Understanding System Operation and Configuration


Understanding System Operation and Configuration
 
The system provides wireless carriers with a flexible solution that can support a wide variety of services. These services are described in detail in the System Overview Guide.
Prior to connecting to the command line interface (CLI) and beginning the configuration, there are important things to understand about how the system supports these applications. This chapter provides terminology and background information that must be considered before attempting to configure the system. The following sections are included:
Terminology
This section defines some of the terms used in the following chapters.
Contexts
A context is a logical grouping or mapping of configuration parameters that pertain to various physical ports, logical IP interfaces, and services. A context can be thought of as a virtual private network (VPN).
The system supports the configuration of multiple contexts. Each is configured and operates independently from the others. Once a context has been created, administrative users can then configure services, logical IP interfaces, and subscribers for that context. Administrative users then bind the logical interfaces to physical ports.
Contexts can also be assigned domain aliases; if a subscriber’s domain name matches one of the configured alias names for that context, then that context is used.
Ports
Ports are the physical Ethernet connectors (Ethernet 10/100, Ethernet 1000 Line Cards, four-port Quad Gigabit Line Cards (QGLC), and 10-Gigabit Ethernet Line Cards (XGLC) . Ethernet port configuration addresses traffic profiles, data encapsulation methods, media type, and other information for physical connectivity between the system and the rest of the network. Ports are identified by the chassis slot number for the line card, followed by the physical connector number.
For example, Port 24/1 identifies connector number 1 on the card in slot 24.
Associate ports with contexts through bindings. For additional information on bindings, refer to the Bindings section below. You can configure each physical port to support multiple logical IP interfaces, each with up to 17 IP addresses (one primary and up to 16 secondaries).
Logical Interfaces
You must associate a port with a virtual circuit or tunnel called a logical interface before the port can allow the flow of user data. A logical interface within the system is defined as the logical assignment of a virtual router instance that provides higher-layer protocol transport, such as Layer 3 IP addressing. Interfaces are configured as part of the VPN context and are independent from the physical port that will be used to bridge the virtual interfaces to the network.
There are several types of logical interfaces to configure to support Simple and Mobile IP data applications.
Management interface: This interface provides the point of attachment to the management network. The interface supports remote access to the CLI It also supports Common Object Request Broker Architecture (CORBA)-based management via the Web Element Manager application, and event notification via the Simple Network Management Protocol (SNMP).
Define management interfaces in the local context and bind them to the ports on the Switch Processor Input/Output (SPIO) cards.
Bindings
A binding is an association between elements within the system. There are two types of bindings: static and dynamic.
 
 
Services
Configure services within a context to enable certain functionality. The following are examples of services you can configure on the system, subject to licensing availability and platform type:
 
 
AAA Servers
For most configurations, AAA servers are used to store profiles, perform authentication, and maintain accounting records for each mobile data subscriber. The AAA servers communicate with the system over the AAA interface. The system supports the configuration of up to 128 AAA servers.
It is important to note that for Mobile IP, there can be foreign AAA (FAAA) and home AAA (HAAA) servers. The FAAA server(s) typically resides in the carrier’s network. The HAAA server(s) could be owned and controlled by either the carrier or the home network. If the HAAA server is owned and controlled by the home network, accounting data is transferred to the carrier via a AAA proxy server.
Important: Mobile IP support depends on the availability and purchase of a standalone HA license or a license bundle that includes HA.
Subscribers
Subscribers are the end-users of the service; they gain access to the Internet, their home network, or a public network through the system. There are three primary types of subscribers:
 
 
RADIUS-based Subscribers: The most common type of subscriber, these users are identified by their International Mobile Subscriber Identity (IMSI) number, an Electronic Serial Number (ESN), or by their domain name or user name. They are configured on and authenticated by a RADIUS AAA server.
Upon successful authentication, various attributes that are contained in the subscriber profile are returned. The attributes dictate such things as session parameter settings (for example, protocol settings and IP address assignment method), and what privileges the subscriber has.
Important: Attribute settings received by the system from a RADIUS AAA server take precedence over local-subscriber attributes and parameters configured on the system.
Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber’s user profile (containing attributes like those used by RADIUS-based subscribers) is configured within the context where they are created.
When local subscriber profiles are first created, attributes for that subscriber are set to the system’s default settings. The same default settings are applied to all subscriber profiles, including the subscriber named default which is created automatically by the system for each system context. When configuring local profile attributes, the changes are made on a subscriber-by-subscriber basis.
Important: Attributes configured for local subscribers take precedence over context-level parameters. However, they could be over-ridden by attributes returned from a RADIUS AAA server.
Management Subscribers: A management user is an authorized user who can monitor, control, and configure the system through the command-line interface (CLI) or Web Element Manager application. Management is performed either locally, through the system console port, or remotely through the use of the Telnet or secure shell (SSH) protocols. Management users are typically configured as a local subscriber within the Local context, which is used exclusively for system management and administration. As with a local subscriber, a management subscriber’s user profile is configured within the context where the subscriber was created (in this case, the Local context). However, management subscribers may also be authenticated remotely via RADIUS, if an AAA configuration exists within the local context.
How the System Selects Contexts
The previous section of this chapter defined what a context is and how it is used within the system. This section provides details about the process that determines which context to use for context-level administrative user or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many contexts and interfaces you need configure.
Context Selection for Context-level Administrative User Sessions
The system comes configured with a context called local that you use specifically for management purposes. The context selection process for context-level administrative users (those configured within a context) is simplified because the management port(s) on the SPIO are associated only with the Local context. Therefore, the source and destination contexts for a context-level administrative user responsible for managing the entire system should always be the local context.
Although this is not commonly done, a context-level administrative user can also connect through other interfaces on the system and still have full system management privileges.
A context-level administrative user can be created in a non-local context. These management accounts have privileges only in the context in which they are created. This type of management account can connect directly to a port in the context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
For all FTP or SFTP connections, you must connect through a SPIO interface. If you SFTP or FTP as a non-local context account, you must use the username syntax of username@contextname.
The context selection process becomes more involved if you are configuring the system to provide local authentication or work with a AAA server to authenticate the context-level administrative user.
The system gives you the flexibility to configure context-level administrative users locally (meaning that their profile will be configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts to log onto the system, the system performs the authentication. If you have configured the user profile on an AAA server, the system must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context for the session.
The following table and figure describe the process that the system uses to select an AAA context for a context-level administrative user.
Context-level Administrative User AAA Context Selection
If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in this table.
If local authentication is disabled on the system or if the administrative user’s username is not configured in the local context, the system determines if a domain was received as part of the username.
 
Context-level Administrative User AAA Context
Context Selection for Subscriber Sessions
The context selection process for a subscriber session is more involved than that for the administrative users. Subscriber session context selection information for specific products is located in the Administration Guide for the individual product.
 
Understanding the System Boot Process
 
Refer to other sections of this guide for information and instructions on configuring the system. Part of the configuration process requires that you allocate hardware resources for processing and redundancy. Therefore, before you configure the system, it is important to understand the boot process which determines how the hardware components are brought on line.
The following flowchart shows each step in the startup process. For additional information about system configuration files, refer to the Understanding Configuration Files section.
 
Boot Process Flowchart
The following steps describe the system’s boot process:
Step 1
Step 2
Step 3
Step 4
Step 5
Important: If no SMCs are installed, or if they are installed incorrectly, no other card installed in the system will boot.
Step 6
Step 7
Installed line cards all remain in a ready mode until their corresponding PSC is made active via configuration. After the PSC is made active, the line card installed in the upper-rear chassis slot behind the card is also made active. The line card installed in the lower-rear chassis slot behind the card enters the standby mode.
Step 8
Step 9
The wizard creates a configuration file, system.cfg, that you can use as a starting point for subsequent configurations. This allows you to configure the system automatically by applying the configuration file during any subsequent boot. For additional information about system configuration files, refer to the Understanding Configuration Files section.
Understanding Configuration Files
The system supports the use of a file or script to modify configurable parameters. When you use a file for offline system configuration, it reduces the time it takes to configure parameters on multiple systems.
 
A system configuration file is an ASCII text file that contains commands and configuration parameters. When you apply the configuration file, the system parses through the file line by line, testing the syntax and executing the command. If the syntax is incorrect, a message is displayed to the CLI and the system proceeds to the next command. Lines that begin with # are considered remarks and are ignored.
Important: Pipes ( | ), used with the grep and more keywords, can potentially cause errors in configuration file processing. Therefore, the system automatically ignores keywords with pipes during processing.
The commands and configuration data within the file are organized and formatted just as they would be if they were being entered at the CLI prompt. For example, if you wanted to create a context called source in the CLI, you would enter the following commands at their respective prompts:
[local]host_name# config
[local]host_name(config)# context source
[source]host_name(config-ctx)# end
To create a context called source using a configuration file, you would use a text editor to create a new file that consists of the following:
config
context source
end
There are several important things to consider when using configuration files:
Important: When you apply a configuration file after the boot process, the file does not delete the configuration loaded as part of the boot process. Only those commands that are duplicated are overwritten.
CompactFlash™: Installed on the SPC or SMC
PCMCIA Flash Card: Installed in a slot on the SPC or SMC
Network Server: Any workstation or server on the network that the system can access using the Trivial File Transfer Protocol (TFTP). This is recommended for large network deployments in which multiple systems require the same configuration
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883