4 System Administration Procedures
Chapter 4, System Administration Procedures, describes the procedures used to administer the items shown in the Introduction.
4.1 Introduction
This chapter contains system administration procedures. The items discussed in this section are:
-
The date and time
-
User IDs and passwords
-
Terminal configuration
-
Shelves
-
Cards
-
Security Log
-
Unauthorized Use Warning Message
-
UIM Thresholds
-
MCPMs, IP links, and FTP servers for the Measurements Platform
-
IPSMs for the IP User Interface (Telnet) feature
-
Configuring the Network Security Options
-
Configuring the Restore Device State Option
-
Configuring the Frame Power Alarm Threshold
The procedures shown in this chapter use a variety of commands. If more information on these commands is needed, go to Commands User's Guide to find the required information.
4.2 Setting the Clock and Date on the EAGLE
This procedure is used to set the EAGLE’s clock and date.
Figure 4-1 Setting the Clock and Date on the EAGLE 5 ISS
4.3 Changing the Security Defaults
This procedure is used to change the user ID and password requirements for the EAGLE using the chg-secu-dflt
command. The chg-secu-dflt
command uses these parameters.
:page
– The amount of time, in days, that the specified user’s password can be used before the user must change their password. The value of this parameter applies to all EAGLE user IDs unless a different value is specified for a specific user ID with the ent-user
or chg-user
command.
:uout
– The number of consecutive days that a user ID can remain active in the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout
parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID. The value of this parameter applies to all user IDs in the EAGLE unless a different value is specified for a specific user ID with the ent-user
or chg-user
command.
:multlog
– are the user IDs allowed to log on to more than one terminal at any given time.
:minlen
– the minimum length of the password
:alpha
– the minimum number of alpha characters (a - z)
:num
– the minimum number of numeric characters (0 - 9)
:punc
– the minimum number of punctuation characters (any printable character that is not an alphabetic character, a numeric character, the space bar)
:minintrvl
– the minimum number of days before a password can be changed again.
:pchreuse
– the number of characters that cannot be reused from the current password when setting the new password. For example, if the pchreuse
parameter value is 5, no more than five characters of the current password can be reused in the new password.
:pgrace
– the number of days after password expiration during which the user can login without changing their password.
:pnotify
– the number of days before password expiration that the user is notified about the expiration.
:preuse
– the number of previous passwords that cannot be used. If the preuse
parameter value is 6, the previous six passwords cannot be used.
The chg-secu-dflt
command also contains the wrnln
,wrntx
, and clrwrntx
parameters. These parameters are used to configure the unauthorized use warning message that is displayed when a user logs into the EAGLE. To configure the unauthorized use warning message, go to the Configuring the Unauthorized Use Warning Message procedure.
Even though the minlen
parameter specifies the minimum length of a password, the password must also contain the minimum number characters defined by the alpha
, num
, and punc
parameters.
The examples in this procedure are used to change the security defaults to these values.
page
= 100 days
uout
= 50 days
multlog
= yes
, to allow the user IDs in the EAGLE to log onto more than one terminal at any given time.
minlen
= 12 characters
alpha
= 2 characters
num
= 2 characters
punc
= 2 characters
minintrvl
= 5 days
pnotify
= 14 days
pgrace
= 2 days
preuse
= 6 passwords
pchreuse
= 5 characters
Note:
When the EAGLE is delivered to the user, the database will contain these security default values.:page
= 90 days
:uout
= 90 days
:multlog
= no
:minlen
= 8 characters
:alpha
= 1 character
:num
= 1 character
:punc
= 1 character
:minintrvl
= 1 day
:pnotify
= 7 days
:pgrace
= 3 days
:preuse
= 5 passwords
:pchreuse
= 4 characters
The rtrv-secu-dflt
command uses the msg
parameter to specify whether the unauthorized use warning message text is displayed in the command output. The msg
parameter has two values.
yes
– the unauthorized use warning message text is displayed.
no
– the unauthorized use warning message text is not displayed.
The default value for this parameter is no
.
Regardless of the value specified for the msg
parameter, the user ID and password security defaults are displayed in the rtrv-secu-dflt
command output.
Figure 4-2 Changing the Security Defaults
4.4 Configuring the Unauthorized Use Warning Message
This procedure is used to configure the unauthorized use warning message that is displayed after a user successfully logs into the EAGLE.
These parameters are used in this procedure.
:wrnln
– the line number of the text of the unauthorized use warning message. The unauthorized use warning message can contain from 1 to 20 lines of text.
:wrntx
– the text of the line number of the unauthorized use warning message. The each line of text can contain up to 70 alphanumeric characters and must be enclosed in quotes (“). A blank line is specified with this text string, “ “, the blank space character enclosed in double quotes.
:clrwrntx
- This parameter specifies whether or not the text of the warning message is removed and will not be displayed. This parameter has three values.
no
- the text of a specific line in the warning message is not removed.yes
- the text of a specific line in the warning message is removed and will not be displayed.all
- the text in all the lines of the warning message are removed and no warning message will be displayed.
The clrwrntx=yes
parameter can be specified only with the wrnln
parameter.
The chg-secu-dflt
command contains other parameters that are not used in this procedure. These parameters are used to change the user ID and password security defaults on the EAGLE. To change the user ID and password security defaults, perform the Changing the Security Defaults procedure.
Note:
When the EAGLE is delivered to the user, the database will contain this login warning message.NOTICE: This is a private computer system.
Unauthorized access or use may lead to prosecution.
The example in this procedure is used to change the unauthorized use warning message from the system default message to this message.
************************************************************
* NOTICE: This is a private computer system. *
* UNAUTHORIZED ACCESS OR USE WILL BE PROSECUTED *
* *
* *
* 03/17/08 Notice!!! System will be upgraded between *
* the hours of 2am-3am on 04/01/08 *
* *
* *
************************************************************
The rtrv-secu-dflt
command uses the msg
parameter to specify whether the unauthorized use warning message text is displayed in the command output. The msg
parameter has two values.
yes
– the unauthorized use warning message text is displayed.
no
– the unauthorized use warning message text is not displayed.
The default value for this parameter is no
.
Regardless of the value specified for the msg
parameter, the user ID and password security defaults are displayed in the rtrv-secu-dflt
command output.
Figure 4-3 Configuring the Unauthorized Use Warning Message
4.5 Changing the Security Log Characteristics
This procedure is used to change the characteristics of the EAGLE’s security log using the chg-attr-seculog
command. The chg-attr-seculog
command uses these parameters.
:upldalm
– whether the security log alarms are on. The security log alarms are:
-
upload required – the percentage of the maximum capacity of the security log exceeds the value of the
upslg
parameter. The security log entries need to be copied to the file transfer area of the fixed disk. -
log overflowed – the security log has become 100% full and log entries are being lost. The security log entries must be copied to the file transfer area of the fixed disk.
-
standby log contains >0 un-uploaded entries – the security log on the standby fixed disk contains entries that have not been copied to the file transfer area of the fixed disk. Usually, the security log on the standby fixed disk contains no entries, but for some reason, for example, a MASP switchover resulting in the active MASP security log becoming the standby MASP security log, the security log on the standby fixed disk contains uncopied security log entries.
The
upldalm=yes
parameter turns the security log alarms on. Theupldalm=no
turns the security log alarms off. If a security log alarm has been generated, theupldalm=no
parameter lowers the alarm.
:upslg
– the threshold at which the EAGLE generates the upload required security log alarm, if the upldalm=yes
parameter has been specified. The threshold is the percentage of the maximum capacity of the security log.
When the EAGLE is delivered to the user, the security log characteristics will be set to these values:
:upldalm = yes
:upslg = 90
Figure 4-4 Changing the Security Log Characteristics
4.6 Copying the Security Log to the File Transfer Area
This procedure is used to copy the EAGLE’s security log to the file transfer area of the fixed disk using the copy-seculog
command. The copy-seculog
command uses these parameters.
:dfile
– the name of the file created in the file transfer area containing the security log entries copied with the copy-seculog
command.
- The filename can contain from 1 to 32 characters. If the filename contains special characters such as blank spaces, colons, dashes, periods, ampersands (&), etc. (for example,
eagle123.doc
), the filename must be enclosed in double quotes. For example,:dfile=“eagle123.doc”
. - If a filename is not specified, the EAGLE specifies its own filename with this format,
yymmddx.log
, whereyymmdd
are the current year/month/day that the security log file was created, andx
is eithera
if the security log on the active fixed disk is copied (slog=act
) ors
if the security log on the standby fixed disk is copied (slog=stb
).
:slog
– the security log that is copied to the file transfer area, the security log on the active fixed disk (slog=act) or the standby fixed disk (slog=stb). The default value for this parameter is act
.
:dloc
– the file transfer area that is receiving the copy of the security log, the file transfer area on the active fixed disk (dloc=act) or the file transfer area on the standby fixed disk dloc=stb). The default value for this parameter is act
.
If a filename is not specified, the EAGLE specifies its own filename with this format, yymmddx.log
, where yymmdd
are the current year/month/day that the security log file was created, and x
is either a
for the copy of the security log on the active fixed disk or s
for the copy of the security log on the standby fixed disk.
The copy-seculog
command can be specified with no parameters. If the copy-seculog
command is specified with no parameters, the security log on the active fixed disk is copied to the file transfer area on the active fixed disk and is given a default name. The default name is in this format, yymmdda.log
, where yymmdd
are the current year/month/day that the security log file was created, and a
for the copy of the security log on the active fixed disk.
Figure 4-5 Copying the Security Log to the File Transfer Area
4.7 Adding a User to the System
This procedure is used to add a user to the EAGLE using the ent-user
command. This procedure can only be performed if you have been assigned the command class “Security Administration.” If the user ID does not exist in the database, the user’s characteristics cannot be changed.
Note:
This procedure can be performed on all terminals (1 - 40) if the Eagle OA&M IP Security Enhancements feature is on. If this feature is on, the entryYES
is shown for terminals 17 through 40 in the SECURE
column in the rtrv-trm
output. The output of the rtrv-ctrl-feat
command also shows if this feature is on or off. If this feature is off, this procedure can be performed only on terminals 1 through 16. If you wish to use the Eagle OA&M IP Security Enhancements feature, and the feature is not on, performActivating the EAGLE OA&M IP Security Enhancement Controlled Feature to enable and turn on this feature.
The ent-user
command uses these parameters.
:uid
– The user ID to be added to the database
:all
– The user has access to all commands in all non-configurable command classes (dbg
, link
, sys
, sa
, pu
, db
).
:dbg
– The user has access to all commands in the command class “Debug.”
:link
– The user has access to all commands in the command class “Link Maintenance.”
:sys
– The user has access to all commands in the command class “System Maintenance.”
:sa
– The user has access to all commands in the command class “Security Administration.”
:pu
– The user has access to all commands in the command class “Program Update.”
:db
– The user has access to all commands in the command class “Database Administration.”
:cc1
- :cc8
– Eight configurable command classes. These parameters specified whether or not the user has access to the commands in the specified configurable command class. The value of these parameters consist of the configurable command class name (1 alphabetic character followed by 2 alphanumeric characters), and either yes or no. The command class name and the yes or no values are separated by a dash. For example, to assign a user the permission to use the commands in configurable command class db1
, the cc1=db1-yes
parameter would be specified.
To specify any configurable command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat
command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Features to enable and turn on the Command Class Management feature. Up to 32 configurable command classes can be assigned to users. When the Command Class Management feature is enabled and turned on, the configurable command class names are given the names u01
- u32
. These command class names, the descriptions of these command classes, and the commands assigned to these command classes can be changed using Configuring Command Classes.
The ent-user
command allows up to eight configurable command classes to be assigned to the user. Perform Changing User Information to assign the other 24 configurable command classes to the user, if desired.
:page
– The amount of time, in days, that the specified user’s password can be used before the user must change their password.
If the page
parameter is not specified with the ent-user
command, the EAGLE uses the value configured for the page
parameter specified by the chg-secu-dflt
command to determine the age of the user’s password.
:uout
– The number of consecutive days that a user ID can remain active in the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout
parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID.
If the uout
parameter is not specified with the ent-user
command, the EAGLE uses the value configured for the uout
parameter specified by the chg-secu-dflt
command to determine the number of consecutive days that a user ID can remain active on the EAGLE and not be used
:revoke
– Is the specified user ID in service? Any login attempts using a revoked user ID are rejected by the EAGLE. The revoke=yes
parameter cannot be specified for a user ID assigned to the security administration command class.
The words seas
or none
cannot be used for user IDs to prevent any conflict with the use of these words in the UID field of the security log. The word none
in the UID field of the security log refers to any command that was logged that had no user ID associated with it. The word seas
refers to any command logged in the security log that entered the EAGLE on either of the SEAS terminals.
This example shows an rtrv-secu-user
command output when the Command Class Management feature is enabled and turned on. If the Command Class Management feature is not enabled and turned on, the 32 configurable command classes, shown in the following example as fields U01
- U32
, are not shown in the rtrv-secu-user
command output.
An asterisk (*) displayed after the value in the PAGE
or UOUT
fields indicates that the system-wide default page
or uout
parameter values, as configured on the chg-secu-dflt
command, is in effect for the user ID.
rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
frodo 750 0 0 NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES NO NO NO NO YES
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
manny 36 60 60 NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
NO NO NO NO YES YES YES YES YES YES YES YES YES YES YES YES
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES NO NO NO NO YES
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
moe 100 30 60 YES YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES YES YES NO NO NO
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
jack 10 30 * 30 * NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES NO NO NO NO YES YES YES YES YES NO
Canceling the RTRV-SECU-USER
Command
Because the rtrv-secu-user
command used in this procedure can output information for a long period of time, the rtrv-secu-user
command can be canceled and the output to the terminal stopped. There are three ways that the rtrv-secu-user
command can be canceled.
- Press the
F9
function key on the keyboard at the terminal where thertrv-secu-user
command was entered. - Enter the
canc-cmd
without thetrm
parameter at the terminal where thertrv-secu-user
command was entered. - Enter the
canc-cmd:trm=<xx>
, where<xx>
is the terminal where thertrv-secu-user
command was entered, from another terminal other that the terminal where thertrv-secu-user
command was entered. To enter thecanc-cmd:trm=<xx>
command, the terminal must allow Security Administration commands to be entered from it and the user must be allowed to enter Security Administration commands. The terminal’s permissions can be verified with thertrv-secu-trm
command. The user’s permissions can be verified with thertrv-user
orrtrv-secu-user
commands.
For more information about the canc-cmd
command, go to Commands User's Guide.
Figure 4-6 Adding a User to the System
Sheet 1 of 2
Sheet 2 of 2
4.8 Removing a User from the System
This procedure is used to remove a user from the EAGLE using the dlt-user
command. This procedure can only be performed if you have been assigned the command class “Security Administration.” If the user ID does not exist in the database, the user’s characteristics cannot be changed.
Figure 4-7 Removing a User from the System
4.9 Changing User Information
This procedure is used to change the characteristics of a user on the EAGLE using the chg-user
command. This procedure can only be performed if you have been assigned the command class “Security Administration.” If the user ID does not exist in the database, the user’s characteristics cannot be changed.
Note:
Thepid
parameter can be specified for this procedure on all terminals (1 - 40) if the Eagle OA&M IP Security Enhancements feature is on. If this feature is on, the entry YES
is shown for terminals 17 through 40 in the SECURE
column in the rtrv-trm
output. The output of the rtrv-ctrl-feat
command also shows if this feature is on or off. If this feature is off, the pid
parameter can be specified for this procedure only on terminals 1 through 16. If you wish to use the Eagle OA&M IP Security Enhancements feature, and the feature is not on, performActivating the EAGLE OA&M IP Security Enhancement Controlled Feature to enable and activate this feature.
The chg-user
command uses these parameters.
:uid
– The ID of a user in the database
:nuid
– New user ID – The new ID of the user specified by the uid
parameter.
:pid
– Password ID (only required if changing the password of a user) – The password of the user specified by the uid
parameter.
:all
– The user has access to all commands in all command classes.
:dbg
– The user has access to all commands in the command class “Debug.”
:link
– The user has access to all commands in the command class “Link Maintenance.”
:sys
– The user has access to all commands in the command class “System Maintenance.”
:sa
– The user has access to all commands in the command class “Security Administration.”
:pu
– The user has access to all commands in the command class “Program Update.”
:db
– The user has access to all commands in the command class “Database Administration.”
:cc1
- :cc8
– Eight configurable command classes. These parameters specified whether or not the user has access to the commands in the specified configurable command class. The value of these parameters consist of the configurable command class name (1 alphabetic character followed by 2 alphanumeric characters), and either yes or no. The command class name and the yes or no values are separated by a dash. For example, to assign a user the permission to use the commands in configurable command class db1
, the cc1=db1-yes
parameter would be specified.
To specify any configurable command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat
command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Features to enable and turn on the Command Class Management feature. Up to 32 configurable command classes can be assigned to users. When the Command Class Management feature is enabled and turned on, the configurable command class names are given the names u01
- u32
. These command class names, the descriptions of these command classes, and the commands assigned to these command classes can be changed using the Configuring Command Classes.
The chg-user
command can assign a maximum of eight configurable command classes to the user each time the chg-user
command is performed.
:page
– The amount of time, in days, that the specified user’s password can be used before the user must change their password.
If the page
parameter is not specified with the ent-user
command, the EAGLE uses the value configured for the page
parameter specified by the chg-secu-dflt
command to determine the age of the user’s password.
:uout
– The number of consecutive days that a user ID can remain active on the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout
parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID.
If the uout
parameter is not specified with the ent-user
command, the EAGLE uses the value configured for the uout
parameter specified by the chg-secu-dflt
command to determine the number of consecutive days that a user ID can remain active on the EAGLE and not be used
:revoke
– Is the specified user ID in service? Any login attempts using a revoked user ID are rejected by the EAGLE. The revoke=yes
parameter cannot be specified for a user ID assigned to the security administration command class.
:rstlsl
– resets the last successful login date for a user ID to the current date. If the user ID is out of service because the user ID has been idle longer that the value of the uout
parameter defined by either the ent-user
or chg-secu-dflt
commands, this parameter brings that user ID back into service.
This example shows an rtrv-secu-user
command output when the Command Class Management feature is enabled and turned on. If the Command Class Management feature is not enabled and activated, the 32 configurable command classes, shown in the following example as fields U01
- U32
, are not shown in the rtrv-secu-user
command output.
An asterisk (*) displayed after the value in the PAGE
or UOUT
fields indicates that the system-wide default page
or uout
parameter values, as configured on the chg-secu-dflt
command, is in effect for the user ID.
rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
frodo 750 0 0 NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES NO NO NO NO YES
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
manny 36 60 60 NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
NO NO NO NO YES YES YES YES YES YES YES YES YES YES YES YES
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES NO NO NO NO YES
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
moe 100 30 60 YES YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES YES YES YES YES YES YES YES NO NO NO
USER ID AGE PAGE UOUT REV LINK SA SYS PU DB DBG
jack 10 30 * 30 * NO YES YES YES YES YES YES
U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
YES YES YES YES YES YES NO NO NO NO YES YES YES YES YES NO
Figure 4-8 Changing User Information
Sheet 1 of 3
Sheet 2 of 3
Sheet 3 of 3
4.10 Changing a Password
There are two different procedures that can be used to change passwords. This procedure allows a specific user to change their own password using the chg-pid
command. The other procedure is for the EAGLE administrator to change the password of any user (see the Changing User Information procedure).
Rules for Changing a Password
The rules for the format of the password are determined by the chg-secu-dflt
command (see the Changing the Security Defaults procedure for more information) and are displayed in the scroll area of the terminal before the password prompt is issued, or by entering the rtrv-secu-dflt
command.
The minintrvl
parameter of the chg-secu-dflt
command defines the minimum number of days between attempts to change a password. If this attempt occurs during this interval, the password cannot be changed.
The pchreuse
parameter of the chg-secu-dflt
command defines the number of characters that cannot be reused from the current password when setting the new password. For example, if the pchreuse
parameter value is 5, no more than five characters of the current password can be reused in the new password. If the new password contains more the five characters from the current password, the new password will be rejected.
The preuse
parameter defines the number of previous passwords that cannot be used. If the preuse
parameter value is 6, the previous six passwords cannot be used. If the new password is one of the number of previous passwords defined by the preuse
parameter, the new password will be rejected.
When the password is being changed with the chg-pid
command, the minimum requirements for passwords are displayed after the current password is entered at the Enter Old Password:
prompt.
The password is not case sensitive. For security reasons, the password is never displayed on the terminal.
Note:
This procedure can be performed on all terminals (1 - 40) if the Eagle OA&M IP Security Enhancements feature is on. If this feature is on, the entryYES
is shown for terminals 17 through 40 in the SECURE
column in the rtrv-trm
output. The output of the rtrv-ctrl-feat
command also shows if this feature is on or off. If this feature is off, this procedure can be performed only on terminals 1 through 16. If you wish to use the EAGLE OA&M IP Security Enhancements feature, and the feature is not on, go to the Activating the EAGLE OA&M IP Security Enhancement Controlled Feature procedure to enable and activate this feature.
Figure 4-9 Changing a Password
4.11 Changing Terminal Characteristics
This procedure is used to change the characteristics of a terminal, except for the SEAS terminal and a measurements terminal for an EAGLE containing a maximum of 700 signaling links, using the chg-trm
command.
To configure a measurements terminal for an EAGLE containing a maximum of 700 signaling links, go to the Configuring the Measurements Terminal for an EAGLE Containing 700 Signaling Links procedure.
To configure a SEAS terminal, refer to the Configuring SEAS Terminals procedure.
The communication attributes can be changed on any terminal except on the terminal you are logged on to. The message output group assignments can be changed on any terminal, including the terminal you are logged on to. The chg-trm
command uses these parameters.
:trm
– terminal numbers (1 - 40, terminals 1-16 are serial terminals, terminals 17-40 are telnet terminals).
:baud
– Serial port baud rate (2400, 4800, 9600, or 19200, 38400, 57600, 115200). Values 38400, 57600, and 115200 are only valid when the OAMHC is used.
:sb
– The number of stop bits used in communications with the device (1 or 2).
:prty
– Parity used by the device (odd, even, none).
:type
– The type of device being connected (See the "Terminal Types" section).
:fc
– The type of flow control used between the EAGLE and the output devices. (sw - software, hw - hardware, both - hardware and software, none).
Note:
Hardware flow control (fc=hw
) and both hardware and software flow control (fc=both
) are not supported for the terminal if the EAGLE contains E5-TDMs. Part of the terminal output may be lost if hardware flow control or both hardware and software flow control are specified for the terminal when the EAGLE contains E5-TDMs.
:tmout
– The maximum amount of time, in minutes, that a login session on the specified port can remain idle (that is, no user input) on the port before being automatically logged off. (0 - 99, see the "Security Parameters" section).
:mxinv
– The login failure threshold – The number of login attempt failures or attempts to unlock a terminal that can occur on the terminal before the terminal is disabled. (0 - 9, see the "Security Parameters" section).
:dural
– The length of time that the terminal is disabled after the login failure threshold has been exceeded. (See the "Security Parameters" section).
:all
– Specifies whether or not all unsolicited messages are displayed on the specified terminal (yes or no).
:traf
– Specifies whether or not traffic related unsolicited messages are displayed on the specified terminal (yes or no).
:link
– Specifies whether or not link maintenance related unsolicited messages are displayed on the specified terminal (yes or no).
:sa
– Specifies whether or not security administration related unsolicited messages are displayed on the specified terminal (yes or no).
:db
– Specifies whether or not database related unsolicited messages are displayed on the specified terminal (yes or no).
:sys
– Specifies whether or not system maintenance related unsolicited messages are displayed on the specified terminal (yes or no).
:pu
– Specifies whether or not program update related unsolicited messages are displayed on the specified terminal (yes or no).
:uimrd
– Specifies whether or not UIM redirect related unsolicited messages are displayed on the specified terminal (yes or no).
:appserv
– Specifies whether or not application server related unsolicited messages are displayed on the specified terminal. (yes or no).
:appss
– Specifies whether or not application subsystem related unsolicited messages are displayed on the specified terminal (yes or no).
:card
– Specifies whether or not card related unsolicited messages are displayed on the specified terminal (yes or no).
:clk
– Specifies whether or not clock related unsolicited messages are displayed on the specified terminal (yes or no).
:dbg
– Specifies whether or not debug related unsolicited messages are displayed on the specified terminal (yes or no).
:gtt
– Specifies whether or not global title translation related unsolicited messages are displayed on the specified terminal (yes or no).
:gws
– Specifies whether or not gateway screening related unsolicited messages are displayed on the specified terminal (yes or no).
:meas
– Specifies whether or not measurements maintenance related unsolicited messages are displayed on the specified terminal (yes or no).
:mon
– Specifies whether or not unsolicited messages related to the Sentinel monitoring functions are displayed on the specified terminal (yes or no).
:mps
– Specifies whether or not MPS related unsolicited messages are displayed on the specified terminal (yes or no).
:seas
– Specifies whether or not SEAS maintenance related unsolicited messages are displayed on the specified terminal (yes or no).
:logintmr
– the login timer. This parameter specifies the maximum time for logging on to the telnet terminal after selecting the terminal. This timer makes sure the user logs in with in the configured time and terminal does not remain idle. The value for this timer can be from 3 seconds to 600 seconds. An additional value none
indicates that the user has an indefinite amount of time to login on the telnet terminal. The system default value for this parameter is none
. This parameter can be specified only for telnet terminals (type=telnet
).
:logouttmr
– the logout timer. This parameter specifies the maximum time the telnet session remains open after the user manually or automatically logs out. The value for this timer can be from 0 to 1200 seconds. An additional value none
indicates that the telnet session is never closed when the user logs out. The system default value for this parameter is none
. This parameter can be specified only for telnet terminals (type=telnet
).
:pngtimeint
– the ping timer interval. This parameter specifies the amount of time that must pass before the IPSM initiates a new ping cycle. The value for this timer can be from 100 to 1200000 milliseconds. An additional value none
indicates that pinging does not occur. The system default value for this parameter is none
. This parameter can be specified only for telnet terminals (type=telnet
) and EMSALM terminals (type=emsalm
).
:pngfailcnt
– This parameter specifies the number of consecutive ping fails that must occur before the telnet connection is dropped. The value for this timer can be from 1 to 10. The system default value for this parameter is 1. This parameter can be specified only for telnet terminals (type=telnet
) and EMSALM terminals (type=emsalm
).
The messages assigned to the output message groups defined by the traf
, db
, link
, sa
, sys
, pu
, uimrd
, appserv
,
appss
, card
, clk
, dbg
, gtt
, gws
, meas
, mon
, mps
, and seas
parameters are listed in
Unsolicited Alarm and Information Messages Reference .
Certain UIMs (unsolicited information messages) can be assigned to the UIM Redirect output group or remain in their original output message group. The uimrd
parameter of the chg-trm
command and the on=uimrd
and off=uimrd
parameters of the chg-stpopts
command determine which output groups these UIMs are assigned to and how the EAGLE handles them.
The on=uimrd
parameter of the chg-stpopts
command tells the EAGLE to put these UIMs in the unsolicited UIM Redirect output message group. If the off=uimrd
parameter is specified with the chg-stpopts
command, the messages remain in their original output message group. The on=uimrd
parameter value of the chg-stpopts
command is shown in the UIMRD
row of the rtrv-stpopts
output as the value yes
. The off=uimrd
parameter value of the chg-stpopts
command is shown in the UIMRD
row of the rtrv-stpopts
output as the value no
. The uimrd=yes
parameter of the chg-trm
command allows the specified terminals to receive unsolicited UIM redirect output messages.
Table 4-2 shows the combination of the values of both uimrd
values and how the EAGLE handles the messages. The unsolicited output group message assignments are listed in Unsolicited Alarm and Information Messages Reference.
Table 4-2 UIMRD Parameter Combinations
UIMRD value of the terminal | UIMRD STP option value | Action |
---|---|---|
No |
No (See Note 1) |
The UIMs remain in their original output message group and are output to terminals receiving messages from the original output message group. |
No |
Yes (See Note 2) |
The UIMs are in the UIM Redirect output group but are not output to any terminal. |
Yes |
No (See Note 1) |
The UIMs remain in their original output message group and are output to terminals receiving messages from the original output message group. Even though the No UIM redirect messages are output to any terminal. |
Yes |
Yes (See Note 2) |
The UIMs are in the UIM Redirect output group and are output to terminals receiving unsolicited UIM redirect messages. |
Notes:
|
If the type=vt320
or type=sccs
parameters are specified, the value of the prty
parameter cannot be none
. The value of the prty
parameter must be either odd
or even
.
The EAGLE requires at least two terminals assigned to the Security Administration command class. The terminal type of a terminal assigned to the Security Administration command class cannot be changed to these terminal types, printer (:type=printer
) or none (:type=none
) if the change would leave the EAGLE with only one terminal assigned to the Security Administration command class. The command class assignments of the terminal are shown with the rtrv-secu-trm
command. If the terminal type is being changed to either printer
or none
, go to the Changing Terminal Command Class Assignments procedure and make sure that the command class assignment for the terminal being changed does not have the Security Administration command class assigned to it, or change the command class assignment of another terminal to include the Security Administration command class.
If the all=yes
parameter and the traf
, db
, link
, sa
, sys
, pu
, uimrd
, appserv
,
appss
, card
, clk
, dbg
, gtt
, gws
, meas
, mon
, mps
, or seas
parameters are specified, for example, chg-trm:trm=1:all=yes:pu=no
; all the message output
groups are set to yes
with the exception of the
message output groups specified in the chg-trm
command which are set to no
. In this example,
the value of all the message output groups is yes
(all=yes
) with the exception
of the program update message output group which has the value no
(pu=no
).
If the all=no
parameter is specified for a SEAS terminal (type=seas
), all the output group values are changed to NO
except for the SEAS
output group. The SEAS
output group value remains set to YES
and this message is displayed.
SEAS Output Group is SET for SEAS terminal <terminal number>
The total value of the terminals’ baud rate cannot be greater than 172,032. If the total baud rate of the terminals exceeds 172,032, change the baud rates of the terminals so that the total baud rate is not greater than 172,032.
Only four terminals should be configured to receive unsolicited system maintenance messages (:sys=yes
).
If the communication attributes (baud
, sb
, prty
, and fc
) or the terminal type (type
) for the terminal are being changed, the terminal must be placed out of service with the rmv-trm
command before the changes can be made.
If only the output message group or security (tmout
, mxinv
, dural
) parameters are being changed, the terminal can remain in service when the chg-trm
command is executed.
Terminal Types
There are nine terminal types that can be used on the EAGLE.
The VT320
type is the standard terminal used for entering commands, displaying command responses, displaying periodic system status information at screen specific locations, and scrolling unsolicited messages.
The PRINTER
type is used with printers for recording UAMs, UIMs and echoed command responses.
The KSR
type mimics older style teleprinters (that is, printers with a keyboard).
The SCCS
type is used for some network monitoring and surveillance applications. SCCS terminals are the same as KSR terminals, except a pre-defined “start-of-message” character is added to indicate the beginning of a new command response or unsolicited message.
The NONE
type is typically used to indicate unused terminals.
The MGMT
terminal type, or management terminal, provides a machine to machine messaging interface between the EAGLE and the customer’s network to provide network surveillance.
The TELNET
terminal type provides up to 24 IP based connections to the EAGLE’s user interface using a telnet client, in addition to the 16 RS-232 terminals. The telnet terminals are numbered from 17 to 40. The telnet terminals are configured automatically when the IP User Interface (Telnet) feature is enabled and activated, and when the IPSMs are configured in the database. The EAGLE can have 3 IPSMs, with each IPSM supporting eight telnet terminals. The baud
, prty
, sb
, and fc
parameters cannot be specified with the chg-trm
command for a telnet terminal, but all other terminal parameters can be specified and changed for a telnet terminal. For terminals 17 to 40, the values for the type
parameter can be only telnet
, none
, or emsalm
.
Note:
If thechg-trm
command is executed
from a telnet terminal (terminals 17 to 40), only the output group parameters
(all
, traf
,
link
, sa
,
db
, sys
,
pu
, uimrd
,
appserv
, appss
, card
, clk
, dbg
, gtt
, gws
, meas
, mon
, mps
, seas
) and the
terminal type can be changed.
The EMSALM
terminal type provides an alarm monitoring capability that displays only UAMs and system alive messages generated by the EAGLE. UIMs and autonomous reports are not displayed on the EMSALM terminals, even if the output group settings for these terminals would allow these messages to be displayed on these terminals.
Caution:
EMSALM terminals can accept login requests and commands; however, these operations may interfere with the alarm monitoring functions of the EMSALM terminals and should be performed on another terminal.The EMSALM
terminal type can be assigned to any terminal, serial (terminals 1 to 16) or telnet (terminals 17 to 40). When the terminal type is changed to emsalm
, all the output message group settings for that terminal are set to yes
, even if any of the output message groups were set to no
before the terminal type change. These output message group settings can be changed, if desired. The communications attributes (baud
, prty
, sb
, fc
) and security parameter values (tmout
, mxinv
, dural
) are not changed.
Caution:
It is recommended that all the output message group settings for an EMSALM terminal are set toyes
. Changing any of the output message group settings to no
could prevent alarm messages controlled by the output message group from being displayed on the EMSALM terminal.
Caution:
If a terminal dedicated to measurements collection is configured (see the Configuring the Measurements Terminal for an EAGLE Containing 700 Signaling Links procedure), it is recommended that this terminal is not changed to an EMSALM terminal.When the terminal type is changed from emsalm
to another terminal type, the output message group settings, communications attributes, and security parameter values are not changed.
When assigning the EMSALM
terminal type to a serial
terminal, the communication attribute (baud
,
prty
, sb
,
fc
), security (tmout
, mxinv
, dural
), and output group (traf
, db
, link
, sa
, sys
, uimrd
, appserv
, appss
,
card
, clk
,
dbg
, gtt
,
gws
, meas
,
mon
, mps
,
seas
) parameters values can be changed.
When assigning the EMSALM
terminal type to a telnet
terminal, only the security (tmout
, mxinv
, dural
), and
output group (traf
, db
, link
, sa
, sys
, pu
, uimrd
, appserv
, appss
, card
, clk
, dbg
, gtt
, gws
, meas
, mon
, mps
, seas
) parameters values can be changed.
The SEAS
terminal type is used to provide a path between the EAGLE and the CCS MR to support the SEAS over IP feature. The SEAS terminal type is not used in this procedure. To configure a terminal as a SEAS terminal, refer to the Configuring SEAS Terminals procedure.
Security Parameters
The monitoring of a terminal’s idle time (tmout
) and the automatic logout function only applies to terminal types VT320 (type=vt320
), KSR, (type=ksr
), SCCS (type=sccs
), and MGMT (type=mgmt
). The tmout
parameter can be specified with other terminal types, but it will have no effect. The system default value for the tmout
parameter is 30 minutes. The tmout=0
parameter value allows the terminal to remain idle indefinitely without being automatically logged off.
To impose a temporary lockout of a terminal after a particular number of login attempt failures or a particular number of attempts to unlock a terminal have occurred, the mxinv
and dural
values for that terminal must be greater than 0.
The mxinv=0
parameter value prevents any temporary lockout of the terminal regardless of the number of successive failed login or unlock attempts that were made at the terminal. No messages are issued regarding the temporary lockout. This action applies even if the dural
parameter value is greater than 0.
The dural=0
parameter prevents the terminal from being temporarily locked out. If the mxinv
parameter value is greater than 0 and the dural
parameter value is 0, the EAGLE issues messages concerning login failure threshold, but the terminal will not be locked out.
The value of the dural
parameter can be expressed in seconds (0 - 59), minutes and seconds (0 - 5959), or hours, minutes, and seconds (0 - 995959). The value 999999
for the dural
parameter disables the terminal, when the login failure threshold has been exceeded, for an indefinite period of time. A terminal that is disabled for an indefinite period of time is identified by the entry INDEF
in the DURAL
field of the rtrv-trm
command output. A terminal disabled indefinitely can only be restored to service by inhibiting the terminal with the rmv-trm
command, then placing it into service with the rst-trm
command.
When the EAGLE is delivered to the user, the mxinv
and dural
parameters will be set to these values:
:mxinv = 5
:dural = 0100
(1 minute, 0 seconds)
The RTRV-TRM Output
The output of the rtrv-trm
command is displayed in two parts. The first part displays the communication and security attributes of the terminal. The communication attributes of the terminal, BAUD
, PRTY
(parity), SB
(stop bits), and DBTS
(data bits), are displayed in the COMM
field of the rtrv-trm
output and are displayed in this format: BAUD–DBTS–PRTY–SB. The type of flow control used by the terminal is shown in the FC
field. The security attributes of the terminal are shown in the TMOUT
, MXINV
, and DURAL
fields. The second part of the rtrv-trm
command output displays the types of unsolicited messages the terminal may receive. An example of the rtrv-trm
command output is shown in this example.
rlghncxa03w 06-10-01 16:02:08 GMT EAGLE5 36.0.0
TRM TYPE COMM FC TMOUT MXINV DURAL
3 VT320 9600-7-E-1 SW 30 5 99:59:59
TRM TRAF LINK SA SYS PU DB UIMRD
3 NO YES NO YES NO YES YES
APP APP
TRM SERV SS CARD CLK DBG GTT GWS MEAS MON MPS SEAS
3 YES YES YES YES YES YES YES YES YES YES NO
In this example, terminal 3 is running at 9600 baud with 7 data bits, even parity, and 1 stop bit.
COMM
and FC
fields are not displayed in the rtrv-trm
output. The following items are displayed for these terminals in addition to the security attributes and the types of unsolicited messages the terminal may receive. An example rtrv-trm
output example follows the list.
- The card location of the IPSM associated with the terminals.
- The security status of the terminal is displayed in the
SECURE
field. If the Eagle OA&M IP Security Enhancements feature is on, the terminal is secure. The entryyes
is shown in theSECURE
field. If the Eagle OA&M IP Security Enhancements feature is off, the terminal is not secure. The entryno
is shown in theSECURE
field. Controlled Feature Activation Procedures contains the procedures to enable and turn on, or turn off the Eagle OA&M IP Security Enhancements feature. - The login timer (
LOGINTMR
), logout timer (LOGOUTTMR
), ping time out timer (PNGTIMEINT
), and the ping fail count (PNGFAILCNT
) values.
rlghncxa03w 06-10-01 16:02:08 GMT EAGLE5 39.0.0
TRM TYPE LOC TMOUT MXINV DURAL SECURE
30 TELNET 1204 60 0 00:00:00 no
TRM LOGINTMR LOGOUTTMR PNGTIMEINT PNGFAILCNT
(sec) (sec) (msec)
30 none none none 1
TRM TRAF LINK SA SYS PU DB UIMRD
30 YES YES YES YES YES YES YES
APP APP
TRM SERV SS CARD CLK DBG GTT GWS MEAS MON MPS SEAS
30 YES YES YES YES YES YES YES YES YES YES NO
Using Telnet Terminals in Place of Serial Terminals
If the Eagle OA&M IP Security feature is disabled and turned off , serial terminals must be connected to the EAGLE and provisioned in the database because Security Administration commands cannot be executed from a telnet terminal.
If the Eagle OA&M IP Security feature is enabled and on, Security Administration commands, in addition to all other commands, can be executed from a telnet terminal only if the Eagle OA&M IP Security feature is enabled and on. The ability to execute commands from a particular terminal is dependent on the terminal command class assignments for that terminal. Even with the ability to execute most EAGLE commands from a telnet terminal, it is recommended that at least two serial terminals remain connected to the EAGLE. The act-echo
, lock
, and unlock
commands cannot be executed from a telnet terminal. These terminals should be configured with at least Security Administration command class privileges.
By having serial terminals connected to the EAGLE, the user would still have access to the EAGLE in the event of a telnet terminal connection failure.
Upgrades of the EAGLE from a telnet terminal are not supported. When the EAGLE is upgraded, the MASPs are upgraded first, followed by the various cards in the EAGLE. The cards are upgraded by taking the cards out of service, then placing the cards back into service. When the IPSMs are taken out of service, the telnet sessions running on the IPSMs are disabled. This can result in losing the telnet terminal connection to the EAGLE. The Expanded Terminal Output Groups feature can create a situation where UIMs required for the upgrade would not be displayed on the same telnet terminal that initiated the upgrade. The upgrade would be difficult to complete if the UIMs generated during the upgrade are not displayed on the same telnet terminal that initiated the upgrade.
The EAGLE upgrade procedure recommends that some method to capture command input and output during the upgrade process is used. The telnet terminals do not support capturing the input and output, nor can the EAGLE’s act-echo
command be used on a telnet terminal. Because of this limitation, the upgrade procedure should not be executed from a telnet terminal.
For any EAGLE release, whether the Eagle OA&M IP Security feature is enabled or not, if applicable, Kermit file transfers, required for the Security Log feature, are not supported from telnet terminals. The Kermit file transfers can be performed only from a serial terminal.
Figure 4-10 Changing Terminal Characteristics
Sheet 1 of 6
Sheet 2 of 6
Sheet 3 of 6
Sheet 4 of 6
Sheet 5 of 6
Sheet 6 of 6
4.12 Changing Terminal Command Class Assignments
This procedure is used to change the assignment of command classes to a terminal using the chg-secu-trm
command. This procedure can only be performed if you have been assigned the command class “Security Administration.” This can be useful to restrict the types of commands that can be entered on an EAGLE terminal. This procedure can only be performed if you and the terminal have been assigned the command class “Security Administration.” The EAGLE commands are grouped into these command classes.
- Basic
- Database Administration
- Debug
- Link Maintenance
- Program Update
- Security Administration
- System Maintenance
- 32 Configurable Command Classes
With the chg-secu-trm
command, only six of these command classes can be assigned to a terminal. The Basic command class is automatically assigned to every terminal and to every user and is not configurable. Refer to the Commands Manual for a list of command classes and the commands assigned to them.
The chg-secu-trm
command uses these parameters.
:trm
– The terminal number 1-16.
:all
– The commands in all non-configurable command classes (dbg
, link
, sys
, sa
, pu
, db
) can be entered on the specified terminal.
:db
– Database Administration commands can be entered on the specified terminal.
:dbg
– Debug commands can be entered on the specified terminal.
:link
– Link Maintenance commands can be entered on the specified terminal.
:pu
– Program Update commands can be entered on the specified terminal.
:sa
– Security Administration commands can be entered on the specified terminal.
:sys
– System Maintenance commands can be entered on the specified terminal.
:cc1
- :cc8
– Eight configurable command classes. These parameters specify whether or not the commands in the specified configurable command class can be entered on the specified terminal. The value of these parameters consist of the configurable command class name (1 alphabetic character followed by 2 alphanumeric characters), and either yes or no. The command class name and the yes or no values are separated by a dash. For example, to allow commands in the configurable command class db1
from terminal 5, the cc1=db1-yes
parameter would be specified in the chg-secu-trm
command for terminal5.
To specify any configurable command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat
command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Features to enable and turn on the Command Class Management feature. Up to 32 configurable command classes can be assigned to terminals. When the Command Class Management feature is enabled and turned on, the configurable command class names are given the names u01
- u32
. These command class names, the descriptions of these command classes, and the commands assigned to these command classes can be changed using Configuring Command Classes.
The chg-secu-trm
command allows up to eight configurable command classes to be assigned to a terminal each time the chg-secu-trm
command is performed.
If the all=yes
parameter and the db
, dbg
, link
, pu
, sa
, sys
parameter values are specified as no
, for example, chg-secu-trm:trm=1:all=yes:pu=no
; all commands can be entered on the specified terminal except those commands in the command class specified with the chg-secu-trm
command. In this example, all commands can be entered on terminal 1 except for program update commands.
The terminal command class assignments cannot be changed for the specified terminal if a user is currently logged onto that terminal. This can be verified with the rept-stat-user
command.
At least two terminals in the EAGLE must always be assigned to the security administration command class to prevent the EAGLE from becoming unadministerable.
It is possible that a terminal with the terminal type of printer
or none
can be assigned to the Security Administration command class. Terminals with these terminal types are not counted as having Security Administration authority since commands cannot be administered from these terminal types and is shown in the rtrv-secu-trm
output report as “***
”instead of yes
.
When the EAGLE is delivered to the user, the terminal command class assignments will be set to the system default values for these parameters.
all = no
db = no
dbg = no
link = no
pu = no
sa = yes
sys = no
The examples in this procedure are used to change the command class assignments to the terminal assigned to port 4 to these values: Link Maintenance = yes, Security Administration = no, Program Update = yes, Database Administration = yes.
Figure 4-11 Changing Terminal Command Class Assignments
Sheet 1 of 2
Sheet 2 of 2
4.13 Configuring Command Classes
This procedure is used to assign different names to the 32 configurable command classes, and to assign commands to these configurable command classes.
The EAGLE still has the non-configurable command classes: Basic, Database Administration, Debug, Link Maintenance, Program Update, Security Administration, System Maintenance.
The Command Class Management feature allows commands from any of these non-configurable command classes to placed into another command class, which can be assigned to a user or terminal. This gives greater control over the commands that users can use, and to the commands that can be executed from a given terminal. For example, a user needs to use only these commands: rtrv-card
, rtrv-ls
, rtrv-slk
, rtrv-dstn
, rtrv-rte
, rtrv-user
, rtrv-secu-user
, rept-stat-db
, rept-stat-card
, rept-stat-slk
, rept-stat-ls
, rtrv-gpl
, rept-stat-gpl
, rept-stat-rte
, rept-meas
.
To give this user access to these commands without the Command Class Management feature would require the user to be assigned to these command classes: Database, Security Administration, System Maintenance, Program Update, and Link Maintenance. In addition to giving access to the commands this user needs, this user has access to all the commands in these command classes. This would also allow the user to add, change, or remove database entities (cards, signaling links, routes, etc.), to inhibit signaling links, enable features with either the chg-feat
or enable-ctrl-feat
command that you may not want turned on.
The Command Class Management feature allows these commands to be placed in their own command class which can be assigned to the user. Once the new command class is configured with these commands, the commands will be in their original command classes as well as the new configured command class. The user can be restricted to executing the commands in the new configured command class.
Commands can also be removed from configurable command classes.
When the Command Class Management controlled feature is enabled and activated, these command classes are created with the names U01, U02, U03, ... U32. The names of these command classes, and the descriptions of these command classes can be changed with the chg-cmdclass
command. The chg-cmdclass
command uses these parameters.
:class
– The current class name, shown in the rtrv-cmdclass
command output.
:nclass
– The new command class name consisting of 1 alphabetic character and 2 alpha-numeric characters.
:descr
– The description of the new command class consisting of 1 alphabetic character and up to 31 alpha-numeric characters, enclosed in double quotes.
Commands can be assigned to these configurable command classes using the chg-cmd
command. The chg-cmd
command uses these parameters.
:cmd
– The command being added or removed from the configurable command class.
:class1
- :class8
– The name of the configurable command class that command is being added to or removed from with either yes (to add the command) or no (to remove the command) separated by a dash. For example, to add a command to configurable class db1
, the class1=db1-yes
parameter would be specified.
Up to eight configurable command classes can be specified with the chg-cmd
command. To assign the command to more than eight configurable command classes, the repeat chg-cmd
command until the desired number of configurable command classes, up to 32, have been specified.
To configure command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat
command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Featuresto enable andturn on the Command Class Management feature.
Figure 4-12 Configuring Command Classes
Sheet 1 of 2
Sheet 2 of 2
4.14 Adding a Shelf
This procedure is used to add a shelf to the database using the ent-shlf
command. The shelf may not already exists in the database. The control shelf (Shelf 1100) cannot be added to the database. The ent-shlf
command uses these parameters.
:type
– The shelf type. There is only one shelf type that can be added to the database, an extension shelf, shown by the value for this parameter as ext
.
:loc
– The shelf location
The examples in this procedure are used to add an extension shelf to frame 3 of the EAGLE.
Figure 4-13 Adding a Shelf
4.15 Removing a Shelf
This procedure is used to remove a shelf from the database using the dlt-shlf
command. If the shelf to be removed does not exist in the database, it cannot be removed. The control shelf (Shelf 1100) cannot be removed from the database. The dlt-shlf
command has only one parameter, loc
, which is the location of the shelf.
Before a shelf can be removed from the database, all of the cards in that shelf must be removed from the database. The procedures for removing these cards are based on the application that is assigned to these cards. Table 4-3 shows the location of these procedures.
Table 4-3 Card Removal Procedures
Card Application | Procedure |
---|---|
SS7ANSI, ATMANSI, CCS7ITU, ATMITU |
"Removing an E1 Card" in the Database Administration - SS7 User's Guide "Removing a T1 Card" in the Database Administration - SS7 User's Guide |
VSCCP |
"Removing a Service Module" in the Database Administration - GTT User's Guide |
GLS |
"Removing a GLS Card" in the Database Administration - GWS User's Guide |
IPLIM, IPLIMI, SS7IPGW, IPGWI |
"Removing an IPLIMx Card" or "Removing an IPGWx Card" in the Database Administration - IP7 User's Guide |
IPSG | "Removing an IPSG Card" in the Database Administration - IP7 User's Guide |
EROUTE |
“Removing an STC Card” in the Database Administration - Features User's Guide |
MCP |
|
IPS |
Caution:
If any card in the shelf is the last card of that type in service, removing that card from the database will cause the traffic handled by that card to be lost or the feature requiring that card to be disabled. See Table 4-4 for a description of the effect that removing the last card type that is in service has on the EAGLE.Table 4-4 Effect of Removing the Last In-Service Card Type from the Database
Card type | Application assigned to card | Effect on the EAGLE |
---|---|---|
LIMDS0, LIME1, LIMT1, LIMCH |
SS7ANSI |
ANSI traffic is lost. |
LIMATM |
ATMANSI |
|
LIME1, LIMT1, LIMCH |
CCS7ITU |
ITU traffic is lost. |
LIME1ATM |
ATMITU |
|
DSM |
VSCCP |
Global title translation traffic is lost. If any of the GTT-related features are enabled, the traffic for those features is also lost. Refer to the "Adding a Service Module" procedure in the Database Administration - GTT User's Guide for a list of the GTT-related features. |
TSM |
GLS |
Gateway screening feature is disabled. |
DCM |
IPLIM |
Point-to-point connectivity for IP7 Secure Gateway functions in ANSI networks is disabled. |
IPLIMI |
Point-to-point connectivity for IP7 Secure Gateway functions in ITU networks is disabled. |
|
SS7IPGW |
Point-to-multipoint connectivity for IP7 Secure Gateway functions in ANSI networks is disabled. |
|
IPGWI |
Point-to-multipoint connectivity for IP7 Secure Gateway functions in ITU networks is disabled. |
|
ENET | IPSG | Traffic carried by the IPSG card is lost. |
STC |
EROUTE |
Monitoring of the EAGLE by the EAGLE 5 Integrated Monitoring Support feature is disabled. |
MCPM |
MCP |
The Measurements Platform feature is disabled. |
IPSM |
IPS |
IP Telnet sessions and the IP User Interface (Telnet) feature are disabled. |
The shelf being removed in this procedure cannot be removed if the shelf is the only provisioned shelf in the frame and the frame is in the Frame Power Alarm Threshold table. The Frame Power Alarm Threshold table is shown in the rtrv-frm-pwr
command output. If the frame is shown in the rtrv-frm-pwr
output, and the shelf is the only shelf in the frame, perform the Removing an Entry from the Frame Power Alarm Threshold Table procedure to remove the frame from the Frame Power Alarm Threshold table.
The examples in this procedure are used to remove shelf 2100 from the database.
Figure 4-14 Removing a Shelf
4.16 Adding an SS7 LIM
This procedure is used to add a low-speed SS7 LIM (link interface module) to the database using the ent-card
command. The SS7 LIM cannot be added if it exists in the database.
:loc
– The location of the card being added to the database.:type
– The type of card being added to the database - limds0.:appl
– The application software that is assigned to the card - ss7ansi.
The ent-card
command also contains the force
parameter. If the global title translation feature is on, the force=yes
parameter allows the LIM to be added to the database even if the current SCCP transactions-per-second threshold is unable to support the additional SCCP transaction-per-second capacity created by adding the LIM. This parameter is obsolete and is no longer used.
There are other cards that support signaling links that are provisioned with the ent-card
command. These cards are provisioned in the following procedures. These cards can also be used to provision ITU signaling links.
- Cards for E1 signaling links are configured in the database using the procedures in Appendix A, “E1 Interface,” in Database Administration - SS7 User's Guide.
- Cards for T1 signaling links are configured in the database using the procedures in Appendix B, “T1 Interface,” in Database Administration - SS7 User's Guide.
- Cards for ATM high-speed signaling links are configured in the database using the procedures in Appendix C, “ATM Signaling Link Configuration,” in the Database Administration - SS7 User's Guide.
- IP cards (cards used for IP links) are configured in the database using the procedures in Database Administration - IP7 User's Guide.
The shelf to which the card is to be added, must already be in the database. This can be verified with the rtrv-shlf
command. If the shelf is not in the database, see the Adding a Shelf procedure.
Figure 4-15 Adding an SS7 LIM
4.17 Removing an SS7 LIM
This procedure is used to remove an SS7 LIM (link interface module) from the database using the dlt-card
command. The card cannot be removed if it does not exist in the database.
No SS7 signaling links can be assigned to the card you wish to remove from the database.
Caution:
If the SS7 LIM is the last SS7 LIM in service, removing this card from the database will cause SS7 traffic to be lost and isolate the EAGLE from the network.
Note:
1. LIM-E1 or LIMCH cards for E1 signaling links are removed from the database using the procedures in Appendix A, "E1 Interface" in Database Administration - SS7 User's Guide.
2. LIM-T1 or LIMCH cards for T1 signaling links are removed from the database using the procedures in Appendix B, "T1 Interface" in Database Administration - SS7 User's Guide.
3. IP cards (DCMs used for IP links) are removed from the database using the procedures in Database Administration - IP7 User's Guide.
The examples in this procedure are used to remove the SS7 LIMs in card location 1201, 1311, and 1318.
Canceling the REPT-STAT-CARD
Command
Because the rept-stat-card
command used in this procedure can output information for a long period of time, the rept-stat-card
command can be canceled and the output to the terminal stopped. There are three ways that the rept-stat-card
command can be canceled.
- Press the
F9
function key on the keyboard at the terminal where therept-stat-card
command was entered. - Enter the
canc-cmd
without thetrm
parameter at the terminal where therept-stat-card
command was entered. - Enter the
canc-cmd:trm=<xx>
, where<xx>
is the terminal where therept-stat-card
command was entered, from another terminal other that the terminal where therept-stat-card
command was entered. To enter thecanc-cmd:trm=<xx>
command, the terminal must allow Security Administration commands to be entered from it and the user must be allowed to enter Security Administration commands. The terminal’s permissions can be verified with thertrv-secu-trm
command. The user’s permissions can be verified with thertrv-user
orrtrv-secu-user
commands.
For more information about the canc-cmd
command, go to Commands User's Guide.
Figure 4-16 Removing an SS7 LIM
Sheet 1 of 2
Sheet 2 of 2
4.18 Configuring the UIM Threshold
This procedure is used to configure the threshold (the number of times during a specified period of time) a specific UIM (unsolicited information message) is displayed at an EAGLE terminal using the set-uim-acthresh
command.
The set-uim-acthresh
command uses these parameters.
:uimn
– The number of the UIM that the threshold is being created for, or the threshold being changed. The number of the UIM must exist in the EAGLE. See Unsolicited Alarm and Information Messages Reference for a list of the UIMs that can be displayed.
:limit
– The number of UIMs that can be displayed in the amount of time specified by the intrvl
parameter.
:intrvl
– The amount of time, in minutes, that the number of UIMs specified by the limit
parameter can be displayed at the EAGLE terminal.
:force
– The force=yes
parameter allows the limit
parameter to be set to 0 should the conditions at the EAGLE make this action necessary. Setting the limit
parameter to 0 prevents the specified UIM, and the information contained in the UIM, from being displayed at the EAGLE terminal. It is highly recommended that the limit
parameter value is not set to 0.
When the limit=0
and the force=yes
parameters are specified with the set-uim-acthresh
command, this message appears in the scroll area of the terminal display.
Caution: Setting LIMIT=0 suppresses UIM permanently
When creating a new UIM threshold, both the limit
and intrvl
parameters must be specified with the set-uim-acthresh
command.
If you are changing an existing UIM threshold, either the limit
or intrvl
parameters must be specified with the set-uim-acthresh
command.
The examples used in this procedure change the time interval for the existing UIM threshold for UIM 1155 from 30 minutes to 20 minutes, the number of UIMs displayed for existing UIM threshold for UIM 1162 from 100 to 25, and to create a new UIM threshold to display UIM 1075 for 175 times in 30 minutes. These changes are shown in Table 4-5.
Table 4-5 Example UIM Threshold Configuration
UIM Number | Old Limit | Old Time Interval | New Limit | New Time Interval |
---|---|---|---|---|
1155 |
50 |
30 |
No Change |
20 |
1162 |
100 |
5 |
25 |
No Change |
1075 |
N/A |
N/A |
175 |
30 |
Figure 4-17 Configuring the UIM Threshold
4.19 Removing a UIM Threshold
This procedure is used to remove a UIM threshold from the database using the dlt-uim-acthresh
command. The dlt-uim-acthresh
command has only one parameter, uimn
, which specifies the UIM number of the UIM threshold that is being removed from the database.
The UIM threshold must be in the database.
The example in this procedure removes the UIM threshold for UIM 1216 from the database.
Figure 4-18 Removing a UIM Threshold
4.20 Configuring the Measurements Terminal for an EAGLE Containing 700 Signaling Links
This procedure is used to configure a terminal to collect measurement reports on an EAGLE that contains from 501 to 700 signaling links. The chg-trm
command is used to configure this terminal and uses these parameters to configure this terminal.
Note:
The terminal being configured in this procedure must be terminals 1 through 16. Telnet terminals cannot be specified in this procedure.:trm
– Serial port number
:baud
– Serial port baud rate
:sb
– The number of stop bits used in communications with the device
:prty
– Parity used by the device
:type
– The type of device being connected.
:fc
– The type of flow control used between the EAGLE and the output devices (vt320 terminal, modem, printer, or KSR terminal).
:tmout
– The maximum amount of time that a login session on the specified port can remain idle (that is, no user input) on the port before being automatically logged off.
:mxinv
– The login failure threshold
:dural
– The length of time that the terminal is disabled after the login failure threshold has been exceeded.
:all
– All unsolicited messages are received by the specified port
:traf
– Traffic measurement related unsolicited messages are received by the specified port
Note:
There are other parameters that can be used with the chg-trm
command but these parameters cannot be used in this procedure. For more information on these parameters, go to Changing Terminal Characteristics procedure, or to the chg-trm
command description in Commands User's Guide.
The measurement terminal must be configured with these parameter values:
trm
=<terminal being changed>baud
=19200type
=ksrtraf
=yes – all other output message groups must be set to no.
The other parameters listed in this procedure do not have to be specified with the chg-trm
command. If these parameters are not specified with the chg-trm
command, these default values will be assigned to the measurements terminal:
prty
– evensb
– 1fc
– sw (software)tmout
– 30 minutesmxinv
– 5dural
– 100 (1 minute, 0 seconds)
The terminal must be placed out of service before it can be configured.
If the terminal being changed has output message groups other than traf
set to yes
, the all=no
parameter must be specified with the chg-trm
command. The chg-trm
command can then specified with the traf=yes
parameter.
The messages assigned to the output message groups defined by the traf
parameters are listed in Unsolicited Alarm and Information Messages Reference.
The tmout
, dural
, and mxinv
parameters can be applied to this terminal. See the "Security Parameters" section in the Changing Terminal Characteristics procedure for more information on these parameters.
The total value of the terminals’ baud rate cannot be greater than 172,032. If the total baud rate of the terminals exceeds 172,032, change the baud rates of the terminals so that the total baud rate is not greater than 172,032.
The output of the rtrv-trm
command is displayed in two parts. The first part displays the communication security attributes of the terminal. The communication attributes of the terminal, BAUD
, PRTY
(parity), SB
(stop bits), and DBTS
(data bits), are displayed in the COMM
field of the rtrv-trm
output and are displayed in this format: BAUD–DBTS–PRTY–SB. The second part of the rtrv-trm
command output displays the types of unsolicited messages the terminal may receive. An example of the rtrv-trm
command output is shown in this example.
rlghncxa03w 06-10-01 16:02:08 GMT EAGLE5 36.0.0
TRM TYPE COMM FC TMOUT MXINV DURAL
3 VT320 9600-7-E-1 SW 30 5 99:59:59
TRM TRAF LINK SA SYS PU DB UIMRD
3 NO YES NO YES NO YES YES
APP APP
TRM SERV SS CARD CLK DBG GTT GWS MEAS MON MPS SEAS
3 YES YES YES YES YES YES YES YES YES YES NO
In this example, terminal 3 is running at 9600 baud with 7 data bits, even parity, and 1 stop bit.
The examples in this procedure are used to configure terminal 1 as the measurements terminal.
Figure 4-19 Configuring the Measurements Terminal for an EAGLE Containing 700 Signaling Links
4.21 Adding a Measurement Collection and Polling Module (MCPM)
This procedure is used to add an Measurement Collection and Polling Module (MCPM), used for the Measurements Platform feature, to the database using the ent-card
command. The MCPM provides an interface between the EAGLE and the customer’s network. The Measurements Platform provides a dedicated processor for collecting and transferring measurements data to a customer supplied FTP server.
The ent-card
command uses these parameters.
:loc
– The location of the card being added to the database.
:type
– The type of card being added to the database. For this procedure, the value of this parameter is mcpm
.
:appl
– The application software that is assigned to the card. For this procedure, the value of this parameter is mcp
.
The Measurements Platform feature requires a minimum of two MCPM cards (part number 870-2372-03 or later) with at least 2 GB of memory per card or two E5-MCPM-B cards with at least 4 GB of memory per card. The MCPM and E5-MCPM-B cards can also be used in mixed mode.
The Measurements Platform feature must be on in order to add a MCPM to the database. This can be verified with the rtrv-feat
command. To enable the Measurements Platform feature, the measplat=on
parameter must be specified with the chg-feat
command.
Note:
The Measurements Platform feature must be purchased before turning on the feature. If you are not sure whether you have purchased the Measurements Platform feature, contact your Oracle Sales Representative or Account Representative.The shelf to which the card is to be added, must already be in the database. This can be verified with the rtrv-shlf
command. If the shelf is not in the database, see the Adding a Shelf procedure.
After all required MCPMs have been configured in the database, go to theConfiguring the Measurements Platform Feature procedure and configure the IP links for these MCPMs and enable the Measurement Platform feature, if necessary.
The examples in this procedure are used to add an MCPM in card location 2107.
Note:
Before executing this procedure, make sure you have purchased the Measurements Platform feature. If you are not sure whether you have purchased the Measurements Platform feature, contact your Oracle Sales Representative or Account Representative.Figure 4-20 Adding a Measurement Collection and Polling Module (MCPM)
Sheet 1 of 2
Sheet 2 of 2
4.22 Removing an MCPM
This procedure is used to remove a Measurement Collection & Polling Module (MCPM) from the database using the dlt-card
command.
Caution:
If the MCPM is the last MCPM in service, removing this card from the database will disable the Measurements Platform feature.The examples in this procedure are used to remove the MCPM in card location 2107.
Canceling the REPT-STAT-CARD
Command
Because the rept-stat-card
command used in this procedure can output information for a long period of time, the rept-stat-card
command can be canceled and the output to the terminal stopped. There are three ways that the rept-stat-card
command can be canceled.
-
Press the
F9
function key on the keyboard at the terminal where therept-stat-card
command was entered. -
Enter the
canc-cmd
without thetrm
parameter at the terminal where therept-stat-card
command was entered. -
Enter the
canc-cmd:trm=<xx>
, where<xx>
is the terminal where therept-stat-card
command was entered, from another terminal other that the terminal where therept-stat-card
command was entered. To enter thecanc-cmd:trm=<xx>
command, the terminal must allow Security Administration commands to be entered from it and the user must be allowed to enter Security Administration commands. The terminal’s permissions can be verified with thertrv-secu-trm
command. The user’s permissions can be verified with thertrv-user
orrtrv-secu-user
commands.
For more information about the canc-cmd
command, go to Commands User's Guide.
Figure 4-21 Removing a MCPM
4.24 Configuring the Measurements Platform Feature
This procedure is used to configure IP communications links between the EAGLE and the customer’s network and enable the Measurements Platform on the EAGLE using these commands:
ent-ip-host
– Configuring the IP host of the MCPMchg-ip-card
– Configuring the IP address of the MCPMchg-ip-lnk
– Configuring the IP link assigned to the MCPMchg-measopts
– Enabling the Measurements Platform option
These commands contain parameters that are not used in this procedure. Commands User's Guide contains a full description of these commands.
The Measurements Platform requires measurements FTP servers. A maximum of three measurements FTP servers can be configured with one of these procedures.
MCPMs must be configured in the database before this procedure can be performed. This can be verified with the rtrv-card
command.
If a Class B IP address is specified for the ipaddr
parameter of the chg-ip-lnk
command, the subnet address that results from the ipaddr
and submask
parameter values cannot be the same as the subnet address that results from the pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values of the chg-netopts
command. The pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values can be verified by entering the rtrv-netopts
command. Choose ipaddr
and submask
parameter values for the IP link to the MCPM whose resulting subnet address is not be the same as the subnet address that resulting from the pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values of the chg-netopts
command.
Figure 4-22 Configuring the Measurements Platform Feature
Sheet 1 of 4
Sheet 2 of 4
Sheet 3 of 4
Sheet 4 of 4
4.25 Adding an FTP Server
This procedure is used to add FTP servers using the ent-ftp-serv
command.
The ent-ftp-serv
command uses these parameters.
:app
– The application of the FTP server. There are four values for the app
parameter:
meas
– The FTP servers for the Measurements Platform. A maximum of three FTP servers can be configured for this application.db
- The FTP server for the database backup/restore application. Only one FTP server can be configured for this application.dist
- the FTP server for the EAGLE software release distribution application. Only one FTP server can be configured for this application.user
– The FTP servers for the FTP Retrieve and Replace feature.A maximum of two FTP servers can be configured for this application.Caution:
While this procedure can be used to add a USERFTP server, any USERFTP servers entered by this procedure will be overwritten by the FTP server configuration information sent to the EAGLE by the FTP-Based Table Retrieve Application (FTRA).
:ipaddr
– The IP address of the FTP server.
:login
– The name of the FTP server client.
:path
– The path to the file on the EAGLE that is to be sent to the FTP server.
:prio
– The priority of the FTP server, from 1 to 10.
The app
/ipaddr
parameter combination must be unique in the database.
The login
parameter value can contain from 1 to 15 alpha-numeric characters. The alphabetic characters can be both upper and lower case characters.
The path
parameter value is a mixed-case quoted character string with a valid FTP path format that can contain up to 100 characters.
After the FTP server is added to the database with the ent-ftp-serv
command, the user is prompted for a password for this FTP server. The password can contain from 1 to 15 alpha-numeric characters. The alphabetic characters must be both upper and lower case characters. The password is not shown on the terminal screen as it is being entered and is not shown in the rtrv-ftp-serv
output.
If the EAGLE OA&M IP Security Enhancement Controlled Feature is enabled and activated, the FTP servers configured in this procedure must be secure FTP servers. The FTP-Based Table Retrieve Application (FTRA) and the Measurements Platform must support secure shell connections to the EAGLE. Enter the rtrv-ctrl-feat
command to verify whether or not the Eagle OA&M IP Security Enhancement Controlled Feature is enabled and activated.
Because CSV measurement data files do not have unique names across multiple STPs, include the CLLI of the STP in the FTP server path for meas
FTP servers.
The IP address of the FTP server cannot be shown as the IPADDR
value in the rtrv-ip-lnk
or rtrv-seas-config
outputs, or the BPIPADDR
value in the rtrv-ip-card
output.
Figure 4-23 Adding an FTP Server
Sheet 1 of 2
Sheet 2 of 2
4.26 Removing an FTP Server
This procedure is used to remove an FTP server from the database using the dlt-ftp-serv
command.
The dlt-ftp-serv
command uses these parameters.
:app
– The application of the FTP server. There are four values for the app
parameter:
meas
– The FTP servers for the Measurements Platformuser
– The FTP servers for the FTP Retrieve and Replace feature.db
- The FTP server for the database backup/restore application.dist
- the FTP server for the EAGLE software release distribution application.
:ipaddr
– The IP address of the FTP server.
Caution:
Removing all FTP servers for an application will disable the feature supported by the FTP servers.Figure 4-24 Removing an FTP Server
4.27 Changing an FTP Server
This procedure is used to change the values assigned to an FTP server using the chg-ftp-serv
command.
The chg-ftp-serv
command uses these parameters.
:app
– The application of the FTP server. There are four values for the app
parameter:
meas
– The FTP servers for the Measurements Platformdb
- The FTP server for the database backup/restore application.dist
- the FTP server for the EAGLE software release distribution application.user
– The FTP servers for the FTP Retrieve and Replace feature.Caution:
While this procedure can be used to change a USERFTP server configuration, any USERFTP server configurations changed by this procedure will be overwritten by the FTP server configuration information sent to the EAGLE by the EAGLE FTP Table Base Retrieval (FTRA).
:ipaddr
– The IP address of the FTP server.
:login
– The name of the FTP server client.
:path
– The path to the file on the EAGLE that is to be sent to the FTP server.
:prio
– The priority of the FTP server, from 1 to 10.
The app
and ipaddr
parameters must be specified with the chg-ftp-serv
command. The IP address of the FTP server cannot be changed with the chg-ftp-serv
command. If you wish to change the IP address of the FTP server, the FTP server must first be removed with the Removing an FTP Server procedure, then re-entered with the new IP address using the Adding an FTP Server procedure.
The login
parameter value can contain from 1 to 15 alpha-numeric characters. The alphabetic characters can be both upper and lower case characters.
The path
parameter value is a mixed-case quoted character string with a valid FTP path format that can contain up to 100 characters.
If the login
parameter value is changed, the user is prompted for a password for this FTP server. The password can contain from 1 to 15 alpha-numeric characters. The alphabetic characters must be both upper and lower case characters. The password is not shown on the terminal screen as it is being entered and is not shown in the rtrv-ftp-serv
output.
If the Eagle OA&M IP Security Enhancement Controlled Feature is enabled and activated, the FTP servers configured in this procedure must be secure FTP servers. The EAGLE FTP Table Base Retrieval (FTRA) and the Measurements Platform must support secure shell connections to the EAGLE. Enter the rtrv-ctrl-feat
command to verify whether or not the Eagle OA&M IP Security Enhancement Controlled Feature is enabled and activated.
Because CSV measurement data files do not have unique names across multiple STPs, include the CLLI of the STP in the FTP server path for meas
FTP servers.
Figure 4-25 Changing an FTP Server
Sheet 1 of 2
Sheet 2 of 2
4.28 Adding an E5-IPSM
This procedure is used to add an E5-IPSM (IP Services Module), used for the IP User Interface feature, to the database using the ent-card
command. The E5-IPSM provides eight IP based connections to the EAGLE’s user interface through a telnet client. As of Release 46.5, the E5-IPSM card and its functionality is replaced by the E5-ENET-B (p/n 870-2971-01) or SLIC (p/n 7094646) card. Any references to E5-IPSM and the 870-2877-01 part number should be replaced by the 46.5 and greater card and part number.
The ent-card
command uses these parameters.
:loc
– The location of the card being added to the database.
:type
– The type of card being added to the database. For this procedure, the value of this parameter is ipsm
.
:appl
– The application software that is assigned to the card. For this procedure, the value of this parameter is ips
.
The IP User Interface (Telnet) feature is not required to be enabled and activated in order to add an E5-IPSM, but the IP User Interface (Telnet) feature must be enabled and activated so that the user can use a telnet client to establish a connection to the EAGLE. This can be verified with the rtrv-ctrl-feat
command. To enable and activate the IP User Interface (Telnet) feature, go to the Activating Controlled Features procedure.
The shelf to which the card is to be added, must already be in the database. This can be verified with the rtrv-shlf
command. If the shelf is not in the database, see the Adding a Shelf procedure.
If an E5-IPSM is being provisioned in this procedure, HIPR2 cards must be installed into card locations 9 and 10 in the shelf that the E5-IPSM will occupy. If HIPR2 cards are not installed in the shelf that the E5-IPSM will occupy, the E5-IPSM will not function when the E5-IPSM is inserted into the shelf. Enter the rept-stat-gpl:gpl=hipr2
command to verify whether or not HIPR2 cards are installed in the same shelf as the E5-IPSM being provisioned in this procedure.
If the Eagle OA&M IP Security Enhancement feature is enabled and activated, shown in the rtrv-ctrl-feat
output, when an E5-IPSM is installed into the EAGLE, UIM 1493, SSH Host Keys Regenerated, is displayed. UIM 1493 contains the public host key fingerprint which is used to establish a secure connection with an SSH client. If the secure connection is to be made with the FTRA, the public host key fingerprint displayed in UIM 1493 must be added to the hosts.xml
file in the FTRA. Record the public host key fingerprint information displayed in UIM 1493 if a secure connection to the FTRA will be made. For more information about editing the hosts.xml
file on the FTRA, see FTP Table Base Retrieval (FTRA) User's Guide.
An IP link must be assigned to the E5-IPSM. The IP links can be verified using the rtrv-ip-lnk
command. IP links are configured using the chg-ip-lnk
command.
After an E5-IPSM is configured in the database and placed into service, eight telnet terminals are configured in the database with default values for the security and output group parameters. If you wish to change the security and output group parameter values, go to the Changing Terminal Characteristics procedure.
If a Class B IP address is specified for the ipaddr
parameter of the chg-ip-lnk
command, the subnet address that results from the ipaddr
and submask
parameter values cannot be the same as the subnet address that results from the pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values of the chg-netopts
command. The pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values can be verified by entering the rtrv-netopts
command. Choose ipaddr
and submask
parameter values for the IP link to the E5-IPSM whose resulting subnet address is not be the same as the subnet address that resulting from the pvn
and pvnmask
, fcna
and fcnamask
, or fcnb
and fcnbmask
parameter values of the chg-netopts
command.
The IP address of the E5-IPSM cannot be shown as the IPADDR
value in the rtrv-ip-lnk
, rtrv-ftp-serv
, or rtrv-seas-config
outputs, or the BPIPADDR
value in the rtrv-ip-card
output.
The examples in this procedure are used to add an E5-IPSM in card location 2107.
Figure 4-26 Adding an E5-IPSM
Sheet 1 of 6
Sheet 2 of 6
Sheet 3 of 6
Sheet 4 of 6
Sheet 5 of 6
Sheet 6 of 6
4.29 Removing an E5-IPSM
ips
application) from the database using the dlt-card
command.
Note:
As of Release 46.5, the E5-IPSM card and its functionality is replaced by the E5-ENET-B (p/n 870-2971-01) or SLIC (p/n 7094646) card. Any references to E5-IPSM and the 870-2877-01 part number should be replaced by the 46.5 and greater card and part number.Caution:
If the E5-IPSM is the last E5-IPSM in service, removing this card from the database will disable the IP User Interface (Telnet) feature.All terminals associated with the E5-IPSM being removed must be out of service. The terminals are displayed using the rtrv-trm
command. The state of the terminals is displayed using the rept-stat-trm
command.
The examples in this procedure are used to remove the E5-IPSM in card location 2107.
Canceling the REPT-STAT-CARD
Command
Because the rept-stat-card
command used in this procedure can output information for a long period of time, the rept-stat-card
command can be canceled and the output to the terminal stopped. There are three ways that the rept-stat-card
command can be canceled.
-
Press the
F9
function key on the keyboard at the terminal where therept-stat-card
command was entered. -
Enter the
canc-cmd
without thetrm
parameter at the terminal where therept-stat-card
command was entered. -
Enter the
canc-cmd:trm=<xx>
, where<xx>
is the terminal where therept-stat-card
command was entered, from another terminal other that the terminal where therept-stat-card
command was entered. To enter thecanc-cmd:trm=<xx>
command, the terminal must allow Security Administration commands to be entered from it and the user must be allowed to enter Security Administration commands. The terminal’s permissions can be verified with thertrv-secu-trm
command. The user’s permissions can be verified with thertrv-user
orrtrv-secu-user
commands.
For more information about the canc-cmd
command, go to Commands User's Guide.
Figure 4-27 Removing an IPSM
Sheet 1 of 2
Sheet 2 of 2
4.30 Configuring the Options for the Network Security Enhancements Feature
This procedure is used to configure the EAGLE to enhance its network security by discarding messages that should not be received. Four options are set using the chg-stpopts
command to support this feature.
-
SECMTPSID – The EAGLE should not receive a message where the OPC is equal to the EAGLE's own true, secondary or capability point codes.
-
SECMTPMATE – The EAGLE should not receive a message with the true, secondary, or capability point code of the mate STP other than across the C link.
-
SECMTPSNM – the EAGLE should not receive an MTP network management message unless:
-
The OPC is an adjacent point code
-
The EAGLE has a route to the OPC of the MTP network management message on the linkset which the message was received.
-
The EAGLE has a route to the destination field in the message (if applicable to the concerned message) on the linkset which the message was received.
-
-
SECMTPSCMG – the EAGLE should not receive an SCCP network management message unless:
-
The EAGLE has a route to the OPC of the SCMG message on the linkset, on which the message was received.
-
The EAGLE has a route to the affected point code in the message on the linkset on which the message was received.
This option will only apply to SSP and SOR messages. This feature will not affect the following messages: SSA, SST, SOG, SBR, SNR and SRT.
-
Each of these options have four values which determine how the EAGLE handles the messages controlled by the options.
-
NOTIFY – The specified option is active and UIMs are generated.
-
SILENT – The specified option is active, but no UIMs are generated.
-
TEST – The specified option is not active, but UIMS are generated as if the option was active.
-
OFF – The specified option is not active.
The system default value for each of these options is OFF.
To set these options, the Network Security Enhancements feature must be enabled and activated. This can be verified with the rtrv-ctrl-feat
command. To enable and activate the Network Security Enhancements feature, go to the Activating Controlled Features procedure.
If the Network Security Enhancements feature is not enabled and activated, the Network Security Enhancement options are not displayed in the rtrv-stpopts
output.
When the Network Security Enhancements feature is enabled and activated for the first time, each option is displayed in the rtrv-stpopts
output with the system default value (OFF). When the Network Security Enhancements feature is enabled and activated after the feature was disabled, each option is displayed in the rtrv-stpopts
output with the value that the option was assigned when the feature was disabled.
Figure 4-28 Configuring the Options for the Network Security Enhancements Feature
4.31 Configuring the Restore Device State Option
This procedure is used to configure the restore device state option using the chg-stpopts
command with the rstrdev
value for the on
or off
parameters of the chg-stpopts
command. The system default value is off
.
If the value of the restore device state option is off ( off=rstrdev
), the EAGLE does not retain the manually initiated state (for example, OOS-MT-DSBLD) for the signaling links, TCP/IP data links, cards, or the terminals after either the init-sys
command is executed, or when a MASP role change occurs (the active MASP becomes the standby MASP and the standby MASP becomes the active MASP). After the init-sys
command executes, the EAGLE attempts to bring all provisioned links, cards, and terminals on line, including those that were previously out of service. You will need to manually put each device back into its previous state after the EAGLE is back on line. If the init-sys
command is being executed, it is advisable to print or electronically capture the output of the EAGLE’s rept-stat-slk
, rept-stat-dlk
, rept-stat-card
, and rept-stat-trm
commands for reference before issuing the init-sys
command. During a MASP role change, current processing for the role change occurs and the state of the out-of-service devices may change. To restore a device to its previous state, issue the appropriate inhibit/deactivate command listed in Commands User's Guide in the Related Commands section for each of the above rept-stat
commands.
If the value of the restore device state option is on ( on=rstrdev
), the state the signaling links, TCP/IP data links, cards, and terminals is not changed after the init-sys
command is executed or a MASP role change occurs. No manual intervention is required to put the device back into its previous state after the EAGLE is back on line.
If the restore device state option is on and the database is being restored with the chg-db:action=restore
command, the state of the cards, SS7 signaling links, TCP/IP data links, and terminals before the chg-db:action=restore
and init-sys
commands are performed will not be maintained after these commands are performed. The persistent device state table becomes obsolete and is disabled. UIM 1257 is generated.
rlghncxa03w 06-10-01 16:07:48 GMT EAGLE5 36.0.0
1234.1257 SYSTEM INFO DB Restore has cleared and disabled PDS
Figure 4-29 Configuring the Restore Device State Option
4.32 Adding an Entry to the Frame Power Alarm Threshold Table
This procedure is used to add an entry to the frame power alarm threshold table. The frame power alarm threshold table defines the power level threshold, in amps, for each frame in the EAGLE. The power level threshold determines when alarms regarding the amount of power used by the frame are generated. Three alarms can be generated for the power levels.
- UAM 0522 - a minor alarm indicating that the power level for the frame has reached 90% of the threshold value.
- UAM 0521 - a major alarm indicating that the power level for the frame has reached 95% of the threshold value.
- UAM 0520 - a critical alarm indicating that the power level for the frame has reached 98% of the threshold value.
More information on these alarms is shown in Unsolicited Alarm and Information Messages Reference.
The power alarm threshold table for each frame is configured using the ent-frm-pwr
command with these parameters:
:frm
– The name of the frame being added to the power alarm threshold table, cf00, ef00, ef01, ef02, ef03, or ef04.
:thrshld
– The power threshold value, from 30 to 65 amps.
The frame being added in this procedure must be configured in the database. This can be verified by displaying the shelves in the EAGLE with the rtrv-shlf
command. The number assigned to each configured frame is shown in the SHELF FRAME
column of the rtrv-shlf
output. Table 4-6 shows the name of each frame used in the Frame Power Alarm Threshold table and the corresponding frame number shown in the SHELF FRAME
column of the rtrv-shlf
output.
Table 4-6 Frame Power Alarm Threshold Table Frame Designations
Name of the Frame in the Frame Power Alarm Threshold Table | Frame Numbers shown in the Shelf Frame Column of the RTRV-SHLF Output |
---|---|
CF00 |
1 |
EF00 |
2 |
EF01 |
3 |
EF02 |
4 |
EF03 |
5 |
EF04 |
6 |
The thrshld
parameter is optional. If the thrshld
parameter value is not specified, the thrshld
value is set to 30.
Figure 4-30 Adding an Entry to the Frame Power Alarm Threshold Table
Sheet 1 of 2
Sheet 2 of 2
4.33 Removing an Entry from the Frame Power Alarm Threshold Table
This procedure is used to remove an existing entry from the frame power alarm threshold table. The entry in the power alarm threshold table is removed using the dlt-frm-pwr
command with this parameter:
:frm
– The name of the frame being removed from the power alarm threshold table, cf00, ef00, ef01, ef02, ef03, or ef04.
The frame being removed from the frame power alarm threshold table must be configured in the frame power alarm threshold table.
When a frame entry is removed, a default threshold setting of 30 amps is assigned to the frame. If the amount of power currently used by the frame is 27 amps or more, an alarm will be generated when this frame entry is removed. The alarm that will be generated will depend of the amount of power the frame is using.
- A minor alarm (UAM 0522) is generated when the power level for the frame reaches 90% of the threshold value.
- A major alarm (UAM 0521) is generated when the power level for the frame reaches 95% of the threshold value.
- A critical alarm (UAM 0520) is generated when the power level for the frame reaches 98% of the threshold value.
More information on these alarms is shown in Unsolicited Alarm and Information Messages Reference.
For example, if the frame is using 27 amps, and the frame is removed resulting in the default 30 amp threshold, minor alarm 0522 is generated because 27 amps is the threshold at which minor alarm 0522 is generated (90% of 30 amps is 27 amps).
If the frame is using 30 amps or more, and the frame is removed resulting in the default 30 amp threshold, critical alarm 0520 is generated because that amount of power used by the frame is 100% or more of the threshold value, and a critical alarm is generated at 98% of the threshold value.
The power being used by the frame is displayed in the Power Consumption (Amps)
column in the rtrv-stp
output.
Figure 4-31 Removing an Entry from the Frame Power Alarm Threshold Table
Sheet 1 of 2
Sheet 2 of 2
4.34 Changing an Entry in the Frame Power Alarm Threshold Table
This procedure is used to change an existing entry in the frame power alarm threshold table. The frame entry in the power alarm threshold table is changed using the chg-frm-pwr
command with these parameters:
:frm
– The name of the frame being added to the power alarm threshold table, cf00, ef00, ef01, ef02, ef03, or ef04.
:thrshld
– The power threshold value, from 30 to 65 amps.
The frame power alarm threshold table defines the power level threshold, in amps, for each frame in the EAGLE. The power level threshold determines when alarms regarding the amount power used by the frame are generated. Three alarms can be generated for the power levels.
- UAM 0522 - a minor alarm indicating that the power level for the frame has reached 90% of the threshold value.
- UAM 0521 - a major alarm indicating that the power level for the frame has reached 95% of the threshold value.
- UAM 0520 - a critical alarm indicating that the power level for the frame has reached 98% of the threshold value.
More information on these alarms is shown in Unsolicited Alarm and Information Messages Reference.
When setting the threshold value (the thrshld
parameter value), the threshold value should be greater than the amount of power being used by the frame. The power being used by the frame is displayed in the Power Consumption (Amps)
column in the rtrv-stp
output. The threshold value should also be high enough to avoid generating any alarms.
Table 4-7 shows selected threshold values and the power levels for a frame that would generate a minor alarm for that threshold value.
Table 4-7 Power Level to Generate a Minor Alarm
Threshold Value | Power Level to Generate a Minor Alarm |
---|---|
30 |
27 |
35 |
31.5 |
40 |
36 |
45 |
40.5 |
50 |
45 |
55 |
49.5 |
60 |
54 |
65 |
58.5 |
Figure 4-32 Changing an Entry in the Frame Power Alarm Threshold Table
4.35 Configuring the IMT Bus Alarm Thresholds
This procedure is used to change the IMT bus alarm thresholds using the chg-th-alm
command and these parameters.
:imtbusutllvl1
– The percentage for the IMT bus combined utilization level 1 threshold alarm (reported on the IMT system). The percentage for the IMT bus combined utilization level 1 threshold alarm, from 35 to 70 and is shown in the IMT Bus Combined Utilization Alarm Level 1
field of the rtrv-th-alm
output. The system default value is 70. When this threshold is exceeded, UAM 0027 is generated.
:imtbusutllvl2
– The percentage for the IMT bus combined utilization level 2 threshold alarm (reported on the IMT system). The percentage for the IMT bus combined utilization level 2 threshold alarm, from 40 to 80 and is shown in the IMT Bus Combined Utilization Alarm Level 2
field of the rtrv-th-alm
output. The system default value is 80. When this threshold is exceeded, UAM 0028 is generated.
After the chg-th-alm
command is performed, the imtbusutllvl2
parameter value must be greater than the imtbusutllvl1
parameter value.
:imtcongestlvl1
– The percentage for the IMT bus congestion level 1 threshold alarm (reported on the HIPR2 card). The percentage for the IMT bus congestion level 1 threshold alarm, from 35 to 70 and is shown in the IMT Bus Congestion Alarm Level 1
field of the rtrv-th-alm
output. The system default value is 70. When this threshold is exceeded, UAM 0030 is generated.
:imtcongestlvl2
– The percentage for the IMT bus congestion level 2 threshold alarm (reported on the HIPR2 card). The percentage for the IMT bus congestion level 2 threshold alarm, from 40 to 80 and is shown in the IMT Bus Congestion Alarm Level 2
field of the rtrv-th-alm
output. The system default value is 80. When this threshold is exceeded, UAM 0031 is generated.
After the chg-th-alm
command is performed, the imtcongestlvl2
parameter value must be greater than the imtcongestlvl1
parameter value.
For more information on these alarms, refer to Unsolicited Alarm and Information Messages Reference.
The chg-th-alm
command contains other optional parameters. These parameters are not shown here because they are not necessary to configure the IMT bus alarm thresholds. These parameters are explained in more detail in Commands User's Guide.
Figure 4-33 Configuring the IMT Bus Alarm Thresholds
4.36 Configuring the Integrated Measurements Feature
This procedure is used to configure IP communications links between the EAGLE and the customer’s network and enable the Integrated Measurements feature on the EAGLE using these commands.
ent-ip-host
– Configuring the IP host of the E5-MCAP.chg-ip-card
– Configuring the IP address of the E5-MCAP.chg-ip-lnk
– Configuring the IP link assigned to the E5-MCAP.chg-measopts
– Enabling the measurement collection option for the E5-MCAP card option.enable-ctrl-feat
– Enabling the Integrated Measurements feature.chg-ctrl-feat
– Turning the Integrated Measurements feature on.
Some of these commands contain parameters that are not used in this procedure. Commands User's Guide contains a full description of these commands.
The Integrated Measurements feature requires measurements FTP servers. A maximum of three measurements FTP servers can be configured with one of these procedures.
This procedure can be performed only on EAGLEs that contain E5-based control cards. Refer to Maintenance and Administration Subsystem for more information about the control cards.
The Integrated Measurements feature is enabled using the
enable-ctrl-feat
command with these
parameters.
:fak
– The feature
access key provided by Oracle.
:partnum
– The
Oracle-issued part number of the Integrated Measurements feature, 893037301.
Once this feature is enabled, it is permanently enabled. This feature cannot be enabled with a temporary feature access key.
The
enable-ctrl-feat
command requires that
the database contain a valid serial number for the EAGLE, and that this serial
number is locked. This can be verified with the
rtrv-serial-num
command. The EAGLE is
shipped with a serial number in the database, but the serial number is not
locked. The serial number can be changed, if necessary, and locked once the
EAGLE is on-site, with the
ent-serial-num
command. The
ent-serial-num
command uses these
parameters.
:serial
– The serial
number assigned to the EAGLE. The serial number is not case sensitive.
:lock
– Specifies
whether or not the serial number is locked. This parameter has only one value,
yes
, which locks the serial number.
Once the serial number is locked, it cannot be changed.
Note:
To enter and lock the EAGLE serial number, theent-serial-num
command must be entered
twice, once to add the correct serial number to the database with the
serial
parameter, then again with the
serial
and the
lock=yes
parameters to lock the serial
number. Verify that the serial number in the database is correct before locking
the serial number. The serial number can be found on a label affixed to the
control shelf (shelf 1100).
Once the Integrated Measurements feature has been
enabled, the Integrated Measurements feature must be turned on with the
chg-ctrl-feat
command. The
chg-ctrl-feat
command uses these
parameters:
:partnum
– The
Oracle-issued part number of the Integrated Measurements feature, 893037301.
:status=on
– used to
turn the Integrated Measurements feature on.
Once the Integrated Measurements feature has been turned on, it be cannot be turned off.
The status of the Integrated Measurements feature is
shown with the
rtrv-ctrl-feat
command.
If a Class B IP address is specified for the
ipaddr
parameter of the
chg-ip-lnk
command, the subnet address
that results from the
ipaddr
and
submask
parameter values cannot be the
same as the subnet address that results from the
pvn
and
pvnmask
,
fcna
and
fcnamask
, or
fcnb
and
fcnbmask
parameter values of the
chg-netopts
command. The
pvn
and
pvnmask
,
fcna
and
fcnamask
, or
fcnb
and
fcnbmask
parameter values can be
verified by entering the
rtrv-netopts
command. Choose
ipaddr
and
submask
parameter values for the IP
address assigned to the E5-MCAP card whose resulting subnet address is not be
the same as the subnet address that resulting from the
pvn
and
pvnmask
,
fcna
and
fcnamask
, or
fcnb
and
fcnbmask
parameter values of the
chg-netopts
command.
The Integrated Measurements feature supports the collection and reporting of all measurement entities for EAGLEs configured with a maximum of 2400 signaling links (or 1200 links if the 15-minute measurements feature is turned on) using the E5-MCAP cards instead of the MCPM. The enhanced reporting capabilities provided by the Integrated Measurements feature support the generation of text file measurements reports in the CSV format. The reports can be sent to a customer-provided FTP server on-demand or on a scheduled basis. EAGLEs with more than 2400/1200 signaling links require the Measurements Platform for full measurements support.
Figure 4-34 Configuring the Integrated Measurements Feature
Sheet 1 of 4
Sheet 2 of 4
Sheet 3 of 4
Sheet 4 of 4
4.37 Configuring the MFC Option
chg-stpopts
command using these parameters.
on=mfc
- turns the MFC option on. When the MFC option is turned on, Message Flow Control controls the traffic in the EAGLE.Note:
When turning on MFC, the following cards are not supported from EAGLE Release 44.0 or later, except during migration to the B-series cards:- DCM card (870-1945-xx)
- DSM card (870-1984-xx)
- EDCM card (870-2372-xx) used for STC functionality
- EDCM-A card (870-2508-xx) used for STC functionality
Note:
For the complete list of cards supported by EAGLE Release 47.0, see Hardware Reference Guide.Note:
A loss in MSU traffic may occur while running bi-directional traffic at 700 MSUs per second, 272 bytes on an E1-ATM or LIM-ATM card after GTT, while two STC cards are active.Note:
If anotherchg-stpopts:on=mfc
or chg-stpopts:off=mfc
command is issued within 10 seconds, the second command is rejected.