Manuals / Nortel Networks / Computer Equipment / Server

Nortel Networks NTRN10AN Centralized Security Administration CSA, Risk of unauthorized access

Models: 3500 NTRN10AN

1 342

Download 342 pages 27.69 Kb

Page 162

2-124Operation, administration, and maintenance (OAM) features

Note 4: Because of the power granted by the Challenge / Response Authentication Protocol, the local shared secret must be kept secure and must not be lost. There is no way to recuperate or change a lost local shared secret. If the local shared secret is lost, contact your Nortel Networks support group.

Note 5: If the response for a challenge-response login includes lowercase characters, you must enter the response in double quotes (“) when you log in through TL1.

Note 6: The default local shared secret is ‘nortelnetworks’ (all in lower case). The local shared secret can be provisioned through Site Manager or TL1 and must be between 8 and 20 alphanumeric characters. To maintain case sensitivity when you provision the secret through TL1, you must enclose the secret in double quotes (“). The double quotes are not included in the length of the secret.

CAUTION

Risk of unauthorized access

Be sure to change the default local shared secret to something only the administrative-level user knows.

Centralized Security Administration (CSA)

OPTera Metro 3500 Release 11.0 introduced a new centralized authentication mechanism that provided additional security when accessing OPTera Metro 3500 network elements and network processors.

System administrators can provision access to be based on any one of three methods:

•Centralized user administration and authentication through RADIUS

•Local account user authentication

•Local ‘challenge-response’ user authentication

Note: Local account user authentication and RADIUS authentication require a user identifier and password. See Password management on page 2-135for information on password restrictions.

For information about enhanced security logs, see TL1 event / log feature on page 2-173.

OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004

Image 162

Nortel Networks NTRN10AN, 3500 manual Centralized Security Administration CSA, Risk of unauthorized access

Contents

OPTera Metro 3500 Multiservice Platform Copyright  2000-2004 Nortel Networks, All Rights Reserved Contents Iv Contents Contents Hardware feature descriptions Contents Page Standards Supported softwareSupported hardware Hardware naming conventionsAudience OPTera Metro 3500 NTP library NTRN16AATechnical support and information For non-service-affecting problems North AmericaGlobal software upgrade support North America InternationalOverview Network element overviewLoam Loam Release 12.1 features In-service reconfigurations Dwdm Services DS1DS3 8Overview Overview Performance monitoring Security and administration Bandwidth management Blsr Miscellaneous14Overview Overview Release 12.1 Hardware Compatibility Matrix Platforms with STX VTX-series Circuit packsOC-3x4 Yes 18Overview Supported configurations Upsr Linear Spur OC-48 OC-3 Requires dual slot circuit OC-12 Pack 22Overview VTX-48e Linear pt-to-pt or OC-12 ADM chain OC-3 24Overview Interworking Supported upgrade paths Operation, administration, and maintenance OAM features New or enhanced OAM features in OPTera Metro 3500 ReleaseOPTera Metro 3500 OAM features Gigabit Ethernet Drop and Continue Gigabit Ethernet drop and continue application P2PAlarm provisioning Engineering rulesAlarm flow control Environmental alarms Bandwidth managementExternal controls Tributary, DWDM, BLSR, UPSR, and 1+1 linear point-to-point In-service traffic rollover Connection editingOPTera Metro Switching matrixBlsr networks 2-fiber STS or 5376 VTUser-initiated Blsr switching commands Protection’Infinite wait-to-restore’ parameter Automatically initiated Blsr switching requestsBlsr Line Protection Oscillation Control Blsr single span fiber cut scenarioBlsr single span Fiber cut example Step Action Node status ’Bridged and Switched’ 16Operation, administration, and maintenance OAM features Blsr ring switch example UEQ18Operation, administration, and maintenance OAM features Node 1 and 2 state change detail Idle State 20Operation, administration, and maintenance OAM features EX1242p 22Operation, administration, and maintenance OAM features State Protection traffic 24Operation, administration, and maintenance OAM features Blsr nodal / multi-span failure scenario involves squelching 26Operation, administration, and maintenance OAM features OC-48 Blsr node failure example A-BC-B OC-192 Blsr node failure example Blsr configurations Blsr configuration attributesSTS paths and squelch map for a four-node 2-Fiber Blsr ring Blsr configuration and connection audit Blsr configuration distributionBlsr configuration audit Traffic flow over OC-48 Blsr Blsr connection auditSTS Blsr with VT assignment VT Blsr with full VT access Traffic flow over OC-192 BlsrNetwork Element a DS1 add/drop Provisioning rules Risk of traffic lossOC-48/OC-192 Blsr provisioning rules Rule # Description OC-48/OC-192 Blsr provisioning rules 36Operation, administration, and maintenance OAM features EX1294p 38Operation, administration, and maintenance OAM features West optics East optics IPTR-4 IPTR-2IPTR-3 IPTR-1RPR over a Blsr and subtending Upsr example Upsr #1 Upsr #2OAM supported on Blsr Channelized DS3 service DS3VTx12 mapper Changing the Blsr configuration / connection audit periodCommon Language Location Identifier Connection ID Consolidated loadDense wavelength division multiplexing Dwdm OPTera Metro 3500 bands BandOMX module Network sites OPTera Metro 3500 and OMX interconnectDwdm configurations Hubbed-ring configurationPhysical connections in a hubbed-ring configuration Logical connections in a hubbed-ring configuration 3500 Meshed-ring configuration3500 3500 Physical connections in a meshed-ring configuration 3500 Logical connections in a meshed-ring configuration3500 Physical Connections 3500 Dwdm point-to-point configurationLinear point-to-point 3500 Logical ConnectionsTerminal loopback Facility attributesLoopbacks Facility loopbackOptical loopback Electrical Loopback typesOptical facility loopbacks AIS Facility loopbackOOS Optical terminal loopbacksOperation, administration, and maintenance OAM features Network surveillance Extended network processor NPx2x100BT-P2P loopback conditioning Telemetry byte-oriented serial Tbos Single-ended TbosRemote alarm LED indicator Path traceTbos report format TID address resolution protocol Tarp Section traceConnectors OPTera Packet Edge System Resilient Packet Ring EthernetResilient packet ring RPR object Resilient packet ring shelf level64Operation, administration, and maintenance OAM features RPR configuration alert Auto save notificationTraps NNI Filters increased to 2x100BT-P2P circuit packPPP over Sonet PPP and Hdlc2x100BT-P2P circuit pack model Hdlc STS1/3C PPP/BCPNetwork protection using UPSR, 1+1 linear and Blsr Bridge Control Protocol2x100BT-P2P logical datapath overview Oamp support Ethernet Operational MeasurementsOperation, administration, and maintenance OAM features Distributed multilink trunking Bandwidth Reservation Protocol BRPTDIs on a mapped UNI Optical Ethernet Private Line OE-PL and Storage applications 2xGigE/FC-P2P circuit packAlarm management SDHEquipment alarms 76Operation, administration, and maintenance OAM features Small Form Factor Pluggables SFP alarms Ingress LAN port alarmsIngress LAN port alarms Alarm Description Severity For Fibre Channel facilities, this alarmFor Fibre Channel facilities , this alarm LAN WAN LAN Ingress AlarmsEgress WAN port and service alarms LAN GFP VcatSUBRATE=DISABLE 82Operation, administration, and maintenance OAM features Client Service Mismatch Bandwidth management LanwanContiguous concatenation Engineering rules Facility attributesVirtual concatenation Ethernet facility86Operation, administration, and maintenance OAM features Fibre Channel facility MTU88Operation, administration, and maintenance OAM features WAN facility STS12C, STS24C ProvunitsWAN GFP Supported on 2xGigE/FC-P2P Supported on 2xGigE/FC-P2P circuit Pack OutframesdiscdsAlignerr 94Operation, administration, and maintenance OAM features SES Performance MonitoringFibre Channel Extended Reach INFRAMESERR/INFRAME Inoctetserr UASStorage over Sonet GFP and Flow Control Enable Distance Extension See Note Generic Framing Procedure and Virtual Concatenation support Generic Framing Procedure GFP60950 91430 182860 GFP Encapsulation GFP FCSVirtual Concatenation Vcat Efficiency RateOptical interoperability of OPTera Metro Performance monitoringSonet line, section, and path parameters Threshold values Hard-coded default threshold values facility typeUser defined default threshold values facility type User defined threshold values facilityLine Path ES-P ES-PFESES-P SAS-P SES-PFESEFS-PFE SEFS-PFC-P FC-PFEOperation, administration, and maintenance OAM features Retrieving performance monitoring counts Physical PMs NTN445DA NTN408DANTN445CB NTN445JAResetting registers and invalid data flag Storage and retrieval of physical PMsTCA summary alarms Performance monitoring threshold crossing alerts TCATCAs Alarms Preside Software Upgrade Management support Site Manager supportPreside Applications Platform and Multiservice MOA support Site Manager main windowProtection switching Protection hierarchy 120Operation, administration, and maintenance OAM features Protection PM in a linear 1+1 configuration Protection PM in a Blsr configurationSecurity and administration Local account user authenticationLocal ‘challenge-response’ user authentication Centralized Security Administration CSA Risk of unauthorized accessOperation, administration, and maintenance OAM features ’Access-Request’ Time s Server’Access-Reject’ ’Access-Accept’Secure storage of authentication data SecurID supportSpan of control Saving and restoring provisioning dataLocal TL1 of provisioning data Individual shelf processorApplication of TL1 commands from a TL1 script file Security levelsLevel System identifier SID Remote login Multiple login sessionsSPx login sessions NPx login sessionsEnhanced Intrusion Detection Intrusion attempt handling Password management Password restrictionsLogical flow of intrusion attempt handling Enhanced password restrictions Password ReusePassword Aging Customer managed networks Temporary AccountsSecurity log audit trail ACT-USER, CANC-USER, ED-SECU-PID ALW-MSG-ALL INH-MSG-ALLSECU401 General Broadcast toolLog Names Log name Log events SECU410Modifiable Login Banner Example of Modified Login BannerRestore-banner Login banner functionalitySTS Managed DSM NE3 DSMNE2 DSMNE1 DSM NE4NE1 NE5NE4 DSM STS1 endpoints to DS1 facility grouping assignments STS1 AID is used to perform BWM operations onGroup of DS1 facilities Support for 12 DSM SynchronizationLine timing Internal timingExternal timing Transport line timingLine timing mode transport / tributary Timing signal sources Internal timing modeExternal timing mode Tributary line timingTiming modes Stratum clocks Synchronization hierarchySMC Hierarchy violations Timing loopsST3 Hierarchical network synchronization Building-integrated timing supply Bits Network element synchronization modesExternal timing Line timingFlow of synchronization timing signals Timing sources and timing distributionSynchronization-status messages ST2 ST1 PRSSTU ST4User-initiated synchronization switches User-specified quality levels for timing sourcesBits output with VTX-series or STX-192 circuit packs DUS Test Access Test Access Ports TAPs Site Manager Test Access Session Management windowTest access components Test access configurationsMonitoring test access DCNTest access-monitor state Single FAD, Mone and Single FAD MonfMonitoring test access-Dual FAD, Monef Monitoring test access-Single FAD, MoneMonitoring test access-Single FAD, Monf TAPSplit test access Test access-split stateSingle FAD, Splte and Single FAD Spltf Split test access-Single FAD, Splte Split test access-Single FAD, SpltfSplit test access-Single FAD, Splta Loss of association and auto recovery Split test access-Dual FAD, SpltefDual FAD, Spltef User interface Site ManagerTime of day synchronization 170Operation, administration, and maintenance OAM features TOD parameters applicable to NP only TL1 Changes to Cross Connect AID parameter Hhminsec UnknownCLX RTRV-EQPT Behaviour Card in Slot 13 RTRV-EQPT Output TL1 event / log featureTL1 event exerciser CLX-13CTYPE=VTXOOS-AU, UEQDatabase change events Log eventsInventory events Atag sequence numbers Topology enhancementsVT management option on STX equipped OPTera Metro VT management on a UpsrPer-site dedicated STS VTXSTX Per-site dedicated STS no VT loss in case of a fiber cut Virtual ring path-in-line and shared VT-managed STS STXW/STXVT#1 UPSR, 2 way STS-1 #1 Unprotected OM3500 180Operation, administration, and maintenance OAM features VT grooming on a Upsr VT grooming with dedicated STS at each site VT grooming with shared VT-managed STS DS1 DS3 EC1184Operation, administration, and maintenance OAM features OM3500 VT#1, STS-1 #1 Collocated OPTera Metro 3000 NE and shared VT-managed STS EX1561p 188Operation, administration, and maintenance OAM features Physical subtending rings Upsr planning guidelines summaryGeneral guidelines VT grooming at an STS-managed OPTera Metro 3500 sitePage Hardware feature descriptions New hardware in OPTera Metro 3500 ReleaseOPTera Metro 3500 hardware Extended Reach ZX Small Form Factor Pluggable SFP NTTP51DZ Shelves equipped with VTX-48 or VTX-48e circuit packs Shelves equipped with STX-192 circuit packs NTN476AH Operational temperature rangeOPTera Metro Shelf Assembly Universal Shelf NTN476DA OC-3 circuit packsOC-48 non-DWDM circuit packs OC-48 Dwdm circuit packs OC-48 Dwdm NTN442NB OC-48 ER Dwdm NTN408CWOC-48 Dwdm NTN442LF OC192 non-DWDM circuit packsElectrical tributary circuit packs NTTP51AA NTN433AANTN438DA NTTP51BDNTN433EA OPTera Packet Edge System circuit packsNTN433BB NTN433FANTN414AA NTN438BACross-connect / synchronization circuit packs NTN414ABProtection switching circuit packs Power modules and BIPsNetwork / Shelf processors, and Ilan circuit packs Accessory shelves Cooling unit assembliesModules NTN452CH NTN452EANTN452AH NTN452EHNTN452KA NTN452JANTN452JH NTN452NANTN451MA LIFs and LOAMsNTN451BA NTN451BHLIF, Loam 20Hardware feature descriptions OPTera Metro 3500 Shelf Assembly NTN476DA Loam LIFNTN452AA and BNC 12-Port Front I/O module NTN452JA DS1BNC 12 port I/O EX1157p 24Hardware feature descriptions Air deflector Replaceable I/O modules Hardware feature descriptions Module type and slot positions Type / PEC Positions Transport slotNTN476DA ADD / Drop DS1 1-28 Front I/O module NTN452AA DS1 29-56 Front I/O module NTN452CADS1 29-84 Front I/O module NTN452EA BNC 12-Port Front I/O module NTN452JA8xRJ-45 Front I/O module NTN452NA DS1 1-28 Front Enhanced I/O module NTN452AHDS1 29-56 Front Enhanced I/O module NTN452CH DS1 29-84 Front Enhanced I/O module NTN452EHBNC 12-Port Front Enhanced I/O module NTN452JH 8xRJ-45 Front Enhanced I/O module NTN452NHDS1 1-28 Rear I/O module NTN452BA DS1 29-56 Rear I/O module NTN452DADS1 29-84 Rear I/O module NTN452FA 8xRJ-45 Rear I/O module NTN452HBCommon modules Left OAM Loam NTN451MA, NTN451MHBNC 12-Port Rear I/O module NTN452KA Colan Ilan Left interface LIF NTN451BA, NTN451BHLeft OAM Loam NTN451MA, NTN451MH ACOLeft interface LIF NTN451BA, NTN451BH OPTera Metro 3500 Cooling unit assembly NTN458QA OPTera Metro 3500 Universal cooling unit assembly NTN458QH Universal power module NTN451HA Universal power module NTN451HAOPTera Metro 3000 breaker interface panel BIP NTN458RA Bay Alarms Power Input AlarmBreaker Alarm Alarm CircuitsOPTera Metro 3500 BIP European deployment NTFW56BA Core circuit packs VTX equipped OPTera Metro 3500 shelf Core circuit packs STX-192 equipped OPTera Metro 3500 shelf Tributary circuit packs EX1474pOPTera Packet Edge circuit packs 2xGigE/FC-P2P and SFP interfaces NPx, ILAN, PSC, and PSX circuit packs PSCPSX Ilan External timing reference input signals STX-192 circuit pack NTN415AAEquipping rules OC-48 STS OC48 STSDSM Alarm LED definitions VTX-48 circuit pack NTN414AALED name Color Description VTX-48e circuit pack NTN414AB, NTN414AH Extended shelf processor SPx NTN423BA, BH TL1 sessionsExtended network processor NPx NTN424BA, BH Alarms and TbosReset button Section data communication channel SdccAlarms and provisioning data Ilan interface NTN425AA OC-192 optical interface circuit pack NTN445CB, DAForward Error Correction FEC STS-1 path trace for OC-192Section trace for OC-192 Alarm Text or conditions OC-192 protection switching +1 linear protectionUpsr path protection Blsr protection 64Hardware feature descriptions STS-1 path trace for OC-48 OC-48 optical wavelength OC-48 circuit pack WavelengthSection trace for OC-48 Following table lists the OC-48 interface circuit pack LEDsOC-48 protection switching OC-48 STS optical interface circuit pack NTN440HA, KA, LA STS-1 path trace for OC-48 70Hardware feature descriptions Section data communication channel Sdcc Optical transmit Optical receive OC-12 Protection switchingUnidirectional path switched rings UPSRs +1 linear74Hardware feature descriptions OC12x4 STS IR optical interface circuit pack NTN446CA Multimode InterworkingParameters Value 76Hardware feature descriptions OC-3 optical interface circuit pack NTN401AA, DA OC-3 Protection switching Section data communication channel Sdcc OC-3x4 optical interface circuit pack NTN441AA, AC Equipping rules EC-1x3 circuit pack NTN436AA Protection switching EC-1x12 circuit pack NTN436DA EC-1x12 circuit packs do not support Sdcc channels DS1 mapper NTN430AA, BA DS1 I/O module types DS188Hardware feature descriptions DS3 alarms available only on DS3x12e mapper DS3x12 / DS3x12e mapper NTN435AA, AH / NTN435BADS3 Path PMs Near-End available only on DS3x12e mapper DS3VTx12 mapper NTN435FA DS3/VT protection switching 2x100BT-P2P circuit pack NTN433AA92Hardware feature descriptions Shelf Module Scenario description OPTera Packet Edge System 4x100BT circuit pack NTN433BB WAN OPTera Packet Edge System 4x100FX circuit pack NTN433EA, FA LEDs Color Description 98Hardware feature descriptions Hardware feature descriptions Protection switch controller PSC NTN412AA Protection switch extender PSX NTN413AA OMX + Fiber Manager 4CH NT0H32AE, BE, CE, DE, EE, FE, GE, HEOMX + Fiber Manager 4CH equipment drawer OMX shelf not required with OMX + Fiber Manager 4CH NTN449ZW OMX shelf NTN449ZW OMXMounting bracket labels Letter Rack type Fiber manager NT0H57BB DS1 service module DSM shelf NTN407MA Multiple isDS1 service module DSM NTN407MA EX0959p DSM OAM Hardware Release 6 with cover off DSM DS1x84 termination module TM NTN313AA, ACDSM OAM Hardware Release 6 with cover on LED Name LED Color On condition description LOSPage OPTera Metro Multiservice Platform