Scribd Logo
Upload

Welcome to Scribd!

  • A-02-System Management

    Uploaded by

    terie
    17 views15 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views15 pages

    A-02-System Management

    Uploaded by

    terie

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 15

    Software

    Management Protocols

    11 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Management Protocols
    • Command Line Interface (CLI)
    • Operate, configure, administer and maintain FSP 3000 C equipment
    • NETCONF
    • Full configuration and monitoring
    • Notifications
    • REST API
    • Full configuration and monitoring
    • Fault Reporting (via web sockets)
    • SNMP
    • Fault reporting (Traps)
    • PM retrieval (limited)
    • OMT Interface (OpenMSFT API)
    • REST API based on Swagger for Microsoft SmartAmps only
    • Supported in R2.2.1

    Under development:
    • OPEN CONFIG
    • RESTCONF
    • WebGUI

    2 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    System Management
    SNMP

    3 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Configuring SNMP

    Enable\Disable SNMP versions:


    • set snmp v1-version-enabled true
    • set snmp v2c-version-enabled true
    • set snmp v3-version-enabled true

    Configure Communities\Use Default


    • edit snmp community-entries public-1 access-type read-only
    • edit snmp community-entries private-1 access-type read-write

    Set target address:


    • set snmp target-addrs-entries 172.27.7.8 transport-address 172.27.7.8 addr-name server params-name
    pname tag-list aos;

    4 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Configure SNMP trap forwarding
    Checking existing
    configuration

    Displaying receivers
    list

    Configuring trap
    receiver

    5 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    System Management
    General logs and syslog

    6 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Logs: General

    Individual logs for:


    • Security: user login/logout and security related actions
    • Audit: (+userid): DB changes, system restarts, maintenance actions
    • Events: state changes, autonomous actions
    • Alarms: alarm conditions, TCAs
    Non-volatile memory storage for all logs
    Storage size configuration for each category
    • Default: 375 KB per log; user configurable
    Syslog server control for each category
    • Send log to one of three possible Syslog servers
    Log buffer full options:
    • (1) Roll-over (oldest entries over-written by new)
    • (2) Stop-logging
    Suspend / resume logging controls (except Security log)
    Log file off-load to remote server

    7 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Logs: Syslog

    Up to 3 Syslog servers can be defined per system


    • Individual logs can be forwarded to one of these three servers

    Log format and operation conforms to RFC 5424


    • Facility Type, Severity, etc…
    • SSL/TLS secure transport protocol

    8 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    Displaying logs and Configuring syslog
    Display example log:
    • show log-system log security log-record
    • show log-system log audit log-record
    • show log-system log alarm log-record
    • show log-system log event log-record
    • show log-system log detail

    Enable logging to external Syslog server:


    • set log-system syslog-server 172.16.111.53:514 syslog-enabled True

    Disable logging to server:


    • delete log-system syslog-server 172.16.111.53:514

    9 © 2019 ADVA Optical Networking. All rights reserved. Confidential.


    System Management
    Diagnostics

    10
    10 © 2019 ADVA Optical Networking. All rights reserved. Confidential.
    Diagnostics
    Command is collecting diagnostics data from specific module or entire node
    For entire node:
    • execute diagnostics generate-diagnostics
    For specific card:
    • execute card 1/2 diagnostics generate diagnostics

    Diagnostics package shall be uploaded to external server


    For entire node:
    • execute diagnostics copy-to-remote filename n1.tar.gz protocol ftp server-type ip-address server-ip-
    address 10.12.96.23 user-id admin password *
    For specific card:
    • execute card 1/2 diagnostics copy-to-remote filename card.tar.gz protocol ftp server-type ip-address
    server-ip-address 10.12.96.23 user-id admin password *

    11
    11 © 2019 ADVA Optical Networking. All rights reserved. Confidential.
    Authentication
    TACACS+

    12
    12 © 2019 ADVA Optical Networking. All rights reserved. Confidential.
    RADIUS and TACACS+
    RADIUS TACACS+
    proprietary no, completely partially documented
    documented in RFCs in draft RFC, Cisco
    owns the protocol
    free client software yes yes, but does not
    available support all extensions
    free server software yes, FreeRADIUS is the yes, but may not
    available standard support all features
    communication connection-less UDP TCP port 49 (for
    protocol port 1813 (for authentication)
    authentication)
    encryption only authenticated with complete "encryption"
    MD5; transmitted with MD5 and XOR
    passwords are encrypted
    separation of AAA accounting is separate complete separation of
    from the rest all three services - this
    allows combination
    with other services (e.g.
    Kerberos)
    sessions only login is controlled TACACS+ can run in a
    by RADIUS permanent session,
    which allows
    controlling of every
    command

    13
    13 © 2019 ADVA Optical Networking. All rights reserved. Confidential.
    Configure TACACS+ service

    Check list of local users:


    • show security user

    Check TACACS+ configuration (ADVA internal network only)


    • ssh to 10.143.1.5 (aosecsit\aosecsit123)
    • view tac_plus.conf

    Define TACACS+ server:


    • set security tacacs-plus ip-address 10.143.1.5 priority 1
    (Proirity 1 moves tacacs+ to top of the list of security check methods – compare to Web GUI)
    • (password: Covaro#1)

    Open another CLI session, logging with external account:


    • Provision\Provision#1

    14
    14 © 2019 ADVA Optical Networking. All rights reserved. Confidential.
    Thank you
    training@advaoptical.com

    IMPORTANT NOTICE
    The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation.
    Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.

    The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA
    Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special
    damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.

    Copyright © for the entire content of this presentation: ADVA Optical Networking.

    You might also like