mxk-m7-b-CONFIG-EFM-01.02.01 by shitingting

VIEWS: 0 PAGES: 24

									MXK Training
Module 7b
EFM: From unwrapping the box
to running business services




1                              PROPRIETARY & CONFIDENTIAL
                                   From unwrapping the box
                                to running business services

• This modules covers
   • The practical steps to set up business services over EFM using
     CLI
       • Setting up management
       • Setting up bridges
       • Using advanced EFM features and CPE manager




                                                          PROPRIETARY & CONFIDENTIAL
                                            Example network



• Scenario
   • One business customer, running a bonded SHDSL service over
     two VLANs, one for internet access and one for VOIP.
   • Both bridges are of type TLS.
   • In addition, the ERRMON service and CPE Manager is activated




                                                        PROPRIETARY & CONFIDENTIAL
           Example network




  HSIA
vlan 500



  VOIP
vlan 700   SHDSL/EFM


MGMT
vlan 10




                       PROPRIETARY & CONFIDENTIAL
                                       Example network



• VLANs used in this example

• Management
   • VLAN 10, terminates at the MXK

• User data
   • VLAN 500 – HSIA (TLS/Symmetric)
   • VLAN 700 – VOIP (TLS/Symmetric)




                                              PROPRIETARY & CONFIDENTIAL
                                            Example network
                                                  Interfaces

• Interfaces used in this example

    • Ethernet interface towards core network 1-a-4-0/eth
    • SHDSL EFM lines, 1-4-1-0/shdsl to 1-4-4-0/shdsl
    • EFM Bond group, 1-4-25-0/efmbond




6                                                      PROPRIETARY & CONFIDENTIAL
                                        Tasks



1.   Installing the MXK unit
2.   Set up management
3.   Set up additional services
4.   Provision cards
5.   Provision EFM/Bond groups
6.   Creating bridges
7.   Additional services
8.   Verifying the setup




7                                 PROPRIETARY & CONFIDENTIAL
                                  Installing the MXK unit



• Please refer to the MXK Hardware Installation Guide for
  installation instructions




8                                                  PROPRIETARY & CONFIDENTIAL
                              Step 2 – Set up management



• Set the unit to factory default and reboot
  zSH> set2default


• Create a management IP address in our management VLAN,
  number 10 and set our default route
   zSH> interface add 1-a-4-0/eth vlan 10 10.0.0.42/24
   zSH> route add default 10.0.0.1 1




                                                         PROPRIETARY & CONFIDENTIAL
                                     Step 3 – Set up additional
                                                            services


•   Set the user prompt – allows us to easily see which system we
    have logged on
    zSH> setprompt user mxk#

•   Add a syslog server – logs will be sent here
    mxk# new syslog-destination address = 10.0.0.1 1

•   Make sure we have a correct time on our box
    mxk# update ntp-client-config primary-ntp-server-ip-
    address = 10.0.0.1 local-timezone = centraleuropean 0

•   Add support for DNS, enables us to use names instead of
    addresses in commands like “ping server.company.com”
    mxk# new resolver query-order = dns-first domain =
    "int.zhone.se" first-nameserver = 10.0.0.1 1



                                                          PROPRIETARY & CONFIDENTIAL
                                Step 3 – Set up additional
                                                    services


• Add a RADIUS server to query for authentication attempts –
  enables us to have a centralized user database
  mxk# new radius-client server-name =
  "ns.int.zhone.se" shared-secret = "verysecret" 1/1

• Switch from local user authentication to the use the
  RADIUS just configured, note that we are not using only
  RADIUS, but “radiusthenlocal”. In case the RADIUS fails,
  local authentication will be used
  mxk# update system userauthmode = radiusthenlocal
  radiusauthindex = 1 0




                                                  PROPRIETARY & CONFIDENTIAL
                                         Step 4 – Provision cards


•   Which cards do we have installed (but not provisioned)?
    zSH> slots

     Uplinks
      a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING)

     Cards
     4: MXK GSHDSL-24 Bonded/with NTWC (NOT_PROV)
     14: TAC ITM RING (NOT_PROV)

•   Add the cards
     zSH> card add 4
     new card-profile 1/4/10208 added, sw-file-name
       "mxlc24gshdslbond.bin"
     zSH> card add 14 group 2 linetype e1
     An autogenerated card-group-id [2] is assigned for
       this card type.
     new card-profile 1/14/5072 added, sw-file-name
       "tacitmring.bin", 2 options: card-group-id 2 card-
       line-type e1                               PROPRIETARY & CONFIDENTIAL
                                    Step 4 – Provision cards



• Wait for both cards to load. When they are in RUNNING
  state, proceed to the next step. Monitor loading progress
  using “bootstate <n>” where n is the slot number.

  zSH> slots
  Uplinks
    a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING)

   Cards
   4: MXK GSHDSL-24 Bonded/with NTWC (LOADING)
   14: TAC ITM RING (LOADING)




                                                    PROPRIETARY & CONFIDENTIAL
                               Step 4 – Provision cards



• Both cards are now in RUNNING mode, proceed
  to the next step

  zSH> slots
  Uplinks
   a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING)

  Cards
  4: MXK GSHDSL-24 Bonded/with NTWC (RUNNING)
  14:*TAC ITM RING (RUNNING)




                                                PROPRIETARY & CONFIDENTIAL
                                  Step 5 – Creating traffic rules



•   For our example we need two different bridge rules; on the HSIA
    vlan we will apply a 3M rate-limiting rule and on the VOIP vlan we
    will apply a 0.5M rate-limit.
•   The rules can be applied either when creating the bridge or
    afterwards on an already existing bridge

•   Create bridge rule #1 (3M) and #2 (0.5M)
     mxk# rule add ratelimitdiscard 1/1 rate 3000
     mxk# rule add ratelimitdiscard 2/1 rate 500




                                                           PROPRIETARY & CONFIDENTIAL
                                        Step 6 – Creating bridges



•   Create the bridges for the business application user. This step is
    only done once per MXK system (and service)

     mxk# bridge add 1-a-4-0/eth tls vlan 500 tagged
     mxk# bridge add 1-a-4-0/eth tls vlan 700 tagged




                                                             PROPRIETARY & CONFIDENTIAL
                                            Step 6 – Creating bridges



•   Next we need to create our bond group

    zSH> bond add group 1-4-25-0/efmbond
    Bond group - bond-0025/efmbond - was successfully created.

•   Then we’ll add the EFM lines into our bond group

    zSH>   bond   add   member   bond-0025/efmbond   1-4-1-0/shdsl
    zSH>   bond   add   member   bond-0025/efmbond   1-4-2-0/shdsl
    zSH>   bond   add   member   bond-0025/efmbond   1-4-3-0/shdsl
    zSH>   bond   add   member   bond-0025/efmbond   1-4-4-0/shdsl




                                                                 PROPRIETARY & CONFIDENTIAL
                                       Step 6 – Creating bridges



•   Next, verify the bond group

    zSH> bond show group bond-0025/efmbond

                       Bond Groups

       Slot   GrpId    Type       State    Name        Desc
        4        25    efmbond    ACT      bond-0025   -

                       Group Members

       Slot    Port    Type       State    Name        Desc
        4         1    shdsl      ACT      1-4-1-0     -
        4         4    shdsl      ACT      1-4-4-0     -
        4         3    shdsl      ACT      1-4-3-0     -
        4         2    shdsl      ACT      1-4-2-0     -



                                                         PROPRIETARY & CONFIDENTIAL
                                        Step 6 – Creating bridges



•   Verify the bonded speed of the group
    zSH> bond stats bond-0025/efmbond

    AdminStatus       OperStatus        Bandwidth    Last Change
      UP                UP              22784000     0.00:01:20

                   Snr       Tc Layer
    Port    Admin   Oper      Bandwidth (tenths dB) Down Cnt
      Interface Name
     4/1    UP      UP        5696000       170         0         1-4-
      1-0/shdsl
     4/4    UP      UP        5696000       170         0         1-4-
      4-0/shdsl
     4/3    UP      UP        5696000       180         0         1-4-
      3-0/shdsl
     4/2    UP      UP        5696000       170         0         1-4-
      2-0/shdsl


                                                        PROPRIETARY & CONFIDENTIAL
                                          Step 6 – Creating bridges



•   Now we can add our bridges facing the customer
    zSH> bridge add bond-0025/efmbond tls vlan 500 tagged ipktrule
      1 epktrule 1
    zSH> bridge add bond-0025/efmbond tls vlan 700 tagged ipktrule
      2 epktrule 2

•   These bridges references the two bridge rules we created earlier,
    ipktrule is the ingress rule and epktrule the egress rule

•   Now, verify the bridges
    zSH> bridge show

    Type VLAN/SLAN     VLAN/SLAN Bridge
      St Table Data
    --------------------------------------------------------------
      ------------------------
    tls             Tagged 500    ethernet4-500/bridge
      UP
    tls             Tagged 700    ethernet4-700/bridge PROPRIETARY & CONFIDENTIAL
                                        Step 7 – Additional services



•   First, we’ll add ERRMON, this feature will monitor the EFM lines. If
    there is a line erring, it will be removed from the group.
     zSH>   errmon   modify   1-4-1-0/shdsl   monitor   enable
     zSH>   errmon   modify   1-4-2-0/shdsl   monitor   enable
     zSH>   errmon   modify   1-4-3-0/shdsl   monitor   enable
     zSH>   errmon   modify   1-4-4-0/shdsl   monitor   enable

     zSH>   errmon   modify   1-4-1-0/shdsl   notify   enable
     zSH>   errmon   modify   1-4-2-0/shdsl   notify   enable
     zSH>   errmon   modify   1-4-3-0/shdsl   notify   enable
     zSH>   errmon   modify   1-4-4-0/shdsl   notify   enable




                                                                 PROPRIETARY & CONFIDENTIAL
                                                           Step 7 – Additional services



•   Next we add CPE Manager. This allows us to connect to the CPEs
    directly from the MXK (or the management network using a
    specific port number)
    zSH> cpe-mgr add public 10.0.0.42
    zSH> cpe-mgr add local bond-0025/efmbond
    zSH> cpe-mgr show
       CPE Manager public side interface:
         IP:  10.0.0.42

    Interface              Local IP         ECHO FTP SSH Telnt HTTP SNMP HTTPS
    ----------------------------------------------------------------------------------
    bond-0025/efmbond               1.4.0.25         51921 - - 51922 51923 51923 -




                                                                                         PROPRIETARY & CONFIDENTIAL
                                   From unwrapping the box
                                to running business services

• This modules covers
   • The practical steps to set up business services over EFM using
     both CLI and WebUI
       • Setting up management
       • Setting up bridges
       • Using advanced EFM features and CPE manager




                                                          PROPRIETARY & CONFIDENTIAL
     Thank you!




24                PROPRIETARY & CONFIDENTIAL

								
To top