240 likes | 581 Views
MXK Training Module 7b EFM: From unwrapping the box to running business services. From unwrapping the box to running business services. This modules covers The practical steps to set up business services over EFM using CLI Setting up management Setting up bridges
E N D
MXK TrainingModule 7bEFM: From unwrapping the boxto running business services
From unwrapping the box to running business services This modules covers The practical steps to set up business services over EFM using CLI Setting up management Setting up bridges Using advanced EFM features and CPE manager
Example network Scenario One business customer, running a bonded SHDSL service over two VLANs, one for internet access and one for VOIP. Both bridges are of type TLS. In addition, the ERRMON service and CPE Manager is activated
Example network HSIA vlan 500 VOIP vlan 700 SHDSL/EFM MGMT vlan 10
Example network VLANs used in this example Management VLAN 10, terminates at the MXK User data VLAN 500 – HSIA (TLS/Symmetric) VLAN 700 – VOIP (TLS/Symmetric)
Example networkInterfaces • Interfaces used in this example • Ethernet interface towards core network 1-a-4-0/eth • SHDSL EFM lines, 1-4-1-0/shdsl to 1-4-4-0/shdsl • EFM Bond group, 1-4-25-0/efmbond
Tasks • Installing the MXK unit • Set up management • Set up additional services • Provision cards • Provision EFM/Bond groups • Creating bridges • Additional services • Verifying the setup
Installing the MXK unit Please refer to the MXK Hardware Installation Guide for installation instructions
Step 2 – Set up management Set the unit to factory default and reboot zSH> set2default Create a management IP address in our management VLAN, number 10 and set our default route zSH> interface add 1-a-4-0/eth vlan 10 10.0.0.42/24 zSH> route add default 10.0.0.1 1
Step 3 – Set up additional services Set the user prompt – allows us to easily see which system we have logged on zSH> setprompt user mxk# Add a syslog server – logs will be sent here mxk# new syslog-destination address = 10.0.0.1 1 Make sure we have a correct time on our box mxk# update ntp-client-config primary-ntp-server-ip-address = 10.0.0.1 local-timezone = centraleuropean 0 Add support for DNS, enables us to use names instead of addresses in commands like “ping server.company.com” mxk# new resolver query-order = dns-first domain = "int.zhone.se" first-nameserver = 10.0.0.1 1
Step 3 – Set up additional services Add a RADIUS server to query for authentication attempts – enables us to have a centralized user database mxk# new radius-client server-name = "ns.int.zhone.se" shared-secret = "verysecret" 1/1 Switch from local user authentication to the use the RADIUS just configured, note that we are not using only RADIUS, but “radiusthenlocal”. In case the RADIUS fails, local authentication will be used mxk# update system userauthmode = radiusthenlocal radiusauthindex = 1 0
Step 4 – Provision cards Which cards do we have installed (but not provisioned)? zSH> slots Uplinks a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING) Cards 4: MXK GSHDSL-24 Bonded/with NTWC (NOT_PROV) 14: TAC ITM RING (NOT_PROV) Add the cards zSH> card add 4 new card-profile 1/4/10208 added, sw-file-name "mxlc24gshdslbond.bin" zSH> card add 14 group 2 linetype e1 An autogenerated card-group-id [2] is assigned for this card type. new card-profile 1/14/5072 added, sw-file-name "tacitmring.bin", 2 options: card-group-id 2 card-line-type e1
Step 4 – Provision cards Wait for both cards to load. When they are in RUNNING state, proceed to the next step. Monitor loading progress using “bootstate <n>” where n is the slot number. zSH> slots Uplinks a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING) Cards 4: MXK GSHDSL-24 Bonded/with NTWC (LOADING) 14: TAC ITM RING (LOADING)
Step 4 – Provision cards Both cards are now in RUNNING mode, proceed to the next step zSH> slots Uplinks a:*MXK TWO TENGIGE EIGHT GIGE (RUNNING) Cards 4: MXK GSHDSL-24 Bonded/with NTWC (RUNNING) 14:*TAC ITM RING (RUNNING)
Step 5 – Creating traffic rules For our example we need two different bridge rules; on the HSIA vlan we will apply a 3M rate-limiting rule and on the VOIP vlan we will apply a 0.5M rate-limit. The rules can be applied either when creating the bridge or afterwards on an already existing bridge Create bridge rule #1 (3M) and #2 (0.5M) mxk# rule add ratelimitdiscard 1/1 rate 3000 mxk# rule add ratelimitdiscard2/1 rate 500
Step 6 – Creating bridges Create the bridges for the business application user. This step is only done once per MXK system (and service) mxk# bridge add 1-a-4-0/eth tls vlan 500 tagged mxk# bridge add 1-a-4-0/eth tls vlan 700 tagged
Step 6 – Creating bridges Next we need to create our bond group zSH> bond add group 1-4-25-0/efmbond Bond group - bond-0025/efmbond - was successfully created. Then we’ll add the EFM lines into our bond group zSH> bond add member bond-0025/efmbond 1-4-1-0/shdsl zSH> bond add member bond-0025/efmbond 1-4-2-0/shdsl zSH> bond add member bond-0025/efmbond 1-4-3-0/shdsl zSH> bond add member bond-0025/efmbond 1-4-4-0/shdsl
Step 6 – Creating bridges Next, verify the bond group zSH> bond show group bond-0025/efmbond Bond Groups Slot GrpId Type State Name Desc 4 25 efmbond ACT bond-0025 - Group Members Slot Port Type State Name Desc 4 1 shdsl ACT 1-4-1-0 - 4 4 shdsl ACT 1-4-4-0 - 4 3 shdsl ACT 1-4-3-0 - 4 2 shdsl ACT 1-4-2-0 -
Step 6 – Creating bridges Verify the bonded speed of the group zSH> bond stats bond-0025/efmbond AdminStatusOperStatus Bandwidth Last Change UP UP 22784000 0.00:01:20 SnrTc Layer Port Admin Oper Bandwidth (tenths dB) Down Cnt Interface Name 4/1 UP UP 5696000 170 0 1-4-1-0/shdsl 4/4 UP UP 5696000 170 0 1-4-4-0/shdsl 4/3 UP UP 5696000 180 0 1-4-3-0/shdsl 4/2 UP UP 5696000 170 0 1-4-2-0/shdsl
Step 6 – Creating bridges Now we can add our bridges facing the customer zSH> bridge add bond-0025/efmbondtlsvlan 500 tagged ipktrule 1 epktrule 1 zSH> bridge add bond-0025/efmbondtlsvlan 700 tagged ipktrule 2 epktrule 2 These bridges references the two bridge rules we created earlier, ipktrule is the ingress rule and epktrule the egress rule Now, verify the bridges zSH> bridge show Type VLAN/SLAN VLAN/SLAN Bridge St Table Data -------------------------------------------------------------------------------------- tls Tagged 500 ethernet4-500/bridge UP tls Tagged 700 ethernet4-700/bridge UP tls Tagged 500 bond-0025-efmbond-500/bridge UP tls Tagged 700 bond-0025-efmbond-700/bridge UP 4 bridges displayed
Step 7 – Additional services First, we’ll add ERRMON, this feature will monitor the EFM lines. If there is a line erring, it will be removed from the group. zSH> errmon modify 1-4-1-0/shdsl monitor enable zSH> errmon modify 1-4-2-0/shdsl monitor enable zSH> errmon modify 1-4-3-0/shdsl monitor enable zSH> errmon modify 1-4-4-0/shdsl monitor enable zSH> errmon modify 1-4-1-0/shdsl notify enable zSH> errmon modify 1-4-2-0/shdsl notify enable zSH> errmon modify 1-4-3-0/shdsl notify enable zSH> errmon modify 1-4-4-0/shdsl notify enable
Step 7 – Additional services Next we add CPE Manager. This allows us to connect to the CPEs directly from the MXK (or the management network using a specific port number) zSH> cpe-mgr add public 10.0.0.42 zSH> cpe-mgr add local bond-0025/efmbond zSH> cpe-mgr show CPE Manager public side interface: IP: 10.0.0.42 Interface Local IP ECHO FTP SSH Telnt HTTP SNMP HTTPS ---------------------------------------------------------------------------------- bond-0025/efmbond 1.4.0.25 51921 - - 51922 51923 51923 -
From unwrapping the box to running business services This modules covers The practical steps to set up business services over EFM using both CLI and WebUI Setting up management Setting up bridges Using advanced EFM features and CPE manager