FibeAir IP-10G IP-10E User Guide Rev D.01

Copyright 2014 by Ceragon Networks Ltd. All rights reserved.

FibeAir IP-10G and IP-10E User Guide

DOC-00034612 (Rev D.01)

Hardware Release: R2 and R3

Software Release: i7.1.2

BM-0252-0

June 2014


Ceragon Proprietary and Confidential Page 2 of 596

Notice

This document contains information that is proprietary to Ceragon Networks Ltd. No part of this publication may be reproduced, modified, or distributed without prior written authorization of Ceragon Networks Ltd. This document is provided as is, without warranty of any kind.

Trademarks

Ceragon Networks, FibeAir and CeraView are trademarks of Ceragon Networks Ltd., registered in the United States and other countries.

Ceragon is a trademark of Ceragon Networks Ltd., registered in various countries.

CeraMap, PolyView, EncryptAir, ConfigAir, CeraMon, EtherAir, CeraBuild, CeraWeb, and QuickAir, are trademarks of Ceragon Networks Ltd.

Other names mentioned in this publication are owned by their respective holders.

Statement of Conditions

The information contained in this document is subject to change without notice. Ceragon Networks Ltd. shall not be liable for errors contained herein or for incidental or consequential damage in connection with the furnishing, performance, or use of this document or equipment supplied with it.

Open Source Statement

The Product may use open source software, among them O/S software released under the GPL or GPL alike license ("GPL License"). Inasmuch that such software is being used, it is released under the GPL License, accordingly. Some software might have changed. The complete list of the software being used in this product including their respective license and the aforementioned

public available changes is accessible on http://www.gnu.org/licenses/.

Information to User

Any changes or modifications of equipment not expressly approved by the manufacturer could void the users authority to operate the equipment and the warranty for such equipment.



Table of Contents

1. Introduction .................................................................................................... 16

1.1 About the CeraWeb EMS (Web EMS) ......................................................................... 17 1.1.1 Browser behavior with Web EMS ................................................................................ 17

1.2 Reference Guide to Web EMS Menu Structure ........................................................... 18

2. Getting Started................................................................................................ 24

2.1 Establishing a Connection with the IDU ....................................................................... 25

2.2 Launching the Web EMS ............................................................................................. 26

2.3 Configuring IP Addresses ............................................................................................ 27

3. Configuring Secured Access Protocols ........................................................ 28

3.1 Security Overview ........................................................................................................ 29 3.1.1 Defenses in Management Communication Channels .................................................. 29 3.1.2 Defenses in User and System Authentication Procedures .......................................... 30

3.1.2.1 User Identification ........................................................................................ 30 3.1.2.2 Remote Authentication ................................................................................ 30 3.1.2.3 Authorization ................................................................................................ 30 3.1.2.4 RADIUS Support .......................................................................................... 31 3.1.2.5 Attack Types Addressed .............................................................................. 31

3.1.3 Secure Communication Channels ............................................................................... 31 3.1.3.1 SSH (Secured Shell).................................................................................... 31 3.1.3.2 HTTPS (Hypertext Transfer Protocol Secure) ............................................. 31 3.1.3.3 SFTP (Secure FTP) ..................................................................................... 32 3.1.3.4 Creation of Certificate Signing Request (CSR) File .................................... 32 3.1.3.5 SNMP .......................................................................................................... 33 3.1.3.6 Server authentication (SSL / SLLv3) ........................................................... 33 3.1.3.7 Encryption .................................................................................................... 33 3.1.3.8 SSH.............................................................................................................. 33

3.1.4 Security Log ................................................................................................................. 34

3.2 Configuring SNMP ....................................................................................................... 36 3.2.1 Configuring SNMPv3 Parameters ................................................................................ 36

3.3 Configuring Secure Communication Channels ............................................................ 38 3.3.1 Configuring Inactivity Timeout ...................................................................................... 38 3.3.2 Secure File Transfer and Server Authentication .......................................................... 39 3.3.3 Configuring HTTPS (Hypertext Transfer Protocol Secure) .......................................... 40 3.3.4 Downloading a Certificate ............................................................................................ 41 3.3.5 Configuring the Security File Name, Type and Format ................................................ 41 3.3.6 Enabling the CA Certificate .......................................................................................... 42 3.3.7 Configuring FTP or SFTP (Secure FTP) ...................................................................... 42 3.3.8 Generating a Certificate Signing Request (CSR) File .................................................. 43 3.3.9 Generating a Security Certificate from a CSR File ...................................................... 45

4. Working with Configuration Files .................................................................. 46

4.1 Archiving the Configuration .......................................................................................... 47 4.1.1 Creating a Configuration Archive File .......................................................................... 47 4.1.2 Viewing Configuration Archive Creation Status ........................................................... 47 4.1.3 Uploading a Configuration Archive File ........................................................................ 48



4.1.4 Viewing Configuration Archive Upload Status ............................................................. 48 4.1.5 Creating a Unit Information Archive File ...................................................................... 48 4.1.6 Viewing Unit Information Archive Creation Status ....................................................... 48 4.1.7 Uploading a Unit Information Archive File.................................................................... 49 4.1.8 Viewing Unit Information Archive Upload Status ......................................................... 49 4.1.9 Downloading a Configuration Archive File ................................................................... 49 4.1.10 Viewing configuration file download status .................................................................. 49 4.1.11 Uploading a Configuration Archive File ........................................................................ 50 4.1.12 Viewing configuration file installation status................................................................. 50

4.2 Restoring the Default Configuration ............................................................................. 51

4.3 Resetting the Unit ......................................................................................................... 51

4.4 Viewing the Configuration Log File .............................................................................. 52

5. Configuring Users and Password Security .................................................. 53

5.1 Configuring RADIUS .................................................................................................... 54

5.2 Adding Users ................................................................................................................ 56

5.3 Deleting Users .............................................................................................................. 57

5.4 Changing Your Password ............................................................................................ 58

5.5 Configuring a Timeout for Inactive Users..................................................................... 59

6. Configuring Software ..................................................................................... 60

6.1 Configuring IDU Software ............................................................................................ 61 6.1.1 Viewing IDU Version Information ................................................................................. 62 6.1.2 Downloading IDU Software Files ................................................................................. 63 6.1.3 Upgrading the IDU Software Version ........................................................................... 64 6.1.4 Rolling Back a Software Upgrade ................................................................................ 66

6.2 Configuring RFU Software and Firmware .................................................................... 67 6.2.1 Viewing RFU Version Information ................................................................................ 68 6.2.2 Updating the RFU Software Version ............................................................................ 70

7. Configuring and Viewing Basic System Information ................................... 71

7.1 Configuring and Viewing Unit System Information ...................................................... 72

7.2 Configuring System Date and Time ............................................................................. 73

7.3 Configuring Network Timing Protocol (NTP) Parameters ............................................ 74

7.4 Configuring Unit Serial and Part Numbers ................................................................... 75

7.5 Viewing System Application Files ................................................................................ 76

8. Configuring Feature and Capacity Licenses ................................................ 77

8.1 Viewing Current License Details .................................................................................. 78

8.2 Loading a New License Key ........................................................................................ 79

8.3 Working with a Demo License ..................................................................................... 81

8.4 Viewing Licensed Usage and Features ....................................................................... 82

9. Configuring Unit Management ....................................................................... 84

9.1 Management Overview ................................................................................................ 85



9.2 Configuring the Management Ports ............................................................................. 86

9.3 Configuring Out-of-Band Management ........................................................................ 88

9.4 Configuring In-Band Management ............................................................................... 89 9.4.1 Configuring In-Band Management in a 1+1 Link ......................................................... 90 9.4.2 In-Band Management in Nodal Configurations ............................................................ 92 9.4.3 GbE In-Band Management in a Node .......................................................................... 94 9.4.4 In-Band Management Isolation in Smart Pipe Mode ................................................... 95 9.4.5 Limiting the Ethernet MTU for Management Packets .................................................. 96

10. Configuring Traffic Interfaces ........................................................................ 97

10.1 Configuring the Ethernet Switching Mode.................................................................... 98 10.1.1 Switch Configurations Overview .................................................................................. 99 10.1.2 Configuring Smart Pipe Switch Mode ........................................................................ 101 10.1.3 Configuring Managed and Metro Switch Mode .......................................................... 102

10.2 Configuring Ethernet Ports ......................................................................................... 104 10.2.1 Configuring a Single Pipe Port ................................................................................... 104 10.2.2 Configuring a Managed Switch or Metro Switch Port ................................................ 106

10.3 Configuring Shared VLAN Disabling .......................................................................... 108

10.4 Assigning VLANs to a Port ......................................................................................... 110

10.5 Configuring Automatic State Propagation .................................................................. 111

10.6 Configuring LAGs ....................................................................................................... 114 10.6.1 LAG Overview ............................................................................................................ 115 10.6.2 Creating a LAG .......................................................................................................... 117 10.6.3 Configuring a LAG ...................................................................................................... 118 10.6.4 Removing Ports from a LAG ...................................................................................... 120 10.6.5 Configuring LAG Load Balancing ............................................................................... 121

10.7 Configuring Peer Port Settings .................................................................................. 122

10.8 Configuring E1/DS1 Interfaces .................................................................................. 123

10.9 Configuring STM-1/OC-3 Interfaces .......................................................................... 125

10.10 Configuring Pseudowire ............................................................................................. 128 10.10.1 Pseudowire Overview ................................................................................ 129 10.10.2 Configuring an Ethernet Port for Pseudowire ............................................ 131 10.10.3 Configuring the Pseudowire TDM Ports .................................................... 133 10.10.4 Configuring TDM Trails for Pseudowire ..................................................... 136 10.10.5 Configuring Pseudowire Synchronization .................................................. 137 10.10.6 Configuring the Pseudowire T-Card .......................................................... 139 10.10.7 Configuring Pseudowire Profiles ............................................................... 141 10.10.8 Configuring SOAM ..................................................................................... 144

10.10.8.1 Configuring MDs ........................................................................................ 144 10.10.8.2 Configuring MAs ........................................................................................ 146

10.10.9 Configuring Pseudowire Encapsulation (Tunnels) .................................... 148 10.10.9.1 Adding a Tunnel ......................................................................................... 148 10.10.9.2 Deleting a Tunnel ....................................................................................... 150

10.10.10 Configuring Tunnel Groups and Pseudowire Path Protection ................... 151 10.10.10.1 Adding a Tunnel Group ........................................................................ 152 10.10.10.2 Forcing a Switchover ............................................................................ 152 10.10.10.3 Deleting a Tunnel Group ...................................................................... 153



10.10.11 Configuring DS0 Bundles .......................................................................... 154 10.10.12 Configuring Pseudowire Services .............................................................. 156

11. Configuring Auxiliary Channels .................................................................. 159

11.1 Configuring the Wayside Channel ............................................................................. 160

11.2 Configuring the User Channel .................................................................................... 161

11.3 Viewing the EOW Channel Status ............................................................................. 162

12. Configuring the Radio Parameters .............................................................. 163

12.1 Enabling and Disabling the Radio .............................................................................. 164

12.2 Configuring the Radio Frequencies ........................................................................... 165

12.3 Specifying the Radio Link ID ...................................................................................... 166

12.4 Configuring the Remote Radio IP Address ................................................................ 167

12.5 Configuring the Radio Thresholds ............................................................................. 168 12.5.1 Radio Threshold Levels ............................................................................................. 169 12.5.2 RSL and TSL Thresholds ........................................................................................... 170 12.5.3 MSE Threshold .......................................................................................................... 170 12.5.4 XPI Threshold ............................................................................................................ 171 12.5.5 Ethernet Throughput Threshold ................................................................................. 171 12.5.6 Ethernet Capacity Threshold ..................................................................................... 172 12.5.7 Ethernet Utilization Threshold .................................................................................... 172

12.6 Enabling RSL Degradation Alarms ............................................................................ 173

12.7 Selecting a Radio Script and Configuring ACM ......................................................... 174 12.7.1 ACM Radio Scripts ..................................................................................................... 175 12.7.2 ACM with 1+1 HSB Protection ................................................................................... 177 12.7.3 ACM Adaptive Power ................................................................................................. 178 12.7.4 Enabling Alarms on MRMC Profile Degradation ........................................................ 180 12.7.5 Activating an Asymmetrical Script .............................................................................. 181

12.8 Configuring Compression........................................................................................... 182 12.8.1 Configuring Enhanced Header Compression ............................................................ 183

12.8.1.1 Enhanced Header Compression Flow Type Bitmask and Supported Configurations ............................................................................................ 184

12.8.1.2 Enhanced Header Compression Compatibility .......................................... 186

12.9 Configuring Radio Traffic Priorities ............................................................................ 187

12.10 Configuring the Power Options and Green Mode ...................................................... 189 12.10.1 Configuring ATPC Override ....................................................................... 190 12.10.2 Configuring Green Mode ........................................................................... 192

13. Configuring QoS and Enhanced QoS ......................................................... 193

13.1 QoS Overview ............................................................................................................ 194 13.1.1 Standard QoS Overview ............................................................................................ 194

13.1.1.1 Standard QoS Classifier ............................................................................ 194 13.1.1.2 Standard QoS Policers .............................................................................. 195 13.1.1.3 Queue Management, Scheduling, and Shaping ........................................ 196

13.1.2 Enhanced QoS Overview ........................................................................................... 197 13.1.2.1 Queue Management .................................................................................. 199 13.1.2.2 Scheduling and Shaping ............................................................................ 200



13.1.2.3 Configurable P-Bit and CFI/DEI Re-Marking ............................................. 201

13.2 Configuring Standard QoS ......................................................................................... 202 13.2.1 Opening the QoS & Rate Limiting Page .................................................................... 203 13.2.2 Configuring the Classification Settings ...................................................................... 204 13.2.3 Configuring the Egress Scheduler ............................................................................. 205 13.2.4 Configuring Ingress Rate Limiting .............................................................................. 206 13.2.5 Remapping P-Bits ...................................................................................................... 207 13.2.6 Configuring VLAN-ID to Queue .................................................................................. 208 13.2.7 Assigning IP P-Bits to Queue ..................................................................................... 209 13.2.8 Assigning Queues According to P-Bits ...................................................................... 210 13.2.9 Assigning Queue Weights .......................................................................................... 210 13.2.10 Configuring Policers................................................................................... 211 13.2.11 Defining the Static MAC Table .................................................................. 212 13.2.12 Copying QoS Settings from One Port to Another ...................................... 213

13.3 Configuring Enhanced QoS ....................................................................................... 214 13.3.1 Preparing the System for Enhanced QoS .................................................................. 214

13.3.1.1 Classifying In-Band Management Traffic................................................... 214 13.3.1.2 Disabling the QoS Egress Shaper ............................................................. 215

13.3.2 Enabling Enhanced QoS ............................................................................................ 216 13.3.3 Configuring Queue Size ............................................................................................. 217 13.3.4 Configuring Enhanced QoS Classification ................................................................. 218

13.3.4.1 Configuring Services.................................................................................. 218 13.3.4.2 Configuring the egress CoS and Color Modifier (Marker) ......................... 219 13.3.4.3 Enabling Classification Rules .................................................................... 220 13.3.4.4 Setting the Default Classification Settings ................................................. 221 13.3.4.5 Configuring First Hierarchy Classification Rules ....................................... 223 13.3.4.6 Configuring Second Hierarchy Classification Rules .................................. 227 13.3.4.7 Configuring Third Hierarchy Classification Rules ...................................... 229

13.3.5 Configuring Egress Policers ....................................................................................... 235 13.3.5.1 Policer per Cos Option............................................................................... 238

13.3.6 Configuring WRED ..................................................................................................... 239 13.3.7 Configuring the Egress Shaper and Scheduler ......................................................... 241

13.4 Configuring Frame Cut-Through ................................................................................ 243

14. Setting Up Protected Configurations .......................................................... 244

14.1 Protection Overview ................................................................................................... 245

14.2 Configuring 1+1 HSB ................................................................................................. 246 14.2.1 1+1 HSB Overview ..................................................................................................... 247

14.2.1.1 Revertive 1+1 HSB Protection ................................................................... 247 14.2.2 Configuring 1+1 HSB Protection in a New Standalone System ................................ 249 14.2.3 Replacing the Standby Unit in a 1+1 HSB Standalone System ................................. 251 14.2.4 Configuring 1+1 HSB Protection in a New Nodal System ......................................... 252 14.2.5 Replacing the Standby Unit in a 1+1 HSB Nodal System ......................................... 254 14.2.6 Configuring Revertive 1+1 HSB Protection ................................................................ 256

14.2.6.1 Configuring Revertive 1+1 HSB Protection via the Web EMS .................. 256 14.2.6.2 Configuring Revertive 1+1 HSB Protection via CLI ................................... 256

14.3 Configuring a 2+0 System .......................................................................................... 258 14.3.1 2+0 Overview ............................................................................................................. 259 14.3.2 Configuring 2+0 Protection ........................................................................................ 260

14.4 Configuring 2+2 HSB ................................................................................................. 261



14.4.1 2+2 Overview ............................................................................................................. 262 14.4.2 Deploying a 2+2 Configuration ................................................................................... 263 14.4.3 Configuring 2+2 HSB Protection ................................................................................ 264 14.4.4 XPIC and 2+2 Protection ........................................................................................... 265 14.4.5 Replacing Units in a 2+2 Configuration ..................................................................... 266

14.5 Specifying Active and Standby Mode ........................................................................ 267

14.6 Configuring Switchover Criteria ................................................................................. 268

14.7 Configuring Automatic State Propagation (ASP) for HSB Protection ........................ 269

14.8 Viewing Mate Parameters .......................................................................................... 270

14.9 Configuring Multi-Unit LAG ........................................................................................ 271

15. Configuring Diversity ................................................................................... 273

15.1 Diversity Overview ..................................................................................................... 274

15.2 Configuring 1+1 Space Diversity (BBS) ..................................................................... 275

15.3 Configuring 1+1 Frequency Diversity (BBS) .............................................................. 276

15.4 Configuring IF Combining Diversity ........................................................................... 278

16. Configuring Multi-Radio ............................................................................... 280

16.1 Configuring 2+0 Multi-Radio ...................................................................................... 281 16.1.1 Multi Radio Traffic Blocking ....................................................................................... 282 16.1.2 Setting Multi-Radio Thresholds .................................................................................. 283

16.2 Configuring 2+0 Multi-Radio with Line Protection ...................................................... 284

17. Configuring XPIC .......................................................................................... 285

17.1 Conditions for XPIC .................................................................................................... 286

17.2 Configuring the Antenna and RFU for XPIC .............................................................. 286 17.2.1 IDU-RFU Cable Installation ........................................................................................ 286 17.2.2 Antenna Alignment ..................................................................................................... 286 17.2.3 Polarization Alignment ............................................................................................... 287

17.3 Displaying XPI Values ................................................................................................ 287

18. Configuring TDM Trails ................................................................................ 289

18.1 TDM Trails Overview .................................................................................................. 290

18.2 Viewing the Trails List ................................................................................................ 291

18.3 Adding New Trails ...................................................................................................... 292

18.4 Activating and Reserving Trails ................................................................................. 295

18.5 Deleting Trails ............................................................................................................ 296

18.6 Configuring SNCP and ABR Trail Protection ............................................................. 297

18.7 Configuring AIS Detection and Signaling ................................................................... 298

19. Configuring Synchronization ....................................................................... 299

19.1 Synchronization Overview.......................................................................................... 300

19.2 Configuring the Synchronization Source.................................................................... 302



19.2.1 Viewing Current Synchronization Sources................................................................. 304

19.3 Configuring the Outgoing Signal Clock ...................................................................... 306 19.3.1 Configuring Clock Sources ........................................................................................ 306 19.3.2 Viewing Clock Sources .............................................................................................. 307

19.4 Configuring PRC Regenerator Mode and Direction ................................................... 308 19.4.1 Basic Operation .......................................................................................................... 308 19.4.2 User Configuration ..................................................................................................... 309

20. Configuring RSTP ......................................................................................... 311

20.1 Network Resiliency Overview .................................................................................... 312 20.1.1 Standard RSTP .......................................................................................................... 312 20.1.2 Carrier Ethernet Wireless Ring-Optimized RSTP ...................................................... 313

20.2 Setting the xSTP Protocol .......................................................................................... 314

20.3 Configuring Ring-Optimized RSTP ............................................................................ 315 20.3.1 Ring RSTP Limitations ............................................................................................... 316 20.3.2 Ring RSTP Supported Topologies ............................................................................. 316 20.3.3 Ring RSTP Performance............................................................................................ 317 20.3.4 Ring RSTP Management ........................................................................................... 318

20.3.4.1 In-Band Management ................................................................................ 318 20.3.4.2 Out-of-Band Management ......................................................................... 319

20.3.5 Ring RSTP Configuration ........................................................................................... 320 20.3.5.1 Node Type A Configuration ....................................................................... 320 20.3.5.2 Node Type B Configuration ....................................................................... 321

20.3.6 Ring RSTP Installation ............................................................................................... 321 20.3.6.1 Installation Scenario1: Node with no STP ................................................. 321 20.3.6.2 Scenario2: Replacing an IDU in an RSTP Ring ........................................ 322

20.4 Configuring Ethernet Ports to Support RSTP ............................................................ 323

20.5 Configuring RSTP Priority .......................................................................................... 324

21. Working with Service OAM .......................................................................... 325

21.1 Working with MAIDs ................................................................................................... 326 21.1.1 Viewing MAID List Status and Details ........................................................................ 327 21.1.2 Adding MAIDs ............................................................................................................ 328 21.1.3 Deleting MAIDs .......................................................................................................... 328

21.2 Managing Local MEPs ............................................................................................... 329 21.2.1 Viewing Local MEPs .................................................................................................. 330 21.2.2 Adding Local MEPs .................................................................................................... 331 21.2.3 Deleting local MEPs ................................................................................................... 331

21.3 Managing Remote MEPs ........................................................................................... 332 21.3.1 Viewing Remote MEPs .............................................................................................. 333 21.3.2 Adding Remote MEPs ................................................................................................ 333 21.3.3 Deleting Remote MEPs .............................................................................................. 334 21.3.4 Pinging Remote MEPs ............................................................................................... 334 21.3.5 Remote MEP Linktrace .............................................................................................. 335 21.3.6 Enabling Automatic Linktrace for a MAID .................................................................. 337

21.4 Working with MEPs .................................................................................................... 338 21.4.1 Configuring CCM ........................................................................................................ 339 21.4.2 Viewing MAID Ethernet Ports .................................................................................... 339



21.4.3 Viewing Port MEPs .................................................................................................... 340 21.4.4 Adding MEPs to a Port ............................................................................................... 340 21.4.5 Deleting MEPs from a Port ........................................................................................ 341

21.5 Working with MIPs ..................................................................................................... 342 21.5.1 Viewing Port MIPs ...................................................................................................... 343 21.5.2 Adding MIPs to a Port ................................................................................................ 343 21.5.3 Deleting MIPs from a Port .......................................................................................... 343

21.6 Performing Manual Ping and Linktrace Operations ................................................... 344 21.6.1 Pinging Remote MEPs and MIPs ............................................................................... 345 21.6.2 Performing a Manual Linktrace .................................................................................. 346

22. Viewing System Activity and Performance ................................................. 347

22.1 Displaying and Clearing PMs ..................................................................................... 348

22.2 Displaying and Resetting RMON Counters................................................................ 349

22.3 Displaying Ethernet Port Utilization Statistics ............................................................ 353

22.4 Displaying Ethernet Statistics Measured on the Radio Port ...................................... 354 22.4.1 Displaying Frame Error Rate Statistics ...................................................................... 355 22.4.2 Displaying Throughput Statistics ................................................................................ 356 22.4.3 Displaying Capacity Statistics .................................................................................... 357 22.4.4 Displaying Utilization Statistics .................................................................................. 358

22.5 Displaying TDM PMs .................................................................................................. 359 22.5.1 Displaying E1/DS1 Line PMs ..................................................................................... 360 22.5.2 Displaying TDM Channel PMs ................................................................................... 361 22.5.3 Displaying TDM Trail PMs.......................................................................................... 362 22.5.4 Displaying STM-1/OC-3 Line PMs ............................................................................. 363 22.5.5 Displaying Pseudowire PMs ...................................................................................... 364

22.6 Displaying Radio PMs ................................................................................................ 370 22.6.1 Displaying Signal Level PMs ...................................................................................... 371 22.6.2 Displaying Aggregate Radio PMs .............................................................................. 372 22.6.3 Displaying Radio MRMC PMs .................................................................................... 373 22.6.4 Displaying Radio MSE PMs ....................................................................................... 374 22.6.5 Displaying Radio XPI PMs ......................................................................................... 375

22.7 Viewing Radio Status ................................................................................................. 376 22.7.1 Viewing RFU Status ................................................................................................... 377 22.7.2 Viewing MRMC Status ............................................................................................... 378 22.7.3 Viewing Current Tx Status ......................................................................................... 379 22.7.4 Viewing Current Rx Status ......................................................................................... 380 22.7.5 Viewing Remote Radio Parameters ........................................................................... 381 22.7.6 Viewing XPIC Status .................................................................................................. 381

22.8 Viewing Ethernet Interface Status .............................................................................. 382

22.9 Viewing RSTP Status ................................................................................................. 383

22.10 Viewing Enhanced Traffic Management Statistics ..................................................... 384

23. Fault Management ........................................................................................ 387

23.1 Overview of Fault Management ................................................................................. 388

23.2 LED Indicators ............................................................................................................ 390



23.3 Configuring External Alarms ...................................................................................... 391

23.4 Configuring Traps ....................................................................................................... 393

23.5 Configuring Power Supply Alarms ............................................................................. 394

23.6 Viewing Current Alarms ............................................................................................. 395

23.7 Viewing the Event Log ............................................................................................... 396

23.8 Monitoring the IDU-RFU Interface ............................................................................. 397

23.9 Loopback .................................................................................................................... 398 23.9.1 Radio Loopback ......................................................................................................... 399 23.9.2 E1/DS1 Line Loopback .............................................................................................. 400 23.9.3 STM-1/OC-3 Line Loopback ...................................................................................... 401 23.9.4 Pseudowire Line Loopback ........................................................................................ 402

23.10 Troubleshooting Protection ........................................................................................ 403 23.10.1 Switchover Triggers ................................................................................... 404 23.10.2 Copy-to-Mate ............................................................................................. 404 23.10.3 Mismatch Mechanism ................................................................................ 405

23.11 XPIC Recovery Mechanism ....................................................................................... 406 23.11.1 XPIC Events .............................................................................................. 406

23.12 Activating the All-ODU Enclosure .............................................................................. 408

24. Appendix A CLI Reference ........................................................................ 409

24.1 Using the CLI ............................................................................................................. 410 24.1.1 Access rights .............................................................................................................. 410 24.1.2 Getting started ............................................................................................................ 410 24.1.3 Getting help ................................................................................................................ 411 24.1.4 Basic commands ........................................................................................................ 411 24.1.5 Finding commands ..................................................................................................... 412 24.1.6 Command example .................................................................................................... 412 24.1.7 Viewing the command tree ........................................................................................ 413

24.2 CLI Commands and Parameters ............................................................................... 416 24.2.1 management .............................................................................................................. 416

24.2.1.1 mng-services ............................................................................................. 416 24.2.1.2 cfg-service ................................................................................................. 416 24.2.1.3 event-service ............................................................................................. 416 24.2.1.4 alarm-service ............................................................................................. 417 24.2.1.5 pm-service ................................................................................................. 418 24.2.1.6 time-service ............................................................................................... 418 24.2.1.7 mng-software ............................................................................................. 420 24.2.1.8 users .......................................................................................................... 423 24.2.1.9 log-srv ........................................................................................................ 424 24.2.1.10 networking ................................................................................................. 425 24.2.1.11 ip-address .................................................................................................. 425 24.2.1.12 floating-ip-address ..................................................................................... 426 24.2.1.13 mng-protocols ............................................................................................ 426 24.2.1.14 snmp .......................................................................................................... 427 24.2.1.15 platform ...................................................................................................... 429 24.2.1.16 Inventory .................................................................................................... 430 24.2.1.17 daughter-board .......................................................................................... 433 24.2.1.18 license ........................................................................................................ 434



24.2.1.19 idc-board .................................................................................................... 436 24.2.1.20 fpga ............................................................................................................ 440 24.2.1.21 mate-idu ..................................................................................................... 441 24.2.1.22 all-odu ........................................................................................................ 442 24.2.1.23 shelf-manager ............................................................................................ 443 24.2.1.24 remote-idu .................................................................................................. 444 24.2.1.25 remote-cl .................................................................................................... 445 24.2.1.26 remote-co ................................................................................................... 445 24.2.1.27 radio-diversity ............................................................................................ 445 24.2.1.28 multi-radio .................................................................................................. 446 24.2.1.29 radio ........................................................................................................... 447 24.2.1.30 xpic............................................................................................................. 448 24.2.1.31 framer ........................................................................................................ 449 24.2.1.32 mrmc .......................................................................................................... 450 24.2.1.33 tdm-radio-pm ............................................................................................. 453 24.2.1.34 modem ....................................................................................................... 453 24.2.1.35 rfu ............................................................................................................... 454 24.2.1.36 rfu-sw-upload ............................................................................................. 460 24.2.1.37 rfu-fw-upload .............................................................................................. 460 24.2.1.38 rfu-co .......................................................................................................... 460 24.2.1.39 rfu-cl ........................................................................................................... 460 24.2.1.40 rfic .............................................................................................................. 460 24.2.1.41 enhanced-hc .............................................................................................. 461 24.2.1.42 interfaces ................................................................................................... 462 24.2.1.43 user-channel .............................................................................................. 463 24.2.1.44 eow ............................................................................................................ 463 24.2.1.45 wayside ...................................................................................................... 464 24.2.1.46 sync............................................................................................................ 464 24.2.1.47 ethernet ...................................................................................................... 466 24.2.1.48 bridge ......................................................................................................... 466 24.2.1.49 port-group .................................................................................................. 469 24.2.1.50 eth-port ...................................................................................................... 469 24.2.1.51 enhanced-tm .............................................................................................. 481 24.2.1.52 service-oam ............................................................................................... 486

24.2.2 pdh ............................................................................................................................. 488 24.2.2.1 e1t1-port .................................................................................................... 488 24.2.2.2 lag-port ....................................................................................................... 489 24.2.2.3 trails ........................................................................................................... 495

24.2.3 sdh .............................................................................................................................. 497 24.2.3.1 stm1 ........................................................................................................... 497

24.2.4 pw ............................................................................................................................... 500 24.2.4.1 pw-tdm ....................................................................................................... 500 24.2.4.2 pwc............................................................................................................. 500 24.2.4.3 tdm-ports .................................................................................................... 501 24.2.4.4 ds0-bundles ............................................................................................... 502 24.2.4.5 tunnels ....................................................................................................... 504 24.2.4.6 tunnel-groups ............................................................................................. 505 24.2.4.7 pw-profiles ................................................................................................. 505 24.2.4.8 pws............................................................................................................. 507 24.2.4.9 eth-port-pwc ............................................................................................... 509 24.2.4.10 soam .......................................................................................................... 516

24.2.5 diagnostics ................................................................................................................. 518 24.2.5.1 rmon ........................................................................................................... 518 24.2.5.2 loopback .................................................................................................... 518



24.2.6 xml-interface ............................................................................................................... 519

24.3 Basic System Configuration Using CLI ...................................................................... 520 24.3.1 Setting IP Addresses .................................................................................................. 521 24.3.2 Adding users .............................................................................................................. 521 24.3.3 Navigating between stacked units ............................................................................. 521

24.3.3.1 Going from the main unit to a different unit ............................................... 521 24.3.3.2 Returning to main unit................................................................................ 521

24.3.4 Performing Resets ..................................................................................................... 522 24.3.4.1 In Stacked Configuration ........................................................................... 522 24.3.4.2 In any IDU (Standalone or Nodal) ............................................................. 522

24.3.5 Configuration backup ................................................................................................. 523 24.3.5.1 Creating configuration backup files ........................................................... 523 24.3.5.2 Saving configuration files in external site: ................................................. 523 24.3.5.3 Downloading saved configuration files: ..................................................... 524

24.3.6 Software version management .................................................................................. 525 24.3.7 Using CLI scripts ........................................................................................................ 527

24.3.7.1 Setting external FTP client site parameters .............................................. 527 24.3.7.2 Managing and Executing scripts ................................................................ 527

24.3.8 CLI Script Limitations ................................................................................................. 528 24.3.9 Radio Parameter Configurations ................................................................................ 529 24.3.10 NTP ............................................................................................................ 531 24.3.11 SNMP ........................................................................................................ 532

24.3.11.1 SNMP parameters for SNMP Version 3 .................................................... 532 24.3.11.2 Configuring HTTPS Web Protocol ............................................................. 533

24.3.12 CFM ........................................................................................................... 535 24.3.12.1 > and press Enter. Domain ..................................... 535 24.3.12.2 Domain & association ................................................................................ 535 24.3.12.3 Association ................................................................................................ 535 24.3.12.4 CCM ........................................................................................................... 536 24.3.12.5 CCM Interval .............................................................................................. 536 24.3.12.6 Local MEP ................................................................................................. 536 24.3.12.7 Remote MEP ............................................................................................. 537 24.3.12.8 MIP............................................................................................................. 537 24.3.12.9 Loopback (Ping) ......................................................................................... 537 24.3.12.10 Link Trace ............................................................................................. 539 24.3.12.11 Auto link trace ....................................................................................... 540 24.3.12.12 Auto Link Trace Interval........................................................................ 541 24.3.12.13 Remote MEP learning time .................................................................. 542

24.3.13 Pseudowire Configuration ......................................................................... 543 24.3.13.1 PW T-Card Basic Configuration ................................................................ 543 24.3.13.2 Ethernet Traffic Port Configuration ............................................................ 543 24.3.13.3 Configuring Pseudowire Services .............................................................. 543 24.3.13.4 Configuring a SAToP UDP/IP Unprotected Service .................................. 544 24.3.13.5 Configuring a CESoPSN UDP/IP Protected Service ................................. 545 24.3.13.6 Configuring SOAM ..................................................................................... 546 24.3.13.7 Configuring 1:1 Pseudowire Path Protection ............................................. 547

24.3.14 TDM trail management .............................................................................. 551 24.3.14.1 Defining a TDM Trail .................................................................................. 551 24.3.14.2 Viewing Trails Defined in the System ........................................................ 551 24.3.14.3 Deleting trails ............................................................................................. 552 24.3.14.4 Activating and reserving trails .................................................................... 553

24.3.15 TDM Protected Trails (SNCP) ................................................................... 553 24.3.15.1 Defining a Protected TDM Trail ................................................................. 553



24.3.15.2 Forcing trails to active/standby .................................................................. 554 24.3.16 Showing TDM Trail PMs and Status .......................................................... 555

24.3.16.1 Showing TDM Trail PM Measurements ..................................................... 555 24.3.16.2 Showing TDM Trail Status ......................................................................... 555

24.3.17 Configuring the Ethernet Switch Application ............................................. 556 24.3.18 Configuring the LAG Ports ......................................................................... 557

24.3.18.1 Setting load balancing of the LAG ............................................................. 557 24.3.18.2 Assigning ports to a LAG ........................................................................... 557 24.3.18.3 Defining LAG Options ................................................................................ 557 24.3.18.4 Deleting a LAG .......................................................................................... 559

24.3.19 Management Ports .................................................................................... 560 24.3.19.1 Port configuration ....................................................................................... 560

24.3.20 VLAN Configuration ................................................................................... 562 24.3.21 QoS Configuration ..................................................................................... 563

24.3.21.1 Ingress Classifier ....................................................................................... 563 24.3.21.2 Egress scheduler ....................................................................................... 563 24.3.21.3 Egress shaper ............................................................................................ 563 24.3.21.4 Policer ........................................................................................................ 564 24.3.21.5 QoS tables ................................................................................................. 564 24.3.21.6 Enhanced QoS and Frame Cut-Through .................................................. 565

24.3.22 Auxiliary Channels ..................................................................................... 567 24.3.22.1 Wayside Channel ....................................................................................... 567 24.3.22.2 User channel .............................................................................................. 567

24.3.23 Automatic State Propagation, 1+0 Configuration Only .............................. 568 24.3.23.1 Ethernet Shutdown (Rx) Profile Threshold (ACM Enabled) ...................... 568 24.3.23.2 Metro Switch and Port Type Configuration ................................................ 568

24.3.24 Radio script configuration .......................................................................... 570 24.3.25 Ring RSTP ................................................................................................. 571

25. Appendix B List of Alarms ........................................................................ 572



About This Guide

This document explains how to configure and operate an IP-10G or IP-10E IDU. This document applies to hardware versions R2 and R3 and software version I6.9.

What You Should Know

The instructions in this manual assume that you are using Ceragons Web-Based Element Management System (EMS) to perform software configuration. A reference guide to using the Command Line Interface is also included.

Target Audience

This manual is intended for use individuals responsible for configuration and administration of an IP-10G or IP-10E system or network.

Related Documents

FibeAir IP-10G Product Description

FibeAir IP-10E Product Description

FibeAir IP-10G Installation Guide - DOC-00023199

FibeAir IP-10E Installation Guide - DOC-00029444

FibeAir IP-10 G/E MIB Reference - DOC-00015446

FibeAir IP-10 License Management System - DOC-00019183



1. Introduction

This chapter includes:

About the CeraWeb EMS (Web EMS)

Reference Guide to Web EMS Menu Structure



1.1 About the CeraWeb EMS (Web EMS)

The CeraWeb Element Management System (Web EMS) is an HTTP web-based element manager that enables the operator to perform configuration operations and obtain statistical and performance information related to the system, including:

Configuration Management Enables you to view and define configuration data for the IP-10 system.

Fault Monitoring Enables you to view active alarms.

Performance Monitoring Enables you to view and clear performance monitoring values and counters.

Maintenance Association Identifiers Enables you to define Maintenance Association Identifiers (MAID) for CFR protection.

Diagnostics and Maintenance Enables you to define and perform loopback tests, software updates, and IDU-RFU interface monitoring.

Security Configuration Enables you to configure IP-10G/E security features.

User Management Enables you to define users and user groups.

A Web-Based EMS connection to the IP-10G/E can be opened using an HTTP Browser (Explorer or Mozilla Firefox). The Web-Based EMS uses a graphical interface. All system configurations and statuses are available via the Web-Based EMS, including all L2-Switch configurations such as port type, VLANs, QoS.

The Web-Based EMS shows the actual node configuration and provides easy access to any IDU in the node.

1.1.1 Browser behavior with Web EMS

The Web EMS does not disable any innate browser functionality. However, some browser functions will not function as expected.

The browsers Back button will load the page that was open before you logged into the Web EMS. Therefore, you should use the navigation pane in the Web EMS to select pages, rather than the browsers Back button.

Selecting Refresh from the browsers menu or pressing F5 will not update the information on the page. Rather, it will start a new Web EMS session. Therefore, you should use the Refresh buttons within the Web EMS GUI to update data.

Note: For multi-radio configurations, protection, and extension units, available options will vary according to the available interfaces and configured features for selected slot.



1.2 Reference Guide to Web EMS Menu Structure

The following table shows the Web EMS menu hierarchy, with links to the sections in this document that provide instructions for the relevant menu item.

Note: Some menu items are only available if the relevant license or feature is enabled.

IP-10G/E Web EMS Menu Hierarchy

Root Menu Item Sub-Menus Applicability For Further Information

Faults Current Alarms IP-10G/E Viewing Current Alarms

Event Log IP-10G/E Viewing the Event Log

PM & Counters

PM Commands IP-10G/E Displaying and Clearing PMs

RMON IP-10G/E Displaying and Resetting RMON Counters

TDM Trails IP.10G only Displaying TDM Trail PMs

Pseudowire Port RMON IP.10G only Displaying Pseudowire PMs

E1/DS1 Port # IP.10G only Displaying E1/DS1 Line PMs

STM-1/OC-3 Port # IP.10G only Displaying STM-1/OC-3 Line PMs

Radio

Signal Level IP-10G/E RSL and TSL Thresholds

Displaying Signal Level PMs

Aggregate IP-10G/E Displaying Aggregate Radio PMs

MRMC IP-10G/E Displaying Radio MRMC PMs

MSE IP-10G/E MSE Threshold

Displaying Radio MSE PMs

XPI IP-10G/E XPI Threshold

Displaying Radio XPI PMs

TDM Channel IP.10G only Displaying TDM Channel PMs

Ethernet > Capacity IP-10G/E Displaying Capacity Statistics

Ethernet Capacity Threshold

Ethernet

Ethernet > Utilization IP-10G/E Displaying Utilization Statistics

Ethernet Utilization Threshold

Ethernet > Frame Error

Rate

IP-10G/E Displaying Frame Error Rate Statistics

Ethernet > Throughput IP-10G/E Ethernet Throughput Threshold

Displaying Throughput Statistics




Configuration General

Unit Parameters IP-10G/E Configuring and Viewing Unit System

Information

Configuring System Date and Time

Configuring Unit Serial and Part Numbers

Loading a New License Key

Configuring 1+1 HSB Protection in a New

Standalone System

External Alarms IP-10G/E Configuring External Alarms

Management IP-10G/E Configuring IP Addresses

Configuring the Management Ports

Preparing the System for Enhanced QoS


Standalone System


Nodal System

Traps Configuration IP-10G/E Configuring Traps

Licensing IP-10G/E Viewing Current License Details

Loading a New License Key

Working with a Demo License

Viewing Licensed Usage and Features

NTP IP-10G/E Configuring Network Timing Protocol (NTP)

Parameters

IP Table IP-10G/E Configuring Peer Port Settings

SNMP IP-10G/E Configuring SNMP

All ODU IP-10G/E Activating the All-ODU Enclosure

Dual Power Supply IP-10G/E Configuring Power Supply Alarms

Versions > IDU IP-10G/E Viewing IDU Version Information

Versions > RFU IP-10G/E Viewing RFU Version Information

Configuration Ethernet Switch

Switch Configuration IP-10G/E Configuring Smart Pipe Switch Mode

Configuring Managed and Metro Switch

Mode

Assigning VLANs to a Port

QoS & Rate Limiting IP-10G/E Preparing the System for Enhanced QoS

Configuring Enhanced QoS

Enhanced Traffic

Manager

IP-10G/E Configuring Enhanced QoS

Configuring Frame Cut-Through

STP Protocol IP-10G/E Setting the xSTP Protocol




RSTP/Ring RSTP IP-10G/E Configuring Ring-Optimized RSTP

Configuring Ethernet Ports to Support

RSTP

Configuring RSTP Priority

Viewing RSTP Status

Radio

Radio Parameters IP-10G/E Enabling and Disabling the Radio

Configuring the Radio Frequencies

Specifying the Radio Link ID

Enabling RSL Degradation Alarms

Configuring Green Mode

Configuring IF Combining Diversity

Configuring Multi-Radio

Displaying XPI Values

Viewing RFU Status

Viewing XPIC Status

Remote Radio IP-10G/E Configuring the Radio Frequencies

Viewing Remote Radio Parameters

Radio Thresholds IP-10G/E Radio Threshold Levels

MRMC IP-10G/E Selecting a Radio Script and Configuring

ACM

Viewing MRMC Status

Viewing Current Tx Status

Viewing Current Rx Status

Compression IP-10G/E Configuring Compression

Traffic Priority IP-10G/E Configuring Radio Traffic Priorities

ATPC IP-10G/E Configuring ATPC Override




Configuration

Interfaces

Ethernet Ports IP-10G/E Configuring a Single Pipe Port

Configuring a Managed Switch or Metro

Switch Port

Configuring Automatic State Propagation

Configuring LAGs

Configuring an Ethernet Port for

Pseudowire

Viewing Ethernet Interface Status

E1 Ports/DS1 Ports IP.10G only Configuring E1/DS1 Interfaces

STM Ports/OC-3 Ports IP.10G only Configuring STM-1/OC-3 Interfaces

Wayside Channel IP-10G/E Configuring the Wayside Channel

Preparing the System for Enhanced QoS

User Channel IP-10G/E Configuring the User Channel

EOW IP-10G/E Viewing the EOW Channel Status

AIS IP-10G/E Configuring AIS Detection and Signaling

Synchronization > Sync

Source

IP-10G/E Configuring the Synchronization Source

Configuring PRC Regenerator Mode and

Direction

Synchronization > Clock

Source

IP-10G/E Configuring the Outgoing Signal Clock

Protection

Protection Parameters IP-10G/E Configuring 2+0 Protection

Configuring 2+2 HSB Protection

Specifying Active and Standby Mode

Configuring Switchover Criteria

Viewing Mate Parameters

Multi-Unit LAG IP-10G/E Configuring Multi-Unit LAG

Radio Diversity IP-10G/E Configuring Diversity

Trails TDM Trails IP-10G only Configuring TDM Trails




Configuration Pseudowire

Card Configuration IP-10G only Configuring Pseudowire Synchronization

Configuring the Pseudowire T-Card

TDM Ports IP-10G only Configuring the Pseudowire TDM Ports

SOAM/Maintenance

Domain

IP-10G only Configuring MDs

SOAM/Maintenance

Association

IP-10G only Configuring MAs

Pseudowire Profiles IP-10G only Configuring Pseudowire Profiles

Tunnels/PSN Tunnels IP-10G only Configuring Pseudowire Encapsulation

(Tunnels)

Tunnels/Tunnel Groups IP-10G only Configuring Tunnel Groups and Pseudowire

Path Protection

DS0 Bundles IP-10G only Configuring DS0 Bundles

Pseudowire Service IP-10G only Configuring Pseudowire Services

Service OAM

MAID List IP-10G/E Working with MAIDs

Managing Local MEPs

Managing Remote MEPs

Working with MEPs

MEP and MIP List IP-10G/E Working with MEPs

Working with MIPs

Advanced Manual Ping IP-10G/E Pinging Remote MEPs and MIPs

Manual Linktrace IP-10G/E Performing a Manual Linktrace

Diagnostics &

Maintenance

Loopback

Radio IP-10G/E Radio Loopback

PDH Line IP-10G only E1/DS1 Line Loopback

SDH/SONET Line IP-10G only STM-1/OC-3 Line Loopback

Pseudowire TDM Ports IP-10G only Pseudowire Line Loopback

Configuration Management IP-10G/E Configuring FTP or SFTP (Secure FTP)

Archiving the Configuration

Restoring the Default Configuration

Software Management IP-10G/E Configuring IDU Software

RFU Download IP-10G/E Updating the RFU Software Version

IDU-RFU Interface Monitoring IP-10G/E Monitoring the IDU-RFU Interface

Resets IP-10G/E Resetting the Unit

File List IP-10G/E Viewing System Application Files




Security

Security Configuration IP-10G/E Configuring Secure Communication

Channels

Configuring a Timeout for Inactive Users

Users & Groups IP-10G/E Adding Users

Deleting Users

CSR File IP-10G/E Generating a Security Certificate from a CSR

File

Change Password IP-10G/E Changing Your Password

RADIUS IP-10G/E Configuring RADIUS



2. Getting Started


Establishing a Connection with the IDU

Launching the Web EMS

Configuring IP Addresses



2.1 Establishing a Connection with the IDU

The default factory configuration of a new IP-10 IDU is:

IP Address: 192.168.1.1, IP Mask 255.255.255.0.

Active management ports: ports 6, and 7 (far right RJ45 ports), out-of band management.

License: Basic capacity 10Mbps, no ACM, Smart Pipe (only GbE ports, ports #1 or #3)

SW package: Basic 6.xx.xx.

Protection: Disabled. 1+0 configuration

To establish a connection with the IDU:

1 Verify that no Ethernet traffic (cables or fibers) is connected. 2 Power up the IDU. 3 Connect your PC or laptop to one of the IDU management ports (ports

6 or 7, far right RJ45 ports).

4 Set your PC or laptop to the following configuration:

IP Address: 192.168.1.240

IP Mask 255.255.255.0

No default gateway.

5 Verify connectivity to the IDU by pinging 192.168.1.1. If there is no connectivity, verify IDU IP management configuration using the Command Line Interface (CLI).



2.2 Launching the Web EMS

You can use the Web EMS to perform initial IDU configuration. To launch the Web EMS:

1 Start your web browser. 2 In the URL address field at the top, type http://yourIP, where yourIP is the

IP address of the IDU. The default IDU IP address is 192.168.1.1. 3 Press Enter. The IP-10 Login page is displayed.

4 Enter the user name and password:

Default user name: admin

Default password: admin.

5 Click Apply. The Main View page opens, displaying all the units populated slots.

Note: For multi-radio configurations, protection, and extension units, available options will vary according to the available interfaces and configured features for selected slot.

Main View - Multi Radio Configuration

Main View - Single Unit Configuration

Configuration and other operations are performed by clicking the menus on the left side of the page.



2.3 Configuring IP Addresses

You can configure the local IDUs IP address in the Local IP Configuration section of the Management page.

You can configure the remote IDUs IP address in the Remote IP Configuration section of the Management page.

In protected configurations, the floating IP address feature provides a single IP address that will always provide direct access to the currently active main unit. This is used primarily for web-based management and telnet access.

The user can configure a floating IP address in the active unit, and this IP address will be automatically copied to the standby unit.

To configure local IP settings:

1 Select Configuration > General > Management. The Management page opens.

2 In the Local IP Configuration section of the Management page, enter the IP address of the local unit, its subnet mask, and the default gateway.

3 Optionally, enter a floating IP address. The following limitations apply to a floating IP address:

The floating IP address must be different from the system IP address.

The floating IP address must be in the same subnet as the system IP address.

To configure remote IP settings:

1 Select Configuration > General > Management. The Management page opens.

2 In the Remote IP Configuration section of the Management page, enter the IP address of the remote unit and its subnet mask.

3 Click Open Remote to open the remote unit's management page.



3. Configuring Secured Access Protocols


Security Overview

Configuring SNMP

Configuring Secure Communication Channels



3.1 Security Overview

To guarantee proper performance and availability of a network as well as the data integrity of the traffic, it is imperative to protect it from all potential threats, both internal (misuse by operators and administrators) and external (attacks originating outside the network).

System security is based on making attacks difficult (in the sense that the effort required to carry them out is not worth the possible gain) by putting technical and operational barriers in every layer along the way, from the access outside the network, through the authentication process, up to every data link in the network.

3.1.1 Defenses in Management Communication Channels

Since network equipment can be managed from any location, it is necessary to protect the communication channels contents end to end.

These defenses are based on existing and proven cryptographic techniques and libraries, thus providing standard secure means to manage the network, with minimal impact on usability.

They provide defense at any point (including public networks and radio aggregation networks) of communications.

While these features are implemented in Ceragon equipment, it is the responsibility of the operator to have the proper capabilities in any external devices used to manage the network.

In addition, inside Ceragon networking equipment it is possible to control physical channels used for management. This can greatly help deal with all sorts of DoS attacks.

Operators can use secure channels instead or in addition to the existing management channels:

SNMPv3 for all SNMP-based protocols for both NEs and NMS

HTTPS for access to the NEs web server

SSH-2 for all CLI access SFTP for all software and configuration download between NMS and NEs

All protocols run with secure settings using strong encryption techniques. Unencrypted modes are not allowed, and algorithms used must meet modern and client standards.

Users are allowed to disable all insecure channels.

In the network elements, the bandwidth of physical channels transporting management communications is limited to the appropriate magnitude, in particular, channels carrying management frames to the CPU.

Attack types addressed

Tempering with management flows

Management traffic analysis

Unauthorized software installation

Attacks on protocols (by providing secrecy and integrity to messages)



Traffic interfaces eavesdropping (by making it harder to change configuration)

DoS through flooding

3.1.2 Defenses in User and System Authentication Procedures

3.1.2.1 User Identification

IP-10G/E supports the following user identification features:

Configurable inactivity time-out for closing management channels

Password strength is enforced; passwords must comply with the following rules:

Be at least 8 characters long

Include both numbers and letters (or spaces, symbols, etc.)

Include both uppercase and lowercase letters

When calculating the number of character classes, upper-case letters used as the first character and digits used as the last character of a password are not counted

A password cannot be repeated within the past 5 password changes

Password aging: users can be prompted do change passwords after a configurable amount of time

Users may be suspended after a configurable number of unsuccessful login attempts

Users can be configured to expire at a certain date

Mandatory change of password at first time login can be enabled and disabled upon user

FibeAir IP-10G IP-10E User Guide Rev D.01

Documents

Transcript of FibeAir IP-10G IP-10E User Guide Rev D.01