E5-400 R2.1 User Guide - Calix

E5-400 R2.1 User Guide#220-00487, Rev. 10
Proprietary Information: Not for use or disclosure except by written agreement with Calix. © Calix. All Rights Reserved.
Contents
Introducing the Calix E5-400 .................................................................................. 10
About the E5-400 Interfaces ................................................................................... 13
About the E5-400 Command-Line Interface (CLI) ........................................... 13 About the E5-400 Web Interface ..................................................................... 17
Connecting to the E5-400 ........................................................................................ 19
Connecting a PC to the E5-400 ...................................................................... 20 Logging In to the E5-400 Web Interface ......................................................... 23 Logging In to the E5-400 Command-Line Interface (CLI) ............................... 25
Configuring the E5-400 Management Interface ..................................................... 28
Configuring the Front Craft Ethernet Port ....................................................... 29 Configuring the Rear Craft Ethernet Port ........................................................ 31 Configuring the In-Band Management Interface ............................................. 33 Viewing the Craft Serial Port ........................................................................... 35
Performing Initial System Turn-Up ........................................................................ 36
Using the E5-400 System Turn Up Tool ......................................................... 37 Provisioning Basic E5-400 System Settings ................................................... 43
Managing an E5-400 in CMS ................................................................................... 46
Adding an E5-400 Node to CMS ..................................................................... 46 Creating a Graphical Link Between Calix Devices .......................................... 48 Viewing or Modifying E7 and E5-400 Platform Details .................................... 49 Modifying the E5-400 Default User Name or Password .................................. 51
Chapter 2: E5-400 System Administration .......................... 53
Managing System User Accounts .......................................................................... 54
Creating a System User Account .................................................................... 54 Modifying a System User Account .................................................................. 56 Changing System User Passwords................................................................. 56
4
Configuring SNMP Management ............................................................................ 58
Configuring the SNMP Agent Port .................................................................. 59 Managing SNMPv3 User Accounts ................................................................. 59 Creating an SNMP Community ....................................................................... 62 Configuring an SNMP Trap Destination .......................................................... 63
Configuring Secure System Access ...................................................................... 66
Adding a System RADIUS Server ................................................................... 67 Modifying the RADIUS Server Parameters ..................................................... 68 Configuring the RADIUS Client ....................................................................... 69 Deleting a System RADIUS Server ................................................................. 70
Performing Backup and Restore Operations ........................................................ 71
Backing Up the System Database .................................................................. 71 Restoring a Backup Database ........................................................................ 74 Scheduling an E5-400 Node Backup .............................................................. 77
Upgrading System Software ................................................................................... 80
Performing a System Software Upgrade ......................................................... 80 Performing a System Software Revert ............................................................ 86
Rebooting the System ............................................................................................. 88
Creating Policies for Quality of Service................................................................. 90
Creating a Class Map and Rules .................................................................... 91 Creating a Policy Map and Policies................................................................. 93
Creating Service Profiles ........................................................................................ 96
Creating a Class of Service CoS Queue ......................................................... 96 Creating an Ethernet Port GOS Profile ........................................................... 98
Configuring an Ethernet or LAG Interface ........................................................... 100
Configuring an Ethernet Port ............................................................................... 110
Bulk Modifying Ethernet Ports ............................................................................. 115
Creating an ERPS Domain .................................................................................... 116
Creating VLANs ..................................................................................................... 121
Creating an IGMP Profile....................................................................................... 128
5
Provisioning VLAN Ranges .................................................................................. 133
Creating VLAN Memberships ............................................................................... 136
Configuring RSTP Settings ................................................................................... 143
Configuring Transport & Aggregation Support .................................................. 148
Ethernet Transport Applications .................................................................... 149 E5-400 Redundant Link Applications ............................................................ 156 Ethernet Uplink Applications ......................................................................... 161 Ethernet Downlinks for Aggregation Applications ......................................... 168 Ethernet Business Service Applications ........................................................ 175
Chapter 5: System Maintenance and Troubleshooting .... 181
Configuring Ethernet Port Mirroring .................................................................... 182
Configuring a VLAN Monitor ................................................................................ 185
Configuring a Syslog Server ................................................................................ 186
Configuring Interface Quality Audit ..................................................................... 189
Digital Diagnostics Monitoring ............................................................................. 191
Monitoring E5-400 Performance Data .................................................................. 192
Viewing Ethernet Port Performance Data ..................................................... 193 Viewing ERPS Domain Performance Data ................................................... 195 Viewing Ethernet Port Statistics .................................................................... 197 Viewing ERPS Statistics ............................................................................... 199 Viewing IGMP Statistics ................................................................................ 201
Viewing Notification Logs ..................................................................................... 203
Element Alarms ............................................................................................ 205 Environmental Alarms ................................................................................... 221 Events ........................................................................................................... 233
6
Troubleshooting .................................................................................................... 238
In-Band Management System Lockout ......................................................... 239 Log In Connection ......................................................................................... 240 Abort Script ................................................................................................... 241 User Password ............................................................................................. 242 SNMP Communication .................................................................................. 243 Network Connection to Host ......................................................................... 244 Recovering a Database ................................................................................ 245 Recovering the Software ............................................................................... 249 Resetting the Database to Factory Defaults ................................................. 250 Recovering from a System Lock-out ............................................................. 251
7
About This Guide
The Calix E5-400 platforms have an embedded graphical user interface that operates on a standard web browser, enabling management access via local or remote TCP/IP connections. This document describes how to perform all system management and operational functions using the Calix E5-400 web interface. The E5-400 shares a common architecture and features set with the Calix E5-312 Active Ethernet (AE) platform. For simplicity, this document refers to E5-400 only, as the E5-312 is very similar to the E5-400.
Intended Audience
This document is intended for personnel responsible for turning up and managing carrier network systems and services. This document assumes that the user's PC is equipped with a supported web browser (Internet Explorer or Firefox) and that the user is familiar with using a web browser. Familiarity with datacom, telecom, and standards-based Ethernet technologies and conventions is recommended.
Related Documentation
The Calix E5-400 documentation set includes:
Calix E5-400 Installation Guide Calix E5-400 User Guide Calix E-Series CLI Reference Calix E7 and E5-400 Software Upgrade Guide Calix E-Series Engineering and Planning Guide Calix E5-400 Quick Start Guide Calix CMS Guide
Chapter 1
Getting Started with the Calix E5-400
This section introduces the Calix E5-400 platform and its web interface for system management. This section also provides instructions for initial system turn-up and how to configure the management interface ports.
Note: For instructions on how to install the E5-400 hardware and connect physical network interfaces, see the Calix E5-400 Installation Guide.
Topics Covered
This section covers the following topics:
Introducing the Calix E5-400 About the E5-400 web interface Connecting to the Calix E5-400 Configuring the E5-400 management interface Performing initial system turn-up Managing the E5-400 in CMS
10
Introducing the Calix E5-400 The Calix E5-400 transport and aggregation platform is a compact (1 RU), environmentally hardened Ethernet switching platform that delivers scalable, high-bandwidth Ethernet services. The E5-400 is fully hardened for maximum deployment flexibility, and supports standards-based Ethernet technologies such as 10GE, NxGE, and GE transport (ERPS) and aggregation (LAG/RSTP), as well as point-to-point Ethernet or high-capacity Ethernet business service delivery.
The E5-400 provides multiple layers of protection to ensure network flexibility and redundancy. These include ITU G.8032-aligned Ethernet ring protection switching (ERPS), IEEE 802.1w rapid spanning-tree (RSTP), and IEEE 802.3ad link aggregation (LAG). ERPS creates a fault-tolerant network topology; RSTP maximizes redundant link flexibility; link aggregation streamlines bandwidth expansion.
Front View of E5-400 Chassis
The E5-400 is a complementary extension to the Calix C7 multiservice access platform (MSAP), the E5-100 Ethernet service platforms (ESPs) and the F5 GPON OLT platform.
The E5-400 provides the following standard services:
Transport of Ethernet traffic across standards-based point-to-point, star and ring network topologies
Aggregation of Calix products' IP voice, video, and data traffic onto Ethernet-based transport network(s)
Aggregation of 3rd party IP DSLAM platforms Delivery of point-to-point Ethernet business services Delivery of ONT based last mile Ethernet business or subscriber services
Calix E5-400 features The key Calix E5-400 system features are described below.
Ethernet line interfaces: The E5-400 front panel is equipped with the following Ethernet line interfaces:
(12) GE Small Form-Factor Pluggable (SFP) ports (SFP1 to SFP12)
(2) 10GE SFP+ ports (SFP+1 and SFP+2)
(2) 10GE XFP ports (XFP1 and XFP2)
11
Each port has a single LED to indicate an established link and data traffic activity.
See the following Calix Quick Tip bulletins on the Calix website for information on the support for SFP modules and direct attach cables:
Calix Equipment Support for SFP Modules Pairing Bidirectional SFPs to Support Single-Fiber Ethernet Links
High-capacity uplinks: You can configure any of the GE or 10GE ports as network uplinks (trunk links). With the use of 802.3ad Link Aggregation Protocol, you can combine multiple GE ports to provide uplink bandwidths from 1 to 12 Gbps, based on the number of ports (NxGE) included in the link aggregation group.
High-capacity downlinks: You can configure any of the GE or 10GE ports as downlinks (edge links) to subtended devices, including Calix C7, E5-100, or F5 systems.
Management ports: The E5-400 has the following ports available for device management:
Out-of-band management ports, available from 10/100 Fast Ethernet (FE) ports located on the front and rear panels. The front FE port is accessible via an RJ-45 port located on the front panel; the rear FE port is accessible via wire-wrap pins on the rear panel.
In-band management port, available from any Ethernet line interface linked to the management VLAN
RS-232 serial management port, accessible via wire-wrap pins on the rear panel.
Fan module: The E5-400 fan tray module cools the chassis to allow reliable operation in all environments. The fan tray module also hosts the front Ethernet management port, Alarm Cutoff (ACO), and alarm LEDs.
Power inputs: The E5-400 is equipped with dual power inputs to support redundant – 48VDC power feeds (A and B), switching between them when one source fails.
Alarm inputs and outputs: The E5-400 supports four input alarms and four configurable input/output alarms, located on the rear panel.
Operational LEDs: The E5-400 is equipped with the following LED operational indicators:
Ethernet line LEDs - Located at each SFP/SFP+/XFP slot on the front panel; indicate when an Ethernet link is established (green) and when passing traffic (orange).
Status LEDs - Located on the fan module front panel; indicate management link operation.
Alarm LEDs - Located on the fan module front panel; indicate critical, major, and minor alarms.
12
System management: The E5-400 provides the following user interfaces for system management:
Command-line interface (CLI) - Embedded CLI that supports local or remote access. See Calix E-Series CLI User Guide for more information.
Web interface - Embedded graphical user interface (GUI) that operates on a standard web browser for local or remote access (as described in this document).
The Calix Management System (CMS) supports E5-400 auto-discovery integration for element management and alarm aggregation.
13
About the E5-400 Interfaces
This section describes the Calix E5-400 command-line interface (CLI) and web interface that are available for system management access via local or remote TCP/IP connections and local console connections.
Another available interface is the Calix Management System (CMS) which is a client/server application that provides a graphical user interface for managing multiple Calix nodes.
About the E5-400 Command-Line Interface (CLI)
This topic describes the CLI environment and operation. Detailed information about using the CLI commands appears in subsequent sections. See the Calix E7/E5-400 Command-Line Interface (CLI) Reference for a comprehensive list of available commands.
Command assistance
The E5-400 offers command interactive help, command completion and history, as well as the ability to recognize abbreviations. As you type, the following keys can assist you with specifying the command you want:
The ? key displays the interactive help that is a list of valid keywords or values, along with brief descriptions. This helps new users learn the system as they use it.
The and arrows allow access and use of previous commands. The Ctrl+P key combination accesses the previous command. The Ctrl+N key combination accesses the next command. The Tab key expands a partially typed keyword and completes commands when unique
abbreviations are recognized by the system. These features allow experienced users to administer system control with a minimum of typing.
The and arrows allow editing in the current line. The Ctrl+A key combination moves the cursor to the beginning of the line. The Ctrl+C key combination cancels commands that have more than one step. For
example, prompting for a password. The Ctrl+E key combination moves the cursor to the end of the line. The Ctrl+B key combination moves the cursor back a space. The Ctrl+F key combination moves the cursor forward a space. The Ctrl+U key combination erases text from the cursor to the beginning of the line. The Ctrl+K key combination erases text from cursor to the end of the line.
14
Command syntax
The straight-forward command syntax has the following rules:
The E5-400 commands are “imperative,” meaning they start with a verb and instruct the system to perform some action.
For commands that have optional parameters, you can specify them in any order or omit any that are unnecessary.
When naming a database backup file, only use the following acceptable characters: letters, digits, underscore, and dash.
When restoring a backup database file from a Windows-based server, use a forward slash (/) as a path separation character when working with FTP application operations.
When referencing an entity name that has spaces, use quotation marks around the entity name. For example, use "Test 123" to enclose the name Test 123.
Note: If you type an invalid string—for example, the name of a command or statement that does not exist—the message “Invalid input detected at '^' marker” appears. The caret (^) indicates where the error is located.
Displaying valid keywords
The CLI provides the ability to display a list of valid keywords at the current level. This section presents some examples of how to evoke lists of particular command keywords and corresponding information.
Example 1:
Type "?" at the prompt and press Enter to see a list of the first-level commands available.
Possible commands:
clear Clear system diagnostic information.
commit Commit to a software version.
create Create system equipment and service objects.
delete Deletes system components.
disable Disable system equipment and service objects.
enable Enable system equipment and service objects.
exit Logout from this session.
extract Extract system data to server.
help Ask for help.
logout Logout from this session.
ping Ping another host.
reboot Reboot shelf, using the current software version.
remove Remove items from a collection.
15
reset Reset system components.
revert Revert to a software version.
set Configure system equipment and service objects.
show Show attributes of equipment and service objects.
snapshot Captures the current system database.
switch Switch to the loaded database.
telnet Start a telnet session to another host.
traceroute Find the route to another host.
turn-up Starts the interactive turn-up tool.
upgrade Upgrade system components.
Example 2:
Type clear ? to see a list of all possible completions for the clear command.
Possible completions:
stats Clear cumulative statistics.
Example 3:
Type clear log ? to see a list of all possible completions for the clear log command.
Possible completions:
dbchange Clear the database change log.
event Clear the event log.
security Clear the security log.
tca Clear the TCA log.
Displaying configuration settings
The CLI also provides information on the current configuration settings and performance monitoring data for the E5-400. This section presents an example of how to evoke lists of particular information.
Example 4:
Type show interface <interface name> and press Enter to list the current configuration settings for the specific Ethernet port interface.
Note: For E7, you can specify the name of a LAG interface, a card number, or a card/Ethernet port specification. For example, 2/g1. Permitted values for the port type are "g" (for Gigabit Ethernet) or "x" (for 10-Gigabit Ethernet).
16
Configuration settings shown:
Example 5:
Type show ? to see all of the possible sets of configuration parameters.
17
About the E5-400 Web Interface
The Calix E5-400 supports an embedded graphical user interface that operates on a standard web browser. The web browser format allows for management access via local or remote TCP/IP connections. You can perform all system management and operational functions from the web interface.
Note: The E5-400 also supports an embedded command line interface (CLI) for system management. See the Calix E-Series Command Line Interface (CLI) Reference for CLI usage information.
User PC system requirements
Calix recommends using a computer equipped with the following minimum hardware and software to access the E5-400 web interface:
PC Hardware 400 MHz (or higher) Pentium-compatible computer Minimum of 256 MB of memory (RAM) 1024 x 768 pixels minimum recommended screen resolution
Operating System Windows XP Windows 2000
Web Browser MS Internet Explorer 7.0 and above (JavaScript enabled) Mozilla Firefox 3.5 and above (JavaScript enabled)
18
E5-400 web interface design
The E5-400 web interface is comprised of three functional areas (frames), defined as follows:
1 Navigation Tree: Displays the physical and logical elements of the system. The E5-400 chassis is at the highest level, with its fan tray, physical Ethernet ports, and logical sub-interfaces (VLANs, logical Ethernet ports) at the next level. Click an object on the navigation tree to display its attributes in the main window (Work Area).
2 Work Area: Displays information and attributes about objects selected on the Navigation Tree. View and modify settings in the Work Area, which includes overhead tabs and sub-tabs for displaying more specific functions for the selected category.
3 Alarm Status Area: Displays a table of all standing alarms, events, and threshold events, and includes a color-coded status monitor.
E5-400 web interface controls
The E5-400 web interface's basic operational controls are performed as follows:
Click an object on the navigation tree to display its attributes in the Work Area. Click the overhead tabs and sub-tabs to display menu options for that function. Click the Apply button on overhead tabs, sub-tabs, or in pop-up dialog boxes to apply
provisioning changes. Click Logout to end a session and log out of the web interface.
19
Connecting to the E5-400
This section describes how to connect to the E5-400 for system management. The following tasks are covered:
Establishing a PC connection to the E5-400 Configuring the PC to communicate with the E5-400 Logging in to the E5-400
20
Connecting a PC to the E5-400
This topic describes how to connect your PC to the E5-400 and configure the PC to communicate with the E5-400. These tasks are required to access the E5-400 web interface.
Connection options
Access the E5-400 interface by connecting a TCP/IP link between your PC and one of the following management ports:
Front out-of-band Ethernet management port Rear out-of-band Ethernet management port In-band management port
Use the front Ethernet port first: The E5-400 rear Ethernet and in-band management ports are disabled by default, so initial system turn-up requires connecting to the front Ethernet management port. After initially connecting to the E5-400 front Ethernet port, you can then enable and configure the rear Ethernet and/or in-band management ports to support management connections.
DHCP support: The front and rear Ethernet management ports are equipped with internal DHCP servers, allowing user PCs connected to these ports to get an IP address in the same (management) subnet automatically. By default, the front port DHCP server provides up to three host leases, to limit the E5-400 responses to other DCHP host broadcasts if the front FE port is connected to the LAN. The rear port DHCP server is disabled by default.
Connecting a PC to the E5-400 front Ethernet port
To access the web interface, connect your PC to the E5-400 front Ethernet port. Use a standard Ethernet jumper cable (RJ-45 connectors on both ends) as follows:
1. Connect one cable end to the E5-400 front Ethernet management port, located on the front panel (labeled ETH MGMT 1).
2. Connect the other cable end to the Ethernet port on your PC.
For detailed wiring instructions, see the Calix E5-400 Installation Guide.
21
Note: The front Ethernet management port is intended for direct local management access, and should remain available for this purpose. If you require permanent out-of-band management connectivity to the E5-400, Calix recommends using the rear Ethernet management port.
The following procedures apply to PCs running Microsoft Windows XP. Before making changes, record your current settings to restore them later, if needed.
Configuring your PC to communicate with the E5-400 using DHCP
Use this procedure to configure your PC if:
You are connecting to the E5-400 front Ethernet management port, and The front or rear Ethernet management port's internal DHCP server is enabled.
To configure your PC to communicate with the E5-400 using DHCP
1. On the PC Start menu, click Settings > Network Connections. Right-click Local Area Connection, then click Properties.
2. In the Local Area Connection Properties dialog box, do the following:
a. On the General tab, click Internet Protocol (TCP/IP).
b. Verify that the check box for Internet Protocol (TCP/IP) is selected.
c. Click Properties.
3. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, do the following:
a. Click the Obtain an IP Address Automatically option.
b. Click the Obtain DNS Server Address Automatically option.
4. Click OK in all open dialog boxes to save your network connection settings.
Configuring your PC to communicate with the E5-400 (no DHCP)
Use this procedure to configure your PC if:
You are connecting to the E5-400 front or rear Ethernet management port and its internal DHCP server is disabled, or
You are connecting to the E5-400 in-band management port.
22
To configure your PC to communicate with the E5-400 without using DHCP
1. On the PC Start menu, click Settings > Network Connections. Right-click Local Area Connection, then click Properties.
2. In the Local Area Connection Properties dialog box, do the following:
a. On the General tab, click Internet Protocol (TCP/IP).
b. Verify that the check box for Internet Protocol (TCP/IP) is selected.
c. Click Properties.
3. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, do the following:
a. Click the Use The Following IP Address option.
b. In the IP Address box, type 192.168.1.2
c. In the Subnet Mask box, type 255.255.255.0
d. In the Default Gateway box, leave the box blank.
e. Leave both DNS Server address boxes empty.
4. Click OK in all open dialog boxes to save your network connection settings.
After completing the task above, your PC is ready to connect to the E5-400.
Related topics
Configuring the E5-400 Management Interface (on page 28) Configuring the Rear Craft Ethernet Port (on page 31) Logging In to the E5-400 (on page 23) Logging in to the E5-400 Command-Line Interface (CLI) (on page 25)
23
Logging In to the E5-400 Web Interface
Launch an E5-400 web interface session by entering the E5-400 IP address into your browser. The E5-400 supports 15 simultaneous web interface sessions.
To establish an E5-400 web interface session
1. Verify that your PC is connected to the E5-400.
2. Open a web browser window (i.e., Internet Explorer or Firefox).
3. In the browser's URL Address box, type the E5-400 management IP address, then press the Enter key. For example, type 192.168.1.1 (default IP address of the E5-400 front Ethernet management port).
Note: The web interface operates in secure HTTP mode (HTTPS) by default. Therefore, you must type https:// before typing the E5-400 management IP address. You can change this default setting.
4. In the Login dialog box, do the following:
a. In the User Name box, type your user name. For example, type e5 (default).
b. In the Password box, type your password. For example, type admin (default).
24
Note: For security, Calix recommends changing the password for the default e5 user ID.
5. Click OK to log in to the web interface.
Upon logging in for the first time, the system displays a "System Turn Up" utility that you can use to simplify the system turn-up process. To bypass the tool, click Close. All configurations performed by the tool are available elsewhere in the web interface and can be performed later.
Note: Because the E5-400 web interface operates in secure HTTP mode (HTTPS) by default, upon logging in for the first time, your web browser may present a security warning message. Accept the certificate to proceed to the web interface as described below.
The following example is from Firefox 2.0. In the security message dialog box, choose either Accept this certificate permanently or Accept this certificate temporarily for this session and then click OK.
25
The following example is from Internet Explorer. In the security message dialog box, click Yes to proceed.
Note: Click Log Out at the top-right corner of the browser window when you want to close an E5-400 session. If you use other methods to close the browser, the session remains open for 30 minutes.
Related topics
Connecting a PC to the E5-400 (on page 20) Performing Initial System Turn-Up (on page 36) Managing System User Accounts (on page 54) Using the E5-400 System Turn Up Tool (on page 37)
Logging In to the E5-400 Command-Line Interface (CLI)
The E5-400 supports both TCP/IP and RS-232 serial connections to the command-line interface (CLI). The E5-400 supports 5 simultaneous CLI sessions. Access the CLI using one of the following methods:
TCP/IP connection: To use a local or remote TCP/IP connection, you must be connected to one of the E5-400 Ethernet management ports or the in-band management port. You can access the CLI via telnet or SSH (port 22).
RS-232 serial connection: To use an RS-232 serial connection, you must be connected to the E5-400 serial port. You can access the CLI via a terminal emulation program, such as HyperTerminal or ProComm Plus.
26
Note: As an "unsecure" connection type, telnet and HTTP access to the E5-400 is not enabled by default. Therefore, for initial system turn-up over a TCP/IP connection, use a terminal emulation program configured for SSH Authentication or a web browser using the Secure HTTP protocol (HTTPS) to access the E5-400. After initially connecting via SSH (port 22), you can enable telnet access by issuing the following command: set system telnet-server enabled.
Note: The CLI command disable session timeout disables the default behavior of logging out the current session after five minutes of inactivity. This setting is useful for collecting debugging information, yet, it should be used sparingly. A session could become stranded if you forget which terminal window it was in, causing the session to be unavailable for other users.
Establishing a Telnet Connection
You can connect to the CLI locally or remotely via telnet. For initial system turn-up, connect to the E5-400 front Ethernet management port.
To establish a telnet connection to the CLI
1. Verify that your PC is connected to the E5-400.
2. Launch a telnet session as follows:
a. On your PC Start menu, click Run.
b. In the Open box, type cmd and click OK open the DOS command prompt window.
c. At the command prompt, type telnet to start the telnet client.
3. Log into the E5-400 CLI as follows:
a. At the telnet command prompt, type o (open host) followed by a space and the host IP address, then press <Enter>. For example, type o 192.168.1.1 (default IP address of the E5-400 front Ethernet port).
b. At the Username prompt, enter your user name. For example, type e5 (default).
c. At the Password prompt, enter your password. For example, type admin (default).
Note: The logon ID and password are case sensitive.
The Calix> command prompt displays upon successful login to the E5-400 CLI.
Establishing a Local Console Connection
You can connect locally to the CLI from the E5-400 serial port.
27
To establish a local console connection to the CLI
1. Verify that your PC is connected to the E5-400 serial port. See the Installation Guide for instructions.
2. On your PC, use a VT100 terminal emulation program to start a console session. For example, launch a HyperTerminal session as follows:
a. On the Start menu, click Programs > Accessories > Communications > HyperTerminal.
b. In the Connection Description dialog box's Name field, type a name for the session, then click OK.
c. In the Connect To dialog box, in the Connect Using list, select the PC serial port to which the console cable is connected. For example, click COM1.
d. In the COM# Properties dialog box, on the Port Settings tab, do the following:
In the Bits per Second list, click 38400.
In the Data Bits list, click 8.
In the Parity list, click None.
In the Stop Bits list, click 1.
In the Flow Control list, click None.
e. Click OK to connect.
3. In the console window, press the Enter key to initiate the console CLI session.
4. Log into the E5-400 CLI as follows:
a. At the Username prompt, enter your user name. For example, type e5 (default).
b. At the Password prompt, enter your password. For example, type admin (default).
Note: The logon ID and password are case sensitive.
The Calix> command prompt displays upon successful login to the E5-400 CLI.
Note: Upon logging in for the first time, the system automatically runs an "initial configuration" script that you can use to simplify the system turn-up process. At the prompts, type the requested information to configure the E5-400 control and system functions.
Note: For security, Calix recommends changing the password from the default user ID.
28
Configuring the E5-400 Management Interface
The Calix E5-400 is equipped with several management interface ports to support multiple connection methods to the E5-400 web interface and/or command-line interface (CLI).
Front Ethernet management port: The front Ethernet management port is an out-of- band 10/100 Fast Ethernet (FE) port, accessible via an 10/100 Base-T Ethernet (RJ-45) jack located on the front panel. Use the front Ethernet management port for local management access, including initial system turn-up. This port provides a one-way security model for a single connection to corporate management and does not allow for node-to-node connections within a network or subnetwork.
Rear Ethernet management port: The rear Ethernet management port(s) is an out-of- band 10/100 Fast Ethernet (FE) port, accessible via an RJ-45 jack located on the rear panel. Use the rear Ethernet management port to provide a permanent out-of-band network connection to back office management connections. This port provides a one- way security model for a single connection to corporate management and does not allow for node-to-node connections within a network or subnetwork. The E7-20 has redundant ports on the rear panel.
In-band management port: The in-band management port supports remote management configured on any VLAN on any E5-400 Ethernet port interface, where the 1-GE or 10-GE port is added to the management VLAN. This port allows for node-to node connections within a network.
RS-232 serial port: The RS-232 serial port (RJ-11) is accessible on the front panel. Use the serial port to establish local console connections to the CLI only. The serial port is always on and uses fixed connection settings.
29
Configuring the Front Craft Ethernet Port
The E5-400 is equipped with a 10/100 Fast Ethernet (FE) management port on its front panel, accessible via an RJ-45 jack on the fan module. Use the front Ethernet management port for local, out-of-band (Craft) management access, such as during initial system turn-up. This port provides a one-way security model for a single connection to corporate management and does not allow for node-to-node connections within a network or subnetwork. For instructions to access the front Ethernet port for the first time, see Connecting a PC to the E5-400 (on page 20).
The front Ethernet management port is configured with a default IP address of 192.168.1.1. The port is also equipped with a built-in DHCP server to automatically provide the user PC connected to it with an IP address in the same (management) subnet. By default, the internal DHCP server provides up to three host leases, to limit the E5-400 responses to other DCHP host broadcasts if the front FE port is connected to the LAN. The DHCP lease time is 10 minutes.
The front Ethernet management port is identified in the web interface as Craft FE: Front. You can modify the front Craft FE front port settings from the defaults as required.
To configure the front Ethernet management port (Craft FE: Front)
1. On the Navigation Tree, click E5-400.
2. In the work area, click Management > Craft Mgmt Interfaces > Ethernet Port.
3. In the table view, click the Front row to display the port settings for Craft Fast Ethernet port located on the E5-400 front panel.
4. Modify the Craft FE front port settings as follows:
a. In the Admin Status list, select enabled to enable front Craft FE front port access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the front Craft FE front port, or accept the default (192.168.1.1)
c. In the Subnt Mask box, type a subnet mask for the front Craft FE front port, or accept the default.
d. In the Enable DHCP Server? box, select Y (Yes) to enable the internal DHCP server on this port, or select N (No) to disable it.
Perform the following additional steps only if you enabled the internal DHCP server (Enable DHCP Server? = Y in Step 4d).
e. In the DHCP Server Start Address box, type the first IP address of a range to assign to hosts.
30
f. In the DHCP Server End Address box, type the last IP address of a range to assign to hosts.
g. In the DHCP Server Defined Gateway list, select Y (Yes) to define this port's IP address as the gateway for DHCP hosts, or select N (No) to not define a gateway address for hosts. Calix recommends selecting No for most applications.
5. Click Apply to update the settings.
Note: To establish a permanent out-of-band management connection to the E5-400, Calix recommends using the rear Ethernet management port.
For CLI:
show craft-fe front
enable craft-fe front
disable craft-fe front
Related topic
31
Configuring the Rear Craft Ethernet Port
The E5-400 is equipped with a secondary 10/100 Fast Ethernet (FE) management port on its rear panel, accessible via wire-wrap pins. Use the rear Ethernet management port to provide a permanent out-of-band connection for local management of the E5-400. This port provides a one-way security model for a single connection to corporate management and does not allow for node-to-node connections within a network or subnetwork.
The rear Ethernet management port is disabled by default. To use it, you must enable the port and configure it with an IP address. The rear Ethernet port is equipped with a built-in DHCP server that you can use to automatically provide IP addresses to user PCs connected to the port. By default, the DHCP server on the rear port is disabled.
The rear Ethernet management port is identified in the web interface as Craft FE: Rear. You can modify the rear Craft FE port settings as described below.
Note: If the front and rear Ethernet management ports (Craft FE: Front, Craft FE: Rear) are both enabled, their IP addresses must belong to different subnets. Also, the craft management ports cannot use IP addresses from the same subnet where DHCP Snooping is enabled.
To configure the rear Ethernet management port (Craft FE: Rear)
2. In the work area, click Management > Craft Mgmt Interfaces > Ethernet Port.
3. In the table view, double-click the CraftFe: Rear row to display the port settings for Craft Fast Ethernet.
4. Modify the Craft FE rear port settings as follows:
a. In the Admin Status list, select enabled to enable rear Craft FE rear port access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the rear Craft FE rear port.
c. In the Subet Mask box, type a subnet mask for the rear Craft FE rear port.
d. In the Enable DHCP Server? box, select Y (Yes) to enable the internal DHCP server on this port, or select N (No) to disable it.
Perform the following additional steps only if you enabled the internal DHCP server (where Enable DHCP Server? = Y in Step 4d).
e. In the DHCP Server Start Address box, type the first IP address of a range to assign to hosts.
32
f. In the DHCP Server End Address box, type the last IP address of a range to assign to hosts.
g. In the DHCP Server Defined Gateway list, select Y (Yes) to define this port's IP address as the gateway for DHCP hosts, or select N (No) to not define a gateway address for hosts. Calix recommends selecting No for most applications.
For CLI:
set craft-fe rear [ip|netmask|dhcp-server|dhcp-ip-start|dhcp-ip- end|dhcp-dflt-gw|admin-state]
show craft-fe rear
33
Configuring the In-Band Management Interface
The E5-400 is equipped with an in-band management port, to support remote management over its "in band" Ethernet line interfaces. The in-band management port is accessible from any of the system's Gigabit Ethernet (GE) or 10-Gigabit Ethernet (10GE) line interfaces, provided that the line port is added to the management VLAN. Connection speed depends on the line rate of the access port (GE or 10GE) as well as the priority assigned to the management VLAN.
Note: Calix strongly recommends that you reserve a VLAN for the purpose of management traffic only and not use it for regular network traffic.
The in-band management port is disabled by default. To use in-band management, you must provision the following parameters, which you may have already done via the System Turn Up tool:
1. Enable the in-band management port.
2. Configure the management port with an IP address.
3. Provision a management VLAN.
4. Assign the port interface to the management VLAN.
Note: If all of the E5-400 management ports are enabled, their IP addresses must belong to different subnets.
To configure the in-band management interface
1. If the management VLAN does not already exist, you must create it before continuing.
3. In the work area, click Management > Inband Mgmt Interface to display the port settings for Management Configuration 1.
4. Modify the in-band management port settings as follows:
a. In the Admin Status list, select enabled to enable in-band management access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the in-band management port.
c. In the Subnet Mask box, type a subnet mask for the in-band management port.
d. In the Management VLAN box, type the VLAN ID number of the management VLAN.
Note: You must specify an existing VLAN ID. If the VLAN does not exist, an error message displays when you click Apply. ven if no interface is currently using VLAN 1 as the Native VLAN, it is still off limits for user provisioning, including use as the Management VLAN.
34
6. Once a management VLAN is established, you can add GE or 10GE port interfaces to the management VLAN as required to enable in-band management over those links.
8. In the work area, click System > Provisioning to define a default gateway for all E5-400 management traffic. Any received traffic with an unknown destination IP address will be forwarded to the default gateway.
9. For the IP Gateway box in the System Provisioning screen, enter the Gateway IP address for network management.
For CLI:
set craft-fe rear [ip|netmask|dhcp-server|dhcp-ip-start|dhcp-ip- end|dhcp-dflt-gw|admin-state]
show craft-fe rear
show craft-fe rear
set craft-fe rear
disable craft-fe rear
enable craft-fe rear
Example of set command: set craft-fe rear ip 192.168.1.1 netmask 255.255.255.0 dhcp-server enabled dhcp-ip-start 192.168.1.50 dhcp-ip-end 192.168.1.55
Related topics
Using the E5-400 System Turn Up Tool (on page 37) Creating VLANs (on page 121) Creating VLAN Memberships (on page 136)
35
Viewing the Craft Serial Port
The E5-400 is equipped with an RS-232 serial port, accessible from the FTA front panel. You can use the serial port to connect to the E5-400 command line interface (CLI). The web interface is not accessible from an RS-232 serial connection.
The serial port is always enabled and uses the following fixed connection settings:
Baud Rate: 38400
Data Bits: 8
Note: You cannot currently modify the serial port connection settings.
To view the craft serial port
2. In the work area, click Management > Craft Mgmt Interfaces > Serial Port.
3. Check the serial port signaling settings as required.
For instructions to connect an RS-232 cable to the serial port pins, see the Calix E5-400 Installation Guide. Establish a console connection to the CLI using a standard VT100 terminal emulation program (such as HyperTerminal or ProComm Plus).
For CLI: show craft-serial
36
Performing Initial System Turn-Up
This section describes how to perform an initial turn-up of an E5-400 system. The E5-400 provides two optional methods for performing the initial configuration:
Using the "System Turn Up" tool The tool simplifies the process by providing configuration of several key system elements from a series of provisioning screens. The "System Turn Up" tool appears automatically when you first log in to the E5-400 web interface.
Provisioning basic system settings manually All of the system elements configured by the System Turn Up tool are also available elsewhere in the web interface and can be configured individually.
This section covers both of the initial system turn-up methods.
37
Using the E5-400 System Turn Up Tool
This topic describes how to turn up an E5-400 using the "System Turn Up" tool that appears when you first login to the system. The tool includes provisioning support for the following categories:
System Configuration - defines the general network-related settings. Further settings are available in the System Provisioning screen.
Craft Eth Port Front Configuration - defines the 10/100 Ethernet management port that is located on the front panel, intended for local connection to a PC for initial system turnup.
Craft Eth Port Rear Configuration - defines the Ethernet management port that is located on the rear panel, intended for a permanent out-of-band connection for local management of the E5-400. This port provides a one-way security model for a single connection to corporate management and does not allow for node-to-node connections within a network or subnetwork.
Inband Management Configuration - defines the parameters of the in-band management interface. This interface allows remote management through any of the GE or 10GE port interfaces.
SNMP Configuration - defines aspects of a fault management capability that captures performance data and sends it to a designated destination. You must configure these settings to view E5-400 alarms in the Calix Management System (CMS).
Management Gateway Configuration - defines the address for the IP gateway.
Note: After the initial turn-up procedure, if you want to change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
For standalone shelves, all of the parameters included in the tool can be modified after the E5-400 initial turn up using either of the following methods:
Manually restarting the tool described in this topic: a. On the Navigation Tree, click E5-400.
b. Click System > Provisioning tabs.
c. From the menu, click Action > System Turn Up.
For CLI: Use the turn-up command to restart the tool and then respond to a series of prompts.
Before starting
Before starting the turn-up process, check that the following conditions are met:
The E5-400 Ethernet management port is connected to a laptop computer and you have logged into the system.
38
System turn up parameters
You can provision the following parameters for the system turn up process:
Parameter Description Valid Options
System (ID) A unique name to identify the particular unit in a network. 31 characters
System Location Name of the system location. 31 characters
CLI Telnet Whether a telnet session to another host is allowed. Y (Yes) N (No) ‡
HTTP enabled Specifies whether basic (unsecure) HTTP protocol can be used for the web interface. Y (Yes) enables basic HTTP, N (No) enables only Secure HTTP (HTTPS).
Y (Yes) N (No) ‡
Time Zone Global time zone the E5-400 uses as a reference. Any available time zone
NTP Server NTP server the E7 uses as a reference time source. The E5-400 does not provide time reference service to other devices.
4-byte IP address
Craft Eth Ports
IP Address IP address of the E7 Ethernet management port. To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
4-byte IP address
Front craft = 192.168.1.1 ‡
Rear craft = 0.0.0.0 ‡
Subnet Mask Subnet mask for the Ethernet management port. 4-byte IP address
Front craft = 255.255.255.0 ‡
Enable DHCP Server? Whether the Fast Ethernet ports provide DHCP service that automatically configures the DHCP-enabled client computer to communicate with the E5-400 upon connection.
Y (Yes) N (No)
DHCP Server Start Address
IP address that starts the block of addresses available for assignment through DHCP.
4-byte IP address
Front craft = 192.168.1.100 ‡
DHCP Server End Address
IP address that ends the block of addresses available for assignment through DHCP.
4-byte IP address
Front craft = 192.168.1.102 ‡
Inband Management Configuration
Admin State Admin state of the management interface. enabled disabled ‡
IP Address IP address of the E5-400 Ethernet management port. To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
4-byte IP address
Subnet Mask Subnet mask for the Ethernet management port. 4-byte IP address
Management VLAN Name of VLAN (or VLAN ID). VLANs can be specified by name or by numeric VLAN ID. Note: Calix strongly recommends that you use a dedicated VLAN for management traffic. Using the Native VLAN for management traffic is not recommended.
2-4093
39
SNMP
Trap Destination* Index of SNMP trap destination. Typically the IP address of the CMS server.
4-byte IP address
SNMP Version* SNMP version. v2c v3
User Name 1
Password 1
Access Level 1
Specifies the security features available for the user. nosec auth-unencr auth-encr
V2C Community 2
Management Gateway Configuration
IP Gateway Gateway IP address for network management. To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
4-byte IP address
1 Applies to SNMP v3 only
2 Applies to SNMP v2c only. For CMS R10.3, use SNMPv2c only
‡ Default value
To initially turn up the E5-400
1. Log in to the E5-400 system, if you have not already done so.
2. In the System Configuration section of the System Turn Up dialog box, do the following:
a. In the System ID box, enter a name to identify the shelf.
b. In the System Location, enter a description of the E5-400 system.
c. In the CLI Telnet box, select whether to enable the telnet access to the command line interface. By default, Telnet is disabled.
d. In the HTTP enabled box, select whether to enable the unsecure HTTP on the E5- 400. By default, HTTP is disabled.
e. In the Time Zone box, select the correct time zone for the location of the E5-400.
f. In the NTP Server box, enter the NTP server IP address that the E5-400 will use as a reference time source. If you want to assign other NTP servers for redundancy, see "To assign multiple NTP servers" later in this topic.
g. Click Next.
40
3. In the Craft Eth Port Front/Rear Configuration sections of the System Turn Up dialog box, do the following:
a. In the IP Address box, enter the IP address of the Ethernet management port.
b. In the Subnet Mask box, enter the subnet mask for the Ethernet management port.
c. In the Enable DHCP Server list, select whether to enable DHCP service that automatically configures the DHCP-enabled client computer to communicate with the E5-400 upon connection to the Ethernet management port.
d. In the DHCP Server Start Address box, enter the IP address that starts the block of addresses available for assignment through DHCP.
e. In the DHCP Server End Address box, enter the IP address that ends the block of addresses available for assignment through DHCP.
f. Click Next.
4. In the Inband Management Configuration section of the System Turn Up dialog box, do the following:
a. In the Admin State list, select whether the management interface is enabled.
b. In the IP Address box, enter the IP address for the management interface.
Note: To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0. and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
c. In the Subnet Mask box, enter the IP network mask of the IP management interface.
d. In the Management VLAN box, enter the name of the management VLAN or the VLAN ID.
Note: Calix strongly recommends that you use a dedicated VLAN for management traffic.
e. Click Next.
5. In the SNMP Configuration section of the System Turn Up dialog box, do the following:
a. In the Trap Destination box, enter the IP address where the notifications are sent (typically the CMS server IP address).
b. In the Port box, enter the alternate port for the SNMP agent. The default is 161, which is the standard port number defined by the IANA.
c. In the SNMP Version list, select the SNMP version that you will be using for the network.
d. If you selected v2c, do the following:
In the V2c Community box, enter the community string (typically "public").
41
e. If you selected v3, do the following:
In the User Name box, enter the user name assigned to the SNMPv3 user account.
In the Password box, enter the password assigned to the SNMPv3 user.
In the Access Level box, enter the security level assigned to the SNMPv3 user.
Note: You can also create additional SNMP user accounts.
f. Click Next.
6. In the IP Gateway box in the Management Gateway Configuration section of the System Turn Up dialog box, enter the Gateway IP address for network management.
7. Click Finish.
For CLI:
Use the turn-up command and then answer a series of prompts to configure several key system elements, as described in the parameters table above.
To modify a parameter that was set in the system turn up
1. In the Navigation Tree, click E5-400.
2. Click the System > Provisioning tabs, and then click Action > System Turn Up.
3. Follow the steps above.
For CLI:
Use the turn-up command and then answer a series of prompts to configure several key system elements. Or, use the appropriate set command. To modify values for an expansion shelf, use the set craft-fe command.
To assign multiple NTP servers
1. In the Navigation Tree, click E5-400.
2. Click the System > NTP tabs.
3. In the NTP Settings screen, do the following:
a. In the Admin Status box, select whether to enable the service. Selecting disabled allows the system time to drift away from a reference source that is known to be reliable. This is not recommended.
b. In the Server 1 IP box, enter the IP address for the NTP server that the E5-400 uses as a time reference.
c. In the Server 2 IP box, enter the IP address for the NTP server that the E5-400 uses as a time reference if Server 1 is unavailable.
42
d. In the Server 3 IP box, enter the IP address for the NTP server that the E5-400 uses as a time reference if both Server 1 and Server 2 are unavailable.
4. From the menu, click Apply.
For CLI:
Related topics
Logging In to the E5-400 (on page 23) Provisioning Basic E5-400 System Settings (on page 43) Configuring the E5-400 Management Interface Ports (on page 28) Configuring SNMP Management (on page 58)
43
Provisioning Basic E5-400 System Settings
This topic describes how to provision system attributes that are in addition to the parameters accessible from the System Turn Up tool.
Before starting
Before starting the system configuration process, check that the following conditions are met:
The E5-400 Ethernet management port is connected to a laptop computer and you have logged in to the system.
You have already set the parameters accessible in the System Turn Up dialog box.
System configuration parameters
You can provision the following parameters for the system configuration:
System (ID)
A unique name to identify the particular unit in a network. 31 characters
System Location Name of the system location. 31 characters
CLI Telnet Whether a telnet session to another host is allowed. Y (Yes) N (No) ‡
HTTP enabled Whether the HTTP is enabled. The HTTPS is always enabled. Y (Yes) N (No) ‡
IP Gateway Gateway IP address for network management.
Note: To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
4-byte IP address
Password Expiry (Days) Password expiration interval for CLI and web browser users' accounts. Setting the value to "0" causes the system to never have the password expire.
0-100
Primary DNS Server IP address of primary DNS server. This is an IP address in "dotted quad" format: "192.168.1.100." Alternatively, set the value to "0.0.0.0."
0.0.0.0
Sec. DNS Server IP address of secondary DNS server. This is an IP address in "dotted quad" format: "192.168.1.100." Alternatively, set the value to "0.0.0.0."
0.0.0.0
Time Zone World time zone the E5-400 uses as a reference.
First Reserved VLAN First reserved VLAN in a set of four contiguous VLANs that are used for internal system operation.
2-4093
BAR Transfer Protocol Backup and Restore (BAR) transfer protocol used during the E5- 400 database backup or restore process.
ftp-active ‡ ftp-passive sftp
44
ftp-active ‡ ftp-passive sftp
BAR Transfer Port Port number for the Backup and Restore (BAR) transfer that is either a default value that correlates to the Backup and Restore (BAR) protocol choice, or an alternate port number you specify.
ftp default = 21 sftp default = 22 Alternate = 1-65000
Upgrade Transfer Port Port number for the software upgrade transfer that is either a default value that correlates to the upgrade transfer protocol choice, or an alternate port number you specify.
ftp default = 21 sftp default = 22 Alternate = 1-65000
User Authorization Order Order to follow for user authorization: local database only, local database then RADIUS server, RADIUS server only, RADIUS server then local database.
local‡, local-radius, radius, radius-local
2. Click System > Provisioning tabs.
3. In the System Provisioning screen, do the following:
a. In the Admin State box, select whether the E5-400 is in service.
b. In the System ID box, enter a unique name to identify the E5-400 system.
c. In the System Location, enter a description of the E5-400 system.
d. In the CLI Telnet box, select whether to enable the telnet access to the command line interface. By default, Telnet is not enabled.
e. In the HTTP enabled box, select whether to enable the unsecure HTTP on the E5- 400. By default, HTTP is not enabled.
f. In the IP Gateway box, enter the Gateway IP address for network management.
Note: To change the IP address to an address in another subnet, first change the default gateway to 0.0.0.0 and then change the IP address. This prevents the situation where the gateway is not on the same subnet.
g. In the Password Expiry box, enter the password expiration interval in days for CLI and web browser users.
h. In the Primary DNS Server box, enter the IP address of the DNS server that the E5- 400 uses for assigning IP addresses to the management interfaces.
i. In the Sec. DNS Server box, enter the IP address of the DNS server that the E5-400 uses for assigning IP addresses to the management interfaces, if the primary DNS server is unavailable.
j. Next to the Time Zone box, click the button and select the correct time zone for the location of the E5-400.
45
k. In the First Reserved VLAN box, enter the first value in the set of VLANs that are reserved.
l. In the BAR Transfer Protocol list, select the transfer protocol for the E5-400 database backup and restore (BAR) processes.
m. In the Upgrade Transfer Protocol list, select the transfer protocol for the E5-400 software upgrade processes.
n. In the BAR Transfer Port list, select whether the port number for the backup-and- restore (BAR) transfer process is a default value that correlates to the BAR protocol choice (ftp=21, sftp=22) or specify an alternate value.
o. In the Upgrade Transfer Port list, select whether the port number for the software upgrade transfer process is a default value that correlates to the upgrade transfer protocol choice (ftp=21, sftp=22) or specify an alternate value.
p. In the User Authorization Order list, select the order to follow for authorizing users.
4. Click Apply.
For CLI:
Use the set system command to provision system attributes that are in addition to the parameters accessible from the System Turn-up tool.
Examples of the commands to use for basic system settings:
show system
set system user-auth-order
Related topics
Connecting a PC to the E5-400 (on page 20) Using the E5-400 System Turn Up Tool (on page 37)
46
Managing an E5-400 in CMS
This section describes how to add an E5-400 node to a CMS network group, allowing management of the device from CMS.
Adding an E5-400 Node to CMS
Adding an E5-400 or E7 device to a CMS network group allows management of the device from CMS. Part of the process of adding the device to the network group involves setting up CMS as a trap destination on the E5-400 or E7 node. When this process is completed, the E7 notifies the CMS upon a GPON ONT or AE ONT arrival, immediately establishing a relationship without a synchronization task.
Optionally, you can create a graphical link from another Calix network element, such as a C7 shelf, and view the link in Topology view.
Creating an E5-400 or E7 device requires Full CMS Administration privileges.
To add an E5-400 or E7 unit to a CMS network group
Note: Default SNMP and network login settings are defined in the Systems Settings Work Area.
1. On the Navigation Tree, select a network group.
2. Click Network Details > E5-400 or E7.
3. From the menu, click Create.
Note: You must be in the Topology, Map View, or Network Details Work Area to create a node.
4. In the New E7 or E5-400 dialog box, do the following:
a. In the Name text box, type a device name.
Note: Device names can contain alphanumeric characters, underscores, and spaces, and are case-sensitive. In addition, you cannot use the same name for a device that has already been created.
b. In the Location list, select the parent network group for the new device.
c. In the IP Address box, enter an IP address for the device.
d. In the Netconference Port (NetConf Port) box, enter a port number to use. By default, port 830 is used.
47
e. In the SNMP Version list, select the SNMP version to use for the device, and then do one of the following:
SNMPv2c: In the SNMP Community box, leave the field blank to use the default community string defined in CMS, or type the community string specific to the device.
SNMPv3: Leave the SNMPv3 User Name and Password fields blank to accept the default E5-400 or E7 settings defined in CMS, or type the SNMP user name and password specific to the device. In the SNMPv3 Access Control list, select the encryption setting to use.
f. In the HTTP and HTTPS Port fields, accept the default ports to use for nonsecure and secure connections between the CMS server and the Web interface.
g. In the Network Login User Name and Password fields, leave the fields blank to use the default settings defined in CMS, or type the user name and password specific to the device.
h. In the Auto Connect list, accept the default Y (Yes) to automatically connect to CMS, or select N (No) to create the device without connecting to it.
i. In the Enable Global Profile list, accept the default Y (Yes) to automatically synchronize global profiles with CMS, or select N (No) to create the device without synchronizing global profiles.
j. (Optional) Specify an address or a latitude and longitude for viewing the new node icon in Map View. Click the ellipsis button to the right of the Address Location Info box to open the entry dialog box, and do one of the following:
Type the address location in the box provided. Click OK to save the information.
Click the Enter Lat/Lng radio button and type the latitude and longitude in the respective boxes. Click OK to save the information.
k. At the bottom of the New Node dialog box, click OK to create the node.
5. (Optional) In the network group Topology Work Area, move the new node icon by clicking and dragging it.
6. (Optional) Create a graphical link to view the device in a network topology.
7. Once the E5-400 node has been added in CMS, if you have not already done so, set the SNMP trap destination on the node using the System Turn Up screen. You can use CMS to access the Web cut-through for the device.
Related topics
Using the E5-400 System Turn Up Tool Creating a Graphical Link Between Devices (on page 48)
48
Creating a Graphical Link Between Calix Devices
A graphical link represents a connection between the devices in a network group and is shown in Topology View, for example, a fiber link between two Calix network elements within a network group. CMS self-discovers the node links within B6 and C7 networks (green links). Therefore, you only need to create cross-platform connections (blue links).
Before creating a graphical link, you must add the devices to a network group.
Creating a graphical link between devices requires Full CMS Administration privileges.
To create a topology link between network elements (drag-and-drop method)
1. On the Navigation Tree, select the Network Group that contains the devices.
2. In the Topology Work Area, locate the task list to the right of the zoom ratio list. Select Topology Links.
3. Click on a starting node, and then click on another node to terminate the link.
4. In the Topology Links dialog box, do the following:
In the From Endpoint and To Endpoint areas, specify the ports on the devices you are creating a link from and to.
Click Add to move the endpoints to the Topology Links to be Created area.
Optionally, in the Link Type, Description, and Bandwidth fields, type the information to be associated with the link.
At the bottom of the dialog box, click Create.
5. Click OK to confirm the action.
In the Topology and Map View Work Areas, a blue link displays between the two devices.
Tip: Hover the mouse over the new link to display topology link information in a Tooltip.
To create a topology link (table method)
1. On the Navigation Tree, select the Network Group that contains the devices.
2. In the Work Area tabs, click Topology Links.
3. In the Toolbar, click Create.
49
4. In the Links table, do the following:
In the From Endpoint and To Endpoint areas, specify the Calix devices you are creating a link from and to:
For C7 networks, select the network, shelf, facility, and port.
For other Calix nodes, select the node in the Network field, and type a port in the Facility field.
Click Add to move the endpoints to the Links to be Created area.
Optionally, in the Link Type, Description, and Bandwidth fields, type the information to be associated with the link.
At the bottom of the dialog box, click Create.
5. Click OK to confirm the action.
In the Topology and Map View Work Areas, a blue link displays between the two devices.
Tip: Hover the mouse over the new link to display the topology information in a Tooltip.
To delete a topology link
1. On the Navigation Tree, select a Network Group with a link between devices.
2. In the Work Area, click Topology Links. In the link list, select one or more links to delete.
3. Click Delete.
If there are two or more links, a list displays where you can select the links to be deleted. Click OK.
4. In the Confirmation dialog box, click OK to confirm the deletion.
Viewing or Modifying E7 and E5-400 Platform Details
After creating an E5-400 in CMS, you can view or edit the parameters listed in the following table:
Network Detail Description
Display Name The name that displays next to the unit on the Navigation Tree.
Network Group* The parent network group under which the unit is nested on the Navigation Tree.
Connection State The current unit connection status (Connected, Connecting, Diagnosing, Disconnected, Dynamic Synchronizing, Partially Connected, Secure Connecting, Synchronized, Synchronizing, or Unknown).
IP Address* The IP address of the platform.
50
Network Detail Description
SNMP Port* This field is currently not used.
Device Type* E5-400 or E7
Network Login Name* The user name or ID used to log in to the device. If you are using the default login user name, that user name displays in this field.
Auto Connect* Yes (Y) automatically attempts to reach to the node via SNMP approximately once every minute.
No (N) turns off this feature.
Note: If you set the Auto Connect parameter to N (do not automatically reconnect) and the node gets disconnected, it will be skipped when a scheduled task runs.
Time Zone* Specifies the network time zone in the number of hours in relation to GMT. When you create a network, you assign it to a time zone.
Running Version Specifies the software version currently running on the device.
Note: The device can hold two versions of the software. See the following two field definitions to understand how the Alternate Version is used.
Committed Version The version of the software (Running Version or Alternate Version) configured as the version that will be used when a device resets due to a failure condition (such as a power failure).
Note: For information on how to toggle the Committed Version locally, see the Calix E5-400 documentation.
Alternate Version The non-running version of software that is loaded on the device.
Global Profile Enabled* Specifies whether global profiles are enabled (Y) or disabled (N).
* Parameters listed above with an asterisk can be edited.
Viewing and editing E5-400 details requires Full CMS Administration privileges.
To view and edit E5-400 details
1. On the Navigation Tree, click the root region, parent region, or network group.
2. In the Work Area, click Network Details > E5-400.
3. To edit a parameter, do the following:
a. In the node list, hold down the Ctrl key and click the unit(s) to edit.
b. In the Edit row, modify the editable parameters as needed.
c. Click Apply, and then click OK to save the new settings.
Deleting an E5-400 platform requires Full CMS Administration privileges.
Note: E5-400 platforms can be deleted in a synchronized or unsynchronized (disconnected) connection state.
51
To delete an E5-400 platform
1. On the Navigation Tree, click the root region, parent region, or network group.
2. In the Work Area, click Network Details > E5-400.
3. In the device list, select the units(s) to delete.
4. (If the node displays as Connected in the Connection State column) In the toolbar, click Action > Disconnect, and then click OK to confirm the action.
5. In the toolbar, click Delete, and then click OK to confirm the deletion.
Modifying the E5-400 Default User Name or Password
You can change the default user name and password used to connect to E5-400 systems. To change a device user name and password, you must modify them locally on the unit.
Note: If the login user name or password does not match the user name or password, you cannot connect to the device from CMS.
Modifying an E5-400 device user name or password requires Full CMS Administration privileges.
To change an E5-400 device user name or password
1. On the Navigation Tree, click CMS.
2. In the Work Area, click System > E5-400.
3. Change the user name and password fields to match the new default values.
Note: User names and passwords are case-sensitive and must match the corresponding user name and password of the E5-400 system.
4. Click Apply, and then click OK to save the new settings.
52
Chapter 2
E5-400 System Administration
This section describes how to manage user access and perform administrative tasks on the database and software.
Topics Covered
Managing system user accounts Configuring SNMP management Configuring secure system access Performing backup and restore operations Upgrading system software Rebooting the system
54
Managing System User Accounts
This section describes how to create and manage system user accounts. The system supports 100 user accounts that are locally defined (not in the RADIUS server).
Note: Click Log Out at the top-right corner of the browser window when you want to close an E5-400 session. If you use other methods to close the browser, the session remains open for 30 minutes.
System user access level
You can create system user accounts that allow the following privileges:
Administrative privileges:
Issue provisioning commands Manage users and sessions Perform software upgrades Administer the database
Provisioning privileges:
Software upgrades
Database restore
Note: You can also create a system user account with read-only privileges. These users are intended as temporary "guest" accounts as they cannot change provisioning or alter the operation of login sessions, yet they can modify their passwords.
Creating a System User Account
This topic shows you how to create a system user account that allows access to the E5-400 web browser interface and the command-line interface (CLI).
55
System user account parameters
You can provision the following parameters for system user accounts:
User Name* User name for the account. String up to 31 characters
Access Level*
Access level assigned to the system user. read-only prov admin
Password* Password assigned to the user account. String 6-31 characters
Re-enter Password* Password assigned to the user account. String 6-31 characters
Admin Status Service state of the account. enabled disabled
*Required fields
To create an E5-400 web browser and CLI user account
2. Click Management > Craft Users tabs.
3. From the menu, click Create.
4. In the Create Web GUI/CLI User dialog box, do the following:
a. In the User Name box, enter the user name for the account you are creating.
b. In the Access Level list, select the security level to be assigned to the user.
c. In the Password box, enter the password assigned to the user.
d. In the Re-enter Password box, enter the password assigned to the user.
e. In the Admin Status list, select whether the user account is in service.
5. Click Create.
set user <user name> admin-state enabled
The username is restricted to letters, numbers, underscore (_), plus sign (+), and dot (.).
You will be prompted for the new user password and then again for confirmation of the password.
Related topics
56
Modifying a System User Account
This topic shows you how to modify web browser/CLI user accounts.
To edit a system user account
3. Double-click the user name in the list of users.
4. In the Web GUI/CLI User screen, do the following:
a. In the Access Level list, select the security level.
b. In the Admin Status list, select whether to put the account in service.
5. Click Apply from the menu.
To delete a system user account
3. Click the user name in the list of users to select it.
4. In the menu, click Delete.
For CLI:

E5-400 R2.1 User Guide - Calix

Documents

Transcript of E5-400 R2.1 User Guide - Calix