3 NE MANAGEMENT BY SOFTWARE APPLICATION
3.5 Security menu
3.5.5 RADIUS
3.5.5.1 Introduction
Remote Authentication Dial In User Service (RADIUS) standard (RFC 2865) allows for remote and cen- tralized user administration, authentication, and authorization of the Alcatel-Lucent Radio user names and passwords when the radios are embedded in a network environment.
When RADIUS is enabled in the MPT-GC radio, and a user attempts to log in to the radio, the radio will send the authentication request to the specified RADIUS server.
The communication between the radio and the RADIUS server is authenticated and encrypted through the use of a shared secret. The shared secret is not transmitted over the network.
The radio has the following RADIUS configuration options: – Disable (default)
– Enable while disallowing locally configured (admin, user) login access
As part of the initial setup, if you do not intend to utilize the SNMP func- tion, it is good practice to change the Access parameter to Disable. This will prevent users from accessing the SNMP agent.
If the RADIUS server is not available and RADIUS is enabled, a hard reset will be needed to regain login access to the radio.
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
102/234
3.5.5.2 RADIUS setup procedure
The RADIUS related configuration parameters are located in the RADIUS tab of the Web interface. The Radius Setup page is shown below.
Use the following steps to configure RADIUS.
1) Select the RADIUS option from the Security section of the Web browser interface of the unit. 2) Enter the Primary RADIUS server IP address in the field provided. The Secondary server
address is optional.
3) Enter the Server Port in the field provided.
4) Re-enter the Shared Secret in the Verify Secret field provided.
5) Enter the Timeout and Retries values if other than the default is required.
6) Select the configuration mode of Disable (Default), or Enable (Disallow Local Users), from the drop-down menu.
7) Click the Submit button.
One possible safe approach is to first enable RADIUS and allow local user login access. Then, open a new browser window and log in with a username and password provided by the RADIUS server. When the login through the RADIUS server is successful, it is safe to re-enable RADIUS in the radio, disallowing local user access.
3.6 Statistics menu
3.6.1 Ethernet Statistics
The Ethernet Statistics page of the Web interface displays received and transmitted Ethernet packet sta- tistics for the copper, fiber, and radio interfaces. These values allow the user to see where packets are dropped due to corrupted or invalid contents, determine the flow of packets between the interfaces, and determine the rate that data is moving through the system.
An example of the Ethernet Statistics page is shown in below, and a definition of each parameter follows.
Good Octets: An octet is a sequence of eight bits. Since a byte is not eight bits in all com- puter systems, octet provides an unambiguous term. When a packet is in error, none of the octets are counted as "good".
Good Packets: Total number of packets without errors received. For the transmit direction, this is expressed as total packets sent, because only good packets are sent.
Unicast Pkts: Total number of frames that have a unicast destination MAC address. Uni- cast frames are addressed to a single host on an LAN.
Broadcasts Pkts: Total number of good frames that have a broadcast destination MAC address. Broadcast frames are addressed to all hosts on an LAN.
Multicasts Pkts: Total number of good frames that have a multicast destination. Multicast are frames addressed to a subset of hosts on an LAN.
Receive and Transmit are relative to the switch port; for example, a packet transmitted on the fiber interface is a packet sent from the fiber interface of the unit to the user's network equipment.
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
104/234
Undersized Pkts: Total number of frames received with a length less than 64 octets, but with a valid FCS.
Oversized Pkts: Total number of frames received with a length that exceeds 1518 bytes (untagged) or 1522 bytes (tagged), but with a valid FCS. These errors are caused either by damaged packets, or by user network equipment being configured to transmit jumbo frames.
Fragmented Pkts: Total number of frames received with a length less than 64 octets and an invalid FCS.
Jabber: Total number of frames received with a length that exceeds 1632 bytes, but with an invalid FCS.
PHY Errors: Receive errors on the physical interface.
CRC Errors: Cyclic Redundancy Check (CRC) is a method of detecting errors in data transmission. A CRC is control information sent with a block of data, that when received, can be used to verify that all data was received correctly. CRC errors typically indicate physical defects in fiber or copper cabling, or poor receive signal quality on a radio link.
One or less CRC errors every 16 minutes on a fully-loaded 1000 Mbps link would equal a bit error rate of under 10-12 and is considered excellent per- formance for fiber or radio connections.
One CRC error every 90 seconds would equal a bit error rate of 10-10 on a 100 Mbps copper connection, which complies with 100Base-TX speci- fications. While higher error rates should normally only be seen during short periods of heavy rain downpours, most LAN applications can easily tolerate 10-8 bit error rates without noticeable degradation.
Pauses: Pause frames are sent if flow control is enabled and a port must tempo- rarily stop the flow of incoming packets.
% Utilization: Traffic utilization of the interface. To make calculations easier, the per- centage is always based on a 1000 Mbps rate, regardless of the current rate or speed capability of the interface.
Usage Rate: Traffic utilization of the interface. The actual Mbps rate being carried at the interface.
Collisions: Total number of collisions detected. Collisions indicate that more than one device is transmitting packets to an Ethernet hub at the same time, and will normally be detected by the device itself and be re-transmitted. Col- lisions should not occur when devices are connected through Ethernet switches in full-duplex mode.
Automatic Refresh: The statistics page will automatically update every 10 seconds when this parameter is enabled.
Clear: Resets all statistics counters to zero.
The Web interface will not automatically log off inactive users if the Auto- matic Refresh option is enabled, and the browser window is left on the Statistics page. Select the Log Out option to prevent un-authorized access to the unit.
3.6.2 Radio Statistics
The Radio Statistics page of the Web interface displays statistics on the radio receiver. Errors on the radio receiver are polled every 15 seconds. All statistics on this page are cumulative: the total since the radio was started.
An example of the Radio Statistics page is shown below, and a definition of each parameter follows.
Good Octets: Number of octets received over the radio channel.
Errors: Errors detected (error count).
Bit Error Ratio: Total errors/total bits received.
Error Seconds: (ES) A one-second interval containing one or more errors.
Severe Error Seconds: (SES) A one-second period which has a bit error ratio >= 30% or during
which Loss of Frame (LOF) is detected.
Unavailable Seconds: (UAS) More than 4 consecutive severe error seconds LOF.
Loss of Frame Seconds:(LOFS) Total seconds since start when LOF detected. ES, SES, and UAS
are also incremented.
Error Free Seconds: (EFS) Total seconds since start when zero errors detected on the radio receiver.
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
106/234
3.7 History menu
Various system statistics are sampled every 15 seconds, and these statistics are presented in System, Ethernet, and Radio categories.
The data collection is presented at 15 minute, 24 hour and 30 day intervals.
– 15 Minute data records are captured every 15 seconds for 15 minutes for a total of 60 entries. – 24 Hours data records consist of the capture of every consolidated 15 minute record for 24 hours
for a total of 96 entries.
– 30 Days data records capture every consolidated 24 hour record for 30 days for a total of 30 entries. The data presented are the average value of the capture interval.
Pressing the Clear button clears the selected statistics.
Pressing the Save Into File button creates a .csv file that can be saved for data analysis:
3.7.1 System History
The System History page displays the RSL, TX power, input voltage, Unit Temperature, TX temperature, and Ethernet traffic % Utilization data for the system.
There are three separate System History screens available: System 15 Minutes:
System 24 Hours:
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
108/234
3.7.2 Ethernet History
The Ethernet History page displays the TX/RX Octets, TX/RX Packets, TX/RX Unicast packets, TX/RX Broadcast packets, TX/RX Multicast packets, PHY/CRC Errors, and collisions. One port is selected at a time and each port can be selected.
There are three separate Ethernet History screens available: Ethernet 15 Minutes:
Ethernet 24 Hours:
3.7.3 Radio History
The Radio History page displays the calculated bit-error-rate (BER) performance, based on the accumu- lated octets and errors of the radio link, and presents the calculated statistics of Error Seconds (ES) Severe Error Seconds (SES, Unavailable Error Seconds (UAS), Loss of Frame Seconds (LOFS), and Error Free Seconds (EFS).
There are three separate Radio History screens available: Radio 15 Minutes:
Radio 24 Hours:
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
110/234
3.8 Charts menu
3.8.1 RSL Charts
The RSL Charts page displays the RSL data in two charts.
– The RSL History(15 Minutes) chart data is captured every 15 seconds for 15 minutes for a total of 60 entries.
– The RSL History(24 hours) chart data is captured every 15 minutes for 24 hours for a total of 96 entries
3.8.2 Temperature Chart
The Temperature Charts page displays the Unit and FEH temperature data in two charts. The Unit and FEH temperature is within specification if -20°C to 75°C (-4°F to 167°F).
– The Temperature History(15 Minutes) chart data is captured every minute for 60 minutes for a total of 60 entries.
– The Temperature History(24 hours) chart data is captured every 15 minutes for 24 hours for a total of 96 entries
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
112/234
3.8.3 % Utilization Chart
The % Network Utilization History chart page displays the Utilization of each GigE Ethernet interface in graphical format. The data is captured every 1 Minute for 60 minutes for a total of 60 entries and continues as a rolling buffer to show the last 60 minutes of activity: The displayed percentage is based on 1000 Mbps.
3.9 Tools menu
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
114/234
3.9.1.1 Hardware revisions and software versions
The Maintenance page of the Web interface, shown above, displays a detailed inventory of a unit's hard- ware and software components. The information may be needed when contacting factory personnel to help resolve issues, or when updating a unit's software. The Unit, FPNMS, and FPGA values can be used to identify the equipment serial number and the two field-upgradeable software components. Prior to per- forming a software upgrade, these three items should be confirmed in order to determine compatibility. A detailed description of each component is listed below:
Link: Displays the Link serial number (if any).
Unit: Displays the serial number of the unit and indicates if it is a High-Band or Low-Band unit.
FEH: Displays the Front End Head serial number. *
Modem: Displays the serial number of the internal Modem module. *
Baseband: Displays the serial number of the internal Base Band module. *
Factory: Displays the serial number of the internal IF module. *
FPNMS: Displays the current Web interface software version.
FPGA: Displays the current firmware version of the internal FPGA. *
Board ID: Displays the board ID relating to system type. *
* Only used by factory personnel.
3.9.1.2 Configuration file backup
A copy of the unit's traffic or system configuration can be saved to a PC.
Use the Traffic Configuration button to save port and VLAN configurations. This file should not be opened or edited. It should only be used to save the traffic configuration to the current unit or any unit. The file name is linkIss_MAC <address><timestamp>.conf.
Use the System Configuration button to save the system configuration to the current unit or any unit. This file can be opened and edited. It contains all system configuration parameters, except the IP address. The file name is linkConf_MAC <address><timestamp>.ini.
Use the System Configuration (Unit Specific) button to save the system configuration to the current unit only. This file can be opened and edited. It contains the IP address configuration, in addition to the other system configuration parameters. The file name is conf_MAC <address><timestamp>.ini.
The Traffic Configuration, System Configuration, and unit-specific System Configuration file names con- tain the last three octets of the MAC address.
The current configuration should be committed before performing a backup.
Use the following steps to perform a backup of the unit configuration.
1) Select the Tools/Maintenance page from the Web browser interface of the unit.
2) Click one of the following buttons: Traffic Configuration, System Configuration, or System Con- figuration (Unit Specific).
3) A File Download window will be displayed. Select the Save option, choose the location and name for the file, and then click the Save button. The file will then be stored the chosen location.
3.9.1.3 Configuration file edit procedure
The system configuration files are text-based, and various parameters can be edited by using a basic text editor, such as Notepad, on a windows based PC. The editable parameters in the file are enclosed by quo- tations "" "". The filename is editable, but must remain an .ini file type.
The file is divided into sections with the sections named as follows:
[Header] Do not edit this value; it is used as a file control parameter.
[Factory] Do not edit these values. Any edits will cause a file error upon upload.
[IPconf] The IP address, netmask and gateway can be edited. This parameter is only in the unit-specific system configuration file.
[Security] The timeout, reuse password, minimum password length, and password aging can be edited.
[Port] The Ctag, mac learning, jumbo packet, protect mode, and hold off init can be edited
[Radio] The management access, link ID, link modulation and rate, Adaptrate, TXpower, LSP RSL settings, ATPC mode, Target RSL, Target power, ARM thresholds, can be edited.
Care should be taken during the editing process to not disturb any other characters, other than what is typed between the quotation marks.
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
116/234
3.9.1.4 Saving a configuration
Click the Commit Configuration to Flash button to save the current configuration to the flash storage on the radio. The saved configuration is loaded on power cycle or restart. Use the Refresh button to view the Commit status.
All parameters from the following Configuration screens require clicking the Commit Configuration to Flash button to save the current configuration values to the flash storage on the radio (all other parameters do not require clicking this button to be saved in configuration):
– Time, SNTP – SNMP – VLAN – Ports – ECFM – EOAM – QoS
3.9.1.5 Restoring a configuration
Use the following steps to restore the unit configuration from a backup configuration file. 1) Select the Tools/Maintenance page from the Web browser interface of the unit.
2) Select the Browse option from the Upload section of the Maintenance screen, select the file from its saved location, then select Upload.
The following message will be displayed if successful:
If you submitted any of the above parameters in the Setup pages, but have not yet clicked the Commit Configuration to Flash button, you can still revert to the prior configuration settings.
The prior configuration settings are the last settings that were committed to flash via the Commit Configuration to Flash button.
You can revert to prior configuration settings by clicking the Hard Restart button in the Tools/Diagnostics page, or by performing a power cycle, before clicking the Commit Configuration to Flash button.
Pay attention that the committed/backup/download actions have a slow refresh on the web page and no message appear during the ongoing action.
3.9.1.6 Snapshot - save website archive
This function will allow the operator to create and save a compressed .tar file containing all of the current Web interface screens in html format and other associated files. WinZip will open a .tar file.
After opening the .tar archive, open any of the .htm files with browser.
3.9.1.7 Software upload procedure
Use the following steps to upgrade a unit's software:
1) Confirm compatibility of your equipment, and current software releases, with the available soft- ware releases.
2) Download the upgrade package and unzip the files to a known location on your hard drive. Mul- tiple files will be unzipped into the directory. Software releases will contain a .bin file (software/ FPNMS) and a .bit file (firmware/FPGA). Both files must be upgraded independently. If both files are to be upgraded, it is recommended to upgrade the software first.
3) Next, browse into the unit that is being upgraded and select the Tools/Maintenance page from the Web interface.
If IP related parameters were modified in the configuration file, it will require a hard restart before the changes will become active.
It is recommended to archive a back-up file of the software before upgrading: this captures critical information of the system, should the upgrade fail.
Do not change the extension name, or use the "." character if renaming the file. This will cause the upgrade process to fail.
User Manual NE Management by software application 9500 MPR for ANSI and ETSI
3DB19025AAAA Issue 2
118/234
4) Select the Browse option from the Upload section and select the new software file software image from the unzipped file location. Then click Upload.
5) The upload can take several minutes to complete. Status messages will report the progress.
6) Upon successful completion a File Upload Success message will be displayed:
7) After receiving the File Upload Success message, perform a hard restart.
8) If desired, repeat steps 4 through 7 to upgrade the firmware.
9) When the Web interface becomes available, browse into the unit and select the Maintenance tab. Verify that the NMS (or FPGA, if applicable) revisions are the desired version.
If software corruption occurs during the upgrade process, a safety feature is provided: the radio automatically induces a sequence that reverts the software back to the original factory image. To verify the software version, check the FPNMS version displayed in the Maintenance screen, then re- attempt the upgrade with a different file.
The Web interface will not be accessible for 40 seconds after rebooting or hard restarting the unit, even though data traffic will flow over the link