Configuring the ONS 15190

Although a node generally describes a connection to an external device, a node can be logically defined even before the device is actually connected to the ONS 15190. A detailed description of the various types of nodes is presented later in this chapter.

When the ONS 15190 is physically connected to networking devices (for example, routers), the various nodes (which correspond to these external devices) must be defined. Then the unit can be configured to form connections between these nodes. This configuration can include the definition of SRP rings or POS/APS connections between nodes. It can also include the definition of sniff nodes that are used to monitor other nodes in the system. This configuration can be performed via telnet or an RS-232C connection to the unit.

Two ONS 15190 units can operate in an "inner-outer" fiber topology so that the SRR protocol provides redundancy to maintain full connectivity in the event of a failure in one ONS 15190. In this scenario, the inner ring fibers are connected to one ONS 15190 unit, and the outer ring fibers are connected to the second unit, meaning that only half of an SRP node is described in each ONS 15190 unit. For this reason, all configuration commands related to such nodes must be performed on both ONS 15190 units in order for them to operate correctly.

Starting the ONS 15190

Before the ONS 15190 can be accessed via the network (Telnet), the networking parameters must be configured via direct RS-232C serial connection (console interface). The enable secret must also be defined to enter the privileged EXEC mode. The easiest way to perform these operations is to use the setup privileged EXEC command. The setup wizard prompts you to provide the necessary information.

ons15190#setup

--- System Configuration Dialog ---
 
Refer to the 'ONS 15190 documentation' Guide for additional help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog?[yes]:yes

Configuring global parameters:
Enter host name [ons15190]:ons15190

The enable secret is a one-way cryptographic secret.
Enter enable secret:wtkl

Configuring interface Ethernet0:
Is this interface in use? [yes]:yes

IP address for this interface [192.168.10.1]:192.168.10.1

Number of bits in subnet field [8]:8

8 subnet bits; mask is 255.255.255.0
Start SRP/POS nodes discovery procedure[yes]:yes

Sniff configuration:
 
   Sniffer              Interface  Sniffed node         Interface 
   -------------------- ---------- -------------------- ----------
   No sniffer nodes.
 
POS connections:
 
   Node                 IP Address      Interfaces     Type Other         
   -------------------- --------------- -------------- ---- -------------------
   No POS connections.
 
Ring configuration (nodes in order of outer ring):
 
   AB Rings:
   Ring Name  Nodes                IP Address      A    B    Type Other    
   ---------- -------------------- --------------- ---- ---- ---- -------------
   default    7500B                20.1.1.12       L7/1 L4/3 OC12              
              Shira                20.1.1.8        L5/1 L5/2 OC12              
   No Inner rings defined.
   No Outer rings defined.
 
   Free SRP/Fiber nodes:
     No Free AB nodes.
     No Free Inner nodes.
     No Free Outer nodes.
     No Free Fiber nodes.
 
Apply configuration? y          
Building configuration...
[OK]
Press RETURN to get started!

After you enter the IP networking parameters and the enable secret, you are prompted to perform an autoconnect (start SRP/POS nodes discovery procedure):

If you already have a configuration file to be used, you can answer no to this prompt

: or

If you want the system to automatically configure all connected SRP nodes, answer yes to this prompt

The system then displays the configuration and prompts you to use this configuration.

If you need to manually set the network parameters or enable secret, follow the instructions in the following sections:

Configuring Network Parameters

To manually enter the networking parameters, enter interface command mode for the Ethernet interface and use the ip address command to set the IP address and subnet mask of the unit.

ons15190>enable

ons15190#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
ons15190(config)#interface ethernet 0

ons15190(config-if)#ip address 10.52.19.23 255.255.255.192

In the ip address command, the first string is the IP address, and the second string is the subnet mask.

To set the default gateway, use the ip default-gateway global configuration command, as shown in the following example:

ons15190(config-if)#exit

ons15190(config)#ip default-gateway 10.52.19.1

Now, the system can be accessed over a network at the given IP address.

Configuring Security Parameters

By default, AAA authentication and authorization is enabled in the ONS 15190. Before you have configured the AAA parameters, you must access the unit via the console interface. When you attempt to log in to the ONS 15190 via Telnet, you will be prompted for a password. The default password is the enable secret. Use the aaa authentication login command to override this setting and specify a TACACS+ server for authentication.

Password for Privileged EXEC

When you receive your ONS 15190, there is no password defined to enter the privileged EXEC mode. Because many of the privileged commands set operating parameters, privileged access should be password-protected to prevent unauthorized use. After a password is configured with the enable secret global configuration command, users are prompted to enter it before being allowed access to privileged EXEC mode. To enable a password, use the enable secret command as shown in the following example:

ons15190>enable

ons15190#enable secret xxxxxx

The string xxxxxx is any valid alphanumeric string and is case-sensitive.

Note If there is no enable secret defined, the system can only be accessed via the console interface. Access via Telnet is disabled in this case.

AAA Authentication and Authorization

AAA authentication and authorization is described in the following sections:

Overview

Note For a complete description of the AAA Cisco model and TACACS+ server functionality, see the Cisco IOS Security Configuration Guide.

AAA authentication is used to restrict access to system login or privileged EXEC command level. AAA authorization limits the use of specific commands according to user, by using the information retrieved from the user's profile on the TACACS+ security server.

AAA is automatically enabled on the ONS 15190 and you may configure the security configuration to work with or without a TACACS+ server. Use of a TACACS+ server provides much more flexibility in terms of AAA security configurations.

By default, the system is set to work without a TACACS+ server, and the default login password is the same as the enable secret. Because of this, you cannot log into the system via a network connection (Telnet) until the enable secret has been defined or the AAA configurations have been changed from their default. See "Password for Privileged EXEC" for more information on defining the enable secret.

Note Use of a TACACS+ server is the only security method provided on the ONS 15190 that allows authentication and authorization definitions by specific user. Authorization can only be defined with the use of a TACACS+ server.

AAA Configuration without TACACS+

There are two options of AAA security configuration without using a TACACS+ server:

Unrestricted access to the ONS 15190 user EXEC mode and authenticated access to privileged EXEC mode—In this scenario no password is required to access the ONS 15190 from the network (Telnet), and the enable secret is required to access privileged EXEC mode. To configure this level of security, use the following commands:

aaa authentication login default none
aaa authentication enable default enable

: These commands specify that no login authentication is performed, and that enable (privileged EXEC mode) authentication is performed using the enable secret.

Authenticated access to user and privileged EXEC modes using the enable secret. To configure this level of security, use the following commands:

aaa authentication login default enable
aaa authentication enable default enable

: These commands specify that the enable secret is to be used for both login authentication and enable (privileged EXEC mode) authentication. This scenario is the default if no AAA authentication configuration is defined.

In both of these scenarios, the password (the enable secret) is per ONS 15190 unit and not dependant on the specific user being authenticated.

For authentication commands, you can specify more than one authentication method, in case the first method can not be used. For example, if the enable secret has not been defined, using the above commands will not provide access to the ONS 15190. The following example will allow access even if the enable secret has not been set:

aaa authentication login default enable none
aaa authentication enable default enable none

In this example, authentication only reverts to none if there is no enable secret defined on the ONS 15190 unit. If the user fails to provide the correctly defined enable secret, authentication fails.

AAA Configuration with TACACS+

To configure security on the ONS 15190 using AAA with TACACS+, follow this process:

1. Use the tacacs-server host command to configure the security parameters for the TACACS+ server. It is advisable to provide more than one server, in the event that the first server is down.

2. Define the method lists for authentication by using the aaa authentication login and aaa authentication enable commands. If you are using a TACACS+ server for authentication, you should to provide a second method of authentication (such as enable or none), in the event that the TACACS+ server is down.

3. (Optional) Configure authorization using the aaa authorization command. You must be logged in to the system as an authenticated user in order to successfully define AAA authorizations.

Note You must configure the TACACS server using the tacacs-server host command before enabling AAA authentication with TACACS+. Otherwise, the system will attempt to authenticate with the TACACS+ server, but it will not know how to locate the server.

Note You must be an authenticated AAA user before you can define AAA authorizations, otherwise you will not be able to execute any commands because you will not be an authorized user. After configuring AAA authentication, log out of the system and re-enter using an authorized password. At this point the AAA authorizations can be defined.

Note You should specify at least one alternative authentication and authorization method besides tacacs (such as enable or if-authenticated). Otherwise, you will not be able to access the ONS 15190 if the TACACS+ server is not available.

Note The encryption key set using the tacacs-server command must match the key set on the corresponding TACACS+ server.

TACACS+ Authentication and Authorization Configuration Examples

The following example shows a sample AAA authentication configuration:

tacacs-server host 10.52.19.44
tacacs-server host 10.52.19.47 key SpecialKey
tacacs-server host 10.52.19.51
tacacs-server key myTacacsPassWord
tacacs-server timeout 15
aaa authentication login default tacacs+ enable 
aaa authentication enable default tacacs+ enable

This example specifies:

Three different TACACS+ servers to use for authentication
The TACACS+ encryption key is set to myTacacsPassWord for the first and third TACACS+ servers, and set to SpecialKey for the second server
The timeout value used to wait for a response from each of the three servers is 15 seconds
The enable secret is used for login authentication if the TACACS+ servers are not available for any reason
The enable secret is used for privileged EXEC authentication if the TACACS+ servers are not available for any reason

Once the authentication configuration has been specified, you must log out of the ONS 15190 and log in as an authenticated user before configuring the AAA authorization. The following example shows a sample AAA authorization configuration:

aaa authorization command 1 default tacacs+ if-authenticated 
aaa authorization command 15 default tacacs+ if-authenticated 
aaa authorization config-commands

This example specifies:

Authorize command level 1 commands (user EXEC) using one of the TACACS+ servers; if the TACACS+ servers are not available, user EXEC commands are authorized for all authenticated users (if-authenticated)
The same authorization methods are used for command level 15 commands (privileged EXEC), except configuration commands

Configuration commands are authorized using the same methods as privileged EXEC commands

Note List several authentication and authorization methods to be used if previous methods return errors. Subsequent methods are only used if an error is received; if the previous method fails, authentication or authorization is denied.

ONS 15190 Configuration

The ONS 15190 configuration is described in the following sections:

Automatically Configuring the ONS 15190
Building SRP Rings
POS and APS Features of the ONS 15190
Analyzing Traffic Using a Sniff Node
Configuring Two ONS 15190 Units in Inner-Outer Topology
Configuring Nodes
Applying the Configuration
Cascading ONS 15190 Units
Creating a Login Message
Monitoring the Laser Power
Transparent Path Trace Message

Installing Software

Note Any changes made to the running configuration must be saved to the startup configuration file, so that when the system is rebooted, the changes will remain in effect. To do this, use either the copy running-config startup-config command or the write command.

Note Any configuration changes made in rconf mode must be saved to the running configuration by using the apply command.

Automatically Configuring the ONS 15190

The simplest way to configure the system for SRP use is with the autoconnect privileged EXEC command. After the various nodes are physically connected to the ONS 15190, enter autoconnect at the system prompt. The system will determine all physical connections, configure them into one or two rings (one for OC-12c/STM-4 and one for OC-48/STM-16) and then display them in table format for your approval.

ons15190#autoconnect

Sniff configuration:
 
   Sniffer              Interface  Sniffed node         Interface 
   -------------------- ---------- -------------------- ----------
   No sniffer nodes.
 
POS connections:
 
   Node                 IP Address      Interfaces     Type Other         
   -------------------- --------------- -------------- ---- -------------------
   No POS connections.
 
Ring configuration (nodes in order of outer ring):
 
   AB Rings:
   Ring Name  Nodes                IP Address      A    B    Type Other    
   ---------- -------------------- --------------- ---- ---- ---- -------------
   default    GSR_Left             20.1.1.1        L1/1 L3/3 OC12              
              GSR_Right            20.1.1.2        L1/4 L8/3 OC12              
              Steve                20.1.1.7        L6/3 L2/3 OC12              
              7500A                20.1.1.11       L5/2 L3/2 OC12              
              Sharon               20.1.1.9        L4/1 L7/2 OC12              
              Shuli                20.1.1.10       L5/4 L4/2 OC12              
              Sam                  20.1.1.5        L6/1 L4/4 OC12              
              Sigal                20.1.1.6        L7/3 L7/1 OC12              
   No Inner rings defined.
   No Outer rings defined.
 
   Free SRP/Fiber nodes:
     No Free AB nodes.
     No Free Inner nodes.
     No Free Outer nodes.
     No Free Fiber nodes.
 
Apply configuration? y          
Configuration applied.
ons15190#

When the configuration is detected, you are prompted to apply the configuration:

Enter y to apply the configuration

: or

Enter n to discard.

If warning messages are displayed when you use the autoconnect command, see the section "Troubleshooting Configuration Problems" later in this chapter.

Figure 5-1 illustrates the ONS 15190 configured into one ring. Figure 5-2 illustrates two rings configured from the devices connected to a single ONS 15190. Each line in these figures represents a pair of fiber optic cables.

Figure 5-1: ONS 15190 Configured into One Ring

Note The autoconnect command ignores non-SRP nodes.

Note To perform automatic connection of srp-inner or srp-outer nodes connected to two redundant ONS 15190 units, use the io-autoconnect privileged EXEC command. This command must be executed on both ONS 15190 units.

Figure 5-2: ONS 15190 Configured into Two Rings

Building SRP Rings

The creation and configuration of SRP rings is presented in the following sections:

Configuring SRP Nodes

In most instances, the autoconnect feature successfully identifies all connected nodes and configures the ring correctly. Sometimes, however, manual adjustments might need to be made. If all nodes are correctly identified, and you need to reconfigure the ring(s), see the section "Creating SRP Rings". If you need to add nodes to the ring after the ring is configured, you must first configure the individual nodes or use the autodetect command.

To configure a connected SRP node, you must first create a definition for the node within the ONS 15190 by using the node create rconf configuration command. Specify the name and type of the node you are creating and the specific interface in the unit to which it is attached, as in the following example:

ons15190#rconf

ons15190(rconf)#node create srp ny l1/1 l2/1

OC12 SRP node ny created.

Srp is the node type; ny is the node name; L1/1 is the A interface of the node; L2/1 is the B interface of the node. This node definition is made for each node connected to the unit unless the autoconnect command is used.

ons15190(rconf)#node create srp phili l1/2 l3/1

OC12 SRP node phili created.
ons15190(rconf)#node create srp boston l2/2 l3/2

OC12 SRP node boston created.
ons15190(rconf)#node create srp hartford l4/1 l5/1

OC12 SRP node hartford created.
ons15190(rconf)#node create srp baltimore l4/2 l6/1

OC12 SRP node baltimore created.

Other possible node types are APS, fiber, POS, sniff and SRP inner/outer (for configuring two redundant ONS 15190 units). If no node type is specified, SRP is the default. If the line card to which the node is to be connected is not present when the node is defined, you must manually specify the port speed. For more information on the specific syntax for each node type, see the chapter "Command Line Interface Reference".

Creating SRP Rings

After you define the individual nodes, you can configure logical rings by using the various ring rconf configuration commands. To define a new ring, use the ring create command as in the following example:

ons15190(rconf)#ring create control1

SRP ring control1 created.

The ring control1 is created. Now the specific nodes must be added to this new ring. The following example illustrates the addition of the defined five nodes to this ring:

ons15190(rconf)#ring control1 nodes ny phili boston hartford baltimore

Ring control1 node list set.

The order of the nodes is according to the order of the outer ring.

Adding and Removing Nodes from SRP Rings

To add a node to an existing ring, use the ring add rconf configuration command. To remove a node from a ring, use the no form of this command.

POS and APS Features of the ONS 15190

To take advantage of the available APS features, the ONS 15190 must be connected to devices that support APS. You should configure any such devices (for example, GSR, ADM), so that one connection is defined as the working link (W) and the other as the protection link (P). Also determine to which interface each of these connections is physically connected in the ONS 15190.

ONS 15190 APS functionality is compliant with Bellcore GR-253 and ITU-T G.783, with the exception that unidirectional APS functionality is not supported.

Configuring APS Nodes

To configure a particular node to be defined for linear APS, use the command node create as in the following example:

ons15190(rconf)node create aps xxx l7/1 l8/1 

oc12OC12 APS node xxx created.

In this example, the W link of node xxx is connected to L7/1, and the P link is connected to L8/1. By default, the APS mode is set to be bidirectional, SONET, and nonrevertive, as can be displayed by using the show node EXEC command as in the following example:

ons15190#show node xxx

Node xxx:
 
   Type:          APS
   W-Interface:   L7/1
   P-Interface:   L8/1
   APS Mode:      Bidirectional
   Switching:     Non-revertive
 
   Int Type:      OC12
   Mode:          SONET
   Clock Source:  Internal
   SD Threshold:  1e-6
   SF Threshold:  1e-3
   AIS Setting:   Auto
 
Current configuration not yet applied.

Bidirectional nodes always use the same link (P or W). When a node is nonrevertive, control remains wherever it is as long as the link is functional. For revertive nodes, control always returns to the working link as soon as the link is functional again.

Note Only bidirectional APS nodes are supported.

APS Node Status

To display the current status of the APS node named xxx, use the show aps node EXEC command as in the following example.The status indicates whether the working or protect link is active and whether there is a problem on either of the links.

ons15190#show aps node xxx

APS_NODE:xxx sonet bidir  nonRevertive active: W
HIGHEST-REQUEST: NoRequest(Local) ch:0
KBYTES: RxK1:0   TxK1:0   RxK2:5   TxK2:5
REQUESTS(local):
ALARMS:

In this example, the W link is currently active and the APS status is normal.

If there is a problem on the active link and control is switched to the protect link, a status message appears, as in the following example:

ons15190#show aps node xxx

APS_NODE:xxx sonet bidir  nonRevertive active: P
HIGHEST-REQUEST: SignalFail(Local) ch:1
KBYTES: RxK1:21  TxK1:c1  RxK2:15  TxK2:15
REQUESTS(local): SignalFail(ch:1) 
ALARMS:

Here, due to a signal failure on the working link, the protect link took over and is now active. The node is defined as nonrevertive, so even when the working link is back up, the protect link will remain active as long as this link is operational.

Creating POS and APS Connections

The ONS 15190 can be used to connect various POS or APS nodes. Create POS or APS nodes using the node create rconf configuration command and connect them together using the pos connect rconf configuration command.

In the following example, two POS nodes, pos1 and pos2, are defined and connected to each other.

ons15190(rconf)#node create pos pos1 l5/2

OC12 POS node pos1 created.
ons15190(rconf)#node create pos pos2 l6/2

OC12 POS node pos2 created.
ons15190(rconf)#pos connect pos1 pos2

Nodes connected.

Analyzing Traffic Using a Sniff Node

You can connect an external analyzer to the ONS 15190 to analyze any node connected to the unit. Physically connect the analyzer to an open interface and define it as a sniff node using the node create rconf configuration command, as in the following example:

ons15190(rconf)#node create sniff sniff-2 l5/2

OC12 Sniff node sniff-2 created.

In this example, sniff-2 is the name of the sniff node and L5/2 is its interface.

The following example configures the node sniff-2 to monitor all received traffic passing through the A side of SRP node ny:

ons15190(rconf)#sniff connect sniff-2 ny a-rx

Sniffer connected.

The definition of which interface to monitor depends on the node type. Valid values are as follows:

Sniffed Node Interface	Description
a-rx	A side, Rx of SRP node
a-tx	A side, Tx of SRP node
b-rx	B side, Rx of SRP node
b-tx	B side, Tx of SRP node
w-rx	working link, Rx of APS node
w-rx	working link, Tx of APS node
p-rx	protection link, Rx of APS node
p-tx	protection link, Tx of APS node
rx	Rx of POS node
tx	Tx of POS node

The rx/tx indications are from the viewpoint of the node. For example, if b-rx is indicated for an SRP node, the stream going from the ONS 15190 to the B-side of the node will be monitored.

Note Only one node at any one time can be defined as a sniff node.

Configuring Two ONS 15190 Units in Inner-Outer Topology

For DPT rings that operate in an "inner-outer" fiber topology with two ONS 15190 units, SRR provides redundancy to maintain full connectivity in the event of a failure in one ONS 15190. In this scenario, the inner ring fibers are connected to one ONS 15190 unit, and the outer ring fibers are connected to the second unit, meaning that only half of an SRP node is described in each ONS 15190 unit. For this reason, all configuration commands related to such nodes must be performed on both ONS 15190 units in order for them to operate correctly. If a command, such as a ring definition, is defined on only one unit, the configuration will be incomplete, and results may be unpredictable.

Figure 5-3: Two ONS 15190 Units Connected in Inner-Outer Topology

Note In order for the SRR protocol to work correctly in the ring and provide complete system redundancy, all routers/devices in the ring must support SRR. SRR is supported in IOS Release 12.0(16)S for OC-48/STM-16.

In order to automatically configure two ONS 15190 units that are to work with SRR, execute the io-autoconnect privileged EXEC command on both ONS 15190 units. The SRP rings will be defined from the inner and outer nodes in the same order in both units.

If other configuration changes need to be performed, such as reordering the nodes in the ring, adding or removing nodes from the ring or parameter changes as described in the section Configuring Nodes, the commands must be executed on both units. When the configuration changes are complete, the apply rconf configuration command must be executed on both units.

Configuring Nodes

The following node parameters can be set using the node set rconf configuration commands:

AIS
APS mode (only bidirectional is supported)
Clock-source (internal-clock or line-recovered)
Mode (SONET/SDH)
Signal degrade BER threshold
Signal fail BER threshold
APS switching (nonrevertive or revertive)

The following example configures node ny to always send AIS signals:

ons15190(rconf)#node ny set ais always

Node ny AIS setting set to Always.

The following example configures the APS node xxx to support revertive switching:

ons15190(rconf)#node xxx set switching revertive

Node xxx set to revertive, WTR = 5 minutes.

Applying the Configuration

When the draft configuration is correctly set, you must apply the configuration for it to become the running configuration by using the apply command. This is applicable to all options set within the rconf configuration mode.

ons15190(rconf)#apply

Configuration applied

Note If the active controller is reset before the configuration is applied, the draft configuration will be lost. In addition, any changes made to the running configuration must be saved to the startup configuration file, so that when the system is rebooted the changes will remain in effect. To do this, use either the copy running-config startup-config or write command.

As long as you do not enter the apply command, you can discard all draft configuration changes by executing the discard command.

Note If two ONS 15190 units are being configure for redundancy, the configuration must be applied in both units.

Cascading ONS 15190 Units

If the number of nodes in the ring exceeds the available connections on the ONS 15190, it is possible to cascade multiple units together and configure all connected nodes into one ring.

To cascade two or more ONS 15190 units together, do the following:

Step 1 Physically connect the units together with pairs of fiber-optic cables. Each ONS 15190 unit is connected to the other units using two pairs of cables: if two units are being connected, two pairs of cables are connected between the two units; if multiple units are being connected, one pair of cables connects each ONS 15190 unit to each of its neighboring ONS 15190 units, such that each unit is connected to two other units.

Step 2 Enter the autoconnect command on the first ONS 15190 unit.

Step 3 Enter the write command on the first ONS 15190 unit.

Step 4 Repeat steps 2 and 3 for each of the connected ONS 15190 units, in the order that they are physically connected.

The units are now configured into the same ring. All nodes connected to any of the units are now contained within this ring. Figure 5-4 illustrates multiple ONS 15190 units cascaded into one ring. Each line in the figure represents a pair of fiber optic cables.

Figure 5-4: Multiple ONS 15190 Units Cascaded into One Ring

Note If a span of routers is connected to any of the ONS 15190 units, both the span and the cascaded links to other ONS 15190 units will need to be manually defined to be recognized by the ring of ONS 15190 units.

Note When cascading multiple ONS 15190 units together, set the trace-mode for SRP nodes to normal (default) using the pathtrace-mode global configuration command.

Creating a Login Message

A message of the day (MOTD) is displayed when the system is accessed via Telnet. To create a new MOTD, use the banner motd global configuration command, as in the following example:

ons15190(config)#banner motd "This is the message-of-the-day banner which will be 
displayed"

Monitoring the Laser Power

Some four-interface OC-12c/STM-4 line cards are equipped with a laser power monitor. This feature allows you to verify the level of the laser as it enters the line card and the level of the laser as it is transmitted out. The input power which is read from the hardware, has a resolution of ±3.0 dBm. The output power is as read in the BOL (beginning of life) and has a resolution of ±3.0 dBm.

To display these power measurements for all interfaces, use the show interface laser privileged EXEC command as in the following example. To display the information for an individual interface, specify the interface.

ons15190#show interface laser

Port   Type      Output Power  Input Power
----  -----     ------------  -----------------
L3/2   OC12      Laser ON      Monitor not supported for port
L4/1   OC12      -13.2         No Rx signal (Link Down)
L4/2   OC12      -11.0         -24.0
L4/3   OC12      -12.4         higher than -18.0
L4/4   OC12      -12.0         lower than  -32.0

If the interface does not support the power laser monitor feature, the following message is displayed for the associated interface: "Monitor not supported for port."

Transparent P ath Trace Message

The pathtrace-mode command allows you to set the path trace message (J1 byte of the SONET/SDH frame) of the ONS 15190 to be transparent for nodes of a specific type.

For example, if node A is connected to node B via the ONS 15190, in transparent mode, the pathtrace message transmitted by B will be that received by A and not that of the ONS 15190. In normal mode, the ONS 15190 transmits its own path trace message to each connected node. By default, SRP and raw nodes are set to normal trace-mode and POS, APS, and sniff nodes are set to transparent trace-mode.

To enable transparent path trace, use the pathtrace-mode global configuration command:

pathtrace-mode {pos | raw | sniff | srp} transparent

To disable transparent path trace, use the no form of this command.

Note If fiber loops are present on the system, the path trace mode must be set to normal for SRP nodes in order for features such as autoconnect, and autodetect to function correctly.

Installing Software

If you are upgrading from a release of the software below Release 2.0, follow the upgrade procedure in the section "Upgrade from Release 1.x." If you are upgrading from Release 2.x, follow the upgrade procedure in the section "Upgrade from Release 2.x." To install the software from release 3.0 and above, follow the procedure in the section "Upgrade from Release 3.x."

Note Downtime due to the software upgrade will be up to 2 minutes due to an update in the firmware.

Caution Due to changes in the database made in newer releases, it is not possible, following an upgrade, to revert to earlier releases of the system configuration. For this reason, you are advised to save the current configuration on your system before upgrading. Then if you experience a problem with the new release, you will be able to revert to the previous software revision and reload the old configuration.

To upload the configuration to a tftp server, use the privileged EXEC command copy startup-config tftp:\\host[\dir]\filename, where host is the IP address of the TFTP server where you are saving the configuration file, and filename is the filename of the configuration file.

Note Due to a change in the security features in Release 3.0, when you upgrade to Release 3.0 you will not be able to access the unit via Telnet. You must login via the console interface and configure the enable secret or AAA using TACACS+. Refer to "Starting the ONS 15190" for more information.

Upgrade from Release 3.x

To upgrade your ONS 15190 with a new release of software when Release 3.x is already installed, do the following.

Step 1 Download the new software image file into the ONS 15190 Flash memory by using the privileged EXEC command: copy tftp:\\host[\dir]\filename image, where host[/dir]/filename is the address of the image file on a TFTP server. For example:

ons15190#copy tftp:\\192.168.10.1\ver30 image

      Retrieving 192.168.10.1:ver30... 1.17MB Done.
Release   :  3.0
Created by:  Cisco Systems
Created on:  Mon Apr 16 13:40:33 2001
Are you sure? y                                      
Checking CRC of image...OK
Storing image ...100%.
Updating image information (might take a while) Done.

In this example, the TFTP server IP address is 192.168.10.1, and the remote filename of the software upgrade is ver30.

Step 2 Enter y to continue with the process, when prompted with the release to be saved. After the file is downloaded, it is stored within the Flash memory of both controller cards of the ONS 15190. A reset is performed automatically to the standby controller card so that the new software release will be up and running on the standby controller, but not on the active controller.

Step 3 Enter y to continue, when prompted to reset the active controller. Control will be transferred to the previous standby controller that is already running the new software, and the active controller is reset with the new software as well. This causes the ONS 15190 to begin running the new software release.

Changes will take affect only after controller reset
Do you want to reset now? y

Resetting...
SUN APR 29 15:29:15 2001 Controller reset
0:00:00.270 System powered on.

When the system is reset, communication will be lost to the controller. One of the following occurs:

If you are connected via RS-232C, notification of the lost communication is displayed on the screen
If you are connected via Telnet, the connection will just stop functioning. You will need to log into the system again.

Upgrade from Release 2.x

Note Upgrades to Release 3.x from releases below Release 2.5 will discard all sniff connections; convert all unidirectional APS nodes to bidirectional nodes; and discard all low level (raw) configurations.

To upgrade your ONS 15190 to Release 3.x when Release 2.x is already installed, do the following:

Step 1 Download the new software image file into the ONS 15190. You need the TFTP server IP address where the file is located, as well as the name of the file as in the following example:

admin> tftp get 192.168.10.185 ver30 image

      Retrieving 192.168.10.185:ver3.0... 2.91MB Done.
Release   :  3.0
Created by:  Cisco Systems
Created on:  Mon May 01 20:55:40 2000
Are you sure? y

Storing image ...100%.
Updating image information (might take a while) Done.
synchronizing Image                     OK

In this example, the TFTP server IP address is 192.168.10.185, and the remote filename of the software release is ver30.

Step 3 Enter y when prompted to reset the active controller in order to begin running the new software release. Control will be transferred to the previous standby controller that is already running the new software, and the active controller will be reset with the new software as well.

Changes will take affect only after controller reset
Do you want to reset now? y

resetting...

When the system is reset, communication will be lost to the controller. One of the following occurs:

If you are connected via RS-232C, notification of the lost communication is displayed on the screen
If you are connected via telnet, the connection will just stop functioning.

Step 4 You will need to log into the system again via the console interface. Before you can access the box via Telnet you will need to configure the security parameters. (See "Starting the ONS 15190.")

The system will now be running the new software release. If you perform the EXEC command show version, you will see that the new software release is currently running.

ons15190#show version

   System uptime:       18:00:15.014
   System time:         THU MAR 15 10:44:11 2001
   Name:                ons15190
   Description:         Description
   Location:            Location
   Contact:             
 
Running image:
   Release:             3.0
   Created on:          Fri Mar 09 03:22:03 2001
   Created by:          Cisco Systems
   Length:              1099879
   Signature:           0x21143E04
   Software build:      Private
   Software created on: Mar  9 2001, 03:14:26
   Bootstrap version:   3.0
 
Backplane info:
   Description:        ons15190 series chassis
   Catalog number:     ons15190
   Serial number:      1377-004
   Board version:      B1
 
PEM 1:
   Status:             Faulty
   Description:        POWER ENTRY MODULE CARD WITH SWITCH
   Catalog number:     RS-PEM-SWT
   Serial number:      1175-078
   Board version:      C1
 
PEM 2:
   Status:             Operational
   Description:        POWER ENTRY MODULE CARD WITH SWITCH
   Catalog number:     RS-PEM-SWT
   Serial number:      1175-072
   Board version:      C1
 
Fans:
   Fan 1 [Tray 1]:     Operational
   Fan 2 [Tray 1]:     Operational
   Fan 3 [Tray 1]:     Operational
   Fan 4 [Tray 1]:     Operational
   Fan 5 [Tray 1]:     Operational
   Fan 6 [Tray 1]:     Operational

The software download procedure is now successfully completed.

Upgrade from Release 1.x

To update the software on your ONS 15190 to Release 3.x from Release 1.x, do the following:

Step 1 Reset the active controller card, before beginning the software download, with the command: system reset. This may result in a subsequent reset of the standby controller as well. When the controller(s) have completed the reset, you may continue to Step 2.

Step 2 Download the new software image file into the ONS 15190. You need the TFTP server IP address where the file is located, as well as the name of the file. For example:

admin> tftp get 192.168.10.27 ver30 image

    Retrieving 192.168.10.27:ver1028... 2.18MB Done.
Release   :  3.0
Created by:  Cisco Systems
Created on:  Tue Feb 01 01:21:56 2000
Are you sure? y
Storing image ...100%.
Validating image Done.
Updating image information (might take a while) Done.
Synchronizing image...
waiting for standby controller to save image information....
........image synchronized              OK
done

In this example, the TFTP server IP address is 192.168.10.27, and the remote file name of the software update is ver3.0.

Step 3 Enter y when prompted for the release to be downloaded. When the download is complete, the file is stored within the Flash memory of both controller cards of the ONS 15190, but is not the currently running release of the software.

Step 4 Perform a system reset to run the newer release of the software. This reset may be done via the management software (as in the following example) or physically.

admin> sys reset

Controller will be reset.
Are you sure? y
bye
User Name:
Password:
admin>

When the system is reset, communication will be lost to the controller. The following occurs:

If you are connected via RS-232, notification of the lost communication is displayed on the screen
If you are connected via telnet, the connection will just stop functioning. You will need to log into the system again.

When the system reboots, the now active controller (which was previously the standby controller) will still be running the old software release. However, the standby controller will be running the new software release. Perform the command system show info, to see that the old software release is currently running. For example:

admin> system show info

  System uptime:    0:08:02.363
  Name:             ONS 15190
  Description:      Lab at Cisco Systems
  Location: 
  Contact:          
Running image:  
  Release:           1.0.23
  Created on:        Wed Jan 19 21:14:46 2000
  Created by:        Cisco Systems
  Length:            2282376
  Signature:         0xEF2BE4F6
  Software version:  Build 23
  Software built on: Jan 19 2000, 21:13:45  
  Bootstrap version: 3.0
Stored image:  
  Release:           3.0
  Created on:        Tue Feb 01 01:21:56 2000
  Created by:        Cisco Systems
  Length:            2290824
  Signature:         0x4E034E21

Note that the stored release is 3.0, but the current running software release is only release 1.0.23.

Step 5 Perform a system reset once again in order to complete the procedure so that the new release will be running on the active controller card. This reset will transfer control back to the original active controller which is already running the new release. The standby controller will now be reset to the new release as well. Once again, communication to the controller will be lost.

Step 6 Log into the system again via the console interface. When the system boots, it will be running Release 3.0. The software download procedure is now successfully completed.

Step 7 Before you can access the box via Telnet you will need to configure the security parameters. (See "Starting the ONS 15190.")

Uninstalling Software

If you must revert to a previous release of the software, do the following:

Step 1 Use the command erase nvram:.

Step 2 Download the software image file into the ONS 15190. You need the TFTP server IP address where the file is located, as well as the name of the file, as in the following example:

ons15190#copy tftp:\\192.168.10.27\ver25 flash:

In this example, the TFTP server IP address is 192.168.10.27, and the remote filename of the software upgrade is ver25.

Step 3 When the image is downloaded and running on your system, you must either download a previously saved release of the configuration file, or execute the command system set factory-default. The factory default will provide a blank configuration for which you to begin defining your own configuration definitions.
To download a previously saved version of the configuration file, use the command tftp get IP fname conf, where IP is the IP address where you have saved the configuration file, and fname is the name of the file.

Step 4 Power down the unit and restart before beginning to work with the new software release.

Displaying System Information

Displaying system information is described in the following sections:

Viewing Configuration Information

To display the running configuration on the box, use the show running-config privileged EXEC command.

ons15190#show running-config

Building configuration...
 
Current configuration:
!
hostname ons15190
!
aaa authentication login default none
enable secret 5 $1$6uRK$n.JCMrZiWP2sQ1VpMVEH3/
!
!
banner motd "Welcome to our ONS 15190"
!
eips enable
!
interface Ethernet 0
 ip address 192.168.3.1 255.255.255.192
!
ip default-gateway 192.168.19.1
ip domain-name cisco.com
ip name-server 172.16.3.1 10.3.2.1
!
pathtrace-mode pos transparent
pathtrace-mode sniff transparent
no pathtrace-mode srp transparent
no pathtrace-mode raw transparent
!
logging console warnings
logging maint warnings
logging buffered warnings
logging trap notifications
logging monitor errors
logging host 192.168.19.33
!
sntp server 172.31.34.2 time-zone +3:00:00
!
snmp-server enable traps
!
!
!
line console 0
 exec-timeout 0
 speed 9600
line maint 0
 exec-timeout 0
 speed 9600
line vty 0 4
 exec-timeout 0
!
end
rconf
 node create srp-outer GSR_Left L1/1  oc48
 node GSR_Left set ais never
 node create srp-outer GSR_Back_Right L1/2  oc48
 node GSR_Back_Right set ais never
 node create srp-outer GSR_Back_Left L2/1  oc48
 node GSR_Back_Left set ais never
 node create srp-outer GSR_Right L2/2  oc48
 node GSR_Right set ais never
 ring create Outer@Rita outer
 ring Outer@Rita nodes GSR_Right GSR_Back_Right GSR_Left GSR_Back_Left
!

To display information that is relevant to node and ring configurations in the current running configuration, use the display running rconf configuration command as shown in the following example:

ons15190#rconf

ons15190(rconf)#display running

Applied connection configuration:
 
Sniff configuration:
 
   Sniffer              Interface  Sniffed node         Interface 
   -------------------- ---------- -------------------- ----------
   No sniffer nodes.
 
POS connections:
 
   Node                 IP Address      Interfaces     Type Other         
   -------------------- --------------- -------------- ---- -------------------
   PoSiTiOn25                           L5/3           OC12                   
   pOsItIoN26                           L1/2           OC12                   
 
Ring configuration (nodes in order of outer ring):
 
   AB Rings:
   Ring Name  Nodes                IP Address      A    B    Type Other    
   ---------- -------------------- --------------- ---- ---- ---- -------------
   Ramat-Gan  GSR_Right            20.1.4.2        L3/1 L4/2 OC48 
              GSR_Left             20.1.4.1        L2/1 L7/1 OC48 
              GSR_Back_Right       20.1.4.4        L6/2 L3/2 OC48 
              GSR_Back_Left        20.1.4.3        L7/2 L2/2 OC48 
   PILOT      Abi                                  L1/4 L5/2 OC12 Bypassed     
              Babi                                 L5/4 L8/2 OC12 Bypassed     
              Gabi                                 L8/1 L1/3 OC12 Bypassed     
              Dabi                                 L8/3 L5/1 OC12 Bypassed     
   No Inner rings defined.
   No Outer rings defined.
 
   Free SRP/Fiber nodes:
     No Free AB nodes.
     No Free Inner nodes.
     No Free Outer nodes.
     No Free Fiber nodes.

If you are in the process of defining a new configuration and want to view it even though it has not been applied yet, use the display draft rconf configuration command. If you have made no changes to the running configuration, the draft and running configurations will be identical.

Verifying Traffic

To verify that traffic is flowing properly through the ONS 15190, use the show interfaces data command.

ons15190#show interfaces data total frames

POS accumulated frames statistics:
 
Interface              RX Frames                    TX Frames
---------- ------------------------ ----------------------------
L1/1                    791,141,661                  922,778,031
L1/2                    793,961,106                  795,007,415
L2/1                  2,850,705,194                5,004,929,139
L2/2                    794,423,993                  795,574,350
L3/1                    791,460,612                  790,881,477
L3/2                    795,417,207                  793,966,035
L4/1                  2,850,705,193                5,004,929,139
L4/2                  2,088,166,454                  547,246,894
L6/1                  5,004,929,150                2,850,705,205
L6/2                    547,246,904                2,088,166,483
L7/1                    790,861,006                1,556,551,265
L7/2                  5,004,867,415                2,850,065,459
L8/1                    791,523,330                  791,129,489
L8/2                    795,574,406                  794,424,048

The number of bytes or frames being transmitted and received by the various interfaces is displayed.

Viewing the Interface Settings

To display information concerning individual interfaces, use the show interfaces EXEC command. To use the this command, specify the name of the interface (for example, L1.1, L8.4). If no interface is specified, the status of all interfaces is displayed. The following example shows the status of all interfaces:

ons15190#show interfaces

Interfaces State  Type     Link Side AIS Conf Cur AIS Other
---------- ------ -------- ---- ---- -------- ------- -----
L1/1       Oper   OC12     Up    A   Never
L1/2       Oper   OC12     Up    A   Never
L3/1       Oper   OC12     Up    B   Never
L3/2       Oper   OC12     Up    B   Never
L4/1       Oper   OC12     Down      Never
L4/2       Oper   OC12     Up    A   Never
L5/1       Oper   OC12     Up    B   Never
L5/2       Oper   OC12     Up    A   Never
L7/1       Oper   OC12     Up    B   Never
L7/2       Oper   OC12     Up    A   Never 
L8/1       Oper   OC12     Down      Never 
L8/2       Oper   OC12     Up    B   Never

Note The show interfaces command only displays interfaces that are physically present in the system.

All configuration information is retained by the node and not the particular interface. To change any node settings, use the node set rconf configuration command. If the node is moved to a different interface, the settings move with the node.

Viewing and Changing Card Settings

Use the show hw-module command to display information about a specific line or switch card. The following example illustrates the status of card L1:

ons15190#show hw-module slot l1

Line Card 1:
 
   Subtype:            Single Mode IR SC OC12c/STM4 SRP line card w/2 ports
   # of interfaces:    2
   State:              Operational
 
   Catalog number:     OC12/STM4-SM-IR-SRP
   Serial number:      1086-003
   Board version:      B0
 
   Temperature Status: Normal
   Temperature 1:      38.5 degC (101.3 degF)
   Temperature 2:      27.5 degC (81.5 degF)

To reset a card, use the hw-module slot reload privileged EXEC command. Specify the card to be reset as one of the following: C1, C2, L1 to L8, S1 to S5.

Troubleshooting Configuration Problems

Descriptions of typical problems and what to do when they are encountered are presented in the following sections:

Multiple A/B Interfaces Connected to Same Card

Warning: Sides A of both node1 and node2 are attached to the same line card (L1).

Explanation A two-interface line card (for example, L1) carries two A (Transmit Outer/Receive Inner) or two B (Receive Outer/Transmit Inner) connections, and one of the following commands was executed: display running (rconf configuration), show rconf running (EXEC), autoconnect (privileged EXEC), node autodetect (rconf configuration).

Action Node1 and node2 are the names of the nodes. It is recommended that you physically change the connections so that a line card has only one A and one B connection in order to allow better system resilience. However, even if you do not change the connections, the ring will still be functional.

Note This error message is only relevant to two-interface line cards.

Node Detected on Multiple Interfaces

Side A of node node-name was detected on multiple interfaces L1/1, L2/2, ignoring.

Explanation The side of an SRP node is defined as being on two different interfaces.

Action The multiple interfaces are listed in the error message. Determine the correct connection and correct the definition. You can also receive this message if the path trace messages are displayed incorrectly. Verify that you are in normal mode by executing the command no pathtrace-mode srp transparent.

Node node-name was detected on multiple interfaces L1/1, L2/1, ignoring.

Explanation The side of a POS node is defined as being on two different interfaces.

Action The multiple interfaces are listed. You should determine the correct connection and correct the definition. You may receive this message if the path trace messages are not being displayed correctly. Verify that you are in normal mode by executing the command no pathtrace-mode pos transparent.

SRP Node Detected on Single Interface

Node NODE is connected only to interface L1/1.

Explanation SRP nodes must be connected to two ONS 15190 interfaces. In this case, only one interface is detected.

Action Connect both interfaces of the node to the ONS 15190. If the node is actually a combination of several nodes, it must be defined manually. Also verify that the speed of all interfaces corresponds correctly with the speed of the node: either OC-12c/STM-4 or OC-48c/STM-16.

Same IP Address for Multiple Nodes

Discarding the following nodes due to identical IP address xxx.xxx.xx.xxx. SRP/POS node node connected to interface L1/1 L2/2

Explanation A single IP address was detected for multiple nodes.

Action A separate message is displayed for each node detected with the stated IP address. Reconfigure the nodes to have different IP addresses.

Lost Node

Node node-name was not detected, discarding. Discarding pos connection of node node1 to node node2. Discarding sniff connection of sniffer node node1 to sniffed node node2.

Explanation One of the commands autoconnect (privileged EXEC) or node autodetect (rconf configuration) was executed, and a previously detected node was not now detected. If the node is a pos or sniff node, the error message also indicates that it will be discarded.

Action Node, node1, and node2 are the node names. If this node is still connected, verify that the connections are secure.

Node Definition Conflict

Discarding user node node1 due to conflict with detected node node2.

Explanation There is a conflict between a user-defined node and an automatically detected node.

Action Verify the node definitions and connections.

Same Name for Multiple Nodes

Detected duplicated node name node1, resolving second node name to node2.

Explanation Multiple nodes are detected with the same name.

Action In this case, one of the nodes is automatically renamed to node2.

Multiple Sniff Nodes Connected

ERROR: More than one sniff connection exists.

Explanation Two or more sniff connections were defined using the command sniff connect (rconf configuration).

Action Disconnect multiple sniff connections. Only one sniff connection can be defined at any one time.

Telnet Session Timeouts

To specify a session timeout value for the telnet session, use the exec-timeout minutes line configuration command. A value of 0 for the parameter minutes corresponds to never.

Forgotten Password

If you forget your password, perform the following procedure to return the password value to its default:

Step 1 Connect the UART password key (provided with the ONS 15190) loopback on the MAINT RS-232C interface of the active controller.

Step 2 Log in from the Console RS-232C interface using the string !PeNtA$(* as your password.

Step 3 Enter privileged EXEC mode by executing the enable command and using the string !PeNtA$(* as your password.

Step 4 Enter configuration mode by executing the configure terminal command.

Step 5 Define a new enable secret by executing the enable secret command.

Figure 5-5: UART Password Key

At this point you are logged in to the system and should have changed the enable password. For login information, see the section "Configuring Network Parameters" in this chapter.

Note Do not leave the UART password key plugged into the MAINT port. In addition to being a security hazard, the software will not run if the system is powered down and powered back up again.

Table of Contents

Configuring the ONS 15190