Feedback
Table Of Contents
Cisco Provisioning Center Server Configuration
RADIUS Server Configuration (Optional)
Configuring Username Authentication
Matching VC Traffic Parameters for CNX
Configuring Username Authentication
RADIUS Configuration (Optional)
Configuring Additional IOS Commands
Cisco Provisioning Center Server Configuration
Workstation Upload Configuration
Enabling TFTP on the Cisco Provisioning Center Server
FTP/TFTP Access Configuration File
Setting the Maximum Number of Network Interface Executors
Configuring CNX VC Class Autogeneration
Setting the Maximum Number of Concurrent Getter Processes
Automating RADIUS Server Startup
Installing the Cisco 6400 Equipment Module Utility Package
Configuring the RADIUS Clients File
Initial Configuration
The Cisco 6400 Equipment Module supports the Cisco 6400 Universal Access Concentrator (UAC). The Cisco 6400 UAC is a multi-technology access concentrator that offers conventional ATM switching functions with full support for different QoS classes as well as a unique set of aggregation and routing capabilities, including:
•
Convergence
•
•
•
•
•
•
•
The Equipment Module works directly with the Cisco 6400 UAC through FTP (or Telnet) and SNMP or TFTP and SNMP.
The Equipment Module provides an event logging daemon to track event log changes from the Cisco 6400. The daemon is started/stopped in the workstation boot and runs independently of Cisco Provisioning Center.
To configure this Equipment Module for use with Cisco Provisioning Center, you must complete the following steps.
Software Requirements
This section outlines the software requirements that must be fulfilled for the correct operation of the Cisco 6400 Equipment Module. All software included in this section must be acquired independently of the Cisco 6400 Equipment Module.
Table 1-2 outlines the software requirements for the Cisco 6400 Equipment Module.
Table 1-2 Required Software
Cisco
IOS (NRP-1)
12.1(1) to 12.2(2)B5
IOS (NRP-2)
12.1(5) to 12.2(2)B2
IOS (NRP-2SV)
12.2B to 12.2(4)B3
IOS (NSP)
12.1(1) to 12.2(2)B5
Merit
RADIUS server
3.6B1
1 Installation of the Merit RADIUS server requires Solaris version 2.7 or higher and FTP/Telnet capability.
Hardware Compatibility
This section provides information about hardware compatible with the Cisco 6400 Equipment Module.
Network Interface Cards
The following network interface cards (referred to as "line cards") are supported by the Cisco 6400 Equipment Module.
Initial Configuration
The Cisco 6400 UAC, and the Cisco Provisioning Center server must be initially configured to make the Cisco 6400 Equipment Module fully operational. The initial configuration required for this Equipment Module involves the following steps:
Cisco 6400 Configuration
The following steps must be completed by logging into the NRP and NSP on the Cisco 6400 and manually configuring the hardware via IOS.
1.
2.
3.
4.
Cisco Provisioning Center Server Configuration
The following procedures should be completed by logging into the Cisco Provisioning Center server host machine and configuring the Cisco Provisioning Center server via a terminal window.
1.
2.
3.
4.
RADIUS Server Configuration (Optional)
The following procedures are completed by logging into the RADIUS server host machine and configuring the RADIUS server via a terminal window.
1.
2.
3.
4.
Cisco 6400 Configuration
Some initial configuration must be done for each Node Router Processor (NRP) and Node Switch Processor (NSP) individually in order to facilitate the creation, modification, deletion and management of DSL services using the Cisco 6400 Equipment Module. Before upload and provisioning functions of the NSP and NRP can occur, each NSP and NRP must have the following parameters configured:
•
•
•
•
•
•
For more information on configuring the above parameters, refer to the appropriate Cisco 6400 user documentation.
Running-Config Autosave
You can configure the Cisco 6400 Equipment Module to automatically save the IOS running-config file of the Cisco 6400. By default, the running-config autosave feature is disabled.
To enable autosave, follow these steps:
Step 1
Step 2
Step 3
C4.WriteNVRAM = 0Step 4
C4.WriteNVRAM = 1Step 5
Step 6
SYnpt -r
Note
Configuring the NRP
Each NRP requires initial configuration in order to communicate with the Cisco Provisioning Center server. An NRP must be configured to enable the following features:
•
•
•
Optionally, you can configure a first generation NRP card (NRP) as redundant for failure protection. Second generation NRP cards (NRP2) do not support redundancy.
Event Logger Requirements
You must set up each Cisco 6400 NRP before launching the event logger. For more information on configuring the NRP, refer to the appropriate Cisco 6400 user documentation. The following procedure uses an NRP and NRP2 to illustrate the configuration process. The procedure for configuring each NRP is identical but the method for accessing NRPs and NRP2s is different (these procedures are outlined in the following two sections). Configuration requires a thorough understanding of Cisco IOS software.
If you are configuring an NRP, follow the procedure outlined in "Accessing the NRP" to access it. If you are configuring an NRP2, follow the procedure outlined in "Accessing the NRP2" to access it. After you have accessed the NRP, continue with the NRP configuration by following the procedure outlined in "Configuring the NRP".
Accessing the NRP
Perform the following procedure to access the NRP.
Step 1
telnet <ip_address>8Step 2
Step 3
Router>enablepassword:password
Accessing the NRP2
NRP2 cards do not have an IP address assigned to them and must be accessed through the NSP. Perform the following procedure to access the NRP2.
Step 1
telnet <ip_address>Step 2
Step 3
Router>enablepassword:passwordStep 4
nrps<Slot_Number>where:
Slot_Number—The slot number of the NRP2.
Configuring the NRP
To configure the NRP, perform the following procedure.
Step 1
config terminalStep 2
where:
IP Address—The IP address of the Cisco Provisioning Center server host.
Note
Step 3
show running-configStep 4
write memoryIf you have enabled the running-config autosave feature, you do not need to perform this step. For more information on running-config autosave, see the "Running-Config Autosave" section.
Configuring Tunnel Awareness
You can configure each NRP to be aware of single hop and multihop tunnels. Tunnels that are created using L2TP are used by Virtual Private Dial-Up Networking (VPDN) to extend a PPP session across a wide area network. NRPs must be configured to look for tunnel definitions on a L2TP Network Server (LNS). Perform the following procedure at the privileged EXEC prompt to enable VPDN:
Step 1
config terminalStep 2
vpdn enableStep 3
vpdn multihopStep 4
vpdn search-order multihop-hostname domain
Configuring NRP Redundancy
As a failure prevention measure, NRPs can operate in redundant mode. In redundant mode, one NRP is configured as the primary NRP and a second NRP is configured as the secondary. Redundant NRP cards must occupy adjacent slots (i.e.: 1 and 2, or 3 and 4). Redundancy is transparent since both NRPs share the same IP address. In redundant mode, when a connection is provisioned on the primary NRP, it will be mirrored on the secondary NRP in case the primary card fails. It is also possible to swap the roles of each NRP between primary and secondary.
If you require a pair of NRPs to operate in redundant mode, you must do so using the following IOS commands on the NRP.
Change to Redundancy mode from Global mode using the following IOS command:
redundancyIn redundancy mode, configure a redundant pair using the following command:
associate subslot <slot_number_1>/0 <slot_number_2>/0Where:
<slot_number_1>—the slot number of the primary NRP
<slot_number_2>—the slot number of the secondary NRP
For example, the following IOS command will configure slots one and two on the NRP as a redundant pair:
redundancy associate subslot 1/0 2/0For NRP redundancy to work properly, you must configure Cisco Provisioning Center to autosave to memory the IOS running-config file that the Cisco 6400 Equipment Module uses. For more information on configuring Cisco Provisioning Center to automatically save the IOS running-config file, see the ""Running-Config Autosave" section."
For more information on NRP redundancy, consult the appropriate Cisco documentation.
Note
Note
Configuring Username Authentication
Configuration of the username authentication system is optional when logging into the NRP. The NRP acts as a client NAS (Network Access Server). The NAS is the aggregation point of PPP sessions into an L2TP tunnel. To configure the username authentication system for the NAS, enter the following IOS commands at the privileged EXEC prompt:
Step 1
config terminalStep 2
where:
name—A username or the machine name
encryption type—A number that represents a certain encryption type - 0 indicates a cleartext password
password—A unique password
for example:
username C4 password 0 ABCPassword
Note
Matching VC Traffic Parameters for CNX
The Cisco 6400 Equipment Module will reuse existing VC Class traffic parameters when the C4_vcclassname attribute is null and the given traffic parameters match an existing VC Class. To enable the Cisco 6400 Equipment Module to compare given VC class parameters with existing VC Classes, the C4.CompareCNX_VCClass configuration flag in the syavconfig.site file must be set to a value of 1. Setting this value to 0 (zero) disables this comparison functionality and tells Cisco Provisioning Center to use the VC class provided by name.
To set the C4.CompareCNX_VCClass configuration flag, follow these steps:
Step 1
Step 2
Step 3
Step 4
C4.CompareCNX_VCClass = 0Step 5
Step 6
Step 7
SYnpt -sS
Robust CNX Provisioning
When you create a PVC on the NRP, the Cisco 6400 Equipment Module performs a test in the network interface to detect if the PVC already exists in the NRP, but is not present in the Cisco 6400 Equipment Module database. When this out-of-sync condition occurs, Cisco Provisioning Center sends an error message, and forces a rollback of the transaction.
This test uses the IOS command show atm pvc <vpi>/<vci> | include exist which detects the IOS response that the PVC does not exist. When it does exist, no response is sent. The error message is in the following format:
"Failed to create CNX <vpi>/<vci> on subinterface ATM0/0/0.<subif>. Reason: the CNX exists but was not uploaded"
Configuring the NSP
You must configure the Cisco 6400 NSP before launching the event logger. For more information on configuring the NSP, refer to the appropriate Cisco 6400 user documentation. The following procedure uses an NSP to illustrate the configuration process. Configuration requires a thorough understanding of Cisco IOS software.
To configure the NSP:
Step 1
telnet <ip_address>Step 2
Step 3
Switch>enablepassword:passwordStep 4
config terminalStep 5
where:
IP Address—The IP address of the Cisco Provisioning Center server host with Event Logger.
Step 6
show running-configStep 7
write memoryIf you have enabled the running-config autosave feature, you do not need to perform this step. For more information on running-config autosave, see the "Running-Config Autosave" section.
Note
Configuring Username Authentication
Configuration of the username authentication system is recommended when logging into the NSP. The NSP acts as a client NAS (Network Access Server). To configure the username authentication system for the NAS, enter the following IOS commands at the privileged EXEC prompt:
Step 1
config terminalStep 2
where:
name—A username or the machine name
encryption type—A number that represents a certain encryption type - 0 indicates a cleartext password
password—A unique password
for example:
username C4 password 0 ABCPassword
Note
RADIUS Configuration (Optional)
Before the provisioning of services can occur, you individually configure each NRP to recognize and communicate with the RADIUS server. Configuration of each NRP involves three steps:
1.
2.
3.
Configuring RADIUS Awareness
An awareness of the RADIUS server must be established on the Cisco 6400 to allow the exchange of authorization and authentication information. This process must be done for each NRP within the Cisco 6400. The configuration is implemented using Cisco IOS commands on the router. To configure an NRP to be aware of a RADIUS server, issue the following IOS commands at the privileged EXEC prompt:
Configuring RADIUS Access
Once each NRP installed with the Cisco 6400 has been configured to be aware of a RADIUS server, further configuration must be done to specify the location of the RADIUS server host, the authentication and accounting port addresses on the server host, and the RADIUS password. These steps are required for the NRP to recognize a specific RADIUS server and where it is located. To configure RADIUS access, issue the following IOS commands at the privileged EXEC prompt:
where:
ip address—The IP address of the RADIUS server
key—The encryption key used on the RADIUS server. This encryption key must be identical in IOS and in the RADIUS server clients file. For more information, consult your RADIUS documentation.
Configuring Additional IOS Commands
You can configure the Cisco 6400 Equipment Module to support the oam-pvc 0 IOS command when provisioning a VC class. To support this IOS command, you set the C4.supportExtraIOSCommands variable in the syavconfig.site file to a value of 1. Setting this variable to a value of 0 (zero) disables the IOS command support.
To configure the Cisco 6400 Equipment Module to support the additional IOS command, complete the following steps:
Step 1
Step 2
Step 3
Step 4
C4.supportExtraIOSCommands = 0Step 5
If you want to disable the IOS command support, set the value of the C4.supportExtraIOSCommands variable to 0 (zero).
Step 6
Step 7
SYnpt -sS
Cisco Provisioning Center Server Configuration
The Cisco Provisioning Center server must be initially configured to communicate with the Cisco 6400 and, optionally, one or more RADIUS servers. This section outlines the procedures required to complete this configuration and enable upload.
Receiving Traps (Optional)
The Cisco Provisioning Center server system file must be configured to receive traps from the Cisco 6400. To configure the Cisco Provisioning Center server for communication with the Cisco 6400, complete the following steps:
Step 1
Step 2
c4trapd 5999/udpThis line specifies that when the C4trapd program is running, it uses the port # 5999 and udp protocol for communication with the Cisco 6400.
Step 3
Step 4
ps -ef | grep inetdStep 5
kill -HUP pidwhere:
pid—the process ID.
Step 6
inetd -s
Event Logger Daemon
An event logging daemon must be installed on the Cisco Provisioning Center server host for any event logging to become operational. The event logger is distributed through the Cisco 6400 Equipment Module installation procedure. The event logger is a standalone daemon independent of Cisco Provisioning Center functions. Launching Cisco Provisioning Center does not activate the event logger, and shutting down Cisco Provisioning Center does not terminate the event logger. The event logger will continue to log events from the Cisco 6400 if Cisco Provisioning Center is shut down. When Cisco Provisioning Center is restarted, the Cisco Provisioning Center server system file will update the log files by checking in the event log directory.
Step 1
c4trapd -f $CCP_LOG/event/C4eventLog
Workstation Upload Configuration
The Cisco 6400 Equipment Module supports both FTP and TFTP to upload the hardware configuration. By default, FTP is used. If you require TFTP, you must first enable it on the Cisco Provisioning Center server. For both FTP and TFTP clients, you need to set the upload configuration variables in the FTP/TFTP Access Configuration File.
Enabling TFTP on the Cisco Provisioning Center Server
If you require TFTP enabled on the Cisco Provisioning Center server, perform the following procedure. This procedure is not required if you intend to use FTP.
Step 1
Step 2
chmod u+w /etc/inetd.confStep 3
#tftp dgram udp wait root /usr/sbin/in.tftp in.tftp -s /tftpbootto:
tftp dgram udp wait root /usr/sbin/in.tftp in.tftpThis will enable the TFTP daemon in insecure mode.
Step 4
ps -ef | grep inetdIf your workstation outputs an inetd process like the following:
root 136 1 0 Apr 17 ? 0:12 /usr/sbin/inetd -swhere the second column (136) is the process ID (PID), then TFTP is already enabled. Force the TFTP daemon to re-read the inetd.conf file by issuing the following command:
kill -HUP <pid>where pid is the inetd process ID.
If your workstation does not output an inetd process, start the inetd process by issuing the following command:
inetd -sStep 5
netstat -a | grep tftpStep 6
*.tftp Idle
FTP/TFTP Access Configuration File
To enable FTP upload, you must define three configuration variables: C4_USER, C4_PASSWORD, and C4_FTP. The user and password combination must correspond to a valid UNIX user account on the workstation which has write permission in the /tmp directory. This account enables FTP to retrieve the running configuration from the Cisco 6400.
To enable TFTP upload, you do not uncomment the C4_USER and C4_PASSWORD variables. The C4_FTP variable must be uncommented and set to FALSE.
Optionally, for both FTP and TFTP, you can set the variable C4_IPADDRESS that points to the IP address of the Cisco Provisioning Center host machine. This is required when there are multiple IP addresses for Cisco Provisioning Center servers in the network, or when a firewall is performing IP address translation.
The configuration variables are contained in a configuration file and must be set before the Cisco Provisioning Center server starts.
For example, the C4FTPAccess.config for an FTP configuration may look as follows:
C4_USER = <username>C4_PASSWORD = <password>C4_FTP = TRUE#C4_IPADDRESS =Or, the configuration file for a TFTP configuration may look as follows:
#C4_USER =#C4_PASSWORD =C4_FTP = FALSEC4_IPADDRESS = <ip_address>The variables can also be manually set outside of the configuration file. In this case, these variables override the variables set in the configuration file.
To set the Cisco 6400 upload configuration variables, follow the steps:
Step 1
Step 2
Step 3
Step 4
C4_USER = ftp_user_nameC4_PASSWORD = ftp_user_passwordC4_FTP = TRUE | FALSEC4_IPADDRESS = ip_addresswhere:
ftp_user_name—the user name for your FTP account (FTP only)
ftp_user_password —the password for your FTP account (FTP only)
TRUE | FALSE—set to TRUE to enable FTP for upload. Set to FALSE if you want to use TFTP.
ip_address—The IP address of the Cisco Provisioning Center host machine is required when there are multiple IP addresses for Cisco Provisioning Center servers in the network. Otherwise, this attribute is optional.
Step 5
Step 6
SYnpt -sS
Setting the Maximum Number of Network Interface Executors
You can set the maximum number of Network interface (NIF) executors in concurrent provisioning on a per site basis by editing the C4.NIFMaxSiteExecutors variable in the syavconfig.site. The default value of this variable is 5. The minimum allowed value is 1. The maximum value is determined by the value of the SYSSR.flowCOntrol variable.
To set the maximum number of NIF executors in concurrent provisioning, complete the following steps:
Step 1
Step 2
cd $CCP_CONFIGStep 3
vi syavconfig.siteStep 4
C4.NIFMaxSiteExecutors = 5Step 5
Step 6
Step 7
SYnpt -sS
Configuring CNX VC Class Autogeneration
You can configure CNX VC Class autogeneration by editing the C4.disableVCClassAutogenerate variable in the syavconfig.site. The default value of this variable is 0, which indicates that VC Class autogeneration is enabled. To disable CNX VC Class autogeneration, the variable must be set to 1.
To configure CNX VC Class autogeneration, complete the following steps:
Step 1
Step 2
cd $CCP_CONFIGStep 3
vi syavconfig.siteStep 4
C4.disableVCClassAutogenerate = 0Step 5
C4.disableVCClassAutogenerate = 1Step 6
Step 7
SYnpt -sS
Setting the Maximum Number of Concurrent Getter Processes
To set the maximum number of concurrent getter processes, you set the C4upl.getterLimit configuration variable to indicate the number of concurrent sessions that Cisco 6400 Equipment Module will use at any one time. The maximum number of concurrent processes that Cisco 6400 EM supports is 100.
To set the maximum number of concurrent getter processes, complete the following steps:
Step 1
Step 2
cd $CCP_CONFIGStep 3
vi syavconfig.siteStep 4
C4upl.getterLimit = 5Step 5
Step 6
Step 7
SYnpt -sS
Setting Getter Timeout Time
To set the getter timeout time, you set the C4.getterTimeout configuration variable to indicate the amount of time (in seconds) the Cisco 6400 Equipment Module will wait before individual getters (both Fabric and Service) will time out. The default value is 60.
To set the getter timeout time, complete the following steps:
Step 1
Step 2
cd $CCP_CONFIGStep 3
vi syavconfig.siteStep 4
C4.getterTimeout = 60Step 5
Step 6
Step 7
SYnpt -sS
Merit RADIUS Configuration
Configuration of the Merit RADIUS server is an integral part of provisioning Layer Two Tunneling Protocol (L2TP) single hop services on Cisco 6400 UAC equipment. The RADIUS server carries information on subscriber service lists and L2TP tunnels. The server acts as a repository of tunnels. Each tunnel has a Service Name key used to bind subscribers to the tunnel.
The Cisco 6400 Equipment Module uses a Merit RADIUS server for service pre-authorization. Data transfer between the Cisco Provisioning Center server host and the Merit server host is accomplished through FTP and TELNET sessions.
Merit RADIUS Installation
Installing the RADIUS Server
To install the Merit RADIUS server, perform the following steps on the host where the RADIUS server is to be installed. It is assumed that you have obtained a copy of the Merit RADIUS server software independently of Cisco Provisioning Center.
Step 1
Step 2
admintoolStep 3
Step 4
Step 5
Step 6
Step 7
Step 8
su - meritPStep 9
cd /usr/private/etcStep 10
Step 11
Starting the RADIUS Daemon
Step 1
cd /usr/private/etcStep 2
$ ./radiusd
Testing the RADIUS Server
It is recommended that you test the Merit RADIUS server to determine whether the server is operational and to determine if the server will correctly authenticate a user.
Step 1
su - meritPStep 2
cd /usr/private/etcStep 3
radcheck -p 1645 -r 1 <hostname>The server is working if a similar output to the following is displayed:
Step 4
radpwtst -p 1645 -s <hostname> -r 1 -w smart -u ppp smartuserIf authentication is successful, the server will prompt:
"smartuser" authentication OK
Automating RADIUS Server Startup
You can enable the RADIUS server to start up automatically when the system is booted. To automate the Merit RADIUS server startup process, follow the following procedure on the RADIUS server host:
Step 1
# RADIUS protocolradius 1645/udpradacct 1646/udpStep 2
radius dgram udp wait meritP /usr/private/etc/radiusd radiusd
Installing the Cisco 6400 Equipment Module Utility Package
The Cisco 6400 Equipment Module includes a utilities package that must be installed separately on the RADIUS server host if you are doing your own installation of a RADIUS server. This package must be installed in the utility directory under the database directory. The package includes the C4buildDBM, C4userFilter, and C4userMerge executables.
To install the package, complete the following procedure:
Step 1
cd usr/private/etc/raddbStep 2
cp /net/host/disk2/SY/Activator/Server/sys/bin/c4Utils.tar.Step 3
tar xvf c4Utils.tar
Note
Configuring the RADIUS Clients File
In order to enable the RADIUS server to allow an NRP authorization request from the Cisco 6400, the NRP must be recognized as a client of the RADIUS server. The clients file must specify the IP address of each NRP that intends to use the RADIUS server for user authorization and authentication. The structure of the clients file will be similar to the following dialog:
Note
For more information on configuring the Merit RADIUS server clients file, visit the Merit Server AAA Configuration clients file page at http://www.merit.edu/aaa/clients.html.
