Академический Документы
Профессиональный Документы
Культура Документы
Module Contents
Connectivity Syslog Security/Alarm/Audit Logs SNMP
SNTP
Security
Connectivity
Various Options
HTTP/HTTPS eVision Telnet, SSHv2 SNMP CLI NMS
User ID Password
root ChgMeNOW
netadmin ChgMeNOW
user ChgMeNOW
Privilege
Superuser
Provisioning
Maintenance
Connectivity
Serial Interface
Connection Attributes:
Bits per second: 9600 Data bits: 8 Parity: None Stop Bits: 1 Hardware Flow Control: None
CLI
Software download and database backup are not available via the serial interface. IP connectivity is required for https file transfer and FTP.
Connectivity
Serial Interface
CLI login screen
Connectivity
CLI Basics
Serial Port, Telnet or SSH Only need to enter the unique portion of the command term, not the entire term tab can be used to auto-complete the command term once unique portion entered, but completion is not required
Connectivity
Connectivity
Connectivity
IP Access
Connectivity
HTTP GUI
Applications
Navigation Tree
Info/Input
10
Connectivity
11
Connectivity
12
Connectivity
Applications:
Functionality is divided into different applications which is aligned with user privileges
Navigation Tree:
Many nodes in the navigation tree have options that are selectable by right-clicking on the node
OK vs. Apply
Both result in the validation of the data and the writing of changes to the Flash copy of the database and the hardware Apply leaves you in the edit screen where as OK takes you back to the display screen
13
General
Security Banner
Banner is displayed on GUI and serial/telnet sessions at login. In the GUI, right click System node and select Edit Banner Maximum of 2000 characters
ADVA:--> configure system ADVA:system--> security-banner This is a private system. Unauthorized access or use may lead to prosecution
14
General
Security Prompt
When logging in via the CLI, the following prompt is typically displayed:
15
General
Syslog Servers
ADVA--> configure system ADVA:system--> syslog-server 1 ADVA:system:syslog-1--> configure 10.10.10.10 514 ADVA:system:syslog-1--> show syslog-server
IP Address : 10.10.10.10
port : 514
16
General
Syslog Servers
General
Security Log
Security Log contains events of the following type:
Login/Logout/Failed Login attempts (local / remote) Local User creation/deletion Password change attempts
Security logs can be directed to SYSLOG (configurable) Security log can only be cleared by a factory reset only Security log only visible to superuser accounts Security log contains 1000 records
18
General
Security Log
ADVA--> show security-log ADVA--> configure system ADVA:system--> security-log ADVA:system:security-log--> syslog-control disabled
19
2010 ADVA Optical Networking. All rights reserved. Confidential.
General
Alarm Log
Alarm log (automatic output buffer) for alarms/events Alarm logs can be directed to a SYSLOG (configurable) Alarm logs can be disabled by superuser Alarm logs contains 1000 records
20
General
Alarm Log
ADVA--> show alarm-log ADVA--> configure system ADVA:system--> alarm-log ADVA:system:alarm-log--> syslog-control disabled ADVA:system:alarm-log--> log2file-control enabled
21
General
Audit Log
Audit Log contains events of the following type:
all all all all configuration related changes, entity (e.g. equipment, facility, etc) state changes system restarts maintenance operations (e.g. loopbacks)
Audit logs can be directed to SYSLOG (configurable) Audit Log can be disabled by superuser Audit log contains 1000 records
22
General
Audit Log
ADVA--> show audit-log ADVA--> configure system ADVA:system--> audit-log ADVA:system:audit-log--> syslog-control disabled ADVA:system:audit-log--> log2file-control enabled
23
SNMP
V3 Defaults:
24
SNMP
Community String
25
26
SNMP
Target Parameter
The target parameters allow us to define what SNMP protocol will be used to populate trap information;
And thus what SNMP protocol will be used to send traps to the target address specified Target parameter must be added prior to adding the target address.
ADVA--> configure snmp
ADVA:snmp--> add target-params target-param-v1 snmpv1 snmpv1 private no-auth
27
SNMP
Target Address
Up to 10 trap recipients may be defined Up to 10 community strings may be defined
ADVA--> configure snmp ADVA:snmp--> add target-address NMS-US 10.10.10.10:162 2 3 trap target-param-v1 enabled
28
SNMP
ADVA--> configure snmp ADVA:snmp--> add usm-user noc-user local r0ck3t readonly auth-priv md5 des ******** ********
Engine ID
local or beginning with 1 or 0
Security name
1 to 256 characters long only 0-9 a-z A-Z _ . are accepted If left blank User Name will be copied into this field.
29
SNMP
Configure SNMP Dying Gasp on the system level and then you can enable the trap by target address (up to 2 SNMP Dying Gasp PDUs can be configured per system). ADVA--> network-element ne-1 ADVA-NE-1--> configure nte nte206-1-1-1 ADVA-NE-1:ge206-1-1-1--> snmp-dying-gasp enabled
30
2010 ADVA Optical Networking. All rights reserved. Confidential.
NTP
ADVA--> configure system ADVA:system--> ntp-client ADVA:system:ntp_client--> primary-server 10.10.10.10 ADVA:system:ntp_client--> backup-server 10.10.10.11 ADVA:system:ntp_client--> show ntp-client
31
Security
Secure access (defaults shown):
Serial Port: Telnet (port 23): SSH: (port 22): FTP (port 21): Enabled Disabled Enabled Disabled HTTP (port 80): HTTPS (port 443): SFTP: (port 22): SCP: (port 21): Enabled Disabled Disabled Enabled
Serial
Automatic logoff on cable disconnect (Serial Port Auto Log off: Enable) Serial port can be disabled
32
Security
Operations
Access by various applications can be generically enabled or disabled;
In the configuration application right click on System and select- Edit System
ADVA--> configure system ADVA:system--> ftp enabled ADVA:system--> telnet enabled ADVA:system--> serial enabled
33
2010 ADVA Optical Networking. All rights reserved. Confidential.
Security
Key Management
The device can generate unique SSL Certificates and SSH keys.
This will replace the existing keys.
Security
ADVA:system--> acl-entry 1
ADVA:acl-1--> configure permit 10.10.1.0 255.255.255.0 ADVA:acl-1--> control enabled
35
2010 ADVA Optical Networking. All rights reserved. Confidential.
System captures the last 3 instances of an abnormal event. The 3 debug files (binary) are stored on a single debug image which can be downloaded for further investigation.
36
End of Administration
IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright for the entire content of this presentation: ADVA Optical Networking.