- Chapter 1: Introduction
- Chapter 2: Basic Concept
- Chapter 3: Building the Network
- Chapter 4: Maintaining an Efficient Network
- Chapter 5: Configuring Hardware
- Chapter 6: Provisioning Cards
- Chapter 7: Provisioning Services and Connections
- Chapter 8: Managing Security
- Chapter 9: Managing Faults
- Chapter 10: Managing Performance
- Chapter 11: Managing Inventory
- Chapter 12: Managing Southbound and Northbound Interfaces
- Chapter 13: Configuring MPLS-TP Using the CPT System
- Appendix A: Icons and Menus Displayed in Prime Optical
- Appendix B: NE Explorer Information
- Appendix C: Slot Property Information-Common, DWDM, Electrical, and Ethernet Cards
- Appendix D: Slot Property Information FC_MR-4, FMEC, Multirate and Optical Cards
- Appendix E: Performance Data
- Appendix F: Error Messages
- Appendix G: Troubleshooting
- Appendix H: ML Provisioning Methodology
Cisco Prime Optical User Guide, 10.6
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- June 15, 2018
Chapter: Chapter 8: Managing Security
- Overview
- Login Advisory Message
- User Security
- User Profiles and Roles
- Restricting User Access
- Performing User Administration
- Viewing the Prime Optical Users Table
- Creating a Prime Optical User
- Modifying a Prime Optical User’s Properties
- Deleting a Prime Optical User
- Viewing Logged In Prime Optical Users
- Ending an Active Prime Optical User Session
- Viewing a List of Failed Login Attempts
- Setting User Interface Preferences
- Locked User Account
- Changing Your User Password
- Managing Security Advisory Messages
- Setting User Preferences
- Enabling or Disabling the Continuous Audible Alarm
- Configuring Prime Optical Security Parameters
- Sending Messages to Other Users
- Viewing User Notification Messages
- Managing Prime Optical User Profiles
- Setting NE Authentication
- Setting Up a Security Policy
- Managing NE User Access
- Viewing the CTC-Based NE User Access Administration Table
- Viewing the NE User Access Administration Table—ONS 15216 EDFA3 NEs
- Filtering NE User Access Administration Table Data
- Adding an NE User
- Adding a Predefined User
- Modifying an NE User Profile
- Deleting an NE User
- Viewing Active NE Users
- Filtering NE Active Users Table Data
- Ending an Active NE User Session
- Managing CTC User Profiles
- Managing Cisco IOS Users
- Managing SNMPv3—CTC-Based Release 9.6 NEs
- Configuring SNMPv3 Parameters
- Viewing SNMPv3 Tables
- Deleting SNMPv3 Users from the SNMPv3 Tables
- Adding and Deleting a Static Entry
- Querying for a NSAP that Matches a TID
- Creating and Deleting a TARP Manual Area Adjacency
- Modifying a OSI Virtual Router
- Enabling, Modifying and Deleting a Subnet
- Creating, Editing and Deleting a GRE Tunnel Route
Managing Security
This topic describes Cisco Prime Optical security and how to manage users and includes an overview of security domains and a description of the user security and NE security features available in Prime Optical.
Overview
- To create a baseline of your current security posture
- To set the framework for security implementation
- To define allowed and disallowed behaviors
- To help determine necessary tools and procedures
- To communicate consensus and define roles
- To define how to handle security incidents
The following security domains govern Prime Optical networks:
- Prime Optical client—A Prime Optical client must be created with one of the existing default user profiles or with a new custom user profile with appropriate access privileges. This new user profile should be created and assigned to a user.
- Prime Optical Operations Support System (OSS) users—OSS-to-Prime Optical sessions are configured by the Prime Optical GateWay EMS-to-NMS interface architectural component. See Managing Southbound and Northbound Interfaces for more information about Prime Optical GateWay.
- NE users—An NE user account must be set up so Prime Optical can use it to communicate with the NE. NE user accounts are used to directly access the NE through the NEs craft tool or the command-line interface (CLI).
Login Advisory Message
After logging in to the Prime Optical client, a login advisory message is shown. By default, the advisory message reads:
Note The login advisory message is not shown, if you log in to Prime Optical through Prime Central.
You can customize the default advisory message as follows:
Step 1 Log in to the Prime Optical server as the root or optusr user.
Step 2 Use a text editor to edit the OpticalPortalProperties.js file in the /opt/CiscoTransportManagerServer/tomcat/webapps/OpticalPortal/lib/xwt/nls directory. Edit the "advisory: property."
The new advisory message can contain up to 1600 characters.
All subsequent users who log in to the Prime Optical client will see the new advisory message.
User Security
This section describes user security and management. This includes procedures on how to add a new user, modify a user’s properties, delete a user, and end an active user session. It also includes procedures on how to add, modify, and delete custom profiles and how to perform NE user administration.
User Profiles and Roles
Every user profile is assigned a transport or security role. The only deviation from this is the SysAdmin user which has both transport and security roles. A user assigned with a transport role has access to operations that are required for EMS and NE administration. A user assigned with a security role has access to all operations required to manage encryption (WSE) cards. You can create a custom user profile or use one of the default Prime Optical user profiles. To create a custom user profile, follow the procedure described in “Adding a Custom User Profile” section.
You can also grant the user with Provisioner and Operator profiles to modify the system coordinates.
- You need to create a duplicate profile for the provisioner profile or the operator profile.
- You must grant read or write privileges for the created duplicate profile for configure system co-ordinates operation.
- Any user created on the basis of the duplicate profile will be able to save the System co-ordinates in Network Map .
- By default, users with operator or provisioner profiles will have read-only privileges for configure system co-ordinates operation. It is possible for the users to still save the custom co-ordinates in network map.
Prime Optical has the following default user profiles:
For specific information on what operations each user profile can perform see Table 8-2.
Restricting User Access
The Administration > Users menu launched from the Domain Explorer window, manages user security. Prime Optical administration allows restricted access logins to enable users to perform tasks based on detailed access privileges. For each action, a user is given read-only, read/write, or no access privileges.
Performing User Administration
This section describes how to perform user administration, including:
- Viewing the Prime Optical Users Table
- Creating a Prime Optical User
- Modifying a Prime Optical User’s Properties
- Deleting a Prime Optical User
- Viewing Logged In Prime Optical Users
- Ending an Active Prime Optical User Session
- Viewing a List of Failed Login Attempts
- Setting User Interface Preferences
- Locked User Account
- Changing Your User Password
- Managing Security Advisory Messages
- Setting User Preferences
- Enabling or Disabling the Continuous Audible Alarm
- Configuring Prime Optical Security Parameters
- Sending Messages to Other Users
- Viewing User Notification Messages
Table 8-2 lists the Prime Optical default user profiles and the privileges associated with each profile. See “User Profiles and Roles” section for default user profile descriptions.
Note • The SuperUser profile has access to all operations, except the Change State operation of the User profile.
- The NetworkAdmin profile has access to all NEs and groups. The SysAdmin profile has access to no NEs or groups.
Edit > Change State 1 |
||||
Viewing the Prime Optical Users Table
The Prime Optical Users table displays basic information about Prime Optical users. The table menu options allow you to create new users, modify users, delete users, and unlock user accounts.
To view the Prime Optical Users table, choose Administration > Users in the Domain Explorer window. Table 8-3 provides descriptions.
Tip You can click any cell or row in the Prime Optical Users table and then type an alphanumeric character on your keyboard. The selection context jumps to the next username row that starts with that letter or number.
If there are multiple usernames that begin with the same letter or number, the selection context cycles through them. For example, if the Prime Optical Users table contains SuperUser and SysAdmin users, and you press the s key multiple times, the selected row toggles between SuperUser and SysAdmin.
Creating a Prime Optical User
Note This functionality is disabled when Prime Optical is installed as part of Prime Central.
Use the Create New Prime Optical User wizard to add new Prime Optical users to the domain. Table 8-4 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Prime Optical Users table, choose Edit > Create (or click the Create a New User tool).
Step 3 In the Create New User wizard, fill in the applicable fields. Table 8-4 provides descriptions.
Step 4 Click Next . When you are finished adding a new SuperUser, NetworkAdmin, or SysAdmin/SecurityAdmin, click Finish .
Step 5 When adding a new Provisioner, Operator, or custom user profile, select the groups and NEs that the Provisioner/SecurityProvisioner or Operator/SecurityOperator will monitor. Selected groups and NEs appear in the Assigned Objects list. (SuperUsers and NetworkAdmins monitor the entire management domain, so there is no need to select groups or NEs when adding one of these users. SysAdmin users do not access any of the NEs.)
a. To assign groups, click the Groups radio button. In the Available Objects list, select the groups that will be assigned to the new user and click Add .
b. To assign NEs, click the Network Elements radio button. In the Available Objects list, select the NEs that will be assigned to the new user and click Add .
Note When individual NEs are assigned, these NEs will appear directly under the top level domain for the user in the Domain Explorer. It is possible that a given NE may have already been assigned as part of a group assignment to the user. In such a case, the same NE will appear directly under the top level domain and also within the assigned group. This behavior is consistent with the Domain Explorer’s ability to represent the same group or NE within multiple locations of the hierarchy.
c. To remove groups or NEs from the Assigned Objects list, select the group or NE from the Assigned Objects list and click Remove .
Step 6 When adding a new Provisioner/SecurityProvisioner, you can restrict the set of SONET or SDH circuit sizes that the user can provision. The selected SONET or SDH circuit sizes appear in the Assigned Circuit Sizes list.
a. To assign SONET circuits, click the SONET radio button. In the Available Circuit Sizes list, select the circuits that will be assigned to the user and click Add .
b. To assign SDH circuits, click the SDH radio button. In the Available Circuit Sizes list, select the circuits that will be assigned to the user and click Add .
c. To remove SONET or SDH circuits from the Assigned Circuit Sizes list, select the circuit size from the Assigned Circuit Sizes list and click Remove .
Step 7 (Optional) In the CTC / Craft User Properties area, enter the username and password for accessing CTC-based NEs or NEs that support a TL1 interface. Then, confirm the password.
Note If the CTC/Craft User username and password have been defined for a given user, when that user launches a TL1 session to an NE that supports a TL1 interface, Prime Optical logs the user in automatically with the ACT-USER command, using the defined craft username and password.
The new user is listed in the Prime Optical Users table. For CTC-based NEs, the new user will be mapped to a CTC user but the CTC user will not be created in the NE database. To create a CTC user on the NE database, see Managing NE User Access.
Name that the user will use to access the system. The username must contain from three to twelve alphanumeric characters (A–Z, a–z, 0–9). Alphabetic characters are case-sensitive. The username must be unique and cannot contain spaces or special characters. Note After the username is set, it cannot be changed without deleting the user. |
|
Login password that the user will use to access the system. The password complexity is configurable in the Control Panel > Security Properties pane. By default, the user password must:
Note By default, the minimum time between password changes is 20 days. The new password must differ from the previous password by three characters, and the new password is compared against the previous ten passwords. |
|
User profile. For more information on default user profiles , see Prime Optical Default User Profiles . Note If WSE cards are provisioned, in addition to creating a SuperUser user, you must also create a SecurityAdmin user. |
|
Domain name. When the user logs in to the system, he or she sees all of the devices contained within this domain. |
|
Permit (enable) or prevent (disable) the user from logging in to the system. |
|
Permit (enable) or prevent (disable) the user from changing his or her password. |
|
Number of days of nonuse that will prompt the account to be disabled automatically. The range is from 0 to 365. The Cisco default is 0, meaning the account will not be disabled automatically as a result of inactivity. |
|
If checked, the user is prompted to change his or her password upon next login to the Prime Optical client. If unchecked, the user is not required to change his or her password upon next login. By default, this option is checked. |
|
Prime Optical automatically logs the user out of the Prime Optical session after the period in the Period field. Click Use Global Settings to use the settings from the Security window. If you do not select Use Global Settings, click Enable to activate logout for the selected user. Enter a logout length in the Period field. |
|
Assign groups or NEs to the new user. Note The Discovered NEs and Deleted NEs groups cannot be assigned to a Provisioner, Operator, or custom user profile. |
|
Select from the list of available objects that can be assigned to the new user. By clicking the Add and Remove buttons, you can move objects back and forth between the Available Objects list and the Assigned Objects list. |
|
Select valid circuit sizes from the list of available circuit sizes. By clicking the Add and Remove buttons, you can move objects back and forth between the Available Circuit Sizes list and the Assigned Circuit Sizes list. |
|
Active username for accessing CTC-based NEs or NEs that support a TL1 interface. The username must contain at least six alphanumeric characters, but not more than 20 characters. |
|
Login password for accessing CTC-based NEs or NEs that support a TL1 interface. The new password must: |
|
Modifying a Prime Optical User’s Properties
Use the Modify Prime Optical User Properties wizard to modify the properties of an existing Prime Optical user. Table 8-5 provides descriptions.
Note Some fields are read-only when Prime Optical is installed as part of Prime Central.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Prime Optical Users table, select the Prime Optical user whose user properties will be modified.
Step 3 Choose Edit > View/Modify (or click the Modify User Properties tool). The Modify User Properties wizard opens.
Step 4 Modify the following fields, as needed; then, click Next . See Table 8-5 for more information on Modify User Properties Wizard field descriptions.
Step 5 (Optional) For Provisioner/SecurityProvisioner, Operator/SecurityOperator, and custom user profiles, modify the list of assigned objects by adding groups or NEs to the Assigned Objects list or removing groups or NEs from the list. Click Next .
Step 6 (Optional) For Provisioners, modify the list of assigned circuit sizes by adding or removing SONET or SDH circuit sizes from the list. Click Next .
Step 7 (Optional) Modify the user’s CTC/craft username and password for accessing CTC-based NEs or NEs that support a TL1 interface. For username and password constraints, see Table 8-5 .
Step 8 Click Finish . The user whose properties were modified is listed in the Prime Optical Users table.
Note • After you change the user privilege level, you receive a message that tells you that the selected user will be logged out. Click OK. This activity is reported in the Audit Log.
- The user whose privilege has been changed receives the message “A user with administration privileges has changed the privileges of this user. The application will be closed.” The user is then logged out.
- You cannot change the user privilege of the last instance of a SysAdmin user. You must create another SysAdmin user before changing the user privilege level of the other SysAdmin user.
Deleting a Prime Optical User
Note • This functionality is disabled when Prime Optical is installed as part of Prime Central.
- Only Administrator user profiles can delete certain users. For more information, see Prime Optical Default User Profiles .
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Prime Optical Users table, select the user to be deleted.
Note A user cannot be deleted from the database until that user logs out. However, an active user session can be ended. See Ending an Active Prime Optical User Session.
Step 3 Choose Edit > Delete (or click the Delete User tool).
Step 4 Click OK to remove the user from the database.
Viewing Logged In Prime Optical Users
The Active User Sessions table lists the Prime Optical users who are currently logged in to the Prime Optical application. Users with SysAdmin and SuperUser user profile privileges can only view this table. For more information on user profiles, see Table 8-1 .
In the Cisco Prime Optical Portal window, choose Administration > Active User Sessions. Table 8-6 provides descriptions.
Ending an Active Prime Optical User Session
Users with proper user profile and/or privileges can terminate (force logout) another user's session of the Cisco Prime Optical Portal and/or of the Prime Optical client. For more information on user profiles, see Table 8-1 .
Step 1 In the Cisco Prime Optical Portal window, choose Administration > Active User Sessions.
Step 2 In the Active User Sessions table, select the user whose session will be ended and click the Log Out button.
Note If you are logged in as an Operator, you cannot log out as a SuperUser.
Step 3 Click the Log Out button. The following prompt occurs:
If the closing session is a client, a warning dialog will open at the closing client, displaying the following message:
If a user tries to log out from a Prime Optical Web Client session, the following error message is displayed:
Viewing a List of Failed Login Attempts
A user with the proper user profile privileges can view a list of failed login attempts. For more information on user profiles, see Prime Optical Default User Profiles .
In the Prime Optical Web Client window, choose Administration > Failed Login Attempts .
Time at which the user attempted to log in to the Prime Optical client and failed. |
Note Attempts made using usernames that do not exist are reported as "UNKNOWN" in the User Name column.
Setting User Interface Preferences
Prime Optical UI has been enhanced to make it compliant with accessibility recommendations. Accessibility is the degree to which a product, device, service, or environment is available to as many users as possible. Accessibility can be viewed as the ability to access and benefit from some system or entity.
The concept often focuses on users with disabilities or special needs.
The User Interface Preferences page consists of Text Size and Contrast Level settings. For more information on UI preferences, see Table 8-8 .
Check the Activate Simplified UI check box to activate all the UI pages. The UI pages displays the non-focusable elements having an additional control of describing the entire access to the UI page. |
In the Prime Optical Web Client window, choose Administration > UI Preferences.
Locked User Account
By default, Prime Optical allows users a maximum of five login attempts from the same IP address within a minute. The user account is locked after the fifth unsuccessful login attempt. The lockout duration is one minute, after which the account is automatically unlocked.
When the Prime Optical Server is shut down, it is possible to configure maximum login attempts and the time interval by modifying the settings in the throttlingContext.xml file located at the following path: PrimeOpticalServer/tomcat/webapps/SSO/WEB-INF/spring-configuration/
Changing Your User Password
Note This functionality is disabled when Prime Optical is installed as part of Prime Central.
Prime Optical users can use the Change Password dialog box to change their Prime Optical passwords. The password change applies to the Prime Optical user who is currently logged in. There is an enforced password change request when the default user logs in for the first time. If the user does not change the password, the Prime Optical session is canceled.
Note • The password complexity is configurable in the Control Panel > Security Properties pane.
- It is possible to set up the user account such that the change password function is disabled. See the description of the Password Change field in Creating a Prime Optical User.
Complete the following steps to change your user password:
Step 1 In the Prime Optical web client window, choose Administration > Change Password .
Step 2 To change the Prime Optical password:
a. In the Change Password dialog box, enter the current password in the Current Password field.
b. Enter the new password in the New Password field. For password constraints, see Table 8-9 .
Managing Security Advisory Messages
Use the Security Advisory Message Management wizard to choose a CTC-based NE from which a security advisory message can be loaded. The wizard then provides you with a list of NEs where the user can download this security message. When you click Finish , Prime Optical schedules a job for this action, and the security message downloaded to each selected NE is tracked as a separate task on the Job Monitor table.
Note Prime Optical schedules a job for CTC-based NEs.The event status are updated in the Job Monitor table.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > Security Advisory Management. The Security Advisory Message Management wizard opens. Table 8-10 provides descriptions.
Step 2 Select the NE where the security advisory message exists.
Step 3 Click the Text tab to view the existing security advisory message on the selected NE. If no message exists, you can use this field to enter a new message.
Step 5 Use the Add and Remove buttons to move NEs to or from the Selected NE(s) list.
Note You can also use the NE Explorer node view to set the security advisory message for CTC-based NEs. In the node properties pane, click the Security tab. In the Legal Disclaimer tab, there is a default advisory message that is noncustomer-specific. Change the text if you want the disclaimer to be specific for your company. In the Preview tab, you can view the advisory message before saving it. Click Apply.
Setting User Preferences
Use the User Preferences dialog box to configure the Prime Optical user interface.
Step 1 In the Domain Explorer window, choose Edit > User Preferences . The User Preferences dialog box opens. Table 8-11 provides descriptions.
Step 2 After specifying the settings, check the Save Current Settings check box to preserve the current settings even after logging out. Users with the appropriate privileges can check the Save as Default User Template check box to save the current settings as the default for new users who are added in the future. Current users who have not altered their default settings adopt the new default settings when they log out.
Step 3 Click OK to save the settings. After you save the selections, all subsequent views use the saved preferences.
Enabling or Disabling the Continuous Audible Alarm
Step 1 In the Domain Explorer window, choose Edit > User Preferences . The User Preferences dialog box opens.
Step 2 In the Event Notification tab > Play Audible Notification For area , check the Continuous Alarm For Dashboard Notifications check box.
Step 4 To disable the continuous audible alarm, choose Fault > Stop Continuous Beep in the Domain Explorer window.
Configuring Prime Optical Security Parameters
Use the Security Properties pane to configure Prime Optical security parameters and password complexity rules. You can also specify usernames and passwords for the ONS 15216 EDFA2, ONS 15216 EDFA3, ONS 15216 OADM, ONS 15305 CTC, ONS 15310 CL, ONS 15310 MA SONET, ONS 15310 MA SDH, ONS 15327, ONS 15454 SONET, ONS 15454 SDH, ONS 15600 SONET, ONS 15600 SDH, CPT 200, CPT 200 SDH, CPT 600, and CPT 600 SDH, NCS 2002 SONET, NCS 2002 SDH, NCS 2006 SONET, and NCS 2006 SDH.
Note • Passwords that are already in the system are not affected by modifications to the password complexity rules. The password complexity rules are checked when:
– A privileged user adds a new user to the system
– A privileged user modifies an existing user’s password
– A user changes his or her own existing password
- Regardless of the actual length of the password, the Password and Confirm Password fields display only a fixed-length string of 15 asterisks (*).
Complete the following steps to configure Prime Optical security properties:
Step 1 In the Domain Explorer window, choose Administration > Control Panel .
Step 2 Click Security Properties and set the parameters described in Table 8-12 . Tabs shown depend on the modules that are installed.
Note If there are many tabs displayed in the properties pane, select the arrow or Show List icons to view all available tabs.
|
Note This functionality is disabled when Prime Optical is installed as part of Prime Central. |
|
Number of days before the password expires. The user is prompted to change the password after the specified number of days. The range is from 0 to 3650; the Cisco default is 30. A value of 0 disables this feature. |
|
Allows you to configure an early warning period for password expiration. Enter the number of days before the warning in the Password Expiration Early Notification field. Prime Optical supports values of 0 to (password aging - 1), with a maximum of 30. For example, if the password aging is configured for 30 days, the maximum early notification value would be 29 days. A value of 0 disables this feature. |
|
If checked, Prime Optical automatically logs the user out of the Prime Optical session after the period in the Logout Period field. |
|
Number of minutes a user’s Prime Optical session is inactive before Prime Optical automatically logs the user out. The range is from 1 to 1440. |
|
|
Note This functionality is disabled when Prime Optical is installed as part of Prime Central. |
|
Number of days a user must wait between password changes. The range is from 0 to 99 days; the Cisco default is 1. A value of 0 disables this feature. |
|
Number of characters by which the new password must differ from the previous one. The range is from 1 to 5; the Cisco default is 3. |
|
Number of previously used passwords to compare against the new password. The range is from 0 to 15; the Cisco default is 5. A value of 0 disables this feature. |
|
Maximum. The range is from 10 to 15; the Cisco default is 12. |
|
Minimum number of alphabetic characters that the password must include. The range is from 0 to 2; the Cisco default is 2. |
|
Minimum number of lowercase alphabetic characters that the password must include. The range is from 0 to 2; the Cisco default is 1. |
|
Minimum number of uppercase alphabetic characters that the password must include. The range is from 0 to 2; the Cisco default is 1. |
|
Minimum number of numeric characters that the password must include. The range is from 0 to 2; the Cisco default is 1. |
|
Minimum number of special characters that the password must include. The range is from 0 to 2; the Cisco default is 1. |
|
If checked, a special character is allowed as the first or last character in the password. If unchecked, the first or last character in the password cannot be a special character. |
|
If checked, a numeric character is allowed as the first or last character in the password. If unchecked, the first or last character in the password cannot be a number. |
|
If checked, the user ID or a circular shift of the ID can be used in the password. If unchecked, the user ID or a circular shift of the ID cannot be used in the password. |
|
Username that the Prime Optical server uses to connect to ONS 15216 EDFA2 NEs. |
|
Password to use for Prime Optical server connections to ONS 15216 EDFA2 NEs. |
|
Username that the Prime Optical server uses to connect to ONS 15216 EDFA3 NEs. Note The ONS 15216 EDFA3 has a TL1 interface and multiple usernames can be defined for authentication. Each username can be used for only one active connection. A second connection with the same username is not allowed. The current user must log out before another user can log in with that username. |
|
Password to use for Prime Optical server connections to ONS 15216 EDFA3 NEs. |
|
Username that the Prime Optical server uses to connect to FTP for software download, memory backup, and memory restore. 
|
|
Password to use for Prime Optical server connections to FTP. |
|
Absolute path for the FTP directory, beginning with a forward slash (/). |
|
Username that the Prime Optical server uses to connect to ONS 15216 OADM NEs. Note The ONS 15216 OADM has a TL1 interface and multiple usernames can be defined for authentication. Each username can be used for only one active connection. A second connection with the same username is not allowed. The current user must log out before another user can log in with that username. |
|
Password to use for Prime Optical server connections to ONS 15216 OADM NEs. |
|
Username that the Prime Optical server uses to connect to ONS 15305 CTC, ONS 15310 MA SDH, ONS 15454 SDH, ONS 15600 SDH, CPT 200 SDH, and CPT 600 SDH NEs. By default, NEs are configured with the username CISCO15 . The account specified on the NE for Prime Optical to use must be a SuperUser-level account. When ONS 15454 NEs are present, please do the following:
For the ONS 15310 MA SDH and ONS 15454 SDH, this tab also contains Username fields for Prime Optical server connections to ML-series cards and for Prime Optical server connections to TL1 tunnel NEs. The default username is configured as CISCO15 for the ML cards specified in the default Cisco IOS configuration file. The Cisco IOS configuration file is included in the Prime Optical server installation CD (misc/bareboneCLI_Security.txt). By default, the username for all connections is configured as CISCO15 . |
|
Password to use for Prime Optical server connections. For the ONS 15454 SDH, this is also the password to use for ML-series card and TL1 tunnel NE connections. Note The default password is configured as CTM123+ for the ML cards specified in the default Cisco IOS configuration file. |
|
Username that the Prime Optical server uses to connect to ONS 15310 CL, ONS 15310 MA SONET, ONS 15327, ONS 15454 SONET, ONS 15600 SONET, CPT 200, and CPT 600 NEs. By default, NEs are configured with the username CISCO15 . The account specified on the NE for Prime Optical to use must be a SuperUser-level account. When ONS 15454 NEs are present, please do the following:
For the ONS 15310 CL, ONS 15310 MA SONET, and ONS 15454 SONET, this tab also contains a Username field for Prime Optical server connections to ML-series cards. For the ONS 15310 CL, ONS 15310 MA SONET, ONS 15327, and ONS 15454 SONET, this tab also contains a Username field for Prime Optical server connections to TL1 tunnel NEs. |
|
Password to use for Prime Optical server connections. For the ONS 15310 CL, ONS 15310 MA SONET, and ONS 15454 SONET, this tab also contains a Password field for Prime Optical server connections to ML-series cards. For the ONS 15310 CL, ONS 15310 MA SONET, ONS 15327, and ONS 15454 SONET, this tab also contains a Password field for Prime Optical server connections to TL1 tunnel NEs. |
|
|
Note After changing the field values in the Server - SNMP Connection area, mark the NEs as Out of Service and then In Service. |
|
Check this check box to use SNMPv3. If unchecked, Prime Optical uses SNMPv1/v2. |
|
Name of the Prime Optical user who is enabled for SNMPv3 communication. |
|
Select the authentication protocol to use for authenticating the SNMPv3user. Values are None, MD5, or SHA. |
|
Enter the password used to authenticate the SNMPv3 user. The password must contain:
Regardless of the actual length of the password, the Password and Confirm Password fields display only a fixed-length string of 15 asterisks (*). |
|
Select the privacy protocol for the SNMPv3 user. You can choose one of the following: |
|
Username that the Prime Optical server uses to connect to CRS NE. |
|
Password to use for Prime Optical server connections to CRS NE. |
|
Sending Messages to Other Users
Use the Notify Users dialog box to type and send a message to all Prime Optical users, or to all Prime Optical users with the same user privileges. For example, you might want to alert all users before shutting down the Prime Optical server.
Table 8-13 provides descriptions.
Step 1 In the Domain Explorer window, choose File > Notify Users . The Notify Users dialog box opens.
Step 2 In the Message Targets area, select the recipients of the message.
Step 3 Type the message in the Message Target area.
- To send the message to the specified recipients, click Send .
- To cancel the message and close the dialog box, click Cancel .
- To launch the online help for the Notify Users dialog box, click Help .
Viewing User Notification Messages
The User Notification dialog box pops up on your screen when another user sends a message to a certain user profile or to all Prime Optical users, and you belong to one of those groups. Table 8-14 provides descriptions.
Managing Prime Optical User Profiles
The following sections describe how to view, add, modify, delete, and duplicate a Prime Optical user profile.
Viewing User Profiles
The Prime Optical User Profiles table displays basic information about Prime Optical user profiles. Use the menu options to manage user profiles.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Prime Optical Users table, choose Administration > User Profiles (or click the Launch User Profiles Table tool). Table 8-15 provides descriptions.
NE assignment for the selected user profile. NE assignments are: |
|
Adding a Custom User Profile
Use the Create New User Profile wizard to add Prime Optical user profiles. Table 8-16 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Cisco Prime Optical Users table, choose Administration > User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Prime Optical User Profiles table, choose Edit > Create (or click the Create a New User Profile tool).
Step 4 In the Create New User Profile wizard, specify the following:
Step 6 Select a user profile category from the Categories area. Operations for each category are displayed on the right side of the Categories area.
Step 7 Specify user capabilities by setting permission or privileges for one or all operations. When setting privileges for each operation, select one of the following radio buttons:
When setting privileges for all operations, select one of the following buttons:
Note • The user profile operations displayed on the right side of the Create New User Profile wizard depend on the category selected. You can select the root node to see all the operations for all categories.
- You must select privileges for all possible operations even if related modules (NEs, GateWay/CORBA, cards, etc.) are not currently installed on the server.
- Only a Super user can view critical alarms. The new user created cannot view the critical alarms.
The Create New User Profile Wizard allows you to select a set of Alarm Conditions
For new custom profile alarms in the Create New User Profile Wizard, follow these steps:
1. Click the Set All Read Only button.
A warning message is displayed. Click Ok. A dialog box is displayed.
3. Enter the custom alarm profile that you created and select the profile from the Conditions area.
The selected custom profile gets added under the Selected Items area.
Note The Create New Wizard for custom profile is displayed only when you select the Select option under Visible Alarms. This feature is not applicable on the Link table, network map, and circuit trace.
Step 9 Click Yes in the message box. (The message box will not be displayed if it is disabled in the User Preferences dialog box. See Setting User Preferences for more information.)
Enter the name of the new user profile. The profile name must contain from six to forty alphanumeric characters (A–Z, a–z, 0–9). Alphabetic characters are case-sensitive. The profile name must be unique in Prime Optical and cannot contain spaces or special characters. |
|
Transport or Security roles assigned to every user profile. Select Transport or Security role check box from the Role option. Note After a profile is saved, you cannot change the assigned role. |
|
Set user privileges for specific Prime Optical categories. Select a category in the left panel to display that category’s available operations. Select an operation from the Operations column; then, select a user privilege for the selected operation from the radio buttons in the Privileges column. Note Click the Set All Read Only button for LOS alarms only.
The Warning column lists the dependencies between various operations. After you click Finish to create the new user profile, a warning dialog box lists all of the warning messages. If you check the Don’t Display User Profile Creation Warning Messages check box, the warning dialog box does not appear for subsequent user profile creations in the current client session. If you check the Don’t Display User Profile Creation Warning Messages check box in the User Preferences dialog box, the warning dialog box is disabled as specified for the current user or as a template for new users. You can export User Privileges specific to a user or all users. Note Exporting data can be performed for both HTML and CSV data export. A HTML Report window is displayed. Following options are available: – All rows in current page radio button – Export Profile Privileges check box Check the Export Profile Privileges check box to export the user profile name and the related information, along with the category wise distribution of the operations and the respective permissions. For more information on exporting profile privileges, see Exporting Data. |
Modifying a User Profile
Use the Modify User Profile wizard to modify Prime Optical user profiles. Table 8-16 provides descriptions.
Note Users created with a certain profile cannot be changed to another profile. To change profiles, the user must be deleted, then recreated with the new profile.
Note Modifying a profile will log out all users who are logged in with that profile.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Cisco Prime Optical Users table, choose Administration > User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Prime Optical User Profiles table, click the profile to modify; then, choose Edit > View/Modify (or click the View/Modify User Profile Properties tool).
Step 4 In the Modify User Profile wizard, modify the following:
Step 6 Select a user profile category from the Categories area. Operations for each category are displayed on the right side of the Categories area.
Step 7 Specify user capabilities by setting permission or privileges on one or all operations. When setting privileges for each operation, select one of the following radio buttons:
When setting privileges for all operations, select one of the following buttons:
Note • The user profile operations displayed on the right side of the Modify User Profile wizard depend on the category selected. You can select the root node to see all the operations for all categories.
The Create New User Profile Wizard allows you to select a set of Alarm Conditions .
For new custom profile alarms in the Create New User Profile Wizard, follow these steps:
1. Click the Set All Read Only button.
A warning message is displayed. Click Ok. A dialog box is displayed.
3. Enter the custom alarm profile that you created and select the profile from the Conditions area.
The selected custom profile gets added under the Selected Items area.
Note The Create New Wizard for custom profile is displayed only when you select the Select option under Visible Alarms. This feature is not applicable on the Link Table, Network Map, and Circuit Trace.
Step 9 Click Yes in the message box. (The message box will not be displayed if it is disabled in the User Preferences dialog box. See Setting User Preferences for more information.)
Deleting a User Profile
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Cisco Prime Optical Users table, choose Administration > User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Prime Optical User Profiles table, select the profile you want to delete; then, choose Edit > Delete (or click the Delete User Profile tool).
Step 4 In the confirmation dialog box, click OK .
Note The default user profiles (SuperUser, SysAdmin, NetworkAdmin, Provisioner, and Operator) cannot be deleted. Custom user profiles cannot be deleted if they are assigned to any user. Delete the user with the custom user profile before deleting the user profile. See Deleting a Prime Optical User.
Duplicating a User Profile
Use the Domain Explorer window to duplicate an existing Prime Optical user profile.
Step 1 In the Domain Explorer window, choose Administration > Users .
Step 2 In the Cisco Prime Optical Users table, choose Administration > User Profiles (or click the Launch User Profiles Table tool).
Step 3 In the Cisco Prime Optical User Profiles table, select the profile you want to duplicate; then, choose Edit > Duplicate (or click the Duplicate User Profile tool).
Step 4 In the Create Duplicate Profile dialog box, enter the duplicate profile name. See Table 8-17 for name constraints.
NE Security Management
This section describes NE security, including setting authentication on an NE, setting up a security policy, using log tables, and managing NE user access.
Setting NE Authentication
Use the NE Authentication dialog box to select the security properties (username and password for each authentication session) for multiple NEs. For each ONS 15000 NE that supports authentication, there is a specific Security tab in the Domain Explorer window.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs , ONS 15216 > NE Authentication . The NE Authentication dialog box opens. Table 8-18 provides descriptions. Fields shown depend on the NE that is selected.
Step 2 Specify the NEs that you will set a username and password authentication for. Click Add to add NEs to the Selected NEs list, or click Remove to remove NEs from the list.
Step 3 In the Server - NE Connection area, enter the following information:
Note The username and password that you enter must have Superuser privileges on the node to enable full Prime Optical access to the NE.
Step 4 In the Server - TL1 Tunnel GNE Connection area, enter the following information:
Note You can also set the NE authentication username and password in the Domain Explorer > Network Element Properties pane > NE Authentication tab. When changing the username or password of an NE, mark that NE as Out of Service and then In Service.
Note If the username and password fields in the NE Authentication tab are left blank, Prime Optical uses the username and password defined in the Control Panel.
Setting Up a Security Policy
You can set up a security policy for CTC-based NEs.
Step 1 Select a CTC-based NE and choose Configuration > NE Explorer .
Step 2 In the tree view of the Domain Explorer window, select the NE node.
Step 3 In the node properties pane of the Domain Explorer window, click the Security tab.
Step 4 Complete the following information in the Policy tab:
– Retrieve—Set the idle user timeout for a CTC Retrieve user.
– Maintenance—Set the idle user timeout for a CTC Maintenance user.
– Provisioner—Set the idle user timeout for a CTC Provisioner user.
– SuperUser—Set the idle user timeout for a CTC SuperUser.
Note Idle time can be from zero to 16 hours, 39 minutes (999 minutes). To deactivate the Idle User Timeout, enter zero as the idle time. A user already logged in to the node is not affected by a change to the Idle User Timeout policy.
– Manual Unlock By SuperUser—If checked, the CTC SuperUser user must manually unlock locked out CTC users. If unchecked, locked out CTC users are automatically unlocked after the lockout duration period elapses.
– Lockout Duration—Set the lockout duration period for locked out CTC users. This field is only enabled if the Manual Unlock by SuperUser check box is unchecked.
– Failed Logins Allowed—Set the number of failed logins before the CTC user is automatically locked out.
– Single Sessions Per User—If checked, each CTC user can only launch one session at a time.
– Disable Inactive User—If checked, inactive users will be disabled automatically.
– Inactive Duration—If Disable Inactive User is checked, specify the inactive duration in days. The range is from 1 to 99; the Cisco default is 45.
Step 5 Complete the following information in the Password tab:
– Prevent Reusing Last—Prevents setting a CTC user’s current password to one of the most recent passwords. You can set the number of most recent passwords that cannot be reused.
– Disable Password Flipping—If checked, users cannot change passwords for the number of days specified in the Can Change Password After field.
– Can Change Password After—Enter the number of days that must elapse before the user can change the password.
– Force Password Change After Assigned—If checked, during the first successful login, the user is forced to change the password.
– Password Difference—Enter the number of characters by which the new password of a user must differ from the old password, while performing a password change. The range is from 1 to 5. The default value is 1.
– Enable Password Aging—Check this check box to enable password aging.
– Aging Period—Enter the aging period , in days, for Retrieve, Maintenance, Provisioner, and SuperUser CTC users. After the aging period expires, CTC users are forced to change their passwords.
– Warning Period—Enter the warning period , in days, for Retrieve, Maintenance, Provisioner, and SuperUser CTC users. After the warning period expires, CTC users are warned that their passwords will soon expire.
Step 6 Complete the following information in the Access tab for all CTC-based NEs R5.0 or earlier:
– LAN Access—Specify the type of LAN access allowed. Values are Backplane Only, No LAN Access, Front and Backplane, or Front Only.
Note After setting the LAN access to the backplane, the Prime Optical client is unusable for 4 to 5 minutes.
– Restore Timeout—Specify the restore timeout period in minutes. This time period begins if No LAN Access is selected and all DCC connections are lost. If the time expires before a DCC is restored, LAN access is restored so that the node is not isolated. When the DCC comes back, LAN access returns to its specified settings. The range is from 0 (never) to 60; the Cisco default is 5.
– Shell Access On—Specify shell access on Telnet or SSH.
– Telnet Port—This is enabled if you selected the Telnet radio button. Enter the Telnet port number.
– SSH Port— Display only . Indicates the SSH port number that will be used if the SSH radio button is selected.
– PM Clearing Privilege—Select the user privilege that allows clearing PM statistics for the NE.
Step 7 Complete the following information in the Access tab for all CTC-based NEs R6.0 or later:
– LAN Access—Specify the type of LAN access allowed. Values are Backplane Only, No LAN Access, Front and Backplane, or Front Only.
Note After setting the LAN access to the backplane, the Prime Optical client is unusable for 4 to 5 minutes.
– Restore Timeout—Specify the restore timeout period in minutes. This time period begins if No LAN Access is selected and all DCC connections are lost. If the time expires before a DCC is restored, LAN access is restored so that the node is not isolated. When the DCC comes back, LAN access returns to its specified settings. The range is from 0 (never) to 60; the Cisco default is 5.
– Enable Craft Port—Check this check box to enable the craft port.
– Access State—Choose the Shell access state from the drop-down list. You can select Disable, Non-secure, or Secure.
– SSH Port— Display only . Indicates the SSH port number that will be used.
– SFTP Port— Display only . Indicates the SFTP port number that will be used.
– Telnet Port—This is enabled if you selected the Non-secure access state. Enter the Telnet port number that will be used.
– Use Standard Telnet Port—Check this check box to indicate that the standard Telnet port will be used.
– Enable Shell Password— Display only . Indicates whether the Shell password is enabled. You cannot enable the Shell password in Prime Optical. Enabling and providing a Shell password is currently done in CTC.
– Access State—Choose the TL1 access state from the drop-down list. You can select Disable, Non-secure, or Secure.
– Access State—Choose the SNMP access state from the drop-down. You can select either Disable or Non-secure.
– PM Clearing Privilege—Choose the user privilege that allows clearing PM statistics for the NE.
– Access State—Choose the EMS access state from the drop-down list. You can select either Non-secure or Secure. Then, click OK at the following warning message:
When you change the EMS access mode of the NE, Prime Optical resynchronizes the NE connections during the next health poll. If you make provisioning changes to the NE before the resynchronization is complete, the changes might not be saved. Wait for the resynchronization to complete before making any provisioning changes to the NE.
Note When you change the state from Secure to Non-secure or vice versa, the NE might reboot or resynchronize to reflect the changes. During this time, if you try to reapply the other state (Secure to Non-secure or vice versa), the changes might not be saved. The operation requires time to execute successfully.
– CORBA Listener Port—Select the port numbers for the TCC CORBA (IIOP) listener port and the TCC CORBA (SSLIOP) listener port. Select one of the following radio buttons:
Default-Fixed—Assign a default port number.
Standard Constant—The port number for the TCC CORBA (IIOP) listener port is 683. The port number for the TCC CORBA (SSLIOP) listener port is 684.
Other Constant—When selected, enter the port number that will be used.
Step 8 Complete the following in the RADIUS Server tab for all CTC-based NEs R6.0 or later:
- Enable RADIUS Authentication—Check this check box if you want to enable RADIUS authentication.
- Enable RADIUS Accounting—Check this check box if you want to enable RADIUS accounting. This is enabled if the Enable RADIUS Authentication check box is checked.
- Enable the Node as the Final Authenticator When no RADIUS Server is Reachable—Select a row from the RADIUS Servers in Order of Authentication table; then, check this check box. This indicates that the RADIUS server that you selected will be the final authenticator when no other RADIUS servers can be reached.
- Enable Access Challenge—Select a row from the RADIUS Servers in Order of Authentication table; then, check this check box. This indicates that you are enabling access challenge in the RADIUS server that you selected.
Table 8-19 describes the fields in the RADIUS Servers in Order of Authentication table.
Click the Up and Down buttons to reorder the list of RADIUS servers in the table.
See Managing RADIUS Servers for information on how to create, modify, and delete RADIUS servers. You can create a maximum of 10 RADIUS server entries.
Step 9 Complete the following in the Legal Disclaimer tab:
Creating a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer .
Step 2 In the tree view of the Domain Explorer window, select the NE node.
Step 3 In the properties pane of the Domain Explorer window, click the Security tab > RADIUS Server tab.
Step 5 In the Create New RADIUS Server dialog box, enter the following information:
Step 6 Click OK . The new RADIUS server is added to the RADIUS Servers in Order of Authentication table. You can create a maximum of 10 RADIUS server entries.
Modifying a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer .
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the properties pane of the NE Explorer window, click the Security tab > RADIUS Server tab.
Step 4 From the RADIUS Servers in Order of Authentication table, select a RADIUS server to modify; then, click Edit .
Step 5 In the Edit RADIUS Server dialog box, modify the following information:
Step 6 Click OK . Changes to the RADIUS server appear in the RADIUS Servers in Order of Authentication table.
Deleting a RADIUS Server
Step 1 Select a CTC-based NE R6.0 or later and choose Configuration > NE Explorer .
Step 2 In the tree view of the NE Explorer window, select the NE node.
Step 3 In the properties pane of the NE Explorer window, click the Security tab > RADIUS Server tab.
Step 4 From the RADIUS Servers in Order of Authentication table, select a RADIUS server to delete; then, click Delete .
Step 5 Click Yes in the confirmation dialog box.
Managing NE User Access
You can view, add, modify, and delete user accounts for CTC-based ONS 15216 EDFA3 NEs.
Viewing the CTC-Based NE User Access Administration Table
The NE User Access Administration table displays information about the existing users on the NEs that are selected from the Prime Optical domain.
To view the NE User Access Administration table, choose Administration > CTC-Based NEs > NE User Access Administration . Table 8-20 provides descriptions.
Viewing the NE User Access Administration Table—ONS 15216 EDFA3 NEs
The NE User Access Administration table displays information about the existing users on the NEs that are selected from the Prime Optical domain.
To view the NE User Access Administration table, choose Administration > ONS 15216 > NE User Access Administration . Table 8-21 provides descriptions.
Filtering NE User Access Administration Table Data
Step 1 In the NE User Access Administration table, choose File > Filter (or click the Filter Data tool). The Filter dialog box opens.
Step 2 Specify the filter parameters described in Table 8-22 .
Step 3 After making your selections, click OK to run the filter.
Adding an NE User
Use the Add NE User wizard to add new users to ONS 15216 EDFA3, or CTC-based NEs. Table 8-23 provides descriptions.
Note Only users with Read/Write/Administrative privileges can add a new user to the ONS 15216 EDFA3.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 15216 > NE User Access Administration . The NE User Access Administration table opens.
Step 2 Choose Edit > Add (or click the Create a New User tool) for CTC-based or ONS 15216 EDFA3 NEs. The Add NE User wizard opens.
Step 3 In the Network Elements area, choose the NEs from the Available NEs list that the new user will have access to and click Add . These NEs will appear in the Selected NEs list. If you want to remove NEs that the new user has access to, select the NEs from the Selected NEs list and click Remove .
Step 5 Set the new user account:
Step 6 Click Add . Each new user is added in the Selected Users Profile list.
Step 7 To remove a new user from the Selected Users Profile list, select the user profile and click Remove .
Step 8 Click Finish . The result of this activity can be monitored in the Job Monitor table.
Step 9 In the confirmation dialog box, click OK .
Note The addition of an NE user account cannot be scheduled for an NE that is marked as Out of Service. The NE is not available in the list of NEs.
The addition of an NE user account can be scheduled for an NE that is marked as In Service and with a communication state of Unavailable. The job will remain in the Job Monitor table in Waiting status and will be executed once the NE becomes available. This job cannot be canceled while in Waiting status.
Adding a Predefined User
Use the Add Predefined User wizard to add a predefined Prime Optical user from an NE or from the NE User Access Administration table. Table 8-24 provides descriptions.
Note The Add Predefined User wizard is not available for ONS 15216 EDFA3 NEs.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > NE User Access Administration . The NE User Access Administration table opens.
Step 2 For CTC-based NEs, choose Edit > Add Predefined Users .
Step 3 In the Add Predefined User wizard, do the following:
a. Select the area from which you will choose the predefined NE user. In the Existing NE User Selection area, click one of the following:
- From NE —To choose predefined users of a specific NE.
- From Prime Optical User Table —To choose predefined users associated with the Prime Optical user in the Prime Optical User table.
- From CTC User Profile Table —To choose predefined users associated with the CTC user in the CTC User Profile table.
b. If you chose to select users from an NE, in the NE Selection area, choose the NE from the Select NE to pick users from drop-down list. If you chose to select from the Prime Optical User table, this field is unavailable.
c. If you chose to select users from an NE, specify and verify the password in the Specify User Password area. This password will be applied to all the users selected in the next window. If you chose to select from the Prime Optical User table, you can force a password to the user by checking the Force Password check box, then specifying and verifying the password.
d. Specify the user privilege. If you chose to select users from an NE, you can force a privilege to the user by checking the Force Privilege check box.
This privilege will be applied to all the users selected in the next window.
Step 5 Select the predefined users. Use the Add and Remove buttons to add or remove users in the Selected Users list.
Step 7 Specify the NEs that the new user will have access to. Use the Add and Remove buttons to add or remove NEs in the Selected NEs list.
Step 8 Click Finish . The result of this activity can be monitored in the Job Monitor table.
Step 9 In the confirmation dialog box, click OK .
Modifying an NE User Profile
Use the Modify NE User wizard to make changes to existing NE users. Table 8-25 provides descriptions.
Note Only users with Read/Write/Administrative privileges can modify a user’s password and privilege level on the ONS 15216 EDFA3.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 15216 > NE User Access Administration . The NE User Access Administration table opens.
Step 2 Select a user from the list. Choose Edit > View/Modify (or click the Modify User Properties tool) for CTC-based and ONS 15216 EDFA3 NEs.
Step 3 In the Modify NE User wizard, modify the following information (as needed). Fields shown depend on the NE selected:
Note You cannot modify the Privilege, Lock Out, Disabled, and Change Password on Next Login fields if the selected user is active.
Step 4 Do one of the following:
a. If you did not check Modify User on Multiple NEs, proceed to the next step.
b. If you checked Modify User on Multiple NEs, click Next . Select the NEs that the modified user can or cannot access.
Step 5 Click Finish . The result of this activity can be monitored in the Job Monitor table.
Step 6 In the confirmation dialog box, click OK .
Step 7 If you are modifying the profile of a user who is currently logged in, click OK in the warning message. Changes to the NE user profile will take effect on the user’s next login attempt.
Note • You cannot modify an existing NE user account for an NE that is marked as Out of Service. You can select the NEs records in the NE User Access Administration table, but when you try to modify the account, you will receive an error message telling you that you cannot perform the operation.
- You can schedule modification of an existing NE user account for an NE that is marked as In Service but is unavailable. The job remains in Waiting status in the Job Monitor table and is executed when the NE becomes available. You cannot cancel the job.
Deleting an NE User
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 15216 > NE User Access Administration . The NE User Access Administration table opens.
Step 2 Select a user from the list and choose Edit > Delete (or click the Delete User tool) for CTC-based and ONS 15216 EDFA3 NEs.
Note You cannot delete a user who is currently logged in. For CTC-based NE users, you must first log out the user from the Active NE Users table. See Ending an Active NE User Session. For ONS 15216 EDFA3 NE users, you must wait for the user to log out before deleting that user.
Note Only users with Read/Write/Administrative privileges can delete an ONS 15216 EDFA3 user.
Step 3 Click Yes in the confirmation dialog box.
Step 4 Click OK in the message box.
Note You cannot delete an existing NE user account for an NE that is marked as Out of Service. You can select the NEs records in the NE User Access Administration table, but when you try to delete the account, you will receive an error message telling you that you cannot perform the operation.
Note You can schedule deletion of an existing NE user account for an NE that is marked as In Service but is unavailable. The job remains in Waiting status in the Job Monitor table and is executed when the NE becomes available. You cannot cancel the job.
Viewing Active NE Users
The NE Active Users table displays information about the users who are currently logged in to selected NEs in Prime Optical. Table 8-26 provides descriptions. Fields shown depend on the NE selected.
Note The ONS 15216 EDFA3 supports up to 20 user accounts with up to 11 simultaneous Telnet user connections. Each user can open only one connection at a time.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs or ONS 15216 > NE User Access Administration . The NE User Access Administration table opens.
Step 2 For CTC-based and ONS 15216 EDFA3 NEs, choose Edit > NE Active Users (or click the Show NE Active Users tool). The NE Active Users table opens.
Step 3 For CTC-based NEs, choose Administration > Retrieve Last Activity Time (or click the Retrieve Last Activity Time tool) to refresh the Last Activity Time field for the current list of active users, if the activity time has changed.
Filtering NE Active Users Table Data
Step 1 In the NE Active Users table, choose File > Filter (or click the Filter Data tool). The Filter dialog box opens.
Step 2 Specify the filter parameters described in Table 8-27 .
Step 3 After making your selections, click OK to run the filter.
Ending an Active NE User Session
You can use the Log Out User feature to end a user session on CTC-based NEs.
Note The Log Out User feature is not available for ONS 15216 EDFA3 NEs.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > NE User Access Administration . The NE User Access Administration table opens.
Step 2 For CTC-based NEs, choose Edit > NE Active Users (or click the Show NE Active Users tool). The NE Active Users table opens.
Step 3 For CTC-based NEs, choose Administration > Log Out User (or click the Log Out User tool).
Managing CTC User Profiles
You can view, create, modify, and delete CTC user profiles in the Prime Optical database.
Viewing the CTC User Profiles Table
The CTC User Profiles table contains a list of predefined CTC user profiles that are available in the Prime Optical database. To view the CTC User Profiles table, choose Administration > CTC User Profiles in the Domain Explorer window. Table 8-28 provides descriptions.
Creating a CTC User Profile
Use the Add New CTC User Profile dialog box to add new CTC user profiles to the database. Table 8-29 provides descriptions. Table 8-29
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles . The CTC User Profiles table opens.
Step 2 Choose Edit > Create (or click the Create a New CTC User Profile tool).
Step 3 In the Add New CTC User Profile dialog box, enter the following information:
Modifying a CTC User’s Properties
Use the Modify CTC User Profile dialog box to make changes to an existing CTC user profile. Table 8-30 provides descriptions.
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles . The CTC User Profiles table opens.
Step 2 Choose Edit > View/Modify (or click the Modify CTC User Profile Properties tool).
Step 3 In the Modify CTC User Profile dialog box, modify the following information, as needed:
Deleting a CTC User Profile
Step 1 In the Domain Explorer window, choose Administration > CTC User Profiles . The CTC User Profiles table opens.
Step 2 Select the CTC user profile that you want to delete and choose Edit > Delete (or click the Delete CTC User Profile tool).
Step 3 Click OK in the confirmation dialog box.
Managing Cisco IOS Users
You can view, create, modify, and delete Cisco IOS user accounts in the Prime Optical database.
Viewing the IOS Users Table
The IOS Users table shows all of the configured Cisco IOS user accounts. You can use the IOS Users table to manage user access to Layer 2 and Layer 3 Cisco IOS cards. Use this table to give users the ability to view or edit the username and password on ML cards in CTC-based NEs.
To view the table, choose Administration > CTC-Based NEs > IOS Users Table in the Domain Explorer window. Table 8-31 provides descriptions.
Adding an IOS User
Use the IOS User Creation wizard to add new Cisco IOS users to the domain.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table .
Step 2 In the IOS Users table, choose Edit > Create (or click the Create a New User tool). The IOS User Creation wizard opens. Table 8-32 provides descriptions.
Step 3 In the IOS Card Selection window, complete the following substeps:
a. Select the NE ID on which you want to create a new Cisco IOS user.
b. In the Available IOS Cards list, select the cards that you want the new user to be able to access. Use the Add button to move the cards to the Selected IOS Cards list.
Step 4 In the IOS User Information window, enter the following information:
Note A progress animator is displayed while the new user is being added to the IOS Users table.
The new user is listed in the IOS Users table.
Modifying an IOS User
Use the IOS User Modification wizard to modify the password or privilege level of an existing Cisco IOS user.
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table .
Step 2 In the IOS Users table, choose Edit > Modify (or click the Modify User Properties tool). The IOS User Modification wizard opens. Table 8-33 provides descriptions.
Step 3 In the IOS Card Selection window, complete the following substeps:
a. Select the NE ID on which you want to modify the Cisco IOS user password or privilege level.
b. In the Available IOS Cards list, select the cards that you want the modified user to be able to access. Use the Add button to move the cards to the Selected IOS Cards list.
Step 4 In the IOS User Information window, enter the following information:
Note A progress animator is displayed while the user information is modified.
Deleting an IOS User
Step 1 In the Domain Explorer window, choose Administration > CTC-Based NEs > IOS Users Table .
Step 2 In the IOS Users table, select the user to be deleted.
Step 3 Choose Edit > Delete (or click the Delete User tool).
Step 4 Click OK to remove the user from the database.
Note A progress animator is displayed while the delete operation is performed.
Managing SNMPv3—CTC-Based Release 9.6 NEs
Note SNMPv3 is not supported on ONS 15305, ONS 15305 CTC, and ONS 15327 NEs.
The following cases describe how to configure SNMPv3 on CTC-based NEs:
1. Provision a logical SNMPv3 configuration on CTC-based NEs using the SNMPv3 wizard. See Configuring SNMPv3 Parameters for information on the SNMPv3 wizard . To verify the SNMPv3 configuration, see case 2.
2. Check the configured SNMPv3 parameters using the SNMPv3 tables. See Viewing SNMPv3 Tables for instructions on how to open the SNMPv3 tables. The SNMPv3 configuration is correct if the following constraints are verified:
– The SNMPv3 NE Users table contains the provisioned users for each NE.
– The SNMPv3 user group is defined in the SNMPv3 NE Groups table for each NE.
– The SNMPv3 group view is defined in the SNMPv3 NE MIB Views table for each NE.
– If an NE entry in the SNMPv3 NE Trap Destinations table is associated with a notification filter, the filter is defined in the SNMPv3 NE Notification Filters table for each NE.
If an NE is a proxy NE or ENE, the following additional constraints are verified:
– The target address is the GNE IP address and the port number is 161 in the SNMPv3 NE Trap Destinations table.
– The SNMPv3 NE Proxy Forwarder table of the GNE contains two rows: one for the GET type value and another for the SET type value. Also, the remote NE is the system ID of the ENE, and the remote user is defined in the ENE’s SNMPv3 NE Users table.
– The SNMPv3 NE Proxy Trap Forwarder table of the GNE contains a row for the ENE. Also, the tag references the proxy tags in the SNMPv3 NE Trap Destinations table, and the incoming user is defined in the ENE’s SNMPv3 NE Users table.
If the SNMPv3 tables contain invalid rows, see case 3. If you need to add rows to one or more SNMPv3 tables, see case 4.
Note For more information on SNMPv3 for CTC-based NEs, refer to the NE hardware documentation.
3. Delete rows from the SNMPv3 tables. See Deleting SNMPv3 Users from the SNMPv3 Tables.
4. Provision rows in the SNMPv3 tables. The SNMPv3 wizard also allows you to add entries to one or more SNMPv3 tables. See Configuring SNMPv3 Parameters for details.
Configuring SNMPv3 Parameters
The SNMPv3 wizard allows you to configure parameters in the SNMPv3 tables. You can do one of the following:
- Add entities to one or more SNMPv3 tables. If you choose this option, do not select the Configure Proxy check box in the SNMPv3 wizard.
- Provision the entire SNMPv3 configuration. If you choose this option, select the Configure Proxy check box in the SNMPv3 wizard. The SNMPv3 wizard validates the configuration by verifying that it complies with the constraints listed in Managing SNMPv3—CTC-Based Release 9.6 NEs. Moreover, the SNMPv3 wizard configures the SNMPv3 proxy for proxy NEs.
Complete the following steps to configure the SNMPv3 parameters:
Step 1 In the Domain Explorer, select a CTC-based NE and choose Administration > CTC-Based NEs > SNMPv3 Configuration .
Step 2 In the SNMPv3 wizard, complete the following substeps:
a. Enter the following view information:
– Subtler OID—Object identifier that designates a subtree element in the MIB hierarchy.
– Bit Mask—Bit mask that identifies the objects in the subtree.
– Type—Status of the view. Values are Included or Excluded.
b. Click Add . The view information appears in the Table Views area. To remove the view information, select the view information from the Table Views area and click Delete.
Step 4 Enter the following group information:
- Group Name—Name of the group.
- Security Level—Security level of the group. Values are authPriv, authNoPriv, and noAuthNoPriv.
- Read View Name—The group’s view-for-read access name.
- Notify View Name—The group’s view-for-notifications name.
- Allow SNMP Sets—If checked, users who belong to the group can perform the SNMP SET operation on the NE.
Step 6 Complete the following substeps:
a. Enter the following information in the User area:
– Group name—Name of the group to which the user belongs.
b. Enter the following information in the Authentication area:
– Protocol—Protocol used to authenticate the SNMPv3 user.
– Password—Password used to log in to the Prime Optical server.
– Confirm Password—Re-enter the password to confirm it.
c. Enter the following information in the Privacy area:
– Protocol—Protocol used for encryption.
– Password—Password used to decrypt the message payload.
– Confirm Password—Re-enter the password to confirm it.
Step 8 Enter the following notification filter information:
- Profile Name—Filter profile name.
- Subtree OID—Object identifier that designates a subtree element in the MIB hierarchy.
- Bit Mask—Bit mask that identifies the objects in the subtree.
- View Type—Filter type with respect to the subset of the MIB object that is identified by the subtree OID and bitmask fields. Values are Included and Excluded.
Step 10 Enter the following trap destination information:
- Target Address—IP address of the EMS to which the NE forwards the SNMPv3 traps.
- UDP Port—UDP port number to which the NE forwards the SNMPv3 traps.
- Username—SNMPv3 username.
- Security Level—Security level that the SNMPv3 NE uses. Valid values are authPriv, authNoPriv, and noAuthNoPriv.
- Filter Profile—Filter profile name associated with the trap destination.
- Proxy Trap Only—If selected, the NE that acts as the SNMPv3 proxy uses the entries in the SNMPv3 NE Trap Destinations table to forward traps from other NEs to the target address. The SNMPv3 proxy NE does not send its own traps to the target address.
- Proxy Tags—A string used to identify a set of entries in the SNMPv3 NE Trap Destinations table. This is required for SNMPv3 proxy configuration.
Step 11 Do one of the following:
- If you are adding entries to the SNMPv3 tables, uncheck the Configure Proxy check box.
- If you choose automatic proxy configuration, check the Configure Proxy check box. If checked, Prime Optical identifies the SNMPv3 proxy for each selected ENE. The ENE and SNMPv3 proxy are configured to enable Prime Optical–SNMPv3 NE connectivity using the parameters you defined in steps 2 , 4 , 6 , 8 , and 10 .
Step 12 Click Finish. A job is scheduled on all NEs on which the SNMPv3 NE configuration wizard was started. The job status is listed in the Job Monitor table (Administration > Job Monitor).
Viewing SNMPv3 Tables
The SNMPv3 tables are grouped according to Table 8-34 types:
– SNMPv3 NE Trap Destinations Table
– SNMPv3 NE Notification Filters Table
– SNMPv3 NE Proxy Forwarder Table
SNMPv3 NE Users Table
The SNMPv3 NE Users table displays information on the SNMPv3 users defined on a selected NE. To view the SNMPv3 NE Users table, choose Administration > CTC-Based NEs > SNMPv3 Users in the Domain Explorer window. Table 8-34 provides descriptions.
SNMPv3 NE MIB Views Table
The SNMPv3 NE MIB Views table displays information on the views defined on a selected NE. A view identifies the subset of an object in the MIB. To view the SNMPv3 NE MIB Views table, choose Administration > CTC-Based NEs > SNMPv3 MIB Views in the Domain Explorer window. Table 8-35 provides descriptions.
SNMPv3 NE Groups Table
The SNMPv3 NE Groups table displays information on the group that is provisioned on a selected NE. To view the SNMPv3 NE Groups table, choose Administration > CTC-Based NEs > SNMPv3 Group Access in the Domain Explorer window. Table 8-36 provides descriptions.
SNMPv3 NE Trap Destinations Table
The SNMPv3 NE Trap Destinations table displays information on the trap destinations provisioned on a selected NE. To view the SNMPv3 NE Trap Destinations table, choose Administration > CTC-Based NEs > SNMPv3 Trap Destinations in the Domain Explorer window. Table 8-37 provides descriptions.
IP address of the EMS to which the NE forwards the SNMPv3 traps. |
|
Security level that the SNMPv3 NE uses. Valid values are AuthPriv, AuthNoPriv, and NoAuthNoPriv. |
|
Filter profile name associated with the trap destination. The filter profile name must be present in the SNMPv3 NE Notification Filters table. |
|
If true, the NE that acts as the SNMPv3 proxy uses the entries in the SNMPv3 NE Trap Destinations table to forward traps from other NEs to the target address. The SNMPv3 proxy NE does not send its own traps to the target address. |
|
A string used to identify a set of entries in this table. This field is required for SNMPv3 proxy configuration and referenced by the SNMPv3 NE Proxy Trap Forwarder table. See SNMPv3 NE Proxy Trap Forwarder Table for more information. |
SNMPv3 NE Notification Filters Table
The SNMPv3 NE Notification Filters table displays information on the notification filters provisioned on a selected NE. To view the SNMPv3 NE Notification Filters table, choose Administration > CTC-Based NEs > SNMPv3 Notification Filters in the Domain Explorer window. Table 8-38 provides descriptions.
SNMPv3 NE Proxy Forwarder Table
The SNMPv3 NE Proxy Forwarder table displays information on the proxy forwarder entries. The proxy forwarder entries enable SNMPv3 proxying by selected remote NE proxies for GET and SET operations. To view the SNMPv3 NE Proxy Forwarder table, choose Administration > CTC-Based NEs > SNMPv3 Proxy Forwarder in the Domain Explorer window. Table 8-39 provides descriptions.
SNMPv3 NE Proxy Trap Forwarder Table
The SNMPv3 NE Proxy Trap Forwarder table displays information on trap forwarder entries. The trap forwarder entries enable SNMPv3 proxying by selected remote NE proxies for the TRAP operation. To view the SNMPv3 NE Proxy Trap Forwarder table, choose Administration > CTC-Based NEs > SNMPv3 Proxy Trap Forwarder in the Domain Explorer window. Table 8-40 provides descriptions.
SNMPv3 NE Remote Users Table
The SNMPv3 NE Remote Users table displays information on the SNMPv3 remote users defined on a selected NE. To view the SNMPv3 NE Remote Users table, choose Administration > CTC-Based NEs > SNMPv3 Remote Users in the Domain Explorer window. Table 8-41 provides descriptions.
Deleting SNMPv3 Users from the SNMPv3 Tables
Step 1 In the Domain Explorer , choose Administration > CTC-Based NEs > SNMPv3 table. The table opens.
Step 2 Select the user to delete; then, choose Edit > Delete User (or click the Delete User tool). A job is scheduled on each NE involved in the delete operation. The job status is listed in the Job Monitor table (Administration > Job Monitor).
Step 3 If the job succeeds, the Refresh button flashes. Click the Refresh Data tool.
Adding and Deleting a Static Entry
The adding static entry allows you to view and manage the TARP data cache (TDC). The TDC facilitates Target Identifier Address Resolution Protocol (TARP) processing by storing a list of TID to NSAP mappings.
To add a new static entry, do the following:
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > TARP-TDC tab.
Step 2 Click Add Static Entry .
A Create New window opens. Enter the following:
- TID—Enter the TID of the NE. (For ONS nodes, the TID is the Node Name parameter on the node or multishelf view Provisioning > General tab.)
- NSAP/NET—Enter the OSI NSAP address in the NSAP field. The NSAP that is statistically linked to the TID.
Step 3 Click OK to close the Create New window .
To delete a static entry, do the following:
Step 1 Click the OSI > TARP-TDC tab.
Step 2 Select a static entry that you want to delete.
Step 3 Click Delete Selected Entry .
Step 4 Click Yes in the confirmation dialog box.
Querying for a NSAP that Matches a TID
Querying for an Network Service Access Point (NSAP) allows you to view and manage the TARP data cache (TDC). The TDC facilitates TARP processing by storing a list of Terminal Identifier (TID) to Network Service Access Point (NSAP) mappings.
Note The TID to NSAP function is not available if the TDC is not enabled on the TARP-Config tab.
To query the network for an NSAP that matches a TID, do the following:
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > TARP-TDC tab
Step 3 Enter the TID you want to map to an NSAP.
Step 4 Click OK , then click OK in the information message box.
Step 5 On the TDC tab, click Refresh .
If TARP finds the TID in its TDC, it returns the matching NSAP. If not, TARP sends protocol data units (PDUs) across the network. Replies returns to the TDC later, and a check TDC later message is displayed.
Creating and Deleting a TARP Manual Area Adjacency
This task adds an entry to the TARP manual adjacency table (MAT). Entries are added to the MAT when the NE must communicate across routers or non-SONET NEs that lack TARP capability.
To create a TARP manual area adjacency, do the following:
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > TARP-MAT tab.
– Level 1—Indicates that the manual area adjacency is within the same area as the node. The entry generates Type 1 PDUs.
– Level 2—Indicates that the manual area adjacency is in an area different from that of the node. The entry generates Type 2 PDUs.
Step 3 Click OK to close the Create New window.
To delete a TARP manual area adjacency, do the following:
Step 1 Click the OSI > TARP-MAT tab.
Step 2 Select a the TARP manual area adjacency.
Step 4 Click Yes in the confirmation dialog box.
Modifying a OSI Virtual Router
To view and manage the OSI virtual routers, do the following:
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > Routers-Setup tab.
Step 2 Chose the router you want provision and click Edit .
The Edit window opens. Modify the details as in Table 8-42 .
Step 3 Click OK in the confirmation dialog box.
Enabling, Modifying and Deleting a Subnet
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > Subnets tab.
Step 2 Click Enable LAN Subnet .
The Enable LAN Subnet window opens.
Step 3 Enter the details as in Table 8-43 .
Step 1 Click the OSI > Subnet tab.
Step 3 Make the necessary modification as in Table 8-43 .
Step 1 Click the OSI > Subnet tab.
Step 2 Select a subnet and click Delete .
Step 3 Click Yes in the confirmation dialog box.
Creating, Editing and Deleting a GRE Tunnel Route
Note The Cisco proprietary tunnel is slightly more efficient than the GRE tunnel because it does not add the GRE header to each IP packet. The two tunnel types are not compatible. Most Cisco routers support the Cisco IP tunnel, while only a few support both GRE and Cisco IP tunnels. You generally should create Cisco IP tunnels if you are tunneling between two Cisco routers or between a Cisco router and the node.
Step 1 In node view (single-shelf mode) or multishelf view (multishelf mode), click the OSI > Tunnels tab.
The Create New window opens. Enter the details as in Table 8-44 .
Step 1 Click the OSI > Tunnels tab.
Step 3 Choose the Tunnel Type between GRE and Cisco .
Step 4 Make the necessary modification as in Table 8-44 .
Step 1 Click the OSI > Tunnels tab.
Step 2 Select a the GRE tunnel route and click Delete .
Step 3 Click Yes in the confirmation dialog box.
Audit Log
The Audit Log table contains information about significant events that occurred on the Prime Optical server during a specified time period. By default, the Audit Log displays information about significant events that occurred during the last four hours. You can change the default time period in the User Preferences dialog box.
The Audit Log records the following runtime-affecting operations for monitoring purposes:
- Prime Optical client logins and security violations (including successful/unsuccessful client user logins)
- Prime Optical client logouts, including:
– Forced logout by an administrator
– System-initiated logout due to user inactivity (session timeout expires)
- NE or group location changes in the Domain Explorer tree
- Domain Explorer group operations (add, delete, or modify a group)
- Changes in the Domain Explorer properties of an NE
- Write operations from a native Prime Optical NE Explorer
- Changes in the NE Software table
- NE Service, PM Service, and Prime Optical GateWay Service start or stop operations
- Prime Optical user administration (add, delete, or modify user profiles)
- Changes in:
- Job or task cancellation in the Job Monitor table
- Manual memory backup
- Memory restore
- Software download
- Software activation
- Circuit operations (add, delete, modify, or upgrade circuits)
- Link operations (add, delete, or modify links)
- OSS profile changes (TL1 or CORBA)
- VLAN operations
- Addition or deletion of a GateWay/SNMP trap destination
- Addition or deletion of a CTC binary
- BLSR/MS-SPRing operations
- L2 service operations
- Prime Optical GateWay/CORBA client logins/logouts
This section describes how to perform audit logs, including:
- Viewing the Audit Log
- Filtering Audit Log Data
- Working With Audit Log Custom Views
- Configuring Audit Log Settings
Viewing the Audit Log
To view the Audit Log , choose Administration > Audit Log in the Domain Explorer window. Table 8-42 provides descriptions.
Filtering Audit Log Data
To filter Audit Log data or create a custom view, do the following:
Step 1 In the Domain Explorer window, choose Administration > Audit Log .
Step 2 From the Show drop-down list, choose one of the following options:
Creates a custom view with selected filter criteria for each column. For more information on creating custom views, see Creating Audit Log Custom Views. |
|
Edits or deletes a custom view. For more information on managing custom views, see Managing Audit Log Custom Views. |
Note • The number of records that is displayed on each page can be configured in the Audit Log Settings window. For more information on Audit Log settings, see Working With Audit Log Custom Views.
- To only search text within the records of the current page, check the Quick Filter check box from the Audit Log toolbar and enter search criteria.
Working With Audit Log Custom Views
The following sections describe how to create, filter, and manage custom views:
Creating Audit Log Custom Views
To create a custom view, do the following:
Step 1 In the Domain Explorer window, choose Administration > Audit Log .
Step 2 From the Show drop-down list, choose Custom View.
Step 3 Set match rules. See “Match Rules” section for field descriptions.
Step 4 Set filter criteria. See “Filtering Audit Log Custom Views” section for filter criteria.
Step 5 To save this view, see “Saving Audit Log Custom Views” section.
Match Rules
The Match Rules area dictates what and how the values in the custom view are displayed.
Table 8-47 describes the Match Rules options.
Enables you to combine multiple filters. The default value displayed is All . Click the All link to change this option. You can choose one of the following options: |
|
Enables you to order the filtered data. The default value displayed is No Order . Click No Order link if you want to view the order rule values in ascending or descending order. To view what columns are sortable, see Table 8-45 . |
|
When the Showing Column link is selected, a window with the available and visible columns is displayed. You can choose one of the following options:
Note Double-click the column name to move the column name from Available text box to Visible text box and vice versa. |
Filtering Audit Log Custom Views
To filter Audit Log data in a custom view, do the following:
Step 1 Choose the column name and filtering option from the drop-down lists. Different options are available for each column. See Table 8-48 for more information on the available options and search functionality.
Note Filtering options are displayed based on the column selected.
Step 2 If necessary, add or delete filter criterion by clicking the + or - icon.
Step 3 Click Apply. The next time you open the Audit Log , the last custom view you created is displayed.
The Audit Log is displayed based on the set conditions. See Action Buttons for more information.
Saving Audit Log Custom Views
Note All the filter options must be configured correctly before you save a custom view.
To save a custom view, do the following:
Step 1 Click on the Save icon.
Step 2 Enter the custom view name in the Filter Name text box.
Step 3 From the Visibility drop-down list, choose Public or Private.
The custom views are stored in the following two folders:
- Public—Contains the customized view reports that the SuperUser created. Users who have read/write privileges for public filter management operations can edit or remove public custom views. You can make a copy of the other users’ custom views using the Save As button.
- Private—Contains the customized view details that you created.
Note The custom view name is unique in Public and Private folders. But you can create a custom view name that the SuperUser has created.
Copying or Renaming Audit Log Custom Views
To copy or rename a custom view, do the following:
Step 1 Select the custom view from the public or private folder.
Step 2 Click the Save As icon. The Save a Custom View dialog box is displayed.
Tip Enter the custom view name in the Name text box.
Step 3 Choose Visibility from the drop-down list.
Step 4 Click Save. The custom view is saved in a different name.
Note You can make a copy of an existing custom view using the Save As button when you do not have Public privileges.
Managing Audit Log Custom Views
Note Users who have read/write privileges for public filter management operations can edit or remove public custom views. However, private custom views can only be managed by the user who created them.
To edit or remove a custom view, do the following:
Step 1 Choose Manage Custom View from the drop-down list. The Manage Custom Views dialog box is displayed.
Step 2 Choose Select a Custom View from the drop-down list.
Step 3 Do one of the following:
- Click Edit and modify the Name and Visibility as required. Click Save.
- Click Remove. Click OK to confirm that you want to delete the custom view. The selected custom view is deleted from the Manage Custom View list.
Configuring Audit Log Settings
To configure audit log settings, do the following:
Step 1 Click the Audit Log Settings icon in the top-right corner of the window.
The Audit Log Settings window is displayed.
Step 2 Make the necessary settings as required. See Table 8-49 for the field descriptions.
Note Check the Auto-Refresh check box to refresh the window.
Northbound Gateway Security
OSS-to-Prime Optical sessions are configured by the Prime Optical GateWay EMS-to-NMS interface architectural component. See Managing Southbound and Northbound Interfaces for more information about Prime Optical GateWay.
Feedback