manualshive.com logo in svg

Cisco SCE 1000 and, Configuration Manual

The Cisco SCE 1000 is an innovative networking device. For a hassle-free setup, our Quick Start Manual provides step-by-step instructions. Download the manual for free from manualshive.com to make the most of your Cisco SCE 1000 and optimize your network performance.

Share
Download
background image

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706 
USA
http://www.cisco.com
Tel: 408 

526-4000

800 553-NETS (6387)

Fax: 408 

527-0883

Cisco SCE 2000 and SCE 1000 Software 
Configuration Guide

Release 3.5.5

June 15, 2009

Text Part Number: OL-7827-12

Summary of Contents for SCE 1000 and

Page 1: ... Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Cisco SCE 2000 and SCE 1000 Software Configuration Guide Release 3 5 5 June 15 2009 Text Part Number OL 7827 12 ...

Page 2: ...F SUCH DAMAGES CCDE CCSI CCENT Cisco Eos Cisco HealthPresence the Cisco logo Cisco Lumin Cisco Nexus Cisco Nurse Connect Cisco Stackpower Cisco StadiumVision Cisco TelePresence Cisco WebEx DCE and Welcome to the Human Network are trademarks Changing the Way We Work Live Play and Learn and Cisco Store are service marks and Access Registrar Aironet AsyncOS Bringing the Meeting To You Catalyst CCDA C...

Page 3: ...ice Providers 1 2 Cisco Service Control Capabilities 1 2 SCE Platform Description 1 3 Management and Collection 1 4 Network Management 1 5 Subscriber Management 1 5 Service Configuration Management 1 6 Data Collection 1 6 C H A P T E R 2 Command Line Interface 2 1 Introduction 2 1 Authorization and Command Levels Hierarchy 2 2 CLI Authorization Levels 2 2 CLI Command Mode Hierarchy 2 3 Prompt Indi...

Page 4: ...a Previous Configuration Example 3 6 Backing Up Configuration Files 3 6 Options 3 6 How to Create a Backup Configuration File 3 7 How to Upload a Backup Configuration File 3 7 Upgrading the SCE Platform Firmware 3 7 Upgrading SCE Platform Firmware Example 3 8 Downgrading the SCE Platform to a Previous Version 3 8 Managing Application Files 3 9 Configuring Applications 3 9 Managing Application File...

Page 5: ... T E R 4 Utilities 4 1 Introduction 4 1 The Setup Command 4 1 Setup Command Parameters 4 1 Entering the Setup Command 4 4 Defining Lists in the Setup Utility 4 4 Multiple entry parameters Lists 4 4 Working with SCE Platform Files 4 5 Working with Directories 4 5 How to Create a Directory 4 5 How to Delete a Directory 4 6 How to Change Directories 4 6 How to Display your Working Directory 4 6 How t...

Page 6: ...Setting the IP Address and Subnet Mask of the Management Interface Example 5 4 Configuring the Management Interface Speed and Duplex Parameters 5 5 Interface State Relationship to Speed and Duplex 5 5 How to Configure the Speed of the Management Interface 5 5 How to Configure the Duplex Operation of the Management Interface 5 6 Specifying the Active Management Port 5 6 Options 5 7 Specifying the A...

Page 7: ...ies to an ACL 5 28 How to Remove an ACL 5 28 How to Define a Global ACL 5 28 Configuring the Telnet Interface 5 28 How to Prevent Telnet Access 5 29 How to Assign an ACL to the Telnet Interface 5 29 How to Configure the Telnet Timeout 5 30 Configuring the SSH Server 5 30 Information About the SSH Server 5 30 Managing the SSH Server 5 31 How to Monitor the Status of the SSH Server 5 32 Enabling the...

Page 8: ... Routing Table 5 53 How to Configure the Default Gateway 5 53 How to Add an Entry to the IP Routing Table 5 54 Displaying the IP Routing Table 5 54 IP Advertising 5 55 Configuring IP Advertising 5 55 How to Display the Current IP Advertising Configuration 5 56 Configuring the IP Address of the Management Interface 5 57 Options 5 57 Configuring the IP Address of the Management Interface Example 5 5...

Page 9: ...e All Servers 5 65 How to Remove One SNTP Server 5 66 How to Define the SNTP Unicast Update Interval 5 66 Options 5 66 Defining the SNTP Unicast Update Interval Example 5 66 How to Display SNTP Information 5 66 Displaying SNTP Information Example 5 67 Configuring Domain Name Server DNS Settings 5 67 Configuring DNS Lookup 5 67 How to Enable DNS Lookup 5 68 How to Disable DNS Lookup 5 68 Configurin...

Page 10: ...inIP Tunnels 6 9 Configuring the VLAN Environment 6 10 Configuring the MPLS Environment 6 11 Configuring the L2TP Environment 6 12 Asymmetric L2 Support 6 13 Displaying the Tunneling Configuration 6 13 How to Display the IPinIP Configuration 6 14 How to Display the Logged in VPNs 6 14 Options 6 14 How to Display the Asymmetric L2 Support Mode 6 14 Configuring VLAN Translation 6 14 VLAN Translation...

Page 11: ...uration 6 27 Counting Dropped Packets 6 27 Configuring the Hardware Packet Drop 6 27 How to Disable the Hardware Packet Drop 6 27 How to Enable the Hardware Packet Drop 6 28 C H A P T E R 7 Configuring the Connection 7 1 Introduction 7 1 Configuring the Connection Mode 7 1 Options 7 2 Configuring the Connection Mode Examples 7 3 Monitoring the Connection Mode and Related Parameters 7 3 How to View...

Page 12: ...2 How to Enable Link Failure Reflection 7 12 How to Disable Link Failure Reflection 7 12 Enabling and Disabling Link Failure Reflection on All Ports 7 12 Options 7 13 How to Enable Link Failure Reflection on All Ports 7 13 How to Disable Link Failure Reflection on All Ports 7 13 Configuring Link Failure Reflection in Linecard Aware Mode SCE 2000 only 7 13 How to Enable Linecard Aware Mode 7 14 How...

Page 13: ... DSCP Value for NetFlow 8 15 Options 8 15 How to Configure the Template Refresh Interval 8 15 Options 8 15 Configuring Dynamic Mapping of RDRs to Categories 8 15 How to Configuring Mappings 8 16 Options 8 16 How to Add a Mapping to a Category 8 16 How to Remove a Mapping from a Category 8 16 How to Restore the Default Mapping for a Specified RDR Tag 8 16 Displaying Data Destination Configuration a...

Page 14: ... 9 Options 9 9 How to Import Subscriber Information 9 9 How to Export Subscriber Information 9 10 How to Import a Subscriber Template 9 10 How to Export a Subscriber Template 9 10 Removing Subscribers and Templates 9 10 How to Remove a Specific Subscriber 9 11 Options 9 11 How to Remove All Introduced Subscribers 9 11 How to Remove a Specific Anonymous Subscriber Group 9 12 Options 9 12 How to Rem...

Page 15: ...9 25 How to display currently configured anonymous groups 9 26 How to display currently configured templates for anonymous groups 9 26 How to display current configuration for a specified anonymous group 9 26 How to display subscribers in a specified anonymous group 9 26 How to display all subscribers currently in anonymous groups 9 26 How to display the number of subscribers in a specified anonym...

Page 16: ...mber of Subscribers Mapped to a Specified IP Range 9 37 Configuring the Actual Maximum Number of Subscribers 9 37 How to Override the Configured Capacity Option 9 37 How to Restore the Configured Capacity Option 9 38 How to Monitor the Maximum Number of Subscribers 9 38 Configuring Subscriber Aging 9 38 How to Enable Aging for Anonymous Group Subscribers 9 38 How to Enable Aging for Introduced Sub...

Page 17: ...8 Replacing the SCE platform manual recovery 10 9 Manual steps 10 9 Automatic steps in parallel with the manual steps requires no user intervention 10 9 Reboot only fully automatic recovery 10 9 CLI Commands for Cascaded Systems 10 10 Topology Related Parameters for Redundant Topologies 10 10 Configuring the Connection Mode 10 10 Examples 10 11 Monitoring a Cascaded System 10 11 How to View the Cu...

Page 18: ...d Optionally the Default Thresholds 11 11 How to Reinstate the System Defaults for a Selected Set of Attack Types 11 12 How to Reinstate the System Defaults for All Attack Types 11 12 Specific Attack Detectors 11 13 Options 11 13 How to Enable a Specific Attack Detector and Assign it an ACL 11 14 How to Define the Action and Optionally the Thresholds for a Specific Attack Detector 11 14 How to Def...

Page 19: ...w to display all attack detector configurations 11 26 How to display filter state enabled or disabled 11 26 How to display configured threshold values and actions 11 26 How to display the current counters 11 28 How to display all currently handled attacks 11 28 How to display all existing force filter settings 11 28 How to display all existing don t filter settings 11 28 How to display the list of...

Page 20: ...SCE Platform Features 12 15 VAS Traffic Forwarding and DDoS Processing 12 15 Specific IP DDoS Attack Detection 12 15 Specific IP Attack filter 12 16 VAS Traffic Forwarding and Bandwidth Management 12 16 Global Controllers and VAS flows 12 16 Configuring VAS Traffic Forwarding 12 16 Configuring VAS Traffic Forwarding from the SCA BB Console 12 17 Global Options 12 17 Enabling VAS Traffic Forwarding...

Page 21: ...onal and Configuration Information for All VAS Servers 12 30 How to Display the VAS Servers Used by a Specified Subscriber 12 30 How to Display Health Check Counters for a Specified VAS Server 12 30 Example 12 30 How to Display Health Check Counters for All VAS Servers 12 31 How to Clear the Health Check Counters for a Specified VAS Server 12 31 How to Clear the Health Check Counters for All VAS S...

Page 22: ...nfiguration 12 52 C H A P T E R 13 MPLS VPN Support 13 1 Introduction 13 1 Service Control in the MPLS VPN Environment 13 1 Definitions and Acronyms 13 2 What are the Challenges for Service Control for MPLS VPN Support 13 3 How MPLS VPN Support Works 13 3 Flow Detection 13 3 VPN Detection 13 4 Subscriber Detection 13 4 What is an MPLS VPN based Subscriber 13 4 Private IP Subscriber Support 13 5 Ho...

Page 23: ...w IP Ranges 13 17 Managing MPLS VPN Support 13 17 Managing MPLS VPN Support via SNMP 13 17 MPLS VPN MIB Objects 13 18 MPLS VPN Traps 13 18 Monitoring MPLS VPN Support via SCE Platform CLI 13 18 Displaying VPN related Mappings 13 18 Clearing Upstream VPN Mappings 13 21 Monitoring Subscriber Counters 13 22 Monitoring MPLS VPN Counters 13 23 Monitoring the PE Routers 13 23 Monitoring Bypassed VPNs 13...

Page 24: ...rameter 14 11 How to Define the Loss of Sync Timeout Parameter 14 11 Adding an SCMP Peer Device 14 12 How to Define an SCMP Peer Device 14 12 Assigning the SCMP Peer Device to an Anonymous Group 14 13 Deleting Subscribers Managed by an SCMP Peer Device 14 13 Options 14 13 Deleting an SCMP Peer Device 14 14 Defining the Subscriber ID 14 14 Options 14 15 Configuring the RADIUS Client 14 15 Options 1...

Page 25: ...p 1 3 6 1 4 1 5655 4 0 1 B 19 operationalStatusWarningTrap 1 3 6 1 4 1 5655 4 0 2 B 19 operationalStatusFailureTrap 1 3 6 1 4 1 5655 4 0 3 B 19 systemResetTrap 1 3 6 1 4 1 5655 4 0 4 B 19 chassisTempAlarmOnTrap 1 3 6 1 4 1 5655 4 0 5 B 19 chassisTempAlarmOffTrap 1 3 6 1 4 1 5655 4 0 6 B 19 chassisVoltageAlarmOnTrap 1 3 6 1 4 1 5655 4 0 7 B 20 chassisFansAlarmOnTrap 1 3 6 1 4 1 5655 4 0 8 B 20 chas...

Page 26: ... B 23 sessionDeniedAccessTrap 1 3 6 1 4 1 5655 4 0 41 B 23 sessionBadLoginTrap 1 3 6 1 4 1 5655 4 0 42 B 24 illegalSubscriberMappingTrap 1 3 6 1 4 1 5655 4 0 43 B 24 loggerLineAttackLogFullTrap 1 3 6 1 4 1 5655 4 0 44 B 24 vasServerOperationalStatusChangeTrap 1 3 6 1 4 1 5655 4 0 45 B 24 pullRequestNumber 1 3 6 1 4 1 5655 4 0 46 B 24 pullRequestRetryFailedTrap 1 3 6 1 4 1 5655 4 0 47 B 24 mplsVpnT...

Page 27: ... 4 1 4 1 1 1 B 40 linkIndex 1 3 6 1 4 1 5655 4 1 4 1 1 2 B 40 linkAdminModeOnActive 1 3 6 1 4 1 5655 4 1 4 1 1 3 B 41 linkAdminModeOnFailure 1 3 6 1 4 1 5655 4 1 4 1 1 4 B 41 linkOperMode 1 3 6 1 4 1 5655 4 1 4 1 1 5 B 41 linkStatusReflectionEnable 1 3 6 1 4 1 5655 4 1 4 1 1 6 B 42 linkSubscriberSidePortIndex 1 3 6 1 4 1 5655 4 1 4 1 1 7 B 42 linkNetworkSidePortIndex 1 3 6 1 4 1 5655 4 1 4 1 1 8 B...

Page 28: ...oryNumReportsQueued 1 3 6 1 4 1 5655 4 1 6 11 1 8 B 51 rdrFormatterCategoryDestTable 1 3 6 1 4 1 5655 4 1 6 12 B 51 rdrFormatterCategoryDestEntry 1 3 6 1 4 1 5655 4 1 6 12 1 B 51 rdrFormatterCategoryDestPriority 1 3 6 1 4 1 5655 4 1 6 12 1 1 B 51 rdrFormatterCategoryDestStatus 1 3 6 1 4 1 5655 4 1 6 12 1 2 B 52 loggerUserLogEnable 1 3 6 1 4 1 5655 4 1 7 1 B 52 loggerUserLogNumInfo 1 3 6 1 4 1 5655...

Page 29: ...5655 4 1 8 3 1 4 B 61 spvPropertyStringValue 1 3 6 1 4 1 5655 4 1 8 3 1 5 B 61 spvPropertyUintValue 1 3 6 1 4 1 5655 4 1 8 3 1 6 B 62 spvPropertyCounter64Value 1 3 6 1 4 1 5655 4 1 8 3 1 7 B 62 tpInfoTable 1 3 6 1 4 1 5655 4 1 9 1 B 62 tpInfoEntry 1 3 6 1 4 1 5655 4 1 9 1 1 B 63 tpModuleIndex 1 3 6 1 4 1 5655 4 1 9 1 1 1 B 63 tpIndex 1 3 6 1 4 1 5655 4 1 9 1 1 2 B 63 tpTotalNumHandledPackets 1 3 6...

Page 30: ...HandledFlowsRatePeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 34 B 71 tpCpuUtilization 1 3 6 1 4 1 5655 4 1 9 1 1 35 B 72 tpCpuUtilizationPeak 1 3 6 1 4 1 5655 4 1 9 1 1 36 B 72 tpCpuUtilizationPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 37 B 72 tpFlowsCapacityUtilization 1 3 6 1 4 1 5655 4 1 9 1 1 38 B 72 tpFlowsCapacityUtilizationPeak 1 3 6 1 4 1 5655 4 1 9 1 1 39 B 73 tpFlowsCapacityUtilizationPeakTime 1 3 6 1 4...

Page 31: ...ationPeak 1 3 6 1 4 1 5655 4 1 12 1 1 7 B 81 globalControllersUtilizationPeakTime 1 3 6 1 4 1 5655 4 1 12 1 1 8 B 82 globalControllersClearCountersTime 1 3 6 1 4 1 5655 4 1 12 1 1 9 B 82 globalControllersDroppedBytes 1 3 6 1 4 1 5655 4 1 12 1 1 10 B 82 appInfoTable 1 3 6 1 4 1 5655 4 1 13 1 B 82 appInfoEntry 1 3 6 1 4 1 5655 4 1 13 1 1 B 83 appName 1 3 6 1 4 1 5655 4 1 13 1 1 1 B 83 appDescription...

Page 32: ...3 B 90 attackTypeTotalNumAttacks 1 3 6 1 4 1 5655 4 1 15 1 1 4 B 90 attackTypeTotalNumFlows 1 3 6 1 4 1 5655 4 1 15 1 1 5 B 90 attackTypeTotalNumSeconds 1 3 6 1 4 1 5655 4 1 15 1 1 6 B 90 vasServersTable 1 3 6 1 4 1 5655 4 1 16 1 B 91 vasServerEntry 1 3 6 1 4 1 5655 4 1 16 1 1 B 91 vasServerIndex 1 3 6 1 4 1 5655 4 1 16 1 1 1 B 91 vasServerId 1 3 6 1 4 1 5655 4 1 16 1 1 2 B 91 vasServerAdminStatus...

Page 33: ...he Cisco SCE8000 10GBE Software Configuration Guide or the Cisco SCE8000 GBE Software Configuration Guide Document Revision History The Document Revision History below records changes to this document Table 1 Document Revision History Revision Cisco Service Control Release and Date Change Summary OL 7827 12 3 5 5 June 2009 Added information regarding the following New format of the connection mode...

Page 34: ...d to describe the updated VPN functionality Configuring the Line Interface How to Configure Tunneling Protocols Managing Subscribers MPLS VPN Support The following chapter was updated to describe the updated TOS marking functionality Configuring the Line Interface Minor changes were made in the following chapters to clarify certain topics and issues Configuring the Line Interface Hardware packet d...

Page 35: ...tures MPLS VPN Support including MPLS VPN related changes in Managing Subscribers and Configuring Tunneling Protocols Configuring VLAN Translation VAS over 10G The Proprietary MIB Reference was reorganized to reflect reorganization of the pcube Enterprise MIB OL 7827 03 3 0 December 2005 Added the following new features Value Added Services VAS Traffic Forwarding Monitoring SCE Platform Utilizatio...

Page 36: ...Configuring the Line Interface page 6 1 Explanation of how to configure tunneling TOS marking and traffic rules 7 Configuring the Connection page 7 1 Explanation of how to configure the connection mode link mode and failure behaviors 8 Raw Data Formatting The RDR Formatter and NetFlow Exporting page 8 1 Explanation of how to configure the connection mode link mode and failure behaviors 9 Managing ...

Page 37: ...he ISG Intelligent Service Gateway functionality of the Cisco routers It also explains how to configure and manage SCMP SCMP peer devices and the RADIUS client A Monitoring SCE Platform Utilization page A 1 Explanation of how to monitor SCE platforms that are installed in real traffic B Proprietary MIB Reference page B 1 Definition of the proprietary Service Control Enterprise MIB Table 2 Document...

Page 38: ...tallation and Configuration Guide For initial installation and startup information refer to the relevant quick start guide Cisco SCE 2000 4xGBE Quick Start Guide Cisco SCE 2000 4 8xFE Quick Start Guide Cisco SCE 1000 2xGBE Quick Start Guide For international agency compliance safety and statutory information for wide area network WAN interfaces for the SCE 2000 platform refer to the regulatory and...

Page 39: ...ication bold font Commands and keywords and user entered text appear in bold font italic font Document titles new or emphasized terms and arguments for which you supply values are in italic font Elements in square brackets are optional x y z Required alternative keywords are grouped in braces and separated by vertical bars x y z Optional alternative keywords are grouped in brackets and separated b...

Page 40: ...information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set content to be delivered directly to your desktop using a reader application The RSS feeds ar...

Page 41: ...se the SCE platform to support classification analysis and control of Internet and IP traffic Service control enables service providers to Capitalize on existing infrastructure Analyze charge for and control IP network traffic at multigigabit wire line speeds Identify and target high margin content based services and enable their delivery As the downturn in the telecommunications industry has show...

Page 42: ...solutions include Subscriber and application awareness Application level drilling into IP traffic for real time understanding and controlling of usage and content at the granularity of a specific subscriber Subscriber awareness The ability to map between IP flows and a specific subscriber to maintain the state of each subscriber transmitting traffic through the SCE platform and to enforce the appr...

Page 43: ...ese flows with user ownership SCE platforms provide real time classification of network use The classification provides the basis of the SCE platform advanced traffic control and bandwidth shaping functionality Where most bandwidth shaper functionality ends the SCE platform provides further control and shaping options including Layer 7 stateful wire speed packet inspection and classification Robus...

Page 44: ...to manage all aspects of the solution Network management Subscriber management Service Control management These management interfaces are designed to comply with common management standards and to integrate easily with existing OSS infrastructure Figure 1 2 LINK RX Cisco SCE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX GBE 1 SUB LINE NET PWR B STATUS PW...

Page 45: ...tween OSS and SCE platforms Subscriber information is stored in the SM database and can be distributed between multiple platforms according to actual subscriber placement The SM provides subscriber awareness by mapping network IDs to subscriber IDs It can obtain subscriber information using dedicated integration modules that integrate with AAA devices such as RADIUS or DHCP servers Subscriber info...

Page 46: ...ions of the SCE platform result in the generation of Raw Data Records RDRs which the SCE platform forwards using a simple TCP based protocol RDR Protocol 2 RDRs are processed by the Cisco service control management suite collection manager 3 The collection manager software is an implementation of a collection system that receives RDRs from one or more SCE platforms It collects these records and pr...

Page 47: ...es The CLI is accessed through a Telnet session or directly via the console port on the front panel of the SCE platform When you enter a Telnet session you enter as the simplest level of user in the User Exec mode The SCE platform supports up to eleven concurrent CLI sessions five sessions initiated by Telnet connection five sessions by SSH connection and one session on the console port Authorizat...

Page 48: ...rarchy page 2 3 The following sections describe the available Authorization and Command Hierarchy Levels and how to maneuver within them The on screen prompt indicates both your authorization level and your command hierarchy level as well as the assigned host name Note Throughout the manual SCE is used as the sample host name CLI Authorization Levels The SCE platform has four authorization levels ...

Page 49: ...CLI modes Table 2 1 Authorization Levels Level Description Value Prompt User Password required This level enables basic operational functionality 0 Viewer Password required This level enables monitoring functionality All show commands are available to the Viewer authorization level with the exception of those that display password information 5 Admin Password required For use by general administra...

Page 50: ...each mode can be viewed using the question mark at the end of the prompt Figure 2 1 illustrates the hierarchical structure of the CLI modes and the CLI commands used to enter and exit a mode Interface Configuration Configuration of specific system interface parameters for the following interface modes linecard interface management interface specific traffic interface Admin Root SCE config if SCE c...

Page 51: ...GigabitEthernet 0 1 2 SCE 2000 interface range TenGigabitEthernet 0 port range any range between 1 and 4 E5 line vty 0 Note Although the system supports up to five concurrent Telnet connections you cannot configure them separately This means that any number you enter in the line vty command 0 1 2 3 or 4 will act as a 0 and configure all five connections together Exit E5 Exit Exit E1 Exit E2 Exit E...

Page 52: ... configuration mode to the global configuration mode Enter the Linecard Interface configuration Define the link mode Exit Linecard Interface configuration mode to the global configuration mode Exit global configuration mode SCE configure SCE config clock timezone PST 10 SCE config interface Mng 0 1 SCE config if speed 100 SCE config if exit SCE config interface Linecard 0 SCE config if link mode a...

Page 53: ...nction in parallel you enter the Privileged Exec command mode From this command mode you can access the other command modes User Exec authorization level Viewer authorization level Privileged Exec command mode you are now in either Admin or Root authorization level Global Configuration command mode From this command mode the following Interface Command Modes can be accessed Management Interface Co...

Page 54: ...ure exit exits to Privileged Exec end exits to User Exec Management Interface Configuration management interface Mng 0 1 or 0 2 exit exits to Global Configuration end exits to User Exec Linecard Interface Configuration interface linecard 0 exit exits to Global Configuration end exits to User Exec GigabitEthernet Interface Configuration traffic SCE 2000 interface gigabitethernet 0 1 0 2 0 3 or 0 4 ...

Page 55: ...igure more than one interface at a time if you are configuring them to identical values auto negotiate bandwidth queue CLI Help Features CLI provides context sensitive help Two types of context sensitive help are supported Partial Help page 2 9 Argument Help page 2 10 Partial Help To obtain a list of commands that begin with a particular character string enter the abbreviated command entry immedia...

Page 56: ...arameters SCE config snmp server When asking for help on particular parameter the system informs you of the type of data that is an accepted legal value The types of parameters supported are Example The following example illustrates the use of to get help on commands syntax In this example you can enter either the word running config or any name of a file after the word copy SCE copy running confi...

Page 57: ...mmands that start with a given prefix By default the system saves the last 30 commands you typed You can change the number of commands remembered using the history size command Table 2 6 Getting Help Command Purpose List all commands available for a particular command mode abbreviated command entry Example c calendar cd clear clock configure copy copy passive Obtain a list of commands that begin w...

Page 58: ...ption Shortcut key Navigational shortcuts Move cursor one character to the right CTRL F Move cursor one character to the left CTRL B Move cursor one word to the right forward ESC F Move cursor one word to the left backward ESC B Move cursor to the start of the line CTRL A Move cursor to the end of the line CTRL E Editing shortcuts Delete the character where the cursor is located CTRL D Delete from...

Page 59: ...artial unique command for the enable command The system carries out the command using the default authorization level 10 when you press Enter SCE en Enter Password sce Example 3 The following example illustrates how to use the completion feature with a non default value for the argument In this example the enable command is completed using the specified value 15 for the authorization level SCE en ...

Page 60: ...e shows how to display the running configuration while in interface configuration mode SCE config if do show running config Managing Command Output Scrolling the Screen Display page 2 15 Filtering Command Output page 2 15 Redirecting Command Output to a File page 2 15 Some commands such as many show commands may have many lines of output There are several ways of managing the command output Scroll...

Page 61: ...ing options are as follows include Shows all lines that include the specified text exclude Does not show any lines that include the specified text begin Finds the first line that includes the specified text and shows all lines starting from that line All previous lines are excluded The syntax of filtered commands is as follows command include expression command exclude expression command begin exp...

Page 62: ... platform you could create a script on one platform and run it on all the other SCE platforms The available script commands are script capture script stop script print script run Step 1 At the sce prompt type script capture sample1 scr where sample1 scr is the name of the script Step 2 Perform the actions you want to be included in the script Step 3 Type script stop The system saves the script The...

Page 63: ...toring the Operational Status of the SCE Platform page 3 12 Displaying the SCE Platform Version Information page 3 13 Displaying the SCE Platform Inventory page 3 14 Displaying the System Uptime page 3 15 Rebooting and Shutting Down the SCE Platform page 3 15 Managing Configurations This section explains how to view save and recover configuration files as well as how to create a backup configurati...

Page 64: ...n Viewing Configurations When you enter configuration commands it immediately effects the SCE platform operation and configuration This configuration referred to as the running config is saved in the SCE platform volatile memory and is effective while the SCE platform is up After reboot the SCE platform loads the startup config which includes the non default configuration as saved by the user into...

Page 65: ...interface FastEthernet 0 1 interface FastEthernet 0 2 exit line vty 0 4 no timeout exit sce Removing the Configuration You can completely remove all current configuration by removing all configuration files The following data is deleted by this command General configuration files Application configuration files Static party DB files Management agent installed MBeans The following data is not delet...

Page 66: ...t the SCE prompt type show running config and press Enter Displays the running configuration Step 2 Check the displayed configuration to make sure that all parameters are set to the desired values If not make the changes you want before saving Refer to the relevant sections of this guide for more information regarding specific configuration parameters Step 3 At the SCE prompt type copy running con...

Page 67: ...play File Contents page 4 8 Restoring a previous startup configuration means renaming the file so it overwrites the startup configuration config txt file Since the restore operation overwrites the current configuration file you cannot undo the configuration restore operation It is recommended to always backup the current configuration file first Step 1 At the SCE prompt type more tffs0 system prev...

Page 68: ...though a backup of the configuration file is created automatically under certain circumstances it is useful to be able to explicitly create a backup configuration file For example it can be used in a cascaded solution to copy the configuration from one SCE platform to the other as follows 1 To create a backup configuration file execute this command on the first SCE platform specifying an FTP backu...

Page 69: ...ibutes upgrades to the software and firmware on the SCE platform Cisco distributes upgrade software as a file with the extension pkg that is installed directly from the ftp site without being copied to the disk This procedure walks you through installation and rebooting of the SCE platform with the new firmware Step 1 At the command prompt type configure and press Enter Enters Global Configuration...

Page 70: ...uration file Writing configuration file Extracting new system image Extracted OK SCE reload Are you sure y the system is about to reboot this will end your CLI session Downgrading the SCE Platform to a Previous Version Note To downgrade a cascaded system follow the procedure described in Simultaneous Upgrade of Firmware and Application page 10 13 using the relevant downgrade files rather than upgr...

Page 71: ...s application specific and is produced by application specific means not covered in this documentation Configuration files have no specific extension Note These configuration changes are automatically saved to the start up configuration after execution and therefore do not appear when the running configuration is displayed more running config command Note These configurations cannot be manipulated...

Page 72: ...n options available for this application file if any How to Install an Application Step 1 From the SCE config if prompt type pqi install file filename options and press Enter Installs the specified pqi file using the installation options specified if any Use the show pqi file filename info command to display installation options available for the application file See How to Display Information abo...

Page 73: ...Use the show pqi file filename info command to display installation options available for the application file See How to Display Information about an Application File page 3 10 Note that this may take up to five minutes How to Undo an Upgrade of an Application Step 1 From the SCE config if prompt type pqi rollback file filename and press Enter Undoes the upgrade of the specified pqi file Note tha...

Page 74: ...ing process Boot is completed Power self tests are completed without failure Platform configuration is applied Flashing green Warning SCE platform is fully operational as above but one of the following occurred Link on one of the line ports is down Management port link is down Temperature raised above threshold Voltage not in required range Fans problem Power supply problem Insufficient space on t...

Page 75: ... as software and hardware version image build time system uptime last open packages names and information on the SLI application assigned Step 1 From the SCE prompt type show version and press Enter Displaying the SCE Platform Version Information Example This example shows how to display the SCE platform version information SCE show version System version Version 3 0 0 Build 240 Build time Jan 11 ...

Page 76: ...ds SCE Displaying the SCE Platform Inventory Unique Device Identification UDI is a Cisco baseline feature that is supported by all Cisco platforms This feature allows network administrators to remotely manage the assets in their network by tracing specific devices through either CLI or SNMP The user can display inventory information for a remote device via either Entity MIB see ENTITY MIB page 5 3...

Page 77: ...g the SCE Platform Rebooting the SCE platform is required after installing a new firmware in order for that firmware to take effect There might be other occasions where rebooting the SCE platform is necessary Note When the SCE restarts it loads the startup configuration so all changes made in the running configuration will be lost You are advised to save the running configuration before performing...

Page 78: ...aud Provides connection to a local terminal for restarting the SCE platform Step 2 From the SCE prompt type reload shutdown and press Enter A confirmation message appears Step 3 Type Y to confirm the shutdown request and press Enter Performs the shutdown operation Shutting Down the SCE Platform Examples The following example shows the commands for system shutdown SCE reload shutdown You are about ...

Page 79: ... The setup utility is an interactive wizard that guides the user through the basic configuration process This utility runs automatically upon initial connection to the local terminal It may also be invoked explicitly via Telnet or via the local terminal to make changes to the system configuration Table 4 1 lists all the command parameters for the setup utility Table 4 1 Setup Command Parameters Pa...

Page 80: ...ests for update 64 1024 unicast server IP address IP address of the SNTP unicast server DNS Configuration DNS lookup status Enable or disable IP DNS based hostname translation default domain name Default domain name to be used for completing unqualified host names IP address IP address of domain name server maximum of three servers RDR Formatter Destination Configuration IP address IP address of t...

Page 81: ...ailure should the SCE platform remain in a Failure status or move to operational status provided no other problem was detected Topology Configuration SCE 1000 link bypass mode on operational status When the SCE 1000 is operational should it bypass traffic or not redundant SCE 1000 platform Is there a redundant SCE 1000 installed as a backup link bypass mode on non operational status When the SCE 1...

Page 82: ...tually lists containing several entries If these lists are empty initial configuration or contain only one entry they act the same as any scalar parameter except that you are given the option of adding additional entries to the list If these lists already contain more than one entry the entire list is displayed and you are then presented with several options Following is an excerpt from the SNMP t...

Page 83: ... you are asked whether you would like add another new entry Would you like to add another SNMP trap manager no y You may enter only enough additional entries to reach the maximum number Working with SCE Platform Files The CLI commands include a complete range of file management commands These commands allow you to create delete copy and display both files and directories Note Regarding disk capaci...

Page 84: ...ry Step 1 From the SCE prompt type rmdir directory name and press Enter Use this command only for an empty directory How to Change Directories Use this command to change the path of the current working directory Step 1 From the SCE prompt type cd new path and press Enter How to Display your Working Directory Step 1 From the SCE prompt type pwd and press Enter How to List the Files in a Directory Y...

Page 85: ... applications and press Enter How to Include Files in Sub Directories in the Directory Files List Step 1 From the SCE prompt type dir r and press Enter Working with Files How to Rename a File page 4 7 How to Delete a File page 4 7 Copying Files page 4 8 How to Display File Contents page 4 8 How to Unzip a File page 4 9 How to Rename a File Step 1 From the SCE prompt type rename current file name n...

Page 86: ...s sli sce How to Download a File from an FTP Site Use the copy command to upload and download commands from and FTP site In this case either the source or destination filename must begin with ftp Step 1 From the SCE prompt type copy ftp source destination file name and press Enter To upload a file to an FTP site specify the FTP site as the destination ftp destination How to Upload a File to a Pass...

Page 87: ...g the User Log page 4 11 Clearing the User Log page 4 11 Events are logged to one of two log files After a file reaches maximum capacity the events logged in that file are then temporarily archived New events are then automatically logged to the alternate log file When the second log file reaches maximum capacity the system then reverts to logging events to the first log file thus overwriting the ...

Page 88: ...SCE config prompt type logger device User File Log disabled and press Enter Enabling the User Log Step 1 From the SCE prompt type configure and press Enter Step 2 From the SCE config prompt type logger device User File Log enabled and press Enter Viewing the User Log Counters Viewing the user log counters for the current session page 4 10 Viewing the non volatile logger counters for both the user ...

Page 89: ...earing the User Log Step 1 From the SCE prompt type clear logger device user file log and press Enter Step 2 The system asks Are you sure Step 3 Type Y and press Enter Generating a File for Technical Support In order for technical support to be most effective the user should provide them with the information contained in the system logs Use the logger get support file command to generate a support...

Page 90: ... verified for every new relevant packet that is being captured As long as no packets matching the capturing attributes arrives after the time is exceeded the capturing is not stopped and must be stopped manually Capture may end prematurely due to a shortage event on the SCE platform Capturing throughput is limited by the following system architectural limitations line capacity to the remote FTP de...

Page 91: ... the effect on traffic Maximum duration of the capture By limiting the duration of the capture you can limit the effect of the capture on live traffic You can stop the capture at any time before the maximum duration has been reached Maximum length of the L4 payload of each captured packet If you want to capture mainly the L2 L4 headers you need only a small portion of the payload of each packet Se...

Page 92: ...n the number of L4 payload bytes Default Step 1 From the SCE config if prompt type flow capture controllers max l4 payload length length unlimited and press Enter How to Restore the Default Flow Capture Settings Step 1 From the SCE config if prompt type default flow capture controllers time max l4 payload length and press Enter Performing the Flow Capture The flow capture begins when you execute t...

Page 93: ...nter Monitoring the Flow Capture Use the following command to monitor the flow capture process It displays the following information status of the recording process current target file size number of packets captured number of packets lost configured values of the different controllers How to Monitor the Flow Capture Step 1 From the SCE prompt type show interface linecard 0 flow capture and press ...

Page 94: ...4 16 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL 7827 12 Chapter 4 Utilities Flow Capture ...

Page 95: ... About Management Interface and Security page 5 2 Configuring the Management Ports page 5 2 Entering Management Interface Configuration Mode page 5 3 Configuring the Management Port Physical Parameters page 5 3 Configuring Management Interface Redundancy page 5 7 Configuring Management Interface Security page 5 9 Configuring the Available Interfaces page 5 11 Configuring and Managing the SNMP Inte...

Page 96: ...e The second management port is reflected in all objects related to it in the SNMP interface Perform the following tasks to configure the management interface and management interface security Configure the management port Physical parameters Specify active port if not redundant installation Redundancy if redundant installation Configure management interface security Enable IP fragment filtering C...

Page 97: ...guration Mode Therefore each port must be configured separately speed duplex The following Management Interface commands are applied to both management ports regardless of which port had been specified when entering Management Interface Configuration Mode Therefore both ports are configured with one command ip address auto fail over Step 1 Type configure and press Enter Enables Global Configuratio...

Page 98: ...e act as a virtual IP address for the currently active management port regardless of which physical port is currently active subnet mask subnet mask of the management interface Step 1 From the SCE config if prompt type ip address ip address subnet mask and press Enter The command might fail if there is a routing table entry that is not part of the new subnet defined by the new IP address and subne...

Page 99: ...face state and speed and duplex How to Configure the Speed of the Management Interface Options page 5 5 Configuring the Speed of the Management Interface Example page 5 6 Options The following options are available speed speed in Mbps of the currently selected management port 0 1 or 0 2 10 100 auto default auto negotiation do not force speed on the link If the duplex parameter is configured to aut...

Page 100: ...ng the Duplex Operation of the Management Interface Example The following example shows how to use this command to configure a management port to half duplex mode SCE config if duplex half Specifying the Active Management Port Options page 5 7 Specifying the Active Management Port Example page 5 7 This command explicitly specifies which management port is currently active Its use varies slightly d...

Page 101: ...gement ports provide the possibility for a redundant management interface thus ensuring management access to the SCE platform even if there is a failure in one of the management links If a failure is detected in the active management link the standby port automatically becomes the new active management port Note that both ports must be connected to the management console via a switch In this way t...

Page 102: ...nd Subnet Mask of the Management Interface page 5 4 Step 4 Configure the speed and duplex for both management ports See Configuring the Management Interface Speed and Duplex Parameters page 5 5 Configuring the Fail Over Mode Options page 5 8 How to Enable Automatic Fail Over Mode page 5 8 How to Disable Automatic Fail Over Mode page 5 9 Use the following command to enable automatic fail over The a...

Page 103: ... remains stable during flooding attack The number of TCP IP stack control protocol vulnerabilities is minimized The availability of reporting capabilities on attacks on the management port There are two parallel security mechanisms Automatic security mechanism monitors the TCP IP stack rate at 200 msec intervals and throttles the rate from the device if necessary This mechanism always functions an...

Page 104: ...ermitted Specifies whether the configured limits apply to permitted or not permitted IP addresses If neither keyword is used it is assumed that the configured limits apply to both permitted and not permitted IP addresses low rate lower threshold the rate in Mbps that indicates the attack is no longer present Default 20 high rate upper threshold the rate in Mbps that indicates the presence of an at...

Page 105: ...allows you to configure the Telnet and SNMP interfaces according to the manner in which you are planning to manage the SCE platform and the external components of the system Configuring TACACS Authentication Authorization and Accounting page 5 11 Configuring Access Control Lists ACLs page 5 26 Configuring the Telnet Interface page 5 28 Configuring the SSH Server page 5 30 Enabling the SNMP Interfa...

Page 106: ...r before the configured TACACS features on your network element are available The TACACS protocol provides authentication between the network element and the TACACS ACS and it can also ensure confidentiality if a key is configured by encrypting all protocol exchanges between a network element and a TACACS server The TACACS protocol provides the following three features Login authentication Privile...

Page 107: ...S accounting mechanism including login and exit commands The command is logged both before and after it is successfully executed Each accounting message contains the following User name Current time Action performed Command privilege level TACACS accounting is in addition to normal local accounting using the SCE platform dbg log Privilege Level Authorization After a successful login the user is gr...

Page 108: ...e order of the methods used isn t configurable but the customer can choose which of the methods are used The current order is TACACS Local Enable None Note Important If the server goes to AAA fault the SCE platform will not be accessible until one of the AAA methods is restored In order to prevent this it is advisable to use the none method as the last AAA method If the SCE platform becomes un acc...

Page 109: ...gure the same user names in both TACACS and the local database This will allow the users to access the SCE platform in case of TACACS server failure Note If TACACS is used as the login method the TACACS username is used automatically in the enable command Therefore it is important to configure the same usernames in both TACACS and the local database so that the enable command can recognize this us...

Page 110: ...is timeout interval is defined as the timeout interval for any server host for which a timeout interval is not explicitly configured when the server host is defined If the default timeout interval is not configured a default of five seconds is assigned to any server for which a timeout interval is not explicitly configured The procedures for configuring the SCE platform TACACS client are explained...

Page 111: ...t name name of the server to be deleted Step 1 From the SCE config prompt type no TACACS server host host name and press Enter How to Configure the Global Default Key Use this command to define the global default key for the TACACS server hosts This default key can be overridden for a specific TACACS server host by explicitly configuring a different key for that TACACS server host Options page 5 1...

Page 112: ... explicitly configuring a different timeout interval for that TACACS server host Options page 5 18 How to Define the Global Default Timeout page 5 18 How to Clear the Global Default Timeout page 5 18 Options The following options are available timeout interval default time in seconds that the server waits for a reply from the server host before timing out Default 5 seconds How to Define the Global...

Page 113: ... Add a User with a Clear Text Password page 5 20 How to Add a User with No Password page 5 20 How to Add a User with an MD5 Encrypted Password Entered in Clear Text page 5 20 How to Add a User with an MD5 Encrypted Password Entered as an MD5 Encrypted String page 5 20 Options The password is defined with the username There are several password options No password Use the nopassword keyword Passwor...

Page 114: ... with No Password Step 1 From the SCE config prompt type username name nopassword and press Enter How to Add a User with an MD5 Encrypted Password Entered in Clear Text Step 1 From the SCE config prompt type username name secret 0 password and press Enter How to Add a User with an MD5 Encrypted Password Entered as an MD5 Encrypted String Step 1 From the SCE config prompt type username name secret ...

Page 115: ...the config files running config and startup config this command will appear as two separate commands Options page 5 21 How to Add a User with a Privilege Level and a Clear Text Password page 5 22 How to Add a User with a Privilege Level and an MD5 Encrypted Password Entered in Clear Text page 5 22 How to Add a User with a Privilege Level and an MD5 Encrypted Password Entered as an MD5 Encrypted St...

Page 116: ...th a Privilege Level and an MD5 Encrypted Password Entered in Clear Text Step 1 From the SCE config prompt type username name privilege level secret 0 password and press Enter How to Add a User with a Privilege Level and an MD5 Encrypted Password Entered as an MD5 Encrypted String Step 1 From the SCE config prompt type username name privilege level secret 5 encrypted secret and press Enter How to ...

Page 117: ...methods to be used if failure of the primary login authentication method see General AAA Fallback and Recovery Mechanism page 5 14 Use this command to specify which login authentication methods are to be used and in what order of preference Options page 5 23 How to Specify the Login Authentication Methods page 5 23 How to Delete the Login Authentication Methods List page 5 24 Options The following...

Page 118: ...e available method the login authorization methods to be used You may specify up to four different methods in the order in which they are to be used group TACACS Use TACACS authorization local Use the local username database for authorization enable default Use the enable password for authorization none Use no authorization How to Specify AAA Privilege Level Authorization Methods Step 1 From the S...

Page 119: ...The privilege level for which to enable the TACACS accounting How to Enable AAA Accounting Step 1 From the SCE config prompt type aaa authentication accounting commands level default stop start group TACACS and press Enter The start stop keyword required indicates that the accounting message is sent at the beginning and the end if the command was successfully executed of the execution of a CLI com...

Page 120: ...t or deny incoming connections on any of the management interfaces An access list is an ordered list of entries each consisting of an IP address and an optional wildcard mask defining an IP address range and a permit deny field The order of the entries in the list is important The default action of the first entry that matches the connection is used If no entry in the Access List matches the conne...

Page 121: ...iated with a specific management interface that interface checks the access list to find out if there is permission for a specific external IP address trying to access the management interface It is possible to configure several management interfaces to the same access list if this is the desired behavior of the SCE platform If no ACL is associated to a management interface or to the global IP lev...

Page 122: ...sses in the range of 10 1 1 0 10 1 1 255 SCE config access list 1 permit 10 1 1 0 0 0 0 255 How to Remove an ACL Use this command to remove an ACL with all its entries Step 1 From the SCE config prompt type no access list number and press Enter Removes the specified ACL with all its entries How to Define a Global ACL A global ACL for permits or denies all traffic to the SCE platform Step 1 From th...

Page 123: ...ist no service telnetd no timeout show line vty access class in show line vty timeout How to Prevent Telnet Access Use this command to disable access by Telnet altogether Step 1 From the SCE config prompt type no service telnetd and press Enter Current Telnet sessions are not disconnected but no new Telnet sessions are allowed How to Assign an ACL to the Telnet Interface Step 1 From the SCE config...

Page 124: ...e SSH Server page 5 30 Key Management page 5 31 The SSH Server A shortcoming of the standard telnet protocol is that it transfers password and data over the net unencrypted thus compromising security Where security is a concern using a Secure Shell SSH server rather than telnet is recommended An SSH server is similar to a telnet server but it uses cryptographic techniques that allow it to communic...

Page 125: ...h knowledge of the enable password Key management is performed by the user via a special CLI command A set of keys must be generated at least once before enabling the SSH server Size of the encryption key is always 2048 bits Managing the SSH Server Use these commands to manage the SSH server These commands do the following Generate an SSH key set Enable disable the SSH server Enable disable SSHv1 ...

Page 126: ...ress may now access the SSH server How to Delete the Existing SSH Keys Step 1 From the SCE config prompt type ip ssh key remove and press Enter Removes the existing SSH key set from non volatile memory If the SSH server is currently enabled it will continue to run since it only reads the keys from non volatile memory when it is started However if the startup configuration specifies that the SSH se...

Page 127: ...t identifies a community of managers who are permitted to access the SNMP server Step 1 From the SCE config prompt type snmp server community community string and press Enter You must define at least one community string to allow SNMP access For complete information on community strings see Configuring SNMP Community Strings page 5 42 How to Disable the SNMP Interface Step 1 From the SCE config pr...

Page 128: ...fined in RFCs 1155 and 1157 and is a full Internet standard SNMPv1 uses a community based form of security SNMPv2c is the revised protocol which includes improvements to SNMPv1 in the areas of protocol packet types transport mappings and MIB structure elements but using the existing SNMPv1 administration structure It is defined in RFC 1901 RFC 1905 and RFC 1906 SCE platform implementation of SNMP ...

Page 129: ...vailable in Admin authorization level The SNMP agent is disabled by default and any SNMP configuration command enables the SNMP agent except where there is an explicit disable command CLI Commands for Configuring SNMP Following is a list of CLI commands available for configuring SNMP These are Global Configuration mode commands snmp server enable no snmp server no snmp server community all no defa...

Page 130: ... defined in RFC 1213 Management Information Base for Network Management of TCP IP based Internets and some of its extensions ENTITY MIB version 2 as defined in RFC 2737 Proprietary MIBs Pcube enterprise MIBs defined by Cisco for the Cisco Service Control products see Proprietary MIB Reference page B 1 Pcube enterprise MIB pcube can be divided into different kinds of MIBs Proprietary SCOS MIBs Thes...

Page 131: ...instead of the explicit OID For instance ifTable stands for the OID of the MIB II interface table Information About MIB II MIB II page 5 37 IF MIB page 5 37 MIB II SCE platform fully supports MIB II RFC1213 including the following groups System Interface for both the management and line ports AT management port IP management port ICMP management port TCP management port UDP management port SNMP ma...

Page 132: ...ns group The SCOS implements only the physical and the general groups of the Entity MIB since the other groups are not relevant to the SCE platform ifindex The numbering of the interfaces is such that the port s come first ifPhysAddress For Management interfaces this is the MAC address For traffic interfaces this is an all zeros address IfAdminStatus Write operation to this object is not supported...

Page 133: ...IB Files page 5 41 entPhysicalIndex 1 1 SCE main board entPhysicalDescr 2 The description corresponding to the Product ID as it appears in the product catalog entPhysicalVendorType 3 cevChassisSCE2000 cevChassis 511 1 3 6 1 4 1 9 12 3 1 3 511 cevChassisSCE1000 cevChassis 512 1 3 6 1 4 1 9 12 3 1 3 512 entPhysicalContainedIn 4 0 not contained entPhysicalClass 5 3 chassis entPhysicalParentRelPos 6 1...

Page 134: ... Modules Management Workgroup The pcube enterprise tree structure is defined in a MIB file named pcube mib Refer to the Proprietary MIB Reference page B 1 for a complete description of the pcube enterprise MIB Figure 5 1 illustrates the pcube Enterprise MIB structure Conventions used in the diagram Dotted arrows surrounding a unit or units indicate that the component is described in the MIB file s...

Page 135: ...ther MIBs such as pcube MIB pcube mib and the SNMPv2 mib Therefore the order in which the MIBs are loaded is important To avoid errors the MIBs must be loaded in the proper order 1 Load SNMPv2 my 2 Load SNMP FRAMEWORK MIB my 3 Load PCUBE SMI my 4 Load PCUBE SE MIB my Note Information and proprietary MIB files supported by the SCOS can be downloaded from www cisco com under Cisco Service Routing Pr...

Page 136: ... Community String Options page 5 42 Defining a Community String Example page 5 42 Options The following options are available community string a security string that identifies a community of managers who are permitted to access the SNMP server acl number ID number if the Access Control List to be assigned to the SNMP interface It should list the IP addresses of the SNMP managers permitted to use ...

Page 137: ...ted by the SNMP agent that resides inside the SCE platform when an event occurs When the Network Management System receives the notification message it can take suitable actions such as logging the occurrence or ignoring the signal By default the SCE platform is not configured to send any SNMP notifications You must define the Network Management System to which the SCE platform should send notific...

Page 138: ...nfigure the SCE Platform to Stop Sending Notifications to a Host page 5 45 How to Configure SNMP Traps page 5 45 Options The following options are available ip address the IP address of the SNMP server host community string a security string that identifies a community of managers who are permitted to access the SNMP server version SNMP version running in the system Can be set to 1 or 2c Default 1...

Page 139: ...ions to the Default Status page 5 46 Options The following options are available snmp optional parameter that specifies that all or specific snmp traps should be enabled or disabled By default snmp traps are disabled snmp trap name optional parameter that specifies a specific snmp trap that should be enabled or disabled Currently the only accepted value for this parameter is Authentication enterpr...

Page 140: ...ttack chassis link bypass logger operational status port operational status pull request failure RDR formatter session SNTP subscriber system reset telnet vas traffic forwarding and press Enter Specify the desired enterprise trap type Enabling the SNMP Server to Send a Specific Enterprise Notification Example The following example shows how to configure the SNMP server to send the logger enterpris...

Page 141: ... The default password for all levels is Cisco When a telnet user logs on he sees only a Password prompt no logo is displayed This provides extra security by not revealing the system identity to users that do not know the password Password guidelines Password length must be between 4 and 100 characters long Passwords can contain any visible keyboard character Passwords must begin with a letter Pass...

Page 142: ...d press Enter The Network Administrator should record passwords in a secure location Verifying that the Password has been Successfully Changed Step 1 Initiate a new telnet connection while maintaining the one you used to set the password This is important so that if the verification fails you would still have admin level authorization to re enter the password Step 2 At the SCE prompt type enable l...

Page 143: ...ter How to Disable Password Encryption Step 1 From the sce config prompt type no service password encryption and press Enter This does not remove the encryption from the configuration file You must save to the startup configuration file if you want the password to be stored un encrypted on the startup configuration file Password Recovery Use the following procedures if it becomes necessary to reco...

Page 144: ...the unknown passwords Step 4 Type reboot and press Enter Reboot the system to restore the default configuration including default passwords Note To block unauthorized users from connecting to the SCE platform using the default password a new password should be configured immediately for all levels for which such a password is required The configuration should be saved use the CLI command copy runn...

Page 145: ... are encrypted do the following a Edit the file by removing the lines that begin with enable password a Save the file a At the SCE prompt type copy ftp user ftp_password ip_address path config2 txt system config2 txt and press Enter Copies the file from the workstation back to the SCE platform disk space using the SCE platform FTP client Step 9 At the SCE prompt type rename system config2 txt syst...

Page 146: ... 9600 baud Step 2 Press Enter so that the prompt appears Connects to the SCE platform Step 3 At the prompt type PSWD_ResetAll and press Enter Resets the enable passwords The following message will appear All enable passwords have been reset The SCOS is now using the default passwords for all levels Note that this is a temporary state that is not preserved after a reboot Rebooting the SCE platform ...

Page 147: ...ell as the configuration of the routing table to provide different next hop routers for different subnets for maximum configuration of 10 subnets The following sections illustrate how to use CLI commands to configure various parameters The following commands are relevant to IP routing tables ip default gateway ip route prefix mask next hop no ip route all no ip route prefix mask show ip route show...

Page 148: ...ollowing example shows how to set the router 10 1 1 250 as the next hop to subnet 10 2 0 0 SCE config ip route 10 2 0 0 255 255 0 0 10 1 1 250 Displaying the IP Routing Table How to Display the Entire IP Routing Table page 5 54 How to Display the IP Routing Table for a Specified Subnet page 5 54 How to Display the Entire IP Routing Table Step 1 From the SCE prompt type show ip route and press Ente...

Page 149: ... page 5 55 How to Display the Current IP Advertising Configuration page 5 56 IP advertising is the act of periodically sending ping requests to a configured address at configured intervals This maintains the SCE platform IP MAC addresses in the memory of adaptive network elements such as switches even during a long period of inactivity The following commands are relevant to IP advertising no ip ad...

Page 150: ... the SCE config prompt type ip advertising destination destination and press Enter Configures the destination for the IP advertising pings How to Configure the IP Advertising Interval Step 1 From the SCE config prompt type ip advertising interval interval and press Enter Configures the frequency of the IP advertising pings Configuring IP Advertising Example The following example shows how to confi...

Page 151: ...n all internal and external components of the SCE platform Options The following options are available ip address The IP address of the management interface If both management ports are connected so that a backup management link is available this IP address will be act as a virtual IP address for the currently active management port regardless of which physical port is currently active subnet mask...

Page 152: ...boots the calendar time is used to set the system clock The calendar is not used for time tracking during system operation A system clock which creates all the time stamps during normal operation This clock clears if the system shuts down During a system boot the clock is initialized to show the time indicated by the calendar It does not matter which clock you set first as long as you use the cloc...

Page 153: ...5 59 Options The following option is available time date the time and date you want to set in the following format hh mm ss day month year Step 1 From the SCE prompt type clock set time date and press Enter Sets the system clock to the specified time and date Setting the System Clock Example The following example shows how to set the clock to 20 minutes past 10 AM May 13 2007 updates the calendar ...

Page 154: ...mple shows that the calendar is set to 10 20 AM May 13 2007 The clock is then synchronized with the calendar setting SCE calendar set 10 20 00 13 may 20017 SCE clock read calendar SCE show calendar 10 21 06 UTC THU May 13 2007 How to Set the Time Zone Options page 5 60 Setting the Time Zone Example page 5 61 Options The following options are available zone The name of the time zone to be displayed...

Page 155: ...e 5 62 How to Define Recurring Daylight Saving Time Transitions page 5 63 How to Define Non Recurring Daylight Saving Time Transitions page 5 63 How to Cancel the Daylight Saving Time Configuration page 5 63 How to Display the Current Daylight Saving Time Configuration page 5 64 Options The transition times into and out of daylight saving time may be configured in one of two ways depending on how ...

Page 156: ...of the month on which daylight saving begins date1 and ends date2 month the month in which daylight saving begins month1 and ends month2 year non recurring only the year in which daylight saving begins year1 and ends year2 offset the difference in minutes between standard time and daylight saving time Default 60 minutes Guidelines General guidelines for configuring daylight saving time transitions...

Page 157: ...he Saturday of fourth week of November Offset 1 hour default SCE config clock summer time DST recurring last Sunday March 00 00 4 Saturday November 23 59 How to Define Non Recurring Daylight Saving Time Transitions Step 1 From the SCE config prompt type clock summer time zone date1 month1 year1 time1 date2 month2 year2 time2 offset and press Enter Enables privileged EXEC mode Defining Non Recurrin...

Page 158: ...s access to a time source via the network The system clock and calendar are then set in accordance with this external source There are two options for the SNTP client These functions are independent and the system employ either one or both Multicast SNTP client Listens to SNTP broadcasts and updates the system clock accordingly Unicast SNTP client Sends a periodic request to a configured SNTP serv...

Page 159: ...e IP address of the SNTP unicast server Step 1 From the SCE config prompt type sntp server ip address and press Enter Defines the SNTP unicast server so that SNTP client is able to query that server Enabling SNTP Unicast Client Example The following example shows how to enable an SNTP server at IP address 128 182 58 100 SCE config sntp server 128 182 58 100 How to Disable the SNTP Unicast Client H...

Page 160: ...nicast Update Interval Example page 5 66 Options The following option is available interval the time in seconds between updates 64 through 1024 default interval 900 seconds Step 1 From the SCE config prompt type sntp update interval interval and press Enter Configures the SNTP unicast client to query the server at the defined intervals Defining the SNTP Unicast Update Interval Example The followin...

Page 161: ... notation that is in the format x x x x it is directly translated to an IP address it represents 2 If the name does not contain the dot character the system looks it up in the IP Host table If the name is found on the table it is mapped to the corresponding IP address The IP host table can be configured using the command ip host 3 If the name does not contain the dot character and the domain name ...

Page 162: ...Remove All Domain Name Servers page 5 69 Options The following options are available server ip address The IP address of the domain name server You can define more than one DNS server server ip address1 server ip address2 server ip address3 How to Define Domain Name Servers Use this command to specify the address of one or more name servers to use for name and address resolution Step 1 From the SC...

Page 163: ...l Domain Name Servers Step 1 From the SCE config prompt type no ip name server and press Enter Removes all configured DNS servers Adding a Host to the Host Table Options page 5 69 Adding Hosts to Removing them from the Host Table Examples page 5 69 Options The following options are available hostname The name of the host ip address The IP address of the host Step 1 From the SCE config prompt type ...

Page 164: ...ical Parameters This interface has a transmission rate of 10 or 100 Mbps and is used for management operations and for transmitting RDRs which are the output of traffic analysis and management operations The procedures for configuring this interface are explained in the following sections Configuring the Management Interface Speed and Duplex Parameters page 5 70 Monitoring the Management Interface...

Page 165: ... operation of the currently selected management interface Configuring the Duplex Operation of the Management Interface Example The following example shows how to use this command to configure both management ports to half duplex mode SCE config SCE config interface mng 0 1 SCE config if duplex half SCE config if exit SCE config interface mng 0 2 SCE config if duplex half How to Configure the Speed...

Page 166: ...SCE config interface mng 0 2 SCE config if speed 100 Monitoring the Management Interface Use this command to display the following information for the specified management interface Speed and duplex parameters are specific to the selected interface port while other parameters apply to both ports and are displayed by a command to either interface speed duplex IP address active port Step 1 From the ...

Page 167: ...AN Translation page 6 14 Configuring Traffic Rules and Counters page 6 17 TOS Marking page 6 26 Counting Dropped Packets page 6 27 Line Interfaces The Line Interfaces Subscriber and Network are used to connect the SCE platform to the network See the description of network topologies in the Topology section of the relevant SCE platform installation guide Cisco SCE 2000 4xGBE Installation and Config...

Page 168: ... in system congestion and potential service loss This is a known system limitation Configuring the Gigabit Ethernet Line Interfaces Note The maximum packet size supported by the SCE 2000 and SCE 1000 platforms is 1600 bytes How to Configure a Specific Gigabit Ethernet Line Interface Step 1 At the SCE prompt type configure and press Enter Enters Global Configuration mode Step 2 At the SCE config pr...

Page 169: ... configuration mode from which you can access a different Gigabit Ethernet interface Configuring a Range of Gigabit Ethernet Line Interfaces Example This example illustrates how to configure autonegotiation on ports 1 and 2 of an SCE platform SCE configure SCE config interface range GigabitEthernet 0 1 2 SCE config if range auto negotiate SCE config if range exit SCE config Tunneling Protocols Man...

Page 170: ...k flow and redirect flow operations To view the effective flow open mode use the show interface linecard 0 flow open mode command Note For directions on how to configure the asymmetric tunneling option see Asymmetric L2 Support page 6 13 L2TP L2TP is an IP based tunneling protocol therefore the system must be specifically configured to recognize the L2TP flows given the UDP port used for L2TP The ...

Page 171: ...age 6 5 Capacity page 6 5 Limitations for VPN mode page 6 6 A managed VPN is a named entity introduced in the same way that a subscriber is introduced and containing VPN mappings A managed VPN may contain several MPLS mappings or a single VLAN mapping A VPN based subscriber contains a set of mappings of the form IP VpnName where IP can be either a single IP address or a range of addresses Managed ...

Page 172: ...ed since the identification of the VPN relies on the bidirectional nature of the traffic for various mechanisms TCP related requirements Number of Upstream TCP Flows There must be enough TCP flows opening from the subscriber side on each PE PE route in each period of time The higher the rate of TCP flows from the subscriber side the higher the accuracy of the mechanism can be VPN configuration req...

Page 173: ...atform will then skip the external IP header reaching the internal IP which is the actual subscriber traffic When IPinIP skip is disabled the system treats the external IP header as the subscriber traffic resulting in all IPinIP traffic being reported as generic IP Guidelines for configuring IPinIP tunnels IPinIP and other tunnels IPinIP is supported simultaneously with plain IP traffic and any ot...

Page 174: ...ig if prompt type shutdown and press Enter Step 2 Enable IPinIP tunneling From the SCE config if prompt type ip tunnel IPinIP skip and press Enter Step 3 Restart the linecard From the SCE config if prompt type no shutdown and press Enter How to Disable IPinIP Tunneling Step 1 Shut down the linecard This is a root level command From the SCE config if prompt type shutdown and press Enter Step 2 Disa...

Page 175: ... ToS Marker Values in the chapter Using the Service Configuration Editor Traffic Control in the Cisco Service Control Application for Broadband User Guide for further information Use this command to configure the SCE platform to mark the DSCP bits of the internal IP header This command takes effect only when IPinIP skip is enabled Step 1 Shut down the linecard This is a root level command From the...

Page 176: ...ult a symmetric skip Symmetric environment refers to an environment in which the same VLAN tags are used for carrying a transaction in the upstream and downstream directions Setting the mode to classify means that VPN and flow classification will use the VLAN tag Using VLAN classification is mutually exclusive with other tunnel based classification or IP tunnels An a symmetric environment is an en...

Page 177: ... mandatory for routing VPN skip Use when all IP addresses are unique but MPLS labels are mandatory for routing VPN auto learn Use in an MPLS VPN environment where auto learning is required due to the existence of private IP addresses and or VPN based subscribers When this option is configured both ip tunnel and VLAN must be set to their default values Use the VPN keyword when the labels are mandat...

Page 178: ...ured IP tunnel support or tunneling classification mode Step 1 From the SCE config if prompt type default mpls vlan and press Enter Configuring the L2TP Environment Use this command to set the port number that the LNS and LAC use for L2TP tunnels Note Non first fragments of pure IP traffic not tunneled are not handled correctly when the system is in L2TP skip mode Incorrect UDP TCP ports are assum...

Page 179: ...ogies where the SCE platform might see some flows only in one direction upstream downstream Asymmetric tunneling support asymmetric L2 support refers to the ability to support topologies where the SCE platform sees both directions of all flows but some of the flows may have different layer 2 characteristics like MAC addresses VLAN tags MPLS labels and L2TP headers which the SCE platform must speci...

Page 180: ...hat are currently logged into the system Step 1 From the SCE prompt type show interface linecard 0 VPN name vpn name all names and press Enter How to Display the Asymmetric L2 Support Mode Step 1 From the SCE prompt type show interface linecard 0 asymmetric L2 support and press Enter Configuring VLAN Translation VLAN Translation Features and Limitations page 6 15 Setting the VLAN Translation Const...

Page 181: ...ce the VLAN tags according to a preset configuration VLAN Translation Features and Limitations Features Configuration of an increment or decrement constant Configuration of the constant is global for the line card The configured operation either increment or decrement is applied to the network side The subscriber side automatically performs the opposite operation That is if the VLAN is incremented...

Page 182: ... page 6 16 Setting the VLAN Translation Constant Example page 6 16 Options The following options are available increment decrement Keywords indicating whether to increment or decrement the VLAN by the specified value value Integer value by which the VLAN is to incremented or decremented The configured translation is applied to the network port side The reverse operation is performed at the subscri...

Page 183: ...nslation Step 1 From the SCE prompt type show interface linecard 0 vlan translation and press Enter Displays current VLAN translation configuration Configuring Traffic Rules and Counters Information About Traffic Rules and Counters page 6 17 Configuring Traffic Counters page 6 19 Configuring Traffic Rules page 6 20 Managing Traffic Rules and Counters page 6 25 Information About Traffic Rules and C...

Page 184: ...ffic rules specifies a block action packets matching the rule criteria and not belonging to an existing flow will be dropped and not passed to the other interface This is useful when a particular type of traffic should be blocked by the SCE platform Possible examples include performing ingress source address filtering dropping packets originating from a subscriber port whose IP address does not be...

Page 185: ...wo identical rules with different names When this happens the system operates as follows Any counter counts a specific packet only once This means that If two rules specify that the packet should be counted by the same counter it is counted only once If two rules specify that the packet should be counted by different counters it is counted twice once by each counter Block takes precedence over Ign...

Page 186: ...e How to Delete a Traffic Counter Step 1 From the SCE config if prompt type no traffic counter name name and press Enter Note that a traffic counter cannot be deleted if it is used by any existing traffic rule How to Delete all Existing Traffic Counters Step 1 From the SCE config if prompt type no traffic counter all and press Enter Removes all traffic counters Note that a traffic counter cannot b...

Page 187: ...Use the all but keyword to exclude the specified port or range of ports tunnel id specification all all but tunnel id tunnel id is an 8 bit Hex value range in the format HEX Tunnel id or HEX MinTunnelId HEX MaxTunnelId which reflects the lower eight bits of the VLAN tag Tunnel ID based rules can only be used in VLAN symmetric classify mode see and only when tunnel id mode is enabled Use the traffi...

Page 188: ...pe traffic rule name name IP addresses all subscriber side IP specification network side IP specification protocol protocol ports subscriber side port specification network side port specification tunnel id tunnel id specification direction direction traffic counter traffic counter action action Enables privileged EXEC mode Configuring Traffic Rules Examples Example 1 page 6 22 Example 2 page 6 23...

Page 189: ...counting and blocking The first command enables tunnel id mode SCE config if traffic rule tunnel id mode SCE config if traffic rule rule2 IP addresses subscriber side all network side all but 10 10 10 0 24 protocol tcp ports subscriber side 100 200 network side all tunnel id all direction downstream traffic counter name counter2 action block Example 3 This example creates the following traffic rul...

Page 190: ... The actions performed will be counting and flow capture SCE enable 10 Password cisco SCE configure SCE config interface linecard 0 SCE config if traffic rule name FlowCaptureRule ip addresses subscriber side all network side all protocol 250 direction both traffic counter name counter2 action flow capture SCE config if How to Delete a Traffic Rule Step 1 From the SCE config if prompt type no traf...

Page 191: ... 26 How to Reset all Traffic Counters page 6 26 How to View a Specified Traffic Rule Step 1 From the SCE prompt type show interface linecard 0 traffic rule name rule name and press Enter Displays the configuration of the specified traffic rule How to View all Traffic Rules Step 1 From the SCE prompt type show interface linecard 0 traffic rule all and press Enter Displays the configuration of all e...

Page 192: ...CE prompt type clear interface linecard 0 traffic counter all and press Enter Displays the value of the each counter and lists the traffic rules that use it TOS Marking TOS marking is used in IP networks as a means to signal the priority of a flow between network elements The Cisco Service Control solution supports the TOS classification on a per service per package level via the SCA BB applicatio...

Page 193: ...redDiscardedPackets counts dropped packets The value in this counter is absolute only when hardware packet drop is disabled not the default mode When hardware packet drop is enabled default mode this MIB counter provides only a relative value indicating the trend of the number of packet drops with a factor of approximately 1 6 The user can disable the drop red packets by hardware mode This allows ...

Page 194: ... OL 7827 12 Chapter 6 Configuring the Line Interface Counting Dropped Packets How to Enable the Hardware Packet Drop Use this command to enable the drop red packets by hardware mode Step 1 From the SCE config if prompt type accelerate packet drops and press Enter ...

Page 195: ...very Mode page 7 9 Configuring the SCE Platform SM Connection page 7 10 Enabling and Disabling Link Failure Reflection page 7 12 Configuring the Connection Mode The connection mode command allows you to configure the topology of the system in one command The connection mode is determined by the physical installation of the SCE platform Caution This command can only be used if the line card is in e...

Page 196: ...uations packets that are used for the High Availability protocol monitoring and control may be dropped Thus an extreme situation could result in false detection of a failure in the SCE platform and an unnecessary switchover between the active and standby SCE platforms Receive only cascade two cascaded SCE platforms receive only Default inline sce id In cascaded topologies defines which link is con...

Page 197: ...ompt type connection mode inline receive only inline cascade receive only cascade sce id 0 1 priority primary secondary on failure bypass cutoff and press Enter Configuring the Connection Mode Examples Example 1 This example defines the primary device in a two SCE platform redundant inline topology Link 0 is connected to this device and the link mode on failure is bypass SCE config if connection m...

Page 198: ...rface linecard 0 connection mode Slot 0 connection mode Connection mode is inline cascade slot 0 sce id is 1 slot 0 is secondary slot 0 is connected to peer slot failure mode is bypass Redundancy status is active SCE How to View the SCE ID Step 1 From the SCE prompt type show interface linecard 0 sce id and press Enter Viewing the SCE ID Example SCE enable 5 Password cisco SCE show interface linec...

Page 199: ...terfaces in addition to displaying the connection status as displayed by the show interface linecard connection mode command Step 1 From the SCE prompt type show interface linecard 0 cascade connection status and press Enter Monitoring the Connection Status Example The following example shows the output of this command in the case of two cascaded SCE platforms where the cascade interfaces have not...

Page 200: ...e specified link to the SCE platform Traffic still flows on the link but is not processed in any way by the SCE platform This does not affect the redundancy states Sniffing allows the SCE platform to forward traffic on the specified link through the bypass mechanism while still analyzing the traffic passively Sniffing is permitted to be configured for all links only use the all links option Cutoff...

Page 201: ...e 7 8 Enabling Asymmetric Routing page 7 8 How to Monitor Asymmetric Routing page 7 8 In some Service Control deployments asymmetrical routing occurs between potential service control insertion points Asymmetrical routing can cause a situation in which the two directions of a bi directional flow pass through different SCE platforms resulting in each SCE platform seeing only one direction of the fl...

Page 202: ...use the classical open flow mode ROOT level configuration Enabling Asymmetric Routing The asymmetric routing mode is disabled by default It is typically enabled by the SCA BB application when applying an appropriate service configuration Note that the detection of uni directional flows is done by the SCE platform regardless of the asymmetric routing mode but the appropriate configuration will assu...

Page 203: ...om the failure condition when performing an application upgrade See Managing Application Files page 3 9 How to Force a Virtual Failure page 7 9 How to Exit from a Virtual Failure page 7 9 How to Force a Virtual Failure Step 1 From the SCE config if prompt type force failure condition and press Enter The system asks for confirmation Forcing failure will cause a failover do you want to continue n St...

Page 204: ...m to boot as non operational after a failure SCE config failure recovery operation mode non operational Example 2 This example sets the system to the default failure recovery mode SCE config default failure recovery operation mode Configuring the SCE Platform SM Connection Configuring the Behavior of the SCE Platform in Case of Failure of the SM page 7 11 Configuring the SM SCE Platform Connection...

Page 205: ... default Take no action Step 1 From the SCE config if prompt type subscriber sm connection failure action force failure none remove mappings shut and press Enter Configures the action of the SCE platform in the case of failure of the connection to the SM Configuring the SM SCE Platform Connection Timeout You can also configure the timeout interval the length of time that the SM SCE platform connec...

Page 206: ... The default value is disabled How to Enable Link Failure Reflection Step 1 From the SCE config if prompt type link failure reflection and press Enter Enables link failure reflection How to Disable Link Failure Reflection Step 1 From the SCE config if prompt type no link failure reflection and press Enter Disables link failure reflection Enabling and Disabling Link Failure Reflection on All Ports ...

Page 207: ...isable failure reflection to all ports the on all ports keyword is not used in the no form of the command The default value is disabled How to Enable Link Failure Reflection on All Ports Step 1 From the SCE configif prompt type link failure reflection on all ports and press Enter Enables failure reflection to all ports How to Disable Link Failure Reflection on All Ports Step 1 From the SCE config ...

Page 208: ...s case the failure is not reflected to any of the other interfaces This allows the second link in the SCE platform to continue functioning without interruption Use the no form of this command with the linecard aware mode keyword to disable the linecard aware mode without disabling link failure reflection itself How to Enable Linecard Aware Mode Step 1 From the SCE config if prompt type link failur...

Page 209: ... simultaneously in the same deployment However any specific destination external collector to which data is sent can be configured with only one protocol Information About the RDR Formatter and NetFlow Exporting Support page 8 1 Configuring Data Destinations and Categories page 8 6 Configuring the RDR Formatter page 8 13 Configuring the NetFlow Exporting Support page 8 14 Configuring Dynamic Mappi...

Page 210: ...r 7 application export reporters NetFlow Terminology page 8 2 NetFlow Exporting Support page 8 3 NetFlow Terminology Exporter A device in this case the RDR formatter component in the SCE platform with NetFlow services enabled responsible for exporting information using NetFlowV9 protocol NetFlow Collector A device that receives records from one or more exporters It processes the received export pa...

Page 211: ...records for several RDR types with the structure of each NetFlow data record that corresponds to that RDR type All NetFlow templates are pre defined users cannot create or edit the NetFlow templates Please note that if an RDR tag that is not supported for NetFlow exporting is configured to be sent over a NetFlow destination this report will not be formatted and sent and a special counter will be i...

Page 212: ...le others should be sent to the mediation system In this case the data types are divided into up to four groups and each group or category is assigned to a particular destination or destinations The categories are defined by the application running on the SCE platform The system supports up to four categories Therefore the destination must be configured regarding each category in use Each destinat...

Page 213: ...should less likely to be sent to this destination Redundant forwarding mode Assign a high priority to the primary destination for the system category Assign a lower priority to the secondary destination for the system category Setting DSCP for NetFlow When using the NetFlowV9 protocol priority can be defined by configuring a DSCP value to be assigned to the NetFlow packets This DSCP value defines ...

Page 214: ...e is linked to the configured protocol as follows RDRv1 protocol requires TCP transport type NetFlow V9 protocol requires UDP transport type Configuring Data Destinations and Categories Configuring a Data Destination page 8 6 Configuring the Data Categories page 8 8 Configuring the Forwarding Mode page 8 12 Configuring a Data Destination Options page 8 7 Configuring the Data Destinations Examples ...

Page 215: ... formatter destination ip address port portnumber priority priority protocol protocol transport transport and press Enter Defines the destination When no category is specified as in the above example the specified priority is assigned to all categories Configuring the Data Destinations Examples Example 1 page 8 7 Example 2 page 8 7 Example 1 This example shows how to configure a simple system with...

Page 216: ... Defines the name for the specified category number This category name can then be used in any rdr formatter command instead of the category number How to Configure a Destination and Assign Categories Options page 8 8 Configuring the Data Destinations with Categories Examples page 8 9 Options The following options are available ip address the IP address of the destination portnumber the port numbe...

Page 217: ...e category and then configures two destinations assigning each to a different category see Figure 8 3 The data from category 1 goes to the first destination so a high priority was assigned to that category in the first destination and no priority in the second Since all data from category 2 prepaid goes to the second destination the priority assigned to category 2 is assigned only to the second de...

Page 218: ...o methods for assigning one category to the first destination only while the other category uses the second destination as the primary destination and the first destination as a secondary destination SCE config rdr formatter category number 2 name prepaid SCE config rdr formatter destination 10 1 1 205 port 33000 category name prepaid priority 90 category number 1 priority 10 protocol RdrV1 transp...

Page 219: ...s relevant however to the billing category since it goes to two different destinations SCE config rdr formatter forwarding mode multi cast SCE config rdr formatter category number 1 name billing SCE config rdr formatter category number 2 name prepaid SCE config rdr formatter destination 10 1 1 205 port 33000 priority 40 protocol NetFlowV9 transport udp SCE config no rdr formatter destination 10 1 ...

Page 220: ...g rdr formatter category number 2 name prepaid SCE config rdr formatter category number 3 name special prepaid SCE config rdr formatter destination 10 1 1 205 port 33000 category name billing priority 90 category name prepaid priority 80 protocol RdrV1 transport tcp SCE config rdr formatter destination 10 10 10 96 port 33000 category name prepaid priority 90 category name special prepaid priority ...

Page 221: ...r formatter forwarding mode mode and press Enter Configures the specified forwarding mode Configuring the Forwarding Mode Example The following example shows how to set the forwarding mode to multicast SCE config rdr formatter forwarding mode multicast Configuring the RDR Formatter Options page 8 13 How to Enable the RDR Formatter page 8 13 How to Disable the RDR Formatter page 8 14 How to Configu...

Page 222: ...nfig prompt type rdr formatter history size 0 and press Enter Sets the size of the RDR formatter history buffer Configuring the NetFlow Exporting Support Options page 8 14 How to Configure a DSCP Value for NetFlow page 8 15 How to Configure the Template Refresh Interval page 8 15 Options The following options are relevant specifically to NetFlow exporting support within the RDR Formatter Assigning...

Page 223: ... template records in seconds 1 86400 Step 1 From the SCE config prompt type rdr formatter destination ip address port port number protocol NetFlowV9 template data timeout timeout value and press Enter Sets the template refresh interval Configuring Dynamic Mapping of RDRs to Categories How to Configuring Mappings page 8 16 Dynamic configuration of RDRs to multiple categories is supported Each RDR t...

Page 224: ...er of the category 1 4 to which to map the RDR tag How to Add a Mapping to a Category Step 1 From the SCE config prompt type rdr formatter rdr mapping tag id tag number category number category number and press Enter If the table already contains a mapping with the same tag and category number an error is issued and nothing is done How to Remove a Mapping from a Category Step 1 From the SCE config...

Page 225: ... formatter commands How to the Display the Current RDR Formatter Configuration The system can display the complete data destination configuration or just specific parameters Step 1 From the SCE prompt type show rdr formatter and press Enter Displays the current RDR formatter configuration Displaying the RDR Formatter Configuration Example The following example shows how to display the current RDR ...

Page 226: ...in queue 0 thrown 0 format mismatch 0 unsupported tags 1701243 rate 2 RDRs per second max rate 64 RDRs per second Category 2 sent 12040436 in queue 0 thrown 0 format mismatch 0 unsupported tags 0 rate 12 RDRs per second max rate 453 RDRs per second Category 3 sent 0 in queue 0 thrown 0 format mismatch 0 unsupported tags 0 rate 0 RDRs per second max rate 0 RDRs per second Category 4 sent 0 in queue...

Page 227: ...command disables the linecard from issuing data records Both RDRs and NetFlow export packets are suppressed Use the no form of this command if you want the linecard to send records How to Disable the Linecard from Sending RDRs Step 1 From the SCE config if prompt type silent and press Enter Stops the linecard from producing RDRs How to Enable the Linecard to Send RDRs Step 1 From the SCE config if...

Page 228: ...8 20 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL 7827 12 Chapter 8 Raw Data Formatting The RDR Formatter and NetFlow Exporting Disabling the Linecard from Sending RDRs ...

Page 229: ...f each subscriber transmitting traffic through the platform Provide usage information for specific subscribers Enforce the appropriate policy on subscriber traffic each subscriber can have a different policy Information About Subscribers What is a Subscriber page 9 2 Subscriber Modes in Service Control Solutions page 9 3 Subscriber Mapping Limits page 9 5 Aging Subscribers page 9 5 VPN Based Subsc...

Page 230: ...t is subscribed to data services 3G phone owner The MS ISDN which is dynamically allocated by a Radius server A corporate enterprise customer of the service provider The corporate enterprise and the traffic it produces The set of NAT ed IP addresses which are allocated statically A CMTS The CMTS and the broadband traffic of the Cable Modem users that connect to the Internet through the CMTS A rang...

Page 231: ...irect Anonymous subscriber allows quick visibility into application and protocol usage without OSS integration and permits the application of a uniform control scheme using predefined templates There are two possible Subscriber Aware modes In these modes subscriber IDs and currently used network IDs are provisioned into the SCE platform The SCE platform can then bind usage to a particular subscrib...

Page 232: ...ID entries and the numbers of specific types of network IDs due to hardware limitations Working with Large Numbers of Subscribers A very large number of subscribers approaching the upper limit of the SCOS capacity is more typical in mobile installations As the actual number of subscriber increases the impact is expected to be approximately four flows per subscriber Actual Maximum Number of Subscri...

Page 233: ...ced subscriber aging is not supported when using VPN based subscribers VPN Based Subscribers A VPN based subscriber contains a set of mappings of the form IP VpnName where IP can be either a single IP address or a range of addresses A VPN based subscriber may be either VLAN based or MPLS VPN based Most VPN based subscriber functionality is managed via the SM with the role of the SCE platform CLI b...

Page 234: ...e standby SCE platform constantly requests external data information from the active SCE platform The synchronization is bi directional to ensure that the subscriber databases in both SCE platforms are identical Note that external data is only relevant for introduced subscribers both static and dynamic It has no meaning for anonymous subscribers or the default subscriber No more than two minutes o...

Page 235: ...ault csv file format page 9 8 Subscriber anonymous groups csv file format page 9 8 Subscriber Files Note MPLS VPN based subscribers cannot be defined imported or exported by a subscriber file Individual subscribers anonymous groups and subscriber templates may all be defined in csv files A csv file is a text file in a comma separated values format Microsoft Excel can be used to view and create suc...

Page 236: ... 0 24 packageId the ID of the package to which the subscriber is assigned Here is an example of a subscriber csv file in the default format A comment line sub7 10 1 7 0 24 1 sub8 10 1 11 32 1 sub9 10 2 22 10 2 sub10 10 3 33 10 2 sub11 10 4 44 10 1 sub12 10 1 11 90 10 3 0 0 16 2 Subscriber anonymous groups csv file format Each line has the following structure name IP range template index manager na...

Page 237: ...scriber management commands are LineCard interface commands Make sure that you are in LineCard Interface command mode Note MPLS VPN based subscribers cannot be defined imported or exported by a subscriber file Options The following option is available filename the name of the csv file How to Import Subscriber Information Step 1 From the SCE config if prompt type subscriber import csv file filename...

Page 238: ...emplate Step 1 From the SCE config if prompt type subscriber template import csv file filename and press Enter Imports the subscriber template from the specified file How to Export a Subscriber Template Step 1 From the SCE config if prompt type subscriber template export csv file filename and press Enter Exports the subscriber template to the specified file Removing Subscribers and Templates How t...

Page 239: ... name These subscriber management commands are LineCard interface commands with the exception of the clear subscriber anonymous command which is a Privileged Exec command Make sure that you are in LineCard Interface command mode and that the SCE config if prompt appears in the command line How to Remove a Specific Subscriber Options The following option is available subscriber name the name of the...

Page 240: ...to Remove All Anonymous Subscriber Groups Step 1 From the SCE config if prompt type no subscriber anonymous group all and press Enter Removes all anonymous subscriber groups How to Remove All Anonymous Subscribers Step 1 From the SCE prompt type clear interface linecard 0 subscriber anonymous all and press Enter Removes all anonymous subscribers Note The clear subscriber anonymous command is a Pri...

Page 241: ...he SCE config if prompt type no subscriber all with vpn mappings and press Enter Clears all VPN based subscribers How to Remove Subscribers by Device You can remove all subscribers managed by a specified device The device can be either of the following The SM A specified SCMP peer device How to Remove Subscribers from the SM Step 1 From the SCE config if prompt type no subscriber sm all and press ...

Page 242: ...us Subscriber Groups page 9 12 Defining Anonymous Groups Use this command to define an anonymous group assigning the following to the group created group name range of IP addresses subscriber template to be assigned to all subscribers within that IP range optional How to Define an Anonymous Group Options The following options are available group name name to be assigned to the anonymous group rang...

Page 243: ... to Export Anonymous Groups Options The following option is available filename name of the csv file Step 1 From the SCE config if prompt type subscriber anonymous group export csv file filename and press Enter Exports all existing anonymous groups to the specified csv file Monitoring Subscribers How to Monitor the Subscriber Database page 9 16 Displaying Subscribers page 9 18 Displaying Subscriber...

Page 244: ...ng the Subscriber Database Counters page 9 18 Use the following commands to display statistics about the subscriber database and to clear the total and maximum counters show interface linecard 0 subscriber db counters The following counters are displayed Current number of subscribers Current number of introduced subscribers Current number of anonymous subscribers Current number of active subscribe...

Page 245: ...th subscriber mappings 2 used out of 2015 max Subscribers with open sessions 0 Subscribers with TIR mappings 0 Sessions mapped to the default subscriber 0 Peak values Peak number of subscribers with mappings 2 Peak number occurred at 14 56 55 ISR MON June 9 2007 Peak number cleared at 15 29 39 ISR MON June 9 2007 Event counters Subscriber introduced 2 Subscriber pulled 0 Subscriber aged 0 Pull req...

Page 246: ...VPN VLAN ID or MPLS VPN page 9 21 You can display the names of all subscribers You can also display specific subscriber name s that meet various criteria A subscriber property is equal to larger than or smaller than a specified value Subscriber name matches a specific prefix or suffix Mapped to a specified IP address range may be within a specified VPN Mapped to a specified VLAN ID Mapped to a spe...

Page 247: ...subscriber names How to display subscribers that match a specified value of a subscriber property page 9 19 How to display subscribers that are greater than or less than a specified value of a subscriber property page 9 20 How to display subscribers that match a specified prefix page 9 20 How to display subscribers that match a specified suffix page 9 20 How to display the number of subscribers th...

Page 248: ...ions The following options are available prefix subscriber prefix to match Step 1 From the SCE prompt type show interface linecard 0 subscriber prefix prefix and press Enter How to display subscribers that match a specified suffix Options The following options are available suffix subscriber suffix to match Step 1 From the SCE prompt type show interface linecard 0 subscriber suffix suffix and pres...

Page 249: ...ping IP Address VPN VLAN ID or MPLS VPN How to display subscribers that are mapped to a specified IP address or range of IP addresses page 9 22 How to display subscribers that are mapped to IP addresses that are included in a given IP address or IP range page 9 22 How to display subscribers that are mapped to a specified VLAN ID page 9 22 How to display subscribers that are mapped to a specified M...

Page 250: ... are available ip range IP address x x x x or range of IP addresses x x x x y to match vpn name optional The name of the VPN in which to search for the IP address Step 1 From the SCE prompt type show interface linecard 0 subscriber mapping included in IP ip range VPN vpn name and press Enter How to display subscribers that are mapped to a specified VLAN ID Options The following options are availab...

Page 251: ...w to display the number of subscribers with no mapping Step 1 From the SCE prompt type show interface linecard 0 subscriber amount mapping none and press Enter Displaying Subscriber Information How to display a listing of subscriber properties page 9 24 How to display complete information for a specified subscriber page 9 24 How to display values of subscriber properties for a specified subscriber...

Page 252: ...listing of subscriber properties Step 1 From the SCE prompt type show interface linecard 0 subscriber properties and press Enter How to display complete information for a specified subscriber Use this command to display complete information for a specified subscriber including all values of subscriber properties and mappings Options The following options are available name subscriber name Step 1 F...

Page 253: ...ymous group page 9 26 How to display subscribers in a specified anonymous group page 9 26 How to display all subscribers currently in anonymous groups page 9 26 How to display the number of subscribers in a specified anonymous group page 9 27 How to display the total number of subscribers in all anonymous groups page 9 27 You can display the following information regarding the anonymous subscriber...

Page 254: ...nfiguration for a specified anonymous group Options The following options are available group name name of the anonymous subscriber group Step 1 From the SCE prompt type show interface linecard 0 subscriber anonymous group name group name and press Enter How to display subscribers in a specified anonymous group Options The following options are available group name name of the anonymous subscriber...

Page 255: ...ber amount anonymous and press Enter Managing VPNs and VPN Subscriber Mappings How to Display VPN related Mappings page 9 27 How to Clear Upstream MPLS VPN Mappings page 9 28 How to Clear Automatic VPNs page 9 29 How to Display VPN related Mappings How to Display Mappings for a Specified VPN page 9 27 How to Display a Listing of All VPNs page 9 28 Use the following Viewer commands to display VPNs ...

Page 256: ...play a Listing of All VPNs Use this command to display a listing of all currently logged in VPNs Step 1 From the SCE prompt type show interface linecard 0 VPN all names and press Enter Displaying a Listing of All VPNs Example SCE show interface linecard 0 VPN all names How to Clear Upstream MPLS VPN Mappings Use this command to remove all learned upstream labels of a specified VPN Options The foll...

Page 257: ...licts page 9 30 Subscriber Rules for TIRs page 9 31 Note Traffic Processor IP Range functionality is relevant only for IP based subscribers This functionality is not relevant for VLAN or MPLS VPN subscribers In a Cable environment the SCE platform supports the capability of associating all CPE machines in a single home network i e behind a single cable modem to a single subscriber context and appl...

Page 258: ...elevant IP ranges are in use or after they are no longer in use Subscriber Mapping Modes The introduction of the TIR functionality provides two possible modes of subscriber mapping Legacy subscriber mapping ensures that all mappings of a single subscriber reach the same traffic processor by internal means using a hash on the subscriber IP and or using specific subscriber rules on the IP range when...

Page 259: ...configuration is a major system event and can only be performed when no subscriber mappings or TIRs are configured How to Reserve Rules for TIRs Use these commands to reserve rules for TIRs and to restore default subscriber rule allocation Options The following options are available rules number of subscriber rules to be reserved for TIRs Step 1 From the SCE config if prompt type subscriber TP map...

Page 260: ...e or Update a TIR Step 1 From the SCE config if prompt type subscriber TP IP range name tir name IP range ip address mask target TP traffic processornumber and press Enter Creating Creates a TIR with the specified name and IP range and assigns it to the specified traffic processor Updating Updates the IP range and or assigned traffic processor for the specified TIR Updating the IP range If subscri...

Page 261: ...w to Remove a Specified TIR Step 1 From the SCE config if prompt type no subscriber TP IP range name tir name remove subscriber mappings and press Enter If subscriber mappings exist for this IP range the command will fail Specify remove subscriber mappings to remove any existing subscriber mappings for this IP range and the command will execute successfully How to Remove All TIRs Step 1 From the S...

Page 262: ...to a csv File page 9 35 About TIR csv Files Following is the format of the csv file range name ip address mask length target TP range name The name of the to which the IP addresses will be assigned ip address mask length individual IP address of range of IP addresses indicated by IP address mask target TP traffic processor to which the specified range will be assigned remove subscriber mappings Wh...

Page 263: ...Monitor TIRs How to Display Traffic Processor Mappings State page 9 36 How to Display Configuration of a Specified TIR page 9 36 How to Display Configuration of All TIRs page 9 36 How to Display Mappings Related to a Specified TIR page 9 36 How to Display the Number of Subscribers with Mappings Related to a Specified TIR page 9 36 How to Display Complete Subscriber Information page 9 36 How to Dis...

Page 264: ...ompt type show interface linecard 0 subscriber TP IP range all and press Enter How to Display Mappings Related to a Specified TIR Step 1 From the SCE prompt type show interface linecard 0 subscriber mapping included in TP IP range name tir name and press Enter How to Display the Number of Subscribers with Mappings Related to a Specified TIR Step 1 From the SCE prompt type show interface linecard 0...

Page 265: ... the override before you load the application The configured maximum number of subscribers takes effect when the next load command is executed If you have disabled the capacity option and then the next time you load a new application you want to use the capacity option you must re enable the capacity option before loading the application file see How to Restore the Configured Capacity Option page ...

Page 266: ...rs page 9 39 How to Disable Aging for Introduced Subscribers page 9 39 How to Set the Aging Timeout Period for Anonymous Group Subscribers page 9 39 How to Set the Aging Timeout Period for Introduced Subscribers page 9 40 How to Display Aging for Anonymous Group Subscribers page 9 40 How to Display Aging for Introduced Subscribers page 9 40 As explained previously Aging Subscribers page 9 5 aging ...

Page 267: ...ging for Anonymous Group Subscribers Step 1 From the SCE config if prompt type no subscriber aging anonymous and press Enter How to Disable Aging for Introduced Subscribers Step 1 From the SCE config if prompt type no subscriber aging introduced and press Enter How to Set the Aging Timeout Period for Anonymous Group Subscribers Options The following option is available aging time the time interval...

Page 268: ...1 From the SCE prompt type show interface linecard 0 subscriber aging introduced and press Enter Configuring the SCE Platform SM Connection Options page 9 41 Configuring the Behavior of the SCE Platform in Case of Failure of the SM page 9 41 Configuring the SM SCE Platform Connection Timeout page 9 42 The user can configure the behavior of the SCE platform in case of failure of the Subscriber Mana...

Page 269: ...ase of loss of connection between the SCE platform and the SM Possible actions are force failure Force failure of SCE platform The SCE platform then acts according to the behavior configured for the failure state remove mappings Remove all current subscriber mappings shut The SCE platform shuts down and quits providing service none default Take no action warning The system operational status of th...

Page 270: ...also configure the timeout interval the length of time that the SM SCE platform connection is disrupted before a failed connection is recognized and the configured behavior is applied Options The following option is available interval the timeout interval in seconds Step 1 From the SCE config if prompt type subscriber sm connection failure timeout interval and press Enter Configures the connection...

Page 271: ... Detection page 10 4 This module presents the fail over and redundancy capabilities of the SCE platform It first defines relevant terminology as well as pertinent theoretical aspects of the redundancy and fail over solution It then explains specific recovery procedures for both single and dual link topologies It also explains specific update procedures to be used in a cascaded SCE platform deploym...

Page 272: ...n recovers it will not revert to active status but remains in standby status while the secondary device remains active Subscriber state fail over A fail over solution in which subscriber state is saved Redundant Topologies All Cisco SCE platforms include an internal electrical bypass module which provide the capability of preserving the network link in case the SCE platform fails The SCE platform ...

Page 273: ...rving the network link Figure 10 1 Figure 10 1 In line Dual Link Redundant Topology LINK RX Cisco SCE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX GBE 1 SUB LINE NET PWR B STATUS PWR A BYPASS GBE 2 SUB LINE CASCADE NET LINK RX Cisco SCE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX GBE 1 SUB LINE NET PWR B STA...

Page 274: ...tform is again ready for hot standby If both SCE platforms lose their connections with the SM it is assumed that it is the SM which has failed thus no action will be taken in the SCE platform Link Failure Reflection The SCE platforms are transparent at Layers 2 and 3 The SCE platform operates in promiscuous mode and the network elements on both sides of the SCE platform are using the MAC address o...

Page 275: ...ion requires two SCE platforms connected in a cascade manner Hot Standby page 10 5 Fail over page 10 6 Failure in the Cascade Connection page 10 7 Installing a Cascaded System page 10 7 Hot Standby In fail over solution one of the SCE platforms is used as the active SCE platform and the other is used as the standby Although traffic enters both the active and the standby SCE platforms all traffic p...

Page 276: ...on to the traffic of its own link When the failed SCE platform recovers it will remain in standby while the previously standby SCE platform remains active Switching the SCE platforms back to their original roles may be performed manually if required after the failed SCE platform has either recovered or been replaced If the failure is in the standby SCE platform it will continue to forward traffic ...

Page 277: ... connection remains up the standby will cut off its traffic links so that all traffic is routed via the active SCE platform Therefore split flow is avoided but at the expense of half line capacity Both cascade links are down In this case neither SCE platform knows anything about the status of the peer Each platform then works in standalone mode which means that each SCE platform processes on its o...

Page 278: ...hange the link mode on both SCE platforms on both links to forwarding It is recommended to first configure the active SCE platform and then the standby See About the Link Mode page 7 6 Step 11 You can now start working with the Subscriber Manager Recovery Replacing the SCE platform manual recovery page 10 9 Reboot only fully automatic recovery page 10 9 This section specifies the procedure for rec...

Page 279: ...Basic network configurations done manually first time Step 5 Load application software Service Control Application for Broadband to the SCE platform Provide application configuration Step 6 Connect the traffic ports to the network links Automatic steps in parallel with the manual steps requires no user intervention Step 1 Establishment of inter SCE platform communication Step 2 Synchronization wit...

Page 280: ...ically connected links For each of the cascaded SCE platforms this parameter defines the number of the link Link 0 or Link 1 connected to this SCE platform Priority For each of the cascaded SCE platforms this parameter defines whether it is the primary or secondary device On failure For each of the cascaded SCE platforms this parameter determines whether the system cuts the traffic or bypasses it ...

Page 281: ... Link 1 was connected to the primary The connection mode would be the same as the first and the behavior of the SCE platform if a failure occurs is also bypass SCE 2000 config if connection mode inline cascade physically connected links link 0 priority secondary on failure bypass Monitoring a Cascaded System Use the following commands to view the current connection mode and link mode parameters Ho...

Page 282: ...he application only Upgrade both the firmware and the application at the same time Note When upgrading only one component either firmware only or application only always verify that the upgraded component is compatible with the component that was not upgraded Firmware Upgrade package installation Step 1 Install package on both SCE platforms open the package and copy configuration Step 2 Reload the...

Page 283: ...tion in the former active SCE platform Step 7 Remove the force failure condition in that platform Step 8 After the former active SCE platform recovers and is ready to work it may remain the standby or can be manually switched back to active Simultaneous Upgrade of Firmware and Application Step 1 In the standby SCE platform a Uninstall the application b Upgrade the firmware this includes a reboot c...

Page 284: ...10 14 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL 7827 12 Chapter 10 Redundancy and Fail Over System Upgrades ...

Page 285: ...rocedures for configuring and monitoring the Attack Filter Module Attack Filtering and Attack Detection page 11 1 Configuring Attack Detectors page 11 7 Configuring Subscriber Notifications page 11 18 Preventing and Forcing Attack Detection page 11 19 Monitoring Attack Filtering page 11 21 Attack Filtering and Attack Detection Attack Filtering page 11 2 Specific Attack Filtering page 11 2 Attack D...

Page 286: ... subscriber side to a specific IP address on the network side 6 Same as 5 but for the opposite direction from the network side to the subscriber side 7 12 Same as 1 6 but with a specific destination port common to all flows of the attack 1 6 are port less attack types 7 12 are port based attack types 13 24 Same as 1 12 but for UDP instead of TCP 25 28 Same as 1 4 but for ICMP instead of TCP 29 32 ...

Page 287: ...ngle side The attack is identified by either the source IP address or the destination address only The filter definition may specify the specific side or may include any single side attack regardless of side both dual side TCP and UDP protocols only The attack is identified by both the source and destination IP addresses In other words when a specific IP attacks a specific IP this is detected as o...

Page 288: ...e is measured in new flows per second suspected flow rate A suspected flow is one that was opened but did not become an established flow The rate is measured in new flows per second suspected flow ratio The ratio of the suspected flow rate to the open flow rate As explained above a specific IP attack is declared if either of the following conditions is present The open flows rate exceeds the thres...

Page 289: ...ttack source or the attack destination Type of threshold breached open flows ddos suspected flows attack start traps only Threshold value breached attack start traps only Action taken report block indicating what was the action taken by the SCE platform in response to the detection Amount of attack flows blocked reported providing the total number of flows detected during the attack attack stop tr...

Page 290: ... the actual rate Usually a rate of 0 is measured by the software There is considerable delay in detecting the end of the attack The delay in detecting the end of attack is limited by two upper bounds The first upper bound depends on the configured action as follows Report a delay of no more than 8 minutes Block a delay of no more than 64 minutes A second upper bound for the delay is one minute mor...

Page 291: ...NS requests per second at peak times and so the system should be configured with a suitable threshold for DDoS suspected flows for protocol UDP and direction attack destination A threshold value of 1000 flows second would probably be suitable for the DNS server However this threshold would be unsuitable for almost all other network elements since for them being the destination of such large rate o...

Page 292: ...from low to high numbers If the IP address is permitted by the ACL specified by the attack detector and a threshold is configured for this attack type then the threshold values specified by this attack detector are used If not the scan continues to the next attack detector If no attack detector matches the IP address protocol combination then the values of the default attack detector are used The ...

Page 293: ...d UDP protocols for only port based or only port less detections For a selected attack direction either for all protocols or for a selected protocol Options The following options are available protocol The specific protocol for which specific IP detection is to be enabled or disabled Default all protocols no protocol specified attack direction Defines whether specific IP detection is enabled or di...

Page 294: ...to Disable Specific IP Detection for ICMP for Single sided Attacks Defined by the Source IP Step 1 From the SCE config if prompt type no attack filter protocol ICMP attack direction single side source and press Enter How to Configure the Default Attack Detector Options page 11 11 How to Define the Default Action and Optionally the Default Thresholds page 11 11 How to Reinstate the System Defaults ...

Page 295: ...rt beginning and end of the attack by writing to the attack log block Block all further flows that are part of this attack the SCE platform drops the packets Thresholds open flows rate Default threshold for rate of open flows suspected flows rate Default threshold for rate of suspected DDoS flows suspected flows ratio Default threshold for ratio of suspected flow rate to open flow rate Use the app...

Page 296: ...s in Step 1 Step 3 From the SCE config if prompt type attack detector default protocol TCP UDP dest port specific not specific both ICMP other all attack direction single side source single side destination single side both dual sided all side subscriber network both alarm no alarm and press Enter Enables or disables sending an SNMP trap by default for the defined attack type The attack type must ...

Page 297: ...rm supports a maximum of 100 attack detectors Each attack detector is identified by a number 1 100 Each detector can be either disabled default or enabled An enabled attack detector must be configured with the following parameters access list The number of the Access Control List ACL associated with the specified attack detector The ACL identifies the IP addresses selected by this detector See Acc...

Page 298: ...e subscriber notification by default notify subscriber Enable subscriber notification don t notify subscriber Disable subscriber notification Use the appropriate keyword to enable or disable sending an SNMP trap by default alarm Enable sending an SNMP trap no alarm Disable sending an SNMP trap How to Enable a Specific Attack Detector and Assign it an ACL Step 1 From the SCE config if prompt type a...

Page 299: ...detector How to Define the SNMP Trap Setting for a Specific Attack Detector Use the following command to enable or disable sending an SNMP trap for a given attack detector and selected set of attack types Step 1 From the SCE config if prompt type attack detector number protocol TCP UDP dest port specific not specific both ICMP other all attack direction single side source single side destination s...

Page 300: ...ual sided all side subscriber network both and press Enter Defines the action of the specified attack detector How to Disable a Specific Attack Detector Use the following command to disable a specific attack detector configuring it to use the default action threshold values and subscriber notification for all protocols attack directions and sides Step 1 From the SCE config if prompt type default a...

Page 301: ...ICMP threshold and action Step 3 From the SCE config if prompt type attack detector 1 access list 3 UDP ports list 53 comment DNS servers and press Enter Enables attack detector 1 assigns ACL 3 to it and defines the list of UDP destination ports with one port port 53 Step 4 From the SCE config if prompt type attack detector 1 protocol UDP dest port specific attack direction single side destination...

Page 302: ...raises a question regarding TCP attacks originating from the subscriber that are configured with block action Such attacks cannot normally be notified to the subscriber using HTTP redirection since all HTTP flows originating from the subscriber are TCP flows and they are therefore blocked along with all other attack flows To enable effective use of HTTP redirect there is a CLI command that prevent...

Page 303: ...hen there is time to plan the needed changes properly Use the dont filter command described below for this type of case An ISP is informed that one of his subscribers is being attacked by a UDP attack from the network side The ISP wants to protect the subscriber from this attack by blocking all UDP traffic to the subscriber but unfortunately the SCE platform did not recognize the attack Alternativ...

Page 304: ...rection single side source single side destination single side both ip ip address dual sided source ip source ip address destination ip dest ip address side subscriber network both and press Enter How to Remove a dont filter Setting from a Specified Situation Step 1 From the SCE config if prompt type no attack filter dont filter protocol TCP UDP dest port port number not specific ICMP other attack...

Page 305: ...t number not specific ICMP other attack direction single side source single side destination single side both ip ip address dual sided source ip source ip address destination ip dest ip address side subscriber network both and press Enter How to Remove All force filter Settings Step 1 From the SCE config if prompt type no attack filter force filter all and press Enter Monitoring Attack Filtering M...

Page 306: ...ration duration seconds total flows hw filter If the end of the attack was declared as a result of a no force filter command or a new don t filter command Attack Filter Forced to end action2 IP info from side side protocol protocol Attack end forced using a no force filter or a don t filter command The format of the reason string sent when an attack begins is If attack end was detected in the traf...

Page 307: ...lt attack detector configuration page 11 25 How to display all attack detector configurations page 11 26 How to display filter state enabled or disabled page 11 26 How to display configured threshold values and actions page 11 26 How to display the current counters page 11 28 How to display all currently handled attacks page 11 28 How to display all existing force filter settings page 11 28 How to...

Page 308: ... threshold for ratio of suspected flow rate to open flow rate Subscriber notification enabled or disabled Alarm sending an SNMP trap enabled or disabled Options The following option is available number the number of the attack detector to display Step 1 From the SCE prompt type show interface linecard 0 attack detector number and press Enter Example SCE show interface LineCard 0 attack detector 1 ...

Page 309: ... dest only Report 1000 500 50 No No TCP sub source only Report 1000 500 50 No No TCP sub dest only Report 1000 500 50 No No TCP net source dest Report 100 50 50 No No TCP sub source dest Report 100 50 50 No No TCP port net source only Report 1000 500 50 No No TCP port net dest only Report 1000 500 50 No No TCP port sub source only Report 1000 500 50 No No TCP port sub dest only Report 1000 500 50 ...

Page 310: ...ttack filter and press Enter Example SCE show interface LineCard 0 attack filter Enabled state Protocol Direction State TCP source only enabled TCP dest only enabled TCP dest source enabled TCP port source only enabled TCP port dest only enabled TCP port dest source enabled UDP source only enabled UDP dest only enabled UDP dest source enabled UDP port source only enabled UDP port dest only enabled...

Page 311: ...uery for a single IP address SCE show interface linecard 0 attack filter query single sided ip 10 1 1 1 configured Protocol Side Dir Action Thresholds don t force Sub Alarm Open flows Ddos Susp flows filter filter notif rate rate ratio TCP net src Report 1000 500 50 No No No No TCP net dst Report 1000 500 50 No No No No TCP sub src Report 1000 500 50 No No No No TCP sub dst Report 1000 500 50 No N...

Page 312: ... src Report 1000 500 50 No No No No UDP port sub dst Report 1000 500 50 No No No No N below a value means that the value is set through attack detector N SCE How to display the current counters Use this command to display the current counters for the specified attack detector for attack types for a specified IP address Step 1 From the SCE prompt type show interface linecard 0 attack filter query s...

Page 313: ...naccuracies in the attack reporting Note that this information also appears in the attack log file Source IP Side Open rate Handled Action HW force Dest IP Protocol Susp rate flows filter filter Duration 10 1 1 1 Subscriber 523 4045 Report No No TCP 0 9 The Attack Log How to View the Attack Log page 11 30 How to Copy the Attack Log to a File page 11 30 The attack log contains a message for each sp...

Page 314: ...logged in that file are then temporarily archived New attack events are then automatically logged to the alternate log file When the second log file reaches maximum capacity the system then reverts to logging events to the first log file thus overwriting the temporarily archived information stored in that file The following SNMP trap indicates that the attack log is full and a new log file has bee...

Page 315: ...8 VAS over 10G page 12 32 Intelligent Traffic Mirroring page 12 47 Information About VAS Traffic Forwarding This module provides an overview of VAS traffic forwarding and explains how to configure and monitor VAS traffic forwarding It also explains how to configure VAS over 10G installations With every new SCA BB release the classification and control of new services is supported The VAS integrati...

Page 316: ...s the switch towards the VAS servers VAS Service Goals The VAS traffic forwarding functionality allows the Service Control solution to meet several important service goals Allows service providers to provide a range of Value Added Services to their subscribers thus increasing customer satisfaction Allows the SCE platform to forward part of the traffic to third party devices that can provide additi...

Page 317: ...Typical VAS Traffic Forwarding Installation Important information A single SCE platform can support up to eight VAS servers A maximum of 512 SCE platforms can be connected The same VAS server may be used by more than one SCE platform The VAS traffic forwarding feature is supported on the SCE 2000 4xGBE platform only Note When working in VAS mode the SCE performance envelope might be up to 50 lower...

Page 318: ... When forwarding traffic back to the network after processing injecting the VAS devices must preserve the original layer 2 headers containing the MAC addresses and the VLAN tag The VAS devices may not change the MAC addresses destination or source or the VLAN tags New traffic can be injected in the context of existing flow only The VAS device is not permitted to initiate new flows When injecting t...

Page 319: ... per package VLAN Tags for VAS Traffic Forwarding The traffic is routed between the SCE platform and the VAS servers by VLANs There is a unique VLAN tag for each SCE platform VAS server combination Before being forwarded to the VAS servers the SCE platform adds the VLAN tag to the original traffic When the traffic returns to the SCE platform the SCE platform removes the VLAN tag it previously adde...

Page 320: ...f the flow It then selects one server within this group to handle the flow The SCE platform performs load sharing between multiple VAS servers belonging to the same Server Group the balance is based on subscriber load In other words the SCE platform ensures that the subscribers are evenly distributed between the VAS servers in the same group Note that the mapping of subscriber to a VAS server per ...

Page 321: ... 12 3 illustrates the data flow from the subscriber to the network Data flow from the network to the subscriber works in exactly the same way but is received on the network port N and transmitted on the subscriber port S Figure 12 3 Data Flow in a VAS System Non VAS Data Flow The flow steps for a non VAS flow are A subscriber packet is received at the SCE platform port 1 S The SCE platform classif...

Page 322: ...cket on port 3 S drops the VLAN tag and passes the packet towards the network through port 2 N Load Balancing Load Balancing and Subscribers page 12 9 Load Balancing and Subscriber Mode page 12 9 VAS servers can be grouped logically according to their service type Consider for example a system that requires both FTP caching and virus filtering A single VAS server for each service might not have en...

Page 323: ...rly in subscriberless mode as the entire traffic load would be carried only by one VAS server per group Note Use anonymous mode rather than subscriberless mode with VAS traffic forwarding In Pull mode the first flow of the subscriber behaves as configured in the anonymous template If no anonymous template is configured such first flows will be processed as defined by the default template Therefore...

Page 324: ...n case the actual number of active servers goes below this number Note that if the minimum number equals the total number of configured servers it means there is no redundancy and failure of one server will cause the failure of the whole server group When the SCE platform detects that the number of active servers within a group is below the configured minimum it changes the state of the group to F...

Page 325: ...al interaction with the VAS device since the VAS server does not need to answer the health check packets only to pass them as they are back to the SCE platform As long as the packets are received by the SCE platform the VAS server is considered to be alive Failing to receive the packets back from the VAS server within a pre defined time window is considered by the SCE platform as a failure of the ...

Page 326: ...nabled or disabled VAS server state as reported by the health check VAS Traffic Forwarding Topologies The following sections describe the following VAS traffic forwarding topologies Single SCE Platform Multiple VAS Servers page 12 12 Multiple SCE Platforms Multiple VAS Servers page 12 14 VAS over 10G page 12 32 which is a special case of Cisco Multi Gigabit Service Control Platform MGSCP solution ...

Page 327: ...nt adds the server VLAN tag to the packet and transmits the packet on port 4 Network The packet is routed by the Ethernet switch to the VAS server according to its VLAN tag the port towards the VAS server should be the only port with this VLAN tag allowed The VAS server processes the packet and either drops or forwards it without changing the VLAN tag The packet is forwarded by the Ethernet switch...

Page 328: ...while the bottom SCE platform forwards to VAS servers 2 and 3 A unique VLAN tag must designate each SCE platform to VAS server path This topology is illustrated with two SCE platforms but a maximum of 512 SCE platforms is supported limited by the VLAN tag size The two Ethernet switches route the traffic to the VAS servers The routing is VLAN based The Ethernet switch should be configured to trunk ...

Page 329: ...are certain SCE platform features that are incompatible with VAS traffic forwarding Before enabling VAS traffic forwarding it is the responsibility of the user to make sure that no incompatible features or modes are configured The features and modes listed below cannot coexist with VAS mode Line card connection modes receive only receive only cascade inline cascade Link mode other than forwarding ...

Page 330: ...are required in the configuration of the global controllers to support these two restrictions Global Controllers and VAS flows When VAS traffic forwarding is enabled the global controllers function slightly differently Only 48 global controllers are available to the user Global controllers 49 63 are used to count VAS traffic The reserved global controllers cannot be configured On VAS flows the flo...

Page 331: ...r the GBE interfaces and enable VAS mode 2 Verify the state of the individual VAS servers as well as that of the VAS Server Groups to make sure all are Up see Monitoring VAS Traffic Forwarding page 12 28 3 Configure which traffic goes to which Server Group through the SCA BB console see Configuring VAS Traffic Forwarding from the SCA BB Console page 12 17 Configuring VAS Traffic Forwarding from th...

Page 332: ...le Enable disable Enable or disable VAS traffic forwarding Default Disable Step 1 From the SCE config if prompt type VAS traffic forwarding and press Enter Disabling VAS Traffic Forwarding Disabling the VAS Traffic Forwarding feature in runtime must be done with special care There are two points to consider You cannot disable VAS mode in the SCE platform while the applied SCA BB policy instructs t...

Page 333: ...ns page 12 19 How to Select the Link for VAS Traffic page 12 19 How to Revert to the Default Link for VAS Traffic page 12 19 By default the VAS traffic is transmitted on Link 1 If the VAS servers are connected on Link 0 you must configure the VAS traffic link to Link 0 To configure the link for VAS over 10G see VAS over 10G page 12 32 Note The VAS traffic link should be in Forwarding mode Options ...

Page 334: ... a specified VAS server Disable a specified VAS server Define the VLAN tag for a specified VAS server Enable or disable the Health Check for a VAS server Define the source and destination ports to use for the Health Check Delete all properties for a specified VAS server The server returns to the default state which is enabled However it is not operational since it does not have VLAN Note that a VA...

Page 335: ...LAN Tag Number from a Specified VAS Server page 12 22 How to Configure the Health Check page 12 22 How to Configure Pseudo IP Addresses for the Health Check Packets page 12 23 Options The following options are available number The number of the VAS server vlan id The VLAN tag to use for the specified VAS server The VLAN tag can be redefined as necessary Default No VLAN Note the following important...

Page 336: ...iguration page 12 23 About the Health Check Use these commands to enable and disable the Health Check and to define the ports it should use By default the VAS server health check is enabled however the user may disable it Note that the health check will be activated only if all the following conditions are true If the health check is enabled the server state will be Down if one or more conditions ...

Page 337: ...alth check and press Enter How to Disable VAS Server Health Check Step 1 From the SCE config if prompt type no VAS traffic forwarding VAS server id number health check and press Enter How to Define the UDP Ports to be Used for Health Check Step 1 From the SCE config if prompt type VAS traffic forwarding VAS server id number health check UDP ports source portnumber destination portnumber and press ...

Page 338: ...nfigured for the network side interface source IP address for health check packets going in the Downstream direction destination IP address for health check packets going in the Upstream direction Note This command is a ROOT level command in the Gigabit Interface Configuration mode Options The following options are available ip address IP address to be used any IP address as long as it is not poss...

Page 339: ...will be in Failure state Failure action action performed on all new data flows that should be mapped to this Server Group while it is in Failure state Options block pass Use the following commands to perform these operations for a VAS server group Add or remove a VAS server to or from a specified group Configure the minimum number of active servers for a specified group Configure failure behavior ...

Page 340: ...rameters About VAS Server Group Failure Parameters page 12 26 Options page 12 27 How to Configure the Minimum Number of Active Servers for a Specified VAS Server Group page 12 27 How to Reset the Minimum Number of Active Servers for a Specified VAS Server Group to the Default page 12 27 How to Configure the Failure Action for a Specified VAS Server Group page 12 27 How to Configure the Failure Act...

Page 341: ...up group number failure minimum active servers min number and press Enter How to Reset the Minimum Number of Active Servers for a Specified VAS Server Group to the Default Step 1 From the SCE config if prompt type default VAS traffic forwarding VAS server group group number failure minimum active servers min number and press Enter How to Configure the Failure Action for a Specified VAS Server Grou...

Page 342: ...ge 12 31 How to Clear the Health Check Counters for All VAS Servers page 12 31 How to Display Bandwidth per VAS Server and VAS Direction page 12 31 Use these commands to display the following information for VAS configuration and operational status summary Global VAS status summary VAS mode the traffic link used VAS Server Groups information summary operational status number of configured servers ...

Page 343: ...rs required for Active state 1 failure action Pass How to Display Operational and Configuration Information for All VAS Server Groups Step 1 From the SCE prompt type show interface linecard 0 VAS traffic forwarding VAS server group all and press Enter How to Display Operational and Configuration Information for a Specific VAS Server Step 1 From the SCE prompt type show interface linecard 0 VAS tra...

Page 344: ...Check Counters for a Specified VAS Server Step 1 From the SCE prompt type show interface linecard 0 VAS traffic forwarding VAS server id id number counters health check and press Enter Example SCE show interface linecard 0 VAS traffic forwarding VAS server id 0 Health Checks statistics for VAS server 0 Upstream Downstream Flow Index 0 Total packets sent 31028 31027 Total packets received 31028 310...

Page 345: ...ll counters health check and press Enter How to Display Bandwidth per VAS Server and VAS Direction Note that the bandwidth presented in this command is measured at the Transmit queues therefore the first table in the example presents the bandwidth of traffic transmitted towards the VAS servers and the second table presents the bandwidth of traffic transmitted out of the SCE platform after being ha...

Page 346: ...for VAS over 10G Topology page 12 45 VAS Over 10G Sample Configuration page 12 46 About VAS over 10G A specific configuration of VAS traffic forwarding is VAS over 10G using a Cisco 6500 7600 Series router as a dispatcher The VAS over 10G topology is a specific application of the Cisco Multi Gigabit Service Control Platform MGSCP solution in which only one external 10G link is supported The 7600 d...

Page 347: ...tion over 10G topology depends on the appropriate use of VLAN tags to route the packets through the system from the 7600 6500 to the SCE platform to the appropriate VAS server back to the SCE platform and then back to the network through the 7600 6500 Figure 12 7 illustrates the flow of VAS data in the VAS solution over 10G topology Note that the path between the SCE platform and the VAS servers h...

Page 348: ...without a VLAN tag VAS server 1 SCE 7600 B 7600 A N EC2 S N S EC1 EC2 EC1 3 SUBs 4 Net SUBs 10G 10G 10G 10G VLAN translation 505 525 506 526 VLAN 100 is stripped off Native VLAN VAS traffic keep the VLAN ID non VAS traffic get the native VLAN 101 Net 1 2 VAS server 1 LINK RX Cisco SCE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX GBE 1 SUB LINE NET PWR B...

Page 349: ...e VLAN tag changes along that path Although the figures show only one SCE platform in actuality the VAS over 10G topology would usually consist of multiple SCE platforms on multiple ECs In such a topology the ports towards the VAS servers must be trunk ports which allow the presence of multiple VLAN tags since there will be a unique VLAN tag for each EC As noted previously all SCE platforms on one...

Page 350: ...ipped off 100 is the native VLAN tag in the 7600 6500 trunk port 4 The SCE platform classifies the flow as VAS flow and tags it with the VAS server VLAN tag 505 5 The packet is sent to the VAS server from SCE platform port 2 N towards the 7600 6500 with VLAN tag 505 6 The packet is received on the 7600 6500 trunk port and is sent to the access port configured with VLAN 505 which is the port connec...

Page 351: ...he packet on port 1 S and forwards it towards the network through port 2 N The SCE platform forwards the packet with NO VLAN tag 6 The packet is received on the 7600 6500 trunk port gets the native VLAN 101 and sent towards the access port configured with VLAN 101 7 The packet is sent towards the network with no VLAN tag Failover Support The SCE monitors the health of the connection to each VAS se...

Page 352: ... link The default value of this parameter is less than the failure detection time It is recommended to configure a larger value Once there is a successful health check on the VAS link the link switches immediately upon failure see How to Configure the Minimum Time between Link Switches page 12 42 157212 VAS server 1 SCE 7600 B N EC2 S N S EC1 EC2 EC1 3 SUBs 4 Net SUBs 10G 10G 10G 10G Active VAS li...

Page 353: ...eck Failure of any VAS server group triggers the switch of the entire link to the standby VAS servers A server group failure is declared when the number of active VAS servers drops below the parameter minimum active VAS servers in a group see How to Configure VAS Server Group Failure Parameters page 12 26 Both links preserve SCA BB and VAS services However during the transition period the replacin...

Page 354: ...e Cisco documentation Please refer to the following guidelines when configuring the 7600 6500 as part of the VAS over 10G solution The 7600 6500 device traffic distribution is based on the EtherChannel dispatching function Specifically it is required that External traffic coming from the subscriber side of the 7600 6500 device must be hashed by the EtherChannel according to the source IP External ...

Page 355: ...lth check has succeeded Specify the link on which to transmit VAS traffic initially after changing the configuration to auto select in runtime or after reload or the current VAS traffic link if auto select is already configured How to Configure the Link for VAS over 10G By default the VAS traffic is transmitted on Link 1 However for VAS over 10G the VAS link should be set to auto select so that th...

Page 356: ...cutive link switches 30 seconds is less than the time it takes for the health check to fail This means that once a VAS server group fails the SCE platform switches immediately to the second link In cases where there is at least one failed VAS server group on both links the SCE platform will flip continuously between the links and as described above most of this time the state of the servers will b...

Page 357: ...How to Set the Active VAS Link Step 1 From the SCE config if prompt type VAS traffic forwarding traffic link auto select initial selection link 0 link 1 and press Enter How to Revert to the Default Active VAS Link Configuration Step 1 From the SCE config if prompt type no VAS traffic forwarding traffic link auto select initial selection and press Enter You can also use the default form of the comm...

Page 358: ...d as fault traffic and be dropped by the SCE platform All the SCE platforms under the same EtherChannel must have the same IP address configuration Using the same IP addresses allows the SCE platform to correctly identify health check flows coming from other SCE platforms as a result of the EtherChannel hashing and drop these flows before they are transmitted out of the SCE platform Options The fo...

Page 359: ...ptions The following options are available The keyword MGSCP is specified to enable health check compatibility because VAS over 10G is a special case of a MGSCP Multi Gigabit Service Control Platform system By default VAS over 10G compatibility is disabled How to Enable Health Check Compatibility for VAS over 10G MGSCP Step 1 From the SCE config if prompt type VAS traffic forwarding health check t...

Page 360: ...c forwarding traffic link auto select link switch delay 240 Configure the link switch delay four minutes The delay will be applied only if there was no successful health check on the current link Step 6 SCE config if VAS traffic forwarding traffic link auto select initial selection link 0 Set link 0 to be used as the initial VAS traffic link in auto select mode Step 7 SCE config if VAS traffic for...

Page 361: ...ot to return to the SCE platform after being processed by the third party servers Behavioral Targeting Use Case Today WEB advertising is being executed by content providers or publishers in collaboration with ad networks which actually handle the syndication of ads from advertisers to web sites The Cisco Service Control behavioral targeting solution provides the means for service providers to part...

Page 362: ...s marked for traffic mirroring the VAS server group for this flow is selected If the group includes more than one VAS server traffic will be forwarded in such a way that the subscriber load is shared between the servers on the same group The mapping of traffic portions to VAS server groups is done through the standard SCA BB GUI this definition is given per package Mirroring Termination Mirroring ...

Page 363: ... traffic The direction of the flow is preserved when mirrored so traffic that is received on the subscriber interface on either link is sent over a VLAN on the network interface over this predefined link And traffic that is received on the network interface on either link is sent over a VLAN on the subscriber interface over this predefined link The mirrored traffic does not return to the SCE platf...

Page 364: ...BB console Note Additional traffic mirroring configuration and monitoring options are available from the SCA BB Console See Managing Traffic Mirroring Settings in the Cisco Service Control Application for Broadband User Guide Note Traffic mirroring is not compatible with regular VAS traffic forwarding Each server is located on a separate vlan to allow load sharing 274009 Network Subscribers Networ...

Page 365: ...the VLAN tag per VAS server See How to Configure the VLAN Tag Number for a Specified VAS Server page 12 21 Associating servers with server groups See How to Add and Remove Servers page 12 25 The health check is not relevant to traffic mirroring so there is no need to configure anything related to the VAS health check SCA BB console configuration the traffic mirroring rules meaning which portion of...

Page 366: ...rom link 1 which is the default to link 0 Step 3 SCE config if VAS traffic forwarding VAS server id 0 VLAN 640 SCE config if VAS traffic forwarding VAS server id 1 VLAN 641 SCE config if VAS traffic forwarding VAS server id 2 VLAN 642 SCE config if VAS traffic forwarding VAS server id 3 VLAN 643 Assign VAS servers 0 3 to VLAN 640 643 respectively Step 4 SCE config if VAS traffic forwarding VAS ser...

Page 367: ...ring MPLS VPN Support page 13 11 Managing MPLS VPN Support page 13 17 Service Control in the MPLS VPN Environment MPLS VPN networks are very complex and utilize many routing protocols and many different levels of addressing and control In addition the various VPNs may use overlapping IP addresses private IPs The SCE platform makes a distinction between identical IP addresses that come from differe...

Page 368: ...e service provider network The PE routers are the ones that connect to the customers and maintain the VPNs P Provider router A router in the core of the service provider network P routers only forward MPLS packets regardless of VPNs VPN Virtual Private Network In the Service Control context a VPN is the part of the VPN that resides in a specific site It is a managed entity over which private IP su...

Page 369: ...fic to identify the VPN Subscriber detection The SM and the SCE platform function together to identify the IP range within a VPN that is defined as a single subscriber Flow Detection Flow detection is the process of deciding which packets belong to the same flow This relates to the first two challenges listed Private IP addresses cause flows to look the same except for their MPLS labels The MPLS l...

Page 370: ... is sent to One VPN may spread over more than one PE router as long as all the sites of the VPN are connected to the subscriber side of the same SCE platform VPNs can be configured only via the SM The SCE platform CLI can be used to view VPN related information but not to configure the VPNs Subscriber Detection What is an MPLS VPN based Subscriber page 13 4 Private IP Subscriber Support page 13 5 ...

Page 371: ...age 13 5 BGP LEG Tasks in the MPLS VPN Solution page 13 6 SM Tasks in the MPLS VPN Solution page 13 6 How the Service Control MPLS VPN Solution Works A Summary The SM is configured with the VPNs and VPN based subscribers that should be managed A VPN is identified by the RD RT and the PE The BGP LEG updates the SM with the MPLS labels and IP routes The SM pushes the VPNs with their labels and the V...

Page 372: ... 6 Bypassing Unknown VPNs page 13 7 Additional MPLS Pattern Support page 13 7 VPN Identifier RD or RT page 13 8 Non VPN Based Subscribers The MPLS VPN solution supports the existence of non VPN based regular IP subscribers concurrently with the MPLS VPN based subscribers with the following limitations and requirements The SM must work in push mode Non VPN based subscribers cannot have IP in VPN ma...

Page 373: ...s are usually enabled per VRF in the PE The Service Control MPLS VPN solution does not support VPNs that use other MPLS related features Features such as MPLS TE or MPLS FRR Fast Reroute are not supported VPNs for which these features are enabled can be automatically bypassed in the system but are not allowed to be configured in the SM as serviced VPNs Configuration of these VPNs in the SM might c...

Page 374: ...that communicate to a central bank should be treated as a single subscriber consider using the RT as the VPN identifier It is important to note that this configuration is global Therefore if at some point in time any VPN would have to be defined by RD then all the other VPNs must be defined by RD as well This is a point to consider when designing the initial deployment Service Control MPLS VPN Req...

Page 375: ...CE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX LINK RX TX RX MM TX GBE 1 SUB LINE NET PWR B STATUS PWR A BYPASS 10 100 1000 LINK ACTIVE 10 100 1000 LINK ACTIVE GBE 2 SUB LINE CASCADE NET AUX CONSOLE MNG 2 MNG 1 P P PE MPLS Core Cascaded SCE BGP Agent SM Ethernet Ethernet 2 labels P MAC CE PE PE PE LINK RX Cisco SCE 2000 Series 4xGBE TX RX MM TX LINK RX TX RX MM TX LINK RX...

Page 376: ...r MPLS related features such as MPLS TE or MPLS FRR are enabled Subscriber related limitations The following subscriber related limitations exist in the current solution The SM must be configured to operate in Push mode VLAN based subscribers cannot be used Introduced subscriber aging is not supported when using VPN based subscribers Maximum number of VPN based mappings per single subscriber 200 s...

Page 377: ... combination of SM of a version before V3 1 5LA and an SCE with V3 1 5 and up only regular IP subscribers are supported VPN based subscribers are not supported at all in this combination Configuring MPLS VPN Support Configuring the MPLS Environment page 13 11 Configuring the SCE Platform for MPLS VPN Support page 13 12 Configuring the SM for MPLS VPN Support page 13 16 Configuring the MPLS Environ...

Page 378: ...can only be done via the SM CLU which means that the connection with the SM must be up Step 3 From the SCE config if prompt type MPLS VPN auto learn and press Enter Enables the MPLS auto learning mechanism Configuring the SCE Platform for MPLS VPN Support Defining the PE Routers page 13 12 Configuring the MAC Resolver page 13 14 Monitoring the MAC Resolver page 13 15 There are three main steps to ...

Page 379: ...the SCE config if prompt type MPLS VPN PE ID pe id interface ip address interface ip vlan vlan and press Enter Defines the PE router with with one interface IP address and optional VLAN tag May also be used to add an additional interface IP address to an existing PE router How to Remove PE Routers About Removing PE Routers page 13 13 How to Remove a Specified PE Router page 13 13 How to Remove All...

Page 380: ...ecific IP address The MAC resolver must be configured when the SCE platform operates in MPLS VPN mode to translate the IP addresses of the provider edge router interfaces to their respective MAC addresses The MPLS VPN mode needs the MAC resolver as opposed to the standard ARP protocol because ARP is used by the management interface while MPLS VPN uses the traffic interfaces of the SCE platform whi...

Page 381: ...ns The following options are available ip address The IP address entry to be added to or removed from the database vlan tag VLAN tag that identifies the VLAN that carries this IP address if applicable mac address MAC address assigned to the IP address in xxxx xxxx xxxx format How to Add a Static IP Address Step 1 From the SCE config if prompt type mac resolver arp ip_address vlan vlan_tag mac_addr...

Page 382: ...6 Step 2 Install and configure the BGP LEG Refer to the Cisco SCMS SM LEGs User Guide for more information How to Edit the SM Configuration File The SM configuration file p3sm cfg must be configured for the following To specify the field in the BGP messages that should be used by the SM for MPLS VPN identification To enable IP ranges How to Configure the SM for MPLS VPN Support page 13 16 How to C...

Page 383: ...from the BGP LEG should be changed to true only during troubleshooting default false log_all true How to Configure the SM to Allow IP Ranges To setup the SM to work with MPLS VPN you must enable IP ranges by setting the support_ip_ranges in the configuration file Step 1 Set the support_ip_ranges parameter in the Data Repository section of the p3sm cfg configuration file to yes as in the following ...

Page 384: ...nd the trap are sent for each 100 mappings that are added after the threshold has been exceeded Monitoring MPLS VPN Support via SCE Platform CLI The SCE platform CLI allows you to do the following Display VPN related mappings Monitor subscriber counters Monitor PE routers Monitor bypassed VPNs Displaying VPN related Mappings Use the following Viewer commands to display subscriber mappings These co...

Page 385: ... 0 Explicitly introduced VPN The following example illustrates the output of this command for a VLAN based VPN SCE show interface linecard 0 VPN name vpn3 VPN name Vpn3 VLAN 2 Number of subscriber mappings 0 Explicitly introduced VPN The following example illustrates the output of this command for an automatically created VLAN VPN SCE show interface linecard 0 VPN name 2 VPN name 2 VLAN 2 Number o...

Page 386: ... 1 4 149 32 vpn1 Subscriber Sub10 mapping 10 1 4 145 32 vpn1 Subscriber Sub11 mapping 10 1 4 146 32 vpn1 Total 2 subscribers found with 4 matching mappings How to Display the Number of Subscribers Mapped to an IP range on a Specified VPN Options page 13 20 Displaying the Number of Subscribers Mapped to range on a Specified VPN Example page 13 20 Options The following options are available ip range...

Page 387: ...PE 1 0 0 1 is mapped to VPN named Vpn1 The VPN is NOT mapped to a single subscriber 0 0 0 0 0 Vpn1 Displaying the Subscriber Mapped to a Specified VPN Example 2 SCE show interface lineCard 0 subscriber mapping MPLS VPN PE ID 1 0 0 1 BGP label 30 BGP MPLS label 30 on PE 1 0 0 1 is mapped to VPN named Vpn1 Subscriber Sub10 is mapped to 0 0 0 0 0 Vpn1 How to Display the Mappings of Upstream Labels th...

Page 388: ...ngs Maximum number of MPLS VPN mappings Note that these values reflect the total number of mappings not just the mappings used by MPLS VPN based subscribers Bypassed VPNs also consume MPLS VPN mappings Step 1 From the SCE prompt type show interface linecard 0 subscriber db counters and press Enter Monitoring Subscriber Counters Example SCE show interface linecard 0 subscriber db counters Current v...

Page 389: ...ax MPLS VPN mappings are divided as follows downstream VPN subscriber mappings 0 upstream VPN subscriber mappings 0 non vpn upstream mappings 0 downstream bypassed VPN mappings 0 upstream bypassed VPN mappings 0 Monitoring the PE Routers Use the following Viewer commands to monitor PE routers These commands provide the following information Configuration of all currently defined PE routers Configu...

Page 390: ...card 0 MPLS VPN Bypassed VPNs and press Enter Monitoring Non VPN Mappings How to Display Non VPN Mappings page 13 24 How to Remove all Learned non VPN Mappings page 13 24 How to Display Non VPN Mappings Step 1 From the SCE prompt type show interface linecard 0 MPLS VPN non VPN mappings and press Enter How to Remove all Learned non VPN Mappings Step 1 From the SCE prompt type clear interface lineca...

Page 391: ...specified using a comma RT the route target of the VPN specified using the ASN n notation or the IP n notation Note that the Route Distinguisher may be specified rather than the route target PE IP the loopback IP of the PE router connected to that VPN How to Add a New MPLS based VPN Step 1 From the shell prompt type the following command p3vpn add vpn VPN Name mpls vpn RT PE RT PE2 RT PE3 How to R...

Page 392: ...n VPN Name Listing All Subscribers for a Specified VPN Example p3vpn show vpn vpn1 Name vpn1 Domain subscribers Mappings MPLS VPN 1 1000 10 0 0 1 no BGP information MPLS VPN 1 1000 10 0 0 2 label 10 IP range 1 1 1 1 32 Command terminated successfully How to Manage VPN Mappings To Remove All Existing Mappings from a Specified VPN page 13 26 To Remove a Specified Mapping from a Specified VPN page 13...

Page 393: ... x x x y y y y z z z z a list of IP address ranges x x x x a y y y y b z z z z c VPN NAME name of the VPN to which the community attribute will be assigned additive mappings Use this option to add the new mapping s to any existing ones Without this option any existing mappings are overwritten Step 1 From the shell prompt type the following command p3subs add subscriber SUB NAME ip IP1 RANGE VPN NA...

Page 394: ...ute to assign to the VPN AS autonomous system Integer in the range 0 65535 assigned by the network administrator value the community attribute Integer in the range 0 65535 assigned by the network administrator VPN NAME name of the VPN to which the community attribute will be assigned Step 1 From the shell prompt type the following command p3subs add subscriber SUB NAME community AS value VPN NAME ...

Page 395: ...nd p3psubs remove mappings subscriber SUB NAME vpn VPN NAME To Remove a Specified Community based Mapping from a Specified Subscriber Step 1 From the shell prompt type the following command p3psubs remove mappings subscriber SUB NAME community AS value VPN NAME How to Monitor Subscriber MPLS VPN Mappings Use the p3subs utility to manage VPNs Step 1 From the shell prompt type the following command ...

Page 396: ...13 30 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL 7827 12 Chapter 13 MPLS VPN Support Managing MPLS VPN Support ...

Page 397: ...iber sessions together without requiring coordination and orchestration by additional components SCMP Terminology page 14 2 Deployment Scenarios page 14 3 SCMP Peer Devices page 14 7 SCMP Subscriber Management page 14 8 The SCMP is a Cisco proprietary protocol that uses the RADIUS protocol with CoA Change of Authorization support as a transport layer The SCMP provides connection management message...

Page 398: ...on the new Subscriber Accounting RDR and are sent according to the interval defined in the PQB configuration SCMP Terminology SCMP terminology is similar to but not identical to existing SCE platform terminology It is derived from the ISG terminology since every SCE subscriber is actually an ISG session subscriber The client who is purchasing service from the Service Provider and is receiving the ...

Page 399: ...oyment using one ISG router with a single SCE platform Figure 14 1 Single ISG Router with a Single SCE Platform Note the following The red dotted lines depict the control path communication A deployment of this type might be used with ISG running on a service gateway or BRAS terminating a large number of subscribers However note that deploying only one SCE platform results in a single point of fai...

Page 400: ...orm has been added to provide redundancy This redundancy scheme assumes that SCE platforms are connected in a cascade with one active SCE platform and one backup Please note the following When cascaded SCE platforms are connected to one or more ISG devices only the active SCE platform maintains a connection to the ISG devices You can configure the cascaded SCE platforms to receive session info fro...

Page 401: ...f advanced services requiring deep packet inspection are offered we recommend locating the SCE platforms centrally just before traffic requiring such services exits the SP network since not all traffic needs to be processed by SCE platforms Please note the following When cascaded SCE platforms are connected to one or more ISG devices only the active SCE platform maintains a connection to the ISG d...

Page 402: ...itch to which the SCE platforms are connected acts as a dispatching element distributing subscriber flows between SCE platforms and guaranteeing that all flows of a specific subscriber will pass through the same SCE platform This scenario assumes that one or sometimes more of the devices in the cluster is redundant Please note the following An ISG device cannot push sessions to two SCE platforms a...

Page 403: ...ous group when it detects traffic from the SCMP peer device that is not mapped to any subscriber SCMP assigns the SCMP peer manager Id to this generated anonymous subscriber If you have assigned a subscriber template to the group the anonymous subscribers generated have properties as defined by that template If you have not assigned a subscriber template the default template is used One SCE platfo...

Page 404: ...r Id SCMP dispatches queries according to the configuration of the anonymous subscriber groups GUID and Subscriber ID The SCMP requires the use of a globally unique identifier GUID that is created by and identifies each SCMP peer device The GUID is a 16 character long ASCII string The SCE platform uses the GUID for all communication with the SCMP peer SCMP creates the SCE subscriber ID from the co...

Page 405: ...provision each subscriber to only one SCE platform Define the SCMP keep alive interval Define the SCMP reconnect interval Define the loss of sync timeout Define the subscriber ID structure How to Enable the SCMP By default the SCMP is disabled Step 1 From the SCE config prompt type scmp and press Enter How to Disable the SCMP Step 1 From the SCE config prompt type no scmp and press Enter Configuri...

Page 406: ...different SCE platform the SCMP removes it from the previous SCE platform and provisions it to the new SCE platform This configuration is required in MGSCP topology where if a fail over between SCE platforms subscribers might move from one SCE platform to another If transferred subscribers are not cleared from the previous SCE platform it can cause capacity issues Use the no form of the command to...

Page 407: ... the amount of time between attempts by the SCE platform to reconnect with an SCMP peer The SCE platform attempts to reconnect to the SCMP peer device at the defined intervals by sending an establish peering request message Options The following options are available interval Interval between attempts by the SCE platform to reconnect with an SCMP peer in seconds Default 30 seconds Step 1 From the ...

Page 408: ... Associate the device with one or more unmapped anonymous groups How to Define an SCMP Peer Device Options The following options are available peer_device_name User assigned name of the SCMP peer device radius_hostname IP address or host name of the RADIUS host if a host name is used it must be valid at time of the configuration shared_secret RADIUS shared secret auth portnumber optional authoriza...

Page 409: ...MP peer device Step 1 From the SCE config if prompt type subscriber anonymous group name group name IP range range template template scmp name peer device name and press Enter How to Remove an Anonymous Group from the SCMP Peer Device This command defines the specified anonymous group to be the IP range of the SCMP peer device You must define the specified SCMP peer device before assigning the ano...

Page 410: ...p name peer device name Step 2 Repeat this step for all anonymous groups assigned to the SCMP peer device Step 3 When all anonymous groups have been removed from the device exit LineCard Interface Configuration mode SCE config if exit Step 4 Delete the device SCE config no scmp name peer_device_name Defining the Subscriber ID You can define the structure of the subscriber ID via this command by sp...

Page 411: ... Id User Name Default no elements concatenated with the GUID Step 1 Disable the SCMP SCE config no scmp Step 2 Define the subscriber ID SCE config scmp subscriber id append to guid radius attributes Calling Station Id NAS Port Id User Name Calling Station Id NAS Port Id User Name Calling Station Id NAS Port Id User Name Step 3 Enable the SCMP SCE config scmp Configuring the RADIUS Client You can c...

Page 412: ...S client Monitoring the SCMP Options page 14 16 How to display the general SCMP configuration page 14 17 How to display the configuration all currently defined SCMP peer devices page 14 17 How to display the configuration for a specified SCMP peer device page 14 17 How to display the statistics for all SCMP peer devices page 14 17 How to display the statistics for a specified SCMP peer device page...

Page 413: ... Subscriber Id structure GUID How to display the configuration all currently defined SCMP peer devices Step 1 From the SCE prompt type show scmp all and press Enter How to display the configuration for a specified SCMP peer device Step 1 From the SCE prompt type show scmp name device name and press Enter Example SCE show scmp name isg SCMP Connection isg status 10 56 208 91 auth port 1812 acct por...

Page 414: ...ges received 72 Establish requests sent 1 Establish replies received 1 Accounting requests sent 20 Accounting replies received 20 Subscriber queries sent 0 Subscriber query response recv 0 Request retry exceeded 0 Requests replied with errors 0 Subscriber requests received 50 Subscriber responses sent 50 Failed Requests 0 Keep alive sent 1 Keep alive received 1 Monitoring the RADIUS Client Use the...

Page 415: ...t utilization remains at a level that supports reliable and consistent service When the SCE platform reaches its performance envelopes it activates certain mechanisms that insure that no traffic will be dropped while in this state These mechanisms will prioritize packet handling over service related actions As a result symptoms of service loss might be experienced Following are several examples Br...

Page 416: ...er sizing of the solution when the CPU utilization exceeds 75 regularly at peak hours Flows Capacity SNMP tpFlowsCapacityUtilization available for each Traffic Processor TpInfoEntry in the PCubeSeMib mib CLI command show snmp MIB pcube SE MIB traffic processor include tpFlowsCapacityUtilization It is advisable to consider sizing of the solution when the flows capacity utilization exceeds 90 regula...

Page 417: ...n example could be a DDoS attack that the SCE platform could not detect and filter This is usually measured in seconds Permanent In cases where the SCE platform is installed in locations where the network traffic does not match its capacity and performance envelopes permanent service loss can occur This is measured in hours Service loss is defined as the ratio of the number of packets that did not...

Page 418: ...A 4 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL 7827 12 Appendix A Monitoring SCE Platform Utilization Service Loss ...

Page 419: ...and a proprietary Service Control Enterprise MIB This proprietary pcube MIB enables the external management system to perform configuration performance troubleshooting and alerting operations specific to the SCE platform and therefore not provided by the standard MIB Note Information and proprietary MIB files supported by the SCOS can be downloaded from http www cisco com public sw center netmgmt ...

Page 420: ...IB file specified below the line A shadowed box indicates that the component is described in its own MIB file Figure B 1 Cisco Service Control MIB Structure The pcubeProducts subtree The pcubeProducts subtree contains the OIDs of Cisco Service Control products These OIDs are used only to describe the Cisco Service Control platforms not as roots for other OIDs This subtree does not contain online d...

Page 421: ...ultiple MIB files The pcubeConfigCopyMib subtree The pcubeConfigCopy MIB is a subset of the Cisco Config Copy MIB ported to the pcube enterprise subtree It supports only local copying of running config to startup config The pcubeConfigCopyMIB is defined the MIB file PCUBE CONFIG COPY MIB my The config copy MIB is intended for use by all pcube products and is therefore placed under the pcubeMgmt su...

Page 422: ...s This table is updated when the application is installed and has read only access It is therefore managed by the agent the SCOS appPropertiesValueTable Contains information about the application properties that appear in the appPropertiesTable described above For each such property a value is available in one or more formats as appropriate String Integer 64 bit Integer This table is a read write ...

Page 423: ...perty taken from the subscriberPropertyTable The name of the subscriber for which this value should be polled the name of the subscriber should be known to the manager it is not available through SNMP Note that the values of the properties are read only for viewables and tuneables alike This table is also used by the pcubeEngageMIB The Engage MIB pcubeEngageMIB The application group of the pcubeSe...

Page 424: ...ule identity values may be assigned Modules PCUBE SE MIB pcubeSeMIB 1 3 6 1 4 1 5655 2 3 CISCO SCAS BB MIB pcubeEngageMIB 1 3 6 1 4 1 5655 2 4 See the SCA BB Proprietary MIB Reference chapter in the Cisco SCA BB Reference Guide for a description of the CISCO SCAS BB MIB pcubeSeMIB 1 3 6 1 4 1 5655 2 3 Main SNMP MIB for the Cisco SCE products such as SCE 2000 and SCE 1000 This MIB provides configur...

Page 425: ...13 Transmit Queues Group pcubeTxQueuesGroup 1 3 6 1 4 1 5655 2 3 1 1 11 page B 13 Global Controllers Group pcubeGlobalControllersGroup 1 3 6 1 4 1 5655 2 3 1 1 12 page B 14 Application Group pcubeApplicationGroup 1 3 6 1 4 1 5655 2 3 1 1 13 page B 14 Traffic Counters Group pcubeTrafficCountersGroup 1 3 6 1 4 1 5655 2 3 1 1 14 page B 14 Attack Group pcubeaAtackGroup 1 3 6 1 4 1 5655 2 3 1 1 15 page...

Page 426: ... sysFailureRecovery 1 3 6 1 4 1 5655 4 1 1 2 page B 31 3 sysVersion 1 3 6 1 4 1 5655 4 1 1 3 page B 32 Chassis Group pcubeChassisGroup 1 3 6 1 4 1 5655 2 3 1 1 2 The Chassis group defines and identifies the chassis as well as environmental alarms related to the chassis Objects 1 pchassisSysType 1 3 6 1 4 1 5655 4 1 2 1 page B 32 2 pchassisPowerSupplyAlarm 1 3 6 1 4 1 5655 4 1 2 2 page B 32 3 pchas...

Page 427: ... 12 page B 38 13 pmoduleDownStreamLastAttackFilteringTime 1 3 6 1 4 1 5655 4 1 3 1 1 13 page B 38 14 pmoduleAttackObjectsClearTime 1 3 6 1 4 1 5655 4 1 3 1 1 14 page B 39 15 pmoduleAdminStatus 1 3 6 1 4 1 5655 4 1 3 1 1 15 page B 39 16 pmoduleOperStatus 1 3 6 1 4 1 5655 4 1 3 1 1 16 page B 39 Link Group pcubeLinkGroup 1 3 6 1 4 1 5655 2 3 1 1 4 The Link group defines and identifies the link It pro...

Page 428: ... B 47 14 rdrFormatterClearCountersTime 1 3 6 1 4 1 5655 4 1 6 5 page B 47 15 rdrFormatterReportRate 1 3 6 1 4 1 5655 4 1 6 6 page B 47 16 rdrFormatterReportRatePeak 1 3 6 1 4 1 5655 4 1 6 7 page B 47 17 rdrFormatterReportRatePeakTime 1 3 6 1 4 1 5655 4 1 6 8 page B 48 18 rdrFormatterProtocol 1 3 6 1 4 1 5655 4 1 6 9 page B 48 19 rdrFormatterForwardingMode 1 3 6 1 4 1 5655 4 1 6 10 page B 48 20 rdr...

Page 429: ...age B 55 7 subscribersNumVlanMappings 1 3 6 1 4 1 5655 4 1 8 1 1 7 page B 55 8 subscribersNumVlanMappingsFree 1 3 6 1 4 1 5655 4 1 8 1 1 8 page B 56 9 subscribersNumActive 1 3 6 1 4 1 5655 4 1 8 1 1 9 page B 56 10 subscribersNumActivePeak 1 3 6 1 4 1 5655 4 1 8 1 1 10 page B 56 11 subscribersNumActivePeakTime 1 3 6 1 4 1 5655 4 1 8 1 1 11 page B 56 12 subscribersNumUpdates 1 3 6 1 4 1 5655 4 1 8 1...

Page 430: ... 9 1 1 14 page B 66 15 tpNumNonTcpUdpActiveFlowsPeak 1 3 6 1 4 1 5655 4 1 9 1 1 15 page B 67 16 tpNumNonTcpUdpActiveFlowsPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 16 page B 67 17 tpTotalNumBlockedPackets 1 3 6 1 4 1 5655 4 1 9 1 1 17 page B 67 18 tpTotalNumBlockedFlows 1 3 6 1 4 1 5655 4 1 9 1 1 18 page B 67 19 tpTotalNumDiscardedPacketsDueToBwLimit 1 3 6 1 4 1 5655 4 1 9 1 1 19 page B 68 20 tpTotalNumW...

Page 431: ...10 1 1 4 page B 75 5 pportIfIndex 1 3 6 1 4 1 5655 4 1 10 1 1 5 page B 75 6 pportAdminSpeed 1 3 6 1 4 1 5655 4 1 10 1 1 6 page B 75 7 pportAdminDuplex 1 3 6 1 4 1 5655 4 1 10 1 1 7 page B 75 8 pportOperDuplex 1 3 6 1 4 1 5655 4 1 10 1 1 8 page B 76 9 pportLinkIndex 1 3 6 1 4 1 5655 4 1 10 1 1 9 page B 76 10 pportOperStatus 1 3 6 1 4 1 5655 4 1 10 1 1 10 page B 76 Transmit Queues Group pcubeTxQueue...

Page 432: ...p pcubeApplicationGroup 1 3 6 1 4 1 5655 2 3 1 1 13 The Application group indicates which application is installed in the SCE platform and what the properties of the application and values of those properties are Objects 1 appName 1 3 6 1 4 1 5655 4 1 13 1 1 1 page B 83 2 appDescription 1 3 6 1 4 1 5655 4 1 13 1 1 2 page B 83 3 appVersion 1 3 6 1 4 1 5655 4 1 13 1 1 3 page B 83 4 apIndex 1 3 6 1 4...

Page 433: ...s 1 vasServerIndex 1 3 6 1 4 1 5655 4 1 16 1 1 1 page B 91 2 vasServerId 1 3 6 1 4 1 5655 4 1 16 1 1 2 page B 91 3 vasServerAdminStatus 1 3 6 1 4 1 5655 4 1 16 1 1 3 page B 92 4 vasServerOperStatus 1 3 6 1 4 1 5655 4 1 16 1 1 4 page B 92 MPLS VPN Group pcubeMplsVpnAutoLearnGroup 1 3 6 1 4 1 5655 2 3 1 1 17 The MPLS VPN Group provides data regarding MPLS VPN auto learning Objects 1 mplsVpnMaxHWMapp...

Page 434: ...beLoggerGroup 8 pcubeSubscribersGroup 9 pcubeTrafficProcessorGroup 10 pcubePortGrou p 11 pcubeTxQueuesGroup 12 pcubeGlobalControllersGroup 13 pcubeApplicationGroup 14 pcubeTrafficCountersGroup 15 pcubeAttackGroup 16 pcubeVasTrafficForwardingGrou p 17 pcubeMplsVpnAutoLearnGrou p 18 pcubeTrapObjectsGroup pcubeWorkgroup 1 3 6 1 4 1 5655 4 pcubeWorkgroup is the main subtree for objects and events of t...

Page 435: ...ogIsFullTrap 1 3 6 1 4 1 5655 4 0 18 sntpClockDriftWarnTrap 1 3 6 1 4 1 5655 4 0 19 linkModeBypassTrap 1 3 6 1 4 1 5655 4 0 20 linkModeForwardingTrap 1 3 6 1 4 1 5655 4 0 21 linkModeCutoffTrap 1 3 6 1 4 1 5655 4 0 22 moduleAttackFilterActivatedTrap 1 3 6 1 4 1 5655 4 0 25 moduleAttackFilterDeactivatedTrap 1 3 6 1 4 1 5655 4 0 26 moduleEmAgentGenericTrap 1 3 6 1 4 1 5655 4 0 27 linkModeSniffingTrap...

Page 436: ...ge B 20 linkModeBypassTrap 1 3 6 1 4 1 5655 4 0 20 page B 20 linkModeForwardingTrap 1 3 6 1 4 1 5655 4 0 21 page B 21 linkModeCutoffTrap 1 3 6 1 4 1 5655 4 0 22 page B 21 moduleAttackFilterActivatedTrap 1 3 6 1 4 1 5655 4 0 25 page B 21 moduleAttackFilterDeactivatedTrap 1 3 6 1 4 1 5655 4 0 26 page B 22 moduleEmAgentGenericTrap 1 3 6 1 4 1 5655 4 0 27 page B 22 linkModeSniffingTrap 1 3 6 1 4 1 565...

Page 437: ...questNumber 1 3 6 1 4 1 5655 4 0 46 page B 24 pullRequestRetryFailedTrap 1 3 6 1 4 1 5655 4 0 47 page B 24 mplsVpnTotalHWMappingsThresholdExceededTrap 1 3 6 1 4 1 5655 4 0 48 page B 24 operationalStatusOperationalTrap 1 3 6 1 4 1 5655 4 0 1 The system operational state of the SCE platform has changed to Operational 3 operationalStatusWarningTrap 1 3 6 1 4 1 5655 4 0 2 The system operational state ...

Page 438: ... has become the active connection rdrNoActiveConnectionTrap 1 3 6 1 4 1 5655 4 0 11 There is no active connection between the RDR formatter and any Collection Manager rdrConnectionUpTrap 1 3 6 1 4 1 5655 4 0 12 The rdrFormatterDestConnectionStatus object in this MIB has transitioned to Up 2 indicating that one of the RDR formatter connections was established rdrConnectionDownTrap 1 3 6 1 4 1 5655 ...

Page 439: ... is report Attack detected Attack from IP address 10 1 4 134 from subscriber side protocol UDP 10000 concurrent open flows detected 57 concurrent Ddos suspected flows detected Action is Report Target of the attack is detected at the network side IP address 10 1 4 135 being attacked from the subscriber side using ICMP number of ddos suspected flows 500 configured action is block Attack detected Att...

Page 440: ...r Forced to end block of flows from IP address 10 1 1 1 from subscriber side protocol TCP Attack end forced using a no force filter or a dont filter command Duration 6 seconds 1 flows blocked Attack filter Forced to end report to IP address 10 1 1 1 from network side protocol Other Attack end forced using a no force filter or a dont filter command Duration 13 seconds attack comprised of 1 flows mo...

Page 441: ...p 1 3 6 1 4 1 5655 4 0 37 The agent entity has detected that reports sent to this category are being discarded The rdrFormatterCategoryNumReportsDiscarded object in this MIB counts the number of discarded reports rdrFormatterCategoryStoppedDiscardingReportsTrap 1 3 6 1 4 1 5655 4 0 38 The agent entity has detected that reports sent to this category are no longer being discarded The rdrFormatterCat...

Page 442: ...ogFullTrap 1 3 6 1 4 1 5655 4 0 44 The agent entity has detected that the attack log is full and a new log file is opened vasServerOperationalStatusChangeTrap 1 3 6 1 4 1 5655 4 0 45 The agent entity has detected a change in the operational status of a VAS server pullRequestNumber 1 3 6 1 4 1 5655 4 0 46 The number of pull requests currently issued for the anonymous subscriber identified in the pu...

Page 443: ...1 page B 35 pmoduleType 1 3 6 1 4 1 5655 4 1 3 1 1 2 page B 36 pmoduleNumTrafficProcessors 1 3 6 1 4 1 5655 4 1 3 1 1 3 page B 36 pmoduleSlotNum 1 3 6 1 4 1 5655 4 1 3 1 1 4 page B 36 pmoduleHwVersion 1 3 6 1 4 1 5655 4 1 3 1 1 5 page B 36 pmoduleNumPorts 1 3 6 1 4 1 5655 4 1 3 1 1 6 page B 37 pmoduleNumLinks 1 3 6 1 4 1 5655 4 1 3 1 1 7 page B 37 pmoduleConnectionMode 1 3 6 1 4 1 5655 4 1 3 1 1 8...

Page 444: ...stReportRate 1 3 6 1 4 1 5655 4 1 6 2 1 8 page B 46 rdrFormatterDestReportRatePeak 1 3 6 1 4 1 5655 4 1 6 2 1 9 page B 46 rdrFormatterDestReportRatePeakTime 1 3 6 1 4 1 5655 4 1 6 2 1 10 page B 46 rdrFormatterNumReportsSent 1 3 6 1 4 1 5655 4 1 6 3 page B 46 rdrFormatterNumReportsDiscarded 1 3 6 1 4 1 5655 4 1 6 4 page B 47 rdrFormatterClearCountersTime 1 3 6 1 4 1 5655 4 1 6 5 page B 47 rdrFormat...

Page 445: ...pRangeMappings 1 3 6 1 4 1 5655 4 1 8 1 1 5 page B 55 subscribersNumIpRangeMappingsFree 1 3 6 1 4 1 5655 4 1 8 1 1 6 page B 55 subscribersNumVlanMappings 1 3 6 1 4 1 5655 4 1 8 1 1 7 page B 55 subscribersNumVlanMappingsFree 1 3 6 1 4 1 5655 4 1 8 1 1 8 page B 56 subscribersNumActive 1 3 6 1 4 1 5655 4 1 8 1 1 9 page B 56 subscribersNumActivePeak 1 3 6 1 4 1 5655 4 1 8 1 1 10 page B 56 subscribersN...

Page 446: ...5655 4 1 9 1 1 11 page B 66 tpNumUdpActiveFlowsPeak 1 3 6 1 4 1 5655 4 1 9 1 1 12 page B 66 tpNumUdpActiveFlowsPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 13 page B 66 tpNumNonTcpUdpActiveFlows 1 3 6 1 4 1 5655 4 1 9 1 1 14 page B 66 tpNumNonTcpUdpActiveFlowsPeak 1 3 6 1 4 1 5655 4 1 9 1 1 15 page B 67 tpNumNonTcpUdpActiveFlowsPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 16 page B 67 tpTotalNumBlockedPackets 1 3 6...

Page 447: ...IfIndex 1 3 6 1 4 1 5655 4 1 10 1 1 5 page B 75 pportAdminSpeed 1 3 6 1 4 1 5655 4 1 10 1 1 6 page B 75 pportAdminDuplex 1 3 6 1 4 1 5655 4 1 10 1 1 7 page B 75 pportOperDuplex 1 3 6 1 4 1 5655 4 1 10 1 1 8 page B 76 pportLinkIndex 1 3 6 1 4 1 5655 4 1 10 1 1 9 page B 76 pportOperStatus 1 3 6 1 4 1 5655 4 1 10 1 1 10 page B 76 txQueuesTable 1 3 6 1 4 1 5655 4 1 11 1 page B 76 txQueuesEntry 1 3 6 1...

Page 448: ...655 4 1 13 2 1 1 page B 84 apName 1 3 6 1 4 1 5655 4 1 13 2 1 2 page B 84 apType 1 3 6 1 4 1 5655 4 1 13 2 1 3 page B 85 appPropertiesValuesTable 1 3 6 1 4 1 5655 4 1 13 3 page B 85 appPropertiesValueEntry 1 3 6 1 4 1 5655 4 1 13 3 1 page B 85 apvIndex 1 3 6 1 4 1 5655 4 1 13 3 1 1 page B 86 apvPropertyName 1 3 6 1 4 1 5655 4 1 13 3 1 2 page B 86 apvRowStatus 1 3 6 1 4 1 5655 4 1 13 3 1 3 page B 8...

Page 449: ...1 3 6 1 4 1 5655 4 1 17 1 page B 92 mplsVpnSoftwareCountersEntry 1 3 6 1 4 1 5655 4 1 17 1 1 page B 92 mplsVpnMaxHWMappings 1 3 6 1 4 1 5655 4 1 17 1 1 1 page B 93 mplsVpnCurrentHWMappings 1 3 6 1 4 1 5655 4 1 17 1 1 2 page B 93 sysOperationalStatus 1 3 6 1 4 1 5655 4 1 1 1 Indicates the operational status of the system Syntax INTEGER 1 other none of the following2 boot the system is in boot proce...

Page 450: ...1 3 6 1 4 1 5655 4 1 2 2 Indicates whether the power supply to the chassis is normal If the alarm is on it means that one or more of the power supplies is not functional Syntax INTEGER 1 other none of the following2 off the power supply to the chassis is normal3 on the power supply to the chassis is not normal and probably one or more of the power supplies is not functional pchassisFansAlarm 1 3 6...

Page 451: ...VoltageAlarm 1 3 6 1 4 1 5655 4 1 2 5 Indicates the chassis internal voltage alarm status If the alarm is on it indicates that the voltage level of one or more unit in the chassis is not in the normal range Syntax INTEGER 1 other none of the following2 off voltage level is within normal range3 on voltage level is out of the acceptable bounds pchassisNumSlots 1 3 6 1 4 1 5655 4 1 2 6 Indicates the ...

Page 452: ...inserted f x exp 2 x 1 Syntax INTEGER 0 65535 pchassisPsuType 1 3 6 1 4 1 5655 4 1 2 8 Indicates the type of the power supplies Syntax INTEGER 1 other none of the following2 AC AC power supply3 DC DC power supply pchassisLineFeedAlarm 1 3 6 1 4 1 5655 4 1 2 9 Indicates whether the line feed to the chassis is connected and whether it is supplying power to the power supply unit Syntax INTEGER 1 othe...

Page 453: ...l characteristics of one module in the chassis Index pmoduleIndex Syntax SEQUENCE pmoduleIndex pmoduleType pmoduleNumTrafficProcessors pmoduleSlotNum pmoduleHwVersion pmoduleNumPorts pmoduleNumLinks pmoduleConnectionMode pmoduleSerialNumber pmoduleUpStreamAttackFilteringTime pmoduleUpStreamLastAttackFilteringTime pmoduleDownStreamAttackFilteringTime pmoduleDownStreamLastAttackFilteringTime pmodule...

Page 454: ...4Module 4 port Fast Ethernet line interface 2 Fast Ethernet 10 100 management interfaces6 oc12 4Module 4 port OC12 line interface 2 Fast Ethernet 10 100 management interfaces7 fe8Module 8 port Fast Ethernet line interface 2 Fast Ethernet 10 100 management interfaces pmoduleNumTrafficProcessors 1 3 6 1 4 1 5655 4 1 3 1 1 3 The number of traffic processors supported by the module Syntax INTEGER 0 25...

Page 455: ...3 6 1 4 1 5655 4 1 3 1 1 8 Indicates the connection mode of the module Syntax INTEGER 1 other none of the following2 inline SCE is both receiving and transmitting traffic on the line ports 3 receive only SCE can only receive packets from the line ports This mode is suitable for external splitting topology 4 inline cascade SCE is both receiving and transmitting traffic on the line ports and the cas...

Page 456: ...ngTime 1 3 6 1 4 1 5655 4 1 3 1 1 11 The time in hundredths of a second since the previous attack filtered in the up stream traffic Syntax TimeTicks pmoduleDownStreamAttackFilteringTime 1 3 6 1 4 1 5655 4 1 3 1 1 12 The accumulated time in hundredths of a second during which attack down stream traffic was filtered Syntax TimeTicks pmoduleDownStreamLastAttackFilteringTime 1 3 6 1 4 1 5655 4 1 3 1 1...

Page 457: ...r none of the following2 primary Handle traffic on startup 3 secondary Fail over module on startup pmoduleOperStatus 1 3 6 1 4 1 5655 4 1 3 1 1 16 Indicates whether the module is currently handling active or is on standby Syntax INTEGER 1 other none of the following2 active Currently is handling traffic 3 standby Currently is the fail over module linkTable 1 3 6 1 4 1 5655 4 1 4 1 A list of link e...

Page 458: ... linkAdminModeOnFailure linkOperMode linkStatusReflectionEnable linkSubscriberSidePortIndex linkNetworkSidePortIndex linkModuleIndex 1 3 6 1 4 1 5655 4 1 4 1 1 1 An index value pmoduleInde x that uniquely identifies the module where this link is located Syntax INTEGER 1 255 linkIndex 1 3 6 1 4 1 5655 4 1 4 1 1 2 An index value that uniquely identifies the link within the specified module Valid ent...

Page 459: ...1 4 The desired mode of the link when the system status is failure Possible values LinkModeType Bypass the traffic is forwarded from one port to the other using an internal splitter Cutoff all traffic is dropped by the SCE Syntax LinkModeType linkOperMode 1 3 6 1 4 1 5655 4 1 4 1 1 5 The current operational mode of the link Possible values LinkModeType Bypass the traffic is forwarded from one port...

Page 460: ...EGER 1 enabled 2 disabled linkSubscriberSidePortIndex 1 3 6 1 4 1 5655 4 1 4 1 1 7 An index value that uniquely identifies this link with the related port that is connected to the subscriber side Syntax INTEGER 0 255 linkNetworkSidePortIndex 1 3 6 1 4 1 5655 4 1 4 1 1 8 An index value that uniquely identifies this link with the related port that is connected to the network side Syntax INTEGER 0 25...

Page 461: ...e reports it gets from the traffic processors to the Collection Manager as defined in the rdrFormatterDestTable Syntax INTEGER 1 enabled 2 disabled rdrFormatterDestTable 1 3 6 1 4 1 5655 4 1 6 2 This table lists the addresses of Collection Managers If the RDR formatter is enabled the destination with the highest priority to which a TCP connection can be established is designated as the active conn...

Page 462: ...portsDiscarded rdrFormatterDestReportRate rdrFormatterDestReportRatePeak rdrFormatterDestReportRatePeakTime rdrFormatterDestIPAddr 1 3 6 1 4 1 5655 4 1 6 2 1 1 The IP address of a Collection Manager Syntax IP Address rdrFormatterDestPort 1 3 6 1 4 1 5655 4 1 6 2 1 2 The TCP port on which the Collection Manager listens and the to which the RDR Formatter should connect Syntax INTEGER 1 65535 rdrForm...

Page 463: ...estination is where the reports are sent3 standby this destination is a backup rdrFormatterDestConnectionStatus 1 3 6 1 4 1 5655 4 1 6 2 1 5 The status of TCP connection to this destination Syntax INTEGER 1 other none of the following2 up the TCP connection to this destination is up3 down the TCP connection to this destination is down rdrFormatterDestNumReportsSent 1 3 6 1 4 1 5655 4 1 6 2 1 6 The...

Page 464: ...294967295 rdrFormatterDestReportRatePeak 1 3 6 1 4 1 5655 4 1 6 2 1 9 The maximum rate of sending reports to this destination Syntax Unsigned32 0 4294967295 rdrFormatterDestReportRatePeakTime 1 3 6 1 4 1 5655 4 1 6 2 1 10 The time in hundredths of a second since the rdrFormatterDestReportRatePeak value occurred Syntax TimeTicks rdrFormatterNumReportsSent 1 3 6 1 4 1 5655 4 1 6 3 The number of repo...

Page 465: ...5655 4 1 6 5 The time in hundredths of a second since the RDR formatter counters were last cleared Writing a 0 to this object causes the RDR formatter counters to be cleared Syntax TimeTicks rdrFormatterReportRate 1 3 6 1 4 1 5655 4 1 6 6 The current rate in reports per second of sending reports to all destinations Syntax Unsigned32 0 4294967295 rdrFormatterReportRatePeak 1 3 6 1 4 1 5655 4 1 6 7 ...

Page 466: ...1 3 6 1 4 1 5655 4 1 6 10 The manner in which the RDR formatter sends the reports to the destinations Syntax INTEGER 1 other none of the following2 redundancy all RDRs are sent to the primary active destination and all other destinations are in standby3 simpleLoadBalancing each successive RDR is sent to a different destination one destination after the other in a round robin manner4 multicast all ...

Page 467: ...FormatterCategoryNumReportsDiscarded rdrFormatterCategoryReportRate rdrFormatterCategoryReportRatePeak rdrFormatterCategoryReportRatePeakTime rdrFormatterCategoryNumReportsQueued rdrFormatterCategoryIndex 1 3 6 1 4 1 5655 4 1 6 11 1 1 The RDR formatter category number Syntax INTEGER 1 4 rdrFormatterCategoryName 1 3 6 1 4 1 5655 4 1 6 11 1 2 The name of the category Syntax DisplayString rdrFormatte...

Page 468: ...tterCategoryReportRate 1 3 6 1 4 1 5655 4 1 6 11 1 5 The rate of the reports in reports per second currently sent to this category Syntax Unsigned32 0 4294967295 rdrFormatterCategoryReportRatePeak 1 3 6 1 4 1 5655 4 1 6 11 1 6 The maximum report rate sent to this category Syntax Unsigned32 0 4294967295 rdrFormatterCategoryReportRatePeakTime 1 3 6 1 4 1 5655 4 1 6 11 1 7 The time in hundredths of a...

Page 469: ...status of each destination in each category Syntax Sequence of rdrFormatterCategoryDestEntry rdrFormatterCategoryDestEntry 1 3 6 1 4 1 5655 4 1 6 12 1 A destination table entry Index rdrFormatterCategoryIndex rdrFormatterDestIPAddr rdrFormatterDestPort Syntax SEQUENCE rdrFormatterCategoryDestPriority rdrFormatterCategoryDestStatus rdrFormatterCategoryDestPriority 1 3 6 1 4 1 5655 4 1 6 12 1 1 The ...

Page 470: ...1 other none of the following2 active this is the destination to which reports are currently being sent3 standby this destination is a backup loggerUserLogEnable 1 3 6 1 4 1 5655 4 1 7 1 Indicates whether the logging of user information is enabled or disabled Syntax INTEGER 1 enabled 2 disabled loggerUserLogNumInfo 1 3 6 1 4 1 5655 4 1 7 2 The number of Info messages logged into the user log file ...

Page 471: ...655 4 1 7 5 The number of Fatal messages logged into the user log file since last reboot or last time the counter was cleared Syntax Unsigned32 0 4294967295 loggerUserLogClearCountersTime 1 3 6 1 4 1 5655 4 1 7 6 The time in hundredths of a second since user log counters were last cleared Writing a 0 to this object causes the user log counters to be cleared Syntax TimeTicks subscribersInfoTable 1 ...

Page 472: ...riberssubscribersNumTpIpRangeMappings subscribersNumTpIpRangeMappingsFreeCountersClearTime subscribersNumAnonymous subscribersNumWithSessions subscribersNumIntroduced 1 3 6 1 4 1 5655 4 1 8 1 1 1 The current number of subscribers introduced to the SCE These subscribers may or may not have IP address or VLAN mappings Subscribers who do not have mappings of any kind cannot be associated with traffic...

Page 473: ...0 4294967295 subscribersNumIpRangeMappings 1 3 6 1 4 1 5655 4 1 8 1 1 5 The current number of IP range to subscriber mappings Syntax Unsigned32 0 4294967295 subscribersNumIpRangeMappingsFree 1 3 6 1 4 1 5655 4 1 8 1 1 6 The number of free IP range to subscriber mappings that are available for defining new mappings Syntax Unsigned32 0 4294967295 subscribersNumVlanMappings 1 3 6 1 4 1 5655 4 1 8 1 1...

Page 474: ... number of active subscribers These subscribers necessarily have IP address or VLAN mappings that define the traffic to be served according to the subscriber service agreement Syntax Unsigned32 0 4294967295 subscribersNumActivePeak 1 3 6 1 4 1 5655 4 1 8 1 1 10 The peak value of subscribersNumActive since the last time it was cleared or the system started Syntax Unsigned32 0 4294967295 subscribers...

Page 475: ...1 13 The time in hundredths of a second since the subscribers counters were cleared Writing a 0 to this object causes the counters to be cleared Syntax TimeTicks subscribersNumTpIpRangeMappings 1 3 6 1 4 1 5655 4 1 8 1 1 14 The current number of IP range to Traffic Processor mappings Syntax Unsigned32 0 4294967295 subscribersNumTpIpRangeMappingsFree 1 3 6 1 4 1 5655 4 1 8 1 1 15 The current number...

Page 476: ...er of subscribers with open sessions Syntax Unsigned32 0 4294967295 subscribersPropertiesTable 1 3 6 1 4 1 5655 4 1 8 2 List of all subscriber properties This table is updated each time an application is loaded on the SCE platform Syntax Sequence of subscribersPropertiesEntry subscribersPropertiesEntry 1 3 6 1 4 1 5655 4 1 8 2 1 Entry describing subscriber properties of the application relevant fo...

Page 477: ...index value that uniquely identifies the subscriber property Syntax INTEGER 1 255 spName 1 3 6 1 4 1 5655 4 1 8 2 1 2 Name of the subscriber property Syntax DisplayString spType 1 3 6 1 4 1 5655 4 1 8 2 1 3 Property type in respect to variable type integer boolean string etc number of elements scalar or array and restrictions if any Syntax DisplayString Access RO Access RO Access RO ...

Page 478: ...ribersPropertiesTable To remove an entry set the spvRowStatus object with Destroy 6 To poll the subscriber property either of these objects should be polled spvPropertyStringValue spvPropertyUnitValue The table is cleared when the application is unloaded Syntax Sequence of subscribersPropertiesValueEntry subscriberPropertiesValueEntry 1 3 6 1 4 1 5655 4 1 8 3 1 Entry providing information on the v...

Page 479: ...y identifies the subscriber property Array type properties may be accessed one element at a time in C like format For example x 1 or y 1 2 Syntax DisplayString Size 1 128 spvRowStatus 1 3 6 1 4 1 5655 4 1 8 3 1 4 Controls creation of a table entry Only setting CreateAndGo 4 and Destroy 6 will change the status of the entry Syntax RowStatus spvPropertyStringValue 1 3 6 1 4 1 5655 4 1 8 3 1 5 The va...

Page 480: ...object returns zero Syntax Unsigned32 0 4294967295 spvPropertyCounter64Value 1 3 6 1 4 1 5655 4 1 8 3 1 7 The value of the subscriber property in Counter64 format If the property cannot be cast to Counter64 format getting this object returns zero Syntax Counter64 tpInfoTable 1 3 6 1 4 1 5655 4 1 9 1 The Traffic Processor Info table consists of data regarding traffic handled by the traffic processo...

Page 481: ...ackets tpTotalNumIpCrcErrPackets tpTotalNumIpLengthErrPackets tpTotalNumIpBroadcastPackets tpTotalNumTtlErrPackets tpTotalNumTcpUdpCrcErrPackets tpClearCountersTime tpHandledPacketsRate tpHandledPacketsRatePeak tpHandledPacketsRatePeakTime tpHandledFlowsRate tpHandledFlowsRatePeak tpHandledFlowsRatePeakTime tpCpuUtilization tpCpuUtilizationPeak tpCpuUtilizationPeakTime tpFlowsCapacityUtilization t...

Page 482: ...alNumHandledFlows 1 3 6 1 4 1 5655 4 1 9 1 1 4 The accumulated number of flows handled by this traffic processor since last reboot or last time this counter was cleared Syntax Unsigned32 0 4294967295 tpNumActiveFlows 1 3 6 1 4 1 5655 4 1 9 1 1 5 The number of flows currently being handled by this traffic processor Syntax Unsigned32 0 4294967295 tpNumActiveFlowsPeak 1 3 6 1 4 1 5655 4 1 9 1 1 6 The...

Page 483: ...ws 1 3 6 1 4 1 5655 4 1 9 1 1 8 The number of TCP flows currently being handled by this traffic processor Syntax Unsigned32 0 4294967295 TpNumTcpActiveFlowsPeak 1 3 6 1 4 1 5655 4 1 9 1 1 9 The peak value of tpNumTcpActiveFlows since the last time it was cleared or the system started Syntax Unsigned32 0 4294967295 tpNumTcpActiveFlowsPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 10 The time in hundredths of ...

Page 484: ... 1 3 6 1 4 1 5655 4 1 9 1 1 12 The peak value of tpNumUdpActiveFlows since the last time it was cleared or the system started Syntax Unsigned32 0 4294967295 tpNumUdpActiveFlowsPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 13 The time in hundredths of a second since the tpNumUdpActiveFlowsPeak value occurred Syntax TimeTicks tpNumNonTcpUdpActiveFlows 1 3 6 1 4 1 5655 4 1 9 1 1 14 The number of non TCP UDP fl...

Page 485: ...Time 1 3 6 1 4 1 5655 4 1 9 1 1 16 The time in hundredths of a second since the tpNumNonTcpUdpActiveFlowsPeak value occurred Syntax TimeTicks tpTotalNumBlockedPackets 1 3 6 1 4 1 5655 4 1 9 1 1 17 The accumulated number of packets discarded by the traffic processor according to application blocking rules Syntax Unsigned32 0 4294967295 tpTotalNumBlockedFlows 1 3 6 1 4 1 5655 4 1 9 1 1 18 The accumu...

Page 486: ...ion in the queues The value in this counter is absolute only when accelerate packet drops mode is disabled When accelerate packet drops mode is enabled it provides only a relative value indicating the trend of the number of packet drops with a factor of approximately 1 6 See Counting Dropped Packets page 6 27 Syntax Unsigned32 0 4294967295 tpTotalNumFragments 1 3 6 1 4 1 5655 4 1 9 1 1 21 The accu...

Page 487: ...ErrPackets 1 3 6 1 4 1 5655 4 1 9 1 1 24 The accumulated number of packets with IP length error handled by the traffic processor Syntax Unsigned32 0 4294967295 tpTotalNumIpBroadcastPackets 1 3 6 1 4 1 5655 4 1 9 1 1 25 The accumulated number of IP broadcast packets handled by the traffic processor Syntax Unsigned32 0 4294967295 tpTotalNumTtlErrPackets 1 3 6 1 4 1 5655 4 1 9 1 1 26 The accumulated ...

Page 488: ...The time in hundredths of a second since the traffic processor statistics counters were last cleared Writing a 0 to this object causes the RDR formatter counters to be cleared Syntax TimeTicks tpHandledPacketsRate 1 3 6 1 4 1 5655 4 1 9 1 1 29 The rate in packets per second of the packets handled by this traffic processor Syntax Unsigned32 0 4294967295 tpHandledPacketsRatePeak 1 3 6 1 4 1 5655 4 1...

Page 489: ...ate 1 3 6 1 4 1 5655 4 1 9 1 1 32 The rate in flows start per second of the flows handled by this traffic processor Syntax Unsigned32 0 4294967295 tpHandledFlowsRatePeak 1 3 6 1 4 1 5655 4 1 9 1 1 33 The peak value of tpHandledFlowsRate since the last time it was cleared or the system started Syntax Unsigned32 0 4294967295 tpHandledFlowsRatePeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 34 The time in hundre...

Page 490: ...ationPeak 1 3 6 1 4 1 5655 4 1 9 1 1 36 The peak value of tpCpuUtilization since the last time it was cleared or the system started Syntax INTEGER 1 100 tpCpuUtilizationPeakTime 1 3 6 1 4 1 5655 4 1 9 1 1 37 The time in hundredths of a second since the pCpuUtilizationPeak value occurred Syntax TimeTicks tpFlowsCapacityUtilization 1 3 6 1 4 1 5655 4 1 9 1 1 38 The percentage of flows capacity utili...

Page 491: ...0 The time in hundredths of a second since the tpFlowsCapacityUtilizationPeak value occurred Syntax TimeTicks tpServiceLoss 1 3 6 1 4 1 5655 4 1 9 1 1 41 The relative amount of service loss in this traffic processor in units of 0 001 per second in the last minute or since the last time this counter was cleared Syntax INTEGER 1 100000 pportTable 1 3 6 1 4 1 5655 4 1 10 1 A list of port entries The ...

Page 492: ...1 10 1 1 1 An index value pmoduleIndex that uniquely identifies the module where the port is located Syntax INTEGER 1 255 pportIndex 1 3 6 1 4 1 5655 4 1 10 1 1 2 An index value that uniquely identifies the port within the specified module The value is determined by the location of the port on the module Valid entries are 1 to the value of pmoduleNumPorts for this module Syntax INTEGER 1 255 pport...

Page 493: ...lue of the instance of the ifIndex object defined in MIB II for this port Syntax INTEGER 1 255 pportAdminSpeed 1 3 6 1 4 1 5655 4 1 10 1 1 6 The desired speed of the port The current operational speed of the port can be determined from ifSpeed Syntax INTEGER 1 autoNegotiation 10000000 s10000000 10 Mbps100000000 s100000000 100 Mbps1000000000 s1000000000 1 Gbps pportAdminDuplex 1 3 6 1 4 1 5655 4 1 ...

Page 494: ...indicates that this port is associated with multiple links Syntax INTEGER 1 255 pportOperStatus 1 3 6 1 4 1 5655 4 1 10 1 1 10 The status of the port If the port is down the reason is indicated Syntax INTEGER 1 other none of the following2 up the port is up3 reflectionForcingDown the port is currently forced down due to the link reflection mechanism4 redundancyForcingDown the port is currently for...

Page 495: ...ionPeakTime txQueuesClearCountersTime txQueuesModuleIndex 1 3 6 1 4 1 5655 4 1 11 1 1 1 An index value pmoduleIndex that uniquely identifies the module where the queue is located Syntax INTEGER 1 255 txQueuesPortIndex 1 3 6 1 4 1 5655 4 1 11 1 1 2 An index value that uniquely identifies the port on which the queue is located Syntax INTEGER 1 255 txQueuesQueueIndex 1 3 6 1 4 1 5655 4 1 11 1 1 3 An ...

Page 496: ...th 1 3 6 1 4 1 5655 4 1 11 1 1 5 The bandwidth in kbps configured for this queue Syntax INTEGER 1 1000000 txQueuesUtilization 1 3 6 1 4 1 5655 4 1 11 1 1 6 The percentage of bandwidth utilization relative to the to the configured rate Syntax INTEGER 0 100 txQueuesUtilizationPeak 1 3 6 1 4 1 5655 4 1 11 1 1 7 The peak value of txQueuesUtilization since the last time it was cleared or the system sta...

Page 497: ...1 9 The time in hundredths of a second since the transmit queues statistics counters were last cleared Writing a 0 to this object causes the transmit queues counters to be cleared Syntax TimeTicks txQueuesDroppedBytes 1 3 6 1 4 1 5655 4 1 11 1 1 10 Number of dropped bytes Valid only if the system is configured to count dropped bytes per TX queue Syntax Counter64 globalControllersTable 1 3 6 1 4 1 ...

Page 498: ...Utilization globalControllersUtilizationPeak globalControllersUtilizationPeakTime globalControllersClearCountersTime globalControllersDroppedBytes globalControllersModuleIndex 1 3 6 1 4 1 5655 4 1 12 1 1 1 An index value pmoduleIndex that uniquely identifies the module where the Global Controller is located Syntax INTEGER 1 255 globalControllersPortIndex 1 3 6 1 4 1 5655 4 1 12 1 1 2 An index valu...

Page 499: ...5655 4 1 12 1 1 5 The bandwidth in kbps configured for this Global Controller Syntax INTEGER 1 1000000 globalControllersUtilization 1 3 6 1 4 1 5655 4 1 12 1 1 6 The percentage of bandwidth utilization relative to the configured rate globalControllersBandwidth Syntax INTEGER 0 100 globalControllersUtilizationPeak 1 3 6 1 4 1 5655 4 1 12 1 1 7 The peak value of bwLimitersUtilization since the last ...

Page 500: ... time in hundredths of a second since the Global Controller statistics counters were last cleared Writing a 0 to this object causes the Global Controller counters to be cleared Syntax TimeTicks globalControllersDroppedBytes 1 3 6 1 4 1 5655 4 1 12 1 1 10 Number of dropped bytes Valid only if the system is configured to count dropped bytes per global controller Syntax Counter64 appInfoTable 1 3 6 1...

Page 501: ...ption appVersion appName 1 3 6 1 4 1 5655 4 1 13 1 1 1 Name of the application currently installed in the SCE platform This object returns an empty string if no application is currently installed Syntax DisplayString appDescription 1 3 6 1 4 1 5655 4 1 13 1 1 2 Description of the application currently installed in the SCE platform Syntax DisplayString appVersion 1 3 6 1 4 1 5655 4 1 13 1 1 3 Versi...

Page 502: ... is unloaded Syntax Sequence of appPropertiesEntry appPropertiesEntry 1 3 6 1 4 1 5655 4 1 13 2 1 Entry describing one of the properties available for the application Index moduleIndex apIndex Syntax SEQUENCE apIndex apName apType apIndex 1 3 6 1 4 1 5655 4 1 13 2 1 1 An index value that uniquely identifies the property Syntax INTEGER 1 255 apName 1 3 6 1 4 1 5655 4 1 13 2 1 2 Name of the property...

Page 503: ...4 before setting the name of the property requested The property requested must be one of the properties from the appPropertiesTable To remove an entry set the apvRowStatus object with Destroy 6 To poll the application property any of these objects should be polled apvPropertyValue apvPropertyUnitValue apvPropertyCounter64 object The table is cleared when the application is unloaded Syntax Sequenc...

Page 504: ...4 1 5655 4 1 13 3 1 2 A name that uniquely identifies the application property Array type properties may be accessed one element at a time in C like format For example x 1 or y 1 2 Syntax DisplayString apvRowStatus 1 3 6 1 4 1 5655 4 1 13 3 1 3 Controls creation of a table entry Syntax RowStatus apvPropertyStringValue 1 3 6 1 4 1 5655 4 1 13 3 1 4 The value of the application property in display s...

Page 505: ...5 4 1 13 3 1 6 The value of the application property in Counter64 format If the property cannot be cast to Counter64 format getting this object returns zero Syntax Counter64 trafficCountersTable 1 3 6 1 4 1 5655 4 1 14 1 A list of information for each traffic counter Syntax Sequence of trafficCountersEntry trafficCountersEntry 1 3 6 1 4 1 5655 4 1 14 1 1 Entry containing information for a specifie...

Page 506: ...INTEGER 1 255 trafficCounterValue 1 3 6 1 4 1 5655 4 1 14 1 1 2 The 64 bit counter value Syntax Counter64 trafficCounterName 1 3 6 1 4 1 5655 4 1 14 1 1 3 The name of the counter Syntax DisplayString trafficCounterType 1 3 6 1 4 1 5655 4 1 14 1 1 4 Defines whether the traffic counters counts by packets 3 or by bytes 2 Syntax INTEGER 1 other none of the following2 bytes counts by bytes3 packets cou...

Page 507: ... containing information for a specified attack type Index pmoduleIndex attackTypeIndex Syntax SEQUENCE attackTypeIndex attackTypeName attackTypeCurrentNumAttacks attackTypeTotalNumAttacks attackTypeTotalNumFlows attackTypeTotalNumSeconds attackTypeIndex 1 3 6 1 4 1 5655 4 1 15 1 1 1 An index value that uniquely identifies the attack type Syntax INTEGER 1 255 attackTypeName 1 3 6 1 4 1 5655 4 1 15 ...

Page 508: ...eTotalNumAttacks 1 3 6 1 4 1 5655 4 1 15 1 1 4 The total number of attacks of this type detected since last clear Syntax Unsigned32 0 4294967295 attackTypeTotalNumFlows 1 3 6 1 4 1 5655 4 1 15 1 1 5 The total number of flows in attacks of this type detected since last clear Syntax Counter64 attackTypeTotalNumSeconds 1 3 6 1 4 1 5655 4 1 15 1 1 6 The total duration in seconds of attacks of this typ...

Page 509: ...4 1 5655 4 1 16 1 1 Entry containing information for a specified VAS server Index vasServerIndex Syntax SEQUENCE vasServerIndex vasServerId vasServerAdminStatus vasServerOperStatus vasServerIndex 1 3 6 1 4 1 5655 4 1 16 1 1 1 An index value that uniquely identifies the VAS server Syntax Unsigned32 0 4294967295 vasServerId 1 3 6 1 4 1 5655 4 1 16 1 1 2 The VAS server ID number in the system Syntax ...

Page 510: ... 1 4 The operational status of the VAS server Syntax INTEGER 1 other 2 up 3 down mplsVpnSoftwareCountersTable 1 3 6 1 4 1 5655 4 1 17 1 A list of information on various system software counters related to MPLS VPN auto learning Syntax Sequence of mplsVpnSoftwareCountersEntry mplsVpnSoftwareCountersEntry 1 3 6 1 4 1 5655 4 1 17 1 1 Entry containing information regarding MPLS VPN auto learning Synta...

Page 511: ...cubeWorkgroup 1 3 6 1 4 1 5655 4 mplsVpnMaxHWMappings 1 3 6 1 4 1 5655 4 1 17 1 1 1 The maximum number of hardware mappings permitted Syntax INTEGER 1 1000000 mplsVpnCurrentHWMappings 1 3 6 1 4 1 5655 4 1 17 1 1 2 The current number of hardware mappings in the system Syntax INTEGER 1 1000000 Access RO Access RO ...

Page 512: ...e March 1991 Defines a format for producing MIB modules RFC 1213 Management Information Base Network Management of TCP IP based internets MIB II K McCloghrie and M T Rose eds March 1991 Defines MIB II Obsoletes RFC 1158 RFC 1215 Convention for Defining Traps for Use with the SNMP M T Rose ed March 1991 RFC 1901 Introduction to Community based SNMPv2 SNMPv2 WG J Case K McCloghrie M T Rose S Waldbus...

Reviews:

No comments

Related manuals for SCE 1000 and

J4C 20 Mounting Instructions preview
20
Brand: J4C Pages: 4
Vacon 20 Quick Manual preview
20
Brand: Vacon Pages: 62
ABB ControlMaster CM15 Commissioning Instructions preview
ControlMaster CM15
Brand: ABB Pages: 28
ABB 650 series Engineering Manual preview
650 series
Brand: ABB Pages: 128
ABB ACS880 Series Supplement Manual preview
ACS880 Series
Brand: ABB Pages: 50
ABB ABILITY SSC600 Product Manual preview
ABILITY SSC600
Brand: ABB Pages: 42
ABB AC 800M Library Object Style Manual preview
AC 800M
Brand: ABB Pages: 120
ABB ACH400 Series Retrofit Manual preview
ACH400 Series
Brand: ABB Pages: 28
ABB TZIDC-110 Operating Instructions Manual preview
TZIDC-110
Brand: ABB Pages: 59
ABB ACS355 series Quick Start Up Manual preview
ACS355 series
Brand: ABB Pages: 139
ABB LME620-AI Instructions Manual preview
LME620-AI
Brand: ABB Pages: 15
ABB PST30 Manual preview
PST30
Brand: ABB Pages: 10
ABB LME620-AI Service Instruction preview
LME620-AI
Brand: ABB Pages: 30
ABB LME620-AI User Manual preview
LME620-AI
Brand: ABB Pages: 44
ABB XFC G5 Quick Start Manual preview
XFC G5
Brand: ABB Pages: 2
ABB ControlMaster CM15 Instructions preview
ControlMaster CM15
Brand: ABB Pages: 4
Nidec Leroy-Somer R180 Installation And Maintenance Manual preview
Leroy-Somer R180
Brand: Nidec Pages: 20
S&C 5800 Series Troubleshooting Manual preview
5800 Series
Brand: S&C Pages: 34

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands