FSP 150CC-GE-V1.0 Course - 2 - Administration

FSP 150CC-GE
Product Training
Course 2 - Administration
FSP 150CC-GE110 R8.1.1
January 2017 V1.0

Module Contents
• Connectivity
• Syslog
• Security/Alarm/Audit Logs
• SNMP
• SNTP
• Security
• Last Cause Reset
• Bulk Log Transfer
2 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Connectivity
• Various Options
• HTTP/HTTPS – eVision
• Telnet, SSHv2
• SNMP
• CLI
• NMS
User ID root netadmin user
Password ChgMeNOW ChgMeNOW ChgMeNOW
Privilege Superuser Provisioning Maintenance
• Maximum of 5 http/https sessions.

• Maximum of 5 CLI sessions. One is reserved for the serial interface, even
if the interface is disabled. The remaining 4 CLI sessions can be initiated
over Telnet or SSH.
• ** XG210C – Telnet/http can not be enabled
Connectivity
Serial Interface
• Connection Attributes:
• Bits per second: 9600
• Data bits: 8
• Parity: None
• Stop Bits: 1
• Hardware Flow Control: NONE
• Straight through cable with included DB9/RJ45 adapter
• CLI
• Software download and database backup are not available via the
serial interface. IP connectivity is required for https file transfer
and FTP.

Connectivity
Serial Interface
• CLI login screen

Connectivity
CLI Basics
• Serial Port, Telnet or SSH
• Only need to enter the unique portion of the command term, not
the entire term
• “tab” can be used to auto-complete the command term once

unique portion entered, but completion is not required
• “back” takes you back one level
• “home” takes you to the main level
• “quit” logs you out from any menu/sub-menu
• Arrows can be used to scroll back/forward through previous

commands or edit (terminal emulation specific)
• “?” at any time shows available commands or validity/next

parameter of the currently entered command.

Connectivity
CLI Prompt Configuration
• CLI prompt can be configured via GUI and CLI
ADVA--> configure system

ADVA:system--> prompt ADVA-GE206
GE206-site1:system-->

Connectivity
Network Element Identification
• Network Element Identification can be configured via GUI and CLI
ADVA--> network-element ne-1

ADVA-NE-1--> name GE206-TX-Dallas
ADVA-NE-1--> location Dallas-TX
ADVA-NE-1--> contact John-Smith

Connectivity
IP Access
• The MGMT LAN port – DCN (eth0)
• Auto-MDIX supported
• Straight through or cross over will work
• There is a default ip address of 192.168.0.2/24 is assigned.

Connectivity
HTTP GUI
Applications
Navigation
Tree
Info/Input
Alarms and
Conditions

Connectivity
GE11x Naming Conventions and Navigation
• GE112 FLOW Entity ID • GE114 FLOW Entity ID

Naming convention: Naming convention:
• NE  1
• NE  1
• Shelf  1
• Shelf  1
• Slot  1
• Access  3 (range is 2 to 4) • Slot  1
• Flow  1 (range is 1 to 16) • Access  3 (range is 2 to 6)
• Flow  1 (range is 1 to 32)

Connectivity
HTTP GUI - Usage
• Applications:
• Functionality is divided into different applications which is aligned with
user privileges
• Navigation Tree:
• Many nodes in the navigation tree have options that are
selectable by right-clicking on the node
• “OK” vs. “Apply”

• Both result in the validation of the data and the writing of
changes to the Flash copy of the database and the hardware
• “Apply” leaves you in the edit screen where as “OK” takes you
back to the display screen

General
Security Banner
• Banner is displayed on GUI and serial/telnet sessions at login.
• In the GUI, right click System node and select “Edit Banner”
• Maximum of 2000 characters
ADVA:--> configure system

ADVA:system--> security-banner “This is a private system.
Unauthorized access or use may lead to prosecution”

General
Security Prompt
• When logging in via the CLI, the following prompt is typically

displayed:
Do you wish to continue [Y|N]-->
• This prompt can cause issues with CLI based configuration

systems.
• The prompt can be disabled via the CLI only.
ADVA:--> configure system

ADVA:system--> security-prompt disabled

General
Syslog Servers

ADVA:system--> syslog-server 1
ADVA:system:syslog-1--> configure 10.10.10.10 514
ADVA:system:syslog-1--> show syslog-server
IP Address : 10.10.10.10
port : 514

General
Syslog Servers
• Individual controls for each log type

General
Security Log
• Security Log contains events of the following type:

• Login/Logout/Failed Login attempts (local / remote)
• Local User creation/deletion
• Password change attempts
• Security logs can be directed to SYSLOG (configurable)
• Security log can only be cleared by a factory reset only
• Security log only visible to superuser accounts
• Security log contains 1000 records

General
Security Log
ADVA--> show security-log

ADVA:system--> security-log
ADVA:system:security-log--> syslog-control disabled

General
Alarm Log
• Alarm log (automatic output buffer) for alarms/events
• Alarm logs can be directed to a SYSLOG (configurable)
• Alarm logs can be disabled by superuser
• Alarm logs contains 1000 records
• Alarm log entries limited to 256 characters

General
Alarm Log
ADVA--> show alarm-log

ADVA:system--> alarm-log
ADVA:system:alarm-log--> syslog-control disabled
ADVA:system:alarm-log--> log2file-control enabled

General
Audit Log
• Audit Log contains events of the following type:

• all configuration related changes (database change events)
• all entity (e.g. equipment, facility, etc) state changes
• all system restarts
• all maintenance operations (e.g. loopbacks)
• Audit logs can be directed to SYSLOG (configurable)
• Audit Log can be disabled by superuser
• Audit log contains 1000 records
• Audit log entries limited to 256 characters

• GE20X/XG210 R7.1.1 – audit log includes the IP address of the user
initiated changes along with whether the changes were done via GUI or
CLI

General
Audit Log
ADVA--> show audit-log

ADVA:system--> audit-log
ADVA:system:audit-log--> syslog-control disabled
ADVA:system:audit-log--> log2file-control enabled

SNMP
Simple Network Management Protocol
• The device is configurable via SNMP
• SNMP V1, V2c and V3 are supported
• V1 and V2c Defaults:
• V3 Defaults:

SNMP
Community String
ADVA--> configure snmp

ADVA:snmp--> add community noc-readonly readonly

SNMP
Trap community string
• Community string access type can be set to Trap Only
• Can not be used for read-only or read-write access

• The following errors will be returned by the system if the trap only
community string is used to read/write access to the GE20x
• noSuchName for SNMPv1
• noAccess for SNMPv2c
• noAccess for SNMPv3 USM

ADVA:snmp--> add community "traps" trap-only

SNMP
Special Characters
• For community strings, we now support ASCII printable characters
(character code 32-127) which includes the following special characters:
• space!”#$%&’()*+,-./:;<>=?@[]\^_`{}|~

SNMP
Target Parameter
• The target parameters allow us to define what SNMP protocol will be used
to populate trap information
• Thus what SNMP protocol will be used to send traps to the target address
specified
• Target parameter must be added prior to adding the target address.

ADVA:snmp--> add target-params target-param-v1 snmpv1 snmpv1 private no-auth

SNMP
Target Address
• Up to 10 trap recipients may be defined
• Up to 10 community strings may be defined
• Bulk traps control on SNMP Target Address

ADVA:snmp--> add target-address NMS-US 10.10.10.10:162 3 trap target-param-v1 enabled

SNMP
USM (User Security Model)

ADVA:snmp--> add usm-user NOC-Dal-Tier2 local r0ck3t readonly auth-
priv md5 des ******** ********
• Engine ID • Auth. Key and Priv. Key

• ‘local’ or beginning with 1 or 0 • 8 – 32 characters long
• Contains a mix of upper and lower case alpha
characters (a-z A-Z), at least one special
• Security name character (# * %) and at least one digit (0-9).
• 1 to 256 characters long Cannot begin with ‘#’.
• only ‘0-9 a-z A-Z _ . –’ are • No more than 2 chars. can be repeated in
accepted consecutive positions.
• Does not contain a sequence of 3 consecutive
• If left blank User Name will be letters/digits in ascending/descending order.
copied into this field. • Can not be the same as the user ID.

SNMP
Dying Gasp Trap
• The 150CC supports the ability to generate an SNMP Dying Gasp trap on
power loss for scenarios where EFM-OAM Dying Gasp is not sufficient.
• Only one of SNMP Dying Gasp trap or EFM-OAM Dying Gasp message can
be generated on an interface.
• SNMP Dying Gasp will only be sent over a Mgmt tunnel, not the MGMT
LAN (only replaces EFM OAM Dying Gasp)
• Configure SNMP Dying Gasp on the system level and then you can enable
the trap by target address (up to 2 SNMP Dying Gasp PDUs can be
configured per system).
ADVA--> network-element ne-1

ADVA-NE-1--> configure nte nte206-1-1-1
ADVA-NE-1:ge206-1-1-1--> snmp-dying-gasp enabled

System Update:
System Time of Day (GE112/GE114Pro)
• Local: the Time of Day is based on the local oscillator.

This is the same as NTP disabled in the previous release.
• NTP: the Time of Day is updated based on an external

NTP server

Security
• Secure access (defaults shown):

• Serial Port: Enabled HTTP (port 80): Enabled
• Telnet (port 23): Disabled HTTPS (port 443): Disabled
• SSH: (port 22): Enabled SFTP: (port 22): Disabled
• FTP (port 21): Disabled SCP: (port 21): Enabled
• Access Control Lists
• GUI:
• Automatic logoff is provisionable
• Cookie shared per PC user login per NID IP address
• Serial
• Automatic logoff on cable disconnect (Serial Port Auto Log off: Enable)
• Serial port can be disabled
• Authentication Traps can be enabled (disabled by default)

Security
Operations
• Access by various applications can be generically enabled or disabled;
• In the configuration application right click on “System” and select- “Edit System”

ADVA:system--> ftp enabled
ADVA:system--> telnet enabled
ADVA:system--> serial enabled

Security
Key Management
• The device can generate unique SSL Certificates and SSH keys.
• This will replace the existing keys.
ADVA--> configure user-security

ADVA:user-sec--> regenerate-ssh-keys
ADVA:user-sec--> regenerate-ssl-certificate

Security
Access Control Lists
• Up to 10 ACL entries can be activated at the system level
• Each entry allows for the specification of a subnet that can access the unit

ADVA:system--> acl-entry 1
ADVA:acl-1--> configure permit 10.10.1.0 255.255.255.0
ADVA:acl-1--> control enabled

Bulk Log Transfer
• Bulk File upload GUI screen

ADVA:system--> security-log
ADVA:securitylog --> transfer-file ftp commonUser
password ********** 10.10.10.1 securitylog.txt
ADVA:securitylog --> back
ADVA:system--> audit-log
…
ADVA:system--> alarm-log
• Transfer Alarm log, Audit log, and Security log via http, ftp, scp, sftp.
• Security log can only be transferred by super user privilege level
• Log file format is in clear text
• Log file name contains the log type, source device, and
date/timestamp.
Timezone Support
• Realisation:
• User interface for the timezone have the following attribute:

o User supplied offset from UTC (e.g., “-6:00”)
o Daylight Saving Time Enable/Disable Control

 DST Start Time (consistent with syntax of zic – standard timezone compiler)
 Month (January, February,…)
 Day (lastMon, lastSun, Sun>=1, …)
 Time (2:00,…)
 Offset (0:00, 1:00,…)
o DST Stop Time

 Month
 Day
 Time
 Offset

Timezone Support- configuration
o User supplied offset from UTC - [hh:mm]
o Daylight Saving Time - [Enable/Disable]

End of Administration
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content,
material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations
of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or
damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by
or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.

FSP 150CC-GE-V1.0 Course - 2 - Administration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FSP 150CC-GE-V1.0 Course - 2 - Administration

Uploaded by

Copyright:

Available Formats

FSP 150CC-GE

FSP 150CC-GE110 R8.1.1

January 2017 V1.0

• Last Cause Reset

• Bulk Log Transfer

2 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

User ID root netadmin user

Password ChgMeNOW ChgMeNOW ChgMeNOW

Privilege Superuser Provisioning Maintenance

• Maximum of 5 http/https sessions.

• Straight through cable with included DB9/RJ45 adapter

4 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• CLI login screen

5 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Serial Port, Telnet or SSH

• “tab” can be used to auto-complete the command term once

• “back” takes you back one level

• “home” takes you to the main level

• “quit” logs you out from any menu/sub-menu

• Arrows can be used to scroll back/forward through previous

• “?” at any time shows available commands or validity/next

6 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• CLI prompt can be configured via GUI and CLI

ADVA--> configure system

7 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Network Element Identification can be configured via GUI and CLI

ADVA--> network-element ne-1

8 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Straight through or cross over will work

• There is a default ip address of 192.168.0.2/24 is assigned.

9 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

10 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• GE112 FLOW Entity ID • GE114 FLOW Entity ID

11 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• “OK” vs. “Apply”

12 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Banner is displayed on GUI and serial/telnet sessions at login.

• Maximum of 2000 characters

ADVA:--> configure system

13 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• When logging in via the CLI, the following prompt is typically

Do you wish to continue [Y|N]-->

• This prompt can cause issues with CLI based configuration

• The prompt can be disabled via the CLI only.

ADVA:--> configure system

14 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

ADVA--> configure system

15 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Individual controls for each log type

16 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Security Log contains events of the following type:

• Security logs can be directed to SYSLOG (configurable)

• Security log can only be cleared by a factory reset only

• Security log only visible to superuser accounts

• Security log contains 1000 records

17 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

ADVA--> show security-log

ADVA--> configure system

18 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

• Alarm log (automatic output buffer) for alarms/events

• Alarm logs can be directed to a SYSLOG (configurable)

• Alarm logs can be disabled by superuser

• Alarm logs contains 1000 records

• Alarm log entries limited to 256 characters