|
|
The ONS 15194 is configured and controlled using an IOS-like command line interface (CLI) language. This chapter describes typical configuration scenarios and provides examples for the most common tasks. (For a complete description of all CLI commands used to control the ONS 15194, see the chapter "Command Line Interface Reference.")
Configuring the ONS 15194 is presented in the following sections:
The basic concept of nodes and rings used in this documentation are described in the following sections:
The basic configurable unit in the ONS 15194 is a node. A node reflects the characteristics of the external device that is connected to the ONS 15194 interface using fiber-optic cables. External devices are typically routers, but can also be other ONS 15194s or other SONET/SDH equipment such as ADMs. An example of a node is the A and B interfaces of an SRP line card on a router. Another example is a POS interface on a router.
You can either manually define nodes or let the ONS 15194 automatically detect them. The primary action performed on nodes, after they are defined, is to interconnect them. The way in which this is done depends on the types of nodes used. The following nodes are supported by the ONS 15194:
Although a node describes the characteristics of an external device, a node can be logically defined before the device is actually connected to the ONS 15194 or even before the line card supporting the node is present on the ONS 15194. A detailed description of the various types of nodes is presented later in this chapter.
The rconf configuration mode is used for defining and connecting nodes. It contains a rich variety of commands that assist in configuring the ONS 15194 while causing minimal impact to existing traffic. The ONS 15194 automatically detects nodes, assists in forming valid connections and aids in avoiding user errors. Two concepts are central to understanding the use of the rconf configuration mode: draft configurations and running configurations.
The running configuration pertains to both rconf configuration commands as well as other configuration commands. The draft configuration only relates to rconf configuration commands.
All rconf commands, except for the apply command, modify only the draft configuration. After you prepare all the elements of the desired configuration in the draft configuration, you can copy it or apply it to the running configuration using the apply command. Because the results of multiple configuration commands are applied to the hardware at one time, minimal traffic disruption occurs. Following is a short description of the diverse options available in the rconf configuration mode:
In rconf configuration mode the user has two options to begin defining a new draft configuration:
Before the ONS 15194 can be accessed via the network (SSH or Telnet), you must configure the networking parameters via direct RS-232C serial connection (console interface) and define the enable secret password. The easiest way to perform these operations is to use the setup privileged EXEC command. The setup wizard prompts you to provide the necessary information as shown in the following example. User-supplied information is in bold.
ons15194> enable
ons15194# setup
--- System Configuration Dialog ---
Refer to the 'ONS 15194 documentation' Guide for additional help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog?[yes]:yes
Configuring global parameters:
Enter host name [ons15194]:my-srp-hub
The enable secret is a one-way cryptographic secret.
Enter enable secret:wtkl
Configuring interface Ethernet0:
Is this interface in use? [yes]:yes
IP address for this interface [192.168.10.1]:192.168.10.1
Number of bits in subnet field [8]:8
8 subnet bits; mask is 255.255.255.0
Start SRP/POS nodes discovery procedure[yes]:yes
Ring configuration (nodes in order of outer ring):
AB Ring: default
Node IP Address A B Type Other
------------------------ --------------- ---- ---- ---- -------------
Gidon 20.1.4.8 L4/1 L1/1 OC48
Gil 20.1.5.2 L4/5 L1/7 OC48
Giora 20.1.4.2 L2/1 L4/2 OC48
Gidon-002 20.1.5.3 L2/7 L2/4 OC48
Golan 20.1.4.6 L3/5 L3/1 OC48
No Outer rings defined.
No Inner rings defined.
No free nodes.
Apply configuration? y
Building configuration...
[OK]
After you enter the IP networking parameters and the enable secret, you are prompted to perform an autoconnect (start SRP/POS nodes discovery procedure):
The ONS 15194 then displays the configuration and prompts you to use this configuration.
 |
Note Any changes made to the running configuration must be saved to the startup configuration file, so that when the ONS 15194 is rebooted, the changes will remain in effect. This is also necessary to provide controller redundancy. To do this, use either the copy running-config startup-config command or the write command. |
If you prefer to manually define the network parameters or enable secret password, follow the instructions in the following sections:
To manually enter the networking parameters, enter interface command mode for the Ethernet interface and use the ip address command to set the IP address and subnet mask of the ONS 15194, as follows:
ons15194> enable
ons15194# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ons15194(config)# interface ethernet 0
ons15194(config-if)# ip address 10.52.19.23 255.255.255.192
In the ip address command, the first string is the IP address, and the second string is the subnet mask.
To set the default gateway, use the ip default-gateway global configuration command, as shown in the following example:
ons15194(config-if)# exit
ons15194(config)# ip default-gateway 10.52.19.1
Now, the ONS 15194 can be accessed over a network at the given IP address.
By default, authentication, authorization and accounting (AAA) is enabled in the ONS 15194. Before you configure the AAA parameters, you must access the ONS 15194 via the console interface. When you attempt to log in to the ONS 15194 via SSH or Telnet, you will be prompted for a password. The default password is the enable secret password. To override the use of the enable secret password and specify a TACACS+ server for authentication to the ONS 15194, use the aaa authentication login command .
When you receive your ONS 15194, there is no password defined to allow you to enter the privileged EXEC mode. Because many of the privileged commands set operating parameters, privileged access should be password-protected to prevent unauthorized use. After a password is configured with the enable secret global configuration command, users are prompted to enter it before being allowed access to privileged EXEC mode. To enable a password, use the enable secret command as shown in the following example:
ons15194> enable
ons15194# config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
ons15194(config)#enable secret xxxxxx
The string xxxxxx is any valid alphanumeric string and is case-sensitive.
|
Note If there is no enable secret password defined, the ONS 15194 can only be accessed via the console interface. Access via SSH and Telnet is disabled in this case. |
Authentication, authorization and accounting (AAA) is described in the following sections:
AAA authentication is used to restrict access to log in to the ONS 15194 or privileged EXEC command level. AAA authorization limits the use of specific commands according to user, by using the information retrieved from the user's profile on the TACACS+ security server. AAA accounting enables you to track the services users are accessing as well as the amount of network resources they are consuming. When AAA accounting is enabled, the network security server receives reports from the ONS 15194 regarding user activity in the form of accounting records. These records are saved at the security server and can be analyzed for network management purposes.
AAA is automatically enabled on the ONS 15194 and you can configure the security configuration to work with or without a TACACS+ server. Use of a TACACS+ server provides much more flexibility in terms of AAA security configurations.
By default, the ONS 15194 is set to work without a TACACS+ server, and the default login password is the same as the enable secret password. Because of this, you cannot log into the ONS 15194 via a network connection (SSH or Telnet) until the enable secret password has been defined or the AAA configurations have been changed from their default. See "Password for Privileged EXEC" for more information on defining the enable secret password.
|
Note Use of a TACACS+ server is the only security method provided on the ONS 15194 that allows authentication, authorization and accounting (AAA) definitions by specific user. Authorization can only be defined with the use of a TACACS+ server. |
|
Note For a complete description of the AAA Cisco model and TACACS+ server functionality, see the Cisco IOS Security Configuration Guide. |
There are two options of AAA security configuration without using a TACACS+ server:
In both of these scenarios, the password (the enable secret) is per ONS 15194 and not dependant on the specific user being authenticated.
For authentication commands, you can specify more than one authentication method, in case the first method can not be used. For example, if the enable secret has not been defined, using the above commands will not provide access to the ONS 15194. The following commands will allow access even if the enable secret has not been set:
aaa authentication login default enable none
aaa authentication enable default enable none
In this example, authentication only reverts to none if there is no enable secret defined on the ONS 15194. If the user fails to provide the correctly defined enable secret, authentication fails.
To configure security on the ONS 15194 using AAA with TACACS+, follow this process. For more specific information, refer to the command syntax in "Command Line Interface Reference."
1. Use the tacacs-server host command to configure the security parameters for the TACACS+ server. It is advisable to provide more than one server, in the event that the first server is down.
2. Define the method lists for authentication by using the aaa authentication login and aaa authentication enable commands. If you are using a TACACS+ server for authentication, you should provide a second method of authentication (such as enable or none), in the event that the TACACS+ server is down.
3. Optional. Configure authorization using the aaa authorization commands or aaa authorization config-commands commands. You must be logged in to the ONS 15194 as an authenticated user in order to successfully define AAA authorizations.
Make special note of the following items before configuring AAA on the ONS 15194:
The following example shows a sample AAA authentication configuration:
ons15194(config)# tacacs-server host 10.52.19.44
ons15194(config)# tacacs-server host 10.52.19.47 key SpecialKey
ons15194(config)# tacacs-server host 10.52.19.51
ons15194(config)# tacacs-server key myTacacsPassWord
ons15194(config)# tacacs-server timeout 15
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa authentication enable default tacacs+ enable
This example specifies:
After authentication has been configured, you must log out of the ONS 15194 and log in as an authenticated user before configuring the AAA authorization. The following example shows a sample AAA authorization configuration:
ons15194(config)# aaa authorization commands 1 default tacacs+ if-authenticated
ons15194(config)# aaa authorization commands 15 default tacacs+ if-authenticated
ons15194(config)# aaa authorization config-commands
This example specifies:
Each authentication and authorization command should list several methods to be used if the first method returns an error. Subsequent methods are only used if an error is received; if the previous method fails, authentication or authorization is denied.
There are three types of accounting methods supported on the ONS 15194:
The only accounting method supported on the ONS 15194 is TACACS+. The ONS 15194 reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.
There are two accounting record types implemented on the ONS 15194:
Before you can use the accounting features on the ONS 15194, you must configure a TACACS+ server. After AAA accounting is configured on the ONS 15194, the accounting records are saved for all active SSH, Telnet and console sessions.
Following are example AAA accounting configuration scripts. The server IP address and key are examples only; you must provide your own IP address and key.
Use the following commands to configure system accounting using the start-stop record type:
ons15194(config)# tacacs-server host 11.61.12.105
ons15194(config)# tacacs-server key abc13
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa accounting system default start-stop tacacs+
Use the following commands to configure exec accounting using stop-only record type:
ons15194(config)# tacacs-server host 11.61.12.105
ons15194(config)# tacacs-server key abc13
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa accounting exec default stop-only tacacs+
Use the following commands to configure the accounting for level 1 commands using start-stop record type (level 1 commands relate to all user EXEC commands):
ons15194(config)# tacacs-server host 11.61.12.105
ons15194(config)# tacacs-server key abc13
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa accounting commands 1 default start-stop tacacs+
Use the following commands to configure the accounting for level 15 commands using start-stop record type (level 15 commands relate to all EXEC privileged commands including configuration commands):
ons15194(config)# tacacs-server host 11.61.12.105
ons15194(config)# tacacs-server key abc13
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa accounting commands 15 default start-stop tacacs+
Use the following commands to configure the accounting for all commands using stop-only record type, system and exec accounting using the start-stop record type:
ons15194(config)# tacacs-server host 11.61.12.105
ons15194(config)# tacacs-server key abc13
ons15194(config)# aaa authentication login default tacacs+ enable
ons15194(config)# aaa accounting commands 1 default stop-only tacacs+
ons15194(config)# aaa accounting commands 15 default stop-only tacacs+
ons15194(config)# aaa accounting exec default start-stop tacacs+
ons15194(config)# aaa accounting system default start-stop tacacs+
The ONS 15194 configuration is described in the following sections:
|
Note Any changes made to the running configuration must be saved to the startup configuration file, so that when the ONS 15194 is rebooted, the changes will remain in effect. To do this, use either the copy running-config startup-config command or the write command. |
|
Note Any configuration changes made in rconf mode must be saved to the running configuration by using the apply command. See "Command Modes" in "Command Line Interface Reference" for information on the rconf command mode. |
The recommended way to configure the ONS 15194 for SRP use is with the autoconnect-to-draft rconf configuration command, after the various nodes are physically connected to the ONS 15194. The ONS 15194 will determine all physical connections, configure them into a ring, and then display them in table format for you to see. If you are satisfied with the configuration results, use the apply command to save the draft configuration to the running configuration.
ons15194# rconf
ons15194(rconf)# autoconnect-to-draft
Ring configuration (nodes in order of outer ring):
AB Ring: default
Node IP Address A B Type Other
------------------------ --------------- ---- ---- ---- -------------
Gidon 20.1.4.8 L4/1 L1/1 OC48
Gil 20.1.5.2 L4/5 L1/7 OC48
Giora 20.1.4.2 L2/1 L4/2 OC48
Gidon-002 20.1.5.3 L2/7 L2/4 OC48
Golan 20.1.4.6 L3/5 L3/1 OC48
No Outer rings defined.
No Inner rings defined.
No free nodes.
ons15194(rconf)# apply
Configuration applied.
If warning messages are displayed when you use the autoconnect command, see the section "Troubleshooting Configuration Problems" later in this chapter.
Figure 4-1 illustrates the ONS 15194 configured into one ring. Figure 4-2 illustrates two rings configured from the devices connected to a single ONS 15194. Each line in these figures represents a pair of fiber-optic cables.
|
Note The autoconnect-to-draft command does not connect non-SRP nodes. |
To perform automatic connection of srp-inner or srp-outer nodes connected to two redundant ONS 15194s, use the io-autoconnect-to-draft privileged EXEC command on both ONS 15194s.
The creation and configuration of SRP rings is presented in the following sections:
In most instances, the autoconnect feature successfully identifies all connected nodes and configures the ring correctly. Sometimes, however, manual adjustments might need to be made. If all nodes are correctly identified, and you need to reconfigure the ring(s), see the section "Creating SRP Rings". If you need to add nodes to the ring after the ring is configured, you can manually configure the individual nodes and then connect them to the existing ring with the node autodetect command using the unassigned keyword or with the ring connect command.
All node and ring definitions are done in rconf mode. Enter rconf mode from privileged EXEC mode by using the rconf command.
To manually configure an SRP node, you must first define the node by using the node create rconf configuration command. Specify the name and type of the node you are creating and the specific interface in the ONS 15194 line card to which it is attached, as in the following example:
ons15194# rconf
ons15194(rconf)# node create srp ny L1/1 L2/1
OC48 SRP node ny created.
SRP is the node type; ny is the node name; L1/1 is the A interface of the node; L2/1 is the B interface of the node. This node definition is made for each node connected to the ONS 15194 unless the autoconnect command is used.
ons15194(rconf)# node create srp phili L1/2 L3/1
OC48 SRP node phili created.
ons15194(rconf) node create srp boston L2/2 L3/2
OC48 SRP node boston created.
ons15194(rconf)# node create srp hartford L4/1 L5/1
OC48 SRP node hartford created.
ons15194(rconf)# node create srp baltimore L4/2 L6/1
OC48 SRP node baltimore created.
Other possible node types are APS, fiber, POS, sniff, and SRP inner/outer (for configuring two redundant ONS 15194s). If no node type is specified, SRP is the default. For more information on the specific syntax for each node type, see the chapter "Command Line Interface Reference."
After you define the individual nodes, you can configure logical rings by using the various ring rconf configuration commands. To define a new ring, use the ring create command as in the following example:
ons15194(rconf)# ring create control1
SRP ring control1 created.
The ring control1 is created. Now the specific nodes must be added to this new ring. To add a number of nodes to a new ring, use the ring node-list command, as illustrated in the following example:
ons15194(rconf)# ring control1 node-list
Ring r1 node list cleared.
Enter '?' at any point for help. Use 'Ctrl-Z' to complete ring configuration.
Use 'Ctrl-T' to view current node list.
node: ny
Node ny connected.
node: phili
Node phili connected.
node: boston
Node boston connected.
node: hartford
Node hartford connected.
node: <Ctrl-T>
ons15194(rconf)#
Using the ring node-list command, each node is added following the previous node. To add all free nodes into a single ring, with no specific order, use the ring connect command as illustrated in the following example:
ons15194(rconf)# ring control1 connect all
The ring connect command can also be used to connect a single node to a particular location in the ring, or reorder the nodes in the ring. The following example adds the node baltimore after the node phili:
ons15194(rconf)# ring control1 connect baltimore after phili
To take advantage of the available APS features for POS, the ONS 15194 must be connected to devices that support APS. You should configure any such devices (for example, GSR, ADM), so that one connection is defined as the working link (W) and the other as the protection link (P). Also determine to which interface each of these connections is physically connected in the ONS 15194.
ONS 15194 APS functionality is compliant with Bellcore GR-253 and ITU-T G.783.
To configure a particular node to be defined for linear APS, use the command node create as in the following example:
ons15194(rconf)# node create aps xxx l7/1 l8/1
OC48 APS node xxx created.
In this example, the W link of node xxx is connected to L7/1, and the P link is connected to L8/1. By default, the APS mode is set to be bidirectional, SONET, and nonrevertive, as can be displayed by using the show node EXEC command as in the following example:
ons15194# show node xxx
Node xxx:
Type: APS
W-Interface: L7/1
P-Interface: L8/1
APS Mode: Bidirectional
Switching: Non-revertive
Int Type: OC48
Mode: SONET
Clock Source: Internal
SD Threshold: 1e-6
SF Threshold: 1e-3
AIS Setting: Auto
Current configuration not yet applied.
Bidirectional nodes always use the same link (P or W). You should always use the bidirectional setting for nodes that are interacting with APS nodes or routers. When a node is nonrevertive, control remains wherever it is as long as the link is functional. For revertive nodes, control always returns to the working link as soon as the link is functional again.
To display the current status of the APS node named xxx, use the show aps node EXEC command as in the following example.The status indicates whether the working or protect link is active and whether there is a problem on either of the links.
ons15194# show aps node xxx
APS_NODE:xxx sonet bidir nonRevertive active: W
HIGHEST-REQUEST: NoRequest(Local) ch:0
KBYTES: RxK1:0 TxK1:0 RxK2:5 TxK2:5
REQUESTS(local):
ALARMS:
In this example, the W link is currently active, and the APS status is normal.
If there is a problem on the active link, and control is switched to the protect link, a status message appears, as in the following example:
ons15194# show aps node xxx
APS_NODE:xxx sonet bidir nonRevertive active: P
HIGHEST-REQUEST: SignalFail(Local) ch:1
KBYTES: RxK1:21 TxK1:c1 RxK2:15 TxK2:15
REQUESTS(local): SignalFail(ch:1)
ALARMS:
Here, due to a signal failure on the working link, the protect link took over and is now active. The node is defined as nonrevertive, so even when the working link is back up, the protect link will remain active as long as this link is operational.
The ONS 15194 can be used to connect various POS or APS nodes. Create POS or APS nodes using the node create rconf configuration command and connect them together using the pos connect rconf configuration command.
In the following example, two POS nodes, pos1 and pos2, are defined and connected to each other.
ons15194(rconf)# node create pos pos1 l5/2
OC48 POS node pos1 created.
ons15194(rconf)# node create pos pos2 l6/2
OC48 POS node pos2 created.
ons15194(rconf)# pos connect pos1 pos2
Nodes connected.
You can connect an external analyzer to the ONS 15194 to analyze any connected node. Physically connect the analyzer to an open interface and define it as a sniff node using the node create rconf configuration command, as in the following example:
ons15194(rconf)# node create sniff sniff-2 l5/2
OC48 Sniff node sniff-2 created.
In this example, sniff-2 is the name of the sniff node and L5/2 is its interface.
The following example configures the node sniff-2 to monitor all received traffic passing through the A side of SRP node ny:
ons15194(rconf)# sniff connect sniff-2 ny a-rx
Sniffer connected.
The definition of which interface to monitor depends on the node type. Valid values are given in Table 4-1:
| Sniffed Node Interface | Description |
|---|---|
a-rx | A side, Rx1 of SRP node |
a-tx | A side, Tx of SRP node |
b-rx | B side, Rx of SRP node |
b-tx | B side, Tx of SRP node |
w-rx | Working link, Rx of APS node |
w-rx | Working link, Tx of APS node |
p-rx | Protection link, Rx of APS node |
p-tx | Protection link, Tx of APS node |
rx | Rx of POS, SRP-inner, or SRP-outer node |
tx | Tx of POS, SRP-inner, or SRP-outer node |
| 1The rx/tx indications are from the viewpoint of the node. For example, if b-rx is indicated for an SRP node, the stream going from the ONS 15194 to the B-side of the node will be monitored. |
|
Note Only one node at any one time can be defined as a sniff node. |
Two ONS 15194s can operate in an "inner-outer" fiber topology by connecting all inner SRP ring fibers to one ONS 15194 and all outer SRP ring fibers to another ONS 15194. Such a connection, in conjunction with the SRR protocol on the SRP nodes, provides ONS 15194 system redundancy.
To configure this scenario, all configuration commands related to such nodes must be performed on both ONS 15194s in order for them to operate correctly. If a command, such as a ring definition, is defined on only one ONS 15194, the configuration will be incomplete, and results may be unpredictable.
In order to automatically configure two ONS 15194s that are to work with SRR, use the io-autoconnect privileged EXEC command on both ONS 15194s. The SRP rings will be defined from the inner and outer nodes in the same order in both ONS 15194s.
 |
Caution After you use the io-autoconnect command, verify that the order of the nodes in the rings is the same on both ONS 15194s. This is essential for correct functioning of the SRR protocol. |
If other configuration changes need to be performed, such as reordering the nodes in the ring, adding or removing nodes from the ring, or making parameter changes as described in the section Configuring Nodes, the commands must be executed on both ONS 15194s. When the configuration changes are complete, use the apply rconf configuration command on both ONS 15194s.
The EIPS functionality is disabled by default. When it is enabled, it applies to both A/B SRP rings and SRP-inner and SRP-outer rings.
If you are using SRP-inner and SRP-outer rings, enable the EIPS functionality using the eips enable rconf configuration command on both ONS 15194s. If the EIPS functionality is not enabled, and there is a failure in one of the ONS 15194s, a subsequent router failure will cause the ring to stop functioning.
The following node parameters can be set using the node set rconf configuration commands:
The following example configures node ny to always send AIS signals:
ons15194(rconf)# node ny set ais always
Node ny AIS setting set to Always.
The following example creates the APS node xxx and configures it to support revertive switching:
ons15194(rconf)# node create aps xxx l7/1 l8/1
OC48 APS node xxx created.
ons15194(rconf)# node xxx set switching revertive
Node xxx set to revertive, WTR = 5 minutes.
When the draft configuration is correctly set, you must apply the configuration for it to become the running configuration by using the apply command. This is applicable to all options set within the rconf configuration mode.
ons15194(rconf)# apply
Configuration applied
If the active controller is reset before the configuration is applied, the draft configuration will be lost. In addition, any changes made to the running configuration must be saved to the startup configuration file, so that when the ONS 15194 is rebooted the changes will remain in effect. To do this, use either the copy running-config startup-config or write command.
As long as you do not enter the apply command, you can discard all draft configuration changes by executing either the clear-draft or revert-to-running command.
|
Note If two ONS 15194s are being configured for redundancy, the configuration must be applied in both systems. |
If the number of nodes in the ring exceeds the available connections on the ONS 15194, or if you want to connect distant hubs together, it is possible to cascade multiple ONS 15194s together and configure all connected nodes into one ring.
To cascade two or more ONS 15194s together, do the following:
Step 1 Physically connect the ONS 15194s together with pairs of fiber-optic cables.
Each ONS 15194 is connected to the others using two pairs of cables: if two ONS 15194s are being connected, two pairs of cables are connected between the two ONS 15194s; if multiple ONS 15194s are being connected, one pair of cables connects each ONS 15194 to each of its neighboring ONS 15194s, such that each ONS 15194 is connected to two other ONS 15194s.
Step 2 Enter the autoconnect command on the first ONS 15194.
Step 3 Enter the write command on the first ONS 15194.
Step 4 Repeat steps 2 and 3 for each of the connected ONS 15194s, in the order that they are physically connected.
The ONS 15194s are now configured into the same ring. All nodes connected to any of the ONS 15194s are now contained within this ring. Figure 4-4 illustrates multiple ONS 15194s cascaded into one ring. Each line in the figure represents a pair of fiber-optic cables.
|
Note If a span of routers is connected to any of the ONS 15194s, both the span and the cascaded links to other ONS 15194s will need to be manually defined to be recognized by the ring of ONS 15194s. |
When cascading multiple ONS 15194s together, set the trace-mode for SRP nodes to normal (default) using the pathtrace-mode global configuration command.
The ONS 15194 has a Flash memory file system. The file system can be viewed or manipulated using the following privileged EXEC commands:
While the file system is designed to be an open file system that enables flexible manipulation of directories and files, the following guidelines should be followed:
A message of the day (MOTD) is displayed when you log into the ONS 15194. To create a new MOTD, use the banner motd global configuration command, as in the following example. The "%" sign is used to delimit the message; any character can be used.
ons15194(config)#banner motd %This is the message-of-the-day banner which will be
displayed%
The eight-interface OC-48c/STM-16 line cards are equipped with a laser power monitor. This feature allows you to verify the level of the laser as it enters the line card and the level of the laser as it is transmitted out. The input power which is read from the hardware, has a resolution of ±3.0 dBm. The output power is as read in the beginning of life (BOL) and has a resolution of ±3.0 dBm.
To display these power measurements for all interfaces, use the show interfaces laser privileged EXEC command as in the following example. To display the information for an individual interface, specify the interface.
ons15194# show interface laser
Port Type Output Power Input Power
---- ----- ------------ -----------------
L3/2 OC48 Laser ON Monitor not supported for port
L4/1 OC48 -13.2 No Rx signal (Link Down)
L4/2 OC48 -11.0 -24.0
L4/3 OC48 -12.4 higher than -18.0
L4/4 OC48 -12.0 lower than -32.0
The pathtrace-mode command allows you to set the path trace message (J1 byte of the SONET/SDH frame) of the ONS 15194 to be transparent for nodes of a specific type.
For example, if node A is connected to node B via the ONS 15194, in transparent mode, the pathtrace message transmitted by B will be that received by A and not that of the ONS 15194. In normal mode, the ONS 15194 transmits its own path trace message to each connected node. By default, SRP, SRP-inner, and SRP-outer nodes are set to normal trace-mode and POS, APS, and sniff nodes are set to transparent trace-mode.
To enable transparent path trace, use the pathtrace-mode global configuration command:
pathtrace-mode {pos | sniff | srp} transparent
To disable transparent path trace, use the no form of this command.
|
Note If fiber loops are present on the ONS 15194, the path trace mode must be set to normal for SRP nodes in order for features such as autoconnect, autotrack, and autodetect to function correctly. |
The autotrack command enables the tracking of nodes, when they are moved from one interface to another. This allows you to reorganize the optic-fiber connections to the ONS 15194, while retaining the internal node connections. Only nodes with valid pathtraces can be tracked. The autotrack option is enabled or disabled for the entire system (all trackable nodes), and is disabled by default.To enable the autotrack option, use the autotrack enable privileged EXEC command.
To use the autotrack functionality do the following:
Step 1 Use the autotrack enable command to turn on the autotrack option.
Step 2 Rearrange the fiber connections as necessary. Verify that the messages displayed to the screen correctly reflect the desired results.
Step 3 Use the autotrack disable command to turn off the autotrack option.
Step 4 Use the show running or show rconf running command to verify that the node connection configuration is correct.
Step 5 Use the write command to save the changes to the startup configuration.
The autotrack command should only be enabled for individual sessions. No changes can be made to the draft configuration while the autotrack option is enabled. You cannot enter the rconf configuration mode while the autotrack option is enabled. And when you enable the autotrack option, any unsaved changes to the draft configuration will be lost. When tracked nodes are moved between interfaces, messages are sent to the screen to indicate the changes.
To upgrade the software to a new release, do the following:
Step 1 Use the copy privileged EXEC command to copy the software image to the ONS 15194 Flash memory from one of the PCMCIA ATA Flash memory disks or a TFTP or FTP server.
|
Caution You cannot boot the ONS 15194 from an image file located on a PCMCIA disk. The file must be copied to the ONS 15194 Flash memory. |
Step 2 Use the boot system global configuration command to specify that the new software image be used to boot the system.
Step 3 Use the write privileged EXEC command to save the boot system configuration changes to the Flash memory.
Step 4 Use the show bootvar EXEC command to verify that the boot variable has been changed to be the new software image.
Step 5 Use the reload command to boot the controllers with the new software image. It will take a few minutes for both controllers to be reloaded.
Step 6 When the system reloads, use the show version command to verify that the new software image is running.
The following example illustrates the software upgrade procedure, where the software image file name is ons15194-10.bin.
ons15194# copy tftp://192.168.113.200/ons15194-10.bin flash:
Write file flash:/ons15194-10.bin [confirm]? y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1781458 bytes copied.
ons15194# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ons15194(config)# boot system flash:/ons15194-10.bin
ons15194(config)# end
ons15194# write
1115 bytes copied.
ons15194# show bootvar
BOOT variable = flash:/ons15194-10.bin
CONFIG_FILE variable =
ons15194# reload
Controller will be reset.
Are you sure? y
Software upgrade - reloading standby controller.
MON OCT 22 16:03:04 2001 [13:0] Reloading this controller.
This is Tac#1- the NTTacPlus security server. You are welcome.
Username: username
Password:
Login 'username' succeeded
ons15194> enable
Password:
onw15194# show version
System uptime: 0:01:01.804
System time: MON OCT 22 16:03:55 2001
Name: ons15194
Description:
Location:
Contact:
Running image:
File path: flash:/ons15194-10.bin
Release: 1.0
Created on: Wed Oct 17 21:00:54 2001
Created by: Cisco Systems
Length: 1781458
Signature: 0xC2DBA917
Software build: 1.0.24
Software created on: Oct 17 2001, 20:52:07
Bootstrap version: 1.2/20
Displaying system information is described in the following sections:
To display the running configuration of the ONS 15194, use the show running-config privileged EXEC command.
ons15194# show running-config
Building configuration...
Current configuration:
!
hostname ons15194
!
aaa authentication login default none
enable secret 5 $1$6uRK$n.JCMrZiWP2sQ1VpMVEH3/
!
!
banner motd "Welcome to our ONS 15194"
!
eips enable
!
interface Ethernet 0
ip address 192.168.3.1 255.255.255.192
!
ip default-gateway 192.168.19.1
ip domain-name cisco.com
ip name-server 172.16.3.1 10.3.2.1
!
pathtrace-mode pos transparent
pathtrace-mode sniff transparent
no pathtrace-mode srp transparent
!
logging console warnings
logging maint warnings
logging buffered warnings
logging trap notifications
logging monitor errors
logging host 192.168.19.33
!
sntp server 172.31.34.2 time-zone +3:00:00
!
snmp-server enable traps
!
line console 0
exec-timeout 0
speed 9600
line maint 0
exec-timeout 0
speed 9600
line vty 0 4
exec-timeout 0
!
end
rconf
node create srp-outer GSR_Left L1/1 oc48
node GSR_Left set ais never
node create srp-outer GSR_Back_Right L1/2 oc48
node GSR_Back_Right set ais never
node create srp-outer GSR_Back_Left L2/1 oc48
node GSR_Back_Left set ais never
node create srp-outer GSR_Right L2/2 oc48
node GSR_Right set ais never
ring create Outer@Rita outer
ring Outer@Rita nodes GSR_Right GSR_Back_Right GSR_Left GSR_Back_Left
!
To display information that is relevant to node and ring configurations in the current running configuration, use the display running rconf configuration command as shown in the following example:
ons15194# rconf
ons15194(rconf)# display running
Applied connection configuration:
Ring configuration (nodes in order of outer ring):
No AB rings defined.
Outer Ring: o-default
Nodes IP Address A B/O Type Other
------------------------ --------------- ---- ---- ---- -------------
O_Gidon-002 L2/8 OC48
O_Gil 20.1.5.3 L1/7 OC48
O_Giora L4/2 OC48
O_Gidon L1/1 OC48
O_Golan L1/2 OC48
O_Gilboa 20.1.4.6 L1/4 OC48
Inner Ring: i-default
Nodes IP Address A/I B Type Other
------------------------ --------------- ---- ---- ---- -------------
I_Gidon-002 L4/8 OC48
I_Gil L4/5 OC48
I_Giora 20.1.4.8 L2/1 OC48
I_Gidon L4/1 OC48
I_Golan L4/4 OC48
I_Gilboa 20.1.4.2 L2/2 OC48
No free nodes.
If you are in the process of defining a new configuration and want to view it even though it has not been applied yet, use the display draft rconf configuration command. If you made no changes to the draft configuration, the draft and running configurations will be identical.
To display the data statistics of traffic flowing through the ONS 15194, use the following commands:
The rate displayed in the show nodes data command is the net rate for the node, meaning that if more data is transmitted than recieved, the rate will be a positive value. Use the rate value to determine if data is being passed through the node, data is originating in the node, or data is exiting via the node. If the same amount of data is transmitted and received, the rate value should be equal to zero.
The following example shows sample output from the show nodes data command for a specific node:
ONS15194# show nodes data current rate gandi
Positive (negative) rate indicates that node is net source (sink)
2 min 24 second since interval start time.
Node Inner(Mbps) Outer(Mbps)
------------------------ ------------ ------------
Gandi 2,364.73 -2,364.72
The following example shows sample output from the show interfaces data command where the total accumulated data is displayed as frames:
ons15194# show interfaces data total frame
Accumulated frames statistics:
I/F Duration RX Frames TX Frames
---- -------------- --------------------------- ---------------------------
L1/1 6d, 04:16:54 5,147,209,686 5,148,596,371
L1/2 6d, 04:16:54 5,147,448,501 5,148,832,731
L1/3 6d, 04:16:54 5,145,650,114 5,151,118,539
L1/4 6d, 04:16:54 109,108,635,199 109,107,601,080
L1/5 6d, 04:16:54 5,178,402,640 5,146,570,003
L1/6 6d, 04:16:54 0 0
L1/7 6d, 04:16:54 0 0
L1/8 6d, 04:16:54 0 0
L2/1 6d, 04:16:54 5,148,842,738 5,147,335,053
L2/2 6d, 04:16:54 5,148,217,607 5,146,827,656
L2/3 6d, 04:16:54 5,151,109,288 5,145,764,302
L2/4 6d, 04:16:54 109,105,962,503 109,140,219,177
L2/5 6d, 04:16:54 5,148,597,112 5,147,210,426
The number of bytes or frames being transmitted and received by the various interfaces is displayed.
In addition to the data statistics that are saved to RAM memory each 15 minute interval for a period of 24 hours, the data statistics are also saved in Flash memory and synchronized between the redundant controllers. Each 15-minute interval of data is saved, up to a total of 2976 intervals (31 days). You can retrieve this Flash memory data using the copy interface-data-stats and copy node-data-stats commands that generate text files that can easily be imported into standard spreadsheet applications.
To display information concerning individual interfaces, use the show interfaces EXEC command. To use the this command, specify the name of the interface (for example, L1/1, L8/4). If no interface is specified, the status of all interfaces is displayed. The following example shows the status of all interfaces:
ons15194# show interfaces
Interfaces State Type Link Side AIS Conf Cur AIS Other
---------- ------ -------- ---- ---- -------- ------- -----
L1/1 Oper OC48 Up A Never
L1/2 Oper OC48 Up A Never
L3/1 Oper OC48 Up B Never
L3/2 Oper OC48 Up B Never
L4/1 Oper OC48 Down Never
L4/2 Oper OC48 Up A Never
L5/1 Oper OC48 Up B Never
L5/2 Oper OC48 Up A Never
L7/1 Oper OC48 Up B Never
L7/2 Oper OC48 Up A Never
L8/1 Oper OC48 Down Never
L8/2 Oper OC48 Up B Never
|
Note The show interfaces command only displays interfaces that are physically present in the ONS 15194. |
All configuration information is retained by the node and not the particular interface. To change any node settings, use the node set rconf configuration command. If the node is moved to a different interface, the settings move with the node.
Use the show hw-module command to display information about a specific line or switch card. The following example illustrates the status of card L1:
ons15194# show hw-module slot l1
Line Card 1:
Subtype: 8xOC48/8xSTM16, 8 SR, SM PORTS
# of interfaces: 8
State: Operational
Catalog number: OC48/STM16-8SR
Serial number: SAK0519001H
Board version: 02
Temperature Status: Normal
Temperature 1: 47.5 degC (117.5 degF)
Temperature 2: 43.5 degC (110.3 degF)
To reset a card, use the hw-module reload privileged EXEC command. Specify the card to be reset as one of the following: C1, C2, L1 to L8, S1 to S5.
The MOD LED on the line card indicates the status of the connection as described in Table 4-2:
| Node Type | LED Status | LED Color |
|---|---|---|
None | Off | NA |
SRP | On— Defined node is connected to a ring Blink—Defined node is not connected to a ring | Green—Local A interface, connected to B side of connected device Amber—Local B interface, connected to A side of connected device |
SRP-inner | On—Defined node is connected to a ring Blink—Defined node is not connected to a ring | Green—Outer node, Rx is connected to B side of connected device Amber—Inner node, Rx is connected to A side of connected device |
APS | On—Defined node is connected to another APS or POS node and is the selected APS link Blink—Defined node is not connected to another APS or POS node | Green—Working link Amber—Protection link |
POS | On—Defined node is connected to another APS or POS node Blink—Defined node is not connected to another APS or POS node | Green |
Descriptions of typical problems and what to do when they are encountered are presented in the following sections:
Error Message Side A of node node-name was detected on multiple interfaces L1/1, L2/2, ignoring.
Explanation The side of an SRP node is defined as being on two different interfaces, so the second interface definition is ignored.
Action The multiple interfaces are listed in the error message. Determine the correct connection and correct the definition. You can also receive this message if the path trace messages are displayed incorrectly. Verify that you are in normal mode by executing the command no pathtrace-mode srp transparent.
Error Message Node node-name was detected on multiple interfaces L1/1, L2/1, ignoring.
Explanation The side of a POS node is defined as being on two different interfaces, so the second interface definition is ignored.
Action The multiple interfaces are listed. You should determine the correct connection and correct the definition. You may receive this message if the path trace messages are not being displayed correctly. Verify that you are in normal mode by executing the command no pathtrace-mode pos transparent.
Error Message Discarding the following nodes due to identical IP address xxx.xxx.xx.xxx. SRP/POS node node connected to interface L1/1 L2/2
Explanation A single IP address was detected for multiple nodes.
Action A separate message is displayed for each node detected with the stated IP address. Reconfigure the nodes to have different IP addresses.
Error Message Node node-name was not detected, discarding.
Discarding pos connection of node node1 to node node2. Discarding sniff connection of sniffer node node1 to sniffed node node2.
Explanation One of the commands autoconnect (privileged EXEC) or node autodetect (rconf configuration) was used, and a previously detected node was not now detected. If the node is a pos or sniff node, the error message also indicates that it will be discarded.
Action Node, node1, and node2 are the node names. If this node is still connected, verify that the connections are secure.
Error Message Discarding user node node1 due to conflict with detected node node2.
Explanation There is a conflict between a user-defined node and an automatically detected node.
Action Verify the node definitions and connections.
Error Message Detected duplicated node name node1, resolving second node name to node2.
Explanation Multiple nodes are detected with the same name.
Action In this case, one of the nodes is renamed node2.
To specify a session timeout value for the SSH or Telnet session, use the exec-timeout minutes line configuration command. A value of 0 for the parameter minutes corresponds to never.
If you forget your password, perform the following procedure to return the password value to its default:
Step 1 Connect the UART password key (provided with the ONS 15194) on the MAINT RS-232C interface of the active controller.
Step 2 Log out from the console interface, if you are logged in.
Step 3 Press the Break key on the console interface. You enter the privileged mode directly.
Step 4 Define a new enable secret using the enable secret command.
At this point you are logged in to the ONS 15194 and have changed the enable password. For login configuration information, see the section "Configuring Network Parameters" in this chapter.
|
Note You must be familiar with how your terminal or PC terminal emulator issues the Break signal. For example, in ProComm, the keys Alt-B by default generates the Break signal, and in a Windows terminal you press Break or CTRL-Break. |
|
Caution Do not leave the UART password key plugged into the MAINT port. In addition to being a security hazard, the software will not reload and boot correctly. |
Posted: Sun Oct 6 02:21:28 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.