Manual - MXK 319 (0123 0187)
Uploaded by
guillermoManual - MXK 319 (0123 0187)
Uploaded by
guillermoMXK port management
show the description and the physical location. If multiple port descriptions
have the same text string they will all be displayed
port description find <text string>
zSH> port description find 510
Results for 510
Description: 510 555 5555
Interface: 1-13-1-0/eth
zSH> port description find "business 1 555-555-5555"
Results for business 1 555-555-5555
Description: business 1 555-555-5555
Interface: 1-4-1-1/gpononu
Note: Notice that for search items which do not have spaces the
quotation marks are unnecessary.
Port mirroring
The MXK provides port mirroring as a diagnostic tool used to troubleshoot
packet movement on uplink ports.
The rules for port mirroring are:
• The MXK supports one mirror at a time.
• All mirrored ports must be on the same uplink card even in a redundant
configuration.
• Any Ethernet port can be mirrored to any other Ethernet port on the same
card except for the management 10/100 Ethernet port.
• When a port is a member of a link aggregration group, either the link
aggregration group or one port in the link aggregration group can be
mirrored.
Note: If more than one port needs to be mirrored, you must put
the ports in a link aggregration group. The ports must stay in the
link aggregration group for mirroring to continue.
port mirror command syntax
The syntax for the port mirror command is:
port mirror <from-interface> <to-interface> <vlan
<vlanId>> <in|out|both|off>
MXK Configuration Guide 123
MXK Operations, Administration, and Maintenance
Table 9: Variables for the port mirror command
Variable Definition
from-interface The interface to mirror.
to-interface Where to send the packets.
vlanID The outer VLAN tag.
in Mirror the incoming packets.
out Mirror the outgoing packets.
both Mirror both the incoming and outgoing packets.
off Disable port mirroring for the port interface.
Create a mirrored port on the uplink card
Case 1: Configuring an uplink Ethernet port to mirror
packets entering a 100/1000 Ethernet port to a 100/1000
Ethernet port
1 In this case, both ports are 100/1000 Ethernet ports.
zSH> port mirror 1-a-9-0/eth 1-a-11-0/eth vlan 200 in
This example enables port mirroring to send packets entering 1-a-9-0/eth
to 1-a-11-0/eth on VLAN 200.
2 When necessary, turn port mirroring off.
zSH> port mirror 1-a-9-0/eth 1-a-11-0/eth vlan 200 off
Case 2: Configuring an uplink Ethernet port to mirror
packets leaving a 10G Ethernet port to a 100/1000 Ethernet
port
1 In this case, port 1-a-2-0/eth is a 10G Ethernet port, and port 1-a-9-0/eth
is a 100/1000 Ethernet port.
zSH> port mirror 1-a-2-0/eth 1-a-9-0/eth vlan 700 out
This example enables port mirroring to send packets leaving 1-a-2-0/eth
to 1-a-9-0/eth on VLAN 700
2 When necessary, turn port mirroring off.
zSH> port mirror 1-a-2-0/eth 1-a-9-0/eth vlan 700 off
124 MXK Configuration Guide
MXK port management
Case 3: Configuring an uplink Ethernet port in a link
aggregration group to mirror packets entering and leaving
the ports in a linkagg group to a 100/1000 GE Ethernet port
1 Verify the ports in the link aggregration group.
zSH> linkagg show
LinkAggregations:
slot unit ifName partner: Sys Pri grp ID status agg mode
--------------------------------------------------------------------------------
a* 1 1-a-1-0 00:00:00:00:00:00 0x0 0x0 OOS Active
links slot port subport status
-------------------------------------------------------------
1-a-7-0 a 7 0 ACT
1-a-6-0 a 6 0 ACT
b 1 1-b-1-0 00:00:00:00:00:00 0x0 0x0 OOS Active
links slot port subport status
-------------------------------------------------------------
1-b-7-0 a 7 0 DSA
1-b-6-0 b 6 0 DSA
global linkagg group red type: red
2 In this case, 1-a-1-0/linkagg is the linkagg group and 1-a-8-0/eth is the
100/1000 GE Ethernet port.
zSH> port mirror 1-a-1-0/linkagg 1-a-8-0/eth vlan 900 both
This example enables port mirroring to send packets both entering and
leaving port 1-a-7-0/eth and port 1-a-6-0/eth in the link aggregration
group to port 1-a-8-0/eth on VLAN 900.
3 When necessary, turn port mirroring off.
zSH> port mirror 1-a-1-0/linkagg 1-a-8-0/eth vlan 900 off
Case 4: Configuring an uplink Ethernet port to mirror
packets entering and leaving a 100/1000 GE Ethernet port to
a 10G Ethernet port
1 In this case, port 1-a-11-0/eth is a 100/1000 GE Ethernet port and 1-a-2-0/
eth is a 10G Ethernet port.
zSH> port mirror 1-a-11-0/eth 1-a-2-0/eth vlan 800 both
This example enables port mirroring to send packets both entering and
leaving 1-a-11-0/eth to 1-a-2-0/eth.
2 When necessary, turn port mirroring off.
zSH> port mirror 1-a-11-0/eth 1-a-2-0/eth vlan 800 off
MXK Configuration Guide 125
MXK Operations, Administration, and Maintenance
Ethernet Jumbo Frames
Jumbo Ethernet frames are defined as frames that exceed 1500 bytes of
payload. Jumbo Ethernet frames are usually up to 9000 bytes of payload and
are frequently used by data centers to provide lower overhead Ethernet
connectivity. Enterprise Ethernet, carrier Ethernet, and access networks are
now frequently requiring jumbo Ethernet frames.
zSH> port show 1-1-1-0/eth
Interface 1-1-1-0/eth
Physical location: 1/1/1/0/eth
Administrative status: up
Port type specific information:
Frame size: 0 bytes
Ingress rate: 0 Kbps burst size: 0 Kbits
Engress rate: 0 Kbps burst size: 0 Kbits
DDM not supported
zSH> port config 1-1-1-0/eth maxframe 9120
Setting max frame size to: 9120 bytes.
Interface 1-1-1-0/eth configured for max frame size of 9120.
zSH> port show 1-1-1-0/eth
Interface 1-1-1-0/eth
Physical location: 1/1/1/0/eth
Administrative status: up
Port type specific information:
Frame size: 9120 bytes
Ingress rate: 0 Kbps burst size: 0 Kbits
Engress rate: 0 Kbps burst size: 0 Kbits
DDM not supported
zSH> get ether 1/1/1/0
ether 1/1/1/0
autonegstatus: ----> {enabled}
mauType: ----------> {mau1000basetfd}
restart: ----------> {norestart}
ifType: -----------> {mau1000basetfd}
autonegcap: -------> {b100baseTX+b100baseTXFD+b1000baseT+b1000baseTFD}
remotefault: ------> {noerror}
clksrc: -----------> {automatic}
pauseFlowControl: -> {disabled}
aggregationMode: --> {on}
linkStateMirror: --> {0/0/0/0/0}
maxFrameSize: -----> {9120}
ingressRate: ------> {0}
126 MXK Configuration Guide
MXK port management
ingressBurstSize: -> {0}
egressRate: -------> {0}
egressBurstSize: --> {0}
zSH> port config 1-1-1-0/eth maxframe 0
Interface 1-1-1-0/eth configured to default frame size of 2048 bytes.
zSH> get ether 1/1/1/0
ether 1/1/1/0
autonegstatus: ----> {enabled}
mauType: ----------> {mau1000basetfd}
restart: ----------> {norestart}
ifType: -----------> {mau1000basetfd}
autonegcap: -------> {b100baseTX+b100baseTXFD+b1000baseT+b1000baseTFD}
remotefault: ------> {noerror}
clksrc: -----------> {automatic}
pauseFlowControl: -> {disabled}
aggregationMode: --> {on}
linkStateMirror: --> {0/0/0/0/0}
maxFrameSize: -----> {0}
ingressRate: ------> {0}
ingressBurstSize: -> {0}
egressRate: -------> {0}
egressBurstSize: --> {0}
MXK Configuration Guide 127
MXK Operations, Administration, and Maintenance
MXK security
This section describes the MXK’s security features including Radius support,
Secure Shell (SSH), Secure File Transfer Protocol (SFTP), HTTPS and port
access security.
• MXK security (SSH, SFTP, and HTTPS), page 128
• Port access security, page 132
• Radius support, page 134
Note: For security reasons, host keys are not accessible via SNMP
and cannot be saved/restored with the dump command.
MXK security (SSH, SFTP, and HTTPS)
This section covers the security on the MXK:
• Enable security on the MXK, page 128
• DSA and RSA keys, page 130
• Tested MXK SSH clients, page 130
• Encryption-key commands, page 131
Enable security on the MXK
The system 0 profile provides a secure parameter which allows only secure
communication for management activities. When security is enabled, the
MXK uses the following protocols:
• Secure File Transfer Protocol (SFTP)
• Secure shell (SSH)
• HTTPS (HTTP secure)
Table 10 describes which protocols are allowed when the secure parameter is
enabled and which protocols are allowed when the secure parameter is
disabled.
Table 10: Protocols for the secure parameter
Disabled Enabled
TFTP, FTP SFTP
Telnet, SSH SSH
HTTP HTTPS
128 MXK Configuration Guide
MXK security
Enabling security on the MXK
To enable the security parameter enter update system 0 on the MXK,
change the secure parameter from disabled to enabled, then save the file:
Note: After enabling the secure parameter, HTTPS and changes
to the Web UI take affect after the next reboot. SSH and SFTP do
not require a reboot.
zSH> update system 0
system 0
Please provide the following: [q]uit.
syscontact: -----------> {}:
sysname: --------------> {}:
syslocation: ----------> {}:
enableauthtraps: ------> {disabled}:
setserialno: ----------> {0}:
zmsexists: ------------> {false}:
zmsconnectionstatus: --> {inactive}:
zmsipaddress: ---------> {0.0.0.0}:
configsyncexists: -----> {false}:
configsyncoverflow: ---> {false}:
configsyncpriority: ---> {high}:
configsyncaction: -----> {noaction}:
configsyncfilename: ---> {}:
configsyncstatus: -----> {syncinitializing}:
configsyncuser: -------> {}:
configsyncpasswd: -----> ** private **
numshelves: -----------> {1}:
shelvesarray: ---------> {}:
numcards: -------------> {3}:
ipaddress: ------------> {0.0.0.0}:
alternateipaddress: ---> {0.0.0.0}:
countryregion: --------> {us}:
primaryclocksource: ---> {0/0/0/0/0}:
ringsource: -----------> {internalringsourcelabel}:
revertiveclocksource: -> {true}:
voicebandwidthcheck: --> {false}:
alarm-levels-enabled: -> {critical+major+minor+warning}:
userauthmode: ---------> {local}:
radiusauthindex: ------> {0}:
secure: ---------------> {disabled}: enabled
webinterface: ---------> {enabled}:
options: --------------> {NONE(0)}:
reservedVlanIdStart: --> {0}:
reservedVlanIdCount: --> {0}:
snmpVersion: ----------> {snmpv2}:
persistentLogging: ----> {disabled}
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
MXK Configuration Guide 129
MXK Operations, Administration, and Maintenance
DSA and RSA keys
The MXK automatically creates a Digital Signature Algorithm (DSA), a
standard for digital signatures, and supports RSA, an algorithm for public-key
cryptography. The DSA and RSA host keys for the server are persistently
stored in the encryption-key profile. In order to manage the host keys, use the
CLI command encryption-key.
RSA involves a public key and a private key. The public key can be known to
everyone and is used for encrypting messages. Messages encrypted with the
public key can only be decrypted using the private key
When the system first boots, it will try to load the existing DSA and RSA
keys. If they do not exist, the system creates a 512 bit DSA key.
The CLI encryption-key command can be used to view current keys, create a
new key, regenerate keys that may have been compromised, and delete keys.
To create a new key enter:
zSH> encryption-key add rsa 1024
Generating key, please wait ... done.
Note: Generating keys is computationally intensive. The longer the
key, the longer it takes to generate. Wait until the system shows that
key generation is completed before you continue.
To view the new key just created enter:
Note: The encryption-key show command displays the keys that
were generated and are available for use. The command does not
show the actual keys.
zSH> encryption-key show
Index Type Length
----- ---------- ------
1 dsa 512
2 rsa 1024
To regenerate a key that might have been compromised enter:
zSH> encryption-key renew dsa
Generating key, please wait ... done.
To delete an encryption key enter:
zSH> encryption-key delete dsa
Tested MXK SSH clients
Secure Shell (SSH) is a command interface and protocol for securely getting
access to a remote computer. SSH commands are encrypted and secure in two
ways. Both ends of the client/server connection are authenticated using a
130 MXK Configuration Guide
MXK security
digital certificate, and passwords are protected by being encrypted. You can
now connect to a MXK using the SSH client of your choice to encrypt the
session. The MXK SSH2 only with the following SSH clients:
• OpenSSH
– cygwin
– Linux
– Solaris
• Putty
• Teraterm
• SecureCRT
• Absolute Telnet
Encryption-key commands
encryption-key add
Adds an encryption key to the encryption-key profile.
Syntax encryption-key add [rsa|dsa] [512|768|1024|2048]
Options rsa|dsa
Name and type of the encryption key.
512|768|1024|2048
The number of bytes the key is set to.
encryption-key delete
Deletes an encryption key from the encryption-key profile.
Syntax encryption-key delete [rsa|dsa]
Options rsa|dsa
Name and type of the encryption key.
encryption-key renew
Regenerates a compromised encryption key.
Syntax encryption-key renew [rsa|dsa]
Options rsa|dsa
Name and type of the encryption key.
encryption-key show
Displays the current encryption keys.
MXK Configuration Guide 131
MXK Operations, Administration, and Maintenance
Syntax encryption-key show
Port access security
The MXK provides security capabilities on the UDP/TCP ports which the
MXK uses for management. Use the port-access profile to define the UDP/
TCP port and the IP address or IP address subnet that allows access to that
port.
The port access security feature is a white list mechanism. If a host’s IP
address is not specified in a port-access profile, users from that host cannot
access on that port.
The management ports are:
• Telnet, port 23
• SSH, port 22
• HTTP, port 80
• HTTPS, port 443
• SNMP, port 161
In order to restrict access to the SNMP port, there must be a rule to allow the
MXK its own SNMP access. See Creating a port-access entry for the MXK to
maintain SNMP access on page 134.
By default, port-access profiles do not exist and all ports are open. After a
port-access profile is configured for a port all other IP addresses or subnets
are blocked. This restriction only takes effect after the first port-access
profile is created.
Note: Port access security is not independent from enabling secure
mode for SFTP and SSH in system 0. If secure is enabled to provide
SSH and SFTP while limiting Telnet access, and you have provided
access with the port-access profile for Telnet to a device (or range of
devices), the device(s) will not have access.
Up to 100 port-access profile entries can be created on a SLMS device.
Creating port-access profile entries
Create a port-access profile entry.
1 Create a new port-access entry by entering new port-access n, where n is
an available entry ID number.
2 In the portNumber parameter enter the port number.
3 In the srcAddr parameter enter the IP address or first IP address of the
subnet.
4 In the netMask parameter enter 255.255.255.255 for a single IP address
mask, or a subnet mask for a subnet.
132 MXK Configuration Guide
MXK security
Creating a port-access entry for a specific IP address
Create a new port-access profile and specify the port number, host/
network IP address to be granted access, and the one address netmask
(255.255.255.255, which really means an exact mask of the IP address
given) applied to the IP address to allow access to a single IP address.
Note: To create port access protection for both HTTP and
HTTPS, create port access entries for port 80 and port 443.
zSH> new port-access 1
Please provide the following: [q]uit.
portNumber: -> {0}: 80
srcAddr: ---> {0.0.0.0}: 172.16.42.1
netMask: ---> {0.0.0.0}: 255.255.255.255
....................S=
Save new record? [s]ave, [c]hange or [q]uit: s
New record saved.
This example creates port-access entry 1 on HTTP port 80 and allows
hosts on the 172.16.42.1 network to have HTTP access to the MXK.
Creating a port-access entry for a subnet
Create a new port-access profile and specify the Telnet port number,
initial host/network IP address to be granted access, and the netmask
applied to the IP address to allow access to a range of IP addresses.
Note: Typically, only port 23 is used for Telnet access.
zSH> new port-access 2
Please provide the following: [q]uit.
portNumber: -> {0}: 23
srcAddr: ---> {0.0.0.0}: 172.16.41.0
netMask: ---> {0.0.0.0}: 255.255.255.0
....................S=
Save new record? [s]ave, [c]hange or [q]uit: s
New record saved.
This example creates port-access entry 2 on Telnet port 23 and allows
hosts on the 172.16.41.xx network to Telnet to the MXK.
Displaying port-access profile entries
Display configured port-access profile entries with the list command:
zSH> list port-access
port-access 1
1 entry found.
MXK Configuration Guide 133
MXK Operations, Administration, and Maintenance
Modifying port-access profile entries
Modify a configured port-access profile entry with the update command.
This example changes the entry’s source IP address to 172.16.40.0:
zSH> update port-access 2
portNumber: -> {23}
srcAddr: ---> {172.16.41.0} 172.16.40.0
netMask: ---> {255.255.255.0}
1 entry found.
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Updated record saved.
Displaying port-access profile entries
To display configured port-access profile entries use the list command:
zSH> list port-access
port-access 1
1 entry found.
Creating a port-access entry for the MXK to maintain SNMP
access
Create a new port-access profile and specify the SNMP port number
(161) then 127.0.0.0 as the IP address for the subnet and a subnet mask of
255.0.0.0.
zSH> new port-access 10
Please provide the following: [q]uit.
portNumber: -> {0}: 161
srcAddr: ---> {0.0.0.0}: 127.0.0.0
netMask: ---> {0.0.0.0}: 255.0.0.0
....................S=
Save new record? [s]ave, [c]hange or [q]uit: s
New record saved.
Radius support
The MXK supports local and RADIUS (Remote Authentication Dial In User
Service) access authentication. The MXK can be configured for local
authentication, RADIUS authentication, or RADIUS then local
authentication. RADIUS users are configured with the Service-Type attribute
as Administrative-User or NAS-Prompt-User. RADIUS is used for only login
authentication, not severity levels.
Table 11 shows the mapping of service-type to MXK permissions.
134 MXK Configuration Guide
MXK security
Table 11: Service type mapping to MXK permissions
Service-Type Attribute MXK permissions
Administrative-User admin, zhonedebug, voice, data, manuf, database, systems, tools,
useradmin
NAS-Prompt-User admin, voice, data, manuf, database, systems, tools, useradmin
When establishing a connection to the MXK with RADIUS authentication,
the MXK passes RADIUS information securely to the RADIUS server. The
RADIUS server then authenticates the user and either allows or denies access
to the MXK. If access is denied and the local authentication option is also
configured, the MXK then authenticates access based on the locally
configured users and passwords. For logins and failed logins, a console
message is generated with user ID and IP address of the device from which
the login originated. Failed logins also are logged as alert level messages in
the MXK system log file.
By default, RADIUS access uses the UDP port 1812 for authentication.This
parameter can be changed in the radius-client profile.
Figure 5: MXK RADIUS authentication
Note: Follow the RADIUS server guidelines for RADIUS
configuration instructions. For example, when using the MXK with
the FreeRadius server:
• Create only one entry in the clients.conf file for each subnet or
individual MXK. For individual MXKs, the IP in this file must
match the IP address of the outbound interface used by the MXK to
connect to the RADIUS server.
• The MXK uses the value stored in the RADIUS system.sysname
file for the NAS-Identifier attribute.
MXK Configuration Guide 135
MXK Operations, Administration, and Maintenance
• The shared-secret in the MXK radius-client profile, must exactly
match the shared-secret in the RADIUS client entry.
Configuring RADIUS support
The MXK can be configured for local authentication, RADIUS
authentication, or RADIUS then local authentication. Multiple radius-client
profiles can be defined using the index and subindex numbers. This index
scheme can be used to create index numbers for groups of RADIUS servers.
When an index number is specified in the system profile, the MXK attempts
authentication from each RADIUS server in that group in sequential order of
the subindex numbers.
To configure RADIUS support:
Note: Before beginning this procedure, ensure that the MXK has IP
connectivity to the RADIUS server.
1 Update the RADIUS server with settings for the Zhone prompts.
2 Create a radius-client profile on the MXK with the desired index number
and RADIUS settings for server name, shared secret, number of retries,
and other parameters. The first number in the index is used to group
radius-client profiles so multiple profiles can be assigned to a MXK. The
second number in the index specifies the order in which radius-client
profiles are referenced. This example specifies the radius-client 1/1 with
server name radius1 and a shared-secret of secret. A DNS resolver must
be configured in the system to resolve the server name and IP address.If a
DNS resolver is not available, specify the IP address of the The index 1/1
specifies that this profile is the first profile in group 1.
zSH> new radius-client 1/1
Please provide the following: [q]uit.
server-name: ----> {}: radius1.test.com [DNS resolver must be configured in the system.]
udp-port: -------> {1812}:
shared-secret: --> {** password **}: secret
retry-count: ----> {5}:
retry-interval: -> {1}:
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Record created.
Another method to reference the RADIUS server is by specifying the IP
address. This example specifies the radius-client 1/1 with server IP
address 172.24.36.148 and a shared-secret of secret. The index 1/1
specifies that this profile is the first profile in group 1.
zSH> new radius-client 1/1
Please provide the following: [q]uit.
server-name: ----> {}: 172.24.36.248
udp-port: -------> {1812}:
shared-secret: --> {** password **}: secret
retry-count: ----> {5}:
136 MXK Configuration Guide
MXK security
retry-interval: -> {1}:
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Record created.
3 Create another radius-client profile on the MXK with the desired
RADIUS settings for server name, shared secret, number of retries, and
other parameters. This example specifies the radius-client 1/2 with
server IP address 172.24.36.148 and a shared-secret of secret. The index
1/2 specifies that this profile is the second profile in group 1.
zSH> new radius-client 1/2
Please provide the following: [q]uit.
server-name: ----> {}: 172.24.36.249
udp-port: -------> {1812}:
shared-secret: --> {** password **}: secret
retry-count: ----> {5}:
retry-interval: -> {1}:
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Record created.
Create additional radius-client profiles for each additional RADIUS
server to be assigned to this MXK.
4 In the system profile on the MXK, set the desired user authentication
method and specify the index of the radius profile to use. This examples
specifies the radiusauthindex of 1. This index is configured with two
radius-client profiles (1/1, 1/2). The MXK first attempts authentication
using the server specified in radius-client 1/1. If this authentication fails,
the MXK attempts authentication using radius-client 1/2 server. If this
authentication also fails, the MXK then attempts authentication based on
the authentication mode setting in the system profile. This example uses
radiusthenlocal.
Caution: If the radius authentication mode is used, local
authentication is disabled so the MXK may become inaccessible
if IP connectivity to the RADIUS server is lost or other changes
prevent the MXK from receiving RADIUS authentication.
zSH> update system 0
system 0
Please provide the following: [q]uit.
syscontact: -----------> {}:
sysname: --------------> {}:
syslocation: ----------> {}:
enableauthtraps: ------> {disabled}:
setserialno: ----------> {0}:
zmsexists: ------------> {false}:
zmsconnectionstatus: --> {inactive}:
zmsipaddress: ---------> {0.0.0.0}:
configsyncexists: -----> {false}:
MXK Configuration Guide 137
MXK Operations, Administration, and Maintenance
configsyncoverflow: ---> {false}:
configsyncpriority: ---> {high}:
configsyncaction: -----> {noaction}:
configsyncfilename: ---> {}:
configsyncstatus: -----> {syncinitializing}:
configsyncuser: -------> {}:
configsyncpasswd: -----> ** private **
numshelves: -----------> {1}:
shelvesarray: ---------> {}:
numcards: -------------> {3}:
ipaddress: ------------> {0.0.0.0}:
alternateipaddress: ---> {0.0.0.0}:
countryregion: --------> {us}:
primaryclocksource: ---> {0/0/0/0/0}:
ringsource: -----------> {internalringsourcelabel}:
revertiveclocksource: -> {true}:
voicebandwidthcheck: --> {false}:
alarm-levels-enabled: -> {critical+major+minor+warning}:
userauthmode: ---------> {local}: radiusthenlocal
radiusauthindex: ------> {0}: 1
secure: ---------------> {disabled}:
webinterface: ---------> {enabled}:
options: --------------> {NONE(0)}:
reservedVlanIdStart: --> {0}:
reservedVlanIdCount: --> {0}:
snmpVersion: ----------> {snmpv2}:
persistentLogging: ----> {disabled}
outletTemperatureHighThreshold: -> {65}
outletTemperatureLowThreshold: --> {-12}
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
After completing the RADIUS configuration, the MXK displays console
messages for RADIUS login and logout activity.
For users logging in through RADIUS, the system prompt appears as the
username@systemname. For example, the system prompt for a basic user
on a MXK using the default Zhone MXK system name will appear as
basicuser@Zhone mxk. The system name is configured using the
sysname parameter in the system 0 profile.
138 MXK Configuration Guide
MXK alarms
MXK alarms
This section describes the following:
• Alarm manager, page 139
• Alarm suppression, page 140
• Configurable high and low chassis temperature alarms, page 142
Alarm manager
Note: For GPON ONU alarms, refer to GPON Alarms and Traps on
page 987. The alarm show command does not display GPON ONU
alarms.
The MXK central alarm manager includes the ability to view the active
alarms on the system (using the alarm show command) and the ability to
store active alarms on the device. ZMS can use the alarms stored on the
device to recreate the state of the alarms if it becomes disconnected.
The alarm command uses the following syntax:
alarm show [summary]
For example, the following command displays the number of current active
alarms, the total number of alarms, the number of cleared alarms, as well as
each active alarm and its severity:
zSH> alarm show
************ Central Alarm Manager ************
ActiveAlarmCurrentCount :11
AlarmTotalCount :36
ClearAlarmTotalCount :25
OverflowAlarmTableCount :0
ResourceId AlarmType AlarmSeverity
---------- --------- -------------
1-a-2-0/eth linkDown critical
1-a-3-0/eth linkDown critical
1-a-6-0/eth linkDown critical
1-a-7-0/eth linkDown critical
1-a-8-0/eth linkDown critical
1-a-9-0/eth linkDown critical
1-a-10-0/eth linkDown critical
1-a-11-0/eth linkDown critical
1-2-2-1/other linkDown minor
system power_supply_b_failure warning
system not_in_redundant_mode major
The summary option displays the number of current active alarms, the total
number of alarms, the number of system cleared alarms:
zSH> alarm show summary
************ Central Alarm Manager ************
MXK Configuration Guide 139
MXK Operations, Administration, and Maintenance
ActiveAlarmCurrentCount :84
AlarmTotalCount :137
ClearAlarmTotalCount :53
OverflowAlarmTableCount :0
The alarm clear command clears a transient alarm the system was unable to
clear.
Caution: Alarms cleared with the alarm clear command will not be
redisplayed if condition reoccurs. The alarm will redisplay only
if the condition reoccurs, goes away, and then reoccurs.
zSH> alarm clear
Num ResourceId AlarmType AlarmSeverity
---------------- --------- -------------
1 1-a-2-0/eth linkDown critical
2 1-a-3-0/eth linkDown critical
3 1-a-4-0/eth linkDown critical
....
34 1-5-3-0/gponolt linkDown critical
35 1-5-4-0/gponolt linkDown critical
36 1-5-5-0/gponolt linkDown critical
37 1-5-6-0/gponolt linkDown critical
38 1-5-7-0/gponolt linkDown critical
39 1-5-8-0/gponolt linkDown critical
40 1-4-1-0-gponolt/sn-1 gpon_unassigned_serial_number warning
Caution: use this option with discretion.
Alarm will not be redisplayed if condition reoccurs. Alarm will redisplay only
if condition reoccurs, goes away, and then reoccurs.
Enter alarm number from list, or 'q' to quit:
The alarm clear command only clears alarms one at a time by the alarm
number displayed in the Num column.
Alarm suppression
The alarm suppression feature allows alarm/LED notification and output to be
disabled based on alarm severity level for existing and future alarms. When an
alarm level is disabled, all existing alarms of that type are cleared from the
system. Future alarms of that type do not set LEDs or alarm relays and are not
displayed in alarm output.
Alarm suppression is also supported in ZMS.
Table 12 lists the alarm suppression options and the resulting behaviors. By
default, alarms for all severity levels are enabled.
Table 12: Alarm suppression options
Alarm Levels Enabled Setting Alarm Behavior
critical+major+minor+warning Enables all alarm levels. The default setting.
140 MXK Configuration Guide
MXK alarms
Table 12: Alarm suppression options (Continued)
Alarm Levels Enabled Setting Alarm Behavior
critical+major+minor Disables all warning alarms.
critical+major Disables all minor, and warning alarms.
critical+major+warning Disables all minor alarms.
critical+minor+warning Disables all major alarms.
critical+minor Disables all major and warning alarms.
critical+warning Disables all major and warning alarms.
critical Disables all major, minor, and warning alarms.
major Disables all critical, minor, and warning alarms.
major+minor+warning Disables all critical alarms.
major+minor Disables all critical and warning alarms.
major+warning Disables all critical and minor alarms.
minor Disables all critical, major, and warning alarms.
minor+warning Disables all critical and major alarms.
(no levels) Disables all alarm levels.
This example disables alarm/LED notification and output for all current and
future alarms with the severity levels minor and warning.
zSH> update system 0
system 0
Please provide the following: [q]uit.
syscontact: -----------> {}:
sysname: --------------> {}:
syslocation: ----------> {}:
enableauthtraps: ------> {disabled}:
setserialno: ----------> {0}:
zmsexists: ------------> {false}:
zmsconnectionstatus: --> {inactive}:
zmsipaddress: ---------> {0.0.0.0}:
configsyncexists: -----> {false}:
configsyncoverflow: ---> {false}:
configsyncpriority: ---> {high}:
configsyncaction: -----> {noaction}:
configsyncfilename: ---> {}:
configsyncstatus: -----> {syncinitializing}:
configsyncuser: -------> {}:
configsyncpasswd: -----> ** private **
numshelves: -----------> {1}:
shelvesarray: ---------> {}:
numcards: -------------> {3}:
ipaddress: ------------> {0.0.0.0}:
alternateipaddress: ---> {0.0.0.0}:
MXK Configuration Guide 141
MXK Operations, Administration, and Maintenance
countryregion: --------> {us}:
primaryclocksource: ---> {0/0/0/0/0}:
ringsource: -----------> {internalringsourcelabel}:
revertiveclocksource: -> {true}:
voicebandwidthcheck: --> {false}:
alarm-levels-enabled: -> {critical+major+minor+warning}: critical+major
userauthmode: ---------> {local}:
radiusauthindex: ------> {0}:
secure: ---------------> {disabled}:
webinterface: ---------> {enabled}:
options: --------------> {NONE(0)}:
reservedVlanIdStart: --> {0}:
reservedVlanIdCount: --> {0}:
snmpVersion: ----------> {snmpv2}:
persistentLogging: ----> {disabled}
outletTemperatureHighThreshold: -> {65}
outletTemperatureLowThreshold: --> {-12}
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
Configurable high and low chassis temperature alarms
High and low temperature threshold parameters were added to the system
profile:
zSH> show system
...
outletTemperatureHighThreshold:-> {35 - 65}
outletTemperatureLowThreshold:--> {-40 - 0}
Parameter defaults are:
zSH> get system 0
...
outletTemperatureHighThreshold: -> {65}
outletTemperatureLowThreshold: --> {-12}
A minor alarm is raised when the outlet temperature is at the
outletTemperatureHighThreshold. Major alarm is raised when the outlet
temperature is outletTemperatureHighThreshold+5. Critical alarm is raised
when the outlet temperature is outletTemperatureHighThreshold+10. For
example, if the outletTemperatureHighThreshold is configured as 35,
alarms will be in the order of 35, 40, 45 for Minor, Major, and Critical. If the
outletTemperatureHighThreshold is configured as 65, alarms will be in the
order of 65, 70, 75 for Minor, Major, and Critical.
When the outletTemperatureLowThreshold is set and the outlet sensor
reaches the configured temperature, a Minor alarm is raised.
142 MXK Configuration Guide
MXK alarms
Configuring high and low chassis temperature alarms
1 Configure the outletTemperatureHighThreshold and the
outletTemperatureLowThreshold parameter in the system 0 profile.
zSH> update system 0
system 0
Please provide the following: [q]uit.
syscontact: ---------------------> {}:
sysname: ------------------------> {}:
syslocation: --------------------> {}:
enableauthtraps: ----------------> {disabled}:
setserialno: --------------------> {0}:
zmsexists: ----------------------> {true}:
zmsconnectionstatus: ------------> {inactive}:
zmsipaddress: -------------------> {10.51.1.241}:
configsyncexists: ---------------> {false}:
configsyncoverflow: -------------> {false}:
configsyncpriority: -------------> {high}:
configsyncaction: ---------------> {noaction}:
configsyncfilename: -------------> {10.51.1.118_4_1405380127627}:
configsyncstatus: ---------------> {synccomplete}:
configsyncuser: -----------------> {zmsftp}:
configsyncpasswd: ---------------> {** private **}: ** read-only **
numshelves: ---------------------> {1}:
shelvesarray: -------------------> {}:
numcards: -----------------------> {3}:
ipaddress: ----------------------> {10.51.1.118}:
alternateipaddress: -------------> {0.0.0.0}:
countryregion: ------------------> {us}:
primaryclocksource: -------------> {0/0/0/0/0}:
ringsource: ---------------------> {internalringsourcelabel}:
revertiveclocksource: -----------> {true}:
voicebandwidthcheck: ------------> {false}:
alarm-levels-enabled: -----------> {critical+major+minor+warning}:
userauthmode: -------------------> {local}:
radiusauthindex: ----------------> {0}:
secure: -------------------------> {disabled}:
webinterface: -------------------> {enabled}:
options: ------------------------> {NONE(0)}:
reservedVlanIdStart: ------------> {0}:
reservedVlanIdCount: ------------> {0}:
snmpVersion: --------------------> {snmpv2}:
persistentLogging: --------------> {disabled}:
outletTemperatureHighThreshold: -> {65}: 50
outletTemperatureLowThreshold: --> {-12}: 0
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
2 Verify the changes.
zSH> get system 0
system 0
MXK Configuration Guide 143
MXK Operations, Administration, and Maintenance
syscontact: ---------------------> {}
sysname: ------------------------> {}
syslocation: --------------------> {}
enableauthtraps: ----------------> {disabled}
setserialno: --------------------> {0}
zmsexists: ----------------------> {true}
zmsconnectionstatus: ------------> {inactive}
zmsipaddress: -------------------> {10.51.1.241}
configsyncexists: ---------------> {false}
configsyncoverflow: -------------> {false}
configsyncpriority: -------------> {high}
configsyncaction: ---------------> {noaction}
configsyncfilename: -------------> {10.51.1.118_4_1405380127627}
configsyncstatus: ---------------> {synccomplete}
configsyncuser: -----------------> {zmsftp}
configsyncpasswd: ---------------> ** private **
numshelves: ---------------------> {1}
shelvesarray: -------------------> {}
numcards: -----------------------> {3}
ipaddress: ----------------------> {10.51.1.118}
alternateipaddress: -------------> {0.0.0.0}
countryregion: ------------------> {us}
primaryclocksource: -------------> {0/0/0/0/0}
ringsource: ---------------------> {internalringsourcelabel}
revertiveclocksource: -----------> {true}
voicebandwidthcheck: ------------> {false}
alarm-levels-enabled: -----------> {critical+major+minor+warning}
userauthmode: -------------------> {local}
radiusauthindex: ----------------> {0}
secure: -------------------------> {disabled}
webinterface: -------------------> {enabled}
options: ------------------------> {NONE(0)}
reservedVlanIdStart: ------------> {0}
reservedVlanIdCount: ------------> {0}
snmpVersion: --------------------> {snmpv2}
persistentLogging: --------------> {disabled}
outletTemperatureHighThreshold: -> {50}
outletTemperatureLowThreshold: --> {0}
3 View the alarms sent in the console window when thresholds are met or
exceeded or use the alarm show command.
View the alarm when the outlet temperature reaches the configured
temperature high threshold.
zSH> log ses on
Logging is already enabled for this session.
zSH> JUL 28 09:57:36: alert : 1/a/12 : shelfctrl: Warning: Temperature is above
50 degrees C (122 F) threshold.
JUL 28 09:57:36: alert : 1/a/12 : shelfctrl: Outlet temp=50 degrees C (122 F)
JUL 28 09:57:36: alert : 1/a/1025: alarm_mgr: 01: a:00 Minor Chassis Temperature
above 50 degrees C (122 F) threshold
144 MXK Configuration Guide
MXK alarms
zSH> alarm show
************ Central Alarm Manager ************
ActiveAlarmCurrentCount :21
AlarmTotalCount :100
ClearAlarmTotalCount :79
OverflowAlarmTableCount :0
ResourceId AlarmType AlarmSeverity
---------- --------- -------------
1-a-3-0/eth linkDown critical
1-a-4-0/eth linkDown critical
1-a-5-0/eth linkDown critical
1-a-6-0/eth linkDown critical
1-a-7-0/eth linkDown critical
1-a-8-0/eth linkDown critical
1-a-9-0/eth linkDown critical
1-a-10-0/eth linkDown critical
1-a-11-0/eth linkDown critical
1-b-1-0/eth linkDown critical
1-b-3-0/eth linkDown critical
1-b-4-0/eth linkDown critical
1-b-5-0/eth linkDown critical
1-b-6-0/eth linkDown critical
1-b-7-0/eth linkDown critical
1-b-8-0/eth linkDown critical
1-b-9-0/eth linkDown critical
1-b-10-0/eth linkDown critical
1-b-11-0/eth linkDown critical
system temp_over_limit minor
slot 13 card_removed warning
View the alarm when the outlet temperature exceeds the configured
temperature high threshold by +5.
zSH> JUL 28 10:02:45: alert : 1/a/12 : shelfctrl: Warning: Temperature is above
55 degrees C (131 F) threshold.
JUL 28 10:02:45: alert : 1/a/12 : shelfctrl: Outlet temp=55 degrees C (131 F)
JUL 28 10:02:45: alert : 1/a/1025: alarm_mgr: 01: a:00 Minor Updating
Temperature alarm severity
JUL 28 10:02:45: alert : 1/a/1025: alarm_mgr: 01: a:00 Major Chassis Temperature
above 55 degrees C (131 F) threshold
zSH> alarm show
************ Central Alarm Manager ************
ActiveAlarmCurrentCount :21
AlarmTotalCount :101
ClearAlarmTotalCount :80
OverflowAlarmTableCount :0
ResourceId AlarmType AlarmSeverity
---------- --------- -------------
1-a-3-0/eth linkDown critical
1-a-4-0/eth linkDown critical
1-a-5-0/eth linkDown critical
1-a-6-0/eth linkDown critical
1-a-7-0/eth linkDown critical
MXK Configuration Guide 145
MXK Operations, Administration, and Maintenance
1-a-8-0/eth linkDown critical
1-a-9-0/eth linkDown critical
1-a-10-0/eth linkDown critical
1-a-11-0/eth linkDown critical
1-b-1-0/eth linkDown critical
1-b-3-0/eth linkDown critical
1-b-4-0/eth linkDown critical
1-b-5-0/eth linkDown critical
1-b-6-0/eth linkDown critical
1-b-7-0/eth linkDown critical
1-b-8-0/eth linkDown critical
1-b-9-0/eth linkDown critical
1-b-10-0/eth linkDown critical
1-b-11-0/eth linkDown critical
system temp_over_limit major
slot 13 card_removed warning
View the alarm when the outlet temperature exceeds the configured
temperature high threshold by +10.
zSH> JUL 28 10:07:58: alert : 1/a/12 : shelfctrl: Warning: Temperature is above
60 degrees C (140 F) threshold.
JUL 28 10:07:58: alert : 1/a/12 : shelfctrl: Outlet temp=60 degrees C (140 F)
JUL 28 10:07:58: alert : 1/a/1025: alarm_mgr: 01: a:00 Minor Updating
Temperature alarm severity
JUL 28 10:07:58: alert : 1/a/1025: alarm_mgr: 01: a:00 Critical Chassis
Temperature above 60 degrees C (140 F) threshold
zSH> alarm show
************ Central Alarm Manager ************
ActiveAlarmCurrentCount :21
AlarmTotalCount :102
ClearAlarmTotalCount :81
OverflowAlarmTableCount :0
ResourceId AlarmType AlarmSeverity
---------- --------- -------------
1-a-3-0/eth linkDown critical
1-a-4-0/eth linkDown critical
1-a-5-0/eth linkDown critical
1-a-6-0/eth linkDown critical
1-a-7-0/eth linkDown critical
1-a-8-0/eth linkDown critical
1-a-9-0/eth linkDown critical
1-a-10-0/eth linkDown critical
1-a-11-0/eth linkDown critical
1-b-1-0/eth linkDown critical
1-b-3-0/eth linkDown critical
1-b-4-0/eth linkDown critical
1-b-5-0/eth linkDown critical
1-b-6-0/eth linkDown critical
1-b-7-0/eth linkDown critical
1-b-8-0/eth linkDown critical
1-b-9-0/eth linkDown critical
1-b-10-0/eth linkDown critical
146 MXK Configuration Guide
MXK alarms
1-b-11-0/eth linkDown critical
system temp_over_limit critical
slot 13 card_removed warning
View the alarm when the outlet temperature reaches the configured
temperature low threshold.
zSH> JUL 28 11:51:03: alert : 1/a/12 : shelfctrl: Warning: Temperature is below
0 degrees C (32 F) threshold.
JUL 28 11:51:03: alert : 1/a/12 : shelfctrl: Outlet temp=0 degrees C (32 F)
JUL 28 11:51:03: alert : 1/a/1025: alarm_mgr: 01: a:00 Minor Chassis Temperature
below 0 degrees C (32 F) threshold
zSH> alarm show
************ Central Alarm Manager ************
ActiveAlarmCurrentCount :21
AlarmTotalCount :112
ClearAlarmTotalCount :91
OverflowAlarmTableCount :0
ResourceId AlarmType AlarmSeverity
---------- --------- -------------
1-a-3-0/eth linkDown critical
1-a-4-0/eth linkDown critical
1-a-5-0/eth linkDown critical
1-a-6-0/eth linkDown critical
1-a-7-0/eth linkDown critical
1-a-8-0/eth linkDown critical
1-a-9-0/eth linkDown critical
1-a-10-0/eth linkDown critical
1-a-11-0/eth linkDown critical
1-b-1-0/eth linkDown critical
1-b-3-0/eth linkDown critical
1-b-4-0/eth linkDown critical
1-b-5-0/eth linkDown critical
1-b-6-0/eth linkDown critical
1-b-7-0/eth linkDown critical
1-b-8-0/eth linkDown critical
1-b-9-0/eth linkDown critical
1-b-10-0/eth linkDown critical
1-b-11-0/eth linkDown critical
system temp_under_limit minor
slot 13 card_removed warning
MXK Configuration Guide 147
MXK Operations, Administration, and Maintenance
MXK card configuration
This section describes how to provision MXK cards:
• View uplink cards, page 148
• View line cards, page 148
• MXK card configuration, page 149
View uplink cards
You can view information by entering the slots command with the uplink card
slot of the uplink card including:
• ROM Version
• Software Version
• Card-Profile ID
The asterisk next to the type of card indicates that this card is in a redundant
configuration.
zSH> slots a
MXK 819
Type :*MXK TWO TENGIGE EIGHT GIGE
Card Version : 800-02485-01-A
EEPROM Version : 1
Serial # : 1360640
CLEI Code : No CLEI
Card-Profile ID : 1/a/10100
Shelf : 1
Slot : a
ROM Version : MXK 2.0.100
Software Version: MXK 2.5.1.124
State : RUNNING
Mode : FUNCTIONAL
Heartbeat check : enabled
Heartbeat last : TUE MAR 11 18:55:46 2014
Heartbeat resp : 4243
Heartbeat late : 0
Hbeat seq error : 0
Hbeat longest : 5
Fault reset : enabled
Power fault mon : not supported
Uptime : 3 days, 1 hour, 31 minutes
View line cards
After you install the uplink card in slot a, all other line cards and the uplink
card in slot b (for redundant configurations) must be provisioned.
148 MXK Configuration Guide
MXK card configuration
The slots command shows the cards currently exist in the MXK chassis and
their state including: running, loading, not provisioned, booting, and
configuring.
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
1: MXK ADSL-48-A Bonded/with 900 Ohm Splitter (RUNNING)
4: MXK 20 ACT ETH (RUNNING)
5: MXK 8 PORT GPON (RUNNING)
6: MXK 20 ACT ETH SINGLE SLOT (RUNNING)
11: MXK 4 PORT GPON (RUNNING)
14: MXK 20 ACT ETH (RUNNING)
17: MXK 24 PORT VDSL2 POTS (NOT_PROV)
18:*MTAC RING (RUNNING)
Enter the slots slot number command to display particular card information.
In this case, entering slots 10 displays information about the line card in slot
6. You can find the ROM, software version, and other card information.
zSH> slots 6
MXK 819
Type : MXK 20 ACT ETH SINGLE SLOT
Card Version : 800-03010-01-A
EEPROM Version : 1
Serial # : 4262620
CLEI Code : No CLEI
Card-Profile ID : 1/6/10207
Shelf : 1
Slot : 6
ROM Version : MXK 2.0.100
Software Version: MXK 2.5.1.124
State : RUNNING
Mode : FUNCTIONAL
Heartbeat check : enabled
Heartbeat last : TUE MAR 11 18:57:42 2014
Heartbeat resp : 4283
Heartbeat late : 0
Hbeat seq error : 0
Hbeat longest : 13
Fault reset : enabled
Power fault mon : not supported
Uptime : 27 days, 17 hours, 30 minutes
MXK card configuration
This section describes how to:
• Add a card profile, page 150
• Delete a card profile, page 151
MXK Configuration Guide 149
MXK Operations, Administration, and Maintenance
• Add a card that returns parameter prompts, page 152
• card stats command, page 155
Add a card profile
The MXK distinguishes the differences between cards and their functionality
by designating a card type with the card add command.
To provision the cards in a MXK chassis enter card add slotnumber. This
command automatically creates the card-profile for the card. The slot
number determines the card type.
Adding a card profile
If necessary, use the slots command to verify which slot a card resides in
before using the card add command to provision the card. To provision a
card, first install the card in a slot.
1 To verify the location of a card, enter slots:
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
1:*TAC ITM RING (RUNNING)
5: MXK 8 PORT GPON (RUNNING)
6: MXK 20 ACT ETH SINGLE SLOT (RUNNING)
7: MXK GSHDSL-24 Bonded/with NTP (RUNNING)
8: MXK ADSL-48-A Bonded/with 600 Ohm Splitter (RUNNING)
10: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (NOT_PROV)
12: MXK 24 PORT VDSL2 (RUNNING)
2 To provision a card, enter card add slotnumber:
zSH> card add 10
card-profile validation failed - card-line-type not compatible with card
sub-type
In this case, the MXK-ADSL-48-A Bonded/ with Packet Voice POTS,
RNG, ITM card needs to have the card-line-type designated.
The correct card-line-type for the MXK-ADSL-48-A Bonded/ with
Packet Voice POTS, RNG, ITM card is adsl-pots-pv-rng-itm. See Add a
card that returns parameter prompts on page 152 for more information on
line card types.
Enter card add slotnumber linetype type:
zSH> card add 10 linetype adsl-pots-pv-rng-itm
new card-profile 1/10/10202 added, sw-file-name "mxlc48aadslbond.bin", 1
option: card-line-type adsl-pots-pv-rng-itm
150 MXK Configuration Guide
MXK card configuration
3 To verify the state of the provisioning, enter slots again:
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
1:*TAC ITM RING (RUNNING)
5: MXK 8 PORT GPON (RUNNING)
6: MXK 20 ACT ETH SINGLE SLOT (RUNNING)
7: MXK GSHDSL-24 Bonded/with NTP (RUNNING)
8: MXK ADSL-48-A Bonded/with 600 Ohm Splitter (RUNNING)
10: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (LOADING)
12: MXK 24 PORT VDSL2 (RUNNING)
After a bit, verify the state of the card again.
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
1:*TAC ITM RING (RUNNING)
5: MXK 8 PORT GPON (RUNNING)
6: MXK 20 ACT ETH SINGLE SLOT (RUNNING)
7: MXK GSHDSL-24 Bonded/with NTP (RUNNING)
8: MXK ADSL-48-A Bonded/with 600 Ohm Splitter (RUNNING)
10: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (RUNNING)
12: MXK 24 PORT VDSL2 (RUNNING)
Delete a card profile
Deleting a card, deletes the card-profile interface and all provisioning
including any associated routing ip-interface-record profiles and bridging
bridge-interface-record profiles.
Deleting a card profile
Caution: Before deleting card profiles, perform the following:
• Back up the MXK configuration. See the release notes for
information.
• For voice cards, ensure all subscribers and voice profiles are
deleted before deleting the card.
• Remove the card from the system as explained in the MXK
Hardware Installation Guide.
Delete the card-profile for a card to delete all the profiles associated with a
card. After deleting the card, the specified card reboots.
MXK Configuration Guide 151
MXK Operations, Administration, and Maintenance
The card delete command uses the following syntax:
card delete shelf/slot/cardtype
zSH> card delete 1/13/10200
card-profile 1/13/10200 deleted
zSH> JUN 29 16:15:35: critical: 1/13/1035: rebootserver:
* * * * Slot Reboot : type = 2, shelf = 1, slot = 13
JUN 29 16:15:34: info : 1/a/1054: carddeletehdlr: Starting residual
profile deletions for card 1/13/10200
JUN 29 16:16:09: info : 1/a/1054: carddeletehdlr: Residual profile
deletions in progress for card 1/13 (100 records removed)
JUN 29 16:16:10: info : 1/a/1054: carddeletehdlr: Completed residual
profile deletions for card 1/13/10200 (113 records removed)
The following slots commands show the change of status of the Active
Ethernet card in slot 1 immediately after entering card delete. The state
of the card changes from running to not provisioned.
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC))
b: MXK TWO TENGIGE EIGHT GIGE (NOT_PROV)
Cards
9: MXK 4 PORT GPON (NOT_PROV)
13: MXK 20 ACT ETH (RUNNING)
The system also displays a message that all provisioning associated with
the card is being deleted.
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
4: MXK 4 PORT GPON (RUNNING)
13: MXK 20 ACT ETH (NOT_PROV)
Note: You can only delete one card at a time. Wildcards are not
supported when deleting cards and their profiles.
Add a card that returns parameter prompts
There are several cards for the MXK where you must enter a valid variable
for the card-line-type parameter. To view the default variables for the
card-profile profile, enter:
zSH> show card-profile
sw-file-name:-----------> {68}
admin-status:-----------> operational disable maintenance warmreset reset
upgrade-sw-file-name:---> {68}
152 MXK Configuration Guide
MXK card configuration
upgrade-vers:-----------> {36}
admin-status-enable:----> enable disable
sw-upgrade-admin:-------> loadupgradesw upgradenow upgradeonreset reloadcurrrev
sw-enable:--------------> true false
sw-upgrade-enable:------> true false
card-group-id:----------> {0 - 0}
hold-active:------------> true false
weight:-----------------> neveractive nopreference slightpreference
mediumpreference highpreference
card-line-type:---------> unknowntype e1 ds1 e1-ima ds1-ima e3 ds3
t1-uni-gr303 t1-ima-gr303 e1-uni-v52 e1-ima-v52 gshdsl t1-uni-t1cas t1
-ima-t1cas t1cas rpr rpr-t1-gr303 rpr-e1-v52 rpr-t1cas adsl-pots adsl-pots-pv
adsl-splitter adsl-pots-pv-rng-itm ebs ebs-pv ebs-pots-pv pot s pots-pv isdn
isdn-pv pots-coin pots-coin-pv reach-splitter t1-tr008 gshdsl-ntp gshdsl-nt
card-atm-configuration:-> notapplicable cellrelayonly cellrelayandmanagement
dataterm voicegateway hybridlowaal5data hybriddefault hybridhighaa l5data
vbnrt95rt5 vbnrt80rt15 vbnrt65rt30 vbnrt50rt45 vbnrt35rt60 vbnrt20rt75
vbnrt5rt95 vbnrt5rt95cbr
card-line-voltage:------> not-used 60-volts 68-volts 95-volts 100-volts
110-volts
maxvpi-maxvci:----------> notapplicable vpi15-vci63 vpi7-vci127 vpi15-vci127
card-init-string:-------> {256}
wetting-current:--------> disabled standard
pwe-timing-mode:--------> none source-differential source-adaptive
remote-differential remote-adaptive
In the case of a MXK TAC card, there are two parameters that must be set. A
prompt will return for each of the parameters even when the first parameter is
designated. For example:
zSH> card add 1
card-group-id validation failed - card-group-id is 0
use "group" option to set card-group-id
zSH> card add 1 group 2
card-profile validation failed - card-line-type must be either e1 or ds1
The card add command must be entered with all of the parameter variables
designated.
zSH> card add 1 linetype ds1 group 2
An autogenerated card-group-id [2] is assigned for this card type.
new card-profile 1/1/5072 added, sw-file-name "tacitmring.bin", 2 options:
card-group-id 2 card-line-type ds1
MXK Configuration Guide 153
MXK Operations, Administration, and Maintenance
Table 13: Card configuration
Card model number Binary image Parameter
MXK-UPLINK-2X10G-8X1GE mxup2tg8g.bin defaults accepted
MXK-UPLINK-4X1GE mxup4g.bin
MXK-UPLINK-4X1GE-CU mxup4gcopper.bin
MXK-UPLINK-8X1GE mxup8g.bin
MXK-UPLINK-6X1GE-CLK mxup6g.bin
MXK-UPLINK-2X10G-8X1GE-CLK mxup2tg8gtop.bin
MXK-UPLINK-2X10G-8X1G-TOP mxup2tg8gtop.bin
MXK-GPONX4-IO mxlc8gp.bin defaults accepted
MXK-GPONX8-IO mxlc4gp.bin
MXK-ADSL2+-BCM-48A mxlc48aadslbond.bin defaults accepted
MXK-ADSL2+-BCM-48B mxlc48badslbond.bin
MXK-ADSL2+-POTS-BCM-48A-2S
MXK-ADSL2+-SPLTR600-BCM-48A-2S
MXK-ADSL2+-SPLTR900-BCM-48A-2S
MXK-ADSL2+-POTS-BCM-48A-RNG-2S mxlc48aadslbond.bin linetype adsl-pots-pv (enter this
value when using a TAC card
for lookout testing)
adsl-pots-pv-rng-itm
(enter this value for lookout
testing without a TAC card)
MXK-EFM-SHDSL-24-NTP mxlc24gshdslbond.bin defaults accepted
MXK-EFM-SHDSL-24-NTWC
MXK-AEX20-FE/GE-2S mxlc20ae.bin defaults accepted
MXK-AEX20-FE/GE mxlc20ae1s.bin
MXK-AEX20-FE/GE-CSFP mxlc20ae1scsfp.bin
MXK-AE-2X10G-8XGE mxlc2tg8gae.bin
MXK-VDSL2-24 mxlc24vdsl2.bin defaults accepted
MXK-VDSL2-SPLTR600-BCM-17A-24 mxlc24vdsl2.bin
MXK-VDSL2-SPLTR900-BCM-17A-24 mxlc24vdsl2.bin
MXK-VDSL2-POTS-BCM-17A-24 mxlc24vdsl2pots.bin
MXK-VDSL2-POTS-BCM-17A-48 mxlc48vdsl2.bin defaults accepted
MXK-EFM-T1/E1-24 mxlc24t1e1bond.bin linetype ds1 for T1 or e1 for E1
MXK-PWE-T1/E1-24 mxlc24t1e1bond.bin linetype ds1 for T1 or e1 for E1
MXK-POTS-72 mxlc72pots.bin linetype pots-pv
MXK-POTS-EBS-PKT-24 mxlc24ulcs.bin ebs-pots-pv
154 MXK Configuration Guide
MXK card configuration
Table 13: Card configuration (Continued)
Card model number Binary image Parameter
MXK-ADSL-72 mxlc72aadslbond.bin defaults accepted
MXK-OC-3/STM-1 PWE mxlcoc3stm1pwe.bin linetype ds1 for T1 or e1 for E1
MXK-MTAC-ITM-RING tacitmring.bin linetype e1 or ds1
group: group number
card stats command
The card stats command displays runtime statistics for the MXK device.
zSH> card stats
-------------- cpu % utilization ------------ ------ memory (KB)--------- Card Memory uptime
slot idle usage high services framework low % Used Total Peak Avail Status ddd:hh:mm:ss s/w version
==== ==== ===== ======= ======== ========= ======= ====== ====== ====== ====== ============= ============
=============
a* 91 9 4 4 0 0 20.75 624080 129577 494589 1 - OK 2:03:18:59 MXK 2.5.1.124
The card stats all command displays information for all the cards.
zSH> card stats all
-------------- cpu % utilization ------------ ------ memory (KB)--------- Card Memory uptime
slot idle usage high services framework low % Used Total Peak Avail Status ddd:hh:mm:ss s/w version
==== ==== ===== ======= ======== ========= ======= ====== ====== ====== ====== ============= ============ ============
1 92 8 6 1 0 1 33.85 109387 37062 72359 1 - OK 2:03:20:51 MXK 2.5.1.124
6 92 8 5 2 0 0 42.53 104465 44451 60032 1 - OK 2:03:18:42 MXK 2.5.1.124
a* 91 9 4 4 0 0 20.75 624080 129577 494589 1 - OK 2:03:22:11 MXK 2.5.1.124
b 91 9 4 4 0 0 20.29 624081 126648 497482 1 - OK 2:03:18:34 MXK 2.5.1.124
Table 14: card stats command fields
Section Field
CPU % utilization slot
Textual description of the unit/card or access device type.
idle
Percentage of time the CPU has spent executing tasks with priority of
200 or less. Tasks with priority of 200 or less (the higher the number,
the lower the priority) are considered idle tasks.
usage
Percentage of time the CPU has spent executing tasks with priority of
199 or higher
high
Percentage of time the CPU has spent executing tasks with priority of
001 to 099. High priority tasks are primarily related to packet
processing and critical system monitoring.
MXK Configuration Guide 155
MXK Operations, Administration, and Maintenance
Table 14: card stats command fields (Continued)
Section Field
services
Percentage of time the CPU has spent executing tasks with priority of
100 to 179. Services tasks are primarily line monitoring tasks for line
state and alarms.
framework
Percentage of time the CPU has spent executing tasks with priority of
180 to 199. Framework tasks are primarily database and network
management system related activities such as config synch and backup.
low
Percentage of time the CPU has spent executing tasks with priority of
200 to 250
memory (KB) Used
Percentage of time the CPU has spent executing tasks with priority of
199 or higher.
Total
The amount of physical memory contained by the device/card.
Peak
The maximum physical memory that has been allocated at any time by
the device/card.
Avail
The amount of physical memory that is unallocated and not in use by
the device/card.
Card Memory Status Memory status of the card sent with memory trap. A trap is sent when
each condition occurs.
1 - ramMemOK less then 90% of ram is used
2 - ramMemLow more then 90% of ram is used
3 - flashMemOK enough flash for maximum database
4- flashMemLow not enough flash for maximum database
5 - flashMemOut no more flash memory, data no longer persistent
uptime ddd:hh:mm:ss Uptime is calculated as sysUpTime - ifLastChange (assuming the
device/card is running).
s/w version Software version.
156 MXK Configuration Guide
MXK DNS resolver configuration
MXK DNS resolver configuration
Domain Name System (DNS) maps domain names to IP addresses, enabling
the system to reach destinations when it knows only the domain name of the
destination. In other words, you can use ping and a name instead of an IP
address. DNS configuration uses the following profiles:
• resolver—Configures the global DNS resolver, including the DNS search
order, default domain name, and list of nameserver addresses. The DNS
settings in this record can be used for local applications by administrators
on the system, such as traceroute or ping.
• host-name—A replacement for the UNIX local hosts table. Up to four
host aliases can be defined for each host entry. Settings in the resolver
record determine whether the hosts table is searched.
Table 15 describes the configurable parameters for the resolver profile (all
others should be left at their default values):
Table 15: Configurable resolver parameters
Parameter Description
query-order The kind of resolver query for this routing domain.
Values:
hosts-first searches the local hosts table first then the list of
nameservers.
dns-first searches the list of nameservers first then the local hosts
table.
dns-only searches only the list of nameservers.
Default: hosts-first
domain The routing domain to which this host parameter applies. The default is
an empty string.
The only routing domain supported is domain 1.
first-nameserver The IP address of the first or primary nameserver for this routing
domain. The default value is 0.0.0.0.
second-nameserver The IP address of the second or secondary nameserver for this routing
domain. This nameserver is queried if the first nameserver cannot
resolve the query. The default value is 0.0.0.0.
third-nameserver The IP address of the third or tertiary nameserver for this routing
domain. This nameserver is queried if the first nameserver cannot
resolve the query. The default value is 0.0.0.0.
The following example creates a resolver record for a routing domain:
zSH> new resolver 1
Please provide the following: [q]uit.
query-order: -------> {hosts-first}:
domain: ------------> {}: zhone.com
first-nameserver: --> {0.0.0.0}: 192.168.8.21
MXK Configuration Guide 157
MXK Operations, Administration, and Maintenance
second-nameserver: -> {0.0.0.0}: 201.23.20.2
third-nameserver: --> {0.0.0.0}:
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Record created.
Another way to create DNS is by creating a hosts profile after the resolver
profile is created. The syntax is new host-name routingdomain/ipoctet1/
ipoctet2/ipoctet3/ipoctet4.
Table 16 describes the configurable parameters in the host-name profile (all
others should be left at their default values).
Table 16: Configurable parameters in the host-name profile
Parameter Description
hostname Client host name (if any) that the client used to acquire its address. The
default is an empty string.
hostalias1 Host name alias for the specified host. The default value is an empty
string.
hostalias2 Secondary host name alias for the specified host. The default value is
an empty string.
hostalias3 Tertiary host name alias for the specified host. The default value is an
empty string.
hostalias4 Quaternary host name alias for the specified host. The default value is
an empty string.
zSH> new host-name 1/192/168/8/32
Please provide the following: [q]uit.
hostname: ---> {}: www.zhone.com
ipaddress: --> {0.0.0.0}: 192.168.8.32
hostalias1: -> {}: engineering.zhone.com
hostalias2: -> {}: marketing.zhone.com
hostalias3: -> {}: sales.zhone.com
hostalias4: -> {}: gss.zhone.com
....................
Save new record? [s]ave, [c]hange or [q]uit: s
Record created.
CPE Manager
The MXK’s CPE Manager provides a means for managing customer premises
equipment (CPE) devices without requiring extra routable IP addresses to
reach these CPE end-points. While the CPE Manager is specifically designed
for Zhone’s EtherXtend and zNID family of CPE products, CPE Manager can
be used with any CPE device which supports receiving an IP address via
DHCP on a VLAN.
In many service provider networks, the increasing usage of IP-aware CPE
devices creates an operational challenge for service providers because the
158 MXK Configuration Guide
CPE Manager
number of devices which require IP addresses cause IP address space
depletion, making it hard to assign routable addresses for these devices.
A solution to this problem is the SLMS CPE Manager. CPE Manager adds
proxy capability to SLMS, allowing one IP interface on the Zhone central
office device to provide IP access to all the subtended CPE devices connected
to it. This one IP interface is created on an upstream port which is routable on
the service providers management network, and it provides IP address and
protocol port translation when forwarding packets to and from managed CPE
devices. In this way, IP can be used for CPE management without having to
consume IP address space or having to add network routes for reachability of
line side CPE devices.
CPE Manager is supported on the following line cards:
• MXK-EFM-SHDSL-24-NTWC
• MXK-EFM-SHDSL-24-NTP
• MXK-AEX20-FE/GE-2S
• MXK-AEX20-FE/GE
• MXK-GPONX8-IO
• MXK-GPONX4-IO
Accessing the CPE’s private address, ports
To access a CPE configured using CPE Manager, access the MXK through its
IP address, however, instead of using the well known protocol ports, use the
CPE's base public port plus an offset to the specific port used for the protocol
MXK Configuration Guide 159
MXK Operations, Administration, and Maintenance
desired. Supported protocols include Echo, FTP (data), FTP (control), SSH,
Telnet, HTTP, SNMP and HTTPS.
To select the ports to make available the cpe-mgr add command has several
options depending on the selection of the compact and security
parameters:
• compact [full | partial | none]
Selection of the compact mode defines how many ports may be accessed
using the NAT-PAT binding, the more ports are accessed per device, the
fewer devices that will be able to be accessed.
• security [enabled | disabled | default]
Selection of the security mode defines whether those ports will use SSH,
for example HTTP or HTTPS, telnet or SSH.
A list of offsets for public ports based on the compact and security mode is
given in Offsets for public ports, page 160. For more information about how
offsets work, see Additional information about CPE manager on page 167.
The defaults for compact mode is full mode (the three port mapping). For
security mode, the default is default, which means to use the security settings
for the MXK chassis in system 0. For additional information about security
and system 0, see Enable security on the MXK on page 128.
Table 17: Offsets for public ports
Compact & Security Modes
Full Partial None
Public
port Secure Secure Secure Secure N/A (all
Type Name ports)
offset Enabled Disabled Enabled Disabled
7 TCP, UDP ECHO +0 +0 +0 +0 +0
20 TCP FTP - data — — — — +1
21 TCP FTP - control — — — — +2
22 TCP, UDP SSH +1 — +1 — +3
23 TCP, UDP Telnet — +1 — +1 +4
80 TCP HTTP — +2 — +3 +5
81 TCP HTTP — — — — +6
161 TCP, UDP for SNMP +2 +2 +2 +2 +7
partial and none
UDP for full
compact mode
162 UDP SNMP traps +0 +0 +3 +3 +1
(upstream only)
160 MXK Configuration Guide
CPE Manager
Table 17: Offsets for public ports
Compact & Security Modes
Full Partial None
Public
port Secure Secure Secure Secure N/A (all
Type Name ports)
offset Enabled Disabled Enabled Disabled
443 TCP HTTPS +2 — +3 — +8
The private class A network is set up by default as 1.0.0.0/8 on VLAN 7.
These defaults may be changed, see Changing the VLAN of the local
network, page 162.
The IP addresses given to CPEs follow the general guidelines:
<Class A network>.<Slot>.<Port number: higher order
byte>.<Port number: lower order byte>
Note that the GPON format has the port/subport encoded into the IP address
which allows 12 bits for a subport and 4 bits for the port number:
<class A>.<slot>.<subport upper 8 bits>.<subport lower 4
bits * 16 + port>
The 1-1-4-501/gponport yields an IP address of 1.1.31.84.
Configuring the MXK as a CPE manager for Active Ethernet
Setting up the CPE manager from the CLI is fairly simple. First you have to
have an IP address on an upstream port.
1 Add a public address for the CPE manager
zSH> cpe-mgr add public 192.168.254.1
CPE Manager using 192.168.254.1 for public interface.
Configuring the public address for the MXK requires that the MXK has
already been given an IP address.
2 Add the local device to the CPE manager.
zSH> cpe-mgr add local 1-13-1-0/eth
Configured CPE Manager's local network:
Class A network: 1.0.0.0
Local IP: 1.0.0.1
VLAN ID: 7
Created CPE Management interface: 1-13-1-0-eth-7/ip
Note that the default network is created if you do not manually create the
network first.
MXK Configuration Guide 161
MXK Operations, Administration, and Maintenance
Configuring the MXK as a CPE manager for EFM-SHDSL
To create an EFM-SHDSL bond group, see Bond group configuration,
page 1412.
1 Add a public address for the CPE manager
cpe-mgr add public 192.168.254.1
2 Add the local device to the CPE manager.
cpe-mgr add local 1-3-42-0/efmbond
Configuring the MXK as a CPE manager for GPON
Adding CPE manager is a little different for GPON.
1 Add a public address for the CPE manager
cpe-mgr add public 192.168.254.1
2 Add a GPON zNID
The following work if the GPON port already exists.
cpe-mgr add local 1-11-1-501/gponport
If the GPON port does not exist, it can be created within the cpe-mgr add
local command by adding gtp <gpon-traffic-profile index>:
zSH> cpe-mgr add local 1-1-1-501/gponport gtp 1
GEM Port 1-1-1-501/gponport has been created on ONU
1-1-1-1/gpononu.
Created CPE Management interface:
1-1-1-501-gponport-7/ip
Changing the VLAN of the local network
Ordinarily the default settings are acceptable. However if you need to change
the default class A network or VLAN ID you can use the following command,
however you should not that if you change the VLAN you would need to
change the VLAN settings of all the CPEs. VLAN 7 is the default
management VLAN setting of Zhone zNIDs and EtherXtend devices.
To change the VLAN ID for the CPE manager local private network
cpe-mgr add local vlan <vlan id to use internally for
management>
If you were to manually set the VLAN ID to the default, you would use
cpe-mgr add local vlan 7
162 MXK Configuration Guide
CPE Manager
Note: Zhone does not recommend changing the VLAN manually
because Zhone CPE and zNID products use VLAN 7 as the
default management VLAN.
Changing the class A network used as the CPE manager
local network
Once again the default settings should be acceptable. However if you need to
change the default class A network the following command may be used. If
you want to change network settings after CPEs are attached and configured
you would have to delete them all before making the changes:
To manually set the local network settings
cpe-mgr add local network <class A network used
internally for all managed CPEs>
If you were to manually set the local network to the default, you would
use
cpe-mgr add local network 1.0.0.0
Note: You can only manually set the local network settings when
no CPE devices are currently configured on the network.
By default we use the 1.0.0.0 class A network. In other words, a class A
network is one that has an 8 bit mask which means only the first byte of the IP
address is common between nodes in the network. If you execute the
following command: cpe-mgr add local network 2.0.0.0, the class A
network will be changed and all local IP will start with 2.
Viewing the CPE Manager ports
The cpe-mgr show command provides a mapping between the interface and
the local IP address along with the various ports. For more information on
available ports see Additional information about CPE manager, page 167.
zSH> cpe-mgr show CPE Manager public side
interface:
IP: 192.168.254.234
ifIndex: 73
CPE Manager local management network:
IP: 1.0.0.1/8 (default) (active)
VlanID: 7 (default)
MXK Configuration Guide 163
MXK Operations, Administration, and Maintenance
Managed CPE Interface Configuration:
InterfaceLocal IPECHOFTPSSHTelntHTTPSNMPHTTPS
---------------------------------------------------------
---------------------
1-4-9-0/eth1.4.0.951921 - -519225192351923 -
1-7-41-0/efmbond1.7.0.4151924 - -519255192651926 -
1-1-4-501/gponport1.1.31.8451927 - -519285192951929 -
1-4-1-0/eth1.4.0.151930 - -519315193251932 -
1-1-1-501/gponport1.1.31.8151936 - -519375193851938 -
1-4-2-0/eth1.4.0.251933 -51934 - -5193551935
1-4-3-0/eth1.4.0.351939519405194251943519445194651947
1-4-4-0/eth1.4.0.451948 - -519495195151950 -
1-4-5-0/eth1.4.0.551952 -51953 - -5195551954
Compact mode full with security disabled.
zSH> cpe-mgr show local 1-1-1-501/gponport
Public IP address: 192.168.254.234
Public Access Port:
Protocol Port
ECHO 51936
SNMP Traps 51936
Telnet 51937
HTTP 51938
SNMP 51938
Local IP Address: 1.1.31.81
Compact mode full with security enabled.
zSH> cpe-mgr show local 1-4-2-0/eth
Public IP address: 192.168.254.234
Public Access Port:
Protocol Port
ECHO 51933
SNMP Traps 51933
SSH 51934
HTTPS 51935
SNMP 51935
Local IP Address: 1.4.0.2
164 MXK Configuration Guide
CPE Manager
Compact mode none. Note that since all ports are available security mode is
not applicable in this case.
zSH> cpe-mgr show local 1-4-3-0/eth
Public IP address: 192.168.254.234
Public Access Port:
Protocol Port
ECHO 51939
SNMP Traps 51940
FTP 51940/51941
SSH 51942
Telnet 51943
HTTP(80) 51944
HTTP(81) 51945
SNMP 51946
HTTPS 51947
Local IP Address: 1.4.0.3
Compact mode partial with security disabled.
zSH> cpe-mgr show local 1-4-4-0/eth
Public IP address: 192.168.254.234
Public Access Port:
Protocol Port
ECHO 51948
Telnet 51949
SNMP 51950
HTTP 51951
SNMP Traps 51951
Local IP Address: 1.4.0.4
Compact mode partial with security enabled.
zSH> cpe-mgr show local 1-4-5-0/eth
Public IP address: 192.168.254.234
Public Access Port:
Protocol Port
ECHO 51952
SSH 51953
SNMP 51954
HTTPS 51955
SNMP Traps 51955
Local IP Address: 1.4.0.5
Troubleshooting CPE Manager
To verify or troubleshoot CPE manager, you should understand what the two
commands for CPE manager do. The first cpe-mgr add public command
• Sets natenabled to “yes” in the ip-interface-record for the public
address (in our example, the 192.168.254.1 address)
When using the defaults and the local network has not been created, the
second command, cpe-mgr add local:
MXK Configuration Guide 165
MXK Operations, Administration, and Maintenance
• Creates a floating ip-interface record with IP address of 1.0.0.1 (only
created if the defaults are being used and if the record does not already
exist. In other words, the first cpe-mgr add local if the record wasn’t
created manually)
• Creates an ip-unnumbered-record for the floating ip-interface record
(only created if the defaults are being used and if the record does not
already exist. In other words, the first cpe-mgr add local if the record
wasn’t created manually)
• Creates a dhcp-server-subnet for the 1.0.0.0 network (only created if the
defaults are being used and if the record does not already exist. In other
words, the first cpe-mgr add local if the record wasn’t created manually)
• Creates a host ip-interface-record for the CPE on interface (in our
example bond group)
Assigns a local IP address based on the interface description (not
routable, but may be reached from the private local network, or by Telnet
to the MXK, then Telnet from the MXK to the device)
• Creates a pat-bind profile of type cpemgr or cpemgrsecure
Note: The ip-interface-record created is not a normal “host” record
and cannot be seen using the host show command.
The pat-bind profile for the first device from the example (Configuring the
MXK as a CPE manager for Active Ethernet on page 161)contains the local
IP address (1.3.0.42) and the CPE base port (51921):
zSH> list pat-bind
pat-bind 1
1 entry found.
zSH> get pat-bind 1
pat-bind 1
public-ipaddr: -> {192.168.254.1}
public-port: ---> {51921}
local-ipaddr: --> {1.3.0.42}
local-port: ----> {9}
portType: ------> {cpemgr}
The local address which is given is based on the interface in the form:
<local class A network>.<slot>.<port HI byte>.<port LO
byte>
From our example bond group, 1-3-42-0/efmbond, the local IP address (as
shown above in the pat-bind 1 profile) is 1.3.0.42. If you need to verify this
number, do a get on the pat-bind profile.
Note that GPON format allows 12 bits for a subport and 4 bits for the port
number:
<class A>.<slot>.<subport upper 8 bits>.<subport lower 4
bits * 16 + port>
166 MXK Configuration Guide
CPE Manager
The 1-1-4-501/gponport yields an IP address of 1.1.31.84.
Additional information about CPE manager
The first device will be accessible by the MXK’s public IP address and the
CPE base port. The CPE base port for the first device is 51921. To reach one
of the well known ports you then give the offset for the public port. Well
known port (7) is for echo which has an offset of zero.
ECHO +0 51921
FTP (data) +1
FTP (control) +2
1st device SSH +3
Telnet +4
HTTP +5
HTTP +6
SNMP +7
HTTPS +8
ECHO +0 51930
FTP (data) +1
FTP (control) +2
2nd device SSH +3
Telnet +4
HTTP +5
HTTP +6
SNMP +7
HTTPS +8
ECHO +0 51938
FTP (data) +1
FTP (control) +2
3rd device SSH +3
Telnet +4
HTTP +5
HTTP +6
SNMP +7
HTTPS +8
Note: The examples use compact mode none. See Configuring the
MXK as a CPE manager for Active Ethernet on page
161,Configuring the MXK as a CPE manager for EFM-SHDSL on
page 162, and Configuring the MXK as a CPE manager for GPON on
page 162. Using different variations of compact mode and security
mode requires different offsets as shown in Offsets for public ports,
page 160.
To telnet to the first CPE via the well known port, 23, you would use the CPE
base port plus the public port offset of 4; You would use the MXK’s address
(192.168.254.1), then 51925 (51921 + 4) to Telnet to the device. From a Unix
or DOS prompt it would look like
telnet 192.168.254.1 51925
To access the second device you need to start with the CPE base port for that
device. Each device consumes nine public ports, so the first device has a port
MXK Configuration Guide 167
MXK Operations, Administration, and Maintenance
range from 51921 - 51929, the second device has a port range from 51930 -
51938, the third from 51939 - 51947 and so on.
To access the HTTP port on the third device from a browser, you would start
from the first public port address 51921 + 18 (the 51921 start point plus two
times nine for the first two devices to get to the third device range) + 5 (to get
to port 80, a HTTP port) or 51944.
As CPE devices are deleted or added, holes will form in the list of CPE
devices, so the order eventually becomes arbitrary, but is used in the
discussion to elucidate how the mechanism works.
CPE base port and information for added devices is shown in the cpe-mgr
show display. See Section 2, Viewing the CPE Manager ports.
Web UI cut-through for EtherXtend devices
This section provides the configuration procedure to create hyperlinks in the
MXK Web UI that when clicked, will take you to the Web UI for the
EtherXtend 3400. See Figure 8 and Figure 9.
Creating a Web UI cut-through for EtherXtend devices
From the MXK CLI:
1 Create a management interface for the MXK.
2 Create a CPE public IP using the MXK management IP.
zSH> cpe-mgr add public 172.24.200.163
CPE Manager using 172.24.200.163 for public interface.
3 Create an EFM bond group, then add the links.
zSH> bond add group 1-1-25-0/efmbond
Group ID {25} is already in use.
Bond group - bond-0032/efmbond - was successfully created.
zSH> bond add member bond-0032/efmbond 1-1-1-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-2-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-3-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-4-0/shdsl
4 Create a local cpe-mgr IP for the bond group.
zSH> cpe-mgr add local bond-0032/efmbond
Created CPE Management interface: bond-0032-efmbond-7/ip
168 MXK Configuration Guide
CPE Manager
5 View the pat-bind record that was automatically created.
zSH> get pat-bind *
public-port: ---> {51930}
local-ipaddr: --> {1.1.0.32}
local-port: ----> {9}
portType: ------> {cpemgr}
pat-bind 1
public-ipaddr: -> {172.24.200.163}
6 Verify the bond group cpe-mgr IP interface is UP.
zSH> interface show
Interface Status Rd/Address Media/Dest Address IfName
--------------------------------------------------------------------------------
1/1/1/0/ip UP 1 172.24.200.163/24 00:01:47:1a:db:0f ethernet1-1-200
1/1/32/0/ip UP 1 [1.0.0.1] 1.1.0.32 bond-0032-efmbond-7
--------------------------------------------------------------------------------
7 From a browser, launch a Web UI to the MXK management interface,
http://172.24.200.163.
8 Through the WebUI, view the CPE Cut-Through URL by clicking to
Status->Service->CPE->CPE IP Hosts.
Figure 6: The URLs for EtherXtend 3400 devices
9 Click on the CPE URL to launch the WebUI for the EtherXtend 3400.
MXK Configuration Guide 169
MXK Operations, Administration, and Maintenance
Figure 7: Web UI page for the ExtherXtend 3400
Web UI cut-through for EtherXtend devices
This section provides the configuration procedure to create hyperlinks in the
MXK Web UI that when clicked, will take you to the Web UI for the
EtherXtend 3400. See Figure 8 and Figure 9.
Creating a Web UI cut-through for EtherXtend devices
From the MXK CLI:
1 Create a management interface for the MXK.
2 Create a CPE public IP using the MXK management IP.
zSH> cpe-mgr add public 172.24.200.163
CPE Manager using 172.24.200.163 for public interface.
3 Create an EFM bond group, then add the links.
zSH> bond add group 1-1-25-0/efmbond
Group ID {25} is already in use.
Bond group - bond-0032/efmbond - was successfully created.
zSH> bond add member bond-0032/efmbond 1-1-1-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-2-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-3-0/shdsl
zSH> bond add member bond-0032/efmbond 1-1-4-0/shdsl
170 MXK Configuration Guide
CPE Manager
4 Create a local cpe-mgr IP for the bond group.
zSH> cpe-mgr add local bond-0032/efmbond
Created CPE Management interface: bond-0032-efmbond-7/ip
5 View the pat-bind record that was automatically created.
zSH> get pat-bind *
public-port: ---> {51930}
local-ipaddr: --> {1.1.0.32}
local-port: ----> {9}
portType: ------> {cpemgr}
pat-bind 1
public-ipaddr: -> {172.24.200.163}
6 Verify the bond group cpe-mgr IP interface is UP.
zSH> interface show
Interface Status Rd/Address Media/Dest Address IfName
--------------------------------------------------------------------------------
1/1/1/0/ip UP 1 172.24.200.163/24 00:01:47:1a:db:0f ethernet1-1-200
1/1/32/0/ip UP 1 [1.0.0.1] 1.1.0.32 bond-0032-efmbond-7
--------------------------------------------------------------------------------
7 From a browser, launch a Web UI to the MXK management interface,
http://172.24.200.163.
8 Through the WebUI, view the CPE Cut-Through URL by clicking to
Status->Service->CPE->CPE IP Hosts.
Figure 8: The URLs for EtherXtend 3400 devices
9 Click on the CPE URL to launch the WebUI for the EtherXtend 3400.
MXK Configuration Guide 171
MXK Operations, Administration, and Maintenance
Figure 9: Web UI page for the ExtherXtend 3400
172 MXK Configuration Guide
3
MXK CLOCKING
This chapter describes:
•
•
Clock management on the MXK overview1, page 173
MXK local and system clocking, page 174
• Set MXK system clocking from MXK sources, page 177
• Precision Time Protocol (PTP) and SyncE clock management on the
MXK, page 184
Clock management on the MXK overview1
The MXK supports five types of clocking management:
• MXK as local clocking source
See Local clocking source on the MXK on page 174
• MXK as system source for clock
Use MXK uplink or line cards as system clocking source.
– Building Integrated Timing Source (BITS)
Special cable required. Configure line See Set MXK system clocking
from MXK sources on page 177.
– T1/E1 integrated data circuits
See Set MXK system clocking from MXK sources on page 177.
• Precision Time Protocol (PTP)
Clocking in master and client environment sending precision timing
protocol message packets using the IEEE 1588v2 protocol.
Use the MXK-UPLINK-2X10G-8X1G-TOP only.
See Ordinary clock and boundary clock PTP configurations, page 184.
• Synchronous Ethernet (SyncE)
Use the MXK-UPLINK-2X10G-8X1G-TOP only.
Ethernet IP packet timing protocol for port-to-port clock synchronization
over the network.
Use the MXK-UPLINK-2X10G-8X1G-TOP only.
MXK Configuration Guide 173
MXK Clocking
See SyncE clock management, page 198.
MXK local and system clocking
This section describes local, and synchronized network clocking on the MXK:
• Local clocking source on the MXK, page 174
• System clocking on the MXK overview, page 174
Local clocking source on the MXK
Local clocking on the MXK is provided by the active uplink card.
System clocking on the MXK overview
When a timing source on the MXK is required, the following cards are
available:
• TAC card
• T1/E1 PWE card
• EFM T1/E1 card
• 6x1GE-CLK uplink card
• 2X10G-8X1GE-CLK uplink card
• 2X10G-8X1G-TOP uplink card
To view current source of clocking on the MXK, enter clkmgrshow. In this
case, timing is local from the uplink card.
zSH> clkmgrshow
All lines are using LOCAL clock
In this case, timing is synchronized network timing from the TAC card.
zSH> clkmgrshow
Primary system clock is 1/14/1/0 : T1
Secondary system clock is LOCAL timing
In this case, timing is synchronized network timing from the MXK
6X1GE-CLK uplink card.
zSH> clkmgrshow
Primary system clock is 1/30/1/0 : T1
Secondary system clock is LOCAL timing
To view available timing on the MXK, enter clkmgrshow list.
In this case, only local timing from the MXK-UPLINK-6X1GE-CLK uplink
card is available on this MXK.
174 MXK Configuration Guide
MXK local and system clocking
zSH> slots
MXK 823
Uplinks
a:*MXK SIX GIGE (RUNNING+TRAFFIC)
b: MXK SIX GIGE (RUNNING+TRAFFIC)
Cards
1: MXK 24 PORT VDSL2 POTS (RUNNING)
2: MXK 24 PORT VDSL2 POTS (RUNNING)
3: MXK 24 PORT VDSL2 POTS (RUNNING)
4: MXK 24 PORT VDSL2 POTS (RUNNING)
5: MXK 24 PORT VDSL2 (RUNNING)
7: MXK 24 PORT VDSL2 POTS (RUNNING)
8: MXK ADSL-48-A Bonded (RUNNING)
9: MXK 24 PORT VDSL2 POTS (RUNNING)
10: MXK 24 PORT VDSL2 POTS (RUNNING)
11: MXK 24 PORT VDSL2 POTS (RUNNING)
12: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (RUNNING)
14: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (RUNNING)
16: MXK T1E1-24 PWE (RUNNING)
17: MXK 8 PORT GPON (RUNNING)
18: MXK 8 PORT GPON (RUNNING)
zSH> clkmgrshow list
eligible list has 0 entries
ineligible list has 26 entries
1 not eligible 1/16/1/0 ( 5) : T1 : OOS : LOOP
2 not eligible 1/16/2/0 ( 5) : T1 : OOS : LOCAL
3 not eligible 1/16/3/0 ( 5) : T1 : OOS : LOCAL
4 not eligible 1/16/4/0 ( 5) : T1 : OOS : LOCAL
5 not eligible 1/16/5/0 ( 5) : T1 : OOS : LOCAL
6 not eligible 1/16/6/0 ( 5) : T1 : OOS : LOCAL
7 not eligible 1/16/7/0 ( 5) : T1 : OOS : LOCAL
8 not eligible 1/16/8/0 ( 5) : T1 : OOS : LOCAL
9 not eligible 1/16/9/0 ( 5) : T1 : OOS : LOCAL
10 not eligible 1/16/10/0 ( 5) : T1 : OOS : LOCAL
11 not eligible 1/16/11/0 ( 5) : T1 : OOS : LOCAL
12 not eligible 1/16/12/0 ( 5) : T1 : OOS : LOCAL
13 not eligible 1/16/13/0 ( 5) : T1 : OOS : LOCAL
14 not eligible 1/16/14/0 ( 5) : T1 : OOS : LOCAL
15 not eligible 1/16/15/0 ( 5) : T1 : OOS : LOCAL
16 not eligible 1/16/16/0 ( 5) : T1 : OOS : LOCAL
17 not eligible 1/16/17/0 ( 5) : T1 : OOS : LOCAL
18 not eligible 1/16/18/0 ( 5) : T1 : OOS : LOCAL
19 not eligible 1/16/19/0 ( 5) : T1 : OOS : LOCAL
20 not eligible 1/16/20/0 ( 5) : T1 : OOS : LOCAL
21 not eligible 1/16/21/0 ( 5) : T1 : OOS : LOCAL
22 not eligible 1/16/22/0 ( 5) : T1 : OOS : LOCAL
23 not eligible 1/16/23/0 ( 5) : T1 : OOS : LOCAL
24 eligible 1/16/24/0 ( 5) : T1 : OOS : LOOP
25 eligible 1/b/1/0 ( 5) : T1 : OOS : LOOP (Standby)
26 not eligible 1/a/1/0 ( 5) : T1 : ACTIVE : LOCAL
pending list has 0 entries
MXK Configuration Guide 175
MXK Clocking
In this case, an TAC card is set to loop timing and is available for
synchronized network timing network on this MXK.
zSH> clkmgrshow list
eligible list has 1 entry
1 * eligible 1/14/1/0 ( 5) : T1 : ACTIVE : LOOP
ineligible list has 0 entries
pending list has 0 entries
In this case, the an MXK with a TOP uplink card is configured for PTP clock.
zSH> clkmgrshow list
eligible list has 2 entries
1 * eligible 1/a/1/0 (11) : T1 : ACTIVE : LOOP
2 eligible 1/a/1/0 ( 8) : PTP : ACTIVE : UNKNOWN
ineligible list has 94 entries
1 not eligible 1/a/2/0 ( 5) : ETHERNET : OOS : NONE
2 not eligible 1/a/3/0 ( 5) : ETHERNET : OOS : NONE
3 not eligible 1/a/4/0 ( 5) : ETHERNET : OOS : NONE
4 not eligible 1/a/5/0 ( 5) : ETHERNET : ACTIVE : NONE
5 not eligible 1/a/6/0 ( 5) : ETHERNET : OOS : NONE
6 not eligible 1/a/7/0 ( 5) : ETHERNET : OOS : NONE
7 not eligible 1/a/8/0 ( 5) : ETHERNET : OOS : NONE
8 not eligible 1/a/9/0 ( 5) : ETHERNET : OOS : NONE
9 not eligible 1/a/10/0 ( 5) : ETHERNET : OOS : NONE
10 not eligible 1/a/11/0 ( 5) : ETHERNET : OOS : NONE
11 not eligible 1/1/1/0 ( 5) : T1 : OOS : THROUGH
12 not eligible 1/1/2/0 ( 5) : T1 : OOS : THROUGH
13 not eligible 1/1/3/0 ( 5) : T1 : OOS : THROUGH
14 not eligible 1/1/4/0 ( 5) : T1 : OOS : THROUGH
15 not eligible 1/1/5/0 ( 5) : T1 : OOS : THROUGH
16 not eligible 1/1/6/0 ( 5) : T1 : OOS : THROUGH
17 not eligible 1/1/7/0 ( 5) : T1 : OOS : THROUGH
18 not eligible 1/1/8/0 ( 5) : T1 : OOS : THROUGH
...
90 not eligible 1/1/80/0 ( 5) : T1 : OOS : THROUGH
91 not eligible 1/1/81/0 ( 5) : T1 : OOS : THROUGH
92 not eligible 1/1/82/0 ( 5) : T1 : OOS : THROUGH
93 not eligible 1/1/83/0 ( 5) : T1 : OOS : THROUGH
94 not eligible 1/1/84/0 ( 5) : T1 : OOS : THROUGH
pending list has 61 entries
BITS clock is not present
176 MXK Configuration Guide
Set MXK system clocking from MXK sources
Set MXK system clocking from MXK sources
This section describes MXK system clocking:
• MXK system clocking, page 177
• system-clock-profile overview, page 177
• Configure MXK line and uplink cards for system clocking, page 180
MXK system clocking
The MXK can receive system clocking from one of the following sources:
• The Ds1 interfaces on the T1/E1 EFM card. (MXK-EFM-T1/E1-24)
Provides T1/E1 only, not BITS.
• The Ds1 interfaces on the PWE card. (MXK-PWE-T1/E1-24)
Provides T1/E1 only, not BITS.
• Ds1 interfaces on the TAC card. (MXK-TAC-ITM-RING)
Provides T1/E1 and BITS. BITS clock source has a type of Ds1.
• The CLK and TOP uplink card. (MXK-UPLINK-6X1GE-CLK and
MXK-UPLINK-2X10G-8X1G-TOP)
Provides T1/E1 and BITS.
– T1/E1 Ds1 interfaces.
– Ds1 interface for BITS recognizes the cable for BITS.
Note: Interfaces that are designated as eligible clock sources must be
set to looptiming.
system-clock-profile overview
The MXK creates a system-clock-profile for each interface that can provide
clock for the system. These profiles define the clock sources that are eligible
to provide system clock and defines the weights for the clock on the interface.
If there are multiple active interfaces configured as eligible clock sources, the
system selects a clock source based on the weight configured in the
system-clock-profile. If a primary clock source has been configured in the
system 0 profile, this clock source overrides all other clocks.
Note the following information about redundant clock sources on the MXK:
• By default, only when the card becomes the active interface is it eligible
to provide clock, redundant interfaces are not eligible.
• The clock source with the highest weight becomes the primary clock
source. Weights are from 1 (lowest priority) to 10 (highest priority).
MXK Configuration Guide 177
MXK Clocking
• If a clock source is defined in the primaryclocksource parameter in the
system profile, that clock source takes precedence over the settings in the
system-clock-source profiles, if any. Clock sources defined in the system
0 profile are given a weight of 11.
• If you assign weight to a clock source that is higher than the currently
active clock source, or if you assign a clock source in the system profile,
the system will switch over to the new clock source.
Table 18 describes the parameters used to provide clocking for the system.
Table 18: Clocking parameters
Parameter Description
transmit-clock-source There are three clocking options for Ds1 interfaces:
(ds1-profile) Values:
looptiming The recovered receive clock from the Ds1 is used as
the transmit clock.
localtiming A local (to the Ds1 interface) clock source is used on
the Ds1 transmit signal.
throughtiming The transmit Ds1 clock is derived from the
recovered receive clock of another Ds1 interface. Interfaces that are
designated as eligible clock sources cannot be set to through timing.
Default: throughtiming
primaryclocksource The shelf-slot-port-subport/type of an interface to provide clocking
(system 0 profile) for the system. For the BITS clock on the TAC/Ring card, specify
the address in the form shelf-slot-1-0/ds1.
Note: If configured, the setting in the
primaryclocksource parameter overrides settings in the
system-clock-profile for all interfaces that provide
clocking.
system-clock-eligibility Specifies whether the interface is eligible to provide clocking for the
(system-clock-profile) system.
Values:
true
false
Default: false
system-clock-weight Assigns a weight to the clock source. If you assign weight to a clock
(system-clock-profile) source that is higher than the currently active clock source, the
system will switch over to that clock source.
Values:
1 to 10 1 is the lowest priority, 10 is the highest
Default: 5
178 MXK Configuration Guide
Set MXK system clocking from MXK sources
Configuring the Ds1 profile to looptiming for the
synchronized network timing clock source
1 Verify that the interface that is to provide clock is up and active.
2 Verify the transmit-clock-source parameter in the ds1-profile is set to
looptiming. This parameter must be set to looptiming for network timing
to work.
zSH> update ds1-profile 1-4-1-0/ds1
ds1-profile 1-4-1-0/ds1
Please provide the following: [q]uit.
line-type: ------------------------> {esf}:
line-code: ------------------------> {b8zs}:
send-code: ------------------------> {sendnocode}:
circuit-id: -----------------------> {ds1}:
loopback-config: ------------------> {noloop}:
signal-mode: ----------------------> {none}:
fdl: ------------------------------> {fdlnone}:
dsx-line-length: ------------------> {dsx0}:
line-status_change-trap-enable: ---> {enabled}:
channelization: -------------------> {disabled}:
ds1-mode: -------------------------> {csu}:
csu-line-length: ------------------> {csu00}:
clock-source-eligible: ------------> {eligible}:
transmit-clock-source: ------------> {throughtiming}:looptiming
cell-scramble: --------------------> {true}:
coset-polynomial: -----------------> {true}:
protocol-emulation: ---------------> {network}:
signal-type: ----------------------> {loopstart}:
ds1-group-number: -----------------> {0}:
line-power: -----------------------> {disabled}:
timeslot-assignment: -------------->
{0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23}:
transmit-clock-adaptive-quality: --> {stratum3}:
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
3 In the system-clock-profile, enable the clock source and change the
default weight (if necessary):
zSH> update system-clock-profile 1-4-1-0/ds1
system-clock-profile 1-4-1-0/ds1
Please provide the following: [q]uit.
system-clock-eligibility: -> {false}: true
system-clock-weight: ------> {5}:modify the weight if necessary
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
MXK Configuration Guide 179
MXK Clocking
Configure MXK line and uplink cards for system clocking
This section describes how to set the clock source from line and uplink cards
and includes:
• Set a line card as the clocking source, page 180
• Set a CLK or TOP uplink card as the clocking source, page 181
Set a line card as the clocking source
Follow this procedure when the clocking source is taken from a line card.
Note: The TAC card type for Europe is e1.
Configuring a line card to be the primary synchronized
network timing source
1 Enter slots to view cards available for synchronized network timing.
zSH> slots
MXK 819
Uplinks
a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING+TRAFFIC)
b: MXK TWO TENGIGE EIGHT GIGE (RUNNING)
Cards
1: MXK 20 ACT ETH (RUNNING)
10: MXK 8 PORT GPON (RUNNING)
11: MXK 4 PORT GPON (RUNNING)
14:*TAC ITM RING (RUNNING)
2 Change the transmit-clock-source parameter from throughtiming to
looptiming on the ds1-profile of the available card.
zSH> update ds1-profile 1-14-1-0/ds1
ds1-profile 1-14-1-0/ds1
Please provide the following: [q]uit.
line-type: -----------------------> {esf}:
line-code: -----------------------> {b8zs}:
send-code: -----------------------> {sendnocode}:
circuit-id: ----------------------> {ds1}:
loopback-config: -----------------> {noloop}:
signal-mode: ---------------------> {none}:
fdl: -----------------------------> {fdlnone}:
dsx-line-length: -----------------> {dsx0}:
line-status_change-trap-enable: --> {enabled}:
channelization: ------------------> {disabled}:
ds1-mode: ------------------------> {csu}:
180 MXK Configuration Guide
Set MXK system clocking from MXK sources
csu-line-length: -----------------> {csu00}:
clock-source-eligible: -----------> {eligible}:
transmit-clock-source: -----------> {throughtiming}: looptiming
cell-scramble: -------------------> {true}:
coset-polynomial: ----------------> {true}:
protocol-emulation: --------------> {network}:
signal-type: ---------------------> {loopstart}:
ds1-group-number: ----------------> {0}:
line-power: ----------------------> {disabled}:
timeslot-assignment: -------------> {0}:
transmit-clock-recovery: ---------> {none}:
transmit-clock-adaptive-quality: -> {stratum3}:
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
3 Configure the system-clock-profile of the available card and set the
system-clock-eligibility parameter to true.
If necessary, set the system-clock-weight parameter with 10 as the most
preferred and 1 is least preferred.
zSH> update system-clock-profile 1-14-1-0/ds1
system-clock-profile 1-14-1-0/ds1
Please provide the following: [q]uit.
system-clock-eligibility: -> {false}: true
system-clock-weight: ------> {5}:
....................u
Save changes? [s]ave, [c]hange or [q]uit: s
APR 16 14:00:43: warning: 1/a/1053: clkmgr: Secondary clock source set to 1/14/
1/0 Record updated.
zSH> APR 16 14:00:44: warning: 1/a/1053: clkmgr: System clock source set
to 1/14/1/0
APR 16 14:00:44: warning: 1/a/1053: clkmgr: There is no secondary clock
zSH> clkmgrshow
Primary system clock is 1/14/1/0 : T1
Secondary system clock is LOCAL timing
Set a CLK or TOP uplink card as the clocking
source
In cases where the MXK is required for clocking, it is possible to use the
CLOCK T1/E1 port on the MXK uplink cards for CLK or TOP. The MXK
chassis with this uplink card can also use an appropriate line card as the
clocking source.
Configure the 6X1GE uplink card for either T1/E1 or BITS
When BITS is the clocking source, inserting a Y cable or an individual cable
with a BITS clock source causes the hardware and software to automatically
MXK Configuration Guide 181
MXK Clocking
switch to BITS. See the MXK Ethernet Uplink Cards on page 607 chapter for
more information on both T1/E1 and BITS clocking on the uplink card.
Note: The card type for Europe is ts1.
Configuring a 6x1GE uplink card to be the synchronized
Network Timing source
1 Enter slots to view available uplink cards.
zSH> slots
MXK 819
Uplinks
a: MXK SIX GIGE (RUNNING+TRAFFIC)
b: *MXK SIX GIGE (RUNNING)
Cards
2: MXK 24 PORT VDSL2 POTS (RUNNING)
3: MXK 20 ACT ETH (RUNNING)
5: MXK 72 PORT POTS (RUNNING)
13: MXK ADSL-48-A Bonded/with Packet Voice POTS, RNG, ITM (RUNNING)
2 Change the transmit-clock-source parameter from throughtiming to
looptiming.
zSH> update ds1-profile 1-a-1-0/ds1
ds1-profile 1-a-1-0/ds1
Please provide the following: [q]uit.
line-type: ------------------------> {esf}:
line-code: ------------------------> {b8zs}:
send-code: ------------------------> {sendnocode}:
circuit-id: -----------------------> {ds1}:
loopback-config: ------------------> {noloop}:
signal-mode: ----------------------> {none}:
fdl: ------------------------------> {fdlnone}:
dsx-line-length: ------------------> {dsx0}:
line-status_change-trap-enable: ---> {enabled}:
channelization: -------------------> {disabled}:
ds1-mode: -------------------------> {csu}:
csu-line-length: ------------------> {csu00}:
clock-source-eligible: ------------> {eligible}:
transmit-clock-source: ------------> {throughtiming}: looptiming
cell-scramble: --------------------> {true}:
coset-polynomial: -----------------> {true}:
protocol-emulation: ---------------> {network}:
signal-type: ----------------------> {loopstart}:
ds1-group-number: -----------------> {0}:
line-power: -----------------------> {disabled}:
timeslot-assignment: --------------> {0}:
transmit-clock-adaptive-quality: --> {stratum3}:
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
182 MXK Configuration Guide
Set MXK system clocking from MXK sources
3 Configure the system-clock-profile of the available card and set the
system-clock-eligibility parameter to true.
If necessary, set the system-clock-weight parameter with 10 as the most
preferred and 1 is least preferred. The default is 5.
zSH> update system-clock-profile 1-a-1-0/ds1
system-clock-profile 1-a-1-0/ds1
Please provide the following: [q]uit.
system-clock-eligibility: -> {false}: true
system-clock-weight: ------> {5}:
....................
Save changes? [s]ave, [c]hange or [q]uit: s
APR 16 14:00:43: warning: 1/a/1053: clkmgr: Secondary clock source set to 1/
a/1/0 Record updated.
zSH> APR 16 14:00:44: warning: 1/a/1053: clkmgr: System clock source set
to 1/a/1/0
APR 16 14:00:44: warning: 1/a/1053: clkmgr: There is no secondary clock
Verify the changes and the clocking source.
zSH> get system-clock-profile 1-a-1-0/ds1
system-clock-profile 1-a-1-0/ds1
system-clock-eligibility: -> {true}
system-clock-weight: ------> {5}
zSH> clkmgrshow
Primary system clock is 1/a/1/0 : T1
Secondary system clock is LOCAL timing
MXK Configuration Guide 183
MXK Clocking
Precision Time Protocol (PTP) and SyncE clock
management on the MXK
The MXK supports two protocols for clocking sources from the network on
the MXK-UPLINK-2X10G-8X1G-TOP uplink card:
• Precision Time Protocol (PTP) and Boundary Clock
See Ordinary clock and boundary clock PTP configurations, page 184.
• SyncE
See SyncE clock management, page 198.
Ordinary clock and boundary clock PTP configurations
When Precision Time Protocol (PTP) is implemented on the
MXK-UPLINK-2X10G-8X1GE-TOP, timing protocol message packets that
measure timing are sent from a PTP Grand Master in the network to the MXK
to provide accurate clocking to the TOP uplink card.
The MXK-UPLINK-2X10G-8X1GE-TOP supports two PTP clock modes --
Ordinary Clock and Boundary Clock -- as defined within IEEE 1588v2
(2008).
MXK Ordinary Clock
An MXK, configured as an Ordinary Clock, receives PTP timing protocol
message packets from a Master Cock source in the network referred to as the
Grand Master as shown in Figure 10.
Figure 10: Ordinary clock in a one PTP configuration
184 MXK Configuration Guide
Precision Time Protocol (PTP) and SyncE clock management on the MXK
Ordinary clock configurations support one PTP interface on one MXK. This
PTP interface, configured as slave, communicates with the Grand Master and
receives PTP timestamps on a single specified domain that matches the
domain of the Grand Master as shown in Figure 10.
To implement Ordinary Clock:
• Must have a PTP Grand Master in the network to provide PTP packets.
When primary and secondary Grand Masters are provisioned, the
configuration is revertive.
• There is one PTP interface on a MXK.
• The MXK must have the MXK-UPLINK-2X10G-8X1G-TOP uplink
card. PTP does not work on line cards.
• The domain of the PTP Grand Master(s) and the MXK must match and
the MXK is configured in slave mode. See Configuring PTP clock
management for Ordinary Clock on page 186 for more information.
MXK Boundary Clock
The first MXK, configured as boundary, receives timing protocol messages
from a Grand Master in the network on a single specified domain and sends
timing protocol messages on a second specified domain to a second MXK
configured as a slave as shown in Figure 11.
Figure 11: Boundary clock configuration with multiple PTP interfaces
To implement Boundary Clock:
MXK Configuration Guide 185
MXK Clocking
• Network segments are timing domains. There can be two timing domains,
one domain for timing entering the boundary device from the PTP Grand
Master, the second domain for the slave device receiving the timing
information from the boundary device. See Configuring PTP clock
management for Boundary Clock on page 188 for more information.
• There are multiple PTP interfaces.
• When primary and secondary Grand Master clock sources are
provisioned, the configuration is revertive and will return to the first
device when it becomes again available.
• The MXK must have the MXK-UPLINK-2X10G-8X1G-TOP uplink
card. PTP does not work on line cards.
This section also covers the following two procedures:
• Configuring PTP clock management for Ordinary Clock, page 186
• Configuring PTP clock management for Boundary Clock, page 188
Configuring PTP clock management for Ordinary Clock
When MXK is configured as an Ordinary Clock, it receives timing protocol
message packets from a Grand Master clock source. There is a single PTP
interface on the MXK that communicates with the Grand Master to maintain
the timescale over a single specified time domain.
The PTP Grand Master in the network communicates with the TOP card on
the MXK over IP and uses an ipobridge configured on the MXK.
To configure a MXK for Ordinary Clock management:
1 Create a bridge on a network facing Ethernet port with VLAN ID on the
TOP uplink card.
See Configure IP on a bridge for in-band device management overview
on page 49 for more information on creating an IP on a bridge.
zSH> bridge add 1-a-5-0/eth tls vlan 3105 tagged
Adding bridge on 1-a-5-0/eth
Created bridge-interface-record ethernet5/bridge
Bridge-path added successfully
2 Create an ipobridge for clock with the same VLAN ID.
zSH> interface add 1-a-6-0/ipobridge vlan 3105 10.51.5.5/24
Created ip-interface-record ipobridge-3105/ip.
Verify the bridge.
zSH> bridge show vlan 3105
Orig
Type VLAN/SLAN VLAN/SLAN Physical Bridge St Table Data
---------------------------------------------------------------------------------------------------------------------
tls Tagged 3105 1/a/5/0/eth ethernet5-3105/bridge UP D f8:66:f2:0d:3c:41
D68:ef:bd:c9:bc:65
D 00:a0:12:19:43:a0
D 00:01:47:b9:90:c7
186 MXK Configuration Guide
Precision Time Protocol (PTP) and SyncE clock management on the MXK
D 00:01:47:8b:d7:2d
ipobtls Tagged 3105 1/a/6/0/ipobridge ipobridge-3105/bridge UP S 00:01:47:18:07:43
S 10.51.5.5
2 Bridge Interfaces displayed
3 Create a route to the IP address.
zSH> route add default 10.51.5.254 1
Verify the route.
zSH> route show
Destination Routing Table
Dest Nexthop Cost Owner Fallback
------------------------------------------------------------------------------
0.0.0.0/0 10.51.5.254 1 STATICLOW
4 Update the ptp 1-a-1-0/ptp profile with the information to connect the
PTP Grand Master and the TOP uplink card.
You must provide the IP address of the PTP Grand Master that provides
clock in the acceptable-master-1 field and the ipobridge interface in the
ip-ifindex field for clock to occur, the clock-mode is slave.
The domain domain1MS in the ptp 1-a-1-0/ptp profile must match the
domain of the PTP Grand Master. The domain domain2M is not used.
zSH> update ptp 1-a-1-0/ptp
ptp 1-a-1-0/ptp
Please provide the following: [q]uit.
clock-mode: ----------> {slave}: The mode of the MXK in relation to the PTP Grand Master is slave
sync-msg-interval: ---> {-5}:
announce-interval: ---> {1}:
delay-req-interval: --> {0}:
domain1MS: -----------> {0}: domain must match the domain of the Grand Master
variance: ------------> {32767}:
priority1: -----------> {128}:
priority2: -----------> {128}:
domain2M: ------------> {0}: Domain remains unused in a Ordinary Clock configuration
ip-ifindex: ----------> {0/0/0/0/0}: ipobridge-3105/ip
acceptable-master-1: -> {0.0.0.0}: 172.24.7.1 IP address of the PTP Grand Master
acceptable-master-2: -> {0.0.0.0}:
....................
Save changes? [s]ave, [c]hange or [q]uit: s
Record updated.
Verify the changes.
zSH> get ptp 1-a-1-0/ptp
ptp 1-a-1-0/ptp
clock-mode: ----------> {slave}
sync-msg-interval: ---> {-5}
announce-interval: ---> {1}
delay-req-interval: --> {0}
domain1MS: -----------> {0}
variance: ------------> {32767}
MXK Configuration Guide 187
You might also like
- 830-01812-25 MXK Configuration Guide 2017No ratings yet830-01812-25 MXK Configuration Guide 20171,700 pages
- Configuring PPP On The Cisco ASR 9000 Series Router (PDFDrive)No ratings yetConfiguring PPP On The Cisco ASR 9000 Series Router (PDFDrive)58 pages
- EMEA DC PVT Nov 2022 Techtorial ACI Best PracticesNo ratings yetEMEA DC PVT Nov 2022 Techtorial ACI Best Practices126 pages
- ISCOM5508 User Manual (Rel - 01) 201202No ratings yetISCOM5508 User Manual (Rel - 01) 20120258 pages
- Computer Security Book 27-08-2022 - Proof Reading Unit 1 - 4No ratings yetComputer Security Book 27-08-2022 - Proof Reading Unit 1 - 4396 pages
- CISCOLIVELA2019 - Breakout Sessions-BRKSPG-2295No ratings yetCISCOLIVELA2019 - Breakout Sessions-BRKSPG-2295100 pages
- CCISO Certified Chief Information Security Officer All-In-One Exam Guide100% (2)CCISO Certified Chief Information Security Officer All-In-One Exam Guide862 pages
- Key Specs For Paloalto Interface TransceiversNo ratings yetKey Specs For Paloalto Interface Transceivers6 pages
- Vpls Configuration Ios XR With BGP and LDP AutodiscoveryNo ratings yetVpls Configuration Ios XR With BGP and LDP Autodiscovery104 pages
- HG6244C Ont Fiber Home para Vyd Fiber HomeNo ratings yetHG6244C Ont Fiber Home para Vyd Fiber Home98 pages
- Huawei Certification Note Commands 001pdfNo ratings yetHuawei Certification Note Commands 001pdf2 pages
- Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-EndNo ratings yetBuilding Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End77 pages
- PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3No ratings yetPPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3196 pages
- Book-Level PDF Cisco IOS Interface Command Reference, Release 12.2 TNo ratings yetBook-Level PDF Cisco IOS Interface Command Reference, Release 12.2 T636 pages
- Multicast in MPLS/VPLS Networks: An Sponsored TutorialNo ratings yetMulticast in MPLS/VPLS Networks: An Sponsored Tutorial28 pages
- Cisco Certified DevNet Professional Training and Certification ProgramNo ratings yetCisco Certified DevNet Professional Training and Certification Program4 pages
- SJ-20130731155059-002-ZXR10 2900E Series (V2.05.11) Easy-Maintenance Secure Switch Configuration Guide - 540668No ratings yetSJ-20130731155059-002-ZXR10 2900E Series (V2.05.11) Easy-Maintenance Secure Switch Configuration Guide - 540668307 pages
- Cyber Security and Digital Forensics Lab Manual 4361601No ratings yetCyber Security and Digital Forensics Lab Manual 436160125 pages
- Cisco 6500-Virtual Switch Sysetm-S6367 - Vss - Tech - Talk - FinalNo ratings yetCisco 6500-Virtual Switch Sysetm-S6367 - Vss - Tech - Talk - Final31 pages
- 323-1051-101G GUI Network Element DescriptionNo ratings yet323-1051-101G GUI Network Element Description122 pages
- Security in DLMS A White Paper by The DLMS User AssociationNo ratings yetSecurity in DLMS A White Paper by The DLMS User Association20 pages
- Nopehjdgs Ufvvdyvhuf8trdsvtrveryter Treroetysiov5yhuetyutdbuzfoyifbvigxdftuvsdhuibrsh0% (1)Nopehjdgs Ufvvdyvhuf8trdsvtrveryter Treroetysiov5yhuetyutdbuzfoyifbvigxdftuvsdhuibrsh2 pages
- ASR9K Punt Fabric Data Path Failure: Mahesh SNo ratings yetASR9K Punt Fabric Data Path Failure: Mahesh S20 pages
- CX600 - Feature Description - User AccessNo ratings yetCX600 - Feature Description - User Access171 pages
- DATA PROCESSING AND INFORMATION It 1234567890No ratings yetDATA PROCESSING AND INFORMATION It 123456789066 pages
- Fujitsu Network Communications: Corporate ProfileNo ratings yetFujitsu Network Communications: Corporate Profile8 pages
- Chapter 6 Security Compliance ManagementNo ratings yetChapter 6 Security Compliance Management57 pages
- Virtual Private Networks (VPNS) : Vpns Are Generally Used For Two PurposesNo ratings yetVirtual Private Networks (VPNS) : Vpns Are Generally Used For Two Purposes9 pages
- Deploying and Managing Certificates: ContentsNo ratings yetDeploying and Managing Certificates: Contents39 pages
- Sample Questions: 1. Which RFC Will Be Used To "Read System Data Remote" From Transaction SMSY?No ratings yetSample Questions: 1. Which RFC Will Be Used To "Read System Data Remote" From Transaction SMSY?30 pages
- Comp - Sem VI - Cryptography and System Security+Sample QuestionsNo ratings yetComp - Sem VI - Cryptography and System Security+Sample Questions16 pages
- Penetration Testing in Wireless Networks: Shree Krishna LamichhaneNo ratings yetPenetration Testing in Wireless Networks: Shree Krishna Lamichhane51 pages
- Visit Us At:: WWW - Case.utm - My/infosecNo ratings yetVisit Us At:: WWW - Case.utm - My/infosec8 pages
- iVvTesXmTyGkgjFEXsaITQ - CM2025 Past Exam Mar 2023No ratings yetiVvTesXmTyGkgjFEXsaITQ - CM2025 Past Exam Mar 20235 pages
