Create a VLAN Multiplexing Record ............................................................................ 182
Delete a VLAN Multiplexing Record............................................................................. 183
Modify a VLAN Multiplexing Record............................................................................. 183
Display Statistics for a VLAN Multiplexing Record....................................................... 185
The World Leader in Fiber Optic Communications Systemsvii
9145E NID Software User’s Manual
viiiThe World Leader in Fiber Optic Communications Systems
9145EMP NID Software User’s Manual
Preface
About this Manual
This manual provides instructions on the configuration and operation of the 9145EMP Network
Interface Device (NID) Version 3.1 software. The 9145EMP NID can be managed using the EIA232 serial port through a VT100 terminal emulation program, through an Ethernet connection
using Telnet, or by using SNMP.
How this Manual is Organized
This document contains both information and procedures organized in roughly chronological
order. Starting from an introduction to the 9145EMP software, it continues with system
requirements, initial implementation, and continued operation.
The document includes the following chapters:
•Chapter 1, Introduction, provides basic information about the software and navigation.
•Chapter 2, Getting Starteddescribes how to set up and get started using the 9145EMP.
•Chapter 3, System Configuration describes how to configure the 9145EMP management
features.
•Chapter 4, Diagnosticsdescribes how to configure and perform routine network diagnostics.
•Chapter 5, Port Information describes the User port, Network port, Multipurpose port, and
the Management UTP port.
•Chapter 6, System Alarms & Logs describes how to configure System Alarms and System Logs.
•Chapter 7, Utilities describes system utilities.
•Chapter 8, Software Upgradedescribes how to upgrade the NID software.
•Chapter 9, Link OAM describes the Operations, Administration, and Maintenance functions, such as remote fault indication and remote loopback control, as specified by the
IEEE 802.3ah standard.
•Chapter 10, CoS Configuration describes how to enable or disable Class of Service support that includes classification, queuing, scheduling and queue management functions
for the 9145EMP.
ix
9145EMP NID Software User’s Manual
•Chapter 11, Service OAM describes how to detect, isolate, and report connectivity faults
that span networks comprised of multiple LANs, and monitor the performance of connections.
•Chapter 12, VLAN Multiplexing describes configuration steps for multiplexing customer
frames to S-VLANs.
Contacting Technical Support
Contact Canoga Perkins technical support (1-800-360-6642), or your 9145EMP support supplier,
for hardware and software support, including product repairs and part ordering. Please have the
following information available:
•NID model and serial number
•NID software version
•Detailed description of the problem and specific questions
•Details from messages in system log (if available)
•Description of any troubleshooting steps already performed and results
Documentation Feedback
Because quality is our first concern at Canoga Perkins, we have made every effort to ensure the
accuracy and completeness of this document. However, if you find an error or an omission, or
you think that a topic needs further development, we want to hear from you. Forward your
feedback to: techsupport@canoga.com. Provide the title and version number and as much detail
as possible about your issue, including the topic heading, page number, and your suggestions for
improvement.
x
Introduction9145EMP NID Software User’s Manual
Management Access
Chapter 1
Introduction
1.0 About the 9145EMP Software
The Multiport 9145E (9145EMP) is a multiport version of the industry-leading 10/100/1000 9145E
Network Interface Device (NID). The 9145EMP is equipped with four User Ports and two Network
Ports. The User Ports are 10/100/1000 ports supporting dual media, as in the 9145E. The two
Network Ports support 100/1000 optical SFPs only.
The 9145EMP supports Link Aggregation (IEEE 802.3ad) on the Network Ports.
The 9145EMP supports VLAN multiplexing of C-VLANs into S-VLANs. This feature allows cus-
tomer frames to be multiplexed into S-VLANs through the use of a C-VLAN/S-VLAN Map.
1.1 Management Access
The 9145EMP can be managed through any of several access ports.
VT-100 Terminal The VT-100 terminal is used to manage the NID locally via the EIA-232 serial
port, primarily to perform initial configurations on the NID before it is connected to the network.
Telnet Once the 9145EMP has been connected to your network, it can be accessed using
Telnet. All commands and functions are available using standard Telnet software.
SNMP All commands and functions are also available using an SNMP manager. The 9145EMP
supports SNMP v1/v2c/v3 and many standard MIBs as well as CP proprietary MIBs.
1.2 Management Security Features
The 9145EMP has comprehensive management access security features, including SNMPv3
authorization, RADIUS, password formatting, and user access controls. You can set values and
options within the software that will work with the security protocols on your network. The four
network security protocols listed below are supported. In addition, the 9145EMP provides options
to define strong passwords, independent of the security protocols.
SNMPv3 Provides authentication and encryption of management traffic across a network.
Remote Access Dial In User Security (RADIUS) The RADIUS server maintains user account
information. At login, the 9145EMP queries the server which authenticates the username and
password and sends a message to the 9145EMP to allow the login. The RADIUS server can also
be set up to require additional authentication information before accepting the user. If the
1
9145EMP NID Software User’s ManualIntroduction
Three Levels of Security
username or password is not valid, the RADIUS server sends a message to the 9145EMP to
disallow the login and reject the user.
Secure Shell version 2 (SSH-2) SSH-2 provides authentication and encryption for a secure
remote Telnet connection. SSH can be configured to provide unique User Accounts.
Secure File Transfer Protocol (SFTP) SFTP adds encryption to protect uploaded files during
the file transfer process, such as for a software update.
1.3 Three Levels of Security
Most Service Provider management networks provision certain access levels to technicians,
network administrators, and managers. Offering different access levels to critical applications
allows network administrators to keep closer watch on the entire network.
The 9145EMP allows view-based access to be set up for user interface features and SNMP
access. A capabilities file allows views to be defined in an ASCII file and downloaded to the NID.
A three-level security system on the 9145EMP controls all user interface and SNMPv3 access.
All 9145EMP features require that the user have a certain access level. The logged in user or
SNMPv3 manager’s access level is used to validate and control access to the 9145EMP
features. When accessing a menu item or an SNMP object, the user’s access level is checked
against the access level required for the feature. If the user’s access level is sufficient, then the
access is granted. If the user’s access level is not sufficient, an error message is displayed in the
status area, or an SNMP error is returned.
The three access levels are supervisor, operator, and observer.
•In the default configuration, the supervisor access level is allowed complete access to all
9145EMP features including configuring the security system.
•The operator access level is allowed access to the 9145EMP features except those relating to the 9145EMP’s security system. This level can be configurable by the administrator.
•The observer access level is allowed access to the 9145EMP features that do not modify
the 9145EMP’s configuration. This level can be configurable by the administrator.
1.4 Feature Access Level Configuration
The 9145EMP has a default assignment of access levels. Creating and downloading a text file
called 9145EMP.cap to the 9145EMP can change this assignment. This file contains mappings
between module features and the access level required to access the feature.
As an example the entry that controls access to the Maximum Frame Size setting looks like
maxFrameSize=operator. This entry indicates that to change the Maximum Frame Size, a user’s
account must have “operator” access level or greater.
The default 9145EMP.cap file containing the 9145EMP built-in security rules is provided with the
9145EMP release. To modify the security rules, simply modify the provided 9145EMP.cap file and
download this modified file to the 9145EMP. The 9145EMP.cap file is downloaded to the
9145EMP via the normal FTP/SFTP/TFTP in the same manner as downloading a firmware file to
the 9145EMP. The same file may be downloaded to multiple 9145EMPs to ensure the same
security rules.
2
Introduction9145EMP NID Software User’s Manual
Feature Access Level Configuration
If the file 9145EMP.cap is not downloaded to the 9145EMP, then the default access level
mappings in the 9145EMP are used. If a feature is not present in the file “9145EMP.cap” that is
downloaded to the 9145EMP, then the default access level mapping in the 9145EMP is used. If
errors are found in this file, these errors are displayed in the System log.
3
9145EMP NID Software User’s ManualIntroduction
Feature Access Level Configuration
4
Getting Started9145EMP NID Software User’s Manual
Chapter 2
Getting Started
2.0 Configuring Terminal Management
When you use the EIA-232 Serial Port for VT-100 sessions, Canoga Perkins suggests that you
use HyperTerminal or another type of terminal emulation software on a PC.
NOTE: Microsoft Vista does not include HyperTerminal. If your PC uses the Vista
operating system, you will need to install a terminal emulation program.
2. At the Connection Description dialog, select an icon and enter the name for the
connection. Click OK.
3. At the Connect To dialog, select the Connect Using menu. Select the COM port and
click OK.
4. Select the Port Settings tab from the COM Properties dialog. Make the following
selections:
a. Bits per second: 9600 bps
b. Data bits: 8
c. Parity: None
d. Stop bits: 1
e. Flow control: None
6. Click OK.
7. Go to File > Properties >Settings and change the Emulation setting from Auto detect to
VT100.
8. HyperTerminal connects to the system and the VT100 terminal emulation starts.
5
9145EMP NID Software User’s ManualGetting Started
Setting Up SNMP Network Management
2.1 Setting Up SNMP Network Management
The 9145EMP communicates with CanogaView or your Network Management Platform either inband, via the Network port, or out of band, via the Management UTP port.
2.1.1 About MIBs
To communicate with the 9145EMP using SNMP, standard Management Information Bases
(MIBs) are required on your Network Management Platform. Refer to “Supported MIBs” on
page 10 for a list of MIBs.
Additionally, Canoga Perkins Private MIBs are needed on the Management Platform to manage
tasks specific to the Canoga Perkins 9145EMP. The Canoga Perkins Private MIBs are available
for download in the Client Support area of the Canoga Perkins web site. Go to www.canoga.com,
then click on Client Support.
NOTE: To log in to the client site or secure site, use the serial number of the 9145EMP to
register.
2.1.2 9145EMP Set-up
Several TCP/IP and SNMP parameters must be configured before you can accessing the
9145EMP from CanogaView or your Management Platform. These parameters include TCP/IP
Address, Authorized Host List and Privileges. These parameters are initialized using a VT-100
Terminal connected to the RS-232 Serial Port. Refer to “System Configuration Menu” on page 11
for details on configuring these parameters.
2.2 Management User Interface
The Management User Interface for the 9145EMP provides a menu driven interface for setup,
monitoring, and diagnostics. You can access the screens directly by connecting to the serial port
of the 9145EMP or using Telnet.
A typical screen (Figure 2-1) includes standard descriptions and reference designations. Use this
and other screens to configure the system, set operational parameters, and verify the system
status. All screens use a common method for navigation.
NOTE: Status screens do not have selectable items.
Use the following methods to navigate screens:
•When a menu item is highlighted, press the Space bar to view the options for that item.
•Press Tab to move the highlight to the next column.
•Press Enter to select the highlighted option for a menu item or to go to the next line.
•Press Esc once to cancel an action or to return to the previous screen.
To select an item from a screen menu enter the menu item number. For example, you would type
6 and press Enter to select “Utilities” as shown in Figure 2-1.
The first screen is the Login screen (Figure 2-2). Type your Username and press Enter. The
Password prompt appears. Type your Password and press Enter. If the Username or Password
are incorrect, you will be returned to the Username Prompt and the message Invalid Username/Password entered will be displayed.
CAUTION: The default username and password is admin (lower case). Canoga
Perkins strongly recommends you change the default username
and password during your initial configuration session.
When you successfully log in, the Main Menu (Figure 2-3) opens. Use the Main Menu to access
all 9145EMP functions, including setup, diagnostics, and reports.
See the sections “Account Configuration” on page 29 and “Password Configuration” on page 26
for information about configuring you account and changing your password.
CAUTION: If you lose both your Username and Password, return the unit to
Canoga Perkins for Factory Service and reset.
2.4 Main Menu
Following is a brief description of the Main Menu items.
1. System Configuration The System Configuration menu is used to view and set values
for system information and TCP/IP management communications parameters.
2. Diagnostics The Diagnostics menu is used to set up various troubleshooting tests,
including Loopback, Latency/Jitter, PING tests, or Cable Diagnostic.
3. Port Information The Port Information menu is used to ascertain the current conditions
for all ports in the 9145EMP, to set and view the configuration information for specific
ports, check Link Status and Layer 2 Statistics and configure Link Aggregation
functionality.
4. System Alarms The System Alarms screen is used to view current alarm conditions.
5. System Log The System Log screen displays a list of recent traps, alarms, and events.
6. Utilities The Utilities menu is used to set-up and display basic functional information.
7. Software Upgrade The Software Upgrade screen is used to download and install new
firmware using TFTP, swap firmware banks, and reset the 9145EMP.
8. Manage Logged In Users The Manage Logged In Users screen is used by the
administrator to view current users, and to terminate user sessions when required.
9. Link OAM The OAM menu is used to set, change, and view various link layer
operational, administration and maintenance (OAM) functions.
10. CoS Configuration The Class of Service (CoS) Configuration menu is used to enable or
disable classification support, and to establish priority to queue mapping, set up queue
configuration, create drop profiles, and view queue statistics.
11. Service OAM The Service OAM menu is used to configure Connectivity Fault
Management.
12. VLAN Multiplexing The VLAN Multiplexing menu is used to configure VLAN
Multiplexing.
13. Logout Logout terminates your current session.
9
9145EMP NID Software User’s ManualGetting Started
Supported MIBs
2.5 Supported MIBs
This section lists all supported MIBs including Standard MIBs and the Canoga Perkins MIBs.
The System Configuration menu (Figure 3-1) allows you to access the screens where you can
configure various management, IP, security, and alarm settings. The following section describes
each item on the System Configuration menu.
Figure 3-1 System Configuration Menu
11
9145EMP NID Software User’s ManualSystem Configuration
The IP/SNMP Agent Configuration screen (Figure 3-2) configures the Management IP, Test IP,
and Auxiliary IP settings, and is used to add, edit, or delete Host Table and Trap Table entries.
The Management IP, Test IP, and Auxiliary IP Addresses are used for managing and conducting
testing on a TCP/IP network.
Figure 3-2 IP/SNMP Agent Configuration screen
3.1.1 Management IP Configuration
On the IP/SNMP Agent Configuration screen (Figure 3-2), type 1 and press Enter. The
Management IP Configuration screen (Figure 3-3) opens.
Use this screen to configure the Management IP of the 9145EMP, including the subnet mask,
gateway, and management VLAN, and to configure which ports can be used for management
access. See your network administrator for information and help with determining the appropriate
parameters.
1. Manager IPAddress Sets the 9145EMP Manager IP Address.
Subnet Mask Sets the 9145EMP Manager IP Subnet Mask.
Default Gateway Sets the IP Address of the Default Gateway.
2. Manager Port Used to select the port(s) to allow Management Communication access.
Options are: Network Port, MGMT UTP Port, and Disabled.
3. Manager VLAN Tagging Enables or disables the use of a Management VLAN. The tags
are 802.1ad compliant. The default setting is Untagged. Options are: Untagged, STagged, C-Tagged, or Double tagged. If you selected “MGMT UTP Port,” only Untagged
or C-Tagged are allowed. If you select "MGMT UTP Only," only untagged and C-Tagged
are allowed.
12
System Configuration9145EMP NID Software User’s Manual
6) Test IP Address 000.000.000.000
Test Subnet Mask 255.255.255.000
7) Test Port No Ports Allowed
8) Telnet Security Disabled
9) Reply to Broadcast Ping Disabled
Select [1-9]:
IP/SNMP Agent Configuration
4. Manager S-VLAN ID If Manager VLAN Tagging is set to S-Tagged or Double Tagged,
you can set the S-VLAN Tag ID between 1 and 4094.
5. Manager C-VLAN ID If Manager VLAN Tagging is C-Tagged or Double Tagged, you can
set the C-VLAN Tag ID between 1 and 4094.
CAUTION:The Manager IP Address, Subnet Mask, and Gateway address can
be changed when locally or remotely connected. When you change
the Management IP Configuration via remote access, you will be
automatically disconnected when the Gateway address is changed.
You will need to reconnect using the updated Manager IP Address,
Subnet Mask, and Gateway address.
Figure 3-3 Management IP Configuration screen
6. Test IP Address Sets the IP Address for optional test features.
Test Subnet Mask Sets the Subnet Mask for optional test features.
7. Test Port Used to select which port(s) allow access to the Test IP address. Options are:
USR Port 1, USR Port 2, USR Port 3, or USR Port 4.
8. Telnet Security Enables or disables checking if the host initiating the Telnet session is
listed in the host table. If Telnet Security is enabled the host must be included as part of
the host table. Default is disabled, which allows access from all hosts.
13
9145EMP NID Software User’s ManualSystem Configuration
-------------------------------AUXILIARY IP CONFIGURATION----------------------
1) Auxiliary IP Address 000.000.000.000
Auxiliary Subnet Mask 255.255.255.000
2) Auxiliary Port No Ports Allowed
3) Aux VLAN Tagging on Network ports Untagged
4) Aux C-VLAN ID on Network ports 0
5) Aux S-VLAN ID on Network ports 0
6) Aux VLAN Tagging on User ports Untagged
7) Aux C-VLAN ID on User ports 0
8) Allow Any Vlan Disabled
9) Aux IP Rate Limiting Enabled
Select [1-9]:
IP/SNMP Agent Configuration
9. Reply to Broadcast Ping Enables or disables the 9145EMP reply to ICMP packets with
a broadcast IP Host Address in the Manager IP subnet. Broadcast Ping replies are an
ICMP packet and are rate limited to 100pps. Default is disabled.
3.1.2 Auxiliary IP Configuration
On the IP/SNMP Agent Configuration screen (Figure 3-2), type 2 and press Enter. The Auxiliary
IP Configuration screen (Figure 3-4) opens.
The Auxiliary IP is an additional IP address that is provided for testing and connectivity only. It
allows the 9145EMP to be PINGed without allowing Telnet or Management access that could be
disruptive. The Auxiliary IP rate is limited to 500 pings per second. This allows connectivity and
rudimentary performance testing from subscriber/user VLANs without compromising network
security.
To configure the parameters, type the corresponding number and press Enter. Enter data or
press the Space bar to view the configuration choices for the parameters described below.
Separate tagging configuration is necessary for User Side and Network side ports. All ports on
the user side must share the same tagging configuration.
Figure 3-4 Auxiliary IP Configuration screen
1. Auxiliary IP Address Sets the 9145EMP Auxiliary IP Address.
Auxiliary Subnet Mask Sets the 9145EMP Auxiliary IP Subnet Mask.
2. Inband Auxiliary Port Describes the Auxiliary IP address ports. Options are: USR 1,
USR 2, USR 3, USR 4, Network Port, or Disabled.
3. Auxiliary VLAN Tagging on Network ports Describes the tagging mode for the frames
sent and received when the Auxiliary IP address is configured on the Network Port.
Options are: Untagged, S-Tagged, or Double Tagged.
14
System Configuration9145EMP NID Software User’s Manual
IP/SNMP Agent Configuration
4. Auxiliary C-VLAN ID on Network ports Sets the C-VLAN ID value (between 1 and
4094). Valid if the Auxiliary VLAN Tagging mode on Network ports is set to Double
Tagged.
5. Auxiliary S-VLAN ID on Network Sets the S-VLAN ID value (between 1 and 4094). Valid
if the Auxiliary VLAN Tagging mode on Network ports is set to Double Tagged or STagged. The value defaults to 0 if any of the other type of tagging modes are selected.
6. Auxiliary VLAN Tagging on User ports Describes the tagging mode for the frames sent
and received when the Auxiliary IP address is configured on any of the User Ports.
Options are Untagged or C-Tagged.
7. Auxiliary C-VLAN ID on User ports Sets the C-VLAN ID value (between 1 and 4094) for
the C-Tags on User Ports. Valid if the Auxiliary VLAN Tagging mode on User Ports is set
to C-Tagged.
8. Allow any VLAN If this option is enabled, frames addressed to the Auxiliary IP address
are processed regardless of their VLAN tagging. All responses on such frames are
tagged with the received VLAN ID. Frames initiated by the NID will be still tagged with the
configured encapsulation (Options 3 to 7 above). If this option is disabled, received
frames will only be processed if they have the VLAN ID set on this screen.
9. Auxiliary IP Rate Limiting Specifies whether the maximum limit of 500 frames per
second is enforced for frames received on the Auxiliary IP address.
15
9145EMP NID Software User’s ManualSystem Configuration
On the IP/SNMP Agent Configuration screen (Figure 3-2), type 3 and press Enter. The Host
Access Table screen (Figure 3-5) opens.
Use this screen to configure the 9145EMP to send and receive SNMP, FTP, and Telnet traffic to
the Managing Host IP address, and access from specific Telnet clients when Telnet security is
enabled. Use the Host Access Table to configure access by each host including access type and
privileges (SNMP, FTP, Telnet).
Figure 3-5 Host Access Table screen
3.1.3.1 Add or Edit a Managing Host IP
To add a Managing Host IP, from the Host Access Table screen, type A and press Enter. To edit
an existing Managing Host IP select Edit (E). To delete a Managing Host IP select Delete (D).
The Edit Host Access screen (Figure 3-6) opens.
1. Type the Managing Host IP address to add to the Host Access list and press Enter.
2. Type the IP Mask Size (default value 32) and press Enter. To have an entire subnet
access the 9145EMP, enter the mask size for the subnet.
3. To change Telnet Access, type 1 and press Enter. Press the Space bar to select Telnet
and SSH, Telnet Only, SSH Only, or None.
4. To change FTP access, type 2 and press Enter. Press the Space bar to select FTP and
SFTP, FTP Only, SFTP Only, or None. Press Enter to select the parameter.
5. To change SNMP Access parameters, type 3 and press Enter. Press the Space bar to
select Read, Write, or None. Press Enter to select the parameter.
16
System Configuration9145EMP NID Software User’s Manual
6. To change the SNMP Protocol parameters, type 4 and press Enter. Press the Space bar:
V1/V2c/V3, V1/V2c, or V3 using the Space Bar. Press Enter to select the parameter.
Figure 3-6 Edit Host Access screen
7. To change V1/V2c Read Community, type 5 and press Enter. Type the desired V1/V2c
Read Community and press Enter.
8. To change the V1/V2c Write Community, type 6 and press Enter. Type the desired V1/
V2c Write Community and press Enter.
9. To change the V1/V2c Access Level, type 7 and press Enter. Press the Space bar to
select Operator, Supervisor, or Observer. Press Enter to select the parameter.
10. Press Esc to return to the Host Access Table screen.
NOTE: SNMP V3 security parameters are configured per user account on the Edit User
Account screen. From the System Configuration screen type 4 and press Enter to
open the Account Configuration screen, then type E to edit an account.
17
9145EMP NID Software User’s ManualSystem Configuration
1. To add a Managing Host IP address, from the Trap Notification Destination Table screen
(Figure 3-7), type A and press Enter (to edit, type E and press Enter). The Edit Trap Notification Type screen open (Figure 3-8)
2. Type the Managing Host IP address and press Enter.1
3. Type the Trap/Notification Port and press Enter.
The default value is 162 for regular SNMP managers (163 for CanogaView). Any port
numbers from 1 to 65535 can be used to receive traps. Check with your IT manager to
ensure the port setting is correct.
18
Loading...
+ 172 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.