Chapter 5, Security and Timing

This chapter provides information about Cisco ONS 15327 user security and SONET timing. To provision security and timing, refer to the Cisco ONS 15327 Procedure Guide.

5.1 Users and Security

A CISCO15 ID is provided with the ONS 15327 system. The ID can be used to set up other ONS 15327 users.

Each ONS 15327 can support up to 500 user IDs on one ONS 15327. Each Cisco Transport Controller (CTC) or TL1 user can be assigned one of the following security levels:

•

Retrieve—Can retrieve and view CTC information but cannot set or modify parameters.

•

Superusers—Can perform all of the functions of the other security levels as well as set names, passwords, and security levels for other users.

Note You must add the same user name and password to each node the user will access.

5.1.1 Security Requirements Per Tab in Node View

Table 5-1 ONS 15327 Security Levels—Node View
CTC Tab	Subtab	Actions	Retrieve	Maintenance	Provisioning	Superuser
Alarms	—	Synchronize alarms	X	X	X	X
Conditions	—	Retrieve	X	X	X	X
History	Session	Read only	X	X	X	X
History	Node	Retrieve alarms/events	X	X	X	X
Circuits	—	Create/edit/delete/filter	—	Partial	X	X
Circuits		Search	X	X	X	X
Provisioning	General	Edit	—	—	X	X
	EtherBridge	Spanning trees: edit	—	—	X	X
		Thresholds: create/delete	—	—	X	X
	Network	All	—	—	X	X
	Protection	Create/delete/edit	—	—	X	X
		Browse groups	X	X	X	X
	BLSR	All (BLSR)	—	—	X	X
	Security	Create/delete	—	—	—	X
		Change password	Same user	Same user	Same user	All users
	SNMP	Create/delete/edit	—	—	X	X
		Browse trap destinations	X	X	X	X
	Sonet DCC	Create/delete	—	—	X	X
	Timing	Edit	—	—	X	X
	Alarm Behavior	Edit	—	—	X	X
	Defaults Editor	Edit	—	—	—	X
Inventory	—	Delete	—	X	X	X
Inventory		Reset	—	X	X	X
Maintenance	Database	Backup/restore	—	—	—	X
	EtherBridge	MAC table retrieve	X	X	X	X
		MAC table clear/clear all	—	X	X	X
		Trunk utilization refresh	X	X	X	X
	Protection	Switch/lock out operations	—	X	X	X
	BLSR	BLSR maintenance	—	X	X	X
	Software	Download/upgrade/ activate/revert	—	—	—	X
	Cross-Connect	Delete VT tunnels	—	X	X	X
	Overhead XConnect	Read only	—	—
	Timing	Edit	—	X	X	X
	Audit	Retrieve	X	X	X	X
	Routing Table	Read only	X	X	X	X
	RIP Routing Table	Refresh	X	X	X	X
	Test Access	Read only	X	X	X	X

5.1.1.1 Security Level Idle Times

Each ONS 15327 CTC or TL1 user can be idle during his or her login session for a specified amount of time before the CTC window is locked. The lockouts prevent unauthorized users from making changes. Higher-level users have shorter default idle periods and lower-level users have longer or unlimited default idle periods, as shown in Table 5-2.

5.2 Node Timing

SONET timing parameters must be set for each ONS 15327. Each ONS 15327 independently accepts its timing reference from one of three sources:

Table 5-2 ONS 15327 Default User Idle Times
Security Level	Idle Time
Superuser	15 minutes
Provisioning	30 minutes
Maintenance	60 minutes
Retrieve	Unlimited

•

The BITS (Building Integrated Timing Supply) pins on the ONS 15327 Mechanical Interface card (MIC)

•

An OC-N card installed in the ONS 15327 (the card is connected to a node that receives timing through a BITS source)

You can set ONS 15327 timing to one of three modes: external, line, or mixed. If timing is coming from the BITS port, set ONS 15327 timing to external. If the timing comes from an OC-N card, set the timing to line. Typical ONS 15327 networks have the following timing configurations:

•

One node is set to external. The external node derives its timing from a BITS source wired to the BITS MIC port. The BITS source derives its timing from a Primary Reference Source (PRS) such as a Stratum 1 clock or GPS signal.

•

The other nodes are set to line. The line nodes derive timing from the externally-timed node through the OC-N trunk (span) cards.

You can set three timing references for each ONS 15327. The first two references are typically two BITS-level sources, or two line-level sources optically connected to a node with a BITS source. The third reference is the internal clock provided on every ONS 15327 XTC card. This clock is a Stratum 3 (ST3). If an ONS 15327 becomes isolated, timing is maintained at the ST3 level.

5.2.1 Network Timing Example

Figure 5-1 shows an example of an ONS 15327 network timing setup. Node 1 is set to external timing. Two references are set to BITS, and the third reference is set to internal. The BITS output pins on the MICs of Node 3 provide timing to outside equipment, such as a Digital Access Line Access Multiplexer.

5.2.2 Synchronization Status Messaging

Synchronization Status Messaging (SSM) is a SONET protocol that communicates information about the quality of the timing source. SSM messages are carried on the S1 byte of the SONET line layer. They enable SONET devices to automatically select the highest quality timing reference and to avoid timing loops.

SSM messages are either Generation 1 or Generation 2. Generation 1 is the first and most widely deployed SSM message set. Generation 2 is a newer version. If you enable SSM for the ONS 15327, consult your timing reference documentation to determine which message set to use. Table 5-3 and Table 5-4 show the Generation 1 and Generation 2 message sets.

Message	Quality	Description
PRS	1	Primary reference source—Stratum 1
STU	2	Sync traceability unknown
ST2	3	Stratum 2
ST3	4	Stratum 3
SMC	5	SONET minimum clock
ST4	6	Stratum 4
DUS	7	Do not use for timing synchronization
RES		Reserved; quality level set by user

Message	Quality	Description
PRS	1	Primary reference source—Stratum 1
STU	2	Sync traceability unknown
ST2	3	Stratum 2
TNC	4	Transit node clock
ST3E	5	Stratum 3E
ST3	6	Stratum 3
SMC	7	SONET minimum clock
ST4	8	Stratum 4
DUS	9	Do not use for timing synchronization
RES		Reserved; quality level set by user