Unit in a 1+1 HSB Standalone System ................................. 251 14.2.4 Configuring 1+1 HSB Protection in a New Nodal System ......................................... 252 14.2.5 Replacing the Standby Unit in a 1+1 HSB Nodal System ......................................... 254 14.2.6 Configuring Revertive 1+1 HSB Protection ................................................................ 256
14.2.6.1 Configuring Revertive 1+1 HSB Protection via the Web EMS .................. 256 14.2.6.2 Configuring Revertive 1+1 HSB Protection via CLI ................................... 256
14.3 Configuring a 2+0 System .......................................................................................... 258 14.3.1 2+0 Overview ............................................................................................................. 259 14.3.2 Configuring 2+0 Protection ........................................................................................ 260
14.4 Configuring 2+2 HSB ................................................................................................. 261
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 8 of 596
14.4.1 2+2 Overview ............................................................................................................. 262 14.4.2 Deploying a 2+2 Configuration ................................................................................... 263 14.4.3 Configuring 2+2 HSB Protection ................................................................................ 264 14.4.4 XPIC and 2+2 Protection ........................................................................................... 265 14.4.5 Replacing Units in a 2+2 Configuration ..................................................................... 266
14.5 Specifying Active and Standby Mode ........................................................................ 267
14.6 Configuring Switchover Criteria ................................................................................. 268
14.7 Configuring Automatic State Propagation (ASP) for HSB Protection ........................ 269
14.8 Viewing Mate Parameters .......................................................................................... 270
14.9 Configuring Multi-Unit LAG ........................................................................................ 271
15. Configuring Diversity ................................................................................... 273
15.1 Diversity Overview ..................................................................................................... 274
15.2 Configuring 1+1 Space Diversity (BBS) ..................................................................... 275
15.3 Configuring 1+1 Frequency Diversity (BBS) .............................................................. 276
15.4 Configuring IF Combining Diversity ........................................................................... 278
16. Configuring Multi-Radio ............................................................................... 280
16.1 Configuring 2+0 Multi-Radio ...................................................................................... 281 16.1.1 Multi Radio Traffic Blocking ....................................................................................... 282 16.1.2 Setting Multi-Radio Thresholds .................................................................................. 283
16.2 Configuring 2+0 Multi-Radio with Line Protection ...................................................... 284
17. Configuring XPIC .......................................................................................... 285
17.1 Conditions for XPIC .................................................................................................... 286
17.2 Configuring the Antenna and RFU for XPIC .............................................................. 286 17.2.1 IDU-RFU Cable Installation ........................................................................................ 286 17.2.2 Antenna Alignment ..................................................................................................... 286 17.2.3 Polarization Alignment ............................................................................................... 287
17.3 Displaying XPI Values ................................................................................................ 287
18. Configuring TDM Trails ................................................................................ 289
18.1 TDM Trails Overview .................................................................................................. 290
18.2 Viewing the Trails List ................................................................................................ 291
18.3 Adding New Trails ...................................................................................................... 292
18.4 Activating and Reserving Trails ................................................................................. 295
18.5 Deleting Trails ............................................................................................................ 296
18.6 Configuring SNCP and ABR Trail Protection ............................................................. 297
18.7 Configuring AIS Detection and Signaling ................................................................... 298
19. Configuring Synchronization ....................................................................... 299
19.1 Synchronization Overview.......................................................................................... 300
19.2 Configuring the Synchronization Source.................................................................... 302
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 9 of 596
19.2.1 Viewing Current Synchronization Sources................................................................. 304
19.3 Configuring the Outgoing Signal Clock ...................................................................... 306 19.3.1 Configuring Clock Sources ........................................................................................ 306 19.3.2 Viewing Clock Sources .............................................................................................. 307
19.4 Configuring PRC Regenerator Mode and Direction ................................................... 308 19.4.1 Basic Operation .......................................................................................................... 308 19.4.2 User Configuration ..................................................................................................... 309
20. Configuring RSTP ......................................................................................... 311
20.1 Network Resiliency Overview .................................................................................... 312 20.1.1 Standard RSTP .......................................................................................................... 312 20.1.2 Carrier Ethernet Wireless Ring-Optimized RSTP ...................................................... 313
20.2 Setting the xSTP Protocol .......................................................................................... 314
20.3 Configuring Ring-Optimized RSTP ............................................................................ 315 20.3.1 Ring RSTP Limitations ............................................................................................... 316 20.3.2 Ring RSTP Supported Topologies ............................................................................. 316 20.3.3 Ring RSTP Performance............................................................................................ 317 20.3.4 Ring RSTP Management ........................................................................................... 318
20.3.4.1 In-Band Management ................................................................................ 318 20.3.4.2 Out-of-Band Management ......................................................................... 319
20.3.5 Ring RSTP Configuration ........................................................................................... 320 20.3.5.1 Node Type A Configuration ....................................................................... 320 20.3.5.2 Node Type B Configuration ....................................................................... 321
20.3.6 Ring RSTP Installation ............................................................................................... 321 20.3.6.1 Installation Scenario1: Node with no STP ................................................. 321 20.3.6.2 Scenario2: Replacing an IDU in an RSTP Ring ........................................ 322
20.4 Configuring Ethernet Ports to Support RSTP ............................................................ 323
20.5 Configuring RSTP Priority .......................................................................................... 324
21. Working with Service OAM .......................................................................... 325
21.1 Working with MAIDs ................................................................................................... 326 21.1.1 Viewing MAID List Status and Details ........................................................................ 327 21.1.2 Adding MAIDs ............................................................................................................ 328 21.1.3 Deleting MAIDs .......................................................................................................... 328
21.2 Managing Local MEPs ............................................................................................... 329 21.2.1 Viewing Local MEPs .................................................................................................. 330 21.2.2 Adding Local MEPs .................................................................................................... 331 21.2.3 Deleting local MEPs ................................................................................................... 331
21.3 Managing Remote MEPs ........................................................................................... 332 21.3.1 Viewing Remote MEPs .............................................................................................. 333 21.3.2 Adding Remote MEPs ................................................................................................ 333 21.3.3 Deleting Remote MEPs .............................................................................................. 334 21.3.4 Pinging Remote MEPs ............................................................................................... 334 21.3.5 Remote MEP Linktrace .............................................................................................. 335 21.3.6 Enabling Automatic Linktrace for a MAID .................................................................. 337
21.4 Working with MEPs .................................................................................................... 338 21.4.1 Configuring CCM ........................................................................................................ 339 21.4.2 Viewing MAID Ethernet Ports .................................................................................... 339
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 10 of 596
21.4.3 Viewing Port MEPs .................................................................................................... 340 21.4.4 Adding MEPs to a Port ............................................................................................... 340 21.4.5 Deleting MEPs from a Port ........................................................................................ 341
21.5 Working with MIPs ..................................................................................................... 342 21.5.1 Viewing Port MIPs ...................................................................................................... 343 21.5.2 Adding MIPs to a Port ................................................................................................ 343 21.5.3 Deleting MIPs from a Port .......................................................................................... 343
21.6 Performing Manual Ping and Linktrace Operations ................................................... 344 21.6.1 Pinging Remote MEPs and MIPs ............................................................................... 345 21.6.2 Performing a Manual Linktrace .................................................................................. 346
22. Viewing System Activity and Performance ................................................. 347
22.1 Displaying and Clearing PMs ..................................................................................... 348
22.2 Displaying and Resetting RMON Counters................................................................ 349
22.3 Displaying Ethernet Port Utilization Statistics ............................................................ 353
22.4 Displaying Ethernet Statistics Measured on the Radio Port ...................................... 354 22.4.1 Displaying Frame Error Rate Statistics ...................................................................... 355 22.4.2 Displaying Throughput Statistics ................................................................................ 356 22.4.3 Displaying Capacity Statistics .................................................................................... 357 22.4.4 Displaying Utilization Statistics .................................................................................. 358
22.5 Displaying TDM PMs .................................................................................................. 359 22.5.1 Displaying E1/DS1 Line PMs ..................................................................................... 360 22.5.2 Displaying TDM Channel PMs ................................................................................... 361 22.5.3 Displaying TDM Trail PMs.......................................................................................... 362 22.5.4 Displaying STM-1/OC-3 Line PMs ............................................................................. 363 22.5.5 Displaying Pseudowire PMs ...................................................................................... 364
22.6 Displaying Radio PMs ................................................................................................ 370 22.6.1 Displaying Signal Level PMs ...................................................................................... 371 22.6.2 Displaying Aggregate Radio PMs .............................................................................. 372 22.6.3 Displaying Radio MRMC PMs .................................................................................... 373 22.6.4 Displaying Radio MSE PMs ....................................................................................... 374 22.6.5 Displaying Radio XPI PMs ......................................................................................... 375
22.7 Viewing Radio Status ................................................................................................. 376 22.7.1 Viewing RFU Status ................................................................................................... 377 22.7.2 Viewing MRMC Status ............................................................................................... 378 22.7.3 Viewing Current Tx Status ......................................................................................... 379 22.7.4 Viewing Current Rx Status ......................................................................................... 380 22.7.5 Viewing Remote Radio Parameters ........................................................................... 381 22.7.6 Viewing XPIC Status .................................................................................................. 381
22.8 Viewing Ethernet Interface Status .............................................................................. 382
22.9 Viewing RSTP Status ................................................................................................. 383
22.10 Viewing Enhanced Traffic Management Statistics ..................................................... 384
23. Fault Management ........................................................................................ 387
23.1 Overview of Fault Management ................................................................................. 388
23.2 LED Indicators ............................................................................................................ 390
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 11 of 596
23.3 Configuring External Alarms ...................................................................................... 391
23.4 Configuring Traps ....................................................................................................... 393
23.5 Configuring Power Supply Alarms ............................................................................. 394
23.6 Viewing Current Alarms ............................................................................................. 395
23.7 Viewing the Event Log ............................................................................................... 396
23.8 Monitoring the IDU-RFU Interface ............................................................................. 397
23.9 Loopback .................................................................................................................... 398 23.9.1 Radio Loopback ......................................................................................................... 399 23.9.2 E1/DS1 Line Loopback .............................................................................................. 400 23.9.3 STM-1/OC-3 Line Loopback ...................................................................................... 401 23.9.4 Pseudowire Line Loopback ........................................................................................ 402
23.10 Troubleshooting Protection ........................................................................................ 403 23.10.1 Switchover Triggers ................................................................................... 404 23.10.2 Copy-to-Mate ............................................................................................. 404 23.10.3 Mismatch Mechanism ................................................................................ 405
23.11 XPIC Recovery Mechanism ....................................................................................... 406 23.11.1 XPIC Events .............................................................................................. 406
23.12 Activating the All-ODU Enclosure .............................................................................. 408
24. Appendix A CLI Reference ........................................................................ 409
24.1 Using the CLI ............................................................................................................. 410 24.1.1 Access rights .............................................................................................................. 410 24.1.2 Getting started ............................................................................................................ 410 24.1.3 Getting help ................................................................................................................ 411 24.1.4 Basic commands ........................................................................................................ 411 24.1.5 Finding commands ..................................................................................................... 412 24.1.6 Command example .................................................................................................... 412 24.1.7 Viewing the command tree ........................................................................................ 413
24.2 CLI Commands and Parameters ............................................................................... 416 24.2.1 management .............................................................................................................. 416
24.2.1.1 mng-services ............................................................................................. 416 24.2.1.2 cfg-service ................................................................................................. 416 24.2.1.3 event-service ............................................................................................. 416 24.2.1.4 alarm-service ............................................................................................. 417 24.2.1.5 pm-service ................................................................................................. 418 24.2.1.6 time-service ............................................................................................... 418 24.2.1.7 mng-software ............................................................................................. 420 24.2.1.8 users .......................................................................................................... 423 24.2.1.9 log-srv ........................................................................................................ 424 24.2.1.10 networking ................................................................................................. 425 24.2.1.11 ip-address .................................................................................................. 425 24.2.1.12 floating-ip-address ..................................................................................... 426 24.2.1.13 mng-protocols ............................................................................................ 426 24.2.1.14 snmp .......................................................................................................... 427 24.2.1.15 platform ...................................................................................................... 429 24.2.1.16 Inventory .................................................................................................... 430 24.2.1.17 daughter-board .......................................................................................... 433 24.2.1.18 license ........................................................................................................ 434
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 12 of 596
24.2.1.19 idc-board .................................................................................................... 436 24.2.1.20 fpga ............................................................................................................ 440 24.2.1.21 mate-idu ..................................................................................................... 441 24.2.1.22 all-odu ........................................................................................................ 442 24.2.1.23 shelf-manager ............................................................................................ 443 24.2.1.24 remote-idu .................................................................................................. 444 24.2.1.25 remote-cl .................................................................................................... 445 24.2.1.26 remote-co ................................................................................................... 445 24.2.1.27 radio-diversity ............................................................................................ 445 24.2.1.28 multi-radio .................................................................................................. 446 24.2.1.29 radio ........................................................................................................... 447 24.2.1.30 xpic............................................................................................................. 448 24.2.1.31 framer ........................................................................................................ 449 24.2.1.32 mrmc .......................................................................................................... 450 24.2.1.33 tdm-radio-pm ............................................................................................. 453 24.2.1.34 modem ....................................................................................................... 453 24.2.1.35 rfu ............................................................................................................... 454 24.2.1.36 rfu-sw-upload ............................................................................................. 460 24.2.1.37 rfu-fw-upload .............................................................................................. 460 24.2.1.38 rfu-co .......................................................................................................... 460 24.2.1.39 rfu-cl ........................................................................................................... 460 24.2.1.40 rfic .............................................................................................................. 460 24.2.1.41 enhanced-hc .............................................................................................. 461 24.2.1.42 interfaces ................................................................................................... 462 24.2.1.43 user-channel .............................................................................................. 463 24.2.1.44 eow ............................................................................................................ 463 24.2.1.45 wayside ...................................................................................................... 464 24.2.1.46 sync............................................................................................................ 464 24.2.1.47 ethernet ...................................................................................................... 466 24.2.1.48 bridge ......................................................................................................... 466 24.2.1.49 port-group .................................................................................................. 469 24.2.1.50 eth-port ...................................................................................................... 469 24.2.1.51 enhanced-tm .............................................................................................. 481 24.2.1.52 service-oam ............................................................................................... 486
24.2.2 pdh ............................................................................................................................. 488 24.2.2.1 e1t1-port .................................................................................................... 488 24.2.2.2 lag-port ....................................................................................................... 489 24.2.2.3 trails ........................................................................................................... 495
24.2.3 sdh .............................................................................................................................. 497 24.2.3.1 stm1 ........................................................................................................... 497
24.2.4 pw ............................................................................................................................... 500 24.2.4.1 pw-tdm ....................................................................................................... 500 24.2.4.2 pwc............................................................................................................. 500 24.2.4.3 tdm-ports .................................................................................................... 501 24.2.4.4 ds0-bundles ............................................................................................... 502 24.2.4.5 tunnels ....................................................................................................... 504 24.2.4.6 tunnel-groups ............................................................................................. 505 24.2.4.7 pw-profiles ................................................................................................. 505 24.2.4.8 pws............................................................................................................. 507 24.2.4.9 eth-port-pwc ............................................................................................... 509 24.2.4.10 soam .......................................................................................................... 516
24.2.5 diagnostics ................................................................................................................. 518 24.2.5.1 rmon ........................................................................................................... 518 24.2.5.2 loopback .................................................................................................... 518
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 13 of 596
24.2.6 xml-interface ............................................................................................................... 519
24.3 Basic System Configuration Using CLI ...................................................................... 520 24.3.1 Setting IP Addresses .................................................................................................. 521 24.3.2 Adding users .............................................................................................................. 521 24.3.3 Navigating between stacked units ............................................................................. 521
24.3.3.1 Going from the main unit to a different unit ............................................... 521 24.3.3.2 Returning to main unit................................................................................ 521
24.3.4 Performing Resets ..................................................................................................... 522 24.3.4.1 In Stacked Configuration ........................................................................... 522 24.3.4.2 In any IDU (Standalone or Nodal) ............................................................. 522
24.3.5 Configuration backup ................................................................................................. 523 24.3.5.1 Creating configuration backup files ........................................................... 523 24.3.5.2 Saving configuration files in external site: ................................................. 523 24.3.5.3 Downloading saved configuration files: ..................................................... 524
24.3.6 Software version management .................................................................................. 525 24.3.7 Using CLI scripts ........................................................................................................ 527
24.3.7.1 Setting external FTP client site parameters .............................................. 527 24.3.7.2 Managing and Executing scripts ................................................................ 527
24.3.8 CLI Script Limitations ................................................................................................. 528 24.3.9 Radio Parameter Configurations ................................................................................ 529 24.3.10 NTP ............................................................................................................ 531 24.3.11 SNMP ........................................................................................................ 532
24.3.11.1 SNMP parameters for SNMP Version 3 .................................................... 532 24.3.11.2 Configuring HTTPS Web Protocol ............................................................. 533
24.3.12 CFM ........................................................................................................... 535 24.3.12.1 > and press Enter. Domain ..................................... 535 24.3.12.2 Domain & association ................................................................................ 535 24.3.12.3 Association ................................................................................................ 535 24.3.12.4 CCM ........................................................................................................... 536 24.3.12.5 CCM Interval .............................................................................................. 536 24.3.12.6 Local MEP ................................................................................................. 536 24.3.12.7 Remote MEP ............................................................................................. 537 24.3.12.8 MIP............................................................................................................. 537 24.3.12.9 Loopback (Ping) ......................................................................................... 537 24.3.12.10 Link Trace ............................................................................................. 539 24.3.12.11 Auto link trace ....................................................................................... 540 24.3.12.12 Auto Link Trace Interval........................................................................ 541 24.3.12.13 Remote MEP learning time .................................................................. 542
24.3.13 Pseudowire Configuration ......................................................................... 543 24.3.13.1 PW T-Card Basic Configuration ................................................................ 543 24.3.13.2 Ethernet Traffic Port Configuration ............................................................ 543 24.3.13.3 Configuring Pseudowire Services .............................................................. 543 24.3.13.4 Configuring a SAToP UDP/IP Unprotected Service .................................. 544 24.3.13.5 Configuring a CESoPSN UDP/IP Protected Service ................................. 545 24.3.13.6 Configuring SOAM ..................................................................................... 546 24.3.13.7 Configuring 1:1 Pseudowire Path Protection ............................................. 547
24.3.14 TDM trail management .............................................................................. 551 24.3.14.1 Defining a TDM Trail .................................................................................. 551 24.3.14.2 Viewing Trails Defined in the System ........................................................ 551 24.3.14.3 Deleting trails ............................................................................................. 552 24.3.14.4 Activating and reserving trails .................................................................... 553
24.3.15 TDM Protected Trails (SNCP) ................................................................... 553 24.3.15.1 Defining a Protected TDM Trail ................................................................. 553
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 14 of 596
24.3.15.2 Forcing trails to active/standby .................................................................. 554 24.3.16 Showing TDM Trail PMs and Status .......................................................... 555
24.3.16.1 Showing TDM Trail PM Measurements ..................................................... 555 24.3.16.2 Showing TDM Trail Status ......................................................................... 555
24.3.17 Configuring the Ethernet Switch Application ............................................. 556 24.3.18 Configuring the LAG Ports ......................................................................... 557
24.3.18.1 Setting load balancing of the LAG ............................................................. 557 24.3.18.2 Assigning ports to a LAG ........................................................................... 557 24.3.18.3 Defining LAG Options ................................................................................ 557 24.3.18.4 Deleting a LAG .......................................................................................... 559
24.3.19 Management Ports .................................................................................... 560 24.3.19.1 Port configuration ....................................................................................... 560
24.3.20 VLAN Configuration ................................................................................... 562 24.3.21 QoS Configuration ..................................................................................... 563
24.3.21.1 Ingress Classifier ....................................................................................... 563 24.3.21.2 Egress scheduler ....................................................................................... 563 24.3.21.3 Egress shaper ............................................................................................ 563 24.3.21.4 Policer ........................................................................................................ 564 24.3.21.5 QoS tables ................................................................................................. 564 24.3.21.6 Enhanced QoS and Frame Cut-Through .................................................. 565
24.3.22 Auxiliary Channels ..................................................................................... 567 24.3.22.1 Wayside Channel ....................................................................................... 567 24.3.22.2 User channel .............................................................................................. 567
24.3.23 Automatic State Propagation, 1+0 Configuration Only .............................. 568 24.3.23.1 Ethernet Shutdown (Rx) Profile Threshold (ACM Enabled) ...................... 568 24.3.23.2 Metro Switch and Port Type Configuration ................................................ 568
24.3.24 Radio script configuration .......................................................................... 570 24.3.25 Ring RSTP ................................................................................................. 571
25. Appendix B List of Alarms ........................................................................ 572
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 15 of 596
About This Guide
This document explains how to configure and operate an IP-10G or IP-10E IDU. This document applies to hardware versions R2 and R3 and software version I6.9.
What You Should Know
The instructions in this manual assume that you are using Ceragons Web-Based Element Management System (EMS) to perform software configuration. A reference guide to using the Command Line Interface is also included.
Target Audience
This manual is intended for use individuals responsible for configuration and administration of an IP-10G or IP-10E system or network.
Related Documents
FibeAir IP-10G Product Description
FibeAir IP-10E Product Description
FibeAir IP-10G Installation Guide - DOC-00023199
FibeAir IP-10E Installation Guide - DOC-00029444
FibeAir IP-10 G/E MIB Reference - DOC-00015446
FibeAir IP-10 License Management System - DOC-00019183
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 16 of 596
1. Introduction
This chapter includes:
About the CeraWeb EMS (Web EMS)
Reference Guide to Web EMS Menu Structure
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 17 of 596
1.1 About the CeraWeb EMS (Web EMS)
The CeraWeb Element Management System (Web EMS) is an HTTP web-based element manager that enables the operator to perform configuration operations and obtain statistical and performance information related to the system, including:
Configuration Management Enables you to view and define configuration data for the IP-10 system.
Fault Monitoring Enables you to view active alarms.
Performance Monitoring Enables you to view and clear performance monitoring values and counters.
Maintenance Association Identifiers Enables you to define Maintenance Association Identifiers (MAID) for CFR protection.
Diagnostics and Maintenance Enables you to define and perform loopback tests, software updates, and IDU-RFU interface monitoring.
Security Configuration Enables you to configure IP-10G/E security features.
User Management Enables you to define users and user groups.
A Web-Based EMS connection to the IP-10G/E can be opened using an HTTP Browser (Explorer or Mozilla Firefox). The Web-Based EMS uses a graphical interface. All system configurations and statuses are available via the Web-Based EMS, including all L2-Switch configurations such as port type, VLANs, QoS.
The Web-Based EMS shows the actual node configuration and provides easy access to any IDU in the node.
1.1.1 Browser behavior with Web EMS
The Web EMS does not disable any innate browser functionality. However, some browser functions will not function as expected.
The browsers Back button will load the page that was open before you logged into the Web EMS. Therefore, you should use the navigation pane in the Web EMS to select pages, rather than the browsers Back button.
Selecting Refresh from the browsers menu or pressing F5 will not update the information on the page. Rather, it will start a new Web EMS session. Therefore, you should use the Refresh buttons within the Web EMS GUI to update data.
Note: For multi-radio configurations, protection, and extension units, available options will vary according to the available interfaces and configured features for selected slot.
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 18 of 596
1.2 Reference Guide to Web EMS Menu Structure
The following table shows the Web EMS menu hierarchy, with links to the sections in this document that provide instructions for the relevant menu item.
Note: Some menu items are only available if the relevant license or feature is enabled.
IP-10G/E Web EMS Menu Hierarchy
Root Menu Item Sub-Menus Applicability For Further Information
Faults Current Alarms IP-10G/E Viewing Current Alarms
Event Log IP-10G/E Viewing the Event Log
PM & Counters
PM Commands IP-10G/E Displaying and Clearing PMs
RMON IP-10G/E Displaying and Resetting RMON Counters
TDM Trails IP.10G only Displaying TDM Trail PMs
Pseudowire Port RMON IP.10G only Displaying Pseudowire PMs
E1/DS1 Port # IP.10G only Displaying E1/DS1 Line PMs
STM-1/OC-3 Port # IP.10G only Displaying STM-1/OC-3 Line PMs
Radio
Signal Level IP-10G/E RSL and TSL Thresholds
Displaying Signal Level PMs
Aggregate IP-10G/E Displaying Aggregate Radio PMs
MRMC IP-10G/E Displaying Radio MRMC PMs
MSE IP-10G/E MSE Threshold
Displaying Radio MSE PMs
XPI IP-10G/E XPI Threshold
Displaying Radio XPI PMs
TDM Channel IP.10G only Displaying TDM Channel PMs
Ethernet > Capacity IP-10G/E Displaying Capacity Statistics
Ethernet Capacity Threshold
Ethernet
Ethernet > Utilization IP-10G/E Displaying Utilization Statistics
Ethernet Utilization Threshold
Ethernet > Frame Error
Rate
IP-10G/E Displaying Frame Error Rate Statistics
Ethernet > Throughput IP-10G/E Ethernet Throughput Threshold
Displaying Throughput Statistics
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 19 of 596
Root Menu Item Sub-Menus Applicability For Further Information
Configuration General
Unit Parameters IP-10G/E Configuring and Viewing Unit System
Information
Configuring System Date and Time
Configuring Unit Serial and Part Numbers
Loading a New License Key
Configuring 1+1 HSB Protection in a New
Standalone System
External Alarms IP-10G/E Configuring External Alarms
Management IP-10G/E Configuring IP Addresses
Configuring the Management Ports
Preparing the System for Enhanced QoS
Configuring 1+1 HSB Protection in a New
Standalone System
Configuring 1+1 HSB Protection in a New
Nodal System
Traps Configuration IP-10G/E Configuring Traps
Licensing IP-10G/E Viewing Current License Details
Loading a New License Key
Working with a Demo License
Viewing Licensed Usage and Features
NTP IP-10G/E Configuring Network Timing Protocol (NTP)
Parameters
IP Table IP-10G/E Configuring Peer Port Settings
SNMP IP-10G/E Configuring SNMP
All ODU IP-10G/E Activating the All-ODU Enclosure
Dual Power Supply IP-10G/E Configuring Power Supply Alarms
Versions > IDU IP-10G/E Viewing IDU Version Information
Versions > RFU IP-10G/E Viewing RFU Version Information
Configuration Ethernet Switch
Switch Configuration IP-10G/E Configuring Smart Pipe Switch Mode
Configuring Managed and Metro Switch
Mode
Assigning VLANs to a Port
QoS & Rate Limiting IP-10G/E Preparing the System for Enhanced QoS
Configuring Enhanced QoS
Enhanced Traffic
Manager
IP-10G/E Configuring Enhanced QoS
Configuring Frame Cut-Through
STP Protocol IP-10G/E Setting the xSTP Protocol
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 20 of 596
Root Menu Item Sub-Menus Applicability For Further Information
RSTP/Ring RSTP IP-10G/E Configuring Ring-Optimized RSTP
Configuring Ethernet Ports to Support
RSTP
Configuring RSTP Priority
Viewing RSTP Status
Radio
Radio Parameters IP-10G/E Enabling and Disabling the Radio
Configuring the Radio Frequencies
Specifying the Radio Link ID
Enabling RSL Degradation Alarms
Configuring Green Mode
Configuring IF Combining Diversity
Configuring Multi-Radio
Displaying XPI Values
Viewing RFU Status
Viewing XPIC Status
Remote Radio IP-10G/E Configuring the Radio Frequencies
Viewing Remote Radio Parameters
Radio Thresholds IP-10G/E Radio Threshold Levels
MRMC IP-10G/E Selecting a Radio Script and Configuring
ACM
Viewing MRMC Status
Viewing Current Tx Status
Viewing Current Rx Status
Compression IP-10G/E Configuring Compression
Traffic Priority IP-10G/E Configuring Radio Traffic Priorities
ATPC IP-10G/E Configuring ATPC Override
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 21 of 596
Root Menu Item Sub-Menus Applicability For Further Information
Configuration
Interfaces
Ethernet Ports IP-10G/E Configuring a Single Pipe Port
Configuring a Managed Switch or Metro
Switch Port
Configuring Automatic State Propagation
Configuring LAGs
Configuring an Ethernet Port for
Pseudowire
Viewing Ethernet Interface Status
E1 Ports/DS1 Ports IP.10G only Configuring E1/DS1 Interfaces
STM Ports/OC-3 Ports IP.10G only Configuring STM-1/OC-3 Interfaces
Wayside Channel IP-10G/E Configuring the Wayside Channel
Preparing the System for Enhanced QoS
User Channel IP-10G/E Configuring the User Channel
EOW IP-10G/E Viewing the EOW Channel Status
AIS IP-10G/E Configuring AIS Detection and Signaling
Synchronization > Sync
Source
IP-10G/E Configuring the Synchronization Source
Configuring PRC Regenerator Mode and
Direction
Synchronization > Clock
Source
IP-10G/E Configuring the Outgoing Signal Clock
Protection
Protection Parameters IP-10G/E Configuring 2+0 Protection
Configuring 2+2 HSB Protection
Specifying Active and Standby Mode
Configuring Switchover Criteria
Viewing Mate Parameters
Multi-Unit LAG IP-10G/E Configuring Multi-Unit LAG
Radio Diversity IP-10G/E Configuring Diversity
Trails TDM Trails IP-10G only Configuring TDM Trails
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 22 of 596
Root Menu Item Sub-Menus Applicability For Further Information
Configuration Pseudowire
Card Configuration IP-10G only Configuring Pseudowire Synchronization
Configuring the Pseudowire T-Card
TDM Ports IP-10G only Configuring the Pseudowire TDM Ports
SOAM/Maintenance
Domain
IP-10G only Configuring MDs
SOAM/Maintenance
Association
IP-10G only Configuring MAs
Pseudowire Profiles IP-10G only Configuring Pseudowire Profiles
Tunnels/PSN Tunnels IP-10G only Configuring Pseudowire Encapsulation
(Tunnels)
Tunnels/Tunnel Groups IP-10G only Configuring Tunnel Groups and Pseudowire
Path Protection
DS0 Bundles IP-10G only Configuring DS0 Bundles
Pseudowire Service IP-10G only Configuring Pseudowire Services
Service OAM
MAID List IP-10G/E Working with MAIDs
Managing Local MEPs
Managing Remote MEPs
Working with MEPs
MEP and MIP List IP-10G/E Working with MEPs
Working with MIPs
Advanced Manual Ping IP-10G/E Pinging Remote MEPs and MIPs
Manual Linktrace IP-10G/E Performing a Manual Linktrace
Diagnostics &
Maintenance
Loopback
Radio IP-10G/E Radio Loopback
PDH Line IP-10G only E1/DS1 Line Loopback
SDH/SONET Line IP-10G only STM-1/OC-3 Line Loopback
Pseudowire TDM Ports IP-10G only Pseudowire Line Loopback
Configuration Management IP-10G/E Configuring FTP or SFTP (Secure FTP)
Archiving the Configuration
Restoring the Default Configuration
Software Management IP-10G/E Configuring IDU Software
RFU Download IP-10G/E Updating the RFU Software Version
IDU-RFU Interface Monitoring IP-10G/E Monitoring the IDU-RFU Interface
Resets IP-10G/E Resetting the Unit
File List IP-10G/E Viewing System Application Files
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 23 of 596
Root Menu Item Sub-Menus Applicability For Further Information
Security
Security Configuration IP-10G/E Configuring Secure Communication
Channels
Configuring a Timeout for Inactive Users
Users & Groups IP-10G/E Adding Users
Deleting Users
CSR File IP-10G/E Generating a Security Certificate from a CSR
File
Change Password IP-10G/E Changing Your Password
RADIUS IP-10G/E Configuring RADIUS
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 24 of 596
2. Getting Started
This chapter includes:
Establishing a Connection with the IDU
Launching the Web EMS
Configuring IP Addresses
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 25 of 596
2.1 Establishing a Connection with the IDU
The default factory configuration of a new IP-10 IDU is:
IP Address: 192.168.1.1, IP Mask 255.255.255.0.
Active management ports: ports 6, and 7 (far right RJ45 ports), out-of band management.
License: Basic capacity 10Mbps, no ACM, Smart Pipe (only GbE ports, ports #1 or #3)
SW package: Basic 6.xx.xx.
Protection: Disabled. 1+0 configuration
To establish a connection with the IDU:
1 Verify that no Ethernet traffic (cables or fibers) is connected. 2 Power up the IDU. 3 Connect your PC or laptop to one of the IDU management ports (ports
6 or 7, far right RJ45 ports).
4 Set your PC or laptop to the following configuration:
IP Address: 192.168.1.240
IP Mask 255.255.255.0
No default gateway.
5 Verify connectivity to the IDU by pinging 192.168.1.1. If there is no connectivity, verify IDU IP management configuration using the Command Line Interface (CLI).
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 26 of 596
2.2 Launching the Web EMS
You can use the Web EMS to perform initial IDU configuration. To launch the Web EMS:
1 Start your web browser. 2 In the URL address field at the top, type http://yourIP, where yourIP is the
IP address of the IDU. The default IDU IP address is 192.168.1.1. 3 Press Enter. The IP-10 Login page is displayed.
4 Enter the user name and password:
Default user name: admin
Default password: admin.
5 Click Apply. The Main View page opens, displaying all the units populated slots.
Note: For multi-radio configurations, protection, and extension units, available options will vary according to the available interfaces and configured features for selected slot.
Main View - Multi Radio Configuration
Main View - Single Unit Configuration
Configuration and other operations are performed by clicking the menus on the left side of the page.
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 27 of 596
2.3 Configuring IP Addresses
You can configure the local IDUs IP address in the Local IP Configuration section of the Management page.
You can configure the remote IDUs IP address in the Remote IP Configuration section of the Management page.
In protected configurations, the floating IP address feature provides a single IP address that will always provide direct access to the currently active main unit. This is used primarily for web-based management and telnet access.
The user can configure a floating IP address in the active unit, and this IP address will be automatically copied to the standby unit.
To configure local IP settings:
1 Select Configuration > General > Management. The Management page opens.
2 In the Local IP Configuration section of the Management page, enter the IP address of the local unit, its subnet mask, and the default gateway.
3 Optionally, enter a floating IP address. The following limitations apply to a floating IP address:
The floating IP address must be different from the system IP address.
The floating IP address must be in the same subnet as the system IP address.
To configure remote IP settings:
1 Select Configuration > General > Management. The Management page opens.
2 In the Remote IP Configuration section of the Management page, enter the IP address of the remote unit and its subnet mask.
3 Click Open Remote to open the remote unit's management page.
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 28 of 596
3. Configuring Secured Access Protocols
This chapter includes:
Security Overview
Configuring SNMP
Configuring Secure Communication Channels
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 29 of 596
3.1 Security Overview
To guarantee proper performance and availability of a network as well as the data integrity of the traffic, it is imperative to protect it from all potential threats, both internal (misuse by operators and administrators) and external (attacks originating outside the network).
System security is based on making attacks difficult (in the sense that the effort required to carry them out is not worth the possible gain) by putting technical and operational barriers in every layer along the way, from the access outside the network, through the authentication process, up to every data link in the network.
3.1.1 Defenses in Management Communication Channels
Since network equipment can be managed from any location, it is necessary to protect the communication channels contents end to end.
These defenses are based on existing and proven cryptographic techniques and libraries, thus providing standard secure means to manage the network, with minimal impact on usability.
They provide defense at any point (including public networks and radio aggregation networks) of communications.
While these features are implemented in Ceragon equipment, it is the responsibility of the operator to have the proper capabilities in any external devices used to manage the network.
In addition, inside Ceragon networking equipment it is possible to control physical channels used for management. This can greatly help deal with all sorts of DoS attacks.
Operators can use secure channels instead or in addition to the existing management channels:
SNMPv3 for all SNMP-based protocols for both NEs and NMS
HTTPS for access to the NEs web server
SSH-2 for all CLI access SFTP for all software and configuration download between NMS and NEs
All protocols run with secure settings using strong encryption techniques. Unencrypted modes are not allowed, and algorithms used must meet modern and client standards.
Users are allowed to disable all insecure channels.
In the network elements, the bandwidth of physical channels transporting management communications is limited to the appropriate magnitude, in particular, channels carrying management frames to the CPU.
Attack types addressed
Tempering with management flows
Management traffic analysis
Unauthorized software installation
Attacks on protocols (by providing secrecy and integrity to messages)
-
FibeAir IP-10G and IP-10E User Guide
Ceragon Proprietary and Confidential Page 30 of 596
Traffic interfaces eavesdropping (by making it harder to change configuration)
DoS through flooding
3.1.2 Defenses in User and System Authentication Procedures
3.1.2.1 User Identification
IP-10G/E supports the following user identification features:
Configurable inactivity time-out for closing management channels
Password strength is enforced; passwords must comply with the following rules:
Be at least 8 characters long
Include both numbers and letters (or spaces, symbols, etc.)
Include both uppercase and lowercase letters
When calculating the number of character classes, upper-case letters used as the first character and digits used as the last character of a password are not counted
A password cannot be repeated within the past 5 password changes
Password aging: users can be prompted do change passwords after a configurable amount of time
Users may be suspended after a configurable number of unsuccessful login attempts
Users can be configured to expire at a certain date
Mandatory change of password at first time login can be enabled and disabled upon user
top related