manualshive.com logo in svg

SEVEN WR-Z16, User Manual, Page: 102 / 172

Share
Download
SEVEN WR-Z16 User Manual Download Page 102

 

 

Chapter 6:

 

Security

 & Authentication

 

 

102 

 

v3.3-a 12/07/2022 

Chapter 6:

 

Security & Authentication  

 

The WR-ZEN family incorporates several mechanisms in order to provide enhanced security to 

the system.  and RADIUS are integrated to enable remote authentication for network 

access  control  through  a  centralized  server.  Additionally,  the  secure  version  of  the  network 

protocols  used  in  the  system  are  implemented,  e.g.    SCP,  HTTPS,  SNMPv3,  and  a  firewall  is 

included to provide a robust system against malicious users.  

 

The  details  about  the  mentioned  protocols  and  their  configuration  are  described  in  the 

subsections below. 

6.1 Password Management 

In order to access to the configuration and extended parameters information of the device, it is 

necessary to log in to the system by using the proper credentials. The default user is root and 

default  password  is  also  root  (see  section 0).  After the first  log  in,  it  is possible  to  change  the 

password at any convenience. 

If you do not update the default credentials, you will be prompted to do so for security reasons 

in the GUI and CLI. 

In the top right side of the web interface dashboard, there is a Settings menu where the password 

can be changed. 

 

 

Figure 6:1 

 Password change section. 

Summary of Contents for WR-Z16

Page 1: ...iding timing through widely used timing protocols such as PTP NTP PPS 10MHz and others Headquarters Seven Solutions Calle Periodista Rafael Gómez Montero 2 CETIC UGR 13 18014 Granada SPAIN Web https sevensols com Sales info spain orolia com Support support spain orolia com ...

Page 2: ...Chapter 1 Introduction 2 v3 3 a 12 07 2022 ...

Page 3: ... profiles sync E configuration add new VCS code and fix some OID errors V3 1 b 26 Jan 2021 Fixing missing references in the document V3 2 a 05 Apr 2022 Improving LLDP and NTP section Adding new section Timing outputs for ZEN family V3 3 a 12 Jul 2022 System reliability improved security and authentication including web GUI update and new features time of day ToD daemon support bug fixes ...

Page 4: ...nsfer Protocol NMEA National Marine Electronics Association NMS Network Management System NTP Network Time Protocol PPS Pulse Per Second PTP Precision Time Protocol PWS Power Supply RTT Round Trip Time SFP Small Form factor Pluggable Transceiver for fiber link SSH Secure Shell SNMP Simple Network Management Protocol SyncE Synchronous Ethernet TAI International Atomic Time Temps Atomique Internatio...

Page 5: ...egorized into 4 groups Warning Information that warns the user about configurations actions that could reach possible malfunction or damage Note Caution Relevant information to take into account during management of the device Info Additional information that provides more details about a specific functionality Tips Recommendation to improve the performance or ease the management of the device ...

Page 6: ... BACK PANEL 22 2 3 MONITORING LEDS 24 2 3 1 GENERAL STATUS 24 2 3 2 SFP PORTS 25 2 4 PRODUCT SPECIFICATIONS 25 2 4 1 WR ZEN TP 25 2 4 2 WR ZEN TP FL 27 2 4 3 WR ZEN TP 32BNC 28 2 5 SAFETY NOTES 29 2 6 INSTALLING THE SWITCH IN A RACK 30 2 7 REGULATORY COMPLIANCE 32 2 7 1 EMC 32 2 7 2 SAFETY 32 2 7 3 ROHS 32 CHAPTER 3 DEVICE CONNECTIVITY 33 3 1 DEFAULT CONFIGURATION 33 3 2 NECESSARY ITEMS FOR CONNEC...

Page 7: ...TIMING 58 5 1 MULTI SOURCES RESILIENCY 58 5 1 1 TIMING SOURCES 58 5 1 2 FOCA THE FAILOVER CLOCK ALGORITHM 59 5 1 3 VIRTUAL CLOCK OVERVIEW 61 5 2 GENERAL TIMING MANAGEMENT 63 5 2 1 PRESETS 63 5 2 2 REFERENCE TOPOLOGY 68 5 2 3 TIMING SOURCE INFO 70 5 3 WHITE RABBIT 73 5 3 1 CONFIGURATION 73 5 3 2 INFO OVERVIEW 73 5 4 IEEE 1588 2008 PTPV2 77 5 4 1 LICENSE 77 5 4 2 CONFIGURATION 78 5 4 3 INFO OVERVIEW...

Page 8: ... ONLY ALLOW A SPECIFIC IP FOR MANAGEMENT 113 CHAPTER 7 MONITORING LOGGING 114 7 1 SYSLOG 114 7 1 1 SESSION LOGS 114 7 1 2 PERMANENT LOGS 115 7 1 3 REMOTE LOGS 115 7 1 4 LOGGING TOOLS 115 7 1 5 CONFIGURATION 117 7 2 SNMP 117 7 2 1 CONFIGURATION 118 7 2 2 SNMP TRAPS 123 7 3 LLDP 128 7 3 1 STANDARD IEEE 802 1AB 2005 TLVS 128 7 3 2 CONFIGURATION 128 7 3 3 INFO OVERVIEW 129 7 4 HEALTHING 131 7 4 1 INFO...

Page 9: ...56 9 1 FREQUENTLY ANSWERED QUESTION FAQ 156 9 2 HEALTH GENERAL STATUS 157 9 3 VIRTUAL STATE CLOCK CODE ERROR 157 9 4 HOW TO REPORT AN ERROR 158 9 5 RSYSLOG TEMPLATE TO IMPROVE REMOTE LOGIN 158 9 6 WARRANTY 160 9 7 CONTACT 160 CHAPTER 10 APPENDIX 161 10 1 VCS CODE 161 10 1 1 GRAND MASTER GM VCS CODE 161 10 1 2 BOUNDARY CLOCK BC VCS CODE 162 10 1 3 OTHERS 165 10 2 FAILOVER SCENARIOS 167 10 3 PERSIST...

Page 10: ...Chapter 1 Introduction 10 v3 3 a 12 07 2022 ...

Page 11: ... has been written to allow users who have their first contact with the device to easily connect it to the management network and distribute precise timing PTP or WR through its optical interfaces It also provides advanced tips for expert users and or details how to match the security policies defined at your company This is the set of official manuals provided along with the present document for c...

Page 12: ...ns on a dual ARM processor The WR ZEN TP easily distributes time and frequency to other equipment by implementing standard timing protocols such as PTP NTP and IRIG B The WR ZEN TP combines ultra stable clocks with low jitter and temperature compensated clock resources to enhance its synchronization accuracy In addition it allows integrating FMC cards Its robustness to failure is one of its key fe...

Page 13: ...censes which enable specific functionalities of the WR ZEN family These options are described in the table below Option License Description Holdover option An optional holdover oscillator can be included to maintain high accuracy 1 5us 24h even when all timing references are down PTP license The device is shipped with the default profile of PTPv2 IEEE1588 2008 Other configuration including specifi...

Page 14: ...WR Z16 devices and the WR ZEN family WR ZEN TP WR ZEN TP FL WR ZEN TP 32BNC run on the same platform WRZ OS sharing the same features timing stack and set of tools All the devices running this WRZ OS provide multiple interoperability options that include 1PPS 10 MHz signals standard PTP and NTP They support SNMP v2 v3 rsyslog and have an integrated web GUI for intuitive management and enhanced com...

Page 15: ...twork allowing synchronization at sub nanosecond level with picoseconds precision In other words the timing budget consumed by WR HA is almost insignificant Scalability WR HA networks are designed to be highly scalable supporting thousands of nodes and long distance links within the range of metro area deployments Its performance is not affected by traffic as other PTP profiles Cost effective solu...

Page 16: ... 0 0 2 FMC expansion port Slot placed to allow the use of FMC cards 0 3 2x SFP Fiber Ports 1GBps SFP compatible 0 0 4 1x ARM Mini USB B UART Serial UART Mini USB B Timing output 5 10 MHz output SMA connector F Output from PLL High level output 2 5V with 50 Ω termination 0 6 CLK TTL output SMA connector F High level output 2 5V 0 2V with 50 Ω termination By default it is configured to output 10MHz ...

Page 17: ...level output 1 7V 0 2V with 50 Ω termination 12 DB9 PPx CLK B Selectable 50 Ω termination High level output 3 0V 0 2V with 50 Ω termination High level output 3 3V 0 2V without 50 Ω adaptation 13 TOD0 RJ45 RS422 Time of Day NMEA 14 TOD1 RJ45 RS422 Time of Day NMEA 15 INFO CTRL Button Button used to access to information a control settings 16 LCD Display Panel for alert configuration information 17 ...

Page 18: ... use of FMC cards 3 2x SFP Fiber Ports 1GBps SFP compatible 0 0 4 1x ARM Mini USB B UART Serial UART Mini USB B Timing output 5 10 MHz output SMA connector F Output from PLL High level output 2 5V with 50 Ω termination 0 6 CLK TTL output SMA connector F High level output 2 5V 0 2V with 50 Ω termination By default it is configured to output 10MHz 7 PPS output SMA connector F Digital output High lev...

Page 19: ...or F Digital output High level output Selectable 50Ω termination 3V 0 2V with 50Ω termination 3 3V 0 2V without 50Ω adaptation 10 D 8x Configurable PPS 10 MHz BNC connector F Digital output High level output Selectable 50Ω termination 3V 0 2V with 50Ω termination 3 3V 0 2V without 50Ω adaptation 11 LED Red error LED Green Status LED 0 12 LCD Display Panel for alert configuration information 13 INF...

Page 20: ...60Hz 80W Max 0 16 R Power Supply 2 Swappable monitorable module 100 240VAC 50 60Hz 80W Max 0 17 Ground Ground connector of the device 0 Table 2 2 Front Panel of the WR ZEN TP 32 BNC Legend Figure 2 3 WR ZEN TP FL front panel Name Information Ref 1 2x Management Ethernet RJ45 10 100 1000 ethernet network interface eth0 eth1 0 0 0 2 FMC expansion port Slot placed to allow the use of FMC cards ...

Page 21: ...t SMA connector F Digital output High level output 2 5V 0 2V with 50 Ω termination 0 Timing input 8 PPS input SMA connector F 50 Ω termination TTL input 3 3V 0 9 10 MHz input SMA connector F 50 Ω termination 1 Veff 30 sine wave 0 10 LED Red error LED Green Status LED 0 11 LCD Display Panel for alert configuration information 12 INFO CTRL Button Button used to access to information a control settin...

Page 22: ...nitorable module 100 240VAC 50 60Hz 80W Max 0 16 Ground Ground connector of the device 0 Table 2 3 Front Panel of the WR ZEN TP FL Legend 2 2 Back panel Figure 2 4 Back panel of the WR ZEN TP Name Information Ref Power Supply 1 Power Supply 1 Swappable monitorable module 100 240VAC 50 60Hz 80W Max 0 2 Power Supply 2 Swappable monitorable module 100 240VAC 50 60Hz 80W Max 0 Plug n play modules 3 Pl...

Page 23: ... slot J2 For swappable modules 5 Plug n play module slot J3 For swappable modules By default we provide the WR ZEN TP with one FAN on slot J3 0 6 Plug n play module slot J4 For swappable modules 7 Ground Ground connector of the device 0 Table 2 4 Back Panel of the WR ZEN TP Legend ...

Page 24: ...escription 1 0 Steady Green Device system state is OK 1 0 Steady Red Device system timing global state is CRITICAL user might login to verify the source of error The device might reboot itself if the error is persistent 1 0 Steady Red Green Device system state is WARNING During booting procedure 1 0 1x Blinking Green Bootloader initialization OK 1 0 1 15 x Blinking Red Green Reset button is held d...

Page 25: ...sponds to upper SFP in the stack B Link Down When link is down LED B is disabled Link Up When link is up the LED B is green D Activity Blinks in orange each time a packet is received on this port 1 wr1 wr1 corresponds to lower SFP in the stack A Activity Blinks in orange each time a packet is received on this port C Link Down When link is down LED C is disabled Link Up When link is up the LED C is...

Page 26: ... 10MHz SIN OUT ref clock PLL CLK TTL OUT PPS OUT LVTTL PPS IN LVTTL 10MHz IN TTL CMOS ECL clipped sine Timing Common outputs to provide Timing 2xRJ45 ToD NMEA RS485 2xDB9 4x configurable xPPS CLK xPPS CLK outputs are divided in two groups of 4 customized PPS CLK 1 10 1k 10M Hz similar to the SMA Aux Clk LCD Information panel for alert network Debug USB Mini B ARM UART Back panel Fan 2x 1 4 Hot swa...

Page 27: ... x 43 mm x 221 mm 1 Rack Unit Color White Metallic Environmental Conditions Temperature 10ºC 50ºC Humidity 0 90 RH Front Panel Ethernet 2x 10 100 1000 Base T RJ45 Management PTP NTP SFP Ports 2x 1GbE Clocks I O 5x SMA coaxial connectors 3 3V 50Ω 10MHz SIN OUT ref clock PLL CLK OUT LVTTL PPS OUT LVTTL PPS IN LVTTL 10MHz IN TTL CMOS ECL clipped sine LCD Information panel for alert network Expansion ...

Page 28: ...onditions Temperature 10ºC 50ºC Humidity 0 90 RH Front Panel Ethernet 2x 10 100 1000 Base T RJ45 Management PTP NTP SFP Ports 2x 1GbE Clocks I O 5x SMA coaxial connectors 3 3V 50Ω 10MHz SIN OUT ref clock PLL CLK OUT LVTTL PPS OUT IRIG B LVTTL PPS IN LVTTL 10MHz IN TTL CMOS ECL clipped sine Fanout 32 BNC configurable outputs divided in 2 groups 1 7V 50Ω A B 10MHz xPPS under license with 50Ω termina...

Page 29: ... not make any kind of contact with any part inside the unit Warning Installation of this product must be located in restricted access areas where only skilled persons are authorized This product is not to be installed by the user operator Installation of the equipment must comply with local and national electrical codes Warning This equipment must be earth grounded Never defeat the ground connecto...

Page 30: ...e rack is stabilized Accessories The screws needed to properly mount the device to the rack are not shipped with the equipment nor the system ground kit The device already mounts the L brackets and is provided with a power cord C13 European Airflow consideration There are no standards for airflow in rack system but the device should be configured accordingly to the emplacement of hot and cold aisl...

Page 31: ... the mounting holes in the L bracket with the mounting holes in the equipment rack posts Step 5 Secure the device using four 3 4 inch screws through the elongated holes in the L bracket and into the threaded holes in the mounting post or the clip nuts or cage nuts ...

Page 32: ... when connected together bring the various parts of the device to the same potential not necessarily being the earth ground potential Stand by identify the switch by means of which part of the equipment is switched on in order to bring it into the stand by condition and to identify the control to shift to or to indicate the state of low power consumption 2 7 1 EMC EN55032 2015 AC 2016 EN55035 2017...

Page 33: ...ord root Table 3 1 Default factory settings The devices credentials can be configured as needed Learn more in the Security and Authentication section Chapter 6 3 2 Necessary items for connectivity These are the required cables and adapters RJ 45 Cat5 6 7 Ethernet cable RJ45 RS232 m and RS232 f USB cable 3 3 Connecting to the device There are two ways to connect to the WR ZEN device using the termi...

Page 34: ...gs 3 3 2 Logging from SSH Remote authentication servers TACACS Radius If there is any remote authentication server configured and it is responding the local credentials of the user root will not be used Only if the remote server is not working or is unreachable will the local credentials be available again This can render the device accessible only by UART There are three main ways to connect to t...

Page 35: ...cording to the user network configuration Once the device is set with an IP address whether it is static or dynamically set it can be accessed via SSH The connection can be established by typing ssh root IP 3 3 3 On Linux Ubuntu 18 04 LTS 3 3 3 1 Logging from UART In order to connect to the device terminal via UART it is needed to use the RJ45 RS232 m and RS232 f USB to connect to the UART managem...

Page 36: ...B0 Calling sudo usr bin picocom b 115200 dev ttyUSB0 b 115200 Exiting Ctrl A then Ctrl X picocom v2 2 port is dev ttyUSB0 flowcontrol none baudrate is 115200 parity is none databits are 8 stopbits are 1 escape is C a local echo is no noinit is no noreset is no nolock is no send_cmd is sz vv receive_cmd is rz vv E imap is omap is emap is crcrlf delbs Type C a C h to see available commands Terminal ...

Page 37: ...y are not fully recommended for color compatibility issues As a recommended alternative Putty for Linux works properly too 3 3 3 2 Logging from SSH Ubuntu distributions and many others have already installed all ssh related tools necessary to connect to the device The user does not need to perform any specific steps and can directly follow instructions detailed in 0 3 3 4 On Windows 3 3 4 1 Loggin...

Page 38: ... 1 Device manager New serial port detected Afterwards the connection can be made through Putty as shown in the Figure 3 2 The connection type should be marked as Serial at 1 The serial port name COM number should be placed at 2 and the port speed 115200 Bd at 3 ...

Page 39: ...tall the Putty Tool 2 Verify that the Connection type corresponds to SSH 3 Finally write root IP under the Host Name or IP address field and click on Open 3 3 4 2 1 Compatibility with wrz_config In order to make Putty compatible with the wrz_config color scheme and avoid strange characters it is recommended to try the following configuration 1 Change remote character set to ISO 8859 1 2 Uncheck Ov...

Page 40: ...s bar By default https is disabled but if it has been enabled the address bar should be replaced by https device_ip Once connected the WR ZEN web Dashboard will be shown as in the Figure below Figure 3 3 Dashboard of the web interface To see all the information of the device the user must login by clicking on Login Page and provide the corresponding password for the root user 0 ...

Page 41: ...er instructions on the available features and how to use them in the WR ZEN s web interface are detailed in the GUI CLI Tools section Figure 3 5 All sections on the web interface Remote authentication servers TACACS Radius If there is any remote authentication server configured and it is responding the local credentials of the user root will not be used Only if the remote server is not ...

Page 42: ...Chapter 3 Device connectivity 42 v3 3 a 12 07 2022 working or is unreachable will the local credentials be available again This can render the device accessible only by UART ...

Page 43: ...er This OID is composed by three sub indexes M D P corresponding to o M ID of the module o D ID of the directory path containing the parameter o P ID of the parameter inside a specific module directory Module The name of the corresponding module Directory The directory attached to the parameter Name The name of the parameter Names in the GUI and CLI can slightly differ but their OID are always the...

Page 44: ...PI Guide The list of all modules and corresponding parameters together with the value of their attributes can be found in the WRZ OS API guide 4 1 1 Table representation Then for each specific feature explained through the user guide the following table format will be employed to describe the corresponding parameters along with their relevant attributes An example is given for the network interfac...

Page 45: ...d String Auto negotiated speed of iface 0 xxx0 9 Tx Packets Integer u32 Transmitted packets on iface 0 xxx0 10 Rx Packets Integer u32 Received packets on iface 0 xxx0 11 Tx Bytes Integer u32 Transmitted bytes on iface 0 xxx0 12 Rx Bytes Integer u32 Received bytes on iface 0 xxx0 13 Tx Errors Integer u32 Transmission errors on iface 0 xxx0 14 Rx Errors Integer u32 Reception errors on iface Table 4 ...

Page 46: ...menu is displayed showing all the different tabs available in the device Figure 4 2 Settings menu in web interface After clicking in each of these tabs the user is redirected to the page that will show all the available parameters for monitorization or management It is noteworthy that some of these tabs contain sub tabs that organize the information depending on the application the interface or th...

Page 47: ...omatically terminate after 15 minutes of inactivity This setting can be disabled or configured via the Expert mode in the Security section 4 2 1 Network configuration from web The configuration of a static IP for eth0 network interface is provided to illustrate how the user should interact with the web interface First the user should select the Network section from the left column Figure 4 2 then ...

Page 48: ...t the static IP settings to fit its network configuration Figure 4 6 Configuration of static IP using web interface Finally the user can save the changes by clicking on Save button After this action a warning message will appear Figure 4 4 mentioning that the performed changes will only have effect after the next reboot This is because the parameters related to network configuration have Load acce...

Page 49: ...device so a saved change can take effect DNS Resolution The last tab of network configuration entitled DNS can be used to add a custom DNS server needed to resolve IP address This is useful in case an URL is used instead of an IP when configuring the server for a device e g NTP Auth etc ...

Page 50: ...ces 0 Healthing Power Supplies Fans related configuration 0 Security Configuration related to the security of the device Chapter 6 Management Logging Monitoring Chapter 7 configuration and aspects related to the maintenance of the device Chapter 8 Figure 4 8 Main wrz_config interface Modules to modify The user can then navigate between the different menus and sub menus using arrow keys and the Sel...

Page 51: ...uplicated entries it is not recommended to manually edit the root config This might have been suggested for some specific configurations of the previous version WRZ OS v2 x but this practice is now discouraged 4 3 1 Network configuration from CLI To illustrate the usage of wrz_config tool the configuration of the network interface is detailed as a step by step procedure The behavior can then be em...

Page 52: ... user should first disable the DHCP if the static IPv4 settings must be loaded Figure 4 10 wrz_config interface Interface parameters to change 5 Do not forget to Save the changes once the configuration is done The following message will prompt Figure 4 8 To load this configuration at next reboot the default filename config must be used ...

Page 53: ...e typical ifconfig ifname command or through gpa_ctrl tool 4 4 CLI Monitoring gpa_ctrl The gpa_ctrl tool can be used to monitorize current value and state of all the parameters in the WRZ OS 4 4 1 Listing parameters If the user directly executes gpa_ctrl without any arguments it will list all the parameters of the WRZ OS Then by specifying some arguments and options the user can slightly modify it...

Page 54: ...ers related to the right power supply by executing gpa_ctrl hald pws pwsr 4 4 1 1 Readback a specific parameter It might also be interesting to only readback a specific parameter For example to only get the status of the left and right power supplies the user should execute root zen 425 gpa_ctrl hald pws pwsl status echo OK 0 root zen 425 gpa_ctrl hald pws pwsr status echo Warning C pws pwsr statu...

Page 55: ...a tree view by adding the t flag root zen 425 gpa_ctrl t hald pws 0 hald LEGEND dir writable readable expert 0 9100 pws 0 9110 pwsl 0 9110 1 status OK 0 9110 2 temperature 40C 0 9110 3 v_in 235 500000V 0 9110 4 v_out 11 968750V 0 9110 5 power_in 29 000000W 0 9110 6 power_out 23 000000W 0 9110 7 disable_alert Yes 0 9120 pwsr 0 9120 1 status NOT DETECTED 0 9120 2 temperature 0C 0 9120 3 v_in 0 00000...

Page 56: ...en from Power Supply 0 9120 7 pws pwsr disable_alert Yes range 0 1 Enable Disable the critical alert when the power supply is not plugged Or specifically list of the corresponding enum values using the i e option root zen 425 gpa_ctrl i e hald pws pwsr status 0 OK 1 NOT DETECTED 2 POWER OFF 4 TEMP PROBLEM 8 IN UNDERVOLT 16 OUT OVERCURR 32 OUT OVERVOLT 64 CML ERROR 128 DEVICE BUSY 256 UNKNOWN 512 O...

Page 57: ... the console wrz_version Legacy tool to get information about version of firmware and hardware wrz_flashfw Tool used to flash an uploaded firmware See 0 wrz_logdump Tool used to report an error log for the support team See 0 More information about each tool can be found in their respective section or simply by adding the h flag to output the help message embedded in the executable ...

Page 58: ...ultra precise 10MHz PPS output signals or through NTP 0 if accuracy is not a strong necessity 5 1 Multi sources resiliency To ensure continued operation over possible failures the WR ZEN family incorporates an innovative system that handles multiple timing sources It also synthesizes these timing sources into a simplified state a k a Virtual Clock State to ease the monitoring of the device and dis...

Page 59: ...on the Best Master Clock Algorithm BMCA detailed in the PTP IEEE 1588 2019 standard but acts only in case of failure and not when the best source appears in the network It also enforces the evaluation of the timing sources in a rank order configured by the user FOCA algorithm has been designed to provide a safer approach than BMCA or even ABMCA Alternate BMCA to handle switching between multi refe...

Page 60: ...becomes available again dashed green line but the device keeps using WR1 as the active reference as no failure has been detected on this timing source In t3 an error is detected on WR1 and the FOCA algorithm will act differently according to the configuration of its strategy o A If the strategy is to re evaluate all timing sources when a failure occurs and the primary reference is eligible the WR0...

Page 61: ...ed to FOCA algorithm 5 1 3 Virtual Clock Overview The concept of Virtual Clock has been introduced in the new version of WRZ OS to ease the monitorization of the global timing status of the device It allows to abstract the way the timing sources discipline the local oscillator and summarizes how the device will announce its own clock information through the outputs Figure 5 3 4 Data flow between t...

Page 62: ...y the corresponding VCS Code VCS Code The Virtual Clock Status Code provides a precise but simple way to identify the current timing status of the device The complete table with all VCS codes is detailed in the Appendix 0 Clock Identity Class Accuracy Values announced by the device to inform its own clock information to the timing network These values are fully compatible with the BMCA defined in ...

Page 63: ... atomic clock reference through the front panel 10 MHz and 1PPS inputs Grand Master All timing ports i e wr0 wr1 are configured as WR masters Clock accuracy is announced below or equal to 25 nanoseconds Alignment of PPS_in VS PPS_out must be done manually within picoseconds PPS only needed at startup It is recommended to use this preset when the device is configured to be the Grand Master in the t...

Page 64: ...k to the PPS from the GNSS receiver before GNSS signal locked before its 10MHz are locked in phase to its PPS This causes a jump in the time reference To avoid this situation the user should configure the GNSS to not output any PPS before locking to GNSS signals Inform GNSS status via PPS This preset enforces a continuous detection of the PPS input This means that if the GNSS receiver is configure...

Page 65: ...lover to a secondary timing source provided using WR through interface wr1 The ethernet ports i e eth0 eth1 are configured as PTP masters This preset targets critical devices used as last hop with PTP The primary timing source is provided using WR through interface wr0 It can failover to a secondary timing source provided using WR through interface wr1 PTP on copper ports eth0 eth1 In v3 x PTP wil...

Page 66: ... evaluated by the FOCA algorithm If the field Type is leaved empty it will not be evaluated 3 Finally each type of timing source will enable its own sub set of parameters in order to complete the configuration a For WR type the user should select the corresponding interface name e g wr0 b For GM type you first need to expand the Advanced Configuration to configure the subset specific to a GM time ...

Page 67: ...g interfaces will be available for configuration The user should then just change the protocol used by a specific interface and its role e g in Figure the wr4 port is used as PTP master Figure 5 6 Mixing PTP and WR master ports wr0 wr1 on the WR TP 5 2 1 8 1 2 Through CLI As shown in Figure the user first needs to select the preset Custom to reveal the Ports Configuration submenu and other paramet...

Page 68: ...s on Custom preset Custom preset allows to configure any desired interface as PTP master through Web and CLI However PTP slave mode in ethernet ports can only be configured through CLI 5 2 2 Reference topology Figure summarizes how devices can be configured with different presets to operate on a generic timing network To improve the comprehensibility of the reader this reference topology has been ...

Page 69: ...wn layers In order to ensure continuous operation they can be configured with redundant timing sources e g BC FO wr0 wr1 or could incorporate the Holdover option e g BC wr0 slave HO The interoperability Layer The devices that belong to this layer are also known as last hop devices Typically one of these devices is placed per rack cabinet and is in charge of distributing the ultra accurate timing p...

Page 70: ... of the state of all timing sources Figure shows the parameters related to the primary 1 timing source Figure 5 10 Info for Timing Source 1 The parameters contained in the previous table are described as follows OID name Value type description 3 13x0 x tsrc_info x xxx Information about the x timing source 3 13x0 1 Name String i e wr0 front panel eth1 etc Name of the corresponding timing source 3 1...

Page 71: ...nce in the network 3 13x1 2 Priority1 Integer Default 128 Force BMCA decision using 1st priority Lower values take precedence 3 13x1 3 Priority2 Integer Default 128 Manually force BMCA to select a clockID when clock quality is the same Lower values take precedence 3 13x1 10 Clock Class Integer Default 248 The Clock Class is one of the attributes that characterizes the timing source 3 13x1 11 Clock...

Page 72: ...Chapter 5 Timing 72 v3 3 a 12 07 2022 ...

Page 73: ... Value Type Description 1 1220 x act servo Information about the active servo instance 1 1220 1 Interface Name String Name of the network interface on which the servo is running 1 1220 6 State 0 Disabled 1 Adjusting Time 2 Adjusting Time 3 Adjusting Phase 4 Locked 5 Wait Stable Phase 6 Invalid 7 Undefined 8 Not Updated 9 Wait Time Adjust 10 Wait Phase Adjust 11 Initializing Servo State where Locke...

Page 74: ... in the following table OID name Value Type Description 1 xx10 x net wrX 1 Information about WR for the wrX network interface Where OIDs follow the given pattern wr0 20xx wr1 21xx 1 xx10 5 Link Down Up Specify if the link is up or down 1 xx10 10 Port State 0 None 1 Initializing 2 Faulty 3 Disabled 4 Listening 5 Pre Master 6 Master 7 Passive 8 Uncalibrated 9 Slave Current state of the port that cha...

Page 75: ...verview WR0 configured as slave The clock information clock quality time properties displayed in the expanded view Figure corresponds to the announced messages received on this specific interface and not the transmitted ones This information is irrelevant disabled if the link is down or when the connected peer is not sending any announce messages e g slave role The information shown in the advance...

Page 76: ...at characterizes the port instance 1 xx31 11 Clock Accuracy Enum It indicates the expected accuracy of the timing source It shall be conservatively estimated based on the time source 1 xx31 12 Variance Integer u16 Estimation of the variations of the Local PTP Clock as measured by comparison to a suitable reference clock 1 xx31 20 N Hops Integer u32 Number of PTP communication paths traversed betwe...

Page 77: ... to get full access to the IEEE 1588 2008 PTPv2 module When no license is provided the PTP instance will start with default profile and parameters The user will only be allowed to configure the Role of the port Master Slave Disabled The Table 5 4 compares the configuration of IEEE 1588 PTP when using or not a valid license It is worth highlighting that without license the PTP master instances will...

Page 78: ...rithm Normal Soft Hard Hardx2 Normal Table 5 4 IEEE 1588 configuration with without license 5 4 1 1 PTP license management All the topics related to PTP license management such as purchasing activating and checking are explained within the 8 1 Licenses section 0 Once the license is activated Figure the web interface should allow the user to configure these settings as explained in 0 Figure 5 15 Un...

Page 79: ...network layer that delivers the PTP packets 19 xx13 10 Delay Mechanism 0 E2E 1 P2P Path delay measuring mechanism used by the PTP Port E2E End to End delay request response mechanism P2P Peer to Peer delay mechanism 19 xx13 14 Domain Integer 0 255 Default 0 Domain number associated to the PTP transactions Several domains can work simultaneously PTP profiles can restrict the value of domain number ...

Page 80: ...e Enums Default 1 packet s Rate of Peer delay request when operating in P2P mode From 1 packet each 2 4 8 16 32 128 seconds to 1 2 4 8 16 32 61 128 packets per second 19 xx13 18 User offset Integer Default 0 ns User offset to compensate internal PTP delay 19 xx13 24 PTP Timescale Enum 1 PTP 2 ARB By default the PTP timescale distribute the best estimate of standard TAI timescale include the UTC of...

Page 81: ...ecom profile for wr1 interface Then if some advanced settings need to be modified the user can click on the button to expand the configuration of a given interface Custom Profile In case some advanced settings are modified not accordingly to the specification of the selected profile the web interface will automatically change to use the Custom profile It will not restrict the user to any configura...

Page 82: ...cast 19 xx13 20 Announce Rate 8 19 xx13 21 Sync Rate 16 19 xx13 22 Delay Req Rate 16 19 xx13 24 PTP Timescale PTP 19 xx13 56 Sync E Enabled 5 4 2 1 2 Telecom ITU T 8265 1 The objective of this profile is to distribute frequency within 16ppb over a network with some non aware PTP nodes OID name Default Value Range Note Min Max 19 xx13 x net iface 1 cfg 19 xx13 9 Transport Protocol IPv4 UDP 19 xx13 ...

Page 83: ...s OID name Default Value Range Note Min Max 19 xx13 x net iface 1 cfg 19 xx13 9 Transport Protocol Layer 2 IEEE802 3 VLAN tags IEEE802 1Q are mandatory with a default priority of 4 and default VLAN ID of 0 19 xx13 10 Delay Mechanism P2P 19 xx13 14 Domain 0 0 127 19 xx13 11 Transport Mode Multicast 19 xx13 20 Announce Rate 1 19 xx13 21 Sync Rate 1 19 xx13 23 Peer Delay req Rate 1 19 xx13 24 PTP Tim...

Page 84: ...the instance can be obtained from command line using for example the following command for the first port wr0 gpa_ctrl wptpd net wr0 1 info Or through the web interface as shown in Figure where each port is displayed by a row see Table 5 5 for more details on the provided parameters Figure 5 18 wr0 port as active PTP slave with its advanced view expanded ...

Page 85: ...y all PTP instances Locked to Ref is the desired stated 19 xx12 4 Servo State Enum 0 Disabled 1 2 Waiting Sync Sec 3 Waiting Sync Sec 4 Error 5 Frequency estimation 6 Tracking 7 Not updated 8 Locked State of the PTP servo For a port set as slave the servo should reach the Locked state to properly perform the synchronization NOTE The state has been created for PTP master ports because for this mode...

Page 86: ...mber of received sync messages Incrementing for Slave instances 19 xx12 28 Rx DelayReq Packets Integer Number of received delay request message Incrementing for Master instances 19 xx12 25 Rx Announce Packets Integer Number of received announce messages Incrementing for Slave Passive instances 19 xx12 27 Rx FollowUp Packets Integer Number of received Follow up messages Incrementing for Slave insta...

Page 87: ...narios with a high load of traffic a non optimal amount of timestamps is lost through copper ports eth management ports However this behavior does not appear in optical ports Hence even though this functionality has been saved to keep the compatibility with previous firmware architectures it is not recommended to use PTP through management ports 5 5 External Reference GM 5 5 1 Configuration The Co...

Page 88: ...ing source 3 7110 1 GM Offset Integer Default 0 Offset to compensate user cable delay for PPS input in picoseconds When Align PPS is enabled the PPS output should be aligned to the PPS input but the user might want to compensate this delay 3 7110 2 Priority1 Integer Default 128 PTP Priority1 announced when the GM is active It is mainly used by BMCA to force the best clock selection using 1st prior...

Page 89: ... from UTC NTP timescale to TAI PTP timescale is detailed in the panel A detailed explanation of the parameters is provided below OID name Value Type Description 3 7120 x gm info xxx Specific information about the state of GM timing source 3 7120 0 Message String User friendly message that summarizes the current state of the GM timing source 3 7120 2 PPS Detected NONE PPS Only CLK Only PPS CLK Repo...

Page 90: ... Yes the device will act as an NTP server on its management interfaces to distribute its own Time of Day to other devices 3 7005 4 Stratum Mode Auto Manual Mode to provide the NTP stratum If Manual it will directly set the value from Manual Stratum otherwise it will take into account the virtual clock quality timing source clock accuracy etc to modify this value 3 7005 7 Manual Stratum Stratum 1 S...

Page 91: ...g IP or URL of the reference NTP server NTP Passive Timing Source Due to its poor performance NTP timing sources are always forced to be Passive Only However adding them to the configuration will provide a more robust solution as they can be used to cross validate the active timing source 5 6 2 Info Overview This panel provides an overview of the status for each NTP instance OID Name Value Type De...

Page 92: ... that are directly synchronized to stratum 0 They can also be considered a Primary Reference Source PRS such as calibrated GNSS receiver or Atomic Clocks The Grand Master node is typically connected to an external reference that provides NTP with Stratum 1 Stratum 2 They are synchronized by a stratum 1 clock It is the default stratum level when NTP provider is set in manual mode Stratum 3 They are...

Page 93: ...uration the parameter that can be changed is the CLK TTL which is the output 10 MHz signal with TTL levels This port is pre calibrated by default so that its rising edge is outputted 4ns before the rising edge of the main PPS OUT The user can modify this pre calibration by changing the user offset in order to compensate for user cables length Figure 5 20 WR ZEN TP FL timing outputs main configurat...

Page 94: ...four channels A B C D can be set attending to several parameters The mode can be selected among xPPS 10MHz and IRIG B for A B whereas for C D only xPPS and IRIG B can be chosen The user offset can also be established in this case to change the pre calibration from factory and the termination settings are available as well which can be either an impedance of 50Ω or 1MΩ ...

Page 95: ...ify the pre calibration in order to compensate for users cable length 0 184x x io output exp db9 x xxx Information related to each specific output block 0 184x 0 Mode String Output provided through the specific block which can be PPS or 10 MHz among others 0 184x 1 User offset Integer Default 0 Offset that can be introduced by the user to compensate for specific cable length 0 184x 7 Termination i...

Page 96: ... offset Integer Default 0 Offset that can be introduced by the user to compensate for specific cable length 0 183x 7 Termination impedance String Termination setting to establish an output impedance in the port Check Appendix to see the values of the electrical parameters at each specific device model Termination impedance meaning When regarding the termination impedance of a port the different se...

Page 97: ...o this one Worth mentioning that during the expired state the holdover timing source is using the OCXO oscillator that provides better performance than the internal onboard oscillator Holdover and FOCA As mentioned above FOCA only switches between timing source when a failure is detected This mean that if the active timing source of a device is HO it will stick to it until reaching the expired sta...

Page 98: ... to PTP that might provide better accuracy than an expired HO 5 8 2 Info Overview An overview of the holdover timing source is provided to monitor its state at any time as shown in Figure If its state is UNAVAILABLE this means that the holdover oscillator has not been detected and its related information in irrelevant If you have ordered the holdover option but the device does not detect it please...

Page 99: ...holdover activation 3 7210 2 Trigger Origin Enum NONE MANUAL PPS_DRIFT TRACK_LOST LINKDOWN EXTCLK_DOWN EXTPSS_DOWN CLK_DRIFTT Trigger origin of last one launched Holdover and FOCA As mentioned above FOCA only switches between timing source when a failure is detected This mean that if the active timing source of a device is HO it will stick to it until reaching the expired states Failure state of H...

Page 100: ...Update Leap Seconds File Besides using 10MHz PPS signals from the front panel the GM time source needs to obtain the Time of Day ToD from an external reference NTP is commonly used because of its easy configuration However the leap seconds must be properly handled Indeed NTP is based on UTC timescale whereas PTP is based on TAI and thus the non fixed offset between UTC TAI is provided by the leap ...

Page 101: ...fy the leap seconds file using the CLI all FW versions Save as a file the leap seconds list in the link above Through CLI use scp leap seconds list root IP media data usr local etc custom leap seconds list replace IP with the device s IP to copy the new file into the device Reboot the device ...

Page 102: ...The details about the mentioned protocols and their configuration are described in the subsections below 6 1 Password Management In order to access to the configuration and extended parameters information of the device it is necessary to log in to the system by using the proper credentials The default user is root and default password is also root see section 0 After the first log in it is possibl...

Page 103: ...v3 2 RC1 root zen 425 This authentication procedure will only need to be confirmed the first time and will not be asked in the later connections ssh root 192 168 7 25 Welcome to WR ZEN wr zynq os version v3 2 RC1 root zen 425 In order to improve security it is strongly recommended to upload your public key to the device instead of using a password This can easily be done by running the command ssh...

Page 104: ...ty HTTP HTTPS as shown in the Figure below Figure 6 2 Security HTTP HTTPS menu of Web Interface The option selected by default is HTTP While this option is active the contents are transmitted in plain text In order to use the secure mode it is necessary to either use an already existing certificate or generate a new one By using the second option of the HTTPS menu Figure it is possible to first ge...

Page 105: ...ploaded certificate Once the secure mode has been activated an info message will be shown advising that the next connection will be done on HTTPS After rebooting the device the HTTP port will be redirected to HTTPS over Error Referencia de hipervínculo no válida There is a possibility to completely disable port 80 but be careful because if HTTPS is not configured the web access will be lost and th...

Page 106: ...cation and accounting which is used to provide centralised authentication for users who want to gain access to the network This section explains how to install and configure a TACACS on up to two servers on a Linux environment where the client is a WR ZEN family device The instructions to install and configure a TACACS server on an Ubuntu machine are explained in the Appendix 0 In order to configu...

Page 107: ...urity module root zen 305 gpa_ctrl s security auth tacacs server1_ip 172 17 5 39 root zen 305 gpa_ctrl s security auth tacacs server1_secret sevensecret And reboot to apply the changes Then the client can be accessed by using the configured user and password In order to get debug messages from TACACS the service can be launched with the command tac_plus g always indicating the configuration file F...

Page 108: ...e be careful with the order of the configuration lines in etc pam d sshd The TACACS configuration line must be added always in first place and after it the RADIUS configuration line This is because when the RADIUS configuration is the first line authentication of the first password always goes to the RADIUS server and if is the password of TACACS the authentication will fail With TACACS configurat...

Page 109: ...tains protocol configuration parameters users Contains users and access passwords clients conf Contains the list of clients that are allowed to make requests to the RADIUS server templates conf The goal is to have a common configuration located in this file and list only the differences in the individual sections This feature is more useful for sections such as customers trigger conf Used to set t...

Page 110: ... auth radius server1_ip 172 17 5 39 root zen 305 gpa_ctrl s security auth radius server1_secret sevensecret And reboot to apply the changes Now that everything has been configured correctly it is possible to access the WR ZEN board with these new passwords which have been set in the users file In addition the command freeradius X can be used in order to verbose the RADIUS access The figure shows a...

Page 111: ...Chapter 6 Security Authentication 111 v3 3 a 12 07 2022 Figure 6 9 SSH connection with the WR ZEN board Figure 6 10 Freeradius failed attempt with debug information ...

Page 112: ...lines in etc pam d sshd The TACACS configuration line must be added always in first place and after it the RADIUS configuration line This is because when the RADIUS configuration is the first line authentication of the first password always goes to the RADIUS server and if is the password of TACACS the authentication will fail With TACACS configuration in first line the first password is verified ...

Page 113: ...s own configuration 6 6 1 Example to only allow a specific IP for management This is a typical use case where only a single IP or a subnetwork should be allowed to access to the management port of the device First append the current rule to existing rule overwise flush iptables A INPUT i eth0 s 192 168 7 1 j ACCEPT iptables A INPUT i eth0 j DROP iptables A INPUT i eth1 s 192 168 7 1 j ACCEPT iptab...

Page 114: ...ost when the device is powered off They are usually saved in a reserved directory var log Permanent logs These logs are kept between reboots giving information about the state of the device before it was restarted These kinds of logs help to find out the reasons of the last reboot or if there is something preventing the device from start Remote logs They are saved remotely via rsyslog It is necess...

Page 115: ...s information about the event 7 1 2 Permanent logs The devices keep a permanent log to maintain the system information in case of unexpected reboots This information is saved during the reboot process and can be found at root log reboot last_reboot It contains the timestamp of the last reboot wrz xxx xxx xxxx xxx logdump It contains the output of the wrz_logdump at the moment of the reboot 7 1 3 R...

Page 116: ... following command wrz_logdump a o root The wrz_logdump contains different files that are useful to debug problems including the following information The content of boot and media partitions including information about the software The main configuration from the root config file Information about the interfaces IP addresses netmask packets status etc Information about interrupts from the HW Info...

Page 117: ... 192 168 1 5 IP address from the remote logging server 13 2000 2 Server port Integer i e 514 Port information from the remote logging server 13 2000 3 Protocol Enum UDP TCP Communication protocol for remote logging between the device and the server 13 2000 4 Verbose all Enum Disabled Enabled High verbosity logging configuration for modules and log information 13 2000 5 Log autosave Enum Disabled E...

Page 118: ...onfiguration This file can be modified to customize the configuration usr share snmp snmpd conf It contains the SNMP configuration managed by Seven Solutions software var lib snmp snmpd conf It contains the SNMPv3 persistent data var log snmp gpa_passwd log It contains the SNMPv3 user passwords change SNMP file route These files are located into media data usr local to make it persistent between r...

Page 119: ...IP address i e 192 168 1 5 or 192 168 1 0 24 IP addresses from hosts allowed to retrieve information from the device using SNMP v1 and v2 queries Disable SNMP v1 v2 In order to disable SNMP v1 and SNMP v2 the value none must be chosen for access_view Source mask value By default the localhost source is added If no other source mask is added the device will only accept local queries Community name ...

Page 120: ...ES Privacy encryption protocol 7 2 1 1 General configuration In order to configure SNMP from the CLI the wrz_config tool must be accessed Once it has been launched the SNMP configuration is under Management SNMP Figure 7 2 SNMP configuration Under the different tabs all the described information in the previous tables or in the following sections can be accessed modified and saved On a different t...

Page 121: ...NMP groups the configuration file usr share snmp snmpd conf can be modified to define or modify them SNMP configuration files customization Seven Solutions is not responsible of any damage caused by the user while manually modifying the SNMP configuration files If it is needed to restore the default credentials in etc snmp snmpd conf and var lib snmp snmpd conf the following command can be used et...

Page 122: ..._view and access_mode parameters can be directly changed Encryption protocols are changed through change_password SNMP v3 users UserSNMP and adminSNMP are included for retro compatibility purposes It is recommended to use users relying on SHA and AES encryption In the case of SNMP v3 the default passwords can be modified using the parameters under the change password sub tree OID Name Value type D...

Page 123: ...odified to create users For that purpose the information from the mapping section in usr share snmp snmpd conf can be used as a reference to modify the etc snmp snmpd conf file 7 2 2 SNMP Traps The SNMP traps are synchronous notifications generated by the agent which are sent to the manager While in other SNMP communications the manager actively requests information from the agent the traps are se...

Page 124: ...due to efficiency security and simplicity reasons All traps are sent with snmpinform that tries to confirm the reception of the trap by the Network Management System NMS and resends the trap until a timeout expires if it receives no confirmation 7 2 2 1 Trap objects The generated traps in the device contain different objects in order to provide general and specific information about the trigger of...

Page 125: ... before a system shut down or reboot modOpen Trap generated when a module or service is launched ModClose Trap generated when a module or service is closed okagainParam Trap generated when a parameter comes back to a correct status after an alert condition warningParam Trap generated when a parameter changes to a warning status criticalParam Trap generated when a parameter changes to a critical st...

Page 126: ...r is in an alert status or back to a normal status Default traps configuration By default all traps are enabled using the public SNMPv2 community for informative purposes 7 2 2 4 Basic trap receptor NMS configuration Install snmptrapd in the server receiving the SNMP traps sudo apt get install snmptrapd After installing snmptrapd the configuration in etc snmp snmptrapd conf needs to be modified to...

Page 127: ... trap 1 host ip vars After this step it is important to copy the MIB file from the device into the NMS sudo scp root deviceip wr etc snmp SEVEN PRODUCT MIB txt usr share snmp mibs Finally the snmptrapd service must be stopped and re run to view all the received traps sudo service snmptrapd stop sudo snmptrapd f m all ...

Page 128: ...s will be recollected even if this neighbor does not run the WRZ OS The same apply in the over way and the standard TLVs shared by the WRZ OS device should be properly retrieved by any LLDP compatible device 7 3 2 Configuration In order to stop sharing device information to its neighbors the user must disable the LLDP protocol By doing this the device will also stop collecting information from its...

Page 129: ...on related to the system run by the neighbor Port Information related to the neighbor port Management Information about how the corresponding neighbor is managed OID Name Value Type Description 20 xx10 x net wrX peer Information about LLDP for the wrX network interface Where OIDs follow the given pattern wr0 20xx wr1 21xx wr15 35xx 20 xx11 x net wrX peer 1 dev Information related to the system run...

Page 130: ...the corresponding port is used 20 xx20 3 Description String i e wr0 Description of the remote port For WRZ OS peers it corresponds to its interface name 20 xx22 x net wrX peer 1 port sfp Information related to the neighbor SFP 20 xx22 1 Vendor Name String i e Axcen Photonics SFP vendor name 20 xx22 2 Part Number String i e AXGE 3454 0531 SFP part number 20 xx22 3 Serial Number String i e AX1746000...

Page 131: ... 1001 21 RAM free Integer i e 93884 Remaining free RAM 2 1001 31 CPUs Integer i e 2 Total available CPUs 2 1001 31 CPU load 1 Decimal i e 0 054199 Average CPU load during the last minute 2 1001 32 CPU load 5 Decimal i e 0 054199 Average CPU load during the last 5 minutes 2 1001 33 CPU load 15 Decimal i e 0 054199 Average CPU load during the last 15 minutes 2 1001 34 CPU usage Decimal i e 2 054199 ...

Page 132: ... behavior their information can be checked too in the web GUI under Healthing or through the command line OID Name Value type Description 0 91x0 pws pwsX Information related to pwsX where pwsl 0 9100 corresponds to the left power supply and pwsr 0 9120 corresponds to the right power supply 0 9110 1 Status Enum i e OK Power supply status 0 9110 2 Temperature Decimal i e 41 ºC Power supply temperatu...

Page 133: ...tion parameters can be found in the following table OID Name Value type Description 2 1000 0 Screen saver Integer i e 1 Not used in WR ZEN device 2 1000 1 Screen saver delay Integer i e 60 Not used in WR ZEN device 2 1000 2 Screen contrast Integer i e 255 Not used in WR ZEN device 2 1000 3 Temp target Integer i e 60 ºC Target temperature for the fans PWM controller 0 9110 7 PWSL disable alert Enum...

Page 134: ...f each interface to connect to the device When you press INFO CTRL button the main menu will appear You can configure the screen saver options with these parameters cfg screen_saver o 1 screen saver configured o 0 no showing screen saver the screen turns off when screen_saver_dealy is reached cfg screen_saver_delay time without pressing INFO CTRL button before active screen_saver You can change th...

Page 135: ...select an option long press over INFO CTRL button To go to the next option short press over INFO CTRL button The different options in this menu are REVIEW PARAMETERS Select this submenu to review the status and values of all modules and parameters in the device NETWORK This submenu allows you to review the eth0 and eth1 info and white rabbit network status WR STATS It shows info about white rabbit...

Page 136: ... range C All parameters in critical range O Out of sync You can view details of each module by pressing long INFO CTRL button over the module you want to review The module status description is shown The different options to select in this screen are WARNINGS n select this option to review parameters in warning range CRITICALS n select this option to review parameters in critical range OUT OF SYNC...

Page 137: ...ong press over INFO CTRL button To go to next parameter short press over INFO CTRL button When the last parameter was reached a short press over INFO CTRL exits this screen returning to the previous menu 2 NETWORK In this section you can review the parameters regarding the network interfaces of the device The options are ETH0 information about copper interface Ethernet 0 ETH1 information about cop...

Page 138: ...ou select ETH0 or ETH1 option the details of the Ethernet interface will appear When you select WR0 or WR1 option the details of the White Rabbit interface will appear 3 WR STATS In this sub menu you can review the information about white rabbit 4 MANAGEMENT ...

Page 139: ...on by long pressing INFO CTRL button a countdown is shown By press INFO CTRL button you can cancel the execution of the option selected When countdown reaches 0 the option will be executed 7 6 External monitoring tool For this new architecture firmware version an external Grafana monitoring application has been developed in order to provide the user a deep knowledge of the configuration and featur...

Page 140: ...o the storage of the parameters into an Influx Database it is possible to obtain the device information during any time interval Figure 7 7 Offset information retrieved from the monitoring tool As seen in the previous graph the unusual behavior on some devices can be detected The red samples show the instances in which a device reaches high picks regarding the offset from the master device For thi...

Page 141: ... 2022 The application also helps to prevent issues in the network due to periodic controls that can be performed Furthermore an alert storage functionality is added to the tool allowing the user to obtain the anomaly reason in a quick and easy way ...

Page 142: ...er profiles than the default such as telecom profiles ITU T G 8265 1 G 8275 1 and power profile IEEE C37 238 2011 HATI hp_port Enable High Performance HATI support for a given port The HATI High Accuracy Timing IP is a FPGA core designed to easily integrate high accuracy timing into Xilinx FPGA Please contact with info spain orolia com for more information 8 1 2 Check Licenses The status of the li...

Page 143: ...ow License is in trial Green License is properly activated OID name Value Type Description 12 2xyy licenses xxx yyy Information about license feature yyy in group xxx 12 2xyy 1 Feature Name String License feature name 12 2xyy 8 Available Integer Total of available corresponding licenses by device i e features associated to port might need up to 16 licenses 12 2xyy 15 Description String Description...

Page 144: ...4 Local Licenses Management In order to perform local licenses management by directly uploading licenses files to the device the user first needs to login to the license portal by clicking on the following link https flex1667 flexnetoperations com flexnet operationsportal logon do 8 1 4 1 Map a feature to a device The user must first navigate to the tab Devices Devices Figure 8 2 Devices Managemen...

Page 145: ...atus should be updated to License generated A license file will be generated using a DEVICE_ID bin filename pattern Do not rename this file otherwise it will not be properly recognized when loading it to the device If a DEVICE_ID bin file is already present in your Download folder the new generated file will be automatically renamed with a prefix i e DEVICE_ID 1 bin Please remove this prefix befor...

Page 146: ... 4 Licenses Configuration Panel Then under Local Activation the user should Browse to the downloaded license file Upload it to device and finally Save Apply the changes Once the operation is done the user can review if the license has been properly activated Green by returning to the Management Licenses Overview screen 8 1 4 3 Remove local license from device In case a local license needs to be us...

Page 147: ... the management network so that all the devices can directly request an active license to enable a feature This solution has the following advantages Only license server must synchronize to license portal in order to get all the purchased license This synchronization can be done online seamless or offline using a file Each device only needs to configure the License Server IP The license server is ...

Page 148: ...Chapter 8 Device Maintenance 148 v3 3 a 12 07 2022 ...

Page 149: ...re version and firmware The HW version is displayed in the dashboard as shown in the Figure 8 5 HW version displayed in dashboard for WR ZEN TP left WR Z16 right The left device is a WR ZEN TP that mounts a ZENv3 3 as main board The right device is a WR Z16 that mounts a Z16v4 0 as main board Figure 8 5 HW version displayed in dashboard for WR ZEN TP left WR Z16 right This means that the WR ZEN TP...

Page 150: ...n Upload button and wait until checking the compatibility of the given firmware If the firmware is detected to be compatible it will automatically start the upgrade procedure and reboot twice the device Please wait in this screen until the procedure complete Figure 8 6 Update Procedure Waiting screen If the uploaded version is lower than v3 3 a factory reset is mandatory If this is the case the me...

Page 151: ...first step of this method is to upload the corresponding firmware to the root folder of the device using SCP scp wr zynq os v3 2 RC1 20210325 ZENv3 x_binaries tar root deviceip Then login to the device with SSH ssh root deviceip And finally run the wrz_flashfw tool to handle updates with the reboot flag4 if no errors were detected root be dist8 684 wrz_flashfw r wr zynq os v3 2 RC1 20210325 ZENv3 ...

Page 152: ...ll enter itself into a recovery mode This recovery mode consists of a minimal Linux stored into internal memory of the equipment that allows to Reflash the device with another firmware Recover configuration if possible Clean format SD remotely Once the device has been booted in recovery mode it should apply the network configuration previously saved in the config file However it might occasionally...

Page 153: ...re Update Try to flash the firmware again this is the most frequent action to perform when an error has occurred during the flashing procedure 4 Restore Remove any customization and restore the device to its default values WARNING Any specific network settings will be removed If none of these actions can return the device to a normal booting mode try to contact TimingSupport orolia com to get more...

Page 154: ...oaded from QSPI dataflash This can take more than 1 minute 8 4 Factory Config Mode In case a miss configuration of the device invalids its correct login one can manually reset the configuration to default factory value by following the steps below 1 Reboot the WRZ device 2 Press the CTRL Info button 0 more than 15s while Uboot is loading 3 Hold until reset factory message appears on LCD status LED...

Page 155: ...usable access to its console ssh or UART the failsafe mode can be entered by following the procedure 1 Power cycle the device 2 Wait 30 seconds until the kernel starts loading 3 Press Reset Button 2 for more than 30s until Status LED 3 starts blinking several times in yellow This means that the failsafe mode has been triggered 4 Remove fix the custom scripts that were blocking the OS initializatio...

Page 156: ...engths in both directions a single fiber should be used for sending data both directions Additionally White Rabbit should follow the 1000BASE BX10 standard and use 1310 1490 pairs with a single LC connector More specifically the Switch ports transmitting downstream to endpoints should use 1490nm on the transmitter and 1310nm on the receiver The 1310 nm module corresponds to the blue color and the ...

Page 157: ...ar General ports mode and other configuration can be consulted or changed in the web SNMP This is the recommended alternative for monitoring purposes Follow the steps on the attached Monitoring Tools User Guide to get SNMP working You will be able to both consulting or changing configurations on the WR ZEN family with the SNMP commands After having installed SNMP on your host all parameters on the...

Page 158: ...S 10MHz references from another one and running as a PTP master on interface wr0 b Were any relevant actions previously performed on the device before the issue happened e g upgrading firmware or applying any specific configuration c Is the issue reproducible Does it happen after specific actions are applied to the device or when a series of particular events happen in it d Attach the device s log...

Page 159: ...Chapter 9 Troubleshooting 159 v3 3 a 12 07 2022 Severity info local0 rsyslog server1 IP local0 rsyslog server2 IP ...

Page 160: ... cannot be warranted This includes misuse miswiring overheating operation under loads beyond the design range of the WR ZEN family devices For warranty or non warranty replacement please write to our Support Team at TimingSupport orolia com 9 7 Contact For more information about our company and products please contact us Website www sevensols com Address Seven Solutions S L Calle Periodista Rafael...

Page 161: ... GM Internal Oscillator The 10MHz signal is not properly connected to the GM or provide too low voltage bad frequency etc VSC 10102 CRITICAL Unlocked PPS not present 187 GM Internal Oscillator The PPS signal is not properly connected to the GM or provide too low voltage VSC 10103 CRITICAL Unlocked 10MHz PPS not present 187 GM Internal Oscillator 10MHz and PPS signals are not properly connected to ...

Page 162: ...ree running VSC 10204 WARNING Locked NTP does not reply anymore 6 GM Front panel As NTP does not reply we might have some problem with the network This is not critical for operation but might be a problem at next reboot Only the GM should send alert 10 1 2 Boundary Clock BC VCS Code A device in Boundary Clock mode is receiving its timing from a PTP WR master and redistribute to other PTP WR slave ...

Page 163: ... VSC 20307 CRITICAL SyncE SSM QL error Not QL PRC 248 Internal Oscillator PTP SyncE is in LOCKED state but the received QL code is not a PRC ePRTC PRTC The device will annouce itself in FR VSC 21307 HO CHANGEOVER SyncE SSM QL error Not QL PRC 187 BC Holdover PTP SyncE was in LOCKED state but the received QL code is not a PRC ePRTC PRTC The device will fail to our HO timing source if it was ready V...

Page 164: ...expected reason the MPLL is not able to follow the received frequency from L1 Sync Sync E and it has been delocked If ready the fast delock trigger launch the Holdover VSC 20211 WARNING Locked Upstream device in holdover 187 BC WR PTP ifname The upstream BC is using its holdover we have nothing to do but to inform that our accuracy will decrease over time and that at some point expiration of the H...

Page 165: ...at our current situation is unexpected VSC 09110 WARNING Initializing 248 Internal Oscillator The device will always initialize with the following configuration before using any policy strategy src in tmgr The following value are only written in case the user run etc init d tmgrd restart VSC 90000 OK Manual Free running 193 Internal Oscillator The device has been manually set as FR master and thus...

Page 166: ...to the clock we announce ourself exactly like FR and we all to reset algorithm VSC 91111 HO WARNING previous message prev prev The last mode that was ready has been exited in mode The only thing that we perform here is increasing clock accuracy and stay in this mode until the tim expired VSC 92411 HO WARNING Holdover Learning 248 Passive The Holdover timing source is learning in backgrou from the ...

Page 167: ... created used to update the FW media data root media data root Root files where we can store the configuration media data usr local bin usr local bin For custom binaries tools media data usr local sbin usr local sbin For custom script media data usr local lib usr local lib For custom libraries media data usr local etc etc Create symbolic links into the etc dir Updating with custom scripts When upd...

Page 168: ...10 MHz 3 0 V 0 60 ns WR ZEN TP FL FPO v1 0 A B 50 Ohms optimal 1 MOhm overshoot xPPS 3 0 V 1 10 ns WR ZEN TP FL FPO v2 0 A B 50 Ohms optimal 1 MOhm overshoot xPPS 10MHz 3 0 V 0 80 ns WR ZEN TP 32BNC EXP32BNC V2 0 A B C D 1 Ohm optimal 50 Ohm low volt 1 Ohm optimal 50 Ohm optimal xPPS 10MHz xPPS 3 3 V 1 7 V 3 3 V 3 0 V 2 06 ns 1 55 ns 2 06 ns 1 67 ns WR ZEN TP 32BNCEXP32BNC V2 2 A B C D 1 Ohm optim...

Page 169: ... tcp Rules updated Rules updated v6 The users are configured in the file etc tacacs tac_plus conf To do this it is possible to modify the key by replacing it by the one we want to define key sevensecret The following simple structure can be used to define a user user test tacacs pap cleartext password It is possible to encrypt the password with the tac_pwd terminal command and enter the password t...

Page 170: ...6 of the package radius by using the following command apt get install freeradius It will also be necessary to install the certificates version 20180409 apt get install ca certificates After this the service status can be verified by using the command service freeradius status The first step to configure the server is opening the UDP ports 1812 and 1813 ufw allow 1812 udp Rules updated Rules updat...

Page 171: ...by using the following lines username Cleartext Password userpassword other configs An example can be test radius Cleartext Password password If the WR ZEN has been used as the client the password must be configured for the root user Registration of new users is not allowed in this device so root is the only existing user ...

Page 172: ...pendix 172 v3 3 a 12 07 2022 Headquarters Seven Solutions Calle Periodista Rafael Gómez Montero 2 CETIC UGR 13 18014 Granada SPAIN Web https sevensols com Sales info spain orolia com Support support spain orolia com ...

Reviews:

No comments