Download  Print this page

Cisco ASR 5000 Series Administration Manual

Staros release 21.4
Hide thumbs
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
Table Of Contents
509

Advertisement

Table of Contents
ASR 5500 System Administration Guide, StarOS Release 21.4
First Published: 2017-11-22
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

  Summary of Contents for Cisco ASR 5000 Series

  • Page 1 ASR 5500 System Administration Guide, StarOS Release 21.4 First Published: 2017-11-22 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
  • Page 3 C O N T E N T S About this Guide xxix P r e f a c e Conventions Used xxix Related Documentation MIOs and DPCs Contacting Customer Support xxxi System Operation and Configuration C H A P T E R 1 System Management Overview Terminology Contexts...
  • Page 4 Contents Alphanumeric Strings Character Set Quoted Strings Getting Started C H A P T E R 2 ASR 5500 Configuration Using the ASR 5500 Quick Setup Wizard The Quick Setup Wizard Using the CLI for Initial Configuration Configuring System Administrative Users Limiting the Number of Concurrent CLI Sessions Automatic Logout of CLI Sessions Configuring the System for Remote Access...
  • Page 5 Contents System Settings C H A P T E R 3 Configuring a Second Management Interface Verifying and Saving Your Interface and Port Configuration Configuring System Timing Setting the System Clock and Time Zone Verifying and Saving Your Clock and Time Zone Configuration Configuring Network Time Protocol Support Configuring NTP Servers with Local Sources Using a Load Balancer...
  • Page 6 Contents Associating an SFTP root Directory with an Administrator Associating an SFTP root Directory with a Config Administrator Configuring TACACS+ for System Administrative Users Operation User Account Requirements TACACS+ User Account Requirements StarOS User Account Requirements Configuring TACACS+ AAA Services Configuring TACACS+ for Non-local VPN Authentication Verifying the TACACS+ Configuration Separating Authentication Methods...
  • Page 7 Contents Preferred Slot Auto-Switch Criteria Link Aggregation Control Minimum Links Redundancy Options Horizontal Link Aggregation with Two Ethernet Switches Non-Redundant (Active-Active) LAG Faster Data Plane Convergence Link Aggregation Status Configuring a Demux Card Overview MIO Demux Restrictions Configuration Config Mode Lock Mechanisms C H A P T E R 4 Overview of Config Mode Locking Requesting an Exclusive-Lock...
  • Page 8 Contents Feature Configuration Service Configuration Context Configuration System Configuration Finding Configuration Errors Synchronizing File Systems Saving the Configuration System Interfaces and Ports C H A P T E R 7 Contexts Creating Contexts Viewing and Verifying Contexts Ethernet Interfaces and Ports Creating an Interface Configuring a Port and Binding It to an Interface Configuring a Static Route for an Interface...
  • Page 9 Contents User Access to Operating System Shell Test-Commands Enabling cli test-commands Mode Enabling Password for Access to CLI-test commands Exec Mode cli test-commands Configuration Mode cli test-commands Secure System Configuration File C H A P T E R 9 Feature Summary and Revision History Feature Description How System Configuration Files are Secured Create a Digital Signature...
  • Page 10 Contents Configuring the Boot Stack System Boot Methods Viewing the Current Boot Stack Adding a New Boot Stack Entry Deleting a Boot Stack Entry Network Booting Configuration Requirements Configuring the Boot Interface Configuring the Boot Network Configuring Boot Network Delay Time Configuring a Boot Nameserver Upgrading the Operating System Software Identifying OS Release Version and Build Number...
  • Page 11 C H A P T E R 1 1 Feature Summary and Revision History Smart Software Licensing Cisco Smart Software Manager Smart Accounts/Virtual Accounts Request a Cisco Smart Account Software Tags and Entitlement Tags Configuring Smart Licensing Monitoring and Troubleshooting Smart Licensing Smart Licensing Bulk Statistics...
  • Page 12 Contents Configuring Bulk Statistic Schemas Configuring a Separate Bulkstats Config File Using show bulkstats Commands Verifying Your Configuration Saving Your Configuration Viewing Collected Bulk Statistics Data Collecting Bulk Statistics Samples in SSD Manually Gathering and Transferring Bulk Statistics Clearing Bulk Statistics Counters and Information Bulkstats Schema Nomenclature Statistic Types Data Types...
  • Page 13 Contents Reducing Excessive Event Logging Configuring Log Source Thresholds Checkpointing Logs Saving Log Files Event ID Overview Event Severities Understanding Event ID Information in Logged Output Troubleshooting C H A P T E R 1 5 Detecting Faulty Hardware Licensing Issues Using the CLI to View Status LEDs Checking the LEDs on the PFU Checking the LEDs on the MIO Card...
  • Page 14 Contents SSC System Service LED States Testing System Alarm Outputs Taking Corrective Action Switching MIOs Busying Out a DPC Migrating a DPC Halting Cards Initiate a Card Halt Restore a Previously Halted Card Verifying Network Connectivity Using the ping or ping6 Command Syntax Troubleshooting Using the traceroute or traceroute6 Command...
  • Page 15 Contents Show Command(s) and/or Outputs show cdr statistics show { hexdump-module | cdr } file-space-usage show hexdump-module statistics System Recovery C H A P T E R 1 7 Prerequisites Console Access Boot Image Accessing the boot CLI Initiate a Reboot Interrupt the Boot Sequence Enter CLI Mode boot Command Syntax...
  • Page 16 Contents Applying an ACL to All Traffic Within a Context Verifying the ACL Configuration in a Context Applying an ACL to a RADIUS-based Subscriber Applying an ACL to an Individual Subscriber Verifying the ACL Configuration to an Individual Subscriber Applying an ACL to the Subscriber Named default Applying an ACL to the Subscriber Named default Verifying the ACL Configuration to the Subscriber Named default Applying an ACL to Service-specified Default Subscriber...
  • Page 17 Contents Static Routing Adding Static Routes to a Context Deleting Static Routes From a Context OSPF Routing OSPF Version 2 Overview Basic OSPFv2 Configuration Enabling OSPF Routing For a Specific Context Enabling OSPF Over a Specific Interface Redistributing Routes Into OSPF (Optional) Confirming OSPF Configuration Parameters OSPFv3 Routing OSPFv3 Overview...
  • Page 18 Contents BGP CLI Configuration Commands Confirming BGP Configuration Parameters Bidirectional Forwarding Detection Overview of BFD Support Configuring BFD Configuring a BFD Context Configuring IPv4 BFD for Static Routes Configuring IPv6 BFD for Static Routes Configuring BFD for Single Hop Configuring Multihop BFD Scaling of BFD Associating BGP Neighbors with the Context Associating OSPF Neighbors with the Context...
  • Page 19 Contents VLANs C H A P T E R 2 1 Overview Overlapping IP Address Pool Support – GGSN RADIUS VLAN Support – Enhanced Charging Services APN Support – PDN Gateway (P-GW) Creating VLAN Tags Verifying the Port Configuration Configuring Subscriber VLAN Associations RADIUS Attributes Used Configuring Local Subscriber Profiles Verify the Subscriber Profile Configuration...
  • Page 20 Contents Session Recovery C H A P T E R 2 4 How Session Recovery Works Additional ASR 5500 Hardware Requirements Configuring the System to Support Session Recovery Enabling Session Recovery Enabling Session Recovery on an Out-of-Service System Enabling Session Recovery on an In-Service System Disabling the Session Recovery Feature Viewing Session Recovery Status Viewing Recovered Session Information...
  • Page 21 Contents SRP Redundancy, AAA and Diameter Guard Timers DSCP Marking of SRP Messages Optimizing Switchover Transitions Allow Non-VoLTE Traffic During ICSR Switchover Allow All Data Traffic Allow Early Active Transition Graceful Cleanup of ICSR After Audit of Failed Calls Optimization of Switchover Control Outage Time Configuring the SRP Context Interface Parameters Configuring NACK Generation for SRP Checkpoint Messaging Failures Enabling NACK Messaging from the Standby Chassis...
  • Page 22 Contents Updating the Boot Record Synchronizing File Systems Reboot StarOS Updating the Configuration File Verifying the Software Version Saving the Configuration File Completing the Update Process Waiting for Session Synchronization Primary System Initiating an SRP Switchover Checking AAA Monitor Status on the Newly Active System Completing the Software Update Initiating an SRP Switchover Making Test Calls...
  • Page 23 Contents Packet Data Network (PDN) Interface Rules Context Rules Subscriber Rules Service Rules Access Control List (ACL) Engineering Rules ECMP Groups StarOS Tasks A P P E N D I X B Overview Primary Task Subsystems Controllers and Managers Subsystem Tasks System Initiation Subsystem High Availability Subsystem Resource Manager Subsystem...
  • Page 24 Contents rest port Sample Configuration Verifying the Configuration show confdmgr Command clear confdmgr confd cdb clear confdmgr statistics YANG Models Show Support Details (SSD) ConfD Examples Server ConfD Bulkstats Exec CLI Model CLI Based YANG Model for ECS Commands Seeding and Synchronizing the CDB show configuration confd Command CDB Maintenance clear confdmgr confd cdb...
  • Page 25 Contents ECS Category SESS_UCHKPT_CMD_ACS_CALL_INFO SESS_UCHKPT_CMD_ACS_GX_LI_INFO SESS_UCHKPT_CMD_ACS_SESS_INFO SESS_UCHKPT_CMD_DEL_ACS_CALL_INFO SESS_UCHKPT_CMD_DEL_ACS_SESS_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_CA_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_DEL_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_CHRG_QG_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_DEL_INFO SESS_UCHKPT_CMD_DYNAMIC_RULE_INFO ePDG Category SESS_UCHKPT_CMD_DELETE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_BEARER SESS_UCHKPT_CMD_UPDATE_EPDG_PEER_ADDR SESS_UCHKPT_CMD_UPDATE_EPDG_REKEY SESS_UCHKPT_CMD_UPDATE_EPDG_STATS Firewall/ECS Category SESS_UCHKPT_CMD_SFW_DEL_RULE_INFO SESS_UCHKPT_CMD_SFW_RULE_INFO GGSN Category SESS_UCHKPT_CMD_GGSN_DELETE_SUB_SESS SESS_UCHKPT_CMD_GGSN_UPDATE_RPR SESS_UCHKPT_CMD_GGSN_UPDATE_SESSION SESS_UCHKPT_CMD_GGSN_UPDATE_STATS SESS_UCHKPT_CMD_UPDATE_COA_PARAMS Gx Interface Category SESS_UCHKPT_CMD_ACS_VOLUME_USAGE SESS_UCHKPT_CMD_UPDATE_SGX_INFO NAT Category SESS_UCHKPT_CMD_GR_UPDATE_NAT_REALM_PORT_INFO1 SESS_UCHKPT_CMD_GR_UPDATE_NAT_REALMS SESS_UCHKPT_CMD_NAT_SIP_ALG_CALL_INFO SESS_UCHKPT_CMD_NAT_SIP_ALG_CONTACT_PH_INFO...
  • Page 26 Contents SESS_UCHKPT_CMD_UPDATE_DSK_FLOW_CHKPT_INFO SESS_UCHKPT_CMD_UPDATE_NAT_BYPASS_FLOW_INFO P-GW Category SESS_UCHKPT_CMD_PGW_DELETE_SUB_SESS SESS_UCHKPT_CMD_PGW_OVRCHRG_PRTCTN_INFO SESS_UCHKPT_CMD_PGW_SGWRESTORATION_INFO SESS_UCHKPT_CMD_PGW_UBR_MBR_INFO SESS_UCHKPT_CMD_PGW_UPDATE_APN_AMBR SESS_UCHKPT_CMD_PGW_UPDATE_INFO SESS_UCHKPT_CMD_PGW_UPDATE_LI_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_PDN_COMMON_PARAM SESS_UCHKPT_CMD_PGW_UPDATE_QOS SESS_UCHKPT_CMD_PGW_UPDATE_SGW_CHANGE SESS_UCHKPT_CMD_PGW_UPDATE_STATS Rf Interface Category SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_QCI_RF_WITH_FC SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF SESS_UCHKPT_CMD_ACS_ACCOUNTING_TYPE_RATING_GROUP_RF_WITH_FC S6b Interface Category SESS_UCHKPT_CMD_S6B_INFO SaMOG Category SESS_UCHKPT_CMD_CGW_DELETE_BEARER SESS_UCHKPT_CMD_CGW_DELETE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_BEARER_QOS SESS_UCHKPT_CMD_CGW_UPDATE_PDN SESS_UCHKPT_CMD_CGW_UPDATE_STATS SESS_UCHKPT_CMD_CGW_UPDATE_UE_PARAM SESS_UCHKPT_CMD_SAMOG_ACCT_INTERIM_INFO SESS_UCHKPT_CMD_SAMOG_ACCT_START_INFO SESS_UCHKPT_CMD_SAMOG_EOGRE_TUNNEL_INFO SESS_UCHKPT_CMD_SAMOG_GTPV1_UPDATE_PDN_INFO SESS_UCHKPT_CMD_SAMOG_HANDOFF_AUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_HANDOFF_INIT_INFO SESS_UCHKPT_CMD_SAMOG_LI_PROV_INFO ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 27 SESS_UCHKPT_CMD_SAMOG_MULTI_ROUND_AUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_REAUTHEN_INFO SESS_UCHKPT_CMD_SAMOG_REAUTHOR_INFO ASR 5500 SDR CLI Command Strings A P P E N D I X E Cisco Secure Boot A P P E N D I X F Fundamental Concepts Secure Boot Overview MIO2 Support for Secure Boot...
  • Page 28 Contents ASR 5500 System Administration Guide, StarOS Release 21.4 xxviii...
  • Page 29: About This Guide

    About this Guide This preface describes the ASR 5500 System Administration Guide, how it is organized and its document conventions. The System Administration Guide describes how to generally configure and maintain StarOS running on an ASR 5500 platform. It also includes information on monitoring system performance and troubleshooting. •...
  • Page 30: Related Documentation

    Related Documentation The most up-to-date information for this product is available in the product Release Notes provided with each software release. The following user documents are available on www.cisco.com: • ASR 5500 Installation Guide • AAA Interface Administration and Reference •...
  • Page 31: Contacting Customer Support

    Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please contact your Cisco sales or service representative for additional information.
  • Page 32 About this Guide Contacting Customer Support ASR 5500 System Administration Guide, StarOS Release 21.4 xxxii...
  • Page 33: System Management Overview

    C H A P T E R System Operation and Configuration The ASR 5500 is designed to provide subscriber management services for Mobile Packet Core networks. Before you connect to the command line interface (CLI) and begin system configuration, you must understand how the system supports these services.
  • Page 34: Chapter

    System Operation and Configuration System Management Overview There are multiple ways to manage the system either locally or remotely using its out-of-band management interfaces. Figure 1: System Management Interfaces Management options include: • Local login through the Console port on the MIO/MIO2 card using an RS-232 Console connection (RJ45) directly or indirectly via a terminal server •...
  • Page 35: Terminology

    Universal PID license must be purchased and installed on the chassis for each installed UMIO and UDPC/UDPC2. Contact your Cisco account representative for additional licensing information. Throughout this guide, any reference to an MIO card or DPC is assumed to also refer to the UMIO and Important UDPC/UDPC2 respectively.
  • Page 36: Logical Interfaces

    System Operation and Configuration Logical Interfaces Logical Interfaces You must associate a port with a StarOS virtual circuit or tunnel called a logical interface before the port can allow the flow of user data.Within StarOS, a logical interface is a named interface associated with a virtual router instance that provides higher-layer protocol transport, such as Layer 3 IP addressing.
  • Page 37: Aaa Servers

    System Operation and Configuration Subscribers • Serving GPRS Support Node (SGSN) Services • Packet Data Serving Node (PDSN) services • Home Agent (HA) services • Layer 2 Tunneling Protocol Access Concentrator (LAC) services • Dynamic Host Control Protocol (DHCP) services •...
  • Page 38: Trusted Builds

    System Operation and Configuration Trusted Builds • Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber's user profile (containing attributes like those used by RADIUS-based subscribers) is configured within the context where they are created.
  • Page 39: How The System Selects Contexts

    System Operation and Configuration How the System Selects Contexts How the System Selects Contexts This section describes the process that determines which context to use for context-level administrative users or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many contexts and interfaces you need to configure.
  • Page 40: Asr 5500 System Administration Guide, Staros Release 21.4

    System Operation and Configuration Context Selection for Context-level Administrative User Sessions The following table and flowchart describe the process that the system uses to select an AAA context for a context-level administrative user. Items in the table correspond to the circled numbers in the flowchart. Figure 2: Context-level Administrative User AAA Context ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 41: Asr 5500 System Administration Guide, Staros Release 21.4

    System Operation and Configuration Context Selection for Context-level Administrative User Sessions Table 1: Context-level Administrative User AAA Context Selection Item Description During authentication, the system determines whether local authentication is enabled in the local context. If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in this table.
  • Page 42: Context Selection For Subscriber Sessions

    System Operation and Configuration Context Selection for Subscriber Sessions Context Selection for Subscriber Sessions The context selection process for a subscriber session is more involved than that for the administrative users. Subscriber session context selection information for specific products is located in the Administration Guide for the individual product.
  • Page 43: Understanding Configuration Files

    System Operation and Configuration Understanding Configuration Files The following steps describe the system's boot process: Step 1 When power is first applied to the chassis, or after a reboot, only the MIO/UMIO/MIO2s in slot 5 and slot 6 receive power. Step 2 During the startup process, the MIO/UMIO/MIO2 performs a series of power-on self tests (POSTs) to ensure that its hardware is operational.
  • Page 44: Asr 5500 System Administration Guide, Staros Release 21.4

    System Operation and Configuration Understanding Configuration Files Pipes ( | ), used with the grep and more keywords, can potentially cause errors in configuration file Important processing. Therefore, the system automatically ignores keywords with pipes during processing. Always save configuration files in UNIX format. Failure to do so can result in errors that prevent Important configuration file processing.
  • Page 45: Ip Address Notation

    System Operation and Configuration IP Address Notation IP Address Notation When configuring a port interface via the CLI you must enter an IP address. The CLI always accepts an IPv4 address, and in some cases accepts an IPv6 address as an alternative. For some configuration commands, the CLI also accepts CIDR notation.
  • Page 46: Alphanumeric Strings

    System Operation and Configuration Alphanumeric Strings CIDR notation is constructed from the IP address and the prefix size, the latter being the number of leading 1 bits of the routing prefix. The IP address is expressed according to the standards of IPv4 or IPv6. It is followed by a separator character, the slash (/) character, and the prefix size expressed as a decimal number.
  • Page 47: Asr 5500 System Administration Guide, Staros Release 21.4

    System Operation and Configuration Character Set • ! (exclamation point) [see exception below] • ( ) [parentheses] • % (percent) [see exception below] • # (pound sign) [see exception below] • ? (question mark) • ' (quotation mark – single) •...
  • Page 48: Quoted Strings

    System Operation and Configuration Quoted Strings Quoted Strings If descriptive text requires the use of spaces between words, the string must be entered within double quotation marks (" "). For example: interface "Rack 3 Chassis 1 port 5/2" ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 49: Asr 5500 Configuration

    C H A P T E R Getting Started • ASR 5500 Configuration, page 17 • Using the ASR 5500 Quick Setup Wizard, page 17 • Using the CLI for Initial Configuration, page 24 • Configuring System Administrative Users, page 26 •...
  • Page 50: The Quick Setup Wizard

    Getting Started The Quick Setup Wizard The Quick Setup Wizard The Quick Setup Wizard consists of a series of questions that prompt you for input before proceeding to the next question. Some prompts may be skipped depending on previous responses or whether a particular function is supported in the StarOS release.
  • Page 51: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started The Quick Setup Wizard Ques. Task Description/Notes Change chassis key value. A unique chassis key is configured at the factory for each system. This key is used to decrypt encrypted passwords found in generated configuration files. The system administrator can create a unique chassis key that will be used to encrypt passwords stored in configuration files.
  • Page 52: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started The Quick Setup Wizard Ques. Task Description/Notes 14, 17, Configure a single Management Input/Output Traffic on the management LAN is not transferred (MIO/UMIO/MIO2) out-of-band over the same media as user data and control management interface for out-of-band system signaling.
  • Page 53: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started The Quick Setup Wizard Ques. Task Description/Notes Enable FTP access to the system. File Transfer Protocol (FTP) uses TCP port number 21 by default, if enabled. Note: For maximum system security, do not enable FTP. Note: in release 20.0 and higher Trusted StarOS builds, FTP is not supported.
  • Page 54: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started The Quick Setup Wizard Once configuration using the wizard is complete, proceed to instructions on how to configure other system Important parameters. Figure 4: MIO Interfaces Console port [Port 3] USB port ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 55: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started The Quick Setup Wizard 10 GbE ports, DC-1 [Ports 10 – 19] 10 GbE ports, DC-2 [Ports 20 – 29] 1 GbE ports (1000Base-T) [Ports 1 and 2] Figure 5: MIO2 Interfaces 100 GbE ports, DC-1 [Ports 10 and 11] 10GbE ports, DC-1 [Ports 12 and 13] USB port Console port [Port 3]...
  • Page 56: Using The Cli For Initial Configuration

    Getting Started Using the CLI for Initial Configuration 1 GbE ports (1000Base-T) [Ports 1 and 2] 100 GbE ports, DC-2 [Ports 20 and 21] 10GbE ports, DC-2 [Ports 22 and 23] Using the CLI for Initial Configuration The initial configuration consists of the following: •...
  • Page 57: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started Using the CLI for Initial Configuration Step 5 Enter the following command to configure a hostname by which the system will be recognized on the network: host_name system hostname host_name [local] (config)# host_name is the name by which the system will be recognized on the network. The hostname is an alphanumeric string of 1 through 63 characters that is case sensitive.
  • Page 58: Configuring System Administrative Users

    Getting Started Configuring System Administrative Users Configuring System Administrative Users This section describes some of the security features that allow security administrators to control user accounts. Limiting the Number of Concurrent CLI Sessions Security administrators can limit the number of concurrent interactive CLI sessions. Limiting the number of concurrent interactive sessions reduces the consumption of system-wide resources.
  • Page 59: Configuring The System For Remote Access

    Getting Started Configuring the System for Remote Access Idle Timeout: allows a security administrator to specify the maximum amount of minutes that a session can remain in an idle state before the session is automatically disconnected. The session timeout and idle timeout fields are not exclusive. If both are specified, then the idle timeout Important should always be lower than the session timeout since a lower session timeout will always be reached first.
  • Page 60: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started Configuring the System for Remote Access Step 3 Configure the system to allow SSH access: host_name ssh generate key [ type { v1-rsa | v2-rsa | v2-dsa } ] [local] (config-ctx)# v2-rsa is the recommended key type. In StarOS 19.2 and higher, the v1-rsa keyword has been removed from and the v2-dsa keyword has been concealed within the Context Configuration mode ssh generate CLI command.
  • Page 61: Configuring Ssh Options

    Getting Started Configuring SSH Options Step 8 Verify the configuration of the IP routes by entering the following command: host_name show ip route [local] The CLI output should be similar to the sample output: "*" indicates the Best or Used route. Destination Nexthop Protocol...
  • Page 62: Ssh Host Keys

    Getting Started SSH Host Keys The v1-rsa keyword has been removed from the Exec mode show ssh key CLI command. SSH Host Keys SSH key-based authentication uses two keys, one "public" key that anyone is allowed to see, and another "private"...
  • Page 63: Specifying Ssh Encryption Ciphers

    Getting Started SSH Host Keys Specifying SSH Encryption Ciphers The SSH Configuration mode ciphers CLI command configures the cipher priority list in sshd for SSH symmetric encryption. It changes the cipher options for that context. Step 1 Enter the SSH Configuration mode. host_name server sshd [local]...
  • Page 64: Generating Ssh Keys

    Getting Started Authorized SSH User Access Generating SSH Keys The ssh generate command generates a public/private key pair which is to be used by the SSH server. The v1-rsa keyword has been removed from and the v2-dsa keyword concealed within the ssh generate CLI command.
  • Page 65: Authorizing Ssh User Access

    Getting Started SSH User Login Restrictions Authorizing SSH User Access The SSH Configuration mode authorized-key command grants user access to a context from a specified host. Step 1 Go to the SSH Configuration mode. server sshd [local]host_name(config-ctx)# [local]host_name(config-sshd)# Step 2 Specify administrative user access via the authorized-key command.
  • Page 66: Ssh User Login Authentication

    Getting Started SSH User Login Authentication Step 2 Go to the SSH Configuration mode. host_name server sshd [local] (config-ctx)# Step 3 Configure the SSH user list. host_name allowusers add user_list [local] (config-sshd)# user_list specifies a list of user name patterns, separated by spaces, as an alphanumeric string of 1 through 999 characters. If the pattern takes the form 'USER' then login is restricted for that user.
  • Page 67: Secure Session Logout

    45 seconds (using default parameters). Two SSH Configuration mode CLI commands allow you to disable or modify this default sshd disconnect behavior. For higher security, Cisco recommends at least a client-alive-countmax of 2 and client-alive-interval of Important 5.
  • Page 68: Ssh Client Login To External Servers

    Getting Started SSH Client Login to External Servers Step 3 Set the ClientAliveCountmax parameter to 2. host_name client-alive-countmax 2 [local] (config-sshd)# Step 4 Set the ClientAliveInterval parameter to 5 seconds. host_name client-alive-interval 5 [local] (config-sshd)# Step 5 Exit the SSH Configuration mode. host_name [local] (config-sshd)#...
  • Page 69: Setting Preferred Authentication Methods

    Getting Started SSH Client Login to External Servers • aes256-gcm@openssh.com – AES, 256-bit key size, GCM, OpenSSH • chacha20-poly1305@openssh.com – ChaCha20 symmetric cipher, Poly1305 cryptographic Message Authentication Code [MAC], OpenSSH The default string for algorithms in a Normal build is: aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com, blowfish-cbc,3des-cbc,aes128-cbc The default string for algorithms in a Trusted build is:...
  • Page 70: Generating Ssh Client Key Pair

    Getting Started SSH Client Login to External Servers Generating SSH Client Key Pair You use commands in the SSH Client Configuration mode to specify a private key and generate the SSH client key pair. Step 1 Enter the SSH client configuration mode. host_name client ssh [local]...
  • Page 71: Enabling Netconf

    An SSH key is a requirement before NETCONF protocol and the ConfD engine can be enabled in support of Cisco Network Service Orchestrator (NSO). Refer to the NETCONF and ConfD appendix in this guide for detailed information on how to enable NETCONF.
  • Page 72: Asr 5500 System Administration Guide, Staros Release 21.4

    Getting Started Configuring the Management Interface with a Second IP Address Step 7 Save your configuration as described in Verifying and Saving Your Configuration. ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 73: Asr 5500 System Administration Guide, Staros Release 21.4

    C H A P T E R System Settings This chapter provides instructions for configuring the following StarOS options. It is assumed that the procedures to initially configure the system as described in Getting Started have been completed. The commands used in the configuration examples in this section are the most likely-used commands Important and/or keyword options.
  • Page 74: Configuring A Second Management Interface

    System Settings Configuring a Second Management Interface Configuring a Second Management Interface Refer to Getting Started for instructions on configuring a system management interface on the Management Input/Output (MIO/UMIO/MIO2) card. This section provides described how to configure a second management interface.
  • Page 75: Configuring System Timing

    System Settings Configuring System Timing Verify that the port configuration settings are correct by entering the following command: show configuration port slot#/port# slot# is the chassis slot number of the line card where the physical port resides. slot# is either 5 or 6. port# is the number of the port (either 1 or 2).
  • Page 76: Verifying And Saving Your Clock And Time Zone Configuration

    System Settings Verifying and Saving Your Clock and Time Zone Configuration Verifying and Saving Your Clock and Time Zone Configuration Enter the following command to verify that you configured the time and time zone correctly: show clock The output displays the date, time, and time zone that you configured. Configuring Network Time Protocol Support This section provides information and instructions for configuring the system to enable the use of the Network Time Protocol (NTP).
  • Page 77: Configuring Ntp Servers With Local Sources

    System Settings Configuring NTP Servers with Local Sources Do not change the maxpoll, minpoll, or version keyword settings unless instructed to do so by Cisco Important TAC. Use the following example to configure the necessary NTP association parameters: configure enable...
  • Page 78: Verifying The Ntp Configuration

    System Settings Verifying the NTP Configuration Verifying the NTP Configuration Verify the NTP configuration is correct. Enter the following command at the Exec mode prompt: show ntp associations The output displays information about all NTP servers. See the output below for an example deploying two NTP servers.
  • Page 79: Configuring Sf Boot Configuration Pause

    System Settings Configuring SF Boot Configuration Pause Column Title Description delay Round-trip delay (in milliseconds) for messages exchanged between the system and the NTP server. offset Number of milliseconds by which the system clock must be adjusted to synchronize it with the NTP server. jitter Jitter in milliseconds between the system and the NTP server.
  • Page 80: Configuring Cli Confirmation Prompts

    System Settings Configuring CLI Confirmation Prompts The date and time appear immediately after you execute the command. Save the configuration as described in the Verifying and Saving Your Configuration chapter. Configuring CLI Confirmation Prompts A number of Exec mode and Global Configuration mode commands prompt users for a confirmation (Are you sure? [Yes|No]:) prior to executing the command.
  • Page 81: Requiring Confirmation For Specific Exec Mode Commands

    System Settings Requiring Confirmation for Specific Exec Mode Commands The following command sequence enables the commandguard feature: configure commandguard With commandguard enabled the confirmation prompt appears as shown in the example below: host_name configure [local] Are you sure? [Yes|No]: host_name [local] (config)# To disable commandguard once it has been enabled, use the no commandguard command.
  • Page 82: Configuring System Administrative Users

    System Settings Configuring System Administrative Users • You can turn off confirmation prompting for a specific category using no commandguard exec-command exec_mode_category. • If autoconfirm is overridden by commandguard exec-command for an Exec mode command, StarOS displays an informational message indicating why autoconfirm is being overridden when you attempt to execute the command.
  • Page 83: Configuring Context-Level Administrative Users

    System Settings Configuring Context-level Administrative Users If you attempt to create a user name that does not adhere to these standards, you will receive the following message: "Invalid character; legal characters are "0123456789.-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ". Configuring Context-level Administrative Users This user type is configured at the context-level and relies on the AAA subsystems for validating user names and passwords during login.
  • Page 84: Configuring Context-Level Administrators

    System Settings Configuring Context-level Administrative Users Configuring Context-level Administrators Use the example below to configure context-level configuration administrators: configure context local config-administrator user_name { [ encrypted ] [ nopassword ] password password } Notes: • Additional keyword options are available that identify active administrators or place time thresholds on the administrator.
  • Page 85: Configuring Li Administrators

    System Settings Configuring Context-level Administrative Users • Additional keyword options are available that identify active administrators or place time thresholds on the administrator. Refer to the Command Line Interface Reference for more information about the inspector command. • The nopassword option allows you to create an inspector without an associated password. Enable this option when using ssh public keys (authorized key command in SSH Configuration mode) as a sole means of authentication.
  • Page 86: Verifying Context-Level Administrative User Configuration

    For a detailed description of the Global Configuration mode require segregated li-configuration and associated commands, see the Lawful Intercept CLI Commands appendix in the Lawful Intercept Configuration Guide. The Lawful Intercept Configuration Guide is not available on www.cisco.com. Contact your Cisco account Note representative to obtain a copy of this guide.
  • Page 87: Configuring Local-User Administrative Users

    System Settings Configuring Local-User Administrative Users This command displays all of the configuration parameters you modified within the Local context during this session. The following displays sample output for this command. In this example, a security administrator named testadmin was configured. config context local interface mgmt1...
  • Page 88: Updating Local-User Database

    System Settings Configuring Local-User Administrative Users Password Expired: Locked: Suspended: Lockout on Pw Aging: Lockout on Login Fail: Yes Updating Local-User Database Update the local-user (administrative) configuration by running the following Exec mode command. This command should be run immediately after creating, removing or editing administrative users. update local-user database Updating and Downgrading the local-user Database Prior to release 20.0, local-user passwords were hashed with the MD5 message digest-algorithm and saved...
  • Page 89: Provisioning Lawful Intercept

    StarOS services that support Lawful Intercept. This guide is not available on www.cisco.com. It can only be obtained by contacting your Cisco account representative.
  • Page 90: Restricting User Access To A Specified Root Directory

    System Settings Restricting User Access to a Specified Root Directory re-configured any other type of LI context system. Refer to the Lawful Intercept Configuration Guide before attempting to create a Dedicated-LI context. Figure 6: LI Context Configurations In Release 21.4 and higher (Trusted builds only): •...
  • Page 91: Configuring An Sftp Root Directory

    System Settings Restricting User Access to a Specified Root Directory Configuring an SFTP root Directory The subsystem sftp command allows the assignment of an SFTP root directory and associated access privilege level. configure context local server sshd subsystem sftp [ name sftp_name root-dir pathname mode { read-only | readwrite } ] Notes: •...
  • Page 92: Configuring Tacacs+ For System Administrative Users

    System Settings Configuring TACACS+ for System Administrative Users Configuring TACACS+ for System Administrative Users This section describes TACACS+ (Terminal Access Controller Access Control System+) AAA (Authentication Authorization and Accounting) service functionality and configuration on the ASR 5500. Operation TACACS+ is a secure, encrypted protocol. By remotely accessing TACACS+ servers that are provisioned with the administrative user account database, the ASR 5500 system can provide TACACS+ AAA services for system administrative users.
  • Page 93: User Account Requirements

    System Settings User Account Requirements For releases after 15.0 MR4, TACACS+ accounting (CLI event logging) will not be generated for Lawful Important Intercept users with privilege level set to 15 and 13. User Account Requirements Before configuring TACACS+ AAA services, note the following TACACS+ server and StarOS user account provisioning requirements.
  • Page 94: Configuring Tacacs+ Aaa Services

    System Settings Configuring TACACS+ AAA Services For instructions on defining users and administrative privileges on the system, refer to Configuring System Important Administrative Users. Configuring TACACS+ AAA Services This section provides an example of how to configure TACACS+ AAA services for administrative users on the system.
  • Page 95: Configuring Tacacs+ For Non-Local Vpn Authentication

    System Settings Configuring TACACS+ for Non-local VPN Authentication Configuring TACACS+ for Non-local VPN Authentication By default TACACS+ authentication is associated with login to the local context. TACACS+ authentication can also be configured for non-local context VPN logins. TACACS+ must configured and enabled with the option described below.
  • Page 96: Separating Authentication Methods

    System Settings Separating Authentication Methods For details on all TACACS+ maintenance commands, refer to the Command Line Interface Reference. Important Separating Authentication Methods You can configure separate authentication methods for accessing the Console port and establishing SSH/telnet sessions (vty lines). If you configure TACACS+ globally, access to the Console and vty lines are both authenticated using that method.
  • Page 97: Disable Tacacs+ Authentication At The Context Level

    System Settings Disable TACACS+ Authentication at the Context Level Since local-user authentication is always performed before AAA-based authentication and local-user allow-aaa-authentication noconsole is enabled, the behavior is the same as if no local-user allow-aaa-authentication is configured. There is no impact on vty lines. Important This command does not apply for a Trusted build because the local-used database is unavailable.
  • Page 98: Limit Console Access For Aaa-Based Users

    System Settings Limit Console Access for AAA-based Users This command does not apply for a Trusted build because the local-used database is unavailable. Important Limit Console Access for AAA-based Users AAA-based users normally login through on a vty line. However, you may want to limit a few users to accessing just the Console line.
  • Page 99: Configuring A New Chassis Key Value

    System Settings Configuring a New Chassis Key Value The chassis key is used to generate the chassis ID which is stored in a file and used as the master key for protecting sensitive data (such as passwords and secrets) in configuration files For release 15.0 and higher, the chassis ID is an SHA256 hash of the chassis key.
  • Page 100: Quick Setup Wizard

    System Settings Configuring MIO/UMIO/MIO2 Port Redundancy However, if the chassis key is reset in Release 15 through the Quick Setup Wizard or CLI command, a new chassis ID will be generated in Release 15 format (44 instead of 16 characters). Release14 builds will not recognize the 44-character chassis ID.
  • Page 101: Asr 5500 System Administration Guide, Staros Release 21.4

    System Settings Configuring MIO/UMIO/MIO2 Port Redundancy With port redundancy, if a failover occurs, only the specific port(s) become active. For example; if port 5/1 fails, then port 6/1 becomes active, while all other active ports on the line card in slot 5 remain in the same active state.
  • Page 102: Asr 5500 System Administration Guide, Staros Release 21.4

    System Settings Configuring MIO/UMIO/MIO2 Port Redundancy This feature requires specific network topologies to work properly. The network must have redundant switching components or other devices that the system is connected to. The following diagrams show examples of a redundant switching topologies and how the system reacts to various external network device scenarios. Figure 7: Network Topology Example Using MIO/UMIO Port Redundancy Figure 8: Port Redundancy Failover in Cable Defect Scenario In the example above, an Ethernet cable is cut or unplugged, causing the link to go down.
  • Page 103: Configuring Mio/Umio/Mio2 Port Redundancy Auto-Recovery

    System Settings Configuring MIO/UMIO/MIO2 Port Redundancy Auto-Recovery the port on the secondary switch to which the MIO/UMIO/MIO2 in slot 6 is connected, allowing it to redirect and transport data. Figure 9: Port Redundancy Failover in External Network Device Failure Scenario In the example above, a switch failure causes a link down state on all ports connected to that switch.
  • Page 104: Verifying Port Redundancy Auto-Recovery

    System Settings Configuring Data Processing Card Availability Verifying Port Redundancy Auto-Recovery Verify port information by entering the following command show port info slot#/port# slot# is the chassis slot number of the MIO/UMIO/MIO2 card on which the physical port resides. port# is the physical port on the MIO/UMIO/MIO2. The following shows a sample output of this command for port 1 on the MIO/UMIO/MIO2 in slot 5: host_name [local]...
  • Page 105: Verifying Card Configurations

    System Settings Verifying Card Configurations Notes: • When activating cards, remember to keep at least one DPC/UDPC or DPC2/UDPC2 in standby mode for redundancy. • Repeat for every other DPC/UDPC or DPC2/UDPC2 in the chassis that you wish to activate. Save the configuration as described in the Verifying and Saving Your Configuration chapter.
  • Page 106: Lag And Master Port

    System Settings LAG and Master Port LAG and Master Port Logical port configurations (VLAN and binding) are defined in the master port of the LAG. If the master port is removed because of a card removal/failure, another member port becomes the master port (resulting in VPN binding change and outage), unless there is a redundant master port available.
  • Page 107: Multiple Switches With L2 Redundancy

    System Settings LAG and Multiple Switches Multiple Switches with L2 Redundancy To handle the implementation of LACP without requiring standby ports to pass LACP packets, two separate instances of LACP are started on redundant cards. The two LACP instances and port link state are monitored to determine whether to initiate an auto-switch (including automatic L2 port switch).
  • Page 108: Preferred Slot

    System Settings Link Aggregation Control The LAG manager also enters/extends the hold period when an administrator manually switches ports to trigger a card switch. Preferred Slot You can define which card is preferred per LAG group as a preferred slot. When a preferred MIO/UMIO/MIO2 slot is specified, it is selected for the initial timeout period to make the selection of a switch less random.
  • Page 109: Minimum Links

    System Settings Minimum Links The VPN can only bind the master port, and a VLAN can only be created on the master port. A failure Important message is generated if you attempt to bind to a link aggregation member port. Each system that participates in link aggregation has a unique system ID that consists of a two-byte priority (where the lowest number [0] has the highest priority) and a six-byte MAC address derived from the first port's MAC address.
  • Page 110: Redundancy Options

    System Settings Redundancy Options link-aggreagation master ( global | group } number min-link number_links Redundancy Options For L2 redundancy set the following option on the master port for use with the whole group: link-aggregation redundancy standard [hold-time sec ] [preferred slot { card_number | none } Standard redundancy treats all cards in the group as one group.
  • Page 111: Faster Data Plane Convergence

    System Settings Faster Data Plane Convergence In the above configuration, there is a single, primary LAG. All ports work as a single bundle of ports that distribute the traffic. If you use the Ethernet Port Configuration mode shutdown command to shut down one of the ports on Important an MIO/UMIO/MIO2 card in this LAG configuration, by default the paired port on the other MIO/UMIO/MIO2 card will also be shut down.
  • Page 112: Chapter

    System Settings Link Aggregation Status Active-Active LAG groups must be configured, along with aggressive microBFD timers (such as 150*3). Important During MIO card recovery BGP Sessions might flap based on the configuration. To avoid traffic loss during these events, BGP graceful restart must be configured with proper hold/keepalive and restart timers. See the description of the bgp graceful-restart command in the BGP Configuration Mode Commands chapter of the Command Line Interface Reference.
  • Page 113: Mio Demux Restrictions

    Caution Enabling the Demux on MIO/UMIO/MIO2 feature changes resource allocations within the system. This directly impacts an upgrade or downgrade between StarOS versions in ICSR configurations. Contact Cisco TAC for procedural assistance prior to upgrading or downgrading your ICSR deployment.
  • Page 114: Configuration

    System Settings Configuration Contact Cisco TAC for additional assistance when assessing the impact to system configurations when Important enabling the Demux on MIO/UMIO/MIO2 feature. Configuration For releases prior to 15.0, to configure a DPC/UDPC as a demux card enter the following CLI commands:...
  • Page 115: Chapter

    C H A P T E R Config Mode Lock Mechanisms This chapter describes how administrative lock mechanisms operate within StarOS configuration mode. It contains the following sections: • Overview of Config Mode Locking, page 83 • Requesting an Exclusive-Lock, page 84 •...
  • Page 116: Requesting An Exclusive-Lock

    Config Mode Lock Mechanisms Requesting an Exclusive-Lock A shutdown-lock is enabled during a save configuration operation to prevent other users from reloading or shutting down the system while the configuration is being saved. Config mode locking mechanisms such as shared-lock, exclusive-lock and shutdown-lock mitigate the possibility of conflicting commands, file corruption and reboot issues.
  • Page 117: Effect Of Config Lock On Url Scripts

    Config Mode Lock Mechanisms Effect of Config Lock on URL Scripts A configure lock force command may not be successful because there is a very small chance that another administrator may be in the middle of entering a password or performing a critical system operation that cannot be interrupted.
  • Page 118: Saving A Configuration File

    Config Mode Lock Mechanisms Saving a Configuration File Saving a Configuration File Saving a partial or incomplete configuration file can cause StarOS to become unstable when the saved configuration is loaded at a later time. StarOS inhibits the user from saving a configuration which is in the process of being modified.
  • Page 119: Show Administrators Command

    Config Mode Lock Mechanisms show administrators Command Broadcast message from root (pts/2) Wed May 11 16:08:16 2016... The system is going down for reboot NOW !! Caution Employing the ignore-locks keyword when rebooting the system may corrupt the configuration file. show administrators Command The Exec mode show administrators command has a single-character "M"...
  • Page 120: Asr 5500 System Administration Guide, Staros Release 21.4

    Config Mode Lock Mechanisms show administrators Command ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 121: Management Settings

    C H A P T E R Management Settings This chapter provides instructions for configuring Object Request Broker Element Management (ORBEM) and Simple Network Management Protocol (SNMP) options. This chapter includes the following sections: • ORBEM, page 89 • SNMP MIB Browser, page 91 •...
  • Page 122: Configuring Orbem Client And Port Parameters

    Management Settings Configuring ORBEM Client and Port Parameters To configure the system to communicate with an EMS: Step 1 Set client ID parameters and configure the STOP/TCP port settings by applying the example configuration in Configuring ORBEM Client and Port Parameters, on page 90 Step 2 Configure Internet Inter-ORB Protocol (IIOP) transport parameters by applying the example configuration in Configuring...
  • Page 123: Verifying Orbem Parameters

    : 87950 usecs SNMP MIB Browser This section provides instructions to access the latest Cisco Starent MIB files using a MIB Browser. An updated MIB file accompanies every StarOS release. For assistance to set up an account and access files, please contact your Cisco sales or service representative for additional information.
  • Page 124: Asr 5500 System Administration Guide, Staros Release 21.4

    Use the following procedure to view the SNMP MIBs for a specific StarOS build : Step 1 Contact Cisco sales or a service representative, to obtain access to the MIB files for a specific StarOS release. Step 2 Download the compressed companion file to a folder on your desktop. The file name follows the convention: companion_xx.x.x.tgz...
  • Page 125: Asr 5500 System Administration Guide, Staros Release 21.4

    Management Settings SNMP MIB Browser In the example below the MIB Browser presents a tree diagram that allows you to display details for each Object, Trap and Conformance. The example below includes the OID number and trap details for the starCardPACMigrateFailed trap. The SNMP MIB browser allows you to search for specific MIBs.
  • Page 126: Snmp Support

    Management Settings SNMP Support SNMP Support The system uses the SNMP to send traps or events to the EMS server or an alarm server on the network. You must configure SNMP settings to communicate with those devices. Commands used in the configuration samples in this section provide base functionality. The most common Important commands and keyword options are presented.
  • Page 127: Verifying Snmp Parameters

    • The snmp user name is for SNMP v3 and is optional. There are numerous keyword options associated with this command. • Use the snmp mib command to enable other industry standard and Cisco MIBs. By default only the STARENT-MIB is enabled.
  • Page 128: Controlling Snmp Trap Generation

    Management Settings Controlling SNMP Trap Generation CISCO-PROCESS-MIB : Disabled CISCO-ENTITY-FRU-CONTROL-MIB : Disabled Step 2 Verify that the SNMP community(ies) were configured properly by entering the following command: show snmp communities The output of this command lists the configured SNMP communities and their corresponding access levels.
  • Page 129: Verifying And Saving Your Configuration

    C H A P T E R Verifying and Saving Your Configuration This chapter describes how to save your system configuration. • Verifying the Configuration, page 97 • Synchronizing File Systems, page 99 • Saving the Configuration, page 99 Verifying the Configuration You can use a number of commands to verify the configuration of your feature, service, or system.
  • Page 130: Chapter

    Verifying and Saving Your Configuration Service Configuration To configure features on the system, use the show commands specifically for these features. Refer to the Important Exec Mode show Commands chapter in the Command Line Interface Reference for complete information. Service Configuration Verify that your service was created and configured properly by entering the following command: show service_type service_name The output is a concise listing of the service parameter settings similar to the sample displayed below.
  • Page 131: Synchronizing File Systems

    Verifying and Saving Your Configuration Synchronizing File Systems You must refine this command to specify particular sections of the configuration. Add the section keyword and choose a section from the help menu as shown in the examples below. show configuration errors section ggsn-service show configuration errors section aaa-config If the configuration contains no errors, an output similar to the following is displayed: ##############################################################################...
  • Page 132: Asr 5500 System Administration Guide, Staros Release 21.4

    Verifying and Saving Your Configuration Saving the Configuration The obsolete-encryption and showsecrets keywords have been removed from the save configuration Important command in StarOS 19.2 and higher. If you run a script or configuration that contains the removed keyword, a warning message is generated. For complete information about the above command, see the Exec Mode Commands chapter of the Command Line Interface Reference.
  • Page 133: System Interfaces And Ports

    C H A P T E R System Interfaces and Ports This chapter describes how to create a context and configure system interfaces and ports within the context. Before beginning these procedures, refer to your product-specific administration guide for configuration information for your product.
  • Page 134: Viewing And Verifying Contexts

    System Interfaces and Ports Viewing and Verifying Contexts Viewing and Verifying Contexts Step 1 Verify that your contexts were successfully created by entering the following command: host_name show context all [local] The output is a two-column table similar to the example below. This example shows that two contexts were created: one named source and one named destination.
  • Page 135: Creating An Interface

    System Interfaces and Ports Creating an Interface Creating an Interface Use the following example to create a new interface in a context: configure context name interface name { ip | ipv6 } address address subnetmask secondary Notes: • Optional: Add the loopback keyword option to the interface name command, to set the interface type as "loopback"...
  • Page 136: Viewing And Verifying Port Configuration

    System Interfaces and Ports Viewing and Verifying Port Configuration { ip | ipv6 } route ip_address netmask next-hop gw_address interface_name Notes: • ip_address and netmask are the IP address and subnet mask of the target network. This IP address can be entered using IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
  • Page 137: Vlans

    System Interfaces and Ports VLANs bind interface rp1 source #end Step 3 Verify that your static route(s) was configured properly by entering the following command: context_name host_name show ip static-route Example: This command produces an output similar to that displayed in the following example that shows a static route to a gateway with an IP address of 192.168.250.1.
  • Page 138: Asr 5500 System Administration Guide, Staros Release 21.4

    System Interfaces and Ports VLANs and Management Ports This feature is implemented by adding support for the vlan command to the management port in the local context. See the example command sequence below. configure port ethernet 1/1 vlan 184 no shutdown bind interface 19/3-UHA foo ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 139: System Security

    C H A P T E R System Security This chapter describes the StarOS security features. This chapter explores the following topics: • Per-Chassis Key Identifier, page 107 • Protection of Passwords, page 108 • Support for ICSR Configurations, page 110 •...
  • Page 140: Mio Synchronization

    System Security MIO Synchronization Changing a chassis key may invalidate previously generated configurations. This is because any secret Important portions of the earlier generated configuration will have used a different encryption key. For this reason the configuration needs to be recreated and restored. To make password configuration easier for administrators, the chassis key should be set during the initial Important chassis set-up.
  • Page 141: Secure Password Encryption

    System Security Secure Password Encryption Secure Password Encryption By default for StarOS releases prior to 21.0 the system encrypts passwords using an MD5-based cipher (option A). These passwords also have a random 64-bit (8-byte) salt added to the password. The chassis key is used as the encryption key.
  • Page 142: Support For Icsr Configurations

    System Security Support for ICSR Configurations • Change the chassis key to the new desired value. • Save the configuration with this new chassis key. Refer to Configuring a Chassis Key in System Settings for additional information. Support for ICSR Configurations Inter-Chassis Session Recovery (ICSR) is a redundancy configuration that employs two identically configured ASR 5500 chassis/instances as a redundant pair.
  • Page 143: Modifying Intercepts

    System Security Modifying Intercepts If no information related to LI server addresses is received for that subscriber, LI server addresses will not be restricted. A maximum of five LI server addresses are supported via an authenticating agent. Important The ability to restrict destination addresses for LI content and event delivery using RADIUS attributes is Important supported only for PDSN and HA gateways.
  • Page 144: User Access To Operating System Shell

    CLI test-commands are intended for diagnostic use only. Access to these commands is not required during normal system operation. These commands are intended for use by Cisco TAC personnel only. Some of these commands can slow system performance, drop subscribers, and/or render the system inoperable.
  • Page 145: Exec Mode Cli Test-Commands

    System Security Exec Mode cli test-commands This command sequence is shown below. host_name config [local] host_name tech-support test-commands password new_password [ old-password [local] (config)# old_password ] host_name [local] (config)# If the new password replaces an existing password, you must enter the old password for the change to be accepted.
  • Page 146: Asr 5500 System Administration Guide, Staros Release 21.4

    System Security Configuration Mode cli test-commands An SNMP trap (starTestModeEntered) is generated whenever a user enters CLI test-commands mode. Important ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 147: Secure System Configuration File

    C H A P T E R Secure System Configuration File • Feature Summary and Revision History, page 115 • Feature Description, page 116 • How System Configuration Files are Secured, page 116 • Configuring Signature Verification, page 117 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area...
  • Page 148: Feature Description

    Secure System Configuration File Feature Description Revision History Revision Details Release First Introduced. 21.3 Feature Description A system configuration file contains crucial configuration information used to setup and operate the operator's network. The configuration file must be properly authenticated before it is loaded to avoid unauthorized changes to the file that could harm the network.
  • Page 149: Validate The Digital Signature

    Secure System Configuration File Validate the Digital Signature Generating the Public and Private Keys The RSA public key is stored in PEM format (.pem file), and can be generated using one of the following OpenSSL commands in the example below: openssl rsa -in pri_key.pem - pubout -out pub_key.pem –-or-- openssl rsa -in pri_key.pem -RSAPublicKey_out -out pub_key.pem...
  • Page 150: Enable Or Disable Signature Verification

    Secure System Configuration File Enable or Disable Signature Verification tftp://host[:port][/<directory>]/filename ftp://[username[:password]@]host[:port][/directory]/filename sftp://[username[:password]@]host[:port][/directory]/filename http://[username[:password]@]host[:port][/directory]/filename https://[username[:password]@]host[:port][/directory]/filename Enable or Disable Signature Verification Use the following command to enable (or disable) signature verification in the configuration file: Important This command can only be executed from the console. [ no ] cfg-security sign Notes: •...
  • Page 151: Software Management Operations

    C H A P T E R Software Management Operations This chapter provides information about software management operations on the system. • Understanding the Local File System, page 119 • Maintaining the Local File System, page 120 • Configuring the Boot Stack, page 125 •...
  • Page 152: Understanding The Boot.sys File

    Software Management Operations Understanding the boot.sys File • CLI Configuration File: This file type is identified by its .cfg extension. These are text files that contain CLI commands that work in conjunction with the operating system software image. These files determine services to be provided, hardware and software configurations, and other functions performed by the system.
  • Page 153: Synchronizing The File System

    Software Management Operations File System Management Commands For complete information on the commands listed below, see the Exec Mode Commands chapter of the Important Command Line Interface Reference. Synchronizing the File System Commands are supported for mirroring the local file systems from the active MIO/UMIO/MIO2 to the standby MIO/UMIO/MIO2 in systems containing two cards.
  • Page 154: Copying Files

    Software Management Operations File System Management Commands Copying Files These instructions assume that you are at the root prompt for the Exec mode. To save your current configuration, enter the following command: host_name copy from_url to_url [-noconfirm] [local] To copy a configuration file called system.cfg from a directory that was called cfgfiles to a directory named configs_old, enter the following command: host_name copy /flash/cfgfiles/system.cfg /flash/configs_old/system_2011.cfg...
  • Page 155: Applying Pre-Existing Cli Configuration Files

    Software Management Operations Applying Pre-existing CLI Configuration Files Local devices that have been formatted using other methods such as NTFS or FAT32 may be used to store Important various operating system, CLI configuration, and crash log files. However, when placing a new local device into the MIO/UMIO/MIO2 for regular use, you should format the device via the system prior to use.
  • Page 156: Viewing Cli Configuration And Boot.sys Files

    Software Management Operations Viewing Files on the Local File System Viewing CLI Configuration and boot.sys Files The contents of CLI configuration and boot.sys files, contained on the local file system, can be viewed off-line (without loading them into the OS) by entering the following command at the Exec mode prompt: host_name show file url { /flash | /usb1 | /hd-raid } filename [local]...
  • Page 157: Configuring The Boot Stack

    Software Management Operations Configuring the Boot Stack Configuring the Boot Stack The boot stack consists of a prioritized listing of operating system software image-to-CLI configuration file associations. These associations determine the software image and configuration file that gets loaded during system startup or upon a reload/reboot.
  • Page 158: Asr 5500 System Administration Guide, Staros Release 21.4

    Software Management Operations Viewing the Current Boot Stack The StarOS image filename scheme changed with release 16.1. Pre-16.1, format = "production.image.bin". Important For 16.1 onwards, format = "asr5500-image_number.bin". This change is reflected in the examples provided below. Example 1 – StarOS releases prior to 16.1: boot system priority 18 \ image /flash/15-0-builds/production.45666.bin \ config /flash/general_config.cfg...
  • Page 159: Adding A New Boot Stack Entry

    Software Management Operations Adding a New Boot Stack Entry Adding a New Boot Stack Entry Important Before performing this procedure, verify that there are less than 10 entries in the boot.sys file and that a higher priority entry is available (i.e. that minimally there is no priority 1 entry in the boot stack). Refer to Viewing the Current Boot Stack for more information.
  • Page 160: Configuring The Boot Network

    Software Management Operations Network Booting Configuration Requirements This procedure details how to configure the boot interface for reliable communications with your network server. Make sure you are at the Exec mode prompt. Step 1 Enter the Global Configuration mode by entering the following command: host_name configure [local]...
  • Page 161: Configuring Boot Network Delay Time

    Software Management Operations Upgrading the Operating System Software The next example uses static IP addresses for MIO/UMIO/MIO2 in slot 5, which can access the external network server through a gateway whose IP address is 135.212.10.2. host_name boot networkconfig static ip address mio5 192.168.206.101 netmask 255.255.255.0 [local] (config)# gateway 135.212.10.2...
  • Page 162: Verify Free Space On The /Flash Device

    [local] Download the Software Image from the Support Site Access to the Cisco support site and download facility is username and password controlled. You must have an active customer account to access the site and download the StarOS image. Download the software image to a network location or physical device (USB stick) from which it can be uploaded to the /flash device.
  • Page 163: Transfer Staros Image To /Flash

    Software Management Operations Transfer StarOS Image to /flash Transfer StarOS Image to /flash Transfer the new operating system image file to the /flash directory on the MIO/UMIO/MIO2 using one of the following methods: • Copy the file from a network location or local device plugged in into the MIO/UMIO/MIO2 by entering the following command: host_name copy from_url to_url [ -noconfirm ]...
  • Page 164: Downgrading From Release 20.0

    Software Management Operations Downgrading from Release 20.0 Downgrading from Release 20.0 Prior to release 20.0, local-user passwords were hashed with the MD5 message digest-algorithm and saved in the database. In release 20. 0, PBKDF2 (Password Based Key Derivation Function - Version 2) is now used to derive a key of given length, based on entered data, salt and number of iterations.
  • Page 165: Configure A Message Of The Day Banner

    Software Management Operations Off-line Software Upgrade Newcall policies are created on a per-service basis. If you have multiple services running on the chassis, Important you can configure multiple newcall policies. The syntax for newcall policies is described below: host_name newcall policy { asngw-service | asnpc-service | sgsn-service } { all | name [local] service_name } reject host_name...
  • Page 166: Synchronize File Systems

    Software Management Operations Off-line Software Upgrade Assign the next highest priority to this entry, by using the <N-1> method, wherein you assign a priority number that is one number less than your current highest priority. Run the Exec mode show boot command to verify that there are less than 10 entries in the boot.sys file Important and that a higher priority entry is available (minimally there is no priority 1 entry in the boot stack).
  • Page 167: Verify The Running Software Version

    Software Management Operations Verify the Running Software Version Verify the Running Software Version After the system has successfully booted, verify that the new StarOS version is running by executing the Exec mode show version command. host_name show version [local You can run the Exec mode show build command to display additional information about the running StarOS build release.
  • Page 168: New System License Keys

    Software Management Operations New System License Keys New System License Keys New systems are delivered with no license keys installed. In most cases, you receive the license key in electronic format (usually through e-mail). When a system boots with no license key installed a default set of restricted session use and feature licenses is installed.
  • Page 169: Adding License Keys To Configuration Files

    Software Management Operations Installing New License Keys LSP=000000|LSH=000000|LSG=500000|LSL=500000\|FIS=Y|FR4=Y|FPP=Y|FCS=Y|FTC=Y|FMG=Y| FCR=Y|FSR=Y|FPM=Y|FID=Y|SIG=MCwCF\Esnq6Bs/ XdmyfLe7rHcD4sVP2bzAhQ3IeHDoyyd6388jHsHD99sg36SG267gshssja77 Step 2 Verify that the license key just entered was accepted by entering the following command at the Exec mode prompt: host_name show license key [local] The new license key should be displayed. If it is not, return to the Global configuration mode and re-enter the key using the license key command.
  • Page 170: License Expiration Behavior

    Requesting License Keys License keys for the system can be obtained through your Cisco account representative. Specific information is required before a license key may be generated: • Sales Order or Purchase Order information • Desired session capacity •...
  • Page 171: Management Card Replacement And License Keys

    Software Management Operations Management Card Replacement and License Keys Management Card Replacement and License Keys License keys are stored on a midplane EEPROM in the ASR 5500 chassis. The MIO/UMIO/MIO2s share these license keys. There is no need to swap memory cards into replacement MIO/UMIO/MIO2s. Managing Local-User Administrative Accounts Unlike context-level administrative accounts which are configured via a configuration file, information for local-user administrative accounts is maintained in a separate file in flash memory and managed through the...
  • Page 172: Local-User Account Suspensions

    Software Management Operations Changing Local-User Passwords • Password Aging: The configured maximum password age has been reached. Refer to the local-user password command in the Global Configuration Mode Commands chapter of the Command Line Interface Reference for details. Accounts that are locked out are inaccessible to the user until either the configured lockout time is reached (refer to the local-user lockout-time command in the Global Configuration Mode Commands chapter of the Command Line Interface Reference) or a security administrator clears the lockout (refer to the clear local-user command in the Exec Mode Commands chapter of the Command Line Interface Reference).
  • Page 173: Smart Licensing

    C H A P T E R Smart Licensing • Feature Summary and Revision History, page 141 • Smart Software Licensing, page 142 • Configuring Smart Licensing, page 145 • Monitoring and Troubleshooting Smart Licensing, page 146 Feature Summary and Revision History Summary Data Applicable Product(s) or Functional Area...
  • Page 174: Smart Software Licensing

    Licensing consists of software activation by installing Product Activation Keys (PAK) on to the Cisco product. A Product Activation Key is a purchasable item, ordered in the same manner as other Cisco equipment and used to obtain license files for feature set on Cisco Products. Smart Software Licensing is a cloud based licensing of the end-to-end platform through the use of a few tools that authorize and deliver license reporting.
  • Page 175: Cisco Smart Software Manager

    Request a Cisco Smart Account A Cisco Smart Account is an account where all products enabled for Smart Licensing are deposited. A Cisco Smart Account allows you to manage and activate your licenses to devices, monitor license use, and track Cisco license purchases.
  • Page 176: Software Tags And Entitlement Tags

    Software Tags Software tags uniquely identify each licenseable software product or product suite on a device. The following software tags exist for the StarOS. Product Type / Description Software Tag ASR5500 regid.2017-02.com.cisco.ASR5500,1.0_401f2e9e-67fd -4131-b61d-6e229d13a338 ASR-5500 Multimedia Core Platform VPC_SI regid.2017-02.com.cisco.VPC_SI,1.0_dcb12293-10c0 -4e90-b35e-b10a9f8bfac1...
  • Page 177: Configuring Smart Licensing

    Before you begin, ensure you have: • created a Smart Licensing/Virtual account on https://software.cisco.com • registered products on https://software.cisco.com using the ID tokens created as part of virtual account. • enabled a communication path between the StarOS system to the CSSM server.
  • Page 178: Monitoring And Troubleshooting Smart Licensing

    Smart Licensing Monitoring and Troubleshooting Smart Licensing Handling Out of Compliance If there are not enough licenses in the virtual account for a given SKU, CSSM sends Out Of Compliance (OOC) message to the device, in response to authorization request. The system stops allowing additional sessions until the OOC state is cleared.
  • Page 179: Asr 5500 System Administration Guide, Staros Release 21.4

    • max_call_count – Maximum number of sessions/calls counted for the entire product for a particular service type. • last_lic_count – License count last reported to Cisco licensing (CSSM) for particular service type. • max_lic_count – Maximum license count reported to Cisco licensing (CSSM) for particular service type up to this point in time.
  • Page 180: Asr 5500 System Administration Guide, Staros Release 21.4

    Smart Licensing Smart Licensing Bulk Statistics ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 181: Monitoring The System

    C H A P T E R Monitoring the System This chapter provides information for monitoring system status and performance using the show commands found in the Command Line Interface (CLI). These command have many related keywords that allow them to provide useful information on all aspects of the system ranging from current software configuration through call activity and status.
  • Page 182: Asr 5500 System Administration Guide, Staros Release 21.4

    Monitoring the System Monitoring System Status and Performance Table 7: System Status and Performance Monitoring Commands To do this: Enter this command: View Administrative Information Display Current Administrative User Access View a list of all administrative users currently logged on the system show administrators View the context in which the administrative user is working, the IP address show administrators session id...
  • Page 183: Monitoring Asr 5500 Hardware Status

    Monitoring the System Monitoring ASR 5500 Hardware Status To do this: Enter this command: View information about system components, storage devices and network show hardware interfaces View Card Information and Statistics View diagnostics for all cards or for a card in a specific slot/port; (for VPC, show card diag slot/port slot = VM) View detailed information for all cards or a card in a specific slot/port (for...
  • Page 184: Asr 5500 System Administration Guide, Staros Release 21.4

    Monitoring the System Monitoring ASR 5500 Hardware Status Table 8: Hardware Monitoring Commands To do this: Enter this command: View the Status of the Power System View the status of the PFUs show power chassis View the power status of the individual chassis slots show power all View the Status of the Fan Trays View the status of the fan trays, including current relative speeds and...
  • Page 185: Clearing Statistics And Counters

    Monitoring the System Clearing Statistics and Counters Clearing Statistics and Counters It may be necessary to periodically clear statistics and counters in order to gather new information. The system provides the ability to clear statistics and counters based on their grouping (PPP, MIPHA, MIPFA, etc.). Statistics and counters can be cleared using the CLI clear command.
  • Page 186: Asr 5500 System Administration Guide, Staros Release 21.4

    Monitoring the System Clearing Statistics and Counters ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 187: Bulk Statistics

    C H A P T E R Bulk Statistics This chapter provides configuration information for: • Feature Summary and Revision History, page 155 • Configuring Communication with the Collection Server, page 156 • Viewing Collected Bulk Statistics Data, page 160 •...
  • Page 188: Configuring Communication With The Collection Server

    Bulk Statistics Configuring Communication with the Collection Server Related Documentation • ASR 5500 System Administration Guide • Command Line Interface Reference • VPC-DI System Administration Guide • VPC-SI System Administration Guide Revision History Revision history details are not provided for features introduced before releases 21.2 and N5.5. Note Revision Details Release...
  • Page 189: Configuring Optional Settings

    Bulk Statistics Configuring Optional Settings sample-interval time_interval transfer-interval xmit_time_interval limit mem_limit exit bulkstats collection Configuring Optional Settings This section describes optional commands that can be used within the Bulk Statistics Configuration mode. Specifically, you can configure bulk statistic "files" under which to group the bulk statistics. "Files" are used to group bulk statistic schema, delivery options, and receiver configuration.
  • Page 190: Configuring A Separate Bulkstats Config File

    Bulk Statistics Configuring a Separate Bulkstats Config File Configuring a Separate Bulkstats Config File You can configure a separate destination file for storing the bulk statistics sub-mode configuration. Run the show configuration bulkstats command to confirm the configuration. The bulkstats configuration file stores the configuration that was previously stored in the system configuration file under the bulk statistics sub-mode.
  • Page 191: Verifying Your Configuration

    Bulk Statistics Verifying Your Configuration In addition, show configuration bulkstats brief displays the bulkstats configuration at a global scope, as well as all server configuration. It does not display the schema configuration. Verifying Your Configuration After configuring support for bulk statistics on the system, you can check your settings prior to saving them. Follow the instructions in this section to verify your bulk statistic settings.
  • Page 192: Saving Your Configuration

    Bulk Statistics Saving Your Configuration Saving Your Configuration Save the configuration as described in the Verifying and Saving Your Configuration chapter. Viewing Collected Bulk Statistics Data The system provides a mechanism for viewing data that has been collected but has not been transferred. This data is referred to as "pending data".
  • Page 193: Clearing Bulk Statistics Counters And Information

    Bulk Statistics Clearing Bulk Statistics Counters and Information To manually initiate the transferring of bulk statistics prior to reaching the of the maximum configured storage limit, enter the following Exec mode command: bulkstats force transfer Clearing Bulk Statistics Counters and Information It may be necessary to periodically clear counters pertaining to bulk statistics in order to gather new information or to remove bulk statistics information that has already been collected.
  • Page 194: Data Types

    Bulk Statistics Data Types • Gauge: A gauge statistic indicates a single value; a snapshot representation of a single point in time within a defined time frame. The gauge changes to a new value with each snapshot though a value may repeat from one period to the next.
  • Page 195: Asr 5500 System Administration Guide, Staros Release 21.4

    Bulk Statistics Key Variables Variables Description Statistic Type Data Type date3 The UTC date that the collection file was created in YYMMDD Information String format where YY represents the year, MM represents the month and DD represents the day. time The UTC time that the collection file was created in HHMMSS Information String...
  • Page 196: Bulk Statistics Event Log Messages

    Bulk Statistics Bulk Statistics Event Log Messages Variables Description Statistic Type Data Type localtzoffset The offset from UTC/GMT for the local timezone. Format = "+" Information String or "-" HHMM. swbuild The build number of the StarOS version. Information String Bulk Statistics Event Log Messages The stat logging facility captures several events that can be useful for diagnosing errors that could occur with either the creation or writing of a bulk statistic data set to a particular location.
  • Page 197: Feature Summary And Revision History

    C H A P T E R System Logs This chapter describes how to configure parameters related to the various types of logging and how to viewing their content. It includes the following sections: • Feature Summary and Revision History, page 165 •...
  • Page 198: System Log Types

    System Logs System Log Types Applicable Platform(s) ASR 5500 VPC-SI VPC-DI Feature Default Enabled Related Changes in This Release: Not Applicable Related Documentation • ASR 5500 System Administration Guide • Command Line Interface Reference • VPC-DI System Administration Guide • VPC-SI System Administration Guide Revision History Revision history details are not provided for features introduced before releases 21.2 and N5.5.
  • Page 199: Configuring Event Logging Parameters

    System Logs Configuring Event Logging Parameters • Event: Event logging can be used to determine system status and capture important information pertaining to protocols and tasks in use by the system. This is a global function that will be applied to all contexts, sessions, and processes.
  • Page 200: Configuring Event Log Filters

    System Logs Configuring Event Log Filters Configuring Event Log Filters You can filter the contents of event logs at the Exec mode and Global Configuration mode levels. For additional information, see the Command Line Interface Reference. Exec Mode Filtering These commands allow you to limit the amount of data contained in logs without changing global logging parameters.
  • Page 201: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Configuring Event Log Filters • enable – Enables logging for a specific instance or all instances. This keyword is only supported for aaamgr, hamgr and sessmgr facilities. By default logging is enabled for all instances of aaamgr, hamgr and sessmgr.
  • Page 202: Global Configuration Mode Filtering

    System Logs Configuring Event Log Filters You can display the instance numbers for enabled instances per facility using the Exec mode show instance-logging command. Global Configuration Mode Filtering You can filter the contents of event logs at the Exec mode and Global Configuration mode levels. Follow the example below to configure run time event logging parameters for the system: configure logging filter runtime facility facility level report_level...
  • Page 203: Configuring Syslog Servers

    System Logs Configuring syslog Servers … Thu May 11 15:35:25 2017 Internal trap notification 1361 (DisabledEventIDs) Event IDs from 100 to 1000 have been disabled by user adminuser context context privilege level security administrator ttyname tty address type IPV4 remote ip address 1.2.3.4 …...
  • Page 204: Specifying Facilities

    System Logs Specifying Facilities Active logs are not written to the active memory buffer by default. To write active logs to the active memory buffer execute the following command in the Global Configuration mode: host_name logging runtime buffer store all-events [local] (config)# When active logs are written to the active memory buffer, they are available to all users in all CLI instances.
  • Page 205: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • afmgr: Fabric Manager logging facility [ASR 5500 only] • alarmctrl: Alarm Controller facility • alcap: Access Link Control Application Part (ALCAP) protocol logging facility • alcapmgr: ALCAP manager logging facility • all: All facilities • bfd: Bidirectional Forwarding Detection (BFD) protocol logging facility •...
  • Page 206: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • dhcpv6: DHCPv6 • dhost: Distributed Host logging facility • diabase: Diabase messages facility • diactrl: Diameter Controller proclet logging facility • diameter: Diameter endpoint logging facility • diameter-acct: Diameter Accounting • diameter-auth: Diameter Authentication • diameter-dns: Diameter DNS subsystem •...
  • Page 207: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities ◦ For 3G: Logs the access application layer (above the RANAP layer) • gprs-app: GPRS Application logging facility • gprs-ns: GPRS Network Service Protocol (layer between SGSN and the BSS) logging facility • gq-rx-tx-diameter: Gq/Rx/Tx Diameter messages facility •...
  • Page 208: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • ims-sh: HSS Diameter Sh Interface Service facility • imsimgr: SGSN IMSI Manager facility • imsue: IMS User Equipment (IMSUE) facility • ip-arp: IP Address Resolution Protocol facility • ip-interface: IP interface facility • ip-route: IP route facility •...
  • Page 209: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • mme-misc: MME miscellaneous logging facility • mmedemux: MME Demux Manager logging facility • mmemgr: MME Manager facility • mmgr: Master Manager logging facility • mobile-ip: Mobile IP processes • mobile-ip-data: Mobile IP data facility • mobile-ipv6: Mobile IPv6 logging facility •...
  • Page 210: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • ocsp: Online Certificate Status Protocol logging facility. • orbs: Object Request Broker System logging facility • ospf: OSPF protocol logging facility • ospfv3: OSPFv3 protocol logging facility • p2p: Peer-to-Peer Detection logging facility • pagingmgr: PAGINGMGR logging facility •...
  • Page 211: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • saegw: System Architecture Evolution (SAE) Gateway facility • sbc: SBc protocol logging facility • sccp: Signalling Connection Control Part (SCCP) Protocol logging (connection-oriented messages between RANAP and TCAP layers). • sct: Shared Configuration Task logging facility •...
  • Page 212: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Specifying Facilities • srp: Service Redundancy Protocol (SRP) logging facility • sscfnni: Service-Specific Coordination Function for Signaling at the Network Node Interface (SSCF-NNI) logging facility • sscop: Service-Specific Connection-Oriented Protocol (SSCOP) logging facility • ssh-ipsec: Secure Shell (SSH) IP Security logging facility •...
  • Page 213: Configuring Trace Logging

    System Logs Configuring Trace Logging Configuring Trace Logging Trace logging is useful for quickly resolving issues for specific sessions that are currently active. They are temporary filters that are generated based on a qualifier that is independent of the global event log filter configured using the logging filter command in the Exec mode.
  • Page 214: Viewing Logging Configuration And Statistics

    System Logs Viewing Logging Configuration and Statistics Viewing Logging Configuration and Statistics Logging configuration and statistics can be verified by entering the following command from the Exec mode: host_name show logging [ active | verbose ] [local] When no keyword is specified, the global filter configuration is displayed as well as information about any other type of logging that is enabled.
  • Page 215: Configuring And Viewing Crash Logs

    System Logs Configuring and Viewing Crash Logs • From the console port: By default, the system automatically displays events over the console interface to a terminal provided that there is no CLI session active. This section provides instructions for viewing event logs using the CLI. These instructions assume that you are at the root prompt for the Exec mode.
  • Page 216: Configuring Software Crash Log Destinations

    System Logs Configuring Software Crash Log Destinations 2 The associated minicore, NPU or kernel dump file is stored in the /flash/crsh2 directory. 3 A full core dump is stored in a user configured directory. Important The crashlog2 file along with associated minicore, NPU and kernel dumps are automatically synchronized across redundant management cards (SMC, MIO/UMIO).
  • Page 217: Viewing Abridged Crash Log Information Using The Cli

    System Logs Viewing Abridged Crash Log Information Using the CLI Crash log files (full core dumps) are written with unique names as they occur to the specified location. The name format is crash-card-cpu-time-core. Where card is the card slot, cpu is the number of the CPU on the card, and time is the Portable Operating System Interface (POSIX) timestamp in hexadecimal notation.
  • Page 218: Reducing Excessive Event Logging

    System Logs Reducing Excessive Event Logging • Process – where the crash occurred (Card, CPU, PID, etc.) • Crash time – timestamp for when the crash occurred in the format: YYYY-MMM-DD+hh:mm:ss time zone • Recent errno – text of most recent error number. •...
  • Page 219: Configuring Log Source Thresholds

    System Logs Configuring Log Source Thresholds Both traps can be enabled or suppressed via the Global Configuration mode snmp trap command. Configuring Log Source Thresholds There are three Global Configuration mode commands associated with configuring and implementing Log Source thresholds. 1 threshold ls-logs-volume –...
  • Page 220: Saving Log Files

    System Logs Saving Log Files Checkpointing logs should be done periodically to prevent the log files becoming full. Logs which have Important 50,000 events logged will discard the oldest events first as new events are logged. An Inspector-level administrative user cannot execute this command. Important Saving Log Files Log files can be saved to a file in a local or remote location specified by a URL.
  • Page 221: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range acsmgr Active Charging Service Manager (ACSMgr) Facility 91000-91999 afctrl Ares Fabric Controller (ASR 5500 only) 186000-186999 afmgr Ares Fabric Manager (ASR 5500 only) 187000-187999 alarmctrl Alarm Controller Facility 65000-65999 alcap Access Link Control Application Part (ALCAP) Protocol Facility 160900-161399 alcapmgr...
  • Page 222: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range dcardctrl Daughter Card Controller Facility 62000-62999 dcardmgr Daughter Card Manager Facility 57000-57999 demuxmgr Demux Manager Facility 110000-110999 dgmbmgr Diameter Gmb (DGMB) Application Manager Facility 126000-126999 dhcp DHCP Facility 53000-53999 dhcpv6 DHCPv6 Protocol Facility 123000-123999 dhost...
  • Page 223: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range Femto Network Gateway (FNG) Facility 149000-149999 gbrmgr Gb-Manager Facility 201900-202699 gcdr GGSN-Charging Data Record (G-CDR) Facility 66000-66999 GPRS Mobility Management (GMM) Facility 88100-88299 gprs-app General Packet Radio Service (GPRS) Application Facility 115100-115399 gprs-ns GPRS-NS Protocol Facility...
  • Page 224: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range ims-sh IMS SH Library Facility 124000-124999 imsimgr International Mobile Subscriber Identity (IMSI) Manager Facility 114000-114999 imsue IMS User Equipment (IMSUE) Facility 144000-145999 ip-arp IP Address Resolution Protocol (ARP) Facility 19000-19999 ip-interface IP Interface Facility 18000-18999...
  • Page 225: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range mme-misc MME Miscellaneous Facility 155800-156199 mmedemux MME Demux Manager Facility 154000-154999 mmemgr MME Manager Facility 137000-137499 mmgr Master Manager (MMGR) Facility 86000-86399 mobile-ip Mobile IP (MIP) Protocol Facility 26000-26999 mobile-ip-data MIP Tunneled Data Facility 27000-27999 mobile-ipv6...
  • Page 226: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range npumgr-port NPUMGR Port Facility 166000-166999 npumgr-recovery NPUMGR Recovery Facility 165000-165999 npumgr-vpn NPUMGR VPN Facility 181000-181999 npusim NPUSIM Facility 176000-176999 ntfy-intf Event Notification Interface Facility 170000-170499 orbs Object Request Broker (ORB) System Facility 15000-15999 ospf Open Shortest Path First (OSPF) Protocol Facility...
  • Page 227: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range rsvp RSVP Protocol Facility 93000-93999 RANAP User Adaptation (RUA) Protocol Facility 152000-152009 s1ap S1 Application Protocol (S1AP) Facility 155200-155799 saegw System Architecture Evolution Gateway Facility 191000-191999 sccp Signalling Connection Control Part (SCCP) Protocol Facility 86700-86899 [SS7] Shared Configuration Task (SCT) Facility...
  • Page 228: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Event ID Overview Facility Description Event ID Range snmp Simple Network Management Protocol (SNMP) Facility 22000-22999 sprmgr Subscriber Policy Register (SPR) Manager Facility 159500-159999 srdb Static Rating Database Facility 102000-102999 Service Redundancy Protocol (SRP) Facility 84000-84999 sscfnni SSCFNNI Protocol Facility [ATM] 115500-115599 sscop SSCOP Protocol Facility [ATM]...
  • Page 229: Event Severities

    System Logs Event Severities Event Severities The system provides the flexibility to configure the level of information that is displayed when logging is enabled. The following levels are supported: • critical: Logs only those events indicating a serious error has occurred that is causing the system tor a system component to cease functioning.
  • Page 230: Asr 5500 System Administration Guide, Staros Release 21.4

    System Logs Understanding Event ID Information in Logged Output Element Description [software internal system] Indicates that the event was generated because of system operation. CLI session ended for Security Administrator The event's details. Event details may, or may not include admin on device /dev/pts/2 variables that are specific to the occurrence of the event.
  • Page 231: Troubleshooting

    C H A P T E R Troubleshooting This chapter provides information and instructions for using the system command line interface (CLI) for troubleshooting any issues that may arise during system operation. Refer to the ASR 5500 Installation Guide for comprehensive descriptions of the hardware components addressed by these troubleshooting procedures.
  • Page 232: Licensing Issues

    Troubleshooting Licensing Issues Licensing Issues The system boot process is governed by StarOS licenses. During the startup process, each card performs a series of Power-On Self Tests (POSTs) to ensure that the hardware is operational. These tests also verify that the card meets all license requirements to operate in this chassis.
  • Page 233: Asr 5500 System Administration Guide, Staros Release 21.4

    Troubleshooting Checking the LEDs on the PFU Each LED on the PFU should illuminate blue for normal operating conditions. Figure 13: PFU LEDs The possible states for these LEDs are described in the following table. If the LED is not blue, use the troubleshooting information below to diagnose the problem.
  • Page 234: Checking The Leds On The Mio Card

    Troubleshooting Checking the LEDs on the MIO Card Checking the LEDs on the MIO Card Each MIO/UMIO/MIO2 is equipped with the following LEDs: • Run/Fail • Active • Redundancy • Master • Busy Figure 14: MIO Card Status LEDs The possible states for all MIO/UMIO/MIO2 LEDs are described in the sections that follow. MIO Run/Fail LED States The MIO/UMIO/MIO2 Run/Fail LED indicates the overall status of the card.
  • Page 235: Mio Active Led States

    Troubleshooting Checking the LEDs on the MIO Card Color Description Troubleshooting Blinking Green Card is initializing and/or This is normal operation during boot-up. loading software Card powered with error(s) Errors were detected during the Power On Self Tests (POSTs). It is likely that detected the errors were logged to the system's command line interface during boot.
  • Page 236: Mio Redundancy Led States

    Troubleshooting Checking the LEDs on the MIO Card MIO Redundancy LED States The Redundancy LED on the MIO/UMIO/MIO2 indicates that software is loaded on the card, but it is serving as a redundant component. For the MIO/UMIO/MIO2 installed in slot 6, this LED should be green for normal operation.
  • Page 237: Mio Busy Led States

    Troubleshooting Checking the LEDs on the MIO Card Color Description Troubleshooting None This card is the Standby MIO. Verify that the Run/Fail LED is green. If so, the card is receiving power and POST results are positive. If it is off, refer to MIO Run/Fail LED States, on page 202 for troubleshooting information.
  • Page 238: Mio – Interface Activity Led States

    Troubleshooting Checking the LEDs on the DPC Color Description Troubleshooting None No power to card. Verify that the Run/Fail LED is green. If so, the card is receiving power. If it is off, refer to MIO Run/Fail LED States, on page 202 for troubleshooting information.
  • Page 239: Dpc Run/Fail Led States

    Troubleshooting Checking the LEDs on the DPC • Redundancy Figure 15: DPC Status LEDs The possible states for all of the DPC/UDPC or /DPC2/UDPC2 LEDs are described in the sections that follow. DPC Run/Fail LED States The DPC/UDPC or /DPC2/UDPC2 Run/Fail LED indicates the overall status of the card. This LED should be green for normal operation.
  • Page 240: Dpc Active Led States

    Troubleshooting Checking the LEDs on the DPC Color Description Troubleshooting None Card is not receiving power. Verify that the LEDs on the PFUs are blue. If they are not, refer to Checking the LEDs on the PFU, on page 200 for troubleshooting information.
  • Page 241: Dpc Redundancy Led States

    Troubleshooting Checking the LEDs on the FSC DPC Redundancy LED States The Redundancy LED on the DPC/UDPC or /DPC2/UDPC2 indicates that software is loaded on the card, but it is serving as a standby component. DPC/UDPCs or /DPC2/UDPC2s support n:1 redundancy; the Redundancy LED should be green on only one DPC/UDPC or /DPC2/UDPC2 for normal system operation.
  • Page 242: Fsc Run/Fail Led States

    Troubleshooting Checking the LEDs on the FSC • Drive 2 Activity Figure 16: FSC Status LEDs The possible states for all FSC LEDs are described in the sections that follow. FSC Run/Fail LED States The FSC Run/Fail LED indicates the overall status of the card. This LED should be green for normal operation. The possible states for this LED are described in the following table.
  • Page 243: Fsc Active Led States

    Troubleshooting Checking the LEDs on the FSC Color Description Troubleshooting None Card is not receiving power Verify that the LEDs on the PFUs are blue. If they are not, refer to Checking the LEDs on the PFU, on page 200 for troubleshooting information.
  • Page 244: Fsc Drive N Activity Led States

    Troubleshooting Checking the LEDs on the FSC Table 27: FSC Redundancy LED States Color Description Troubleshooting Green Card is in redundant mode None needed. There is at least one FSC in Standby mode. Amber Card is not backed up by a Check the status of the other FSCs.
  • Page 245: Checking The Leds On The Ssc

    Troubleshooting Checking the LEDs on the SSC Checking the LEDs on the SSC Each SSC is equipped with the following LEDs as shown in the accompanying figure: • Run/Fail • Active • Redundancy • System Status • System Service Figure 17: SSC Status LEDs The possible states for all SSC LEDs are described in the sections that follow.
  • Page 246: Ssc Active Led States

    Troubleshooting Checking the LEDs on the SSC Table 29: SSC Run/Fail LED States Color Description Troubleshooting Green Card powered with no errors None needed. detected Blinking Green Card is initializing and/or This is normal operation during boot-up. loading software Card powered with error(s) Errors were detected during the Power On Self Tests (POSTs).
  • Page 247: Ssc Redundancy Led States

    Troubleshooting Checking the LEDs on the SSC SSC Redundancy LED States The Redundancy LED on the SSC indicates that software is loaded on the card, but it is serving as a standby component. SSC support 1:1 redundancy; the Redundancy LED should be green on the other SSC for normal system operation.
  • Page 248: Ssc System Service Led States

    Troubleshooting Testing System Alarm Outputs SSC System Service LED States The System Service LED on the SSC illuminates amber to indicate that the system has experienced a hardware component failure. This LED is off during normal operation. The possible states for this LED are described in the following table. If the LED is not green, use the troubleshooting information in the table to diagnose the problem.
  • Page 249: Switching Mios

    Troubleshooting Switching MIOs Switching MIOs When the system boots up, the MIO/UMIO/MIO2 installed in chassis slot 5 will boot into the Active mode and begin booting other system components. The MIO/UMIO/MIO2 installed in chassis slot 6 will automatically be booted into Standby mode dictating that it will serve as a redundant component. The active MIO/UMIO/MIO2 automatically synchronizes currently running tasks or processes with the standby MIO/UMIO/MIO2.
  • Page 250: Migrating A Dpc

    Troubleshooting Migrating a DPC Migrating a DPC When the system boots up, all DPC/UDPCs or DPC2/UDPC2s enter the "standby" mode. The standby mode indicates that the card is available for use but is not configured for operation. Installed components can be made active through the software configuration process.
  • Page 251: Initiate A Card Halt

    Troubleshooting Halting Cards Initiate a Card Halt Important Do not initiate a card halt for an active FSC if there are less than two active FSCs in the system. The system returns an error message if there are less than two active FSCs. There are similar restrictions when executing the card reboot or card upgrade commands on active FSCs.
  • Page 252: Verifying Network Connectivity

    Troubleshooting Verifying Network Connectivity Verifying Network Connectivity There are multiple commands supported by the system to verify and/or troubleshoot network connectivity. Note that network connectivity can only be tested once system interfaces and ports have been configured and bound. The commands specified in this section should be issued on a context-by-context basis. Contexts act like virtual private networks (VPNs) that operate independently of other contexts.
  • Page 253: Using The Traceroute Or Traceroute6 Command

    Troubleshooting Using the traceroute or traceroute6 Command • Verify the port is operational. • Verify that the configuration of the ports and interfaces within the context are correct. • If the configuration is correct and you have access to the device that you're attempting to ping, ping the system from that device.
  • Page 254: Viewing Ip Routes

    Troubleshooting Viewing IP Routes Viewing IP Routes The system provides a mechanism for viewing route information to a specific node or for an entire context. This information can be used to verify network connectivity and to ensure the efficiency of the network connection.
  • Page 255: Using The System Diagnostic Utilities

    Troubleshooting Using the System Diagnostic Utilities Using the System Diagnostic Utilities The system provides protocol monitor and test utilities that are useful when troubleshooting or verifying configurations. The information generated by these utilities can help identify the root cause of a software or network configuration issue.
  • Page 256: Using The Protocol Monitor For A Specific Subscriber

    Troubleshooting Using the Protocol Monitor Step 5 Enter Y to proceed with the monitor or N to go back to the previous menu. C - Control Events (ON ) D - Data Events (ON ) E - EventID Info (ON ) H - Display ethernet (ON ) I - Inbound Events...
  • Page 257: Asr 5500 System Administration Guide, Staros Release 21.4

    Troubleshooting Using the Protocol Monitor Option Y for performing multi-call traces is only supported for use with the GGSN. Step 5 Repeat step 6 as needed to enable or disable multiple protocols. Step 6 Press Enter to refresh the screen and begin monitoring. The following displays a portion of a sample of the monitor's output for a subscriber named user2@aaa.
  • Page 258: Generating An Ssd

    Troubleshooting Generating an SSD PPP Rx PDU (12) IPCP 12: Conf-Req(3), IP-Addr=192.168.250.87 The monitor remains active until disabled. To quit the protocol monitor and return to the prompt, press q. Generating an SSD An SSD is an instance of the output when the Exec mode show support details command is run. It displays a comprehensive list of system information that is useful for troubleshooting purposes.
  • Page 259: Asr 5500 System Administration Guide, Staros Release 21.4

    Troubleshooting Configuring and Using the Support Data Collector on a periodic basis. The record collector always runs in the background and checks if there are records to be collected. When it is time to collect support data, the scheduler executes the configured sequence of CLI commands and stores the results in a gunzipped (.gz) file on the hard-disk.
  • Page 260: Asr 5500 System Administration Guide, Staros Release 21.4

    Troubleshooting Configuring and Using the Support Data Collector ASR 5500 System Administration Guide, StarOS Release 21.4...
  • Page 261: Feature Information

    C H A P T E R Packet Capture (PCAP) Trace • Feature Information, page 229 • Feature Description, page 230 • Configuring PCAP Trace, page 230 • Monitoring and Troubleshooting PCAP Trace, page 237 Feature Information Summary Data Applicable Product(s) or Functional Area •...
  • Page 262: Feature Description

    Packet Capture (PCAP) Trace Feature Description Related Documentation • ASR 5000 System Administration Guide • ASR 5500 System Administration Guide • Command Line Interface Reference Guide • ePDG Administration Guide • IPSec Reference Guide • SaMOG Administration Guide • VPC-SI System Administration Guide Revision History Revision history details are not provided for features introduced before release 21.2.
  • Page 263: Configuring The Hexdump Module

    Packet Capture (PCAP) Trace Configuring the Hexdump Module • Although hexdump record generation is supported on both single-mode and multi-mode, it is recommended to enable the CDR multi-mode. • Use the default cdr-multi-mode command to configure this command with its default setting. •...
  • Page 264: Asr 5500 System Administration Guide, Staros Release 21.4

    Packet Capture (PCAP) Trace Configuring the Hexdump Module ◦ time-limit seconds: Specifies that hexdump records are to be deleted from the hard drive upon reaching a time limit defined in seconds. seconds must be an integer from 600 through 2592000. ◦...
  • Page 265: Configuring The Hexdump File Parameters

    Packet Capture (PCAP) Trace Configuring the Hexdump File Parameters ◦ secondary secondary-url secondary_url: Specifies the secondary URL location to which the system pushes the hexdump files. secondary_url must be an alphanumeric string of 1 through 1024 characters in the format: //user:password@host:[port]/direct.
  • Page 266: Asr 5500 System Administration Guide, Staros Release 21.4

    Packet Capture (PCAP) Trace Configuring the Hexdump File Parameters • Use the current-prefix prefix keyword to specify a string to add at the beginning of the hexdump file that is currently being used to store records. ◦ prefix must be an alphanumeric string of 1 through 31 characters. ◦...
  • Page 267: Asr 5500 System Administration Guide, Staros Release 21.4

    Packet Capture (PCAP) Trace Configuring the Hexdump File Parameters ◦ tariff-time minute minutes hour hours: Specifies to close the current hexdump file and create a new one based on the tariff time (in minutes and hours). minutes must be an integer from 0 through 59. hours must be an integer from 0 through 23.
  • Page 268: Enabling Or Disabling Hexdump

    Packet Capture (PCAP) Trace Enabling or Disabling Hexdump • Use the trap-on-file-delete keyword to instruct the system to send an SNMP notification (trap) when a hexdump file is deleted due to lack of space. Default: Disabled • Use the xor-final-record keyword to insert an exclusive OR (XOR) checksum (instead of a CRC checksum) into the hexdump file header, if the exclude-checksum-record is left at its default setting.
  • Page 269: Monitoring And Troubleshooting Pcap Trace

    Packet Capture (PCAP) Trace Monitoring and Troubleshooting PCAP Trace ◦ Chunk flags ◦ Transmission Sequence Numbers (TSN) ◦ Stream identifier ◦ Stream sequence number • When the SCTP protocol option is selected in monpro, PCAP hexdump will have the original SCTP header.
  • Page 270: Show { Hexdump-Module | Cdr } File-Space-Usage

    Packet Capture (PCAP) Trace Show Command(s) and/or Outputs Field Description Hexdump-module files rotated due Total number of times a hexdump file was closed and a new hexdump to time limit file was created since the time limit was reached. Hexdump-module files rotated due Total number of times a hexdump file was closed and a new hexdump to tariff-time file was created since the tariff time was reached.