Download Print this page

Alcatel-Lucent 7705 SAR System Management Manual

Alcatel-Lucent 7705 SAR System Management Manual

Service aggregation router os

Hide thumbs Also See for 7705 SAR:

Brochure & specs (6 pages)

Table Of Contents

page of 356

/ 356
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

SYSTEM MANAGEMENT GUIDE

Alcatel-Lucent 7705

SERVICE AGGREGATION ROUTER OS | RELEASE 6.2.R1

SYSTEM MANAGEMENT GUIDE

Alcatel-Lucent – Proprietary & Confidential

Contains proprietary/trade secret information which is the property of Alcatel-Lucent. Not to be made available

to, or copied or used by anyone who is not an employee of Alcatel-Lucent except when there is a valid non-

disclosure agreement in place which covers such information and contains appropriate non-disclosure and

limited use obligations.

Copyright © 2015 Alcatel-Lucent. All rights reserved.

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 7705 SAR and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent 7705 SAR

Page 1 Contains proprietary/trade secret information which is the property of Alcatel-Lucent. Not to be made available to, or copied or used by anyone who is not an employee of Alcatel-Lucent except when there is a valid non- disclosure agreement in place which covers such information and contains appropriate non-disclosure and limited use obligations.
Page 2 This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation.
Page 3: Table Of Contents
Audience ...............................11 List of Technical Publications ........................12 Technical Support ............................13 Getting Started............................15 In This Chapter ..............................15 Alcatel-Lucent 7705 SAR System Management Configuration Process ............15 Security ..............................17 In This Chapter ..............................17 Authentication, Authorization, and Accounting ....................18 Authentication..............................19 Local Authentication ..........................20 RADIUS Authentication ..........................21...
Page 4 User-Based Security Model Community Strings ..................164 Views................................164 Access Groups ............................165 Users ................................165 Which SNMP Version to Use?..........................166 Configuration Notes............................167 Reference Sources............................167 Configuring SNMP with CLI..........................169 SNMP Configuration Overview .........................170 Configuring SNMPv1 and SNMPv2c ......................170 Configuring SNMPv3 ...........................171 7705 SAR OS System Management Guide...
Page 5 Log Configuration Overview ..........................228 Log Type................................229 Basic Event Log Configuration .........................230 Common Configuration Tasks ..........................231 Configuring an Event Log ..........................231 Configuring a File ID............................232 Configuring an Accounting Policy........................233 Configuring Event Control ...........................235 Configuring Throttle Rate ..........................235 7705 SAR OS System Management Guide...
Page 6 Returning to the Default Event Control Configuration .................250 Log Command Reference ..........................251 Command Hierarchies..........................251 Configuration Commands ........................252 Show Commands ...........................254 Clear Commands ...........................255 Command Descriptions ..........................256 Configuration Commands ........................257 Show Commands ...........................291 Clear Commands ...........................310 Standards and Protocol Support ...................... 335 7705 SAR OS System Management Guide...
Page 7 Show System Security View Output Fields ................204 Event and Accounting Logs ......................205 Table 25 Event Severity Levels ........................207 Table 26 7705 SAR to Syslog Severity Level Mappings ................211 Table 27 Valid Filter Policy Operators ......................217 Table 28 Log Entry Field Descriptions ......................218 Table 29 Accounting Record Name and Collection Periods ..............221...
Page 8 EMC Industrial Standards Compliance ..................336 Table 52 EMC Regulatory and Customer Standards Compliance .............337 Table 53 Environmental Standards Compliance ..................339 Table 54 Safety Standards Compliance ....................340 Table 55 Directives, Regional Approvals and Certifications Compliance ..........341 7705 SAR OS System Management Guide...
Page 9 List of Figures Security ..............................17 Figure 1 RADIUS Requests and Responses ....................19 Figure 2 Security Flow ..........................27 Event and Accounting Logs ......................205 Figure 3 Event Logging Block Diagram......................212 7705 SAR OS System Management Guide...
Page 10 List of Figures 7705 SAR OS System Management Guide...
Page 11: Preface
Command Line Interface (CLI) syntax and command usage. Note: This manual generically covers Release 6.2 content and may contain some content that will be released in later maintenance loads. Please refer to the 7705 SAR OS 6.2.Rx Software Release Notes, part number 3HE09585000xTQZZA, for information on features supported in each load of the Release 6.2 software.
Page 12: List Of Technical Publications
About This Guide List of Technical Publications The 7705 SAR OS documentation set is composed of the following guides: • 7705 SAR OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7705 SAR OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.
Page 13: Technical Support
Preface Technical Support If you purchased a service agreement for your 7705 SAR router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, follow this link...
Page 14 About This Guide 7705 SAR OS System Management Guide...
Page 15: Getting Started
Network Configure SNMP elements SNMP management Operational Configure event and accounting logs Event and Accounting Logs functions Reference List of IEEE, IETF, and other proprietary Standards and Protocol Support entities 7705 SAR OS System Management Guide...
Page 16 Alcatel-Lucent 7705 SAR System Management Configuration Process 7705 SAR OS System Management Guide...
Page 17: Security
This chapter provides information to configure security parameters. Topics in this chapter include: • Authentication, Authorization, and Accounting • Security Controls • Vendor-Specific Attributes (VSAs) • Other Security Features • Configuration Notes • Configuring Security with CLI • Security Command Reference 7705 SAR OS System Management Guide...
Page 18: Authentication, Authorization, And Accounting
This chapter describes authentication, authorization, and accounting (AAA) used to monitor and control network access on the 7705 SAR. Network security is based on a multi-step process. The first step, authentication, validates a user’s name and password. The second step is authorization, which allows the user to access and execute commands at various command levels based on profiles assigned to the user.
Page 19: Authentication
Authentication validates a user name and password combination when a user attempts to log in. When a user attempts to log in through the console, Telnet, SSH, SCP, or FTP, the 7705 SAR client sends an access request to a RADIUS, TACACS+, or local database.
Page 20: Local Authentication
The user login is successful when the RADIUS server accepts the authentication request and responds to the router with an access accept message. Implementing authentication without authorization for the 7705 SAR does not require the configuration of VSAs (Vendor Specific Attributes) on the RADIUS server. However, users, user access permissions, and command authorization profiles must be configured on each router.
Page 21: Radius Authentication
TACACS+ uses Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). TACACS+ is popular as TCP is thought to be a more reliable protocol. RADIUS combines authentication and authorization. TACACS+ separates these operations. 7705 SAR OS System Management Guide...
Page 22: Authorization
VSAs. See Vendor-Specific Attributes (VSAs). Once a user has been authenticated using RADIUS (or another method), the 7705 SAR router can be configured to perform authorization. The RADIUS server can be used to: • download the user profile to the 7705 SAR router •...
Page 23: Local Authorization
Permissions include the use of FTP, Telnet, SSH (SCP), and console access. When granting Telnet, SSH (SCP) and console access to the 7705 SAR router, authorization can be used to limit what CLI commands the user is allowed to issue and which file systems the user is allowed or denied access to.
Page 24: Accounting
TACACS+ Accounting The 7705 SAR allows you to configure the type of accounting record packet that is to be sent to the TACACS+ server when specified events occur on the device. The accounting record-type parameter indicates whether TACACS+ accounting start and stop packets will be sent or just stop packets will be sent.
Page 25 When a user logs in to request access to the network using Telnet or SSH, or a user enters a command for which accounting parameters are configured, or a system event occurs, such as a reboot or a configuration file reload, the 7705 SAR checks the configuration to see if TACACS+ accounting is required for the particular event.
Page 26: Security Controls
Security Controls Security Controls You can configure the 7705 SAR to use RADIUS, TACACS+, and local authentication to validate users requesting access to the network. The order in which password authentication is processed among RADIUS, TACACS+ and local passwords can be specifically configured.
Page 27: Figure 2 Security Flow
Deny No Response No Response No Response No Response TACACS+ TACACS+ TACACS+ TACACS+ TACACS+ Accept Server 1 Server 2 Server 3 Server 4 Server 5 Access Access Denied Denied Deny Local Deny Access 19672 7705 SAR OS System Management Guide...
Page 28: Vendor-Specific Attributes (Vsas)
• timetra-profile <profile-name> — when configuring this VSA for a user, it is assumed that the user profiles are configured on the local 7705 SAR router and the following applies for local and remote authentication: → The authentication-order parameters configured on the router must include the local keyword.
Page 29 A valid profile must exist on the 7705 SAR router for this user. If all conditions listed above are not met, then access to the 7705 SAR router is denied and a failed login event/trap is written to the security log.
Page 30: Sample User (Vsa) Configuration
Timetra-Default-Action = deny-all, Timetra-Cmd = "configure", Timetra-Cmd = "show", Timetra-Action = permit, Timetra-Cmd = "debug", Timetra-Action = permit, Alcatel-Lucent Dictionary # Version: 20061003-1 VENDORAlcatel-IPD6527 # User management VSAs ATTRIBUTE Timetra-Access1integerAlcatel-IPD ATTRIBUTE Timetra-Home-Directory2stringAlcatel-IPD ATTRIBUTE Timetra-Restrict-To-Home3integerAlcatel-IPD 7705 SAR OS System Management Guide...
Page 31 ATTRIBUTE Alc-Acct-O-Outprof-Octets-6422octetsAlcatel-IPD ATTRIBUTE Alc-Acct-I-Inprof-Pkts-6423octetsAlcatel-IPD ATTRIBUTE Alc-Acct-I-Outprof-Pkts-6424octetsAlcatel-IPD ATTRIBUTE Alc-Acct-O-Inprof-Pkts-6425octetsAlcatel-IPD ATTRIBUTE Alc-Acct-O-Outprof-Pkts-6426octetsAlcatel-IPD ATTRIBUTE Alc-Client-Hardware-Addr27stringAlcatel-IPD # CoA VALUE Timetra-Restrict-To-Hometrue1 VALUE Timetra-Restrict-To-Homefalse2 VALUE Timetra-Accessftp1 VALUE Timetra-Accessconsole2 VALUE Timetra-Accessboth3 VALUE Timetra-Default-Actionpermit-all1 VALUE Timetra-Default-Actiondeny-all2 VALUE Timetra-Default-Actionnone3 VALUE Timetra-Actionpermit1 VALUE Timetra-Actiondeny2 7705 SAR OS System Management Guide...
Page 32: Other Security Features
The 7705 SAR has a global SSH server process to support inbound SSH and SCP sessions initiated by external SSH or SCP client applications. The SSH server supports SSH1. Note that this server process is separate from the SSH and SCP client commands on the 7705 SAR, which initiate outbound SSH and SCP sessions.
Page 33: Csm Filters And Csm Security
Security When using SCP to copy files from an external device to the file system, the 7705 SAR SCP server will accept either forward slash (“/”) or backslash (“\”) characters to delimit directory and/or filenames. Similarly, the 7705 SAR SCP client application can use either slash or backslash characters, but not all SCP clients treat backslash characters as equivalent to slash characters.
Page 34 To avoid DoS-like attacks overwhelming the control plane while ensuring that critical control traffic such as signaling is always serviced in a timely manner, the 7705 SAR has three queues (High, Low, and Ftp) for handling packets addressed to the CSM: •...
Page 35: Exponential Login Backoff
3DES is a more secure version of the DES protocol. 802.1x Network Access Control The 7705 SAR supports network access control of client devices (PCs, STBs, and so on) on an Ethernet network using the IEEE 802.1x standard. 802.1x is known as Extensible Authentication Protocol (EAP) over a LAN network or EAPOL.
Page 36: Configuration Notes
If RADIUS authorization is enabled, then VSAs must be configured on the RADIUS server. Reference Sources For information on supported IEEE standards, IETF drafts and standards as well as standard and proprietary MIBs, refer to Standards and Protocol Support. 7705 SAR OS System Management Guide...
Page 37: Configuring Security With Cli
Security Configuring Security with CLI This section provides information to configure security using the command line interface. Topics in this section include: • Setting Up Security Attributes • Security Configurations • Security Configuration Procedures 7705 SAR OS System Management Guide...
Page 38: Setting Up Security Attributes
Configuring Profiles → Configuring Users • RADIUS authentication (with local authorization) By default, authentication is enabled locally. Perform the following tasks to configure security on each participating 7705 SAR router: → Configuring Profiles → Configuring RADIUS Authentication → Configuring Users •...
Page 39: Configuring Authorization
→ Enabling TACACS+ Authentication Configuring Authorization Refer to the following sections to configure authorization: • Local authorization For local authorization, configure these tasks on each participating 7705 SAR router: → Configuring Profiles → Configuring Users • RADIUS authorization with authentication...
Page 40: Configuring Accounting
Refer to the following sections to configure accounting. • Local accounting is not implemented. For information about configuring accounting policies, refer to Configuring Logging with CLI. • Configuring RADIUS Accounting • Configuring TACACS+ Accounting 7705 SAR OS System Management Guide...
Page 41: Security Configurations
10.10.0.xx/32 exit exit cpm-filter ip-filter shutdown entry 2 create action drop exit exit profile "default" default-action none entry 10 no description match "exec" action permit exit entry 70 no description match "show" 7705 SAR OS System Management Guide...
Page 42 20 time 5 lockout 10 exit no ssh exit 7705 SAR OS System Management Guide...
Page 43: Security Configuration Procedures
CSM, including all routing protocols. They apply to packets from all ports. The filters can be used to restrict management of the 7705 SAR router by other nodes outside either specific (sub)networks or through designated ports. By default, there are no filters associated with security options.
Page 44 {permit | deny | deny-host-unreachable} entry entry-id action {permit | deny | deny-host-unreachable} description description-string dst-port port [mask] flow-label value next-header next-header router router-instance src-ip ipv6-address/prefix- length src-port {port-id | cpm} renum old-entry-number new-entry- number no shutdown 7705 SAR OS System Management Guide...
Page 45 Alternatively, use a direct console connection to the node for configuration; in this case, the order of filter configuration does not matter. 7705 SAR OS System Management Guide...
Page 46: Configuring Ipv4 Or Ipv6 Cpm (Csm) Filters
Use the following CLI commands to configure an IPv6 CPM filter. CLI Syntax: config>system>security cpm-filter default-action {accept | drop} ipv6-filter entry entry-id [create] action {accept | drop} description description-string log log-id 7705 SAR OS System Management Guide...
Page 47: Configuring Password Management Parameters
Depending on the authentication requirements, password parameters are configured locally or on the RADIUS or TACACS+ server. Use the following CLI commands to configure password support: CLI Syntax: config>system>security password admin-password password [hash | hash2] aging days attempts count [time minutes1] [lockout minutes2] 7705 SAR OS System Management Guide...
Page 48: Configuring Profiles
RADIUS server. Use the following CLI commands to configure user profiles: CLI Syntax: config>system>security profile user-profile-name default-action {deny-all | permit-all | none} renum old-entry-number new-entry-number entry entry-id description description-string match command-string action {permit | deny} 7705 SAR OS System Management Guide...
Page 49: Configuring Users
Use the following CLI commands to configure access parameters for users: CLI Syntax: config>system>security user-template template-name user user-name access [ftp] [snmp] [console] console cannot-change-password login-exec url-prefix:source-url 7705 SAR OS System Management Guide...
Page 50 The following example displays the user configuration: ALU-1>config>system>security# info ---------------------------------------------- user "49ers" password "qQbnuzLd7H/VxGdUqdh7bE" hash2 access console ftp snmp restricted-to-home console member "default" member "ghost" exit exit -------------------------------------------- ALU-1>config>system>security# 7705 SAR OS System Management Guide...
Page 51: Copying And Overwriting Users And Profiles
"testgroup" exit exit user "testuserA" password "" hash2 access snmp console new-password-at-login exit snmp authentication hash md5 e14672e71d3e96e7a1e19472527ee969 privacy none group "testgroup" exit exit ---------------------------------------------- ALU-12>config>system>security# info 7705 SAR OS System Management Guide...
Page 52: Copying A Profile
{user source-user | profile source-profile} to destination [overwrite] Example: config>system>security# copy profile default to testuser The following output displays the copied profiles: A:ALU-49>config>system>security# info ---------------------------------------------- A:ALU-49>config>system>security# info detail ---------------------------------------------- profile "default" default-action none entry 10 no description 7705 SAR OS System Management Guide...
Page 53 10 no description match "exec" action permit exit entry 20 no description match "exit" action permit exit entry 30 no description match "help" action permit exit entry 40 no description match "logout" 7705 SAR OS System Management Guide...
Page 54: Configuring Ssh
SSH2. This command should only be enabled or disabled when the SSH server is disabled. This setting cannot be changed while the SSH server is running. CLI Syntax: config>system>security preserve-key no server-shutdown version ssh-version Example: config>system>security# ssh config>system>security>ssh# preserve-key config>system>security>ssh# version 1-2 7705 SAR OS System Management Guide...
Page 55: Configuring Login Controls
2 config>system>login-control# idle-timeout 1440 config>system>login-control# pre-login-message "Property of Service Routing Inc. Unauthorized access prohibited." config>system>login-control# motd text "Notice to all users: Software upgrade scheduled 3/2 1:00 AM" 7705 SAR OS System Management Guide...
Page 56: Radius Configurations
Also, the system IP address must be configured in order for the RADIUS client to work. See “Configuring a System Interface” in the 7705 SAR OS Router Configuration Guide. The other commands are optional.
Page 57 The following example displays the RADIUS authentication configuration: ALU-1>config>system>security# info ---------------------------------------------- retry 5 timeout 5 server 1 address A:A:A:A:A:A:A:1 secret "test1" server 2 address 10.10.0.1 secret "test2" server 3 address 10.10.0.2 secret "test3" server 4 address 10.10.0.3 secret "test4" ---------------------------------------- ALU-1>config>system>security# 7705 SAR OS System Management Guide...
Page 58: Configuring Radius Authorization
ALU-1>config>system>security# info ---------------------------------------------- radius authorization retry 5 timeout 5 server 1 address 10.10.10.103 secret "test1" server 2 address 10.10.0.1 secret "test2" server 3 address 10.10.0.2 secret "test3" server 4 address 10.10.0.3 secret "test4" exit ---------------------------------------------- 7705 SAR OS System Management Guide...
Page 59: Configuring Radius Accounting
5 timeout 5 server 1 address 10.10.10.103 secret "test1" server 2 address 10.10.0.1 secret "test2" server 3 address 10.10.0.2 secret "test3" server 4 address 10.10.0.3 secret "test4" exit ---------------------------------------------- ALU-1>config>system>security# 7705 SAR OS System Management Guide...
Page 60: Configuring 802.1X Radius Policies
Use the following CLI commands to configure generic authentication parameters for clients using 802.1x EAPOL. Additional parameters are configured on Ethernet ports. Refer to the 7705 SAR OS Interface Configuration Guide, “Card, Adapter Card, and Port Command Reference”, for more information on configuring 802.1x parameters on Ethernet ports.
Page 61: Tacacs+ Configurations
1 address A:A:A:A:A:A:A:1 secret "h6.TeL7YPohbmhlvz0gob." hash2 server 2 address 10.10.0.6 secret "h6.TeL7YPog7WbLsR3QRd." hash2 server 3 address 10.10.0.7 secret "h6.TeL7YPojGJqbYt85LVk" hash2 server 4 address 10.10.0.8 secret "h6.TeL7YPoiCfWKUFHARvk" hash2 server 5 address 10.10.0.9 secret "h6.TeL7YPojuCyTFvTNGBU" hash2 7705 SAR OS System Management Guide...
Page 62: Configuring Tacacs+ Authorization
1 address 10.10.0.5 secret "h6.TeL7YPohbmhlvz0gob." hash2 server 2 address 10.10.0.6 secret "h6.TeL7YPog7WbLsR3QRd." hash2 server 3 address 10.10.0.7 secret "h6.TeL7YPojGJqbYt85LVk" hash2 server 4 address 10.10.0.8 secret "h6.TeL7YPoiCfWKUFHARvk" hash2 server 5 address 10.10.0.9 secret "h6.TeL7YPojuCyTFvTNGBU" hash2 ---------------------------------------------- ALU-1>config>system>security>tacplus# 7705 SAR OS System Management Guide...
Page 63: Configuring Tacacs+ Accounting
1 address 10.10.0.5 secret "h6.TeL7YPohbmhlvz0gob." hash2 server 2 address 10.10.0.6 secret "h6.TeL7YPog7WbLsR3QRd." hash2 server 3 address 10.10.0.7 secret "h6.TeL7YPojGJqbYt85LVk" hash2 server 4 address 10.10.0.8 secret "h6.TeL7YPoiCfWKUFHARvk" hash2 server 5 address 10.10.0.9 secret "h6.TeL7YPojuCyTFvTNGBU" hash2 ---------------------------------------------- ALU-1>config>system>security>tacplus# 7705 SAR OS System Management Guide...
Page 64 Security Configuration Procedures 7705 SAR OS System Management Guide...
Page 65: Security Command Reference
User Commands → RADIUS Commands → TACACS+ Commands → 802.1x Commands → SSH Commands • Login Control Commands • Show Commands → Security → Login Control • Clear Commands → Authentication • Debug Commands 7705 SAR OS System Management Guide...
Page 66: Configuration Commands
— [no] source-address protocol-id — router router-instance — no router — src-ip {ip-prefix/mask | ip-prefix netmask} — no src-ip — src-port {port-id | cpm} — no src-port — renum old-entry-number new-entry-number — [no] shutdown 7705 SAR OS System Management Guide...
Page 67 — no description — log-id — no — match [protocol protocol-id] — no match — dscp dscp-name — no dscp — dst-ip {ip-address/mask | ip-address netmask} — no dst-ip — dst-port tcp/udp port-number [mask] 7705 SAR OS System Management Guide...
Page 68 [next-header next-header] — no match — dscp dscp-name — no dscp — dst-ip ipv6-address/prefix-length — no dst-ip — dst-port tcp/udp port-number [mask] — no dst-port — icmp-code icmp-code — no icmp-code — icmp-type icmp-type 7705 SAR OS System Management Guide...
Page 69 — default-action {deny-all | permit-all | none} — [no] entry entry-id — action {permit | deny} — description description-string — no description — match command-string — no match — renum old-entry-number new-entry-number 7705 SAR OS System Management Guide...
Page 70: User Commands
— no accounting-port — [no] authorization — port port — no port — retry count — no retry — server server-index address ip-address secret key [hash | hash2] — no server server-index — [no] shutdown 7705 SAR OS System Management Guide...
Page 71 [hash | hash2] [auth-port auth-port] [acct-port acct-port] [type server-type] — no server server-index — source-address ip-address — no source-address — [no] shutdown — timeout seconds — no timeout — [no] shutdown 7705 SAR OS System Management Guide...
Page 72: Login Control Commands
— [no] login-banner — motd {url url-prefix: source-url | text motd-text-string} — no motd — pre-login-message login-text-string [name] — no pre-login-message — telnet — inbound-max-sessions value — no inbound-max-sessions — outbound-max-sessions value — no outbound-max-sessions 7705 SAR OS System Management Guide...
Page 73: Show Commands
— profile user-profile-name — source-address — — retry [user-id] [detail] — view [view-name] [detail] [capabilities] Login Control show — users Clear Commands Authentication clear — router — authentication — statistics [interface ip-int-name | ip-address] 7705 SAR OS System Management Guide...
Page 74: Debug Commands
Security Command Reference Debug Commands debug — radius [detail] [hex] — no radius 7705 SAR OS System Management Guide...
Page 75: Command Descriptions
Security Command Descriptions • Configuration Commands • Show Commands • Clear Commands • Debug Commands 7705 SAR OS System Management Guide...
Page 76: Configuration Commands
CPM Filter Commands • Global Password Commands • Password Commands • Profile Management Commands • User Management Commands • RADIUS Client Commands • TACACS+ Client Commands • 802.1x Commands • SSH Commands • Login Control Commands 7705 SAR OS System Management Guide...
Page 77 The no form of the command puts an entity into the administratively enabled state. Many entities must be explicitly enabled using the no shutdown command. Default no shutdown 7705 SAR OS System Management Guide...
Page 78: Security Commands
This command enables FTP servers running on the system. FTP servers are disabled by default. At system startup, only SSH servers are enabled. The no form of the command disables FTP servers running on the system. Default no ftp-server 7705 SAR OS System Management Guide...
Page 79 This command specifies the source address that should be used in all unsolicited packets sent by the application. application Syntax application app [ip-int-name | ip-address] no application app Context config>system>security>source-address Description This command specifies the application to use the source IPv4 address specified by the source- address command. 7705 SAR OS System Management Guide...
Page 80 Telnet servers are off by default. At system startup, only SSH servers are enabled. Telnet servers in 7705 SAR networks limit a Telnet client to three retries to log in. The Telnet server disconnects the Telnet client session after three retries.
Page 81 Telnet servers are off by default. At system startup, only SSH servers are enabled. Telnet servers in 7705 SAR networks limit a Telnet client to three retries to log in. The Telnet server disconnects the Telnet client session after three retries.
Page 82 This command creates the context to edit management access filters and to reset match criteria. Management access filters control all traffic in and out of the CSM. They can be used to restrict management of the 7705 SAR by other nodes outside either specific (sub)networks or through designated ports.
Page 83 This command is used to create or edit a management access filter entry. Multiple entries can be created with unique entry-id numbers. The 7705 SAR exits the filter upon the first match found and executes the actions according to the respective action command. For this reason, entries must be sequenced correctly from most to least explicit.
Page 84 — the source TCP or UDP port number as match criteria Values 1 to 65535 (decimal) mask — mask used to specify a range of destination port numbers as the match criterion This 16-bit mask can be configured using the formats in Table 7705 SAR OS System Management Guide...
Page 85: Table 4 16-Bit Mask Formats
(see RFC 3595, Textual Conventions for IPv6 Flow Label) Values 0 to 1048575 Syntax [no] log Context config>system>security>management-access-filter>ip-filter>entry config>system>security>management-access-filter>ipv6-filter>entry Description This command enables match logging. The no form of this command disables match logging. Default no log 7705 SAR OS System Management Guide...
Page 86 This command applies to IPv4 filters only. The no form of the command removes the protocol from the match criteria. Default Parameters protocol-id — the protocol number for the match criterion Values 1 to 255 (decimal) 7705 SAR OS System Management Guide...
Page 87 — the subnet mask length expressed as a decimal integer Values 0.0.0.0 to 255.255.255.255 (IP prefix), 1 to 32 (mask length) netmask — the subnet mask in dotted-decimal notation Values a.b.c.d (network bits all 1 and host bits all 0) 7705 SAR OS System Management Guide...
Page 88 The no form of the command reverts to the default value. Default any interface Parameters port-id — the port ID Values port-id: slot/mda/port[.channel] bundle-id: bundle-type-slot/mda.bundle-num bundle: keyword type: ima | ppp bundle-num: 1 to 32 7705 SAR OS System Management Guide...
Page 89 This command renumbers existing management access filter entries to resequence filter entries. The 7705 SAR exits on the first match found and executes the actions in accordance with the accompanying action command. This may require some entries to be renumbered from most to least explicit.
Page 90 Description This command enables the context to configure a CPM (referred to as CSM on the 7705 SAR) filter. A CPM filter is a hardware filter (that is, implemented on the network processor) for the CSM-destined traffic that applies to all the traffic destined for the CSM CPU. It can be used to drop or accept packets, as well as allocate dedicated hardware queues for the traffic.
Page 91 This command specifies the action to take for packets that match this filter entry. Default drop Parameters accept — packets matching the entry criteria will be forwarded drop — packets matching the entry criteria will be dropped 7705 SAR OS System Management Guide...
Page 92 - none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-no- nxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pim, pnni, ptp, rdp, rsvp, stp, tcp, udp, vrrp * — udp/tcp wildcard 7705 SAR OS System Management Guide...
Page 93: Table 5 Ip Protocol Ids And Descriptions
ISO Internet Protocol eigrp EIGRP ospf-igp OSPFIGP ether-ip Ethernet-within-IP Encapsulation encap Encapsulation Header pnni PNNI over IP Protocol Independent Multicast vrrp Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Schedule Transfer Protocol 7705 SAR OS System Management Guide...
Page 94 * — udp/tcp wildcard 7705 SAR OS System Management Guide...
Page 95 Parameters ip-address — the IP prefix for the IP match criterion in dotted-decimal notation Values 0.0.0.0 to 255.255.255.255 mask — the subnet mask length expressed as a decimal integer Values 1 to 32 7705 SAR OS System Management Guide...
Page 96 — the destination port number to be used as a match criterion Values 0 to 65535 (accepted in decimal, hexadecimal, or binary format) mask — the 16-bit mask to be applied when matching the destination port 7705 SAR OS System Management Guide...
Page 97 — specifies the ICMP code values that must be present to match Values 0 to 255 (values can be expressed in decimal, hexadecimal, or binary – DHB) keywords - none | network-unreachable | host-unreachable | protocol-unreachable | port-unreachable | fragmentation-needed | dest-network-unknown | dest-host-unknown 7705 SAR OS System Management Guide...
Page 98 — the 8-bit option type (can be entered using decimal, hexadecimal, or binary formats). The mask is applied as an AND to the option byte and the result is compared with the option value. 7705 SAR OS System Management Guide...
Page 99: Table 6 Ip Option Formats
— specifies matching on IP packets that contain more than one option field in the header false — specifies matching on IP packets that do not contain multiple option fields in the header 7705 SAR OS System Management Guide...
Page 100 — the IP prefix for the IP match criterion in dotted-decimal notation Values 0.0.0.0 to 255.255.255.255 mask — the subnet mask length expressed as a decimal integer Values 1 to 32 netmask — the dotted-decimal equivalent of the mask length Values 0.0.0.0 to 255.255.255.255 7705 SAR OS System Management Guide...
Page 101 — the source port number to be used as a match criterion Values 0 to 65535 (accepted in decimal, hexadecimal, or binary format) mask — the 16-bit mask to be applied when matching the destination port 7705 SAR OS System Management Guide...
Page 102 — specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header false — specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header 7705 SAR OS System Management Guide...
Page 103 30 to 64 are extended filter entries new-entry-id — the new entry number to be assigned to the old entry Values 1 to 64 where: 1 to 29 are filter entries 30 to 64 are extended filter entries 7705 SAR OS System Management Guide...
Page 104 0d 19:42:22 admin Telnet 09AUG2006 08:35:23 0d 00:00:00 A 10.20.30.93 ------------------------------------------------------------------------------- Number of users : 2 'A' indicates user is in admin mode =============================================================================== A:ALU-1# A:ALU-1# enable-admin MINOR: CLI Already in admin mode. A:ALU-1# 7705 SAR OS System Management Guide...
Page 105 In this example, the user name “test” and password “secret” will not be sent to the AAA servers (or to any logs). They will be replaced with “****”. The no form of the command removes the admin password from the configuration. 7705 SAR OS System Management Guide...
Page 106 If the threshold is exceeded, the user is locked out for a specified time period. If multiple attempts commands are entered, each command overwrites the previously entered command. The no attempts command resets all values to the default. 7705 SAR OS System Management Guide...
Page 107 Parameters method-1 — the first password authentication method to attempt Values radius, tacplus, local Default radius method-2 — the second password authentication method to attempt Values radius, tacplus, local Default tacplus 7705 SAR OS System Management Guide...
Page 108 — specifies that at least one uppercase and one lowercase character must be present in the password. This keyword can be used in conjunction with the numeric and special-character parameters. However, if this command is used with the authentication none command, the complexity command is rejected. 7705 SAR OS System Management Guide...
Page 109 If multiple minimum-length commands are entered, each command overwrites the previously entered command. The no form of the command reverts to the default value. Default minimum-length 6 Parameters value — the minimum number of characters required for a password Values 1 to 8 7705 SAR OS System Management Guide...
Page 110 Note: The permit-all command does not change access to security commands. Security commands are only and always available to members of the admin-user profile. none — sets the default of the profile to no-action. This option is useful to assign multiple profiles to a user. 7705 SAR OS System Management Guide...
Page 111 This command is used to create a user profile entry. More than one entry can be created with unique entry-id numbers. The 7705 SAR exits when the first match is found and executes the actions according to the accompanying action command. Entries should be sequenced from most explicit to least explicit.
Page 112 This command renumbers profile entries to resequence the entries. Since the 7705 SAR exits when the first match is found and executes the actions according to the accompanying action command, renumbering is useful to rearrange the entries from most explicit to least explicit.
Page 113 This command configures default security user template parameters. Parameters tacplus_default — specifies that the TACACS+ default template is used for the configuration radius_default — specifies that the RADIUS default template is used for the configuration 7705 SAR OS System Management Guide...
Page 114 — specifies SNMP permission. This keyword is only configurable in the config>system>security>user context. console — specifies console access (serial port or Telnet) permission console Syntax console Context config>system>security>user config>system>security>user-template Description This command creates the context to configure user profile membership for the console. 7705 SAR OS System Management Guide...
Page 115 Context config>system>security>user>console Description This command allows the user access to a profile. A user can participate in up to eight profiles. The no form of this command deletes access user access to a profile. 7705 SAR OS System Management Guide...
Page 116 Parameters url-prefix [directory] [directory/directory…] — the user’s local home directory URL prefix and directory structure, up to 190 characters in length 7705 SAR OS System Management Guide...
Page 117 To insert # or ? characters, they must be entered inside a notepad or clipboard program and then cut and pasted into the Telnet session in the password field that is encased in the double quotes as delimiters for the password. 7705 SAR OS System Management Guide...
Page 118 All SNMPv3 users must be configured with the commands available in this CLI context. The 7705 SAR always uses the configured SNMPv3 user name as the security user name. 7705 SAR OS System Management Guide...
Page 119 This command configures the authentication and encryption method the user must use in order to be validated by the 7705 SAR. SNMP authentication allows the device to validate the managing node that issued the SNMP message and determine if the message has been tampered with. The authentication protocol can either be HMAC-MD5-96 or HMAC-SHA-96.
Page 120 Parameters group-name — enter the group name (between 1 and 32 alphanumeric characters) that is associated with this user. A user can be associated with one group name per security model. 7705 SAR OS System Management Guide...
Page 121 [no] radius Context config>system>security Description This command creates the context to configure RADIUS authentication on the 7705 SAR. Implement redundancy by configuring multiple server addresses for each 7705 SAR. The no form of the command removes the RADIUS configuration. access-algorithm...
Page 122 The no form of the command reverts to the default value. Default 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS)) Parameters port — the TCP port number to contact the RADIUS server Values 1 to 65535 7705 SAR OS System Management Guide...
Page 123 — the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index. Values 1 to 5 7705 SAR OS System Management Guide...
Page 124 1 to 90 use-default-template Syntax [no] use-default-template Context config>system>security>radius Description This command specifies whether or not the user template defined by this entry is to be actively applied to the RADIUS user. Default no use-default-template 7705 SAR OS System Management Guide...
Page 125 [no] tacplus Context config>system>security Description This command creates the context to configure TACACS+ authentication on the 7705 SAR. Configure multiple server addresses for each 7705 SAR for redundancy. The no form of the command removes the TACACS+ configuration. accounting Syntax...
Page 126 — specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed. port — the port ID Values 0 to 65535 7705 SAR OS System Management Guide...
Page 127 Values 1 to 90 use-default-template Syntax [no] use-default-template Context config>system>security>tacplus Description This command specifies whether or not the user template defined by this entry is to be actively applied to the TACACS+ user. 7705 SAR OS System Management Guide...
Page 128 7705 SAR. The RADIUS server configured under the config>system>security>dot1x>radius-plcy context authenticates clients who get access to the data plane of the 7705 SAR. This configuration differs from the RADIUS server configured under the config>system>security>radius context that authenticates CLI login users who get access to the management plane of the 7705 SAR.
Page 129 For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified. auth-port — the UDP port number used to contact the RADIUS server for authentication Values 1 to 65535 7705 SAR OS System Management Guide...
Page 130 The operational state of the entity is disabled as well as the operational state of any entities contained within. The no form of the command administratively enables the protocol. Default shutdown 7705 SAR OS System Management Guide...
Page 131 The no form of the command reverts to the default value. Default Parameters seconds — the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer Values 1 to 90 7705 SAR OS System Management Guide...
Page 132: Ssh Commands
Default no preserve-key server-shutdown Syntax [no] server-shutdown Context config>system>security>ssh Description This command enables the SSH servers running on the system. Default at system startup, only the SSH server is enabled 7705 SAR OS System Management Guide...
Page 133 2 — specifies that the SSH server will only accept connections from clients supporting SSH protocol version 2 1-2 — specifies that the SSH server will accept connections from clients supporting either SSH protocol version 1, or SSH protocol version 2, or both Default 7705 SAR OS System Management Guide...
Page 134 Description This command configures the maximum number of concurrent inbound FTP sessions. This value is the combined total of inbound and outbound sessions. The no form of the command reverts to the default value. 7705 SAR OS System Management Guide...
Page 135 This command enables or disables the display of a login banner. The login banner contains the 7705 SAR copyright and build date information for a console login attempt. The no form of the command causes only the configured pre-login-message and a generic login prompt to display.
Page 136 — when the keyword name is defined, the configured system name is always displayed first in the login message. To remove the name from the login message, the message must be cleared and a new message entered without the name. 7705 SAR OS System Management Guide...
Page 137 Description This parameter limits the number of inbound Telnet sessions. Each 7705 SAR router is limited to a total of 15 Telnet or SSH sessions (IPv4 and IPv6). The value controls inbound Telnet sessions only. Console sessions though the local serial (console) port cannot be disabled. SSH sessions are counted as inbound Telnet sessions in the login-control context.
Page 138: Show Commands
Security Command Reference Show Commands • Security Show Commands • Login Control Show Commands 7705 SAR OS System Management Guide...
Page 139: Table 7 Show System Security Access Group Output Fields
Specifies the variable of the view to read the MIB objects Write view Specifies the variable of the view to configure the contents of the agent Notify view Specifies the variable of the view to send a trap about MIB objects 7705 SAR OS System Management Guide...
Page 140 Authentication sequence : radius tacplus local =============================================================================== type status timeout single retry server address (secs) conn count ------------------------------------------------------------------------------- radius 10.10.10.103 radius 10.10.0.1 radius 10.10.0.2 tacplus 10.10.0.9(49) down true ------------------------------------------------------------------------------- radius admin status : up 7705 SAR OS System Management Guide...
Page 141: Table 8 Show System Security Authentication Output Fields
The number of seconds the router waits for a response from a RADIUS server Single connection Enabled: Specifies a single connection to the TACACS+ server and validates everything via that connection Disabled: The TACACS+ protocol operation is disabled 7705 SAR OS System Management Guide...
Page 142 Sample Output A:ALU-48# show system security communities ============================================================================= Communities ============================================================================= community access view version group name ----------------------------------------------------------------------------- cli-readonly cli-readonly cli-readwrite cli-readwrite public no-security v1 v2c snmp-ro ----------------------------------------------------------------------------- No. of Communities: 3 ============================================================================= A:ALU-48# 7705 SAR OS System Management Guide...
Page 143: Table 9 Show Communities Output Fields
Sample Output A:ALU-35# show system security cpm-filter ip-filter =============================================================================== CPM IP Filters =============================================================================== Entry-Id Dropped Forwarded Description ------------------------------------------------------------------------------- CPM filter #2 25880 CPM filter #3 25880 CPM filter #4 25882 CPM filter #5 7705 SAR OS System Management Guide...
Page 144 Dest. Port : 0 next-header : none Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Drop Dropped pkts : 25880 Forwarded pkts : 0 =============================================================================== 7705 SAR OS System Management Guide...
Page 145: Table 10 Show Cpm Filter Output Fields
The multiple option setting (IPv4 filters only) TCP-ack The ACK flag in the TCP header Match action When the criteria matches, displays drop or forward packet Next Hop If match action is forward, indicates destination of the matched packet 7705 SAR OS System Management Guide...
Page 146 : enabled (no shutdown) ----------------------------------------------------------------------------- Entry Description : test description Src IP : 10.10.10.104 Src interface : undefined Dest port : 10.10.10.103 Protocol Router : undefined Action : permit : disabled Matches ============================================================================= A:ALU-7# 7705 SAR OS System Management Guide...
Page 147: Table 11 Show Management Access Filter Output Fields
The source IP address used for management access filter match criteria Flow label The flow label to match (IPv6 filters only) Src interface The interface name for the next hop to which the packet should be forwarded if it hits this filter entry 7705 SAR OS System Management Guide...
Page 148: Table 12 Show Password Options Output Fields
The number of days a user password is valid before the user must change their password Number of invalid attempts permitted The number of unsuccessful login attempts allowed for per login the specified time 7705 SAR OS System Management Guide...
Page 149 Sample Output A:ALU-7# show system security profile administrative =============================================================================== User Profile =============================================================================== User Profile : administrative Def. Action : permit-all : no ------------------------------------------------------------------------------- Entry : 10 Description Match Command: configure system security Action : permit 7705 SAR OS System Management Guide...
Page 150: Table 13 Show User Profile Output Fields
The total number of profiles listed source-address Syntax source-address Context show>system>security Description This command displays the source address configured for applications. Output The following output is an example of source address information, and Table 14 describes the fields. 7705 SAR OS System Management Guide...
Page 151: Table 14 Show Source Address Output Fields
SSH preserve key: Enabled SSH protocol version 1: Enabled RSA host key finger print:c6:a9:57:cb:ee:ec:df:33:1a:cd:d2:ef:3f:b5:46:34 SSH protocol version 2: Enabled DSA host key fingerprint:c0:be:4a:da:55:87:e0:92:da:33:b8:55:fb:42:71:58 RSA host key fingerprint:79:28:68:61:d8:8b:c0:f0:5c:f5:bc:0b:fa:02:24:d8 ======================================================= Connection Username Version ======================================================= 192.168.xxx.xxx admin ------------------------------------------------------- 7705 SAR OS System Management Guide...
Page 152: Table 15 Show Ssh Output Fields
If the server fingerprint is not known, the client may not continue with the SSH session since the server might be spoofed. Connection The IP address of the connected routers (remote client) Username The name of the user 7705 SAR OS System Management Guide...
Page 153 — displays information for the specified user Default all users detail — displays detailed user information to the summary output Output The following output is an example of user information, and Table 16 describes the fields. 7705 SAR OS System Management Guide...
Page 154 ------------------------------------------------------------------------------- new pw required : no cannot change pw : no home directory : cf3:\ restricted to home : no login exec file profile : administrative ------------------------------------------------------------------------------- snmp parameters ------------------------------------------------------------------------------- =============================================================================== ALU-7# 7705 SAR OS System Management Guide...
Page 155: Table 16 Show User Output Fields
No: The user is allowed to navigate to a directory higher in the directory tree on the home directory device Login exec file Displays the user’s login exec file which executes whenever the user successfully logs in to a console session 7705 SAR OS System Management Guide...
Page 156 1.3.6.1.2.1.68 included vprn-view 1.3.6.1.2.1.77 included vprn-view 1.3.6.1.4.1.6527.3.1.2.3.7 included vprn-view 1.3.6.1.4.1.6527.3.1.2.3.11 included vprn-view 1.3.6.1.4.1.6527.3.1.2.20.1 included no-security included no-security 1.3.6.1.6.3 excluded no-security 1.3.6.1.6.3.10.2.1 included no-security 1.3.6.1.6.3.11.2.1 included no-security 1.3.6.1.6.3.15.1.1 included on-security 00000000 included ------------------------------------------------------------------------------- 7705 SAR OS System Management Guide...
Page 157: Table 17 Show View Output Fields
The object identifier of the ASN.1 subtree mask The bit mask that defines a family of view subtrees permission Indicates whether each view is included or excluded No. of Views The total number of views 7705 SAR OS System Management Guide...
Page 158: Table 18 Show Users Output Fields
From The originating IP address Login time The time the user logged in Idle time The amount of idle time for a specific login Number of users The total number of users logged in 7705 SAR OS System Management Guide...
Page 159: Clear Commands
— clears the authentication statistics for the specified interface name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. ip-address — clears the authentication statistics for the specified IP address 7705 SAR OS System Management Guide...
Page 160: Debug Commands
Context debug Description This command enables debugging for RADIUS connections. The no form of the command disables the debugging. Parameters detail — displays detailed output hex — displays the packet dump in hexadecimal format 7705 SAR OS System Management Guide...
Page 161: Snmp
In This Chapter This chapter provides information to configure SNMP. Topics in this chapter include: • SNMP Overview • Which SNMP Version to Use? • Configuration Notes • Configuring SNMP with CLI • SNMP Command Reference 7705 SAR OS System Management Guide...
Page 162: Snmp Overview
• The agent can send traps to notify the manager of significant events that occur on the managed device (for example, the 7705 SAR router). SNMP is supported on network hosts using the IPv4 and IPv6 protocols. Management Information Base A MIB is a formal specifications document with definitions of management information used to remotely monitor, configure, and control a managed device or network system.
Page 163: Snmp Versions
SNMP When requested, the Internet Assigned Numbers Authority (IANA) assigns a unique branch for use by a private organization or company. The branch assigned to the Alcatel-Lucent 7705 SAR is 1.3.6.1.4.1.6527. The SNMP agent provides management information to support a collection of IETF specified MIBs and a number of MIBs defined to manage device parameters and network data unique to the 7705 SAR.
Page 164: User-Based Security Model Community Strings
Views Views control the access to a managed object. The total MIB of a 7705 SAR router can be viewed as a hierarchical tree. When a view is created, either the entire tree or a portion of the tree can be specified and made available to a user to manage the objects contained in the subtree.
Page 165: Access Groups
By default, authentication and encryption parameters are not configured. Authentication parameters that a user must use in order to be validated by the 7705 SAR can be modified. SNMP authentication allows the device to validate the managing node that issued the SNMP message and determine if the message has been tampered with.
Page 166: Which Snmp Version To Use
To implement SNMPv3, an authentication and encryption method must be assigned to a user in order to be validated by the 7705 SAR. SNMP authentication allows the router to validate the managing node that issued the SNMP message and determine if the message was tampered with.
Page 167: Configuration Notes
ID. Reference Sources For information on supported IETF drafts and standards as well as standard and proprietary MIBS, refer to Standards and Protocol Support. 7705 SAR OS System Management Guide...
Page 168 Configuration Notes 7705 SAR OS System Management Guide...
Page 169: Configuring Snmp With Cli
SNMP Configuring SNMP with CLI This section provides information about configuring SNMP with CLI. Topics in this chapter include: • SNMP Configuration Overview • Basic SNMP Security Configuration • Configuring SNMP Components 7705 SAR OS System Management Guide...
Page 170: Snmp Configuration Overview
Configuring SNMPv3 Configuring SNMPv1 and SNMPv2c The 7705 SAR router is based on SNMPv3. To use 7705 SAR routers with SNMPv1 and/or SNMPv2c, SNMP community strings must be configured. Three predefined access methods are available when SNMPv1 or SNMPv2c access is required. Each access method (r, rw, or rwa) is associated with an SNMPv3 access group that determines the access privileges and the scope of managed objects available.
Page 171: Configuring Snmpv3
SNMP Configuring SNMPv3 The 7705 SAR implements SNMPv3. If security features other than the default views are required, the following parameters must be configured: • views • access groups • SNMP users 7705 SAR OS System Management Guide...
Page 172: Basic Snmp Security Configuration
20 time 5 lockout 10 7705 SAR OS System Management Guide...
Page 173: Configuring Snmp Components
• assignment of a unique community string to the management router or management VPLS • the SNMP version: SNMPv1, SNMPv2c, or both Default access features are preconfigured by the agent for SNMPv1 and SNMPv2c. 7705 SAR OS System Management Guide...
Page 174: Configuring View Options
[type {included | excluded}] The following example displays view command usage: Example: config>system>security>snmp# view testview subtree 1 config>system>security>snmp>view$ mask ff type included config>system>security>snmp>view$ exit config>system>security>snmp# view testview subtree 1.3.6.1.2 config>system>security>snmp>view$ mask ff type excluded config>system>security>snmp>view$ exit 7705 SAR OS System Management Guide...
Page 175: Configuring Access Options
“testview” subtree 1 mask ff exit view “testview” subtree 1.3.6.1.2 mask ff type excluded exit access group “testgroup” security-model usm security-level auth-no -privacy read “testview” write “testview” notify “testview” community "public" r version both ---------------------------------------------- 7705 SAR OS System Management Guide...
Page 176: Configuring Usm Community Options
SNMPv3 access group and its view. The access granted with a community string is restricted to the scope of the configured group. By default, the 7705 SAR OS implementation of SNMP uses SNMPv3. To implement SNMPv1 and SNMPv2c, USM community strings must be explicitly configured.
Page 177: Configuring Other Snmp Parameters
"public" hash r version v2c usm-community "test" group "testgroup" ---------------------------------------------- ALU-1>config>system>security>snmp# Configuring Other SNMP Parameters Use the following CLI syntax to modify the system SNMP options: CLI Syntax: config>system>snmp engineID engine-id general-port port packet-size bytes no shutdown 7705 SAR OS System Management Guide...
Page 178 Configuring SNMP Components The following example displays the system SNMP default values: ALU-104>config>system>snmp# info detail ---------------------------------------------- shutdown engineID "0000xxxx000000000xxxxx00" packet-size 1500 general-port 161 ---------------------------------------------- ALU-104>config>system>snmp# 7705 SAR OS System Management Guide...
Page 179: Snmp Command Reference
SNMP SNMP Command Reference Command Hierarchies • Configuration Commands → SNMP System Commands → SNMP Security Commands • Show Commands 7705 SAR OS System Management Guide...
Page 180: Configuration Commands
[hash | hash2] group group-name — no usm-community community-string [hash | hash2] — view view-name subtree oid-value — no view view-name [subtree oid-value] — mask mask-value [type {included | excluded}] — no mask 7705 SAR OS System Management Guide...
Page 181: Show Commands
{privacy-level | key-2}] — group group-name — [no] group Show Commands show — snmp — counters — system — information — security — access-group [group-name] — communities — user [user-id] [detail] — view [view-name] [capabilities] [detail] 7705 SAR OS System Management Guide...
Page 182: Command Descriptions
SNMP Command Reference Command Descriptions • Configuration Commands • Show Commands 7705 SAR OS System Management Guide...
Page 183: Configuration Commands
SNMP Configuration Commands • SNMP System Commands • SNMP Security Commands 7705 SAR OS System Management Guide...
Page 184 — an identifier from 10 to 64 hexadecimal digits (5 to 32 octet number), uniquely identifying this SNMPv3 node. This string is used to access this node from a remote host with SNMPv3. 7705 SAR OS System Management Guide...
Page 185 CLI. Shutting down SNMP does not remove or change configuration parameters other than the administrative state. This command does not prevent the agent from sending SNMP notifications to any configured SNMP trap destinations. SNMP trap destinations are configured under the config>log>snmp-trap-group context. 7705 SAR OS System Management Guide...
Page 186 This command is automatically invoked in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof persist on command is enabled. The no form of the command administratively enables SNMP. Default no shutdown 7705 SAR OS System Management Guide...
Page 187 SNMPv1/ SNMPv2c access while another view may require USM (SNMPv3) access rights. security-level {no-auth-no-priv | auth-no-priv | privacy} — specifies the required authentication and privacy levels to access the views configured in this node 7705 SAR OS System Management Guide...
Page 188 If the threshold is exceeded, the host is locked out for the lockout time period. If multiple attempts commands are entered, each command overwrites the previously entered command. The no form of the command resets the parameters to the default values. 7705 SAR OS System Management Guide...
Page 189 • rw — grants read and write access to all objects in the MIB, except security objects • rwa — grants read and write access to all objects in the MIB, including security objects 7705 SAR OS System Management Guide...
Page 190 The access granted with a community string is restricted to the scope of the configured group. The 7705 SAR OS implementation of SNMP uses SNMPv3. In order to implement SNMPv1 and SNMPv2c configurations, several access groups are predefined. In order to implement SNMP with security features (version 3), security models, security levels, and USM communities must be explicitly configured.
Page 191 For example, the MIB subtree that represents MIB-II is 1.3.6.1.2.1. The mask that catches all MIB-II is 0xfc or 0b11111100. Only a single mask may be configured per view and OID value combination. If more than one entry is configured, each subsequent entry overwrites the previous entry. 7705 SAR OS System Management Guide...
Page 192 - all MIB subtree objects that are identified with a 1 in the mask are available in the view excluded - all MIB subtree objects that are identified with a 1 in the mask are denied access in the view Default included 7705 SAR OS System Management Guide...
Page 193: Show Commands
The number of SNMP get next PDUs accepted and processed by SNMP in sets The number of SNMP set request PDUs accepted and processed by SNMP out packets The total number of SNMP messages passed from SNMP to the transport service 7705 SAR OS System Management Guide...
Page 194 Tel/Tel6/SSH/FTP Admin : Enabled/Disabled/Enabled/Disabled Tel/Tel6/SSH/FTP Oper : Up/Down/Up/Down BOF Source : cf3: Image Source : primary Config Source : primary Last Booted Config File: ftp://172.xx.xxx.xxx/./deby-sim1/debby-sim1-config.cfg Last Boot Cfg Version : THU MAR 11 16:58:20 2009 UTC 7705 SAR OS System Management Guide...
Page 195: Table 20 Show System Information Output Fields
/rel0.0/I1042/panos/main # Generated TUE MAR 11 16:58:20 2009 UTC Last Boot Index Version: N/A Last Boot Index Header : # TiMOS-B-0.0.I1042 both/i386 Alcatel-Lucent SAR 7705 Copyright (c) 2000-2009 Alcatel-Lucent. # All rights reserved. All use subject to applicable license agreements.
Page 196 BOF tertiary: specifies whether the configuration was loaded from the tertiary location specified in the BOF Last Booted Config File The URL and filename of the configuration file used for the most recent boot 7705 SAR OS System Management Guide...
Page 197 Successful/Failed: the results from the execution of the CLI script file specified in the Cfg-Fail Script location Not used: no CLI script file was executed Microwave S/W Package Management IP Addr The management IP address and mask 7705 SAR OS System Management Guide...
Page 198 [group-name] Context show>system>security Description This command displays access group information. Parameters group-name — the access group name Output The following output is an example of access group information, and Table 21 describes the fields. 7705 SAR OS System Management Guide...
Page 199: Table 21 Show System Access Group Fields
The view to read the MIB objects Write view The view to configure the contents of the agent Notify view The view to send a trap about MIB objects No. of access groups The total number of configured access groups 7705 SAR OS System Management Guide...
Page 200: Table 22 Show Communities Output Fields
The unique SNMP community string assigned to the management router View The view name Version The SNMP version Group Name The access group name No of Communities The total number of configured community strings 7705 SAR OS System Management Guide...
Page 201: Table 23 Show User Output Fields
The date on which the current password expires Attempted logins The number of times the user has attempted to log in, irrespective of whether the login succeeded or failed Failed logins The number of unsuccessful login attempts 7705 SAR OS System Management Guide...
Page 202 A:ALU-1# show system security view =============================================================================== Views =============================================================================== view name oid tree mask permission ------------------------------------------------------------------------------- included no-security included no-security 1.3.6.1.6.3 excluded no-security 1.3.6.1.6.3.10.2.1 included no-security 1.3.6.1.6.3.11.2.1 included no-security 1.3.6.1.6.3.15.1.1 included ------------------------------------------------------------------------------- No. of Views: 6 =============================================================================== A:ALU-1# 7705 SAR OS System Management Guide...
Page 203 ------------------------------------------------------------------------------- included 1.0.8802 no-support 1.3.6.1.3.37 no-support 1.3.6.1.3.92 no-support 1.3.6.1.3.95 no-support 1.3.6.1.2.1.14 no-support 1.3.6.1.2.1.15 no-support 1.3.6.1.2.1.23 no-support 1.3.6.1.2.1.51 no-support 1.3.6.1.2.1.68 no-support 1.3.6.1.2.1.85 no-support 1.3.6.1.2.1.100 no-support 1.3.6.1.2.1.4.39 no-support 1.3.6.1.2.1.5.20 no-support =============================================================================== A:ALU-1# 7705 SAR OS System Management Guide...
Page 204: Table 24 Show System Security View Output Fields
Included: specifies to include MIB subtree objects Excluded: specifies to exclude MIB subtree objects No-support: specifies not to support MIB subtree objects No. of Views The total number of configured views Group name The access group name 7705 SAR OS System Management Guide...
Page 205: Event And Accounting Logs
Event and Accounting Logs In This Chapter This chapter provides information about configuring event and accounting logs on the 7705 SAR. Topics in this chapter include: • Logging Overview • Log Destinations • Event Logs • Accounting Logs • Configuration Notes •...
Page 206: Logging Overview
Event control assigns the severity for each application event and determines whether the event should be generated or suppressed. The severity numbers and severity names supported in the 7705 SAR conform to ITU standards M.3100 X.733 and X.21 and are listed in Table...
Page 207: Table 25 Event Severity Levels
The only supported destination for an accounting log is a compact flash system device (cf3: on all platforms; cf1: or cf2: on the 7705 SAR-18). Accounting data is stored within a standard directory structure on the device in compressed XML format.
Page 208: Log Destinations
Log Destinations Log Destinations Both event logs and accounting logs use a common mechanism for referencing a log destination. The 7705 SAR routers support the following log destinations: • Console • Session • Memory Logs • Log Files • SNMP Trap Group •...
Page 209: Memory Logs
Log files can be used by both event logs and accounting logs and are stored on the compact flash device (cf3: on all platforms; cf1: or cf2: on the 7705 SAR-18) in the file system. A log file is identified by a single log file ID, but a log file will generally be composed of a number of individual files in the file system.
Page 210: Snmp Trap Group
Ethernet port. For SNMP traps that will be sent in-band, the source IP address of the trap is the system IP address of the 7705 SAR. Each trap target destination of a trap group receives the identical sequence of events as defined by the log ID and the associated sources and log filter applied.
Page 211: Syslog
Syslog Severity Threshold (0 to 7) (events exceeding the configured level will be sent) Because syslog uses eight severity levels, whereas the 7705 SAR uses six internal severity levels, the severity levels are mapped to syslog severities. Table 26 displays the severity level mappings to syslog severities.
Page 212: Event Logs
Default System Log Event logs are the means of recording system-generated events for later analysis. Events are messages generated by the system by applications or processes within the 7705 SAR. Figure 3 depicts a functional block diagram of event logging.
Page 213: Event Sources
Main — The main event source receives events from all other applications within the 7705 SAR. Examples of applications within the 7705 SAR include MPLS and services. The following sample output of the show log applications command displays all applications:...
Page 214: Event Control
======================================================================= Log Events ======================================================================= Application Event Name Logged Dropped ----------------------------------------------------------------------- ATM: 2011 tAtmPlcpSubLayerClear 2012 tAtmEpOutOfPeerVpiOrVciRange 2013 tAtmMaxPeerVccsExceeded CHASSIS: 2001 cardFailure 2002 cardInserted 7705 SAR OS System Management Guide...
Page 215 2002 mplsXCDown 2003 mplsTunnelUp NTP: 2001 tmnxNtpAuthMismatch 2002 tmnxNtpNoServersAvail 2003 tmnxNtpServersAvail SYSTEM: 2001 stiDateAndTimeChanged 2002 ssiSaveConfigSucceeded 2003 ssiSaveConfigFailed USER: 2001 cli_user_login 2002 cli_user_logout 2003 cli_user_login_failed VRTR: 2001 tmnxVRtrMidRouteTCA 2002 tmnxVRtrHighRouteTCA 2003 tmnxVRtrHighRouteCleared ======================================================================= router# 7705 SAR OS System Management Guide...
Page 216: Log Manager And Event Logs
Event Filter Policies The log manager uses event filter policies to control which events are forwarded or dropped based on various criteria. Like other policies with the 7705 SAR, filter policies have a default action. The default actions are either: •...
Page 217: Table 27 Valid Filter Policy Operators
• equal to or not equal to a router name string or regular expression match • equal to or not equal to an event subject string or regular expression match 7705 SAR OS System Management Guide...
Page 218: Event Log Entries
The UTC date stamp for the log entry YYYY — Year MM — Month DD — Day HH:MM:SS.SS The UTC timestamp for the event HH — Hours (24-hour format) MM — Minutes SS.SS — Seconds 7705 SAR OS System Management Guide...
Page 219: Simple Logger Event Throttling
The logger application also cannot distinguish between events that will be logged to destination log-id <n> from events that will be logged to destination log-id <m>. 7705 SAR OS System Management Guide...
Page 220: Default System Log
The following example displays the log 99 configuration. ALU-1>config>log# info detail #------------------------------------------ echo "Log Configuration " #------------------------------------------ log-id 99 description "Default system log" no filter time-format utc from main to memory 500 no shutdown exit ---------------------------------------------- 7705 SAR OS System Management Guide...
Page 221: Accounting Logs
Before an accounting policy can be created, a target log file must be created to collect the accounting records. The files are stored in system memory on a compact flash (cf3: on all platforms; cf1: or cf2: on the 7705 SAR-18) in a compressed (tar) XML format and can be retrieved using FTP or SCP.
Page 222: Table 30 Accounting Record Name Details
Accounting Logs Table 30: Accounting Record Name Details Record Name Sub-Record Field Field Description Service-ingress-octets SvcId SapId QueueId OfferedHiPrioOctets DroppedHiPrioOctets LowOctetsOffered LowOctetsDropped UncoloredOctetsOffered InProfileOctetsForwarded OutOfProfileOctetsForwarded Service-egress-octets SvcId SapId QueueId InProfileOctetsForwarded InProfileOctetsDropped OutOfProfileOctetsForwarded OutOfProfileOctetsDropped 7705 SAR OS System Management Guide...
Page 223 Table 30: Accounting Record Name Details (Continued) Record Name Sub-Record Field Field Description Service-ingress- SvcId packets SapId QueueId HighPktsOffered HighPktsDropped LowPktsOffered LowPktsDropped UncoloredPacketsOffered InProfilePktsForwarded OutOfProfilePktsForwarded Service-egress- SvcId packets SapId QueueId InProfilePktsForwarded InProfilePktsDropped OutOfProfilePktsForwarded OutOfProfilePktsDropped SapId slaProfile SlaProfile 7705 SAR OS System Management Guide...
Page 224: Accounting Files
When a policy has been created and applied to a service, the accounting file is stored on the compact flash in a compressed XML file format. The 7705 SAR creates two directories on the compact flash to store the files. The following output displays a directory named...
Page 225 The amount of data stored depends on the type of record collected, the number of services that are collecting statistics, and the collection interval that is used. 7705 SAR OS System Management Guide...
Page 226: Configuration Notes
SAP or service interface. • The snmp-trap-id must be the same as the log-id. Reference Sources For information on supported IETF drafts and standards as well as standard and proprietary MIBS, refer to Standards and Protocol Support. 7705 SAR OS System Management Guide...
Page 227: Configuring Logging With Cli
This section provides information to configure logging using the command line interface. Topics in this section include: • Log Configuration Overview • Log Type • Basic Event Log Configuration • Common Configuration Tasks • Log Management Tasks 7705 SAR OS System Management Guide...
Page 228: Log Configuration Overview
Log Configuration Overview Log Configuration Overview Logging on the 7705 SAR is used to provide the operator with logging information for monitoring and troubleshooting. You can configure logging parameters to save information in a log file or direct the messages to other devices. Logging commands allow you to: •...
Page 229: Log Type
Accounting policies can be applied to one or more service access points (SAPs). • Event logs — an event log defines the types of events to be delivered to an associated destination • Event throttling rate — defines the rate of throttling events 7705 SAR OS System Management Guide...
Page 230: Basic Event Log Configuration
"This is a test file-id." location cf3: exit file-id 2 description "This is a test log." location cf3: exit snmp-trap-group 7 trap-target 11.22.33.44 "snmpv2c" notify-community "public" exit log-id 2 from main to file 2 exit ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 231: Common Configuration Tasks
{[main] [security] [change] [debug- trace]} to console to file file-id to memory [size] to session to snmp [size] to syslog syslog-id time-format {local | utc} no shutdown 7705 SAR OS System Management Guide...
Page 232: Configuring A File Id
The retention interval determines how long the file will be stored on the compact flash drive before it is deleted. Use the following CLI syntax to configure a log file ID: CLI Syntax: config>log file-id log-file-id description description-string location cflash-id rollover minutes [retention hours] 7705 SAR OS System Management Guide...
Page 233: Configuring An Accounting Policy
Accounting policies must be configured in the config>log context before they can be applied to a SAP or service interface. For information on associating an accounting policy with a SAP, see the 7705 SAR OS Services Guide. An accounting policy must define a record type and collection interval. Only one record type can be configured per accounting policy.
Page 234 ---------------------------------------------- accounting-policy 4 description "This is the default accounting policy." record service-ingress-packets default to file 1 exit accounting-policy 5 description "This is a test accounting policy." record service-ingress-packets to file 2 exit ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 235: Configuring Event Control
This command configures the number of events and interval length to be applied to all event types that have throttling enabled by the event-control command. Use the following CLI syntax to configure the throttle rate. CLI Syntax: config>log# throttle-rate events [interval seconds] 7705 SAR OS System Management Guide...
Page 236: Configuring A Log Filter
Example: config# log config>log# filter 1 config>log>filter# description "This is a sample filter." config>log>filter# default-action drop config>log>filter# entry 1 config>log>filter>entry$ action forward config>log>filter>entry# match application eq atm config>log>filter>entry# match severity eq critical config>log>filter>entry# exit 7705 SAR OS System Management Guide...
Page 237: Configuring An Snmp Trap Group
Use the following CLI syntax to configure an SNMP trap group: CLI Syntax: config>log snmp-trap-group log-id trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify- community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] 7705 SAR OS System Management Guide...
Page 238: Configuring A Syslog Target
Use the following CLI syntax to configure a syslog file: CLI Syntax: config>log syslog syslog-id address ip-address description description-string facility syslog-facility level {emergency | alert | critical | error | warning | notice | info | debug} log-prefix log-prefix-string port port 7705 SAR OS System Management Guide...
Page 239 10.10.10.104 config>log>syslog# facility user config>log>syslog# level warning The following displays the syslog configuration: ALU-12>config>log# info ---------------------------------------------- syslog 1 description "This is a syslog file." address 10.10.10.104 facility user level warning exit ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 240: Log Management Tasks
Use the following CLI syntax to modify a log file: CLI Syntax: config>log log-id log-id description description-string filter filter-id from {[main] [security] [change] [debug- trace]} to console to file file-id to memory [size] to session to snmp [size] to syslog syslog-id 7705 SAR OS System Management Guide...
Page 241 2 config>log>log-id# from security config>log>log-id# exit The following displays the modified log file configuration: ALU-12>config>log# info ---------------------------------------------- log-id 2 description "Chassis log file." filter 2 from security to file 1 exit ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 242: Deleting A Log File
Use the following CLI syntax to delete a log file: CLI Syntax: config>log no log-id log-id shutdown The following displays an example of deleting a log file: Example: config# log config>log# log-id 2 config>log>log-id# shutdown config>log>log-id# exit config>log# no log-id 2 7705 SAR OS System Management Guide...
Page 243: Modifying A File Id
"LocationTest." config>log>file-id# location cf3: config>log>file-id# rollover 2880 retention 500 config>log>file-id# exit The following displays the file ID modifications: ALU-12>config>log# info ---------------------------------------------- file-id 1 description "LocationTest." location cf3: rollover 2880 retention 500 exit ---------------------------------------------- 7705 SAR OS System Management Guide...
Page 244: Deleting A File Id
| notice | info | debug} log-prefix log-prefix-string port port The following displays an example of the syslog ID modifications: Example: config# log config>log# syslog 1 config>log>syslog$ description "Test syslog." config>log>syslog# address 10.10.0.91 config>log>syslog# facility mail config>log>syslog# level info 7705 SAR OS System Management Guide...
Page 245: Deleting A Syslog Id
Use the following CLI syntax to modify an SNMP trap group: CLI Syntax: config>log snmp-trap-group log-id trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify- community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] 7705 SAR OS System Management Guide...
Page 246: Deleting An Snmp Trap Group
10.10.0.91:1 "snmpv2c" notify-community "com1” exit ---------------------------------------------- ALU-12>config>log# Deleting an SNMP Trap Group Use the following CLI syntax to delete a trap target and SNMP trap group: CLI Syntax: config>log no snmp-trap-group log-id no trap-target name 7705 SAR OS System Management Guide...
Page 247: Modifying A Log Filter
{eq | neq | lt | lte | gt | gte} event-id router {eq | neq} router-instance [regexp] severity {eq | neq | lt | lte | gt | gte} severity-level subject {eq | neq} subject [regexp] 7705 SAR OS System Management Guide...
Page 248 The following displays the log filter configuration: ALU-12>config>log>filter# info ---------------------------------------- description "This allows <n>." entry 1 action drop match application eq "user" number eq 2001 exit exit exit ---------------------------------------- ALU-12>config>log>filter# 7705 SAR OS System Management Guide...
Page 249: Deleting A Log Filter
ALU-12>config>log# The following displays an example of event control modifications: Example: config# log config>log# event-control atm 2014 suppress The following displays the log filter configuration: ALU-12>config>log# info ---------------------------------------------- event-control "atm" 2014 suppress ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 250: Returning To The Default Event Control Configuration
"atm" 2011 generate warning event-control "atm" 2012 generate warning event-control "atm" 2013 generate warning event-control "atm" 2014 generate warning event-control "atm" 2015 generate warning event-control "atm" 2016 generate warning event-control "atm" 2017 generate warning ---------------------------------------------- ALU-12>config>log# 7705 SAR OS System Management Guide...
Page 251: Log Command Reference
→ Accounting Policy Commands → Event Control Commands → Log File Commands → Log Filter Commands → Syslog Commands → Logging Destination Commands → SNMP Trap Groups Commands • Show Commands • Clear Commands 7705 SAR OS System Management Guide...
Page 252: Configuration Commands
[interval seconds] — no throttle-rate Log File Commands config — log — [no] file-id log-file-id — description description-string — no description — location cflash-id — rollover minutes [retention hours] — no rollover 7705 SAR OS System Management Guide...
Page 253 — no address — description description-string — no description — facility syslog-facility — no facility — level syslog-level — no level — log-prefix log-prefix-string — no log-prefix — port port — no port 7705 SAR OS System Management Guide...
Page 254: Show Commands
[application-id] [event-name | event-number]] — file-id [log-file-id] — filter-id [filter-id] — log-collector — log-id [log-id] [severity severity-level] [application application] [sequence from-seq [to-seq]] [count count] [subject subject] [ascending | descending] — snmp-trap-group [log-id] — syslog [syslog-id] 7705 SAR OS System Management Guide...
Page 255: Clear Commands
Event and Accounting Logs Clear Commands clear — log-id 7705 SAR OS System Management Guide...
Page 256: Command Descriptions
Log Command Reference Command Descriptions • Configuration Commands • Show Commands • Clear Commands 7705 SAR OS System Management Guide...
Page 257: Configuration Commands
Event and Accounting Logs Configuration Commands • Generic Commands • Accounting Policy Commands • Event Control Commands • Log File Commands • Log Filter Commands • Syslog Commands • Logging Destination Commands • SNMP Trap Groups Commands 7705 SAR OS System Management Guide...
Page 258: Generic Commands
The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted. The no form of this command administratively enables an entity. Default no shutdown 7705 SAR OS System Management Guide...
Page 259 ID. Counters in the billing data reflect totals, not increments, so when the policy is re-enabled (no shutdown), the counters include the data collected during the period the policy was shut down. 7705 SAR OS System Management Guide...
Page 260 If no access accounting policy is defined on a SAP, accounting records are produced in accordance with the default access policy. If no default access policy is created, no accounting records will be collected other than the records for the accounting policies that are explicitly configured. 7705 SAR OS System Management Guide...
Page 261 Note: Collecting excessive statistics can adversely affect the CPU usage and take up large amounts of storage space. The no form of the command removes the record type from the policy. Default No accounting record is defined. Parameters record-name — the accounting record name 7705 SAR OS System Management Guide...
Page 262: Table 31 Accounting Record Names
The file is generated when the file ID is referenced. This command identifies the type of accounting file to be created. If the to command is executed while the accounting policy is in operation, then it becomes active during the next collection interval. Values 1 to 99 7705 SAR OS System Management Guide...
Page 263 The severity, generate, and suppress options will also be reset to the initial values. Default Each event has a default suppress or generate state. To display a list of all events and the current configuration use the event-control command. 7705 SAR OS System Management Guide...
Page 264 This makes backwards compatibility easier to manage. suppress — indicates that the specified events will not be logged. If the suppress keyword is not specified, then the events are generated by default. Default generate 7705 SAR OS System Management Guide...
Page 265 Values 10 to 20000 Default seconds — specifies the number of seconds that an event throttling interval lasts Values 1 to 60 Default 7705 SAR OS System Management Guide...
Page 266: Table 32 Log File Names
→ dd is the day of the month (for example, 03 for the 3rd of the month) → hh is the hour of the day in 24-hour format (for example, 04 for 4 a.m.) 7705 SAR OS System Management Guide...
Page 267 • 7705 SAR-F • 7705 SAR-M (all variants) • 7705 SAR-A (all variants) • 7705 SAR-W • 7705 SAR-Wx (all variants) • 7705 SAR-8 • 7705 SAR-H 7705 SAR OS System Management Guide...
Page 268 • 7705 SAR-Hc For the 7705 SAR-18, log files are created by default on cf1: and accounting files are created by default on cf2:. There are no overflows onto other devices. Note: The 7705 SAR-A, 7705 SAR-W, 7705 SAR-Wx, and 7705 SAR-Hc do not have compact flash drives;...
Page 269 The file becomes a candidate for removal once the creation datestamp + rollover time + retention time is less than the current timestamp. Values 1 to 500 7705 SAR OS System Management Guide...
Page 270 Parameters drop — the events that are not explicitly forwarded by an event filter match are dropped forward — the events that are not explicitly dropped by an event filter match are forwarded 7705 SAR OS System Management Guide...
Page 271 This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions. When multiple action commands are entered, the last command will overwrite the previous command. The no form of the command removes the specified action statement. Default no action 7705 SAR OS System Management Guide...
Page 272 IP, MPLS, CLI, and SERVICES. Only one application can be specified per entry. When multiple application commands are entered, the last command will overwrite the previous command. The no form of the command removes the application as a match criterion. Default no application 7705 SAR OS System Management Guide...
Page 273: Table 33 Valid Match Operators For Applications
| neq | lt | lte | gt | gte — this operator specifies the type of match. Valid operators are listed in Table Table 34: Valid Match Operators for Event Numbers Operator Notes Equal to Not equal to Less than Less than or equal to 7705 SAR OS System Management Guide...
Page 274 Only one severity command can be entered per event filter entry. When multiple severity commands are entered, the last command overwrites the previous command. The no form of the command removes the severity match criterion. Default no severity 7705 SAR OS System Management Guide...
Page 275: Table 35 Valid Operators For Event Severity
This command adds an event subject as a match criterion. The subject is the entity for which the event is reported, such as a port. In this case, the port-id string would be the subject. 7705 SAR OS System Management Guide...
Page 276: Table 37 Valid Operators For Event Subjects
When the regexp keyword is not specified, the subject command string is matched exactly by the event filter. 7705 SAR OS System Management Guide...
Page 277 Description This command creates the context to configure a syslog target host that is capable of receiving selected syslog messages from the 7705 SAR. A valid syslog-id must have the target syslog host address configured. A maximum of 10 syslog IDs can be configured.
Page 278: Table 38 Valid Facility Codes
Values 0 to 23 Valid codes per RFC 3164, The BSD syslog Protocol, are listed in Table Table 38: Valid Facility Codes Numerical Code Facility Code kernel user mail systemd auth 7705 SAR OS System Management Guide...
Page 279 Only a single threshold level can be specified. If multiple level commands are entered, the last command will overwrite the previous command. 7705 SAR OS System Management Guide...
Page 280: Table 39 Threshold Severity Level Values
Only one string can be entered. If multiple strings are entered, the last string overwrites the previous string. The alphanumeric string can contain lowercase (a-z), uppercase (A-Z) and numeric (0-9) characters. The no form of the command removes the log prefix string. Default no log-prefix 7705 SAR OS System Management Guide...
Page 281 The no form of the command reverts to default value. Default no port Parameters value — the configured UDP port number used when sending syslog messages Values 1 to 65535 7705 SAR OS System Management Guide...
Page 282 The no form of the command deletes the log destination ID from the configuration. Default No log destinations are defined. Parameters log-id — the log ID number, expressed as a decimal integer Values 1 to 100 7705 SAR OS System Management Guide...
Page 283 Only one from command may be entered for a single log-id. If multiple from commands are entered, then the last command entered overwrites the previous command. The no form of the command removes all previously configured source streams. Default no from 7705 SAR OS System Management Guide...
Page 284 The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated. Default No destination is specified. 7705 SAR OS System Management Guide...
Page 285 SNMP log or memory log needs to be modified, the log ID must be removed then recreated. Default No destination is specified. Parameters size — indicates the number of events that can be stored in the memory log Values 50 to 1024 Default 7705 SAR OS System Management Guide...
Page 286 SNMP log or memory log needs to be modified, the log ID must be removed then recreated. Default No destination is specified. Parameters size — defines the number of events stored in this memory log Values 50 to 1024 Default 7705 SAR OS System Management Guide...
Page 287 — specifies that timestamps are written in the system’s local time utc — specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time. 7705 SAR OS System Management Guide...
Page 288 This command adds or modifies a trap receiver and configures the operational parameters for the trap receiver. Before an SNMP trap can be issued to a trap receiver, the console, snmp-trap-group, and at least one trap-target must be configured. 7705 SAR OS System Management Guide...
Page 289 This allows a trap receiving an application, such as NMS, to reconcile a separate event sequence number stream for each 7705 SAR event log when multiple event logs are directed to the same IP address and port destination.
Page 290 When this option is configured, the security-name must be configured for authentication and privacy. Values no-auth-no-privacy, auth-no-privacy, privacy Default No default. The security level must be specified when configuring an SNMPv3 trap receiver. 7705 SAR OS System Management Guide...
Page 291: Show Commands
Svc Id: 101 SAP : 1/1/8:1 Collect-Stats Svc Id: 102 SAP : 1/1/8:2 Collect-Stats Svc Id: 106 SAP : 1/1/8:6 Collect-Stats Svc Id: 107 SAP : 1/1/8:7 Collect-Stats Svc Id: 108 SAP : 1/1/8:8 Collect-Stats 7705 SAR OS System Management Guide...
Page 292: Table 40 Accounting Policy Output Fields
The default depends on the record name type. File ID The log destination Record Name The accounting record name that represents the configured record type This policy is applied Specifies the entities that the accounting policy is applied to 7705 SAR OS System Management Guide...
Page 293: Table 41 Accounting Records Output Fields
Syntax applications Context show>log Description This command displays a list of all application names that can be used in event-control and filter commands. Output The following output is an example of an application list. 7705 SAR OS System Management Guide...
Page 294 A:ALU-1# show log applications ================================== Log Event Application Names ================================== Application Name ---------------------------------- CHASSIS CPMHWFILTER DEBUG DHCP EFM_OAM ETH-CFM FILTER ISIS LOGGER MPLS OSPF PORT ROUTE_POLICY SECURITY SNMP SVCMGR SYSTEM USER VRTR ================================== A:ALU-1# 7705 SAR OS System Management Guide...
Page 295 Event Name Logged Dropped ----------------------------------------------------------------------- ATM: 2004 tAtmTcSubLayerDown 2005 tAtmTcSubLayerClear 2006 atmVclStatusChange CHASSIS: 2001 cardFailure 2002 cardInserted 2003 cardRemoved 2004 cardWrong 2005 EnvTemperatureTooHigh 2007 powerSupplyOverTemp 2008 powerSupplyAcFailure 2009 powerSupplyDcFailure 2010 powerSupplyInserted 2011 powerSupplyRemoved 2012 redPrimaryCPMFail 7705 SAR OS System Management Guide...
Page 296 2001 dot1agCfmFaultAlarm EFM_OAM: 2001 tmnxDot3OamPeerChanged 2002 tmnxDot3OamLoopDetected 2003 tmnxDot3OamLoopCleared FILTER: 2001 tIPFilterPBRPacketsDrop 2002 tFilterEntryActivationFailed 2003 tFilterEntryActivationRestored 2001 clearRTMError 2002 ipEtherBroadcast 2003 ipDuplicateAddress 2004 ipArpInfoOverwritten 2005 fibAddFailed 2006 qosNetworkPolicyMallocFailed 2007 ipArpBadInterface 2008 ipArpDuplicateIpAddress 2009 ipArpDuplicateMacAddress ..7705 SAR OS System Management Guide...
Page 297: Table 42 Event Control Output Fields
Logged The number of events logged/generated Dropped The number of events dropped/suppressed 7705 SAR OS System Management Guide...
Page 298 ------------------------------------------------------------- 1440 cf3: none none Description : Main ============================================================= =============================================================== File Id 10 Location cf3: =============================================================== file name expired state --------------------------------------------------------------- cf3:\log\log0302-20060501-012205 complete cf3:\log\log0302-20060501-014049 complete cf3:\log\log0302-20060501-015344 complete cf3:\log\log0302-20060501-015547 in progress ============================================================= 7705 SAR OS System Management Guide...
Page 299: Table 43 Log File Summary Output Fields
— displays detailed information on the specified event filter policy ID Output The following outputs are examples of event log filter policy information: • filter ID summary information (Sample Output, Table • filter ID information with match criteria specified (Sample Output, Table 7705 SAR OS System Management Guide...
Page 300: Table 44 Filter Id Summary Output Fields
: major Operator : greaterThanOrEqual Subject Operator : off Match Type : exact string Router Operator : off Match Type : exact string Description : Collect only events of major severity or higher -------------------------------------------------------------------------- ========================================================================== 7705 SAR OS System Management Guide...
Page 301: Table 45 Filter Id Match Criteria Output Fields
Subject Displays the event log filter entry subject string match criterion Router Displays the event log filter entry router router-instance string match criterion 7705 SAR OS System Management Guide...
Page 302 Dest Log Id: 99 Filter Id: 0 Status: enabled Dest Type: memory Dest Log Id: 100 Filter Id: 1001 Status: enabled Dest Type: memory Security Logged Dropped Change Logged : 3896 Dropped Debug Logged Dropped =============================================================================== A:ALU-1# 7705 SAR OS System Management Guide...
Page 303: Table 46 Log Collector Output Fields
SNMP trap destinations and are logged in NOTIFICATION-LOG-MIB tables File: all selected log events are directed to a file on the CSM’s compact flash disk Memory: all selected log events are directed to an in-memory storage area 7705 SAR OS System Management Guide...
Page 304 If the to-seq number is not provided, the log contents to the end of the log are displayed unless the count parameter is present, in which case the number of entries displayed is limited by the count. Values 1 to 4294967295 Default all sequence numbers 7705 SAR OS System Management Guide...
Page 305: Table 47 Log Id Output Fields
The value is the index to the entry that defines the filter to be applied to this log's source event stream to limit the events output to this log's destination. If the value is 0, then all events in the source log are forwarded to the destination. 7705 SAR OS System Management Guide...
Page 306 ID destination is either syslog or file. When the time format is UTC, timestamps are written using the Coordinated Universal Time value. When the time format is local, timestamps are written in the system's local time. 7705 SAR OS System Management Guide...
Page 307 The following output is an example of SNMP trap group information, and Table 48 describes the fields. Sample Output *A:ALU-48>config>log# show log snmp-trap-group =============================================================================== SNMP Trap Groups =============================================================================== name port address ------------------------------------------------------------------------------- name 10.20.30.10 =============================================================================== *A:ALU-48>config>log# 7705 SAR OS System Management Guide...
Page 308: Table 48 Snmp Trap Group Output Fields
Sample Output *A:ALU-48>config>log# show log syslog =============================================================================== Syslog Target Hosts =============================================================================== Ip Address Port Sev Level Below Level Drop Facility Pfx Level ------------------------------------------------------------------------------- unknown info local7 unknown info mail =============================================================================== *A:ALU-48>config>log# 7705 SAR OS System Management Guide...
Page 309: Table 49 Syslog Output Fields
No: a log prefix was not prepended to the syslog message sent to the syslog host Description A text description stored in the configuration file for a configuration context LogPrefix The prefix string prepended to the syslog message Log-id Events are directed to this destination 7705 SAR OS System Management Guide...
Page 310: Clear Commands
This command is only applicable to event logs that are directed to file destinations and memory destinations. SNMP, syslog and console/session logs are not affected by this command. Parameters log-id — the event log ID to be initialized/rolled over Values 1 to 100 7705 SAR OS System Management Guide...
Page 311: List Of Acronyms
ANSI American National Standards Institute Apipe ATM VLL 7705 SAR OS System Management Guide...
Page 312 (first packet of a fragment) committed burst size excess burst size BECN backward explicit congestion notification Bellcore Bell Communications Research bidirectional forwarding detection border gateway protocol BITS building integrated timing supply BMCA best master clock algorithm 7705 SAR OS System Management Guide...
Page 313 BSTA Broadband Service Termination Architecture base transceiver station channel associated signaling common bonding networks committed buffer space continuity check control channel continuity check message circuit emulation customer edge circuit emulation circuit emulation services 7705 SAR OS System Management Guide...
Page 314 (from chronos = time) candidate RP Control and Switching Module CSNP complete sequence number PDU CSPF constrained shortest path first C-TAG customer VLAN tag connection verification customer VLAN (tag) control word 7705 SAR OS System Management Guide...
Page 315 IEEE 802.1p bits, in Ethernet or VLAN ingress packet headers, used to map traffic to up to eight forwarding classes dot1q IEEE 802.1q encapsulation for Ethernet interfaces dead peer detection 7705 SAR OS System Management Guide...
Page 316 Ethernet in the first mile exterior gateway protocol EIA/TIA-232 Electronic Industries Alliance/Telecommunications Industry Association Standard 232 (also known as RS-232) excess information rate ELER egress label edge router E&M ear and mouth earth and magneto exchange and multiplexer 7705 SAR OS System Management Guide...
Page 317 FEAC far-end alarm and control forwarding equivalence class FECN forward explicit congestion notification FeGW far-end gateway fixed filter fast fault detection forwarding information base 7705 SAR OS System Management Guide...
Page 318 Global System for Mobile Communications (2G) high availability high capacity multiplexing HDB3 high density bipolar of order 3 HDLC high-level data link control protocol header error control HMAC hash message authentication code 7705 SAR OS System Management Guide...
Page 319 Internet Enhanced Service IETF Internet Engineering Task Force interior gateway protocol instance ID internet key exchange ILER ingress label edge router incoming label map inverse multiplexing over ATM INVARP inverse address resolution protocol input/output module 7705 SAR OS System Management Guide...
Page 320 LFIB label forwarding information base label information base LLDP link layer discovery protocol LLDPDU link layer discovery protocol data unit link loss forwarding 7705 SAR OS System Management Guide...
Page 321 MA-ID maintenance association identifier make-before-break MBMS multimedia broadcast multicast service maximum buffer space maximum burst size media buffer space MBSP mobile backhaul service provider MC-APS multi-chassis automatic protection switching 7705 SAR OS System Management Guide...
Page 322 MI-IS-IS multi-instance IS-IS minimum information rate MLPPP multilink point-to-point protocol merge point multilink protocol MP-BGP multiprotocol border gateway protocol MPLS multiprotocol label switching MPLSCP multiprotocol label switching control protocol MPT protection protocol 7705 SAR OS System Management Guide...
Page 323 NAT-T network address translation traversal NBMA non-broadcast multiple access (network) network element network entity title NHLFE next hop label forwarding entry NHOP next-hop 7705 SAR OS System Management Guide...
Page 324 3 outgoing interface optical line termination optical network terminal out-of-band off premises extension outbound route filtering operating system Open Systems Interconnection (reference model) OSINLCP OSI Network Layer Control Protocol OSPF open shortest path first 7705 SAR OS System Management Guide...
Page 325 0 PFoE power feed over Ethernet perfect forward secrecy per-hop behavior physical layer protocol ID PIM SSM protocol independent multicast—source-specific multicast peak information rate PLAR private line automatic ringdown PLCP Physical Layer Convergence Protocol 7705 SAR OS System Management Guide...
Page 326 PVCC permanent virtual channel connection pseudowire pseudowire emulation PWE3 pseudowire emulation edge-to-edge Q.922 ITU-T Q-series Specification 922 quality level quality of service RADIUS Remote Authentication Dial In User Service Radio Access Network 7705 SAR OS System Management Guide...
Page 327 RSTP rapid spanning tree protocol RSVP-TE resource reservation protocol - traffic engineering receive/transmit routing table manager battery return real-time protocol R&TTE Radio and Telecommunications Terminal Equipment remote terminal unit rack unit 7705 SAR OS System Management Guide...
Page 328 Ethernet ports, and 1 hot-insertable module slot • passively cooled chassis with 16 T1/E1 ports, 7 Ethernet ports, and 0 module slots • passively cooled chassis with 0 T1/E1 ports, 7 Ethernet ports, and 0 module slots 7705 SAR OS System Management Guide...
Page 329 1471/1511/1551/1591 nm on Rx SAR-W 7705 Service Aggregation Router – passively cooled, universal AC and DC powered unit, equipped with five Gigabit Ethernet ports (three SFP ports and two RJ-45 Power over Ethernet (PoE) ports) 7705 SAR OS System Management Guide...
Page 330 GPS receiver, and an RJ-45 alarm input connector SAToP structure-agnostic TDM over packet SCADA surveillance, control and data acquisition SC-APS single-chassis automatic protection switching secure copy signal degrade space diversity synchronous digital hierarchy 7705 SAR OS System Management Guide...
Page 331 SONET synchronous optical networking S-PE switching provider edge router shortest path first security parameter index shortest path tree service router (includes 7710 SR, 7750 SR) SRLG shared risk link group secure shell 7705 SAR OS System Management Guide...
Page 332 LDP transport layer security type length value traffic management time of day type of service T-PE terminating provider edge router TPID tag protocol identifier TPIF IEEE C37.94 teleprotection interface TPMR two-port MAC relay 7705 SAR OS System Management Guide...
Page 333 VCCV virtual circuit connectivity verification virtual circuit identifier VLAN ID VLAN virtual LAN virtual leased line VoIP voice over IP peak voltage virtual path virtual path connection virtual path identifier 7705 SAR OS System Management Guide...
Page 334 WCDMA wideband code division multiple access (transmission protocol used in UMTS networks) WRED weighted random early discard wait to restore X.21 ITU-T X-series Recommendation 21 7705 SAR OS System Management Guide...
Page 335: Standards And Protocol Support
Standards and Protocol Support This chapter lists the 7705 SAR compliance with EMC, environmental, and safety standards, telecom standards, and supported protocols: • EMC Industrial Standards Compliance • EMC Regulatory and Customer Standards Compliance • Environmental Standards Compliance • Safety Standards Compliance •...
Page 336: Table 51 Emc Industrial Standards Compliance
✓ ✓ ✓ IEC 61850-3 Communication networks and systems for power utility automation - Part 3: General requirements ✓ ✓ ✓ IEC/AS 60870.2.1 Telecontrol equipment and systems. Operating conditions. Power supply and electromagnetic compatibility 7705 SAR OS System Management Guide...
Page 337: Table 52 Emc Regulatory And Customer Standards Compliance
(equipment input current <16A per phase) ✓ ✓ ✓ IEC 61000-3-3 Limits for voltage fluctuations and ✓ ✓ ✓ ✓ ✓ ✓ ✓ flicker in low-voltage supply systems for equipment with rated current <16A 7705 SAR OS System Management Guide...
Page 338 ✓ ✓ ✓ ✓ ✓ ✓ Radio disturbance characteristics. Limits and methods of measurement ✓ ✓ ✓ ✓ ✓ ✓ ✓ KC Notice Emission EMS standard: NRRA notice (KN22) and Immunity (KN24) (South Korea) 7705 SAR OS System Management Guide...
Page 339: Table 53 Environmental Standards Compliance
✓ ETSI EN 300 019-2-4 Specification of environmental tests; v2.2.2 class T4.1 Stationary use at non-weatherprotected locations ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Telcordia GR-63- NEBS Requirements: Physical CORE Protection 7705 SAR OS System Management Guide...
Page 340: Table 54 Safety Standards Compliance
IEC/EN Information technology equipment - 60950-1 Safety - Part 1: General requirements ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ AS/NZS 60950-1 Information technology equipment - Safety - Part 1: General requirements 7705 SAR OS System Management Guide...
Page 341: Table 55 Directives, Regional Approvals And Certifications Compliance
Radio and Telecommunication EC R&TTE Terminal Equipment (R&TTE) OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ EU Directive 2004/ Electromagnetic Compatibility (EMC) 108/EC EMC 7705 SAR OS System Management Guide...
Page 342 ✓ ✓ ✓ ✓ ✓ ✓ TL9000 certified ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ISO 14001 certified ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ISO 9001:2008 certified 7705 SAR OS System Management Guide...
Page 343 ITU-T G.704—Synchronous frame structures used at 1544, 6312, 2048, 8448 and 44 736 kbit/s hierarchical levels ITU-T G.707—Network node interface for the Synchronous Digital Hierarchy (SDH) ITU-T G.712 (E&M)—Transmission performance characteristics of pulse code modulation channels ITU-T G.813—Timing characteristics of SDH equipment slave clock (SEC) 7705 SAR OS System Management Guide...
Page 344: Protocol Support
GR-1248-CORE—Generic Requirements for Operations of ATM Network Elements (NEs). Issue 3 June 1996 GR-1113-CORE—Bellcore, Asynchronous Transfer Mode (ATM) and ATM Adaptation Layer (AAL) Protocols Generic Requirements, Issue 1, July 1994 AF-PHY-0086.001—Inverse Multiplexing for ATM (IMA) 7705 SAR OS System Management Guide...
Page 345 RFC 1534—Interoperation between DHCP and BOOTP RFC 2131—Dynamic Host Configuration Protocol (REV) RFC 2132—DHCP Options and BOOTP Vendor Extensions RFC 3046—DHCP Relay Agent Information Option (Option 82) RFC 3315—Dynamic Host Configuration Protocol for IPv6 7705 SAR OS System Management Guide...
Page 346 ANSI T1.617 Annex D—Signalling Specification For Frame Relay Bearer Service ITU-T Q.922 Annex A—Digital Subscriber Signalling System No. 1 (DSS1) data link layer - ISDN data link layer specification for frame mode bearer services. FRF.1.2—PVC User-to-Network Interface (UNI) Implementation Agreement 7705 SAR OS System Management Guide...
Page 347 RFC 1195—Use of OSI IS-IS for routing in TCP/IP & dual environments RFC 2763—Dynamic Hostname Exchange for IS-IS RFC 2966—Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2973—IS-IS Mesh Groups RFC 3373—Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies 7705 SAR OS System Management Guide...
Page 348 RFC 2013—UDP-MIB RFC 2030—Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI RFC 2096—IP-FORWARD-MIB RFC 2138—RADIUS RFC 2206—RSVP-MIB RFC 2571—SNMP-FRAMEWORKMIB RFC 2572—SNMP-MPD-MIB RFC 2573—SNMP-TARGET-&-NOTIFICATION-MIB RFC 2574—SNMP-USER-BASED-SMMIB RFC 2575—SNMP-VIEW-BASED ACM-MIB RFC 2576—SNMP-COMMUNITY-MIB 7705 SAR OS System Management Guide...
Page 349 RFC 4203—Shared Risk Link Group (SRLG) sub-TLV RFC 1332—PPP Internet Protocol Control Protocol (IPCP) RFC 1570—PPP LCP Extensions RFC 1619—PPP over SONET/SDH RFC 1661—The Point-to-Point Protocol (PPP) RFC 1662—PPP in HDLC-like Framing RFC 1989—PPP Link Quality Monitoring 7705 SAR OS System Management Guide...
Page 350 RFC 2865—Remote Authentication Dial In User Service RFC 2866—RADIUS Accounting RSVP-TE and FRR RFC 2430—A Provider Architecture for DiffServ & TE RFC 2961—RSVP Refresh Overhead Reduction Extensions RFC 2702—Requirements for Traffic Engineering over MPLS 7705 SAR OS System Management Guide...
Page 351 GR 1244 CORE—Clocks for the Synchronized Network: Common Generic Criteria IEEE Std 1588-2008—IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems TACACS+ IETF draft-grant-tacacs-02.txt—The TACACS+ Protocol TCP/IP RFC 768—User Datagram Protocol RFC 791—Internet Protocol 7705 SAR OS System Management Guide...
Page 352 RFC 3768 Virtual Router Redundancy Protocol RFC 5798 Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6 Proprietary MIBs TIMETRA-ATM-MIB.mib TIMETRA-CAPABILITY-7705-V1.mib TIMETRA-CFLOWD-MIB.mib TIMETRA-CHASSIS-MIB.mib TIMETRA-CLEAR-MIB.mib TIMETRA-FILTER-MIB.mib TIMETRA-GLOBAL-MIB.mib TIMETRA-LDP-MIB.mib TIMETRA-LOG-MIB.mib TIMETRA-MPLS-MIB.mib TIMETRA-OAM-TEST-MIB.mib TIMETRA-PORT-MIB.mib TIMETRA-PPP-MIB.mib TIMETRA-QOS-MIB.mib TIMETRA-ROUTE-POLICY-MIB.mib TIMETRA-RSVP-MIB.mib TIMETRA-SAP-MIB.mib TIMETRA-SDP-MIB.mib TIMETRA-SECURITY-MIB.mib 7705 SAR OS System Management Guide...
Page 353 Standards and Protocol Support TIMETRA-SERV-MIB.mib TIMETRA-SYSTEM-MIB.mib TIMETRA-TC-MIB.mib TIMETRA-VRRP-MIB.mib 7705 SAR OS System Management Guide...
Page 354 Standards and Protocol Support 7705 SAR OS System Management Guide...
Page 355 Customer documentation and product support Customer documentation http://documentation.alcatel-lucent.com Technical support http://support.alcatel-lucent.com Documentation feedback documentation.feedback@alcatel-lucent.com...
Page 356 © 2015 Alcatel-Lucent. All rights reserved. 3HE 09688 AAAA TQZZA Edition 01...