Você está na página 1de 1670

Title page

Alcatel-Lucent 1830
Photonic Service Switch (PSS) | Release 6.0.0
User Provisioning Guide
8DG-61259-AAAA-TCZZA
Issue 1 | June 2013

Legal notice
Legal notice

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective
owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright 2013 Alcatel-Lucent. All rights reserved.

Contents
About this document
xlvii
Purpose ........................................................................................................................................................................................ xlvii
Safety information ................................................................................................................................................................... xlvii
xlvii
Supported systems ................................................................................................................................................................... xlvii
xlvii
Conventions used

................................................................................................................................................................... xlviii
xlviii

Related information
Technical support

................................................................................................................................................................. xlix
xlix

........................................................................................................................................................................... li
li

How to comment ............................................................................................................................................................................ lili


1

Safety
Overview ...................................................................................................................................................................................... 1-1
1-1
General notes on safety
Overview ...................................................................................................................................................................................... 1-3
1-3
Structure of safety statements ............................................................................................................................................... 1-4
1-4
Basic safety aspects .................................................................................................................................................................. 1-7
1-7
Specific safety areas
Overview

................................................................................................................................................................................... 1-11
1-11

Potential sources of danger ................................................................................................................................................. 1-12


1-12
Laser safety ............................................................................................................................................................................... 1-13
1-13
Laser product classification ................................................................................................................................................ 1-20
1-20
Equipment grounding

........................................................................................................................................................... 1-25
1-25

Electrostatic discharge .......................................................................................................................................................... 1-26


1-26
Safety requirements in specific deployment phases
Overview

................................................................................................................................................................................... 1-34
1-34

....................................................................................................................................................................................................................................
1830 PSS
iii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Transportation .......................................................................................................................................................................... 1-35


1-35
Storage ........................................................................................................................................................................................ 1-38
1-38
Installation ................................................................................................................................................................................. 1-42
1-42
Taking into operation

............................................................................................................................................................ 1-49
1-49

Operation and maintenance


Taking out of operation

................................................................................................................................................ 1-53
1-53

........................................................................................................................................................ 1-63
1-63

Event of failure ........................................................................................................................................................................ 1-66


1-66
2

Security administration procedures


Overview ...................................................................................................................................................................................... 2-1
2-1
Security management and user administration on the OCS application
Overview ...................................................................................................................................................................................... 2-5
2-5
User administration concept

................................................................................................................................................. 2-6
2-6

Security concepts

...................................................................................................................................................................... 2-7
2-7

User provisioning

................................................................................................................................................................... 2-13
2-13

Security management and user administration on the WDM application


Overview

................................................................................................................................................................................... 2-14
2-14

User accounts and privileges .............................................................................................................................................. 2-15


2-15
Configuring user accounts
Login sessions

......................................................................................................................................................................... 2-24
2-24

System security features


Authentication

.................................................................................................................................................. 2-20
2-20

...................................................................................................................................................... 2-26
2-26

......................................................................................................................................................................... 2-35
2-35

Administer user logins on the OCS application using the Alcatel-Lucent 1830 PSS ZIC
Overview

................................................................................................................................................................................... 2-40
2-40

Procedure 2-1: Create a user login ................................................................................................................................... 2-42


2-42
Procedure 2-2: Set system-wide user security parameters ...................................................................................... 2-45
2-45
Procedure 2-3: Display system-wide user security parameters ............................................................................. 2-49
2-49
....................................................................................................................................................................................................................................
1830 PSS
iv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

System-wide user security parameters ............................................................................................................................ 2-50


2-50
Procedure 2-4: Delete a user login ................................................................................................................................... 2-52
2-52
Procedure 2-5: Inhibit a user login ................................................................................................................................... 2-53
2-53
Procedure 2-6: Allow a user login .................................................................................................................................... 2-54
2-54
Procedure 2-7: Display user property information ..................................................................................................... 2-55
2-55
Procedure 2-8: Edit user logins ......................................................................................................................................... 2-56
2-56
Procedure 2-9: Log off user ................................................................................................................................................ 2-59
2-59
Procedure 2-10: Retrieve information on all active user logins ............................................................................ 2-60
2-60
Procedure 2-11: Change password ................................................................................................................................... 2-61
2-61
Procedure 2-12: Send a short free form text message to other users ................................................................... 2-63
2-63
Procedure 2-13: Modify command access security level assigned to a TL1 command. .............................. 2-65
2-65
Procedure 2-14: Display command access security level assigned to a TL1 command

.............................. 2-67
2-67

Command access security level assigned to a TL1 command ............................................................................... 2-68


2-68
Procedure 2-15: Copy security sensible files or data from/to an NE to/from a remote file server ........... 2-69
2-69
Security File Transfer ........................................................................................................................................................ 2-73
2-73

Procedure 2-16: Configure SSL authentication for ZIC to NE communication (high-level


procedure) ........................................................................................................................................................................ 2-75
2-75
Procedure 2-17: Install a certificate for SSL authentication

.................................................................................. 2-76
2-76

Procedure 2-18: Generate a new SSL key for SSL authentication

...................................................................... 2-77
2-77

Procedure 2-19: Request a new certificate for SSL authentication

..................................................................... 2-79
2-79

Certificate for SSL authentication

................................................................................................................................... 2-80
2-80

Procedure 2-20: Generate a new SSL key for SSL authentication


Current NE Public Key.

...................................................................... 2-81
2-81

...................................................................................................................................................... 2-82
2-82

Procedure 2-21: Configure RADIUS server attributes


Procedure 2-22: Modify RADIUS server attributes

............................................................................................ 2-83
2-83

................................................................................................. 2-86
2-86

Procedure 2-23: Set RADIUS server authentication parameters


Procedure 2-24: Delete a RADIUS server

......................................................................... 2-88
2-88

................................................................................................................... 2-90
2-90

....................................................................................................................................................................................................................................
1830 PSS
v
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

User management and administration procedures on the WDM application using the WebUI
Overview

................................................................................................................................................................................... 2-91
2-91

Procedure 2-25: Create a user ............................................................................................................................................ 2-93


2-93
The Create User window

.................................................................................................................................................. 2-94
2-94

Procedure 2-26: View or modify user details ............................................................................................................... 2-97


2-97
The User Security Administration screen

.................................................................................................................. 2-98
2-98

Procedure 2-27: Delete a user ............................................................................................................................................ 2-99


2-99
Procedure 2-28: Change password

................................................................................................................................ 2-100
2-100

Procedure 2-29: View / terminate sessions ................................................................................................................. 2-101


2-101
The Sessions screen

........................................................................................................................................................... 2-102
2-102

Procedure 2-30: View SNMP v3 users ......................................................................................................................... 2-104


2-104
Procedure 2-31: Create SNMP v3 user ........................................................................................................................ 2-105
2-105
Procedure 2-32: Modify SNMP v3 user ...................................................................................................................... 2-106
2-106
The SNMP v3 Users screen

.............................................................................................................................................. 2-107
2-107

Procedure 2-33: View / modify system security attributes ................................................................................... 2-108


2-108
Procedure 2-34: Setting / viewing syslog properties

.............................................................................................. 2-109
2-109

Syslog Administration ........................................................................................................................................................ 2-110


2-110
Procedure 2-35: Setting / viewing CLI user activity logging properties
CLI Logging

......................................................... 2-111
2-111

.......................................................................................................................................................................... 2-112
2-112

Procedure 2-36: Setting / viewing SNMP user activity logging properties .................................................... 2-113
2-113
SNMP Logging

..................................................................................................................................................................... 2-114
2-114

Procedure 2-37: View security log ................................................................................................................................. 2-115


2-115
The Security Log screen

.................................................................................................................................................. 2-116
2-116

Procedure 2-38: View all logs


The All Logs screen

......................................................................................................................................... 2-117
2-117

............................................................................................................................................................ 2-118
2-118

Procedure 2-39: Save a retrieved log to a file ............................................................................................................ 2-119


2-119
Procedure 2-40: Set/view user preferences

................................................................................................................ 2-120
2-120

....................................................................................................................................................................................................................................
1830 PSS
vi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

User Preferences ................................................................................................................................................................... 2-121


2-121
Procedure 2-41: Create RADIUS server

..................................................................................................................... 2-122
2-122

Create RADIUS Server ...................................................................................................................................................... 2-123


2-123
Procedure 2-42: View/modify RADIUS server ........................................................................................................ 2-124
2-124
Modify RADIUS Server .................................................................................................................................................... 2-125
2-125
Procedure 2-43: Delete RADIUS server

..................................................................................................................... 2-126
2-126

Procedure 2-44: Provision RADIUS properties

....................................................................................................... 2-127
2-127

RADIUS Properties ............................................................................................................................................................. 2-128


2-128
Procedure 2-45: Create trap destinations

.................................................................................................................... 2-129
2-129

The Create SNMP Trap Destinations screen


Procedure 2-46: Delete trap destinations

............................................................................................................ 2-130
2-130

.................................................................................................................... 2-131
2-131

Procedure 2-47: View trap destinations ....................................................................................................................... 2-132


2-132
The SNMP Trap Destinations screen

........................................................................................................................... 2-133
2-133

Procedure 2-48: View/modify community strings ................................................................................................... 2-135


2-135
The SNMP Community Strings screen
3

........................................................................................................................ 2-136
2-136

Data communication setup procedures


Overview ...................................................................................................................................................................................... 3-1
3-1
Data communication on the OCS application
Overview ...................................................................................................................................................................................... 3-4
3-4
Basic DCN principles .............................................................................................................................................................. 3-5
3-5
DCN configuration guidelines

............................................................................................................................................. 3-8
3-8

DCN protocols and services .................................................................................................................................................. 3-9


3-9
General Communication Channel .................................................................................................................................... 3-10
3-10
NE firewall with provisionable IP access control lists (IP ACL)

......................................................................... 3-11
3-11

Data communication on the WDM application


Overview

................................................................................................................................................................................... 3-12
3-12

....................................................................................................................................................................................................................................
1830 PSS
vii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

User interfaces ......................................................................................................................................................................... 3-13


3-13
Communications network

................................................................................................................................................... 3-18
3-18

Gateway NE (GNE) management .................................................................................................................................... 3-21


3-21
CIT port ...................................................................................................................................................................................... 3-24
3-24
OCS Setup procedures
Overview

................................................................................................................................................................................... 3-25
3-25

Procedure 3-1: Change the Site Identifier (SID) ......................................................................................................... 3-27


3-27
Procedure 3-2: Retrieve IP and MAC addresses ......................................................................................................... 3-29
3-29
View IP Addresses

................................................................................................................................................................ 3-30
3-30

Procedure 3-3: Set the FLC IP Addresses of the NE ................................................................................................. 3-31


3-31
Procedure 3-4: Set the loopback IP address of the NE ............................................................................................. 3-34
3-34
Procedure 3-5: Set the control plane IP addresses of the NE ................................................................................. 3-36
3-36
Procedure 3-6: Modify the TCP/IP stack parameters ................................................................................................ 3-38
3-38
Procedure 3-7: Create an access control rule

.............................................................................................................. 3-41
3-41

Procedure 3-8: Modify an existing access control rule

........................................................................................... 3-42
3-42

Procedure 3-9: Delete an internet protocol access rule

........................................................................................... 3-43
3-43

Procedure 3-10: Retrieve internet protocol access list

............................................................................................ 3-44
3-44

Internet Protocol Access Control Lists

.......................................................................................................................... 3-45
3-45

Procedure 3-11: Modify the ASAP of the Customer LAN interface ................................................................... 3-57
3-57
Procedure 3-12: Configure LAN interfaces to form a multi-shelf compound ................................................. 3-59
3-59
Procedure 3-13: Create a network interface on the embedded communication channels (ECCs)
Procedure 3-14: Modify the ASAP of a network interface

........... 3-63
3-63

..................................................................................... 3-66
3-66

Procedure 3-15: Add a GCC leg to an ECC protection group

............................................................................... 3-67
3-67

Procedure 3-16: Remove GCC legs from the ECC protection group

................................................................. 3-69
3-69

Procedure 3-17: Enable or disable a network interface ............................................................................................ 3-71


3-71
Procedure 3-18: Delete a network interface and an ECC protection group ...................................................... 3-73
3-73
Procedure 3-19: Create an IP-in-IP tunnel

.................................................................................................................... 3-75
3-75

....................................................................................................................................................................................................................................
1830 PSS
viii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 3-20: Set the alarm severity profile of an IP-in-IP tunnel


Procedure 3-21: Delete an IP-in-IP tunnel

.................................................................. 3-78
3-78

.................................................................................................................... 3-80
3-80

Procedure 3-22: Enter (add) a new static IP route in the IP routing table

......................................................... 3-81
3-81

Procedure 3-23: Delete a static IP route from the IP routing table ....................................................................... 3-85
3-85
Procedure 3-24: Create the NTP Server address ......................................................................................................... 3-87
3-87
Procedure 3-25: Manage the NTP server address ....................................................................................................... 3-89
3-89
Procedure 3-26: Retrieve the NTP sync state ............................................................................................................... 3-91
3-91
Procedure 3-27: Configure the global OSPF parameters ......................................................................................... 3-93
3-93
Procedure 3-28: Create an OSPF area

............................................................................................................................ 3-96
3-96

Procedure 3-29: Modify an OSPF area

.......................................................................................................................... 3-98
3-98

Procedure 3-30: Delete an OSPF area .......................................................................................................................... 3-100


3-100
Parameters of a OSPF Area .............................................................................................................................................. 3-101
3-101
Procedure 3-31: Configure the IP address range for the OSPF area ................................................................. 3-102
3-102
Procedure 3-32: Delete the IP address range of an OSPF area

........................................................................... 3-104
3-104

Procedure 3-33: Configure OSPF interface parameters ......................................................................................... 3-106


3-106
Procedure 3-34: Modify OSPF Authentication settings

........................................................................................ 3-109
3-109

WDM setup procedures


Overview

................................................................................................................................................................................. 3-111
3-111

Procedure 3-35: View network (NE name, NE IP, software release) map information

............................. 3-113
3-113

Network Map ......................................................................................................................................................................... 3-114


3-114
Procedure 3-36: View / modify IP route metric settings ........................................................................................ 3-115
3-115
IP Route Redistribute Metric Settings .......................................................................................................................... 3-116
3-116
Procedure 3-37: Create IP static route .......................................................................................................................... 3-117
3-117
Create Static IP Route ......................................................................................................................................................... 3-118
3-118
Procedure 3-38: View all IP routes ................................................................................................................................ 3-119
3-119
IP Routes ................................................................................................................................................................................. 3-120
3-120
Procedure 3-39: Delete IP static route .......................................................................................................................... 3-121
3-121
....................................................................................................................................................................................................................................
1830 PSS
ix
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 3-40: Create OSPF area ................................................................................................................................ 3-122


3-122
Create OSPF Area ................................................................................................................................................................ 3-123
3-123
Procedure 3-41: View OSPF areas

................................................................................................................................ 3-127
3-127

OSPF Areas ............................................................................................................................................................................ 3-128


3-128
Procedure 3-42: View/modify OSPF details .............................................................................................................. 3-132
3-132
OSPF Area Details ............................................................................................................................................................... 3-133
3-133
Procedure 3-43: Delete OSPF area ................................................................................................................................ 3-137
3-137
Procedure 3-44: Configure orderwire function ......................................................................................................... 3-138
3-138
Procedure 3-45: Create / view NTP server ................................................................................................................. 3-140
3-140
Create NTP Server ............................................................................................................................................................... 3-142
3-142
Procedure 3-46: View NTP properties

......................................................................................................................... 3-143
3-143

NTP Properties ...................................................................................................................................................................... 3-145


3-145
Procedure 3-47: Create/view NTP keys ....................................................................................................................... 3-146
3-146
Create NTP Key

................................................................................................................................................................... 3-147
3-147

Procedure 3-48: Set date and time manually

............................................................................................................. 3-148
3-148

Date and Time Administration ........................................................................................................................................ 3-149


3-149
4

Converged node set up procedures


Overview ...................................................................................................................................................................................... 4-1
4-1
Procedure 4-1: Connect OCS application to WDM application .............................................................................. 4-2
4-2

Equipment provisioning procedures


Overview ...................................................................................................................................................................................... 5-1
5-1
OCS equipment provisioning
Overview ...................................................................................................................................................................................... 5-5
5-5
Different kinds of equipment provisioning

..................................................................................................................... 5-6
5-6

Summary of important configuration rules ................................................................................................................... 5-15


5-15

....................................................................................................................................................................................................................................
1830 PSS
x
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

WDM equipment provisioning


Overview

................................................................................................................................................................................... 5-18
5-18

WDM equipment management specifics ....................................................................................................................... 5-19


5-19
OCS Provisioning Procedures
Overview

................................................................................................................................................................................... 5-43
5-43

Procedure 5-1: Define general properties of the system .......................................................................................... 5-44


5-44
Procedure 5-2: Create an extension shelf

...................................................................................................................... 5-46
5-46

Procedure 5-3: Remove an extension shelf ................................................................................................................... 5-50


5-50
Procedure 5-4: Provision or pre-provision I/O cards

............................................................................................... 5-53
5-53

Procedure 5-5: Provision or pre-provision optical modules


Procedure 5-6: Set a board/module out of service

.................................................................................. 5-57
5-57

..................................................................................................... 5-61
5-61

Procedure 5-7: Deprovision equipment .......................................................................................................................... 5-64


5-64
Procedure 5-8: Perform a matrix card upgrade

........................................................................................................... 5-66
5-66

Procedure 5-9: Configure an optical interface port .................................................................................................... 5-70


5-70
Procedure 5-10: Configure Optical Channel parameters ......................................................................................... 5-72
5-72
Procedure 5-11: Perform remote laser shutdown on OTH network ports
Procedure 5-12: Create an ODUn path termination

......................................................... 5-74
5-74

.................................................................................................. 5-76
5-76

Procedure 5-13: Configure an ODU path termination .............................................................................................. 5-84


5-84
Procedure 5-14: Changing the payload type of an ODU path termination

...................................................... 5-89
5-89

Procedure 5-15: Changing the sub-structure of an ODU path termination

...................................................... 5-92
5-92

Procedure 5-16: Deprovision an ODUk path termination function ..................................................................... 5-95


5-95
Procedure 5-17: Provision an optical SDH/SONET port
Procedure 5-18: Provision an GBE/GBE10

........................................................................................ 5-97
5-97

................................................................................................................. 5-99
5-99

Procedure 5-19: Provision a Tandem Connection Monitoring (TCM) entity

............................................... 5-101
5-101

Procedure 5-20: Remove a facility ................................................................................................................................ 5-107


5-107
Procedure 5-21: Restore a facility

................................................................................................................................. 5-109
5-109

Procedure 5-22: Allow equipment protection switching

....................................................................................... 5-111
5-111

....................................................................................................................................................................................................................................
1830 PSS
xi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 5-23: Inhibit equipment protection switching ...................................................................................... 5-113


5-113
Procedure 5-24: Initiate an equipment protection switch manually .................................................................. 5-115
5-115
Procedure 5-25: Initiate a circuit pack reset ............................................................................................................... 5-117
5-117
WDM Provisioning Procedures
Overview ................................................................................................................................................................................. 5-123
5-123
Procedure 5-26: View or modify NE parameters ..................................................................................................... 5-125
5-125
System Properties

................................................................................................................................................................ 5-126
5-126

Procedure 5-27: Reboot NE ............................................................................................................................................. 5-129


5-129
Reboot Options ..................................................................................................................................................................... 5-130
5-130
Procedure 5-28: Configure the firmware

.................................................................................................................... 5-131
5-131

Firmware ................................................................................................................................................................................. 5-134


5-134
Procedure 5-29: View the firmware

.............................................................................................................................. 5-135
5-135

Firmware ................................................................................................................................................................................. 5-136


5-136
Shelf provisioning ................................................................................................................................................................ 5-137
5-137
Procedure 5-30: Create (pre-provision) a shelf ......................................................................................................... 5-142
5-142
Create Shelf ............................................................................................................................................................................ 5-143
5-143
Procedure 5-31: View/modify shelf properties
Shelf Properties

......................................................................................................... 5-146
5-146

................................................................................................................................................................... 5-147
5-147

Procedure 5-32: Delete a shelf ........................................................................................................................................ 5-151


5-151
Procedure 5-33: Test LEDs

.............................................................................................................................................. 5-152
5-152

Shelf LEDs ............................................................................................................................................................................. 5-153


5-153
OT slot/card provisioning

................................................................................................................................................. 5-154
5-154

Procedure 5-34: Create a card ......................................................................................................................................... 5-175


5-175
Provision Card

...................................................................................................................................................................... 5-176
5-176

Procedure 5-35: View / modify card properties ........................................................................................................ 5-177


5-177
Procedure 5-36: View card inventory ........................................................................................................................... 5-178
5-178
Card Inventory

...................................................................................................................................................................... 5-179
5-179

....................................................................................................................................................................................................................................
1830 PSS
xii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 5-37: View pluggable module inventory ................................................................................................ 5-180


5-180
Pluggable Module Inventory

........................................................................................................................................... 5-181
5-181

Procedure 5-38: Controller Protection Switch (EC/MTC1T9)

........................................................................... 5-182
5-182

Controller Protection Switch Settings .......................................................................................................................... 5-184


5-184
Procedure 5-39: Upgrade EC (in-service upgrade from simplex to duplex) .................................................. 5-185
5-185
Procedure 5-40: Reboot card

........................................................................................................................................... 5-186
5-186

Reboot Options [Card] ....................................................................................................................................................... 5-187


5-187
Procedure 5-41: Delete a card ......................................................................................................................................... 5-188
5-188
Delete Card ............................................................................................................................................................................. 5-189
5-189
Port/facility provisioning

.................................................................................................................................................. 5-190
5-190

Procedure 5-42: Port provisioning procedures .......................................................................................................... 5-402


5-402
Information retrieval on the OCS application
Overview ................................................................................................................................................................................. 5-446
5-446
Procedure 5-43: Retrieve general properties of the system .................................................................................. 5-447
5-447
Procedure 5-44: Retrieve current conditions for a system component ............................................................. 5-448
5-448
View Current Conditions ................................................................................................................................................... 5-449
5-449
Procedure 5-45: Retrieve remote inventory for a system component
Retrieve remote inventory

.............................................................. 5-451
5-451

................................................................................................................................................ 5-453
5-453

Procedure 5-46: Retrieve network element TL1 parameters

............................................................................... 5-456
5-456

Procedure 5-47: Retrieve information related to equipment protection groups ............................................ 5-457
5-457
Procedure 5-48: Retrieve and edit optical channel parameters ........................................................................... 5-459
5-459
Procedure 5-49: Diagnose equipment

.......................................................................................................................... 5-460
5-460

Procedure 5-50: Perform LED test ................................................................................................................................ 5-462


5-462
Procedure 5-51: Check shelf cabling

........................................................................................................................... 5-463
5-463

Procedure 5-52: Retrieval analog optical parameters from optical modules

................................................. 5-465
5-465

Parameter descriptions (OCS application)


Overview ................................................................................................................................................................................. 5-469
5-469
....................................................................................................................................................................................................................................
1830 PSS
xiii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

General properties of the system as a whole .............................................................................................................. 5-470


5-470
General properties of a shelf ............................................................................................................................................ 5-480
5-480
General properties of a TRU ............................................................................................................................................ 5-482
5-482
General properties of an I/O card ................................................................................................................................... 5-483
5-483
General properties of an optical SDH/SONET port ................................................................................................ 5-484
5-484
General properties of an OTU port facility
General properties of an optical module

................................................................................................................ 5-489
5-489

..................................................................................................................... 5-497
5-497

General properties of a GBE / GBE10 port ................................................................................................................ 5-501


5-501
General properties of an ODU path termination facilty ......................................................................................... 5-509
5-509
Properties of a Tandem Connection Monitoring (TCM) entity
General properties of an optical

......................................................................... 5-520
5-520

.................................................................................................................................... 5-531
5-531

Parameters of equipment protection groups ............................................................................................................... 5-539


5-539
Primary and secondary states of system components ............................................................................................. 5-541
5-541
Overview of access identifiers

........................................................................................................................................ 5-548
5-548

TL1 parameters ..................................................................................................................................................................... 5-579


5-579
6

11QPE24 L2 Features
Overview ...................................................................................................................................................................................... 6-1
6-1
11QPE24 Quality of Service (QOS) .................................................................................................................................. 6-3
6-3
11QPE24 QOS CLI commands ........................................................................................................................................... 6-5
6-5
11QPE24 Ethernet Ring Protection .................................................................................................................................... 6-9
6-9
11QPE24 ERP CLI commands .......................................................................................................................................... 6-14
6-14
11QPE24 Ethernet OAM ..................................................................................................................................................... 6-15
6-15
11QPE24 Ethernet OAM CLI commands ..................................................................................................................... 6-27
6-27
11QPE24 Port Mirroring

..................................................................................................................................................... 6-29
6-29

11QPE24 Port Mirroring CLI commands

..................................................................................................................... 6-32
6-32

11QPE24 Services .................................................................................................................................................................. 6-33


6-33
11QPE24 Services CLI commands .................................................................................................................................. 6-40
6-40
....................................................................................................................................................................................................................................
1830 PSS
xiv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

11QPE24 Link Aggregation Group (LAG) ................................................................................................................... 6-44


6-44
11QPE24 LAG CLI commands

........................................................................................................................................ 6-47
6-47

11QPE24 MC-LAG CLI commands ............................................................................................................................... 6-48


6-48
11QPE24 PMON CLI commands

.................................................................................................................................... 6-49
6-49

11QPE24 Remote Managed Device CLI commands ................................................................................................ 6-51


6-51
11QPE24 Port CLI commands

.......................................................................................................................................... 6-53
6-53

11QPE24 Clear CLI commands ........................................................................................................................................ 6-55


6-55
11QPE24 Tools CLI commands ........................................................................................................................................ 6-56
6-56
11QPE24 General CLI commands ................................................................................................................................... 6-57
6-57
Procedure 6-1: Configure Ethernet-Ring (one node)
7

................................................................................................ 6-58
6-58

Alarm management procedures


Overview ...................................................................................................................................................................................... 7-1
7-1
OCS alarm management procedures
Procedure 7-1: View NE alarms .......................................................................................................................................... 7-3
7-3
View Current Alarms And Conditions

............................................................................................................................. 7-5
7-5

Procedure 7-2: Create an Alarm Severity Assignment Profile (ASAP) ................................................................ 7-7
7-7
Procedure 7-3: Display Alarm Assignment Profiles .................................................................................................. 7-10
7-10
Procedure 7-4: Display Alarm Assignment Profiles assigned to specific entities
Procedure 7-5: Manage ASAP profile

............................................................................................................................ 7-12
7-12

Procedure 7-6: Manage ASAP profile assigned to a specific entity


Procedure 7-7: Edit notification code
Procedure 7-8: Delete ASAP profile

.......................................... 7-11
7-11

.................................................................... 7-14
7-14

............................................................................................................................. 7-16
7-16

............................................................................................................................... 7-18
7-18

WDM alarm management procedures


Introduction

.............................................................................................................................................................................. 7-19
7-19

Procedure 7-9: Display active alarm list ........................................................................................................................ 7-23


7-23
Alarm List

................................................................................................................................................................................. 7-24
7-24

....................................................................................................................................................................................................................................
1830 PSS
xv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 7-10: View condition list

............................................................................................................................... 7-25
7-25

Procedure 7-11: Display active alarms or alarm level on a shelf or slot/card .................................................. 7-26
7-26
Procedure 7-12: View alarms history log

...................................................................................................................... 7-27
7-27

Alarms Log ............................................................................................................................................................................... 7-28


7-28
Procedure 7-13: View events history log ....................................................................................................................... 7-29
7-29
General Events Log

............................................................................................................................................................... 7-30
7-30

Procedure 7-14: Modify alarm configuration

.............................................................................................................. 7-31
7-31

Alarmable Conditions ........................................................................................................................................................... 7-32


7-32
Procedure 7-15: Provision environmental (housekeeping) alarms ....................................................................... 7-35
7-35
Environmental Alarms .......................................................................................................................................................... 7-36
7-36
8

TDM timing provisioning procedures


Overview ...................................................................................................................................................................................... 8-1
8-1
Procedure 8-1: Configure the timing references

.......................................................................................................... 8-3
8-3

General properties of a timing node within a shelf

..................................................................................................... 8-5
8-5

Procedure 8-2: Configure external timing input ports


General properties of external timing input ports

............................................................................................... 8-8
8-8

..................................................................................................... 8-12
8-12

Procedure 8-3: Configure external timing references

.............................................................................................. 8-15
8-15

General properties of a external timing reference

..................................................................................................... 8-18
8-18

Procedure 8-4: Perform a timing reference switch

................................................................................................... 8-22
8-22

Procedure 8-5: Switch external timing reference


Procedure 8-6: Clear a timing reference switch

...................................................................................................... 8-24
8-24

......................................................................................................... 8-27
8-27

Procedure 8-7: Take an external timing reference out of service for maintenance purposes
Procedure 8-8: Take an external timing input port out (BITS) out-of-service
Procedure 8-9: Restore timing reference

.................... 8-30
8-30

................................................ 8-32
8-32

...................................................................................................................... 8-34
8-34

Procedure 8-10: Retrieve the current timing configuration

................................................................................... 8-36
8-36

Procedure 8-11: Retrieve provisioning and state information of external timing references

.................... 8-38
8-38

Procedure 8-12: Retrieve provisioning and state information of external timing input ports

................... 8-39
8-39

....................................................................................................................................................................................................................................
1830 PSS
xvi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Synchronization characteristics -External timing inputs


Synchronization characteristics Timing references
9

........................................................................................ 8-41
8-41

............................................................................................... 8-43
8-43

TDM network configuration procedures


Overview ...................................................................................................................................................................................... 9-1
9-1
Introduction
Create Cross Connections window ..................................................................................................................................... 9-3
9-3
Manage Cross Connections window .................................................................................................................................. 9-6
9-6
Provisioning procedures
Procedure 9-1: Add a protection leg to a cross-connection ..................................................................................... 9-10
9-10
Procedure 9-2: Remove a protection leg from a cross-connection

...................................................................... 9-16
9-16

Procedure 9-3: Create an SNCP protection group ...................................................................................................... 9-20


9-20
Procedure 9-4: Modify an SNCP protection group .................................................................................................... 9-27
9-27
Procedure 9-5: Delete an SNC protection group

........................................................................................................ 9-30
9-30

Procedure 9-6: Initiate an SNC protection switch ...................................................................................................... 9-32


9-32
Procedure 9-7: Release an SNC protection switch

.................................................................................................... 9-34
9-34

Procedure 9-8: Retrieve configuration parameters and status information of an SNC protection
group ................................................................................................................................................................................... 9-36
9-36
10

WDM network configuration procedures


Overview

................................................................................................................................................................................... 10-1
10-1

Introduction
Protection

.................................................................................................................................................................................. 10-4
10-4

Provisioning procedures
Procedure 10-1: Create protection group

.................................................................................................................... 10-16
10-16

Create APS Group

............................................................................................................................................................... 10-17
10-17

Create APS Group

............................................................................................................................................................... 10-19
10-19

Procedure 10-2: View all protection groups ............................................................................................................... 10-22


10-22

....................................................................................................................................................................................................................................
1830 PSS
xvii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Automatic Protection Switch Groups ........................................................................................................................... 10-23


10-23
Procedure 10-3: View/modify protection group ....................................................................................................... 10-26
10-26
Procedure 10-4: Delete protection group

.................................................................................................................... 10-27
10-27

Procedure 10-5: Request protection switch ................................................................................................................ 10-28


10-28
Procedure 10-6: Configure OMSP protection

........................................................................................................... 10-29
10-29

Procedure 10-7: Configure E-SNCP protection ........................................................................................................ 10-34


10-34
Procedure 10-8: Configure OPS client side protection .......................................................................................... 10-36
10-36
Procedure 10-9: Configure OLP protection
Wavelength Tracker

............................................................................................................... 10-40
10-40

............................................................................................................................................................ 10-50
10-50

Procedure 10-10: Provision wave keys on an encoder port to support dangling OT procedure ............. 10-55
10-55
Wave Key Encoder .............................................................................................................................................................. 10-57
10-57
Procedure 10-11: Set expected network output power ........................................................................................... 10-58
10-58
Procedure 10-12: View wave keys (decoder ports) ................................................................................................. 10-59
10-59
Wave Key Decoder .............................................................................................................................................................. 10-60
10-60
Procedure 10-13: Clear wave keys ................................................................................................................................ 10-62
10-62
Procedure 10-14: Set power ............................................................................................................................................. 10-63
10-63
Set Power ................................................................................................................................................................................ 10-64
10-64
Procedure 10-15: View channel power summary

.................................................................................................... 10-65
10-65

Wavelength Tracker Power Summary .......................................................................................................................... 10-66


10-66
Procedure 10-16: View unexpected wave keys ......................................................................................................... 10-67
10-67
Unexpected Wave Keys ..................................................................................................................................................... 10-68
10-68
Procedure 10-17: View wave key data at NE level

................................................................................................. 10-69
10-69

Wave Keys .............................................................................................................................................................................. 10-70


10-70
Procedure 10-18: View unexpected/missing wave keys at NE level

................................................................ 10-72
10-72

Unexpected Wave Keys ..................................................................................................................................................... 10-73


10-73
Missing Wave Keys ............................................................................................................................................................. 10-74
10-74
Procedure 10-19: Provision optical line's monitoring (WT mode or WTOCM mode) .............................. 10-75
10-75
....................................................................................................................................................................................................................................
1830 PSS
xviii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Port Power Management ................................................................................................................................................... 10-76


10-76
Procedure 10-20: Add a service to a FOADM system or mixed FOADM-TOADM system .................. 10-78
10-78
Procedure 10-21: Add an Anydirection Add/Drop block to ROADM
Power settings

............................................................. 10-83
10-83

....................................................................................................................................................................... 10-86
10-86

Procedure 10-22: Power management .......................................................................................................................... 10-89


10-89
Port Power Management ................................................................................................................................................... 10-90
10-90
Procedure 10-23: Power adjustment ............................................................................................................................. 10-92
10-92
Power Adjustment

.............................................................................................................................................................. 10-94
10-94

Procedure 10-24: View/modify power commissioning values ............................................................................ 10-96


10-96
Power Commissioning

...................................................................................................................................................... 10-97
10-97

A2P2125 Power Commissioning

............................................................................................................................... 10-109
10-109

Procedure 10-25: LD power adjustment


Power Adjustment

................................................................................................................... 10-114
10-114

............................................................................................................................................................. 10-115
10-115

Procedure 10-26: GMRE settings ................................................................................................................................ 10-116


10-116
Procedure 10-27: GMRE Feasibility File Transfer

............................................................................................... 10-117
10-117

Procedure 10-28: GMRE OMS line parameters ..................................................................................................... 10-118


10-118
Procedure 10-29: GMRE optical impairment parameters

.................................................................................. 10-119
10-119

Procedure 10-30: Cross-phase modulation allowed wavelength set


11

.............................................................. 10-120
10-120

TDM traffic provisioning procedures


Overview

................................................................................................................................................................................... 11-1
11-1

Introduction
Cross-connection types ......................................................................................................................................................... 11-2
11-2
Different ways to create a cross-connection ................................................................................................................. 11-7
11-7
Different ways to modify a cross-connection ............................................................................................................... 11-8
11-8
Provisioning procedures
Overview

................................................................................................................................................................................... 11-9
11-9

....................................................................................................................................................................................................................................
1830 PSS
xix
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 11-1: Create a cross-connection

................................................................................................................ 11-10
11-10

Procedure 11-2: Modify a cross-connection


Procedure 11-3: Delete a cross-connection

.............................................................................................................. 11-15
11-15

................................................................................................................ 11-18
11-18

Procedure 11-4: Retrieve a list of cross-connections .............................................................................................. 11-21


11-21
12

WDM traffic provisioning procedures


Overview

................................................................................................................................................................................... 12-1
12-1

Description ................................................................................................................................................................................ 12-3


12-3
Procedure 12-1: Display NE physical topology .......................................................................................................... 12-8
12-8
Physical Topology .................................................................................................................................................................. 12-9
12-9
Procedure 12-2: Display NE logical topology

.......................................................................................................... 12-10
12-10

Procedure 12-3: Provision OCH cross-connects


OCH Cross-Connects

...................................................................................................... 12-11
12-11

......................................................................................................................................................... 12-13
12-13

Create OCH Cross-Connect ............................................................................................................................................. 12-15


12-15
Procedure 12-4: Create OCH cross-connect group
Procedure 12-5: Provision ODUk cross-connects
ODUk Cross-Connects

................................................................................................. 12-17
12-17

................................................................................................... 12-19
12-19

...................................................................................................................................................... 12-20
12-20

Create ODUk Cross-Connect

.......................................................................................................................................... 12-21
12-21

Procedure 12-6: Provision EVPL connections .......................................................................................................... 12-22


12-22
Create EVPL Connection (FullRate)

............................................................................................................................ 12-23
12-23

Create EVPL Connection (SubRate) ............................................................................................................................. 12-24


12-24
Create EVPL Connection (QinQ)

.................................................................................................................................. 12-26
12-26

Procedure 12-7: Display the cross connect topology .............................................................................................. 12-28


12-28
Cross Connect Topology

................................................................................................................................................... 12-29
12-29

Procedure 12-8: Display the NE power trace

............................................................................................................ 12-30
12-30

Cross-Connect Power Trace ............................................................................................................................................. 12-31


12-31
Procedure 12-9: Display network power trace .......................................................................................................... 12-32
12-32
Network Power Trace ......................................................................................................................................................... 12-33
12-33
....................................................................................................................................................................................................................................
1830 PSS
xx
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Procedure 12-10: Connect Alcatel-Lucent 1830 PSS-1 to 1830 PSS-32/PSS-16/PSS-32S ..................... 12-34
12-34
13

TDM traffic maintenance procedures


Overview

................................................................................................................................................................................... 13-1
13-1

Procedure 13-1: Configure port loopback ..................................................................................................................... 13-2


13-2
Procedure 13-2: Release Loopback

................................................................................................................................. 13-7
13-7

Procedure 13-3: View loopback ........................................................................................................................................ 13-9


13-9
View Loopback ..................................................................................................................................................................... 13-10
13-10
14

WDM traffic maintenance procedures


Overview

................................................................................................................................................................................... 14-1
14-1

Loopbacks ................................................................................................................................................................................. 14-2


14-2
Procedure 14-1: Display, set, release loopbacks ......................................................................................................... 14-4
14-4
Port Loopback Control ......................................................................................................................................................... 14-6
14-6
15

TDM Ethernet/Data traffic maintenance procedures


Overview

................................................................................................................................................................................... 15-1
15-1

Procedure 15-1: Configure port loopback ..................................................................................................................... 15-2


15-2
Procedure 15-2: Release loopback ................................................................................................................................... 15-5
15-5
Procedure 15-3: View loopback ........................................................................................................................................ 15-7
15-7
The View Loopback window
16

............................................................................................................................................ 15-8
15-8

Performance monitoring procedures


Overview

................................................................................................................................................................................... 16-1
16-1

OCS performance monitoring


Overview

................................................................................................................................................................................... 16-3
16-3

The performance monitoring process

............................................................................................................................. 16-6
16-6

Performance measurements ................................................................................................................................................ 16-8


16-8
SES declaration threshold ................................................................................................................................................. 16-15
16-15
Thresholding .......................................................................................................................................................................... 16-17
16-17
....................................................................................................................................................................................................................................
1830 PSS
xxi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Impact of configuration changes on performance monitoring

............................................................................ 16-25
16-25

WDM performance monitoring


WDM performance monitoring ...................................................................................................................................... 16-27
16-27
OCS performance monitoring procedures
Overview ................................................................................................................................................................................. 16-38
16-38
Procedure 16-1: Enable or disable PM data collection .......................................................................................... 16-39
16-39
Procedure 16-2: Retrieve PM activation status ......................................................................................................... 16-43
16-43
Procedure 16-3: Retrieve PM data ................................................................................................................................. 16-47
16-47
Procedure 16-4: Initialize PM registers

....................................................................................................................... 16-52
16-52

Procedure 16-5: Upload the NE PM data to a remote file server


Procedure 16-6: Create a new TCA profile
Procedure 16-7: Rename a TCA profile

...................................................................... 16-55
16-55

............................................................................................................... 16-58
16-58

..................................................................................................................... 16-61
16-61

Procedure 16-8: Modify the threshold settings of a TCA profile ....................................................................... 16-63
16-63
Procedure 16-9: Retrieve the threshold settings of a TCA profile ..................................................................... 16-65
16-65
Procedure 16-10: Delete a TCA profile ....................................................................................................................... 16-66
16-66
Procedure 16-11: Retrieve a list of facilities that use a particular TCA profile

............................................ 16-67
16-67

WDM performance monitoring procedures


Overview ................................................................................................................................................................................. 16-68
16-68
Procedure 16-12: Display PM data for EC/MTC1T9 card ................................................................................... 16-69
16-69
PM Data [Card]

.................................................................................................................................................................... 16-70
16-70

Procedure 16-13: Set bins for EC/MTC1T9 card

.................................................................................................... 16-72
16-72

Clear Bins [Card] ................................................................................................................................................................. 16-73


16-73
Procedure 16-14: Display all TCA profile assignments
TCA Profile Assignment

........................................................................................ 16-74
16-74

................................................................................................................................................... 16-75
16-75

Procedure 16-15: Modify TCA profile ......................................................................................................................... 16-76


16-76
Procedure 16-16: Display PM data for port

............................................................................................................... 16-77
16-77

....................................................................................................................................................................................................................................
1830 PSS
xxii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

PM Data ................................................................................................................................................................................... 16-78


16-78
Procedure 16-17: Set bins for port ................................................................................................................................. 16-80
16-80
Clear Bins

............................................................................................................................................................................... 16-81
16-81

Procedure 16-18: Set baseline values for port ........................................................................................................... 16-82


16-82
Port Baseline .......................................................................................................................................................................... 16-84
16-84
OCS Performance monitoring reports
Overview ................................................................................................................................................................................. 16-86
16-86
Configuration parameters related to performance monitoring ............................................................................ 16-87
16-87
PM reports General .......................................................................................................................................................... 16-89
16-89
PM reports SDH Regenerator Section ...................................................................................................................... 16-92
16-92
PM reports SDH higher order path
PM reports SONET Section
PM reports SONET path
PM reports Ethernet

........................................................................................................................... 16-93
16-93

......................................................................................................................................... 16-94
16-94

.............................................................................................................................................. 16-95
16-95

........................................................................................................................................................ 16-96
16-96

PM reports OTUk Section

............................................................................................................................................ 16-97
16-97

PM reports ODUk Path .................................................................................................................................................. 16-98


16-98
PM reports ODUk TCM Layer

................................................................................................................................... 16-99
16-99

PM reports OCH section near end PM parameters


17

........................................................................................... 16-100
16-100

Database backup and restore procedures


Overview

................................................................................................................................................................................... 17-1
17-1

Backup and restore on the OCS application


Overview

................................................................................................................................................................................... 17-3
17-3

Configuration backup and restoration ............................................................................................................................. 17-4


17-4
Backup and restore principle .............................................................................................................................................. 17-5
17-5
Backup and restore on the WDM application
Overview

................................................................................................................................................................................... 17-6
17-6

....................................................................................................................................................................................................................................
1830 PSS
xxiii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Database management .......................................................................................................................................................... 17-7


17-7
Database backup ................................................................................................................................................................... 17-12
17-12
Database restore

................................................................................................................................................................... 17-14
17-14

OCS backup and restore procedures


Overview ................................................................................................................................................................................. 17-16
17-16
Procedure 17-1: Backup the active database to the standby database .............................................................. 17-17
17-17
Procedure 17-2: Transfer the NE standby database to a remote file server .................................................... 17-18
17-18
Procedure 17-3: Retrieve information related to transferred files on a remote file server ........................ 17-22
17-22
Information related to database backups stored on a remote file server. ......................................................... 17-24
17-24
Procedure 17-4: Download a database from a remote file server to the standby database ....................... 17-27
17-27
Procedure 17-5: Restore database .................................................................................................................................. 17-30
17-30
WDM backup and restore procedures using WebUI
Overview ................................................................................................................................................................................. 17-32
17-32
Procedure 17-6: Backup database .................................................................................................................................. 17-33
17-33
Database Backup and Restore ......................................................................................................................................... 17-34
17-34
Procedure 17-7: Restore database .................................................................................................................................. 17-36
17-36
18

Software installation and upgrade procedures


Overview

................................................................................................................................................................................... 18-1
18-1

OCS software installation and upgrade procedures


....................................................................................................................................................................................................... 18-2
18-2

Procedure 18-1: Upgrade to a new release of the NE software ............................................................................. 18-3


18-3
Procedure 18-2: Download a software generic from a remote file server to the standby software
load ...................................................................................................................................................................................... 18-9
18-9
Procedure 18-3: Software download for disaster recovery

................................................................................. 18-14
18-14

Procedure 18-4: Switch from the current release to the new release ................................................................ 18-18
18-18
Procedure 18-5: Switch back from the current release and database to previous release

......................... 18-20
18-20

Procedure 18-6: Make the current release software the permanent active software ................................... 18-22
18-22
....................................................................................................................................................................................................................................
1830 PSS
xxiv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

WDM software installation and upgrade procedures


.................................................................................................................................................................................................... 18-24
18-24

Procedure 18-7: Software upgrade procedure ........................................................................................................... 18-25


18-25
FTP Server Settings ............................................................................................................................................................. 18-27
18-27
Software Upgrade ................................................................................................................................................................ 18-28
18-28
Procedure 18-8: Modify/view software NE attributes procedure
19

...................................................................... 18-31
18-31

Routine procedures
Overview

................................................................................................................................................................................... 19-1
19-1

Maintaining OCS parts of the system.


Overview

................................................................................................................................................................................... 19-2
19-2

Procedure 19-1: Replace the dust filter .......................................................................................................................... 19-3


19-3
Procedure 19-2: Replace a Fan Unit (FAN3T8) .......................................................................................................... 19-6
19-6
Procedure 19-3: Common card mounting rules ........................................................................................................ 19-10
19-10
20

Supporting procedures
Overview

................................................................................................................................................................................... 20-1
20-1

The Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)


....................................................................................................................................................................................................... 20-3
20-3

General information

.............................................................................................................................................................. 20-5
20-5

The Alcatel-Lucent 1830 PSS ZIC management window


Navigation pane

...................................................................................... 20-6
20-6

...................................................................................................................................................................... 20-8
20-8

Toolbar ..................................................................................................................................................................................... 20-10


20-10
Context menu ......................................................................................................................................................................... 20-11
20-11
Property window .................................................................................................................................................................. 20-12
20-12
Configurable dialog box .................................................................................................................................................... 20-13
20-13
Response Dialog Box

........................................................................................................................................................ 20-14
20-14

Confirmation Dialog Box

................................................................................................................................................ 20-15
20-15

....................................................................................................................................................................................................................................
1830 PSS
xxv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Contents
....................................................................................................................................................................................................................................

Tool tip

.................................................................................................................................................................................... 20-16
20-16

Error dialog box

.................................................................................................................................................................. 20-17
20-17

Common Commands

......................................................................................................................................................... 20-18
20-18

Search function ..................................................................................................................................................................... 20-19


20-19
Go To menu ............................................................................................................................................................................ 20-21
20-21
View menu .............................................................................................................................................................................. 20-22
20-22
Show Alarms menu

............................................................................................................................................................. 20-23
20-23

Basic Alcatel-Lucent 1830 PSS ZIC procedures


Overview ................................................................................................................................................................................. 20-24
20-24
Concepts for connecting the Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC) to
the NE .............................................................................................................................................................................. 20-25
20-25
Combined Alcatel-Lucent 1830 PSS ZIC / WebUI ................................................................................................. 20-26
20-26
Procedure 20-1: Initialize the NE using EZ setup tool ........................................................................................... 20-27
20-27
Procedure 20-2: Call up the Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)

............ 20-37
20-37

Procedure 20-3: Logout from Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)

........ 20-41
20-41

The Alcatel-Lucent 1830 PSS WebUI


Overview ................................................................................................................................................................................. 20-42
20-42
Using the WebUI .................................................................................................................................................................. 20-43
20-43
Basic Alcatel-Lucent 1830 PSS WebUI procedures
Overview ................................................................................................................................................................................. 20-45
20-45
Procedure 20-4: Log into the WebUI ............................................................................................................................ 20-46
20-46
Procedure 20-5: Exit the WebUI

.................................................................................................................................... 20-48
20-48

Procedure 20-6: Initial NE configuration .................................................................................................................... 20-49


20-49
Procedure 20-7: Submit ping request

........................................................................................................................... 20-51
20-51

Procedure 20-8: Submit traceroute request

................................................................................................................ 20-52
20-52

Glossary
Index
....................................................................................................................................................................................................................................
1830 PSS
xxvi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of tables
1

Information products related to Alcatel-Lucent 1830 PSS

...................................................................... xlix

1-1

FDA/CDRH laser classifications ....................................................................................................................... 1-21

1-2

OFCS hazard levels

1-3

Temperature and humidity levels for transportation (ETSI market)

1-4

Environmental conditions for transportation (ANSI market)

1-5

Temperature and humidity levels for storage (ETSI market) .................................................................. 1-39

1-6

Environmental conditions for storage (ANSI market)

1-7

Temperature and humidity levels for operation (ETSI market)

............................................................. 1-59

1-8

Temperature and humidity levels for operation (ANSI market)

............................................................ 1-60

2-1

Predefined user types

2-2

Default user types for internal purpose

2-3

User privilege levels ............................................................................................................................................... 2-16


2-16

2-4

Ports that support ACL filtering ......................................................................................................................... 2-31

2-5

System-defined port/filter associations

2-6

RADIUS authentication - VSA information

3-1

Maximum number of ECC channels supported per shelf

3-2

Communications Network Sizing

3-3

Parameters for static IP routes

5-1

Port groups ................................................................................................................................................................. 5-10


5-10

5-2

Port group modes and client selection modes ............................................................................................... 5-11

5-3

Client selection modes and compatible interface modules

5-4

Alcatel-Lucent 1830 PSS-32 Circuit Pack Slot Allocation ...................................................................... 5-27

5-5

Alcatel-Lucent 1830 PSS-32S Circuit Pack Slot Allocation ................................................................... 5-33

................................................................................................................................................ 1-21
1-21
.................................................... 1-36

................................................................. 1-37

.............................................................................. 1-41

............................................................................................................................................. 2-13
2-13
........................................................................................................... 2-13

........................................................................................................... 2-32
................................................................................................. 2-35
........................................................................... 3-6

..................................................................................................................... 3-19

............................................................................................................................ 3-81

...................................................................... 5-13

....................................................................................................................................................................................................................................
1830 PSS
xxvii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of tables
....................................................................................................................................................................................................................................

5-6

Alcatel-Lucent 1830 PSS-16 Circuit Pack Slot Allocation ...................................................................... 5-34

5-7

Applicability of restart types to circuit packs

5-8

1830 PSS Shelf Combinations

5-9

General parameters of an optical SDH/SONET port ............................................................................... 5-484

5-10

AINS parameters of an optical SDH/SONET port

5-11

Trace Messaging parameters of an optical SDH/SONET port ............................................................. 5-487

5-12

General parameters of an OTU port facility

5-13

AINS parameters of an OTU port facility

5-14

Trace Messaging parameters of an OTU port facility

5-15

Ingress error monitoring parameters of an OTU port facility

5-16

Value ranges for the shelf field in the AID depending on the shelf type

5-17

Relation of equipment name/equipment AID prefix to supported PROVISIONEDTYPES

5-18

Examples of equipment AIDs

5-19

Examples of facility AIDs

5-20

Timing reference AIDs

5-21

Examples of ASAP (Alarm Severity Assigned Profile) AIDs

5-22

Examples of THP (Threshold Profile) AIDs ............................................................................................... 5-574

5-23

Examples of common AIDs

5-24

Examples of firewall filter chain AIDs

8-1

Fields and parameters of the Edit BITS window ......................................................................................... 8-12

8-2

External timing input signal format .................................................................................................................. 8-41

8-3

SSM support settings .............................................................................................................................................. 8-41


8-41

10-1

Technology Type index table ............................................................................................................................ 10-87

16-1

Performance monitoring - Available bins ....................................................................................................... 16-7

16-2

Autonomous creation of PM registers

16-3

SDH/SONET near-end performance parameters ......................................................................................... 16-9

16-4

Ethernet performance parameters

............................................................................................. 5-119

......................................................................................................................... 5-137

................................................................................... 5-486

............................................................................................... 5-489

................................................................................................... 5-491
............................................................................. 5-492
.............................................................. 5-494
.......................................... 5-549
.... 5-549

.......................................................................................................................... 5-550

................................................................................................................................. 5-555

....................................................................................................................................... 5-571
.............................................................. 5-571

.............................................................................................................................. 5-576
........................................................................................................ 5-577

............................................................................................................. 16-8

................................................................................................................... 16-10

....................................................................................................................................................................................................................................
1830 PSS
xxviii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of tables
....................................................................................................................................................................................................................................

16-5

OTH performance parameters .......................................................................................................................... 16-12

16-6

SDH performance parameters

16-7

SONET performance parameters

16-8

OTH performance parameters .......................................................................................................................... 16-14

16-9

SES declaration thresholds (SDH)

......................................................................................................................... 16-13
.................................................................................................................... 16-13

................................................................................................................. 16-15

16-10 SES declaration thresholds (SONET)


16-11 SES declaration thresholds (OTH)

........................................................................................................... 16-15

................................................................................................................. 16-16

16-12 Default thresholds - SDH Regenerator Section


16-13 Default thresholds - SDH higher order path
16-14 Default thresholds - SONET Section

......................................................................................... 16-21

............................................................................................... 16-21

............................................................................................................ 16-22

16-15 Default thresholds - SONET path ................................................................................................................... 16-23


16-16 Default thresholds - ODUk

............................................................................................................................... 16-23

16-17 Default thresholds - OTUk ................................................................................................................................ 16-24


16-18 Cards and Ports that Support PM Data
16-19 PSS-32S Facilities

................................................................................................................................................ 16-36
16-36

16-20 Elements of a PM report


16-21 Validity indication

......................................................................................................... 16-28

.................................................................................................................................... 16-49

................................................................................................................................................ 16-51
16-51

16-22 Parameters for the PM mode settings ............................................................................................................ 16-87


16-23 Parameters for the PM data selection

............................................................................................................ 16-89

18-1

USB flash drive specifications

....................................................................................................................... 18-15

20-1

Predefined user types

20-2

Minimum hardware/software requirements

.......................................................................................................................................... 20-30
................................................................................................ 20-37

....................................................................................................................................................................................................................................
1830 PSS
xxix
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of tables
....................................................................................................................................................................................................................................

....................................................................................................................................................................................................................................
1830 PSS
xxx
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of figures
1-1

Warning symbols defined for safety instructions:

......................................................................................... 1-6

1-2

Multilabel (1830 PSS-16/PSS-32)

1-3

Multilabel (1830 PSS-32S)

1-4

Multilabel (1830 PSS-36)

1-5

Multilabel (PSS-64)

1-6

ESD bonding point at the Alcatel-Lucent 1830 PSS-64 subrack

.......................................................... 1-28

1-7

ESD bonding point at the Alcatel-Lucent 1830 PSS-36 subrack

.......................................................... 1-29

1-8

ESD bonding point at the Alcatel-Lucent 1830 PSS-32 subrack

.......................................................... 1-30

1-9

ESD bonding point at the Alcatel-Lucent 1830 PSS-32S subrack

1-10

ESD bonding point at the Alcatel-Lucent 1830 PSS-16 subrack

1-11

ESD bonding point at the ETSI One Rack

1-12

Temperature and humidity levels for storage (ETSI market) .................................................................. 1-40

1-13

Temperature and humidity levels for operation (ETSI market)

............................................................. 1-60

1-14

Temperature and humidity levels for operation (ANSI market)

............................................................ 1-61

3-1

Dual GNE configurations ..................................................................................................................................... 3-23

4-1

Converged node view (card level)

5-1

Shelf interconnection

............................................................................................................................................. 5-47
5-47

5-2

Shelf interconnection

............................................................................................................................................. 5-51
5-51

5-3

Example for the representation of an ODU3 NIM ...................................................................................... 5-79

5-4

Example for the representation of facilities ................................................................................................... 5-98

5-5

Example for the representation of facilities

5-6

Examples .................................................................................................................................................................. 5-102


5-102

5-7

Example for the representation of an ODU3 NIM

.................................................................................................................... 1-14

................................................................................................................................ 1-15
................................................................................................................................... 1-16

.............................................................................................................................................. 1-17
1-17

...................................................... 1-31

.......................................................... 1-32

.................................................................................................... 1-33

..................................................................................................................... 4-3

................................................................................................ 5-100

................................................................................... 5-104

....................................................................................................................................................................................................................................
1830 PSS
xxxi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of figures
....................................................................................................................................................................................................................................

5-8

Example for highlighted cards in the display pane of the Alcatel-Lucent 1830 PSS ZIC

........ 5-122

5-9

11STMM10 OT signal processing from client port to DWDM line port

6-1

G.8032 Ring in the Initial State

6-2

G.8032 Ring in the Protecting State

9-1

Overview of available network protection mechanisms

9-2

Adding a protection leg to a one way protection

9-3

Adding a protection leg to a two way protection ......................................................................................... 9-11

9-4

Removing a protection leg from a one way protection

............................................................................. 9-16

9-5

Removing a protection leg from a two way protection

............................................................................. 9-17

11-1

Navigating directly from a facility to the Create Cross Connections window

14-1

Loopback Types ....................................................................................................................................................... 14-3


14-3

16-1

Performance monitoring of a bidirectional path (example) ..................................................................... 16-3

16-2

Performance monitoring process

16-3

Thresholding - Transient condition method

16-4

Thresholding - Standing condition method ................................................................................................. 16-20

16-5

Performance monitoring points in an 1830 PSS NE ................................................................................ 16-31

16-6

Analog parameter TCA

16-7

Example for the representation of facilities

................................................................................................ 16-40

16-8

Example for the representation of facilities

................................................................................................ 16-44

16-9

Example for the representation of facilities

................................................................................................ 16-48

16-10 Example for the representation of facilities

................................................................................................ 16-53

....................................... 5-166

......................................................................................................................... 6-10
................................................................................................................. 6-11
............................................................................. 0-1

......................................................................................... 9-10

............................... 11-14

....................................................................................................................... 16-6
................................................................................................ 16-19

...................................................................................................................................... 16-33

19-1

Fan Unit positions

................................................................................................................................................... 19-6
19-6

19-2

Fan Unit fixing screws

19-3

Fan Unit extraction

19-4

Fan Unit insertion

19-5

Fan Unit fastening ................................................................................................................................................... 19-9


19-9

19-6

Correct insert operations

.......................................................................................................................................... 19-8

................................................................................................................................................. 19-8
19-8

................................................................................................................................................... 19-9
19-9

.................................................................................................................................... 19-11

....................................................................................................................................................................................................................................
1830 PSS
xxxii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of figures
....................................................................................................................................................................................................................................

19-7

Forbidden insertion operations

........................................................................................................................ 19-13

19-8

Slide latch usage

19-9

Correct card extraction

20-1

Alcatel-Lucent 1830 PSS ZIC Management Window ............................................................................... 20-7

20-2

Example: Context menu

20-3

Example: Properties window

20-4

Example: Configurable dialog box

20-5

Example: Response dialog box

20-6

Example: Confirmation dialog box ................................................................................................................ 20-15

20-7

Example: Tool tip

20-8

Example: Error dialog box

20-9

Example: General properties window

................................................................................................................................................... 19-14
19-14
....................................................................................................................................... 19-16

..................................................................................................................................... 20-11
........................................................................................................................... 20-12
................................................................................................................ 20-13

....................................................................................................................... 20-14

................................................................................................................................................. 20-16
20-16
............................................................................................................................... 20-17
........................................................................................................... 20-18

20-10 Example: Search command ............................................................................................................................... 20-19


20-11 Example: Search dialog ...................................................................................................................................... 20-20
20-12 Example: Search result

....................................................................................................................................... 20-20
20-20

20-13 Example: Go to ...................................................................................................................................................... 20-21


20-21
20-14 Example: View menu

.......................................................................................................................................... 20-22

20-15 Equipment tree hierarchy ................................................................................................................................... 20-44

....................................................................................................................................................................................................................................
1830 PSS
xxxiii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of figures
....................................................................................................................................................................................................................................

....................................................................................................................................................................................................................................
1830 PSS
xxxiv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
2

Security administration procedures


2-1

Create a user login

2-2

Set system-wide user security parameters

2-3

Display system-wide user security parameters

2-4

Delete a user login

.................................................................................................................................................. 2-52
2-52

2-5

Inhibit a user login

.................................................................................................................................................. 2-53
2-53

2-6

Allow a user login ................................................................................................................................................... 2-54


2-54

2-7

Display user property information

2-8

Edit user logins

2-9

Log off user

2-10

Retrieve information on all active user logins .............................................................................................. 2-60

2-11

Change password

2-12

Send a short free form text message to other users ..................................................................................... 2-63

2-13

Modify command access security level assigned to a TL1 command. ................................................ 2-65

2-14

Display command access security level assigned to a TL1 command

2-15

Copy security sensible files or data from/to an NE to/from a remote file server

2-16

Configure SSL authentication for ZIC to NE communication (high-level procedure)

2-17

Install a certificate for SSL authentication

2-18

Generate a new SSL key for SSL authentication

........................................................................................ 2-77

2-19

Request a new certificate for SSL authentication

...................................................................................... 2-79

2-20

Generate a new SSL key for SSL authentication

........................................................................................ 2-81

2-21

Configure RADIUS server attributes

2-22

Modify RADIUS server attributes

.................................................................................................................................................. 2-42
2-42
..................................................................................................... 2-45
............................................................................................ 2-49

.................................................................................................................... 2-55

........................................................................................................................................................ 2-56
2-56

............................................................................................................................................................... 2-59
2-59

.................................................................................................................................................... 2-61
2-61

................................................ 2-67
............................ 2-69
................ 2-75

................................................................................................... 2-76

............................................................................................................. 2-83

................................................................................................................... 2-86

....................................................................................................................................................................................................................................
1830 PSS
xxxv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

2-23

Set RADIUS server authentication parameters

........................................................................................... 2-88

2-24

Delete a RADIUS server

2-25

Create a user .............................................................................................................................................................. 2-93


2-93

2-26

View or modify user details

2-27

Delete a user .............................................................................................................................................................. 2-99


2-99

2-28

Change password

2-29

View / terminate sessions ................................................................................................................................... 2-101

2-30

View SNMP v3 users

.......................................................................................................................................... 2-104

2-31

Create SNMP v3 user

.......................................................................................................................................... 2-105

2-32

Modify SNMP v3 user

2-33

View / modify system security attributes

2-34

Setting / viewing syslog properties

2-35

Setting / viewing CLI user activity logging properties

2-36

Setting / viewing SNMP user activity logging properties ...................................................................... 2-113

2-37

View security log

2-38

View all logs

2-39

Save a retrieved log to a file

2-40

Set/view user preferences

2-41

Create RADIUS server

2-42

View/modify RADIUS server

2-43

Delete RADIUS server

2-44

Provision RADIUS properties

2-45

Create trap destinations

...................................................................................................................................... 2-129
2-129

2-46

Delete trap destinations

...................................................................................................................................... 2-131
2-131

2-47

View trap destinations ......................................................................................................................................... 2-132


2-132

2-48

View/modify community strings ..................................................................................................................... 2-135

..................................................................................................................................... 2-90

................................................................................................................................ 2-97

.................................................................................................................................................. 2-100
2-100

........................................................................................................................................ 2-106
..................................................................................................... 2-108

................................................................................................................ 2-109
........................................................................... 2-111

.................................................................................................................................................. 2-115
2-115

........................................................................................................................................................... 2-117
2-117
............................................................................................................................. 2-119

.................................................................................................................................. 2-120

....................................................................................................................................... 2-122
.......................................................................................................................... 2-124

....................................................................................................................................... 2-126
......................................................................................................................... 2-127

....................................................................................................................................................................................................................................
1830 PSS
xxxvi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

Data communication setup procedures


3-1

Change the Site Identifier (SID)

........................................................................................................................ 3-27

3-2

Retrieve IP and MAC addresses

........................................................................................................................ 3-29

3-3

Set the FLC IP Addresses of the NE

3-4

Set the loopback IP address of the NE

3-5

Set the control plane IP addresses of the NE

3-6

Modify the TCP/IP stack parameters

3-7

Create an access control rule

3-8

Modify an existing access control rule

.......................................................................................................... 3-42

3-9

Delete an internet protocol access rule

.......................................................................................................... 3-43

3-10

Retrieve internet protocol access list

3-11

Modify the ASAP of the Customer LAN interface ..................................................................................... 3-57

3-12

Configure LAN interfaces to form a multi-shelf compound

3-13

Create a network interface on the embedded communication channels (ECCs)

3-14

Modify the ASAP of a network interface

3-15

Add a GCC leg to an ECC protection group ................................................................................................. 3-67

3-16

Remove GCC legs from the ECC protection group

3-17

Enable or disable a network interface .............................................................................................................. 3-71

3-18

Delete a network interface and an ECC protection group ........................................................................ 3-73

3-19

Create an IP-in-IP tunnel

3-20

Set the alarm severity profile of an IP-in-IP tunnel

3-21

Delete an IP-in-IP tunnel

3-22

Enter (add) a new static IP route in the IP routing table

3-23

Delete a static IP route from the IP routing table

3-24

Create the NTP Server address ........................................................................................................................... 3-87

3-25

Manage the NTP server address

3-26

Retrieve the NTP sync state

................................................................................................................ 3-31
............................................................................................................ 3-34
................................................................................................ 3-36

............................................................................................................... 3-38

............................................................................................................................. 3-41

.............................................................................................................. 3-44

................................................................... 3-59
............................. 3-63

....................................................................................................... 3-66

................................................................................... 3-69

...................................................................................................................................... 3-75
.................................................................................... 3-78

...................................................................................................................................... 3-80
........................................................................... 3-81

........................................................................................ 3-85

........................................................................................................................ 3-89

................................................................................................................................ 3-91

....................................................................................................................................................................................................................................
1830 PSS
xxxvii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

3-27

Configure the global OSPF parameters

3-28

Create an OSPF area

3-29

Modify an OSPF area

3-30

Delete an OSPF area ............................................................................................................................................ 3-100


3-100

3-31

Configure the IP address range for the OSPF area

3-32

Delete the IP address range of an OSPF area

3-33

Configure OSPF interface parameters

.......................................................................................................... 3-106

3-34

Modify OSPF Authentication settings

.......................................................................................................... 3-109

3-35

View network (NE name, NE IP, software release) map information

3-36

View / modify IP route metric settings

3-37

Create IP static route ............................................................................................................................................ 3-117


3-117

3-38

View all IP routes .................................................................................................................................................. 3-119


3-119

3-39

Delete IP static route ............................................................................................................................................ 3-121


3-121

3-40

Create OSPF area .................................................................................................................................................. 3-122


3-122

3-41

View OSPF areas

3-42

View/modify OSPF details ................................................................................................................................ 3-132

3-43

Delete OSPF area .................................................................................................................................................. 3-137


3-137

3-44

Configure orderwire function ........................................................................................................................... 3-138

3-45

Create / view NTP server

3-46

View NTP properties

3-47

Create/view NTP keys

3-48

Set date and time manually

.............................................................................................................................................. 3-96
3-96
............................................................................................................................................ 3-98

................................................................................... 3-102

............................................................................................. 3-104

............................................... 3-113

......................................................................................................... 3-115

.................................................................................................................................................. 3-127
3-127

................................................................................................................................... 3-140

........................................................................................................................................... 3-143
........................................................................................................................................ 3-146
............................................................................................................................... 3-148

Converged node set up procedures


4-1

.......................................................................................................... 3-93

Connect OCS application to WDM application

............................................................................................. 4-2

Equipment provisioning procedures


5-1

Define general properties of the system

......................................................................................................... 5-44

....................................................................................................................................................................................................................................
1830 PSS
xxxviii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

5-2

Create an extension shelf ...................................................................................................................................... 5-46

5-3

Remove an extension shelf

5-4

Provision or pre-provision I/O cards

5-5

Provision or pre-provision optical modules

5-6

Set a board/module out of service ..................................................................................................................... 5-61

5-7

Deprovision equipment

5-8

Perform a matrix card upgrade ........................................................................................................................... 5-66

5-9

Configure an optical interface port

5-10

Configure Optical Channel parameters

5-11

Perform remote laser shutdown on OTH network ports

5-12

Create an ODUn path termination

5-13

Configure an ODU path termination ................................................................................................................ 5-84

5-14

Changing the payload type of an ODU path termination

........................................................................ 5-89

5-15

Changing the sub-structure of an ODU path termination

....................................................................... 5-92

5-16

Deprovision an ODUk path termination function

5-17

Provision an optical SDH/SONET port

5-18

Provision an GBE/GBE10

5-19

Provision a Tandem Connection Monitoring (TCM) entity

5-20

Remove a facility

.................................................................................................................................................. 5-107
5-107

5-21

Restore a facility

................................................................................................................................................... 5-109
5-109

5-22

Allow equipment protection switching

......................................................................................................... 5-111

5-23

Inhibit equipment protection switching

........................................................................................................ 5-113

5-24

Initiate an equipment protection switch manually

5-25

Initiate a circuit pack reset ................................................................................................................................. 5-117


5-117

5-26

View or modify NE parameters

5-27

Reboot NE

5-28

Configure the firmware

.................................................................................................................................. 5-50
.............................................................................................................. 5-53
................................................................................................. 5-57

......................................................................................................................................... 5-64

................................................................................................................... 5-70
........................................................................................................... 5-72
........................................................................... 5-74

.................................................................................................................... 5-76

....................................................................................... 5-95

.......................................................................................................... 5-97

................................................................................................................................... 5-99
................................................................. 5-101

.................................................................................... 5-115

....................................................................................................................... 5-125

............................................................................................................................................................... 5-129
5-129
...................................................................................................................................... 5-131

....................................................................................................................................................................................................................................
1830 PSS
xxxix
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

5-29

View the firmware

................................................................................................................................................ 5-135
5-135

5-30

Create (pre-provision) a shelf ........................................................................................................................... 5-142

5-31

View/modify shelf properties

5-32

Delete a shelf

5-33

Test LEDs

5-34

Create a card

5-35

View / modify card properties .......................................................................................................................... 5-177

5-36

View card inventory ............................................................................................................................................. 5-178

5-37

View pluggable module inventory

5-38

Controller Protection Switch (EC/MTC1T9)

5-39

Upgrade EC (in-service upgrade from simplex to duplex)

5-40

Reboot card

5-41

Delete a card

5-42

Port provisioning procedures

5-43

Retrieve general properties of the system .................................................................................................... 5-447

5-44

Retrieve current conditions for a system component

.............................................................................. 5-448

5-45

Retrieve remote inventory for a system component

................................................................................ 5-451

5-46

Retrieve network element TL1 parameters

5-47

Retrieve information related to equipment protection groups .............................................................. 5-457

5-48

Retrieve and edit optical channel parameters

5-49

Diagnose equipment

5-50

Perform LED test .................................................................................................................................................. 5-462


5-462

5-51

Check shelf cabling

5-52

Retrieval analog optical parameters from optical modules

........................................................................................................................... 5-146

.......................................................................................................................................................... 5-151
5-151

................................................................................................................................................................ 5-152
5-152
........................................................................................................................................................... 5-175
5-175

................................................................................................................. 5-180
............................................................................................. 5-182
................................................................... 5-185

............................................................................................................................................................. 5-186
5-186
........................................................................................................................................................... 5-188
5-188
........................................................................................................................... 5-402

................................................................................................. 5-456

............................................................................................. 5-459

............................................................................................................................................ 5-460

............................................................................................................................................ 5-463
................................................................... 5-465

11QPE24 L2 Features
6-1

Configure Ethernet-Ring (one node) ................................................................................................................ 6-58

....................................................................................................................................................................................................................................
1830 PSS
xl
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

Alarm management procedures


7-1

View NE alarms

7-2

Create an Alarm Severity Assignment Profile (ASAP)

7-3

Display Alarm Assignment Profiles

7-4

Display Alarm Assignment Profiles assigned to specific entities .......................................................... 7-11

7-5

Manage ASAP profile ............................................................................................................................................ 7-12

7-6

Manage ASAP profile assigned to a specific entity .................................................................................... 7-14

7-7

Edit notification code ............................................................................................................................................. 7-16


7-16

7-8

Delete ASAP profile ............................................................................................................................................... 7-18


7-18

7-9

Display active alarm list

7-10

View condition list

7-11

Display active alarms or alarm level on a shelf or slot/card .................................................................... 7-26

7-12

View alarms history log

7-13

View events history log ......................................................................................................................................... 7-29

7-14

Modify alarm configuration

7-15

Provision environmental (housekeeping) alarms

......................................................................................................................................................... 7-3
7-3
............................................................................... 7-7

................................................................................................................. 7-10

....................................................................................................................................... 7-23
7-23

................................................................................................................................................. 7-25
7-25

........................................................................................................................................ 7-27

................................................................................................................................ 7-31
........................................................................................ 7-35

TDM timing provisioning procedures


8-1

Configure the timing references

8-2

Configure external timing input ports

............................................................................................................... 8-8

8-3

Configure external timing references

............................................................................................................. 8-15

8-4

Perform a timing reference switch

8-5

Switch external timing reference

8-6

Clear a timing reference switch

8-7

Take an external timing reference out of service for maintenance purposes

8-8

Take an external timing input port out (BITS) out-of-service

8-9

Restore timing reference

8-10

Retrieve the current timing configuration

.......................................................................................................................... 8-3

................................................................................................................... 8-22
..................................................................................................................... 8-24

........................................................................................................................ 8-27
................................... 8-30

............................................................... 8-32

..................................................................................................................................... 8-34
..................................................................................................... 8-36

....................................................................................................................................................................................................................................
1830 PSS
xli
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

10

8-11

Retrieve provisioning and state information of external timing references

..................................... 8-38

8-12

Retrieve provisioning and state information of external timing input ports

.................................... 8-39

TDM network configuration procedures


9-1

Add a protection leg to a cross-connection .................................................................................................... 9-10

9-2

Remove a protection leg from a cross-connection ...................................................................................... 9-16

9-3

Create an SNCP protection group

9-4

Modify an SNCP protection group

9-5

Delete an SNC protection group ........................................................................................................................ 9-30

9-6

Initiate an SNC protection switch

..................................................................................................................... 9-32

9-7

Release an SNC protection switch

.................................................................................................................... 9-34

9-8

Retrieve configuration parameters and status information of an SNC protection group

..................................................................................................................... 9-20
................................................................................................................... 9-27

.............. 9-36

WDM network configuration procedures


10-1

Create protection group

10-2

View all protection groups

10-3

View/modify protection group ......................................................................................................................... 10-26

10-4

Delete protection group

10-5

Request protection switch .................................................................................................................................. 10-28

10-6

Configure OMSP protection

10-7

Configure E-SNCP protection

10-8

Configure OPS client side protection

10-9

Configure OLP protection

...................................................................................................................................... 10-16
................................................................................................................................ 10-22

...................................................................................................................................... 10-27

............................................................................................................................. 10-29
......................................................................................................................... 10-34
............................................................................................................ 10-36

................................................................................................................................. 10-40

10-10 Provision wave keys on an encoder port to support dangling OT procedure


10-11 Set expected network output power
10-12 View wave keys (decoder ports)
10-13 Clear wave keys
10-14 Set power

................................. 10-55

............................................................................................................... 10-58

..................................................................................................................... 10-59

.................................................................................................................................................... 10-62
10-62

................................................................................................................................................................. 10-63
10-63

....................................................................................................................................................................................................................................
1830 PSS
xlii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

10-15 View channel power summary ......................................................................................................................... 10-65


10-16 View unexpected wave keys ............................................................................................................................. 10-67
10-17 View wave key data at NE level

..................................................................................................................... 10-69

10-18 View unexpected/missing wave keys at NE level

.................................................................................... 10-72

10-19 Provision optical line's monitoring (WT mode or WTOCM mode)

.................................................. 10-75

10-20 Add a service to a FOADM system or mixed FOADM-TOADM system


10-21 Add an Anydirection Add/Drop block to ROADM

...................................... 10-78

................................................................................. 10-83

10-22 Power management .............................................................................................................................................. 10-89


10-89
10-23 Power adjustment

................................................................................................................................................. 10-92
10-92

10-24 View/modify power commissioning values

................................................................................................ 10-96

10-25 LD power adjustment ........................................................................................................................................ 10-114


10-26 GMRE settings

.................................................................................................................................................... 10-116
10-116

10-27 GMRE Feasibility File Transfer .................................................................................................................... 10-117


10-28 GMRE OMS line parameters ......................................................................................................................... 10-118
10-29 GMRE optical impairment parameters ....................................................................................................... 10-119
10-30 Cross-phase modulation allowed wavelength set ................................................................................... 10-120
11

12

TDM traffic provisioning procedures


11-1

Create a cross-connection

11-2

Modify a cross-connection

11-3

Delete a cross-connection

11-4

Retrieve a list of cross-connections ................................................................................................................ 11-21

.................................................................................................................................. 11-10
................................................................................................................................ 11-15

.................................................................................................................................. 11-18

WDM traffic provisioning procedures


12-1

Display NE physical topology ............................................................................................................................ 12-8

12-2

Display NE logical topology

12-3

Provision OCH cross-connects

12-4

Create OCH cross-connect group

............................................................................................................................ 12-10
........................................................................................................................ 12-11
................................................................................................................... 12-17

....................................................................................................................................................................................................................................
1830 PSS
xliii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

12-5

Provision ODUk cross-connects

..................................................................................................................... 12-19

12-6

Provision EVPL connections ............................................................................................................................ 12-22

12-7

Display the cross connect topology

12-8

Display the NE power trace

12-9

Display network power trace ............................................................................................................................ 12-32

............................................................................................................... 12-28

.............................................................................................................................. 12-30

12-10 Connect Alcatel-Lucent 1830 PSS-1 to 1830 PSS-32/PSS-16/PSS-32S


13

14

TDM traffic maintenance procedures


13-1

Configure port loopback ....................................................................................................................................... 13-2

13-2

Release Loopback

13-3

View loopback .......................................................................................................................................................... 13-9


13-9

16

................................................................................................................................................... 13-7
13-7

WDM traffic maintenance procedures


14-1

15

......................................... 12-34

Display, set, release loopbacks

........................................................................................................................... 14-4

TDM Ethernet/Data traffic maintenance procedures


15-1

Configure port loopback ....................................................................................................................................... 15-2

15-2

Release loopback ..................................................................................................................................................... 15-5


15-5

15-3

View loopback .......................................................................................................................................................... 15-7


15-7

Performance monitoring procedures


16-1

Enable or disable PM data collection

16-2

Retrieve PM activation status ........................................................................................................................... 16-43

16-3

Retrieve PM data

16-4

Initialize PM registers

16-5

Upload the NE PM data to a remote file server

16-6

Create a new TCA profile

16-7

Rename a TCA profile

16-8

Modify the threshold settings of a TCA profile ......................................................................................... 16-63

16-9

Retrieve the threshold settings of a TCA profile

............................................................................................................ 16-39

.................................................................................................................................................. 16-47
16-47
......................................................................................................................................... 16-52
16-52
....................................................................................... 16-55

................................................................................................................................. 16-58

....................................................................................................................................... 16-61

....................................................................................... 16-65

....................................................................................................................................................................................................................................
1830 PSS
xliv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

16-10 Delete a TCA profile

........................................................................................................................................... 16-66
16-66

16-11 Retrieve a list of facilities that use a particular TCA profile


16-12 Display PM data for EC/MTC1T9 card

................................................................ 16-67

....................................................................................................... 16-69

16-13 Set bins for EC/MTC1T9 card ......................................................................................................................... 16-72


16-14 Display all TCA profile assignments ............................................................................................................. 16-74
16-15 Modify TCA profile

............................................................................................................................................. 16-76

16-16 Display PM data for port


16-17 Set bins for port

................................................................................................................................... 16-77

..................................................................................................................................................... 16-80
16-80

16-18 Set baseline values for port


17

18

............................................................................................................................... 16-82

Database backup and restore procedures


17-1

Backup the active database to the standby database

17-2

Transfer the NE standby database to a remote file server ...................................................................... 17-18

17-3

Retrieve information related to transferred files on a remote file server

17-4

Download a database from a remote file server to the standby database ......................................... 17-27

17-5

Restore database .................................................................................................................................................... 17-30


17-30

17-6

Backup database .................................................................................................................................................... 17-33


17-33

17-7

Restore database .................................................................................................................................................... 17-36


17-36

................................................................................ 17-17

......................................... 17-22

Software installation and upgrade procedures


18-1

Upgrade to a new release of the NE software ............................................................................................... 18-3

18-2

Download a software generic from a remote file server to the standby software load .................. 18-9

18-3

Software download for disaster recovery

18-4

Switch from the current release to the new release

18-5

Switch back from the current release and database to previous release

18-6

Make the current release software the permanent active software

18-7

Software upgrade procedure

18-8

Modify/view software NE attributes procedure

................................................................................................... 18-14
.................................................................................. 18-18
........................................... 18-20

..................................................... 18-22

............................................................................................................................. 18-25
........................................................................................ 18-31

....................................................................................................................................................................................................................................
1830 PSS
xlv
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

List of procedures
....................................................................................................................................................................................................................................

19

20

Routine procedures
19-1

Replace the dust filter

19-2

Replace a Fan Unit (FAN3T8)

19-3

Common card mounting rules .......................................................................................................................... 19-10

............................................................................................................................................ 19-3
19-3
........................................................................................................................... 19-6

Supporting procedures
20-1

Initialize the NE using EZ setup tool

20-2

Call up the Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)

20-3

Logout from Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)

20-4

Log into the WebUI

20-5

Exit the WebUI

20-6

Initial NE configuration

20-7

Submit ping request

20-8

Submit traceroute request

............................................................................................................ 20-27
............................. 20-37
.......................... 20-41

............................................................................................................................................. 20-46

...................................................................................................................................................... 20-48
20-48
..................................................................................................................................... 20-49

............................................................................................................................................. 20-51
.................................................................................................................................. 20-52

....................................................................................................................................................................................................................................
1830 PSS
xlvi
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


About this document

Purpose

This User Provisioning Guide (UPG) provides operations, administration, and


maintenance information about the Alcatel-Lucent 1830 Photonic Service Switch (PSS).
This document describes the procedures for provisioning and operating a Alcatel-Lucent
1830 PSS system by using the Alcatel-Lucent 1830 PSS ZIC and the WebUI.
Depending on the configuration of the Alcatel-Lucent 1830 PSS system either the
Alcatel-Lucent 1830 PSS ZIC or the WebUI is to be used.

If the system is a WDM only application the WebUI is to be used (see The
Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
If the system is a OCS only application the Alcatel-Lucent 1830 PSS ZIC is to be
used (see The Alcatel-Lucent 1830 PSS Zero Installation Craft Terminal (ZIC)
(p. 20-3)).
If the system is a mixed application the Alcatel-Lucent 1830 PSS ZIC is to be used.
For configuring WDM specific parts the WebUI is to be started from the
Alcatel-Lucent 1830 PSS ZIC (see The Alcatel-Lucent 1830 PSS Zero Installation
Craft Terminal (ZIC) (p. 20-3)).

Safety information

For your safety, this document contains safety statements. Safety statements are given at
points where risks of damage to personnel, equipment, and operation may exist. Failure to
follow the directions in a safety statement may result in serious consequences.
Supported systems

The Alcatel-Lucent 1830 Photonic Service Switch (PSS) supports WDM functionality
and OCS functionality within one node. The node consists of one WDM main shelf with
optional extension shelves and/or one OCS main shelf with optional extension shelves.
The WDM functionality is supported by Alcatel-Lucent 1830 PSS-16, Alcatel-Lucent
1830 PSS-32, and Alcatel-Lucent 1830 PSS-32S shelves. The OCS functionality is
supported by Alcatel-Lucent 1830 PSS-36 and Alcatel-Lucent 1830 PSS-64 shelves.
...................................................................................................................................................................................................................................
1830 PSS
xlvii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


....................................................................................................................................................................................................................................

Conventions used

These conventions are used in this document:


Numbering

The chapters of this document are numbered consecutively. The page numbering restarts
at 1 in each chapter. To facilitate identifying pages in different chapters, the page
numbers are prefixed with the chapter number. For example, page 2-3 is the third page in
chapter 2.
Cross-references

Cross-reference conventions are identical with the conventions used for page numbering
The first number in a reference to a particular page refers to the corresponding chapter.
Keyword blocks

This document contains so-called keyword blocks to facilitate the location of specific text
passages. The keyword blocks are placed to the left of the main text and indicate the
contents of a paragraph or group of paragraphs.
Typographical conventions

Special typographical conventions apply to elements of the graphical user interface


(GUI), file names and system path information, keyboard entries, alarm messages, and so
on:

Text appearing on a graphical user interface (GUI), such as menu options, window
titles or push buttons:
Provision, Delete, Apply, Close, OK (push-button)

Provision Timing/Sync (window title)

Administration Security User Provisioning (path for invoking a window)

File names and system path information:


setup.exe
C:/Program Files/Alcatel-Lucent
Keyboard entries:
F1, Esc X, Alt-F, Ctrl-D, Ctrl-Alt-Del (simple keyboard entries)
A hyphen between two keys means that you have to press both keys. Otherwise,
you have to press a single key, or a number of keys in sequence.

copy abc xyz (command)

A complete command that you enter.

Alarms and error messages:


Loss of Signal

HP-UNEQ, MS-AIS, LOS, LOF

....................................................................................................................................................................................................................................
1830 PSS
xlviii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


....................................................................................................................................................................................................................................

Abbreviations

Abbreviations used in this document can be found in the Glossary unless it can be
assumed that the reader is familiar with the abbreviation.
Related information
Table 1

Information products related to Alcatel-Lucent 1830 PSS

Document title

Document code

Alcatel-Lucent 1830 PSS Safety Guide

8DG-61259-AAAA-TAZZQ

Provides users of Alcatel-Lucent 1830 PSS systems with the relevant information
and safety guidelines to safeguard against personal injury. Furthermore, the Safety
Guide is useful to prevent material damage to the equipment. The Safety Guide
must be read by the responsible technical personnel before performing relevant
work on the system. The valid version of the document must always be kept close
to the equipment.
Alcatel-Lucent 1830 PSS Product Information and Planning Guide

8DG-61259-AAAA-TQZZA

Presents a detailed overview of the system, describes its applications, gives


planning requirements, engineering rules, ordering information, and technical
specifications.
Alcatel-Lucent 1830 PSS User Provisioning Guide

8DG-61259-AAAA-TCZZA

Provides step-by-step information for use in daily system operations. The manual
demonstrates how to perform system provisioning, operations, and administrative
tasks.
Alcatel-Lucent 1830 PSS Maintenance and Trouble-Clearing Guide

8DG-61259-AAAA-TMZZA

Gives detailed information on each possible alarm message. Furthermore, it


provides procedures for routine maintenance, troubleshooting, diagnostics, and
component replacement.
Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide (Alcatel-Lucent
1830 PSS-36)

8DG-61259-AAAA-TKZZA

A step-by-step guide to system installation and set up. It also includes information
needed for pre-installation site planning and post-installation acceptance testing.
Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide (Alcatel-Lucent
1830 PSS-64)

8DG-61259-AAAA-TLZZA

A step-by-step guide to system installation and set up. It also includes information
needed for pre-installation site planning and post-installation acceptance testing.
Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide (Alcatel-Lucent
1830 PSS-16 and PSS-32)

8DG-61259-AAAA-TJZZA

A step-by-step guide to system installation and set up. It also includes information
needed for pre-installation site planning and post-installation acceptance testing.
Alcatel-Lucent 1830 PSS CLI Command Guide

8DG-61259-AAAA-THZZA

Provides information about the Command Line Interface (CLI) for Alcatel-Lucent
1830 PSS and describes the CLI attributes and commands.

....................................................................................................................................................................................................................................
1830 PSS
xlix
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


....................................................................................................................................................................................................................................

Table 1

Information products related to Alcatel-Lucent 1830 PSS

Document title

Document code

Alcatel-Lucent 1830 PSS Engineering and Planning Tool User Guide

8DG-61259-AAAA-TEZZA

(continued)

Provides step-by-step information for use in daily system operations for the EPT.
The manual demonstrates how to perform system provisioning, operations, and
commissioning tasks.
Alcatel-Lucent 1830 PSS OCS TL1 Command Guide

8DG-61259-AAAA-TFZZA

Describes the external TL1 interface for Alcatel-Lucent 1830 PSS in terms of TL1
command, responses, and notification definitions.
Alcatel-Lucent 1830 PSS Photonics TL1 Command Guide

8DG-61259-AAAA-TGZZA

Describes the external TL1 interface for Alcatel-Lucent 1830 PSS in terms of TL1
command, responses, and notification definitions.
Alcatel-Lucent 1830 PSS GMPLS/GMRE Guide

8DG-61259-AAAA-TWZZA

Contains information about the GMPLS Routing Engine (GMRE) of the


Alcatel-Lucent 1830 PSS; it provides a high-level functional overview of the
GMRE and describes the steps to plan and set up a GMRE-controlled network.
Alcatel-Lucent 1830 PSS Quick Reference Guide

8DG-61259-AAAA-TNZZA

Provides users of Alcatel-Lucent 1830 PSS a streamlined, easy-to-use navigation


aid to facilitate the use of the system.
Alcatel-Lucent 1354 RM-PhM Photonic Manager EMS Reference Guide

8DG-61259-AAAA-TXZZA

Provides information for accessing the 1354 RM-PhM and using it to configure
and manage the Alcatel-Lucent 1830 PSS network.
Alcatel-Lucent 1830 PSS DCN Planning and Engineering Guide (Photonic
applications)

8DG-61259-AAAA-TPZZA

Provides information for the planning and configuration of a Data Communication


Network (DCN) for photonic applications, that is for Alcatel-Lucent 1830 PSS-16
and Alcatel-Lucent 1830 PSS-32 systems (WDM).
Alcatel-Lucent 1830 PSS DCN Planning and Engineering Guide (Switching
applications)

8DG-61259-AAAA-TRZZA

Provides information for the planning and configuration of a Data Communication


Network (DCN) for switching applications, that is for Alcatel-Lucent 1830 PSS-36
and Alcatel-Lucent 1830 PSS-64 systems (OCS).
Alcatel-Lucent 1830 PSS Smart Compact Ethernet Demarcation Device (Smart
cEDD) User Guide

8DG-61259-AAAA-TYZZA

Provides instructions for use and descriptions of the features of the Smart Compact
Ethernet Demarcation Device (Smart cEDD).
Alcatel-Lucent 1830 PSS Commissioning and Power Balancing Tool User Guide

8DG-61259-AAAA-TBZZA

Provides instructions for use and descriptions of the features of the Commissioning
and Power Balancing (CPB) Tool.
Alcatel-Lucent 1830 PSS Electronic Documentation Library

8DG-61259-AAAA-TZZZA

Contains all documents related to Alcatel-Lucent 1830 PSS in electronic formats.


Alcatel-Lucent 1830 PSS Software Release Description

This document is delivered with the NE software.

....................................................................................................................................................................................................................................
1830 PSS
l
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


....................................................................................................................................................................................................................................

These documents can be downloaded from the Alcatel-Lucent Online Customer Support
Site (OLCS) (https://support.alcatel-lucent.com) or through your Local Customer
Support.
Technical support

For technical support, contact your local Alcatel-Lucent customer support team. See the
Alcatel-Lucent Support web site (http://www.alcatel-lucent.com/support/) for contact
information.
How to comment

To comment on this document, go to the Online Comment Form (http://infodoc.alcatellucent.com/comments/) or e-mail your comments to the Comments Hotline
(comments@alcatel-lucent.com).

....................................................................................................................................................................................................................................
1830 PSS
li
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

About this document


....................................................................................................................................................................................................................................

....................................................................................................................................................................................................................................
1830 PSS
lii
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
1

Overview
Purpose

This chapter on safety provides users of Alcatel-Lucent 1830 PSS systems with the
relevant information and safety guidelines to safeguard against personal injury.
Furthermore, this chapter may be useful to prevent material damage to the equipment.
This chapter on safety must be read by the responsible technical personnel before carrying
out relevant work on the system. The valid version of this document must always be kept
close to the equipment.
Contents
General notes on safety

1-3

Structure of safety statements

1-4

Basic safety aspects

1-7

Specific safety areas

1-11

Potential sources of danger

1-12

Laser safety

1-13

Laser product classification

1-20

Equipment grounding

1-25

Electrostatic discharge

1-26

Safety requirements in specific deployment phases

1-34

Transportation

1-35

Storage

1-38

Installation

1-42

Taking into operation

1-49

Operation and maintenance

1-53

...................................................................................................................................................................................................................................
1830 PSS
1-1
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety

Overview

....................................................................................................................................................................................................................................

Taking out of operation

1-63

Event of failure

1-66

....................................................................................................................................................................................................................................
1830 PSS
1-2
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Overview

....................................................................................................................................................................................................................................

General notes on safety


Overview
Purpose

This section provides general information on the structure of safety instructions and
summarizes general safety requirements.
Contents
Structure of safety statements

1-4

Basic safety aspects

1-7

....................................................................................................................................................................................................................................
1830 PSS
1-3
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Structure of safety statements

....................................................................................................................................................................................................................................

Structure of safety statements


Overview

This topic describes the components of safety statements that appear in this document.
General structure

Safety statements include the following structural elements:

E
L
MP

CAUTION

Lifting hazard

SA

Lifting this equipment by yourself can result in injury


due to the size and weight of the equipment.

Always use three people or a lifting device to transport


and position this equipment.
[ABC123]

F
G
H

Item

Structure element

Purpose

Safety alert symbol

Indicates the potential for personal injury


(optional)

Safety symbol

Indicates hazard type (optional)

Signal word

Indicates the severity of the hazard

Hazard type

Describes the source of the risk of damage or


injury

Safety message

Consequences if protective measures fail

Avoidance message

Protective measures to take to avoid the hazard

Identifier

The reference ID of the safety statement


(optional)

....................................................................................................................................................................................................................................
1830 PSS
1-4
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Structure of safety statements

....................................................................................................................................................................................................................................

Signal words

The signal words identify the hazard severity levels as follows:


Signal word

Meaning

DANGER

Indicates an extremely hazardous situation which, if not avoided, will


result in death or serious injury.

WARNING

Indicates a hazardous situation which, if not avoided, could result in


death or serious injury.

CAUTION

Indicates a hazardous situation which, if not avoided, could result in


minor or moderate injury.

NOTICE

Indicates a hazardous situation not related to personal injury.

....................................................................................................................................................................................................................................
1830 PSS
1-5
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Structure of safety statements

....................................................................................................................................................................................................................................

Warning symbols
Figure 1-1 Warning symbols defined for safety instructions:

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

g_sfg_0001

Legend
1

General warning of danger

13

Noxious substance

Electric shock

14

Explosion hazard

Hazard of laser radiation

15

Falling object hazard

Components sensitive to electrostatic discharge (ESD)

16

Risk of suffocation

Electromagnetic radiation

17

Pinch hazard

Flammable material / Risk of fire

18

Lifting hazard, heavy object

Service disruption hazard

19

Inhalation hazard

Laceration hazard

20

Slip hazard

Corrosive substance

21

Trip hazard

10

Hazard caused by batteries

22

Hazard of falling

11

Hot surface

23

Arc-flash hazard

12

Heavy overhead load

24

Equipment damage hazard

....................................................................................................................................................................................................................................
1830 PSS
1-6
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Basic safety aspects

....................................................................................................................................................................................................................................

Basic safety aspects


Purpose

This topic covers basic safety aspects relating to the Alcatel-Lucent 1830 Photonic
Service Switch (PSS) with which you must be familiar prior to installing or using the
product.
General safety requirements

To reduce the risk of personal injury or damage to equipment, ensure that you read,
understand, and follow the following general safety requirements prior to installing or
using the Alcatel-Lucent 1830 Photonic Service Switch (PSS).

Ensure that transport, storage, installation, and operation of the system are conducted
only under specified permissible conditions. See the accompanying documentation
and information on the system.
Ensure that installation, configuration, and disassembly of the system are conducted
only by suitably qualified personnel and with reference to the appropriate
documentation. Due to the complexity of the system, personnel require special
training.

Identify potential hazards prior to starting the installation.


Ensure that the system is operated only by trained and authorized users. The user must
operate the system only after having read and understood the chapter on safety and the
parts of the documentation relevant to operation. For complex systems, additional
training is recommended. Any obligatory training for operating and service personnel
must be completed and documented.

Follow all instructions marked on the product, including both general instructions and
the stated methods for avoiding hazards.
Do not operate the system unless all appropriate safety measures, precautions, and
instructions have been taken or followed. Any faults and errors that might affect
safety must be reported immediately by the user to appropriate personnel responsible
for safety.

Operate the system only under the environmental conditions and with the connections
described in the documentation.
Modifications to any part of the system, including software, should be conducted only
by trained and qualified personnel and only in a manner as authorized by
Alcatel-Lucent. Alcatel-Lucent disclaims liability for any damages arising from
unauthorized modifications, and unauthorized modifications may lead to a voiding of
any and all warranties.
Ensure that only components that are recommended by the manufacturer and are
listed in the procurement documents are used.
Avoid use of non-system software. The use or installation of non-system software can
adversely affect the normal functioning of the system.

....................................................................................................................................................................................................................................
1830 PSS
1-7
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Basic safety aspects

....................................................................................................................................................................................................................................

Use tested and virus-free data carriers (memory sticks, DVDs, CDs, ) only.
Ensure that any work that has any impact on safety facilities, the clearance of faults,
and the maintenance of equipment are carried out only by trained and qualified
personnel and in conjunction with the appropriate documentation. Use only approved
measuring and test equipment.
Ensure that calibrations, special tests after repairs, and regular safety checks are
conducted, documented, and archived.
Use only specified chemicals or materials.
Consult material safety data sheets (MSDSs) or the equivalent information when
working with hazardous chemicals.

Summary of important safety instructions

Observe the following safety instructions, which are of particular importance for
Alcatel-Lucent 1830 PSS systems:

The equipment is to be installed only in Restricted Access Areas in business and


customer premises for applications in accordance with Articles 110-18, 110-26 and
110-27 of the National Electrical Code, ANSI/NFPANo.70, IEC 60950-1, IEC
60825-2, EN 60950-1 and EN 60825-2. Other installations exempt from the
enforcement of the National Electrical Code may be engineered according to the
accepted practices of the local telecommunications utility.
1830 PSS-36 and 1830 PSS-64 are also compliant to UL60950-1 and CSA60950-1.

Alcatel-Lucent 1830 PSS systems contain optical circuit packs that can emit laser
radiation assessed as IEC Hazard Level 1M.
Therefore, Alcatel-Lucent 1830 PSS systems must be installed in restricted locations,
according to IEC 60825-2 and EN 60825-2, where there is no ready access to the
general public, but only to authorized persons who have received adequate training in
laser safety.

This product should be operated only from the type of power source indicated on the
marking label.
This equipment must be provided with a readily accessible disconnect device as part
of the building installation.
This equipment is intended to be provided with an appropriate branch circuit
protection on both the A and B 48/60 V DC input feeds as follows:
40 A (max.) for the 1830 PSS-16 system

80 A (max.) for the 1830 PSS-32 system


3 50 A (max.) for the 1830 PSS-32S system

3 50 A (max.) for the 1830 PSS-36 system


3 100 A (max.) for the 1830 PSS-64 system

....................................................................................................................................................................................................................................
1830 PSS
1-8
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Basic safety aspects

....................................................................................................................................................................................................................................

Disconnect up to six (6) power supply connections when removing power from the
system.
Installation must include an independent frame ground drop to the building ground.
Refer to the Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guides which
are available for PSS-16/32/32S, PSS-36, and PSS-64.
During installation and handling (for example transport), heavy equipment like racks
or pre-installed subracks must be secured to avoid tipping over.
For information on proper mounting instructions, consult the Alcatel-Lucent 1830 PSS
Installation and System Turn-Up Guides which are available for PSS-16/32/32S,
PSS-36, and PSS-64.
Install only equipment identified in the Alcatel-Lucent 1830 PSS Installation and
System Turn-Up Guides for PSS-16/32/32S, PSS-36, and PSS-64 provided with this
product. Use of other equipment may result in improper connection of circuitry
leading to fire or injury to persons.
To reduce the risk of electrical shock, do not disassemble this product. Installation and
service should be performed by trained personnel only. Opening or removing covers
or circuit boards may expose you to dangerous voltages or other risks. Incorrect
re-assembly can cause electrical shock when the unit is subsequently used.
If a system with dual power feed is operated with only one Power Supply, Filter, and
Clock Interface Card (PSF3T8) and Fan Unit (FAN3T8), electrical connectors on the
backplane carrying a voltage of 48 V DC can be touched. This can cause electric
shocks. Always use both Power Supply, Filter, and Clock Interface Cards (PSF3T8)
and Fan Units (FAN3T8) to ensure safe operation.

Slots and openings in this product are provided for ventilation. To protect the product
from overheating, these openings must not be blocked or covered. This product
should not be placed in a built-in installation unless proper ventilation is provided.
Never push objects of any kind into this product through slots as they may touch
dangerous voltage points or short-out parts, which could result in a risk of fire or
electrical shock.
Never spill liquids of any kind on the product.

Never install telecommunication wiring during a lightning storm.


Never install telecommunication connections in wet locations.

....................................................................................................................................................................................................................................
1830 PSS
1-9
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
General notes on safety

Basic safety aspects

....................................................................................................................................................................................................................................

Personal protective equipment


Protection against hazardous laser radiation
In DWDM systems which use Raman amplifiers hazard
levels in excess of 1M are very likely to occur, and the
use of appropriate protective glasses is strongly
recommended.

Protection against acoustic noise


Alcatel-Lucent 1830 PSS systems are designed for the
operation in unattended offices. However, in lab
environments, where multiple systems are operated in
parallel, based on national regulations hearing protection
may be necessary.
To protect yourself against acoustic noise, wear hearing
protection.

....................................................................................................................................................................................................................................
1830 PSS
1-10
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Overview

....................................................................................................................................................................................................................................

Specific safety areas


Overview
Purpose

The aspects of laser safety and handling of components sensitive to electrostatic


discharge (ESD) are of vital importance for the Alcatel-Lucent 1830 PSS equipment.
Therefore, the key safety instructions for these subjects are summarized in the following.
Contents
Potential sources of danger

1-12

Laser safety

1-13

Laser product classification

1-20

Equipment grounding

1-25

Electrostatic discharge

1-26

....................................................................................................................................................................................................................................
1830 PSS
1-11
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Potential sources of danger

....................................................................................................................................................................................................................................

Potential sources of danger


The Alcatel-Lucent 1830 PSS equipment fulfils all national and international safety
requirements in the countries where the product is sold. The system is provided with a
high degree of operational safety resulting from many years of development experience
and continuous stringent quality checks in our company.
The equipment is safe in normal operation. There are, however, some potential sources of
danger that cannot be completely eliminated. In particular, these arise during the:

opening of housings or equipment covers


manipulation of any kind within the equipment, even if it has been disconnected from
the power supply

transportation of subracks and racks


disconnection of optical or electrical connections.

through the following:

contact with live parts


laser light
contact with hot surfaces
contact with sharp edges

acoustic noise.

....................................................................................................................................................................................................................................
1830 PSS
1-12
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

Laser safety
System design

The Alcatel-Lucent 1830 PSS system complies with the regulations FDA/CDRH 21 CFR
1040.10 and 1040.11 issued by the Center for Devices and Radiological Health (CDRH)
of the Food and Drug Administration (FDA) as a Class I laser product and with the
IEC/UL/CSA/EN 60825-1 standards as a Class 1 Optical Fiber Telecommunication laser
product.
The system has been designed to help ensure that the operating personnel are not
endangered by laser radiation during normal system operation. The safety measures
specified in the FDA/CDRH regulations and the international standards IEC 60825-Part 1
and 2, respectively, are met.

....................................................................................................................................................................................................................................
1830 PSS
1-13
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

Labels
1830 PSS-16/PSS-32

The following figure shows the multilabel affixed on the rear of the Alcatel-Lucent
1830 PSS-16 and Alcatel-Lucent 1830 PSS-32 subrack. It includes the laser warning
label.
Figure 1-2 Multilabel (1830 PSS-16/PSS-32)

Note: Here, the Alcatel-Lucent 1830 PSS-16 shelf label is shown. Safety information
on shelf labels for 1830 PSS-16 and PSS-32 is identical, only the list of supported
power supplies is different.

....................................................................................................................................................................................................................................
1830 PSS
1-14
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

1830 PSS-32S

The following figure shows the multilabel affixed on the rear of the Alcatel-Lucent
1830 PSS-32S subrack. It includes the laser warning label.
Figure 1-3 Multilabel (1830 PSS-32S)

....................................................................................................................................................................................................................................
1830 PSS
1-15
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

1830 PSS-36

The following figure shows the multilabel affixed on the rear of the Alcatel-Lucent
1830 PSS-36 subrack. It includes the laser warning label.
Figure 1-4 Multilabel (1830 PSS-36)

....................................................................................................................................................................................................................................
1830 PSS
1-16
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

1830 PSS-64

The following figure shows the multilabel affixed on the rear of the Alcatel-Lucent
1830 PSS-64 subrack. It includes the laser warning label.
Figure 1-5 Multilabel (PSS-64)

....................................................................................................................................................................................................................................
1830 PSS
1-17
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

Potential sources of danger

Beware of the following potential sources of danger which will remain despite all safety
measures taken:

Laser radiation can cause damage to the skin and eyes.


Laser radiation from optical transmission systems is in a wavelength range that is
invisible to the human eye.

Laser classes

The maximum output power of laser radiation depends on the type of laser diode used.
The international standards IEC/UL/CSA/EN 60825-1, respectively, as well as the
FDA/CDRH regulations define the maximum output power of laser radiation for each
laser class in accordance with the wavelength.
The classification scheme is based on the ability of the laser emission or the reflected
laser emission to cause injury to the eye or skin during normal operating conditions.
Laser safety instructions

During service, maintenance, or restoration, an optical fiber telecommunication system is


considered unenclosed.
When working at an unenclosed system, observe the following instructions to avoid
exposing yourself and others to risk:

Only authorized, trained personnel must be permitted to do service, maintenance, and


restoration. All unauthorized personnel must be excluded from the immediate area of
the optical fiber telecommunication systems during installation and service.

Read the relevant descriptions in the manuals before taking equipment into operation
or carrying out any installation and maintenance work on the optical port units, and
follow the instructions. Ignoring the instructions may result in hazardous laser
radiation exposure.
Do not view directly into the laser beam with optical instruments such as a fiber
microscope, because viewing of laser emission in excess of Class 1 limits
significantly increases the risk of eye damage.
Never look into the end of an exposed fiber or an open connector as long as the
optical source is still switched on.
Ensure that the optical source is switched off before disconnecting optical fiber
connectors.

If you are not sure that the optical source is switched off, check to ensure that the
optical switch is switched off by measuring the output power with an optical power
meter.

....................................................................................................................................................................................................................................
1830 PSS
1-18
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser safety

....................................................................................................................................................................................................................................

Laser radiation

WARNING
Laser hazard
Devices that are designated as having hazard level 1M laser radiation can cause damage
to eyes.
Do not view directly with non-attenuating optical instruments.

WARNING
Laser hazard
Use of controls, adjustments, and procedures other than those specified herein may result
in hazardous laser radiation exposure.

WARNING
Laser hazard
Alcatel-Lucent 1830 PSS-36 MDIO connections are not protected and may defeat the
Automatic (Optical) Power Reduction (APR) when a fault occurs in the power filter or
associated circuitry, and when repairs are being made to the power filter module on
which the MDIO connector is located.

....................................................................................................................................................................................................................................
1830 PSS
1-19
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser product classification

....................................................................................................................................................................................................................................

Laser product classification


Standards compliance

The Alcatel-Lucent 1830 PSS product complies with the applicable IEC standards and the
Food and Drug Administrations Center for Devices and Radiological Health
(FDA/CDRH) regulations. The Alcatel-Lucent 1830 PSS product conforms to Class 1
Laser Product according to IEC standards and FDA/CDRH regulations.
FDA/CDRH regulations

Laser products are classified in accordance with the FDA/CDRH - 21 CFR 1010 and
1040. The classification scheme is based on the ability of the laser emission to cause
injury to the eye or skin during normal operating conditions.
In the United States, lasers and laser systems in the infrared wavelength range (greater
than 700 nm) are assigned to one of the following classes. Please refer to FDA/CDRH
laser classification (p. 1-20):

Class I
Class IIIb

Class IV

Laser classification is dependent upon operating wavelength, output power and fiber
mode field diameter (core diameter).
IEC requirements

The International Electro-Technical Commission (IEC) establishes standards for the


electrical and electronic industries. The IEC 60825-Part 1 and 2 have been established for
the worldwide safety of laser products.
According to the IEC classification, lasers and laser systems in the infrared wavelength
range (greater than 700 nm) are assigned to one of the following classes. Refer to OFCS
hazard levels (p. 1-21):

Class 1

Class 1M
Class 3R
Class 3B

Class 4

FDA/CDRH laser classification

Laser classification is dependent upon the following: operating wavelength, output power,
fiber core/mode field diameter, and time base. Other parameters may be required for
non-fibered laser products, such as beam divergence/diameter.
....................................................................................................................................................................................................................................
1830 PSS
1-20
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser product classification

....................................................................................................................................................................................................................................

The following table cites the FDA/CDRH classification of typical Alcatel-Lucent laser
products at the designated wavelengths that terminate into a single-mode 8.8 m mode
field diameter fiber. Different mode field diameters and multimode fibers will yield
different optical power levels.
Table 1-1

FDA/CDRH laser classifications

Laser class

Wavelength

Max. output power of laser radiation

1310 nm

1.53 mW

+1.85 dBm

1550 nm

8.52 mW

+9.3 dBm

1310 nm

500 mW

+27 dBm

1550 nm

500 mW

+27 dBm

1310 nm

> 500 mW

> +27 dBm

1550 nm

> 500 mW

> +27 dBm

IIIb

IV

Explanatory note: In the United States, lasers and laser systems are assigned to one of the
following classes: Roman numerals I, IIa, II, IIIa, IIIb, and IV. Classes I, IIIb and IV
apply to lasers of all wavelengths. Classes IIa, II and IIIa apply only to those lasers
operating within the visible wavelength range (400-700 nm). Alcatel-Lucent laser
products typically operate in the infrared wavelength range (greater than 700 nm) and,
therefore, are primarily in the Class I or Class IIIb classifications.
OFCS hazard levels

The maximum mean power for each hazard level for the most important wavelengths and
optical fiber types used in optical fiber communications (OFCS) (see Hazard level
assignment (p. 1-22)) is presented in the following table from IEC 60825-2 standard. For
an OFCS, the hazard level from IEC 60825-2 is closely related to the laser classification
procedure in IEC 60825-1.
Table 1-2

OFCS hazard levels

Wavelength and
fiber type

633 nm (MM)

Hazard level
1

1M

2M

0,39 mW

3,9 mW

1 mW

10 mW

(-4,1 dBm)

(+5,9 dBm)

(0 dBm)

(+ 10 dBm)

3R
See Terms and
Definitions 3.9 in

3B

500 mW
(+27 dBm)

the Standard

780 nm (MM)

850 nm (MM)

0,57 mW

5,6 mW

(-2,5 dBm)

(+7,5 dBm)

0,78 mW

7,8 mW

(-1,1 dBm)

(+8,9 dBm)

500 mW
(+27 dBm)

500 mW
(+27 dBm)

....................................................................................................................................................................................................................................
1830 PSS
1-21
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser product classification

....................................................................................................................................................................................................................................

Table 1-2

OFCS hazard levels

(continued)

Wavelength and

Hazard level

fiber type

980 nm (MM)

1M

1,42 mW

14,1 mW

(+1,53 dBm)

(+11,5 dBm)

1,42 mW

2,66 mW

(+1,53 dBm)

(+4,2 dBm)

15,6 mW

156 mW

(+12 dBm)

(+21,9 dBm)

15,6 mW

42,8 mW

(+12 dBm)

(+16,3 dBm)

1400 nm ... 1600


nm (MM)

10 mW

384 mW

(+10 dBm)

(+25,8 dBm)

1420 nm (SM)

10 mW

115 mW

(+10 dBm)

(+20,6 dBm)

10 mW

136 mW

(+10 dBm)

(+21,3 dBm)

980 nm (SM)

1310 nm (MM)

1310 nm (SM)

1550 nm (SM)

2M

3R

3B

500 mW
(+27 dBm)

7,26 mW

500 mW

(+8,6 dBm)

(+27 dBm)

500 mW
(+27 dBm)

80 mW

500 mW

(+19 dBm)

(+27 dBm)
500 mW
(+27 dBm)

500 mW
(+27 dBm)

500 mW
(+27 dBm)

Notes:

1.

Class 3R only exists if the maximum power is within five times the Accessible Emission Limit (AEL) of
Class 1. Please refer to the IEC 60825-1 Ed. 2.0 (2007) and IEC 60825-2 Ed. 3.1 (2007) standards for
detailed information.

2.

The fibre parameters used are the most conservative case. Listed figures for the = 1310 and 1550 nm are
calculated for a fibre 11 microns mode field diameter (MFD) and those for = 980 nm are for 7 microns
MFD.

3.

Many systems operating at 1550 nm with the use of erbium doped fibre amplifiers (EDFAs) pumped by 1480
nm or 980 nm lasers use transmission fibres with smaller MFDs. For example, 1550 nm dispersion shifted
fibre cables have upper limit values of MFD of 9,1 microns.

Hazard level assignment

Hazard level refers to the potential hazard from laser emission at any location in an
end-to-end optical fiber communication system that may be accessible during service or
in the event of a failure. The assignment of hazard level uses the AELs for the classes.

....................................................................................................................................................................................................................................
1830 PSS
1-22
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser product classification

....................................................................................................................................................................................................................................

Hazard levels for optical transmission equipment are assigned in either of the following
two ways:

The actual output power from the connector or the fiber cut.
If automatic power reduction is used, the output power at the connector or fiber cut at
one second after automatic power reduction takes place, provided that maximum
output and restart conditions are met.

Classification of optical telecommunication equipment

Optical telecommunication equipment is generally classified as IEC Class 1 or


FDA/CDRH Class I, because under normal operating conditions the transmitter ports
terminate on optical fiber connectors. These are covered by a front panel to ensure
protection against emissions from any energized, unterminated transmitter.
The circuit packs themselves, however, may be IEC Class 1 or 1M or FDA/CDRH Class I
or Class IIIb. The laser class is used to determine the assignment of the hazard level.
According to IEC 60825-1 Edition 2.0 (2007) standard, Class 1 laser products are safe
under reasonably foreseeable conditions, and according to the FDA/CDRH - 21 CFR
1040 standard, Class I levels of laser radiation are not considered to be hazardous.
Alcatel-Lucent 1830 PSS WDM circuit pack classification

Classifications for the following Alcatel-Lucent 1830 PSS WDM circuit packs are IEC
Class 1M and FDA/CDRH Class IIIB:

ALPHG
AHPHG
AHPLG
CWR8

CWR8B
CWR8-88
WR8-88A
WR8-88AF
WR2-88

AM2325A
ALPFGT
AM2125A
AM2125B

AM2318A
A2P2125 Hybrid Amplifier

....................................................................................................................................................................................................................................
1830 PSS
1-23
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Laser product classification

....................................................................................................................................................................................................................................

MESH4
RA2P

Based on the above, individual packs are affixed with a small Hazard Level 1M label
shown in the following illustration. Additional laser safety warnings are listed on product
shelf labeling, see Figure 1-5, Multilabel (PSS-64) (p. 1-17) and Figure 1-2,
Multilabel (1830 PSS-16/PSS-32) (p. 1-14).

All other Alcatel-Lucent 1830 PSS WDM circuit packs are IEC Class 1 and FDA/CDRH
Class I and, therefore, are assigned a hazard level 1.
Alcatel-Lucent 1830 PSS TDM circuit pack and module classification

Classifications for the following Alcatel-Lucent 1830 PSS TDM circuit packs and
modules are IEC Class 1M and FDA/CDRH Class IIIB:

130SCUP
11QCUPC

24ANMB
24ET1GB
8ET1GB
10SD10G
24SDM
XS-64.2b

CFP Single Rate 10x10G over ribbon cable


X11MDTSZC
SFP+ 10GE (5/85C) over MMF

SFP+ 10GE (5/85C) over 10 km MMF

All other Alcatel-Lucent 1830 PSS TDM circuit packs are IEC Class 1 and FDA/CDRH
Class I and, therefore, are assigned a hazard level 1.

....................................................................................................................................................................................................................................
1830 PSS
1-24
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Equipment grounding

....................................................................................................................................................................................................................................

Equipment grounding
Importance of proper grounding

An essential aspect for both personal safety and equipment integrity is proper grounding.
To avoid differences of potential, a common ground (GRD) is used for all system part
including peripheral equipment, such as a craft terminal for example.
For safety reasons, each touchable metallic part is connected to GRD by design.
See the Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide for more
detailed information regarding grounding.

CAUTION
Electric-shock hazard
If the system is not installed in MESH-BN grounding environment but in a star grounding
scheme, all electrical cables such as LAN or timing cables can carry dangerous electrical
current on their shielding.
Take extreme care when plugging or unplugging electrical cables in installations with
star grounding. Never touch grounded parts of the system with one hand when plugging
or unplugging electrical cables with the other hand.

NOTICE
Equipment damage hazard
The Alcatel-Lucent 1830 PSS system is designed to permit the connection of the grounded
conductor of the DC supply circuit to the grounding conductor at the equipment.
1. This equipment must be connected directly to the DC supply system grounding
electrode conductor or to a bonding jumper from a grounding terminal bar or bus to
which the DC supply system grounding electrode conductor is connected.
2. This equipment must be located in the same immediate area (such as, adjacent
cabinets) as any other equipment that has a connection between the grounded
conductor of the same DC supply circuit and the grounding conductor, and also the
point of grounding of the DC system. The DC system shall not be grounded elsewhere.
3. The DC supply source is to be located within the same premises as this equipment.
4. There must be no switching or disconnection devices in the grounded circuit
conductor between the DC source and the point of connection of the grounding
electrode conductor.

....................................................................................................................................................................................................................................
1830 PSS
1-25
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Electrostatic discharge
Introduction

Electrostatic discharge (ESD), caused by touching with the hand for example, can destroy
semiconductor components. The correct operation of the complete system is then no
longer assured.
Industry experience has shown that all semiconductor components can be damaged by
static electricity that builds up on work surfaces and personnel. The electrostatic
discharge can also affect the components indirectly via contacts or conductor tracks. The
electrostatic charges are produced by various charging effects of movement and contact
with other objects. Dry air allows greater static charges to accumulate. Higher potentials
are measured in areas with low relative humidity, but potentials high enough to cause
damage can occur anywhere.
The barred-hand symbol

Circuit packs containing components that are especially sensitive to electrostatic


discharge are identified by warning labels bearing the barred-hand symbol.

....................................................................................................................................................................................................................................
1830 PSS
1-26
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

ESD instructions

NOTICE
ESD hazard
Electrostatic discharge (ESD) can permanently destroy semiconductor components.
Observe the following ESD instructions to avoid damage to electrostatic-sensitive
components:

Assume that all solid-state components and assemblies are sensitive to ESD.
Wear working garment made of 100% cotton to avoid electrostatic charging.

Touch the circuit packs at the edges or the insertion and removal facilities only.
Touch the SFP or XFP modules at the edges only.
Ensure that the rack is grounded.
Wear a properly grounded ESD wrist strap (connected to the rack ESD bonding point,
for example).
Work in an ESD safe work area or workstation. An ESD safe work area should be
equipped with a grounded ESD wrist strap and a grounded ESD mat or ESD
dissipative work surface.

A grounded ESD mat or work surface must have a ground cord with one end attached
to the mat or surface and the other end connected to a ground point (the rack ESD
bonding point, for example). Do not work with ESD sensitive devices unless the area
is properly equipped.

Conductively connect all test equipment and trolleys to the rack ESD bonding point.

Store and ship circuit packs and components in their shipping packaging. Circuit
packs and components must be packed and unpacked only at workplaces suitably
protected against build-up of charge.
Whenever possible, maintain the relative humidity of air above 20%.

NOTICE
Service-disruption hazard
At the Alcatel-Lucent 1830 PSS-32S subrack, if there is any damage on the cable jackets
(e.g. cutting or scratching due to vibration or installation) there is the risk to short cut
48VDC with RTN or GND.
Always check the cable jackets at the strain relief brackets at the Alcatel-Lucent 1830
PSS-32S power supply filters.

....................................................................................................................................................................................................................................
1830 PSS
1-27
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Electric shock

DANGER
Electric-shock hazard
The 4-mm banana plug at the end of the ESD wrist-strap cord is intended to be only used
for connecting to the ESD jack on the rack/subrack ESD bonding point. Connecting the
banana plug to AC or DC wall sockets or any type of power supply units may lead to the
risk of electric shock.
Never connect the banana plug to AC or DC wall sockets or any type of power supply
units.
Figure 1-6 ESD bonding point at the Alcatel-Lucent 1830 PSS-64 subrack

Legend:
A

ESD bonding point

....................................................................................................................................................................................................................................
1830 PSS
1-28
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Figure 1-7 ESD bonding point at the Alcatel-Lucent 1830 PSS-36 subrack

Legend:
A

ESD bonding point

....................................................................................................................................................................................................................................
1830 PSS
1-29
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Figure 1-8 ESD bonding point at the Alcatel-Lucent 1830 PSS-32 subrack

Legend:
A

ESD bonding point

....................................................................................................................................................................................................................................
1830 PSS
1-30
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Figure 1-9 ESD bonding point at the Alcatel-Lucent 1830 PSS-32S subrack

Legend:
A

ESD bonding point

....................................................................................................................................................................................................................................
1830 PSS
1-31
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Figure 1-10 ESD bonding point at the Alcatel-Lucent 1830 PSS-16 subrack

Legend:
A

ESD bonding point

....................................................................................................................................................................................................................................
1830 PSS
1-32
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Specific safety areas

Electrostatic discharge

....................................................................................................................................................................................................................................

Figure 1-11 ESD bonding point at the ETSI One Rack

A
A
Legend:
2

ETSI One Rack bottom frame

ESD bonding point

Note: For working on ANSI installation (SNBF rack) use the ESD bonding point at
the Alcatel-Lucent 1830 PSS subrack.

....................................................................................................................................................................................................................................
1830 PSS
1-33
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Overview

....................................................................................................................................................................................................................................

Safety requirements in specific deployment phases


Overview
Purpose

To enable rapid orientation, safety instructions are given on the following pages, which
are assigned to various stages in the life cycle of the Alcatel-Lucent 1830 PSS equipment
(deployment phases).
Deployment phases

The instructions are arranged according to the following deployment phases:

Transportation (p. 1-35)

Storage (p. 1-38)

Installation (p. 1-42)

Taking into operation (p. 1-49)

Operation and maintenance (p. 1-53)

Taking out of operation (p. 1-63)

Event of failure (p. 1-66)

Contents
Transportation

1-35

Storage

1-38

Installation

1-42

Taking into operation

1-49

Operation and maintenance

1-53

Taking out of operation

1-63

Event of failure

1-66

....................................................................................................................................................................................................................................
1830 PSS
1-34
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Transportation

....................................................................................................................................................................................................................................

Transportation
Weight

WARNING
Risk of injury due to unsecured rack or subrack
A fully equipped Alcatel-Lucent 1830 PSS-64 subrack weighs up to 125 kg (276 lbs), a
fully equipped rack up to 215 kg (474 lbs). A fully equipped Alcatel-Lucent 1830 PSS-36
or Alcatel-Lucent 1830 PSS-32S subrack weighs up to 84.5 kg (186.3 lbs). A rack
equipped with two Alcatel-Lucent 1830 PSS-36 or Alcatel-Lucent 1830 PSS-32S subracks
weighs up to 259 kg (571 lbs). Although Alcatel-Lucent 1830 PSS-16 and Alcatel-Lucent
1830 PSS-32 subracks weigh less, a fully equipped subrack can still weigh more than
30 kg (66 lbs).
Such a fully equipped rack or subrack can cause considerable injuries if it is knocked
over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people and/or a lifting device to transport and position
the rack or subrack.

NOTICE
Damage to system components due to unsecured rack or subrack
A fully equipped rack or subrack can cause serious damage to the rack or subrack if it is
knocked over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people or a lifting device to transport and position the
rack or subrack.
Packaging

NOTICE
Adverse effect on operation due to incorrect packaging
Dampness and soiling can cause corrosion or tracking paths which can result in
malfunctioning of the system components. Shocks can cause damage.
Protect the system components against dampness, soiling, and shocks. Use the original
dissipative packaging if possible.

....................................................................................................................................................................................................................................
1830 PSS
1-35
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Transportation

....................................................................................................................................................................................................................................

Environmental conditions

NOTICE
Damage to system components under extreme environmental conditions
Extreme environmental conditions can damage system components and cause
malfunctioning.
Ensure that the climatic limits for transportation and storage of Alcatel-Lucent 1830 PSS
equipment are complied with during transportation; please see Environmental
conditions for transportation (p. 1-36).
Environmental conditions for transportation
ETSI market

For the transportation phase, the requirements according to the ETSI Standard
EN 300 019-1-2, class 2.3 Public transportation are met. This class applies to
transportation where no special precautions have been taken. The conditions covered
include transportation in unventilated enclosures and in non-weather-protected conditions
with restrictions on the general open-air climates, excluding cold climates.
For quick reference, Table 1-3, Temperature and humidity levels for transportation
(ETSI market) (p. 1-36) shows the most important climatic values specified in the
requirement.
Table 1-3

Temperature and humidity levels for transportation (ETSI market)

Conditions

Limits

Low air temperature

40C (40F)

High air temperature in unventilated enclosures

70C (158F)

High air temperature in ventilated enclosures or outdoor


air

40C (104F)

Relative humidity not combined with rapid temperature


changes

95% at 45C (113F)

Relative humidity combined with rapid temperature


changes air/air

95% at 40C to 30C (40 to 86F)

Absolute humidity combined with rapid temperature


changes air/air

60 g/m3 at 70C to 15C (158 to 58F)

ANSI market

For the transportation phase, the following specifics of Telcordia Requirement


GR-63-CORE are met:

R4-3 [69]: Low-temperature exposure and shock (packaged equipment)


R4-4 [71]: High relative humidity exposure (packaged)

....................................................................................................................................................................................................................................
1830 PSS
1-36
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Transportation

....................................................................................................................................................................................................................................

R4-5 [70]: High-temperature exposure and thermal shock (packaged equipment)


R4-65 [107]: Category A containers (<100 kg), packaged shock/drop criteria
R4-66 [108]: Category B containers (>100 kg), shock/drop criteria

R4-67 [109]: Unpackaged shock/drop criteria


R4-83 [124]: Transportation vibration, no physical damage

For quick reference, Table 1-4, Environmental conditions for transportation (ANSI
market) (p. 1-37) shows the most important limits specified in the requirement.
Table 1-4

Environmental conditions for transportation (ANSI market)

Conditions

Limits

Low air temperature (uncontrolled humidity)

40C (40F)

Low air temperature change (uncontrolled humidity)

23C to 40C (73F to 40F) with a change rate of


30C (54F) per hour
40C to 23C (40 F to 73F) within less than 5
minutes

High air temperature (uncontrolled humidity)

70C (158F)

High air temperature change (uncontrolled humidity)

23C to 70C (73F to 158F) with a change rate of 30C


(54F) per hour
70C to 23C (158F to 73F) within less than 5 minutes

Air temperature change (at a relative humidity of 50%)

23C to 40C (73F to 104F) with a change rate of 30C


(54F) per hour
40C to 23C (104F to 73F) with a change rate of 30C
(54F) per hour

Relative humidity not combined with rapid temperature


changes

93% at 40C (104F)

Relative humidity change

93% to 50% at 40C (104F) within less than 2 hours


50% to 93% at 40C (104F) within less than 2 hours

Robustness against mechanical shocks (fully equipped


rack or subrack)

Permissible drop height for packaged equipment: 100


mm (3.9 in)
Permissible drop height for unpackaged equipment: 2.5
mm (1 in)
Vibration levels which can typically be expected during
transportation.

....................................................................................................................................................................................................................................
1830 PSS
1-37
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Storage

....................................................................................................................................................................................................................................

Storage
Weight

WARNING
Risk of injury due to unsecured rack or subrack
A fully equipped Alcatel-Lucent 1830 PSS-64 subrack weighs up to 125 kg (276 lbs), a
fully equipped rack up to 215 kg (474 lbs). A fully equipped Alcatel-Lucent 1830 PSS-36
or Alcatel-Lucent 1830 PSS-32S subrack weighs up to 84.5 kg (186.3 lbs). A rack
equipped with two Alcatel-Lucent 1830 PSS-36 or Alcatel-Lucent 1830 PSS-32S subracks
weighs up to 259 kg (571 lbs). Although Alcatel-Lucent 1830 PSS-16 and Alcatel-Lucent
1830 PSS-32 subracks weigh less, a fully equipped subrack can still weigh more than
30 kg (66 lbs).
Such a fully equipped rack or subrack can cause considerable injuries if it is knocked
over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people and/or a lifting device to transport and position
the rack or subrack.

NOTICE
Damage to system components due to unsecured rack or subrack
A fully equipped rack or subrack can cause serious damage to the rack or subrack if it is
knocked over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people or a lifting device to transport and position the
rack or subrack.
Electrostatic discharge (ESD)

NOTICE
ESD hazard
Electronic components can be destroyed by electrostatic discharge.
Circuit packs must therefore always be kept in antistatic covers. Use the original
dissipative packaging if possible. Always observe the ESD instructions (see Electrostatic
discharge (p. 1-26)).

....................................................................................................................................................................................................................................
1830 PSS
1-38
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Storage

....................................................................................................................................................................................................................................

Packaging

NOTICE
Adverse effect on operation due to incorrect packaging
Dampness and soiling can cause corrosion or tracking paths which can result in
malfunctioning of the system components. Shocks can cause damage.
Protect the system components against dampness, soiling, and shocks. Use the original
dissipative packaging if possible.
Environmental conditions

NOTICE
Damage to system components under extreme environmental conditions
Extreme environmental conditions can damage system components and cause
malfunctioning.
Ensure that the climatic limits for transportation and storage of Alcatel-Lucent 1830 PSS
equipment are complied with during storage; please see Environmental conditions for
storage (p. 1-39).
Environmental conditions for storage
ETSI market

For the storage phase, the requirements according to the ETSI Standard EN 300 019-1-1,
class 1.2 Weather-protected, not temperature-controlled storage locations are met. This
class applies to weather-protected storage having neither temperature nor humidity
control. The location may have openings directly to the open air, that means, it may be
only partly weather-protected.
For quick reference, Table 1-5, Temperature and humidity levels for storage (ETSI
market) (p. 1-39) shows the most important climatic values specified in the requirement.
The related climatogram is shown in Figure 1-12, Temperature and humidity levels for
storage (ETSI market) (p. 1-40).
Table 1-5

Temperature and humidity levels for storage (ETSI market)

Conditions

Limits

Low air temperature

25C (13F)

High air temperature

55C (131F)

Low relative humidity

10%

....................................................................................................................................................................................................................................
1830 PSS
1-39
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Storage

....................................................................................................................................................................................................................................

Table 1-5

Temperature and humidity levels for storage (ETSI market)


(continued)

Conditions

Limits

High relative humidity

100%

Rate of temperature change

0.5 K/min (0.9F/min)

Figure 1-12 Temperature and humidity levels for storage (ETSI market)
o

F
194
176
158
140

C
90
80
70
60
50
40
30
20
10
0
10
20
30
40
50

122
104
86
68
50
32
14
4
22
40
58

29

0.5

10

20

30

40

50

60

70

80

90

100

g-pipg-0281

Legend:
1

Air temperature

Relative air humidity [%]

Absolute air humidity [g/m3]

Conditions for storage

ANSI market

For the storage phase, the following specifics of Telcordia Requirement GR-63-CORE
are met:

R4-3 [69]: Low-temperature exposure and shock (packaged equipment)


R4-4 [71]: High relative humidity exposure (packaged)

R4-5 [70]: High-temperature exposure and thermal shock (packaged equipment)

....................................................................................................................................................................................................................................
1830 PSS
1-40
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Storage

....................................................................................................................................................................................................................................

For quick reference, Table 1-6, Environmental conditions for storage (ANSI market)
(p. 1-41) shows the most important limits specified in the requirement.
Table 1-6

Environmental conditions for storage (ANSI market)

Conditions

Limits

Low air temperature (uncontrolled humidity)

40C (40F)

Low air temperature change (uncontrolled humidity)

23C to 40C (73F to 40F) with a change rate of


30C (54F) per hour
40C to 23C (40 F to 73F) within less than 5
minutes

High air temperature (uncontrolled humidity)

70C (158F)

High air temperature change (uncontrolled humidity)

23C to 70C (73F to 158F) with a change rate of 30C


(54F) per hour
70C to 23C (158F to 73F) within less than 5 minutes

Air temperature change (at a relative humidity of 50%)

23C to 40C (73F to 104F) with a change rate of 30C


(54F) per hour
40C to 23C (104F to 73F) with a change rate of 30C
(54F) per hour

Relative humidity not combined with rapid temperature


changes

93% at 40C (104F)

Relative humidity change

93% to 50% at 40C (104F) within less than 2 hours


50% to 93% at 40C (104F) within less than 2 hours

....................................................................................................................................................................................................................................
1830 PSS
1-41
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

Installation
Risk of electric shock

WARNING
Electric-shock hazard
Risk of short circuits when power is supplied to the High Power Connection, Fuse &
Alarm Panel (HPCFAP) during the installation of subrack power cables. Contact with
energized parts can cause serious personal injury.
Before connecting any subrack power cables be sure that all circuit breakers that are
located in the HPCFAP are in the OFF position.
Weight

WARNING
Risk of injury due to unsecured rack or subrack
A fully equipped Alcatel-Lucent 1830 PSS-64 subrack weighs up to 125 kg (276 lbs), a
fully equipped rack up to 215 kg (474 lbs). A fully equipped Alcatel-Lucent 1830 PSS-36
or Alcatel-Lucent 1830 PSS-32S subrack weighs up to 84.5 kg (186.3 lbs). A rack
equipped with two Alcatel-Lucent 1830 PSS-36 or Alcatel-Lucent 1830 PSS-32S subracks
weighs up to 259 kg (571 lbs). Although Alcatel-Lucent 1830 PSS-16 and Alcatel-Lucent
1830 PSS-32 subracks weigh less, a fully equipped subrack can still weigh more than
30 kg (66 lbs).
Such a fully equipped rack or subrack can cause considerable injuries if it is knocked
over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people and/or a lifting device to transport and position
the rack or subrack.

NOTICE
Damage to system components due to unsecured rack or subrack
A fully equipped rack or subrack can cause serious damage to the rack or subrack if it is
knocked over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people or a lifting device to transport and position the
rack or subrack.
....................................................................................................................................................................................................................................
1830 PSS
1-42
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

Laser warning labels

WARNING
Laser hazard
Warning labels on the system and especially on the optical components warn of the
dangers of invisible laser radiation. Removed, concealed or illegible labels can lead to
incorrect action and thus cause serious injuries to the eyes of operating staff.
Ensure that the laser warning labels are not removed or concealed and are always clearly
legible.
Acoustic noise

WARNING
Acoustic noise hazard
The operation of more than one system could cause noise levels in working environments
(for example system test floors) that are harmful to human beings.
The infrastructure of such facilities needs to take care for the protection of work force in
that environment. National laws and regulations for safe working places need to be taken
into account.
Electrostatic discharge (ESD)

NOTICE
ESD hazard
Electronic components can be destroyed by electrostatic discharge.
Hold circuit packs only at the edges or on the insertion and removal facilities. Always
observe the ESD instructions (see Electrostatic discharge (p. 1-26)).

....................................................................................................................................................................................................................................
1830 PSS
1-43
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

Condensation

NOTICE
Equipment damage hazard
Condensation can occur in the network element or its components during transport,
especially on moving from outside to closed rooms; this can cause malfunctioning,
short-circuits or other damages of the circuit packs.
Ensure that circuit packs and subracks have reached at least the cold start temperature of
the system and are dry before taking them into operation. The cold start temperature of
the system is 5C (+23F); see the section Climatic conditions for stationary
operation (p. 1-58).
Electric shock

DANGER
Electric-shock hazard
The 4-mm banana plug at the end of the ESD wrist-strap cord is intended to be only used
for connecting to the ESD jack on the rack/subrack ESD bonding point. Connecting the
banana plug to AC or DC wall sockets or any type of power supply units may lead to the
risk of electric shock.
Never connect the banana plug to AC or DC wall sockets or any type of power supply
units.
Risk of pinching

CAUTION
Pinch hazard
Your fingers can be pinched when sliding in the fan unit.
Do not place your fingers on top/bottom of the fan unit when sliding it into the subrack.

....................................................................................................................................................................................................................................
1830 PSS
1-44
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

Overcurrent protecting device

NOTICE
Equipment damage hazard
If the wrong type of circuit breaker is used with this equipment, the equipment may be
severely damaged due to overcurrent.
Always ensure that the Alcatel-Lucent 1830 PSS-36 subrack is installed in combination
with a Power Distribution Unit - ETSI or Power Distribution Unit - ANSI (PDU1C,
PDU2C), respectively. The circuitbreakers used in the PDU1C/PDU2C allow a maxium
current of 50 A.
Never install the Alcatel-Lucent 1830 PSS-36 subrack in combination with a High Power
Connection Fuse and Alarm Panel (HPCFAP). The circuitbreakers used in the HPCFAP
allow a maxium current of 100 A.
Over-voltage damage

NOTICE
Equipment damage hazard
Potential over-voltage damage to equipment from OSP (outside plant) connections
The intra-building ports of the equipment or subassembly are suitable for connection to
intra-building or unexposed wiring or cabling only. The intra-building ports of the
equipment or subassembly MUST NOT be metallically connected to interfaces that
connect to the OSP or its wiring. These interfaces are designed for use as intra-building
interfaces only (Type 2 or Type 4 ports as described in GR-1089) and require isolation
from the exposed OSP cabling. The addition of Primary Protectors is not sufficient
protection in order to connect these interfaces metallically to OSP wiring.

NOTICE
Equipment damage hazard
The intra-building ports of the equipment or subassembly must use shielded
intra-building cabling/wiring that is grounded at both ends.
If Type 2, 3a/5a, 4, or 4a ports of the equipment, or subassembly require a shielded cable,
intra-building ports of the equipment, or subassembly, are suitable only for connection to
shielded intra-building cabling that is grounded at both ends. This requirement applies to
paired conductor interfaces as well as coaxial interfaces.

....................................................................................................................................................................................................................................
1830 PSS
1-45
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

NOTICE
Equipment damage hazard
If the wrong type of circuit breaker is used with this equipment, the equipment may be
severely damaged due to overcurrent.
Always ensure that the system is installed in combination with the correct Power
Distribution Unit - ETSI or Power Distribution Unit - ANSI (PDU1C, PDU2C),
respectively. The circuit breakers used in the PDU1C/PDU2C allow a maxium current of
50 A.
Never install the Alcatel-Lucent 1830 PSS-36 subrack in combination with a High Power
Connection Fuse and Alarm Panel (HPCFAP). The circuitbreakers used in the HPCFAP
allow a maxium current of 100 A.

....................................................................................................................................................................................................................................
1830 PSS
1-46
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

Risk of fire due to overheating

NOTICE
Fire hazard
Inadequate heat dissipation can cause heat accumulation or even a fire in the network
element.
You must therefore ensure that:

All the required fan units are installed (Alcatel-Lucent 1830 PSS-16, Alcatel-Lucent
1830 PSS-32, Alcatel-Lucent 1830 PSS-32S, and Alcatel-Lucent 1830 PSS-36: one,
Alcatel-Lucent 1830 PSS-64: two)

The individual fans are not obstructed


That all of the following aids for cooling air flow are installed as needed for their
respective subracks:
The Alcatel-Lucent 1830 PSS-16 air deflector (left side the subrack)

The Alcatel-Lucent 1830 PSS-32/Alcatel-Lucent 1830 PSS-32S/Alcatel-Lucent


1830 PSS-36 air deflector (above the subrack)
The Alcatel-Lucent 1830 PSS-36 subrack bottom plate
The Alcatel-Lucent 1830 PSS-64 air deflector (beneath the subrack)

All empty slots are covered with the correct blank front plates; for details about the
recommended face plates for the different subrack types refer to the Product
Information and Planning Guide
The covers and cable ducts are mounted (only valid in the case of BT/BTC removal)
The dust filter is not clogged
That for Alcatel-Lucent 1830 PSS-64 the orientation of the dust filter is correct, such
that the dust filter carrier prevents the dust filter from being sucked into the fan unit
(see the Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide).
For the installation of the half-slot adapter (8DG09811AAAA), the half-slot adapter
tool (8DG07796AA) must be used to avoid short cuts during half-slot adapter
insertion and installation.

Detector diodes

NOTICE
Destruction of the detector diodes caused by too high an input power
Connecting the output and input of optical circuit packs with a transmit power in excess
of 3 dBm over short distances will cause the destruction of the detector diodes, as the
input power is then too high.
Use an optical attenuator pad of approximately 10 to 20 dB when establishing
....................................................................................................................................................................................................................................
1830 PSS
1-47
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Installation

....................................................................................................................................................................................................................................

connections over short distances for test purposes.


Receiver sensitivities

You can find the receiver sensitivities and the minimum overload thresholds in the
Technical Specifications chapter in the Alcatel-Lucent 1830 PSS Product Information
and Planning Guide.

....................................................................................................................................................................................................................................
1830 PSS
1-48
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking into operation

....................................................................................................................................................................................................................................

Taking into operation


Invisible laser radiation

WARNING
Laser hazard
Alcatel-Lucent 1830 PSS systems operate with invisible laser radiation. Laser radiation
can cause considerable injuries to the eyes.
Never look into the end of an exposed fiber or into an open optical connector as long as
the optical source is switched on. Always observe the laser warning instructions (see
Laser safety (p. 1-13)).
Acoustic noise

WARNING
Acoustic noise hazard
The operation of more than one system could cause noise levels in working environments
(for example system test floors) that are harmful to human beings.
The infrastructure of such facilities needs to take care for the protection of work force in
that environment. National laws and regulations for safe working places need to be taken
into account.
Power wiring

NOTICE
Destruction of components due to incorrect power wiring
Incorrect power wiring can cause equipment damage.
All power wires must be properly connected before powering up the system by switching
on the circuit breakers. For details see Alcatel-Lucent 1830 PSS Installation and System
Turn-Up Guide.

....................................................................................................................................................................................................................................
1830 PSS
1-49
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking into operation

....................................................................................................................................................................................................................................

Arcing

WARNING
Power Interface: Arcing on removing or inserting a live power supply
plug
Arcing can cause burns to the hands and damage to the eyes.
Alcatel-Lucent 1830 PSS-32, Alcatel-Lucent 1830 PSS-32S, Alcatel-Lucent 1830 PSS-36:
Before removing or connecting the power supply lugs at the Power Interface, ensure that
the line circuit breakers on the PDU1C/PDU2C are in the OFF position.
Alcatel-Lucent 1830 PSS-64: Before removing the power supply cable at a Power Supply,
Filter, and Clock Interface Card (PSF3T8), ensure that all associated circuit breakers
that are located in the external High Power Connection, Fuse & Alarm Panel (HPCFAP)
are in the OFF position.

....................................................................................................................................................................................................................................
1830 PSS
1-50
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking into operation

....................................................................................................................................................................................................................................

Electric shock

DANGER
Electric-shock hazard
Alcatel-Lucent 1830 PSS-36: If the system is operated with only one Power Interface
Card (PFC), electrical connectors on the backplane carry a voltage of 48 V DC which
can cause electric shocks if accidentally touched.
Alcatel-Lucent 1830 PSS-64: If the system is operated with only one Power Supply,
Filter, and Clock Interface Card (PSF3T8) and Fan Unit (FAN3T8), electrical connectors
on the backplane carry a voltage of 48 V DC which can cause electric shocks if
accidentally touched.
Always use the correct system configuration to ensure safe operation:

Alcatel-Lucent 1830 PSS-36: Two Power Interface Cards (PFC), one Fan module
Alcatel-Lucent 1830 PSS-64: Two Power Supply, Filter, and Clock Interface Cards
(PSF3T8), two Fan Units (FAN3T8).

Alcatel-Lucent 1830 PSS-16, Alcatel-Lucent 1830 PSS-32, Alcatel-Lucent


1830 PSS-32S: Two PFDC DC Power Filters of the appropriate capacity.

Supply voltage

NOTICE
Destruction of components due to a supply voltage of incorrect polarity or
too high
Alcatel-Lucent 1830 PSS equipment operates at a nominal voltage of 48 V (40.5 V to
57 V) or 60 V (50.0 V to 72.0 V) . A supply voltage outside these specifications or of
incorrect polarity can lead to permanent damage of system components.
Ensure that the supply voltage has the correct range and polarity before connecting the
voltage. Ensure also the correct polarity (sequence) of both power feeders.

....................................................................................................................................................................................................................................
1830 PSS
1-51
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking into operation

....................................................................................................................................................................................................................................

Fusing

NOTICE
Fire hazard
If the system is not secured by appropriate circuit breakers, a short-circuit can cause
severe damage to the system, for example a fire in the network element.
Protect all supply lines with line circuit breakers matched to the load of the subrack
equipment. Note the relevant guide values in the Alcatel-Lucent 1830 PSS Installation
and System Turn-Up Guide.
Condensation

NOTICE
Equipment damage hazard
Condensation can occur in the network element or its components during transport,
especially on moving from outside to closed rooms; this can cause malfunctioning,
short-circuits or other damages of the circuit packs.
Ensure that circuit packs and subracks have reached at least the cold start temperature of
the system and are dry before taking them into operation. The cold start temperature of
the system is 5C (+23F); see the section Climatic conditions for stationary
operation (p. 1-58).

....................................................................................................................................................................................................................................
1830 PSS
1-52
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Operation and maintenance


Invisible laser radiation

WARNING
Laser hazard
Alcatel-Lucent 1830 PSS systems operate with invisible laser radiation. Laser radiation
can cause considerable injuries to the eyes.
Never look into the end of an exposed fiber or into an open optical connector as long as
the optical source is switched on. Always observe the laser warning instructions (see
Laser safety (p. 1-13)).
Arcing

WARNING
Power Interface: Arcing on removing or inserting a live power supply
plug
Arcing can cause burns to the hands and damage to the eyes.
Alcatel-Lucent 1830 PSS-32, Alcatel-Lucent 1830 PSS-32S, Alcatel-Lucent 1830 PSS-36:
Before removing or connecting the power supply lugs at the Power Interface, ensure that
the line circuit breakers on the PDU1C/PDU2C are in the OFF position.
Alcatel-Lucent 1830 PSS-64: Before removing the power supply cable at a Power Supply,
Filter, and Clock Interface Card (PSF3T8), ensure that all associated circuit breakers
that are located in the external High Power Connection, Fuse & Alarm Panel (HPCFAP)
are in the OFF position.

....................................................................................................................................................................................................................................
1830 PSS
1-53
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Electric shock

DANGER
Electric-shock hazard
Alcatel-Lucent 1830 PSS-36: If the system is operated with only one Power Interface
Card (PFC), electrical connectors on the backplane carry a voltage of 48 V DC which
can cause electric shocks if accidentally touched.
Alcatel-Lucent 1830 PSS-64: If the system is operated with only one Power Supply,
Filter, and Clock Interface Card (PSF3T8) and Fan Unit (FAN3T8), electrical connectors
on the backplane carry a voltage of 48 V DC which can cause electric shocks if
accidentally touched.
Always use the correct system configuration to ensure safe operation:

Alcatel-Lucent 1830 PSS-36: Two Power Interface Cards (PFC), one Fan module
Alcatel-Lucent 1830 PSS-64: Two Power Supply, Filter, and Clock Interface Cards
(PSF3T8), two Fan Units (FAN3T8).

Alcatel-Lucent 1830 PSS-16, Alcatel-Lucent 1830 PSS-32, Alcatel-Lucent


1830 PSS-32S: Two PFDC DC Power Filters of the appropriate capacity.

Laser warning labels

WARNING
Laser hazard
Warning labels on the system and especially on the optical components warn of the
dangers of invisible laser radiation. Removed, concealed or illegible labels can lead to
incorrect action and thus cause serious injuries to the eyes of operating staff.
Ensure that the laser warning labels are not removed or concealed and are always clearly
legible.
Acoustic noise

WARNING
Acoustic noise hazard
The operation of more than one system could cause noise levels in working environments
(for example system test floors) that are harmful to human beings.
The infrastructure of such facilities needs to take care for the protection of work force in
that environment. National laws and regulations for safe working places need to be taken
into account.
....................................................................................................................................................................................................................................
1830 PSS
1-54
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Risk of burns due to hot surfaces

CAUTION
Hot-surface hazard
Hot surfaces of system components can cause burns to the hands.
Do not touch system components that are marked with the hot surfaces warning label.
Electrostatic discharge (ESD)

NOTICE
ESD hazard
Electronic components can be destroyed by electrostatic discharge.
Hold circuit packs only at the edges or on the insertion and removal facilities. Always
observe the ESD instructions (see Electrostatic discharge (p. 1-26)).
Electric shock

DANGER
Electric-shock hazard
The 4-mm banana plug at the end of the ESD wrist-strap cord is intended to be only used
for connecting to the ESD jack on the rack/subrack ESD bonding point. Connecting the
banana plug to AC or DC wall sockets or any type of power supply units may lead to the
risk of electric shock.
Never connect the banana plug to AC or DC wall sockets or any type of power supply
units.
Risk of pinching

CAUTION
Pinch hazard
Your fingers can be pinched when sliding in the fan unit.
Do not place your fingers on top/bottom of the fan unit when sliding it into the subrack.

....................................................................................................................................................................................................................................
1830 PSS
1-55
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Risk of fire due to overheating

NOTICE
Fire hazard
Inadequate heat dissipation can cause heat accumulation or even a fire in the network
element.
You must therefore ensure that:

All the required fan units are installed (Alcatel-Lucent 1830 PSS-16, Alcatel-Lucent
1830 PSS-32, Alcatel-Lucent 1830 PSS-32S, and Alcatel-Lucent 1830 PSS-36: one,
Alcatel-Lucent 1830 PSS-64: two)

The individual fans are not obstructed


That all of the following aids for cooling air flow are installed as needed for their
respective subracks:
The Alcatel-Lucent 1830 PSS-16 air deflector (left side the subrack)

The Alcatel-Lucent 1830 PSS-32/Alcatel-Lucent 1830 PSS-32S/Alcatel-Lucent


1830 PSS-36 air deflector (above the subrack)
The Alcatel-Lucent 1830 PSS-36 subrack bottom plate
The Alcatel-Lucent 1830 PSS-64 air deflector (beneath the subrack)

All empty slots are covered with the correct blank front plates; for details about the
recommended face plates for the different subrack types refer to the Product
Information and Planning Guide
The covers and cable ducts are mounted (only valid in the case of BT/BTC removal)
The dust filter is not clogged
That for Alcatel-Lucent 1830 PSS-64 the orientation of the dust filter is correct, such
that the dust filter carrier prevents the dust filter from being sucked into the fan unit
(see the Alcatel-Lucent 1830 PSS Installation and System Turn-Up Guide).
For the installation of the half-slot adapter (8DG09811AAAA), the half-slot adapter
tool (8DG07796AA) must be used to avoid short cuts during half-slot adapter
insertion and installation.

Risk of system shut-down during maintenance activities

NOTICE
System shut-down when switching off all power supply feeders
Bringing the circuit breakers of all power supply feeders in the OFF position leads to a
shut-down of the complete system.
Alcatel-Lucent 1830 PSS-64: When carrying out maintenance work at one of the two
Power Supply, Filter, and Clock Interface Cards (PSF3T8) A or B, switch off only those
....................................................................................................................................................................................................................................
1830 PSS
1-56
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

circuit breakers that are directly associated to the corresponding PSF3T8. For each
PSF3T8 there are three power supply feeders, and each power supply feeder has an
associated circuit breaker. The circuit breakers are located in the High Power
Connection, Fuse & Alarm Panel (HPCFAP).
Risk of equipment damage during maintenance activities

NOTICE
Equipment can be damaged during in-service replacement of components
Alcatel-Lucent 1830 PSS-36: During in-service replacement of system components above
the Fan Unit, there is a risk that nuts, cable ends, or other objects may fall into the Fan
Unit.
Alcatel-Lucent 1830 PSS-64: During in-service replacement of the upper Power Supply,
Filter, and Clock Interface Card (PSF3T8) A, there is a risk that nuts, cable ends, or other
objects may fall into the upper fan tray (Fan Unit A).
Take utmost care to prevent nuts or cable ends from falling into the system.
Detector diodes

NOTICE
Destruction of the detector diodes caused by too high an input power
Connecting the output and input of optical circuit packs with a transmit power in excess
of 3 dBm over short distances will cause the destruction of the detector diodes, as the
input power is then too high.
Use an optical attenuator pad of approximately 10 to 20 dB when establishing
connections over short distances for test purposes.
Receiver sensitivities

You can find the receiver sensitivities and the minimum overload thresholds in the
Technical Specifications chapter in the Alcatel-Lucent 1830 PSS Product Information
and Planning Guide.

....................................................................................................................................................................................................................................
1830 PSS
1-57
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Short-circuit

NOTICE
Destruction of circuit packs in the event of a short-circuit
A short-circuit in the network element can cause destruction of electronic components
and thus malfunctioning of the complete system.
You must therefore not handle objects such as a screwdriver in the circuit pack area of the
subrack.
Alcatel-Lucent 1830 PSS-36: Always use the special extraction tool for the insertion and
the removal of bus termination cards.
Climatic conditions

NOTICE
Damage to system components under extreme environmental conditions
Extreme environmental conditions can damage system components and cause
malfunctioning.
Ensure that the Climatic conditions for stationary operation (p. 1-58) are complied
with during operation.
Climatic conditions for stationary operation

The cold start temperature of the Alcatel-Lucent 1830 PSS is 5C (+23F).


ETSI market

For the stationary operation phase, the requirements according to the ETSI Standard EN
300 019-1-3, class 3.1E, Temperature-controlled location with exceptional conditions
are met. This class applies to a permanently temperature-controlled enclosed location.
Humidity is usually not controlled.
For quick reference, Table 1-7, Temperature and humidity levels for operation (ETSI
market) (p. 1-59) shows the most important climatic values specified in the requirement.
The related climatogram is shown in Figure 1-13, Temperature and humidity levels for
operation (ETSI market) (p. 1-60).

....................................................................................................................................................................................................................................
1830 PSS
1-58
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Table 1-7

Temperature and humidity levels for operation (ETSI market)

Conditions

Limits
Rack level (Alcatel-Lucent 1830 PSS-64)

Subrack level (Alcatel-Lucent


1830 PSS-36)

Minimum air temperature

Maximum air temperature

Normal operating:

Normal operating:

5C (41F)

5C (41F)

Short term (extended):

Short term (extended):

5C (28F)

5C (28F)

Normal operating:

Normal operating:

40C (104F)

45C (113F)

Short term (extended):

Short term (extended):

50C (122F)

55C (131F)

Low relative humidity

5%

High relative humidity

85% (90% for short term)

Rate of temperature change

0.5 K/min (0.9F/min)

Figure 1-13 Temperature and humidity levels for operation (ETSI market)
o

140

60

122

50

104

40

86

30

68

20

50

10

32

14

10

20

22

30

25
20

1.5
1.0

10

20

30

40

50

60

70

80

90

100

1
2
g-pipg-0282

....................................................................................................................................................................................................................................
1830 PSS
1-59
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Legend:
1

Air temperature

Relative air humidity [%]

Absolute air humidity [g/m3]

Values outside of this field have a probability of occurrence of less than 10%

Normal operating conditions: values outside of this field have a probability of occurrence of less than 1%

Exceptional climatic limits

ANSI market

For the stationary operation phase, the following specifics of Telcordia Requirement
GR-63-CORE are met:

R4-6 [72]: Ambient temperature and humidity limits as shown in Table 1-8,
Temperature and humidity levels for operation (ANSI market) (p. 1-60) and Figure
1-14, Temperature and humidity levels for operation (ANSI market) (p. 1-61)
R4-8 [74], R4-9 [136], R4-10 [75]: Requirements for altitude
R4-68 [110], R4-69 [111], R4-70 [112], R4-72 [114], R4-75 [117], R4-81 [122],
R4-82 [123]: Requirements for dynamic shock, vibration, and earthquake. The chassis
resistance of Alcatel-Lucent 1830 PSS is compliant with zone 4 earthquake and office
vibrations.

Table 1-8
Conditions

Temperature and humidity levels for operation (ANSI market)


Limits
Rack level (Alcatel-Lucent 1830 PSS-64)

Subrack level (Alcatel-Lucent


1830 PSS-36)

Ambient1 temperature

Range

Range

Operating (up to 1800 m)

5C to 40C (41F to 104F)

5C to 45C (41F to 113F)

Short-term2

5C to 50C (23F to 122F)

5C to 55C (23F to 131F)

Rate of temperature change


1

30 K/h (54F/min)

Ambient relative humidity

Range

Operating

5% to 85%

Short-term

5% to 90%, but not to exceed 0.024 kg water/kg of dry air

....................................................................................................................................................................................................................................
1830 PSS
1-60
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

Notes:

1.

Ambient refers to conditions at a location 1.5 m (59 in) above the floor and 400 mm (15.8 in) in front of
the equipment.

2.

Short-term refers to a period of not more than 96 consecutive hours and a total of not more than 15 days in
1 year. This refers to a total of 360 hours in any given year, but no more than 15 occurrences during that
1-year period. The long-term operating temperature range is 0C to 40C (32F to 104F) on rack level and
0C to 45C (32F to 113F) on shelf level (see Frame/Shelf level according to Telcordia and ETSI
(p. 1-61)). It is given for the purposes of reliability assessment.

Figure 1-14 Temperature and humidity levels for operation (ANSI market)
o

158

70

140

60

122

50

104

40

86

30

68

20

50

10

32

14

10

24

10

20

30

40

50

60

70

80

90

100

g-pipg-0280

Legend:
1

Air temperature

Relative air humidity [%]

Absolute air humidity [g/m3]

Normal operating conditions

Short-term conditions

Frame/Shelf level according to Telcordia and ETSI

The following describes the Frame/Shelf level according to Telcordia and ETSI

Telcordia frame-level (subrack is more than 36 [=914.4 mm] in height)


All Telcordia GR-63-CORE environmental conditions apply to a 12" or 14 deep
SNBF (ANSI rack) with one installed subrack (Alcatel-Lucent 1830 PSS-64),
including subrack covers.

Telcordia shelf-level (subrack is less than or equal to 36 [=914.4 mm] in height)

....................................................................................................................................................................................................................................
1830 PSS
1-61
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Operation and maintenance

....................................................................................................................................................................................................................................

All Telcordia GR-63-CORE environmental conditions apply to a stand-alone subrack


(Alcatel-Lucent 1830 PSS-36). For certain tests the subrack may have to be mounted
into an open rack.

ETSI rack-level
All ETSI EN 300 019 environmental conditions apply to a 300 mm ETSI rack with
one installed subrack (Alcatel-Lucent 1830 PSS-64), including optional rack doors
and side-panels.

ETSI subrack-level
All ETSI EN 300 019 environmental conditions apply to a stand-alone subrack
(Alcatel-Lucent 1830 PSS-36). For certain tests the subrack may have to be mounted
into an open rack.

....................................................................................................................................................................................................................................
1830 PSS
1-62
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking out of operation

....................................................................................................................................................................................................................................

Taking out of operation


Invisible laser radiation

WARNING
Laser hazard
Alcatel-Lucent 1830 PSS systems operate with invisible laser radiation. Laser radiation
can cause considerable injuries to the eyes.
Never look into the end of an exposed fiber or into an open optical connector as long as
the optical source is switched on. Always observe the laser warning instructions (see
Laser safety (p. 1-13)).
Arcing

WARNING
Power Interface: Arcing on removing or inserting a live power supply
plug
Arcing can cause burns to the hands and damage to the eyes.
Alcatel-Lucent 1830 PSS-32, Alcatel-Lucent 1830 PSS-32S, Alcatel-Lucent 1830 PSS-36:
Before removing or connecting the power supply lugs at the Power Interface, ensure that
the line circuit breakers on the PDU1C/PDU2C are in the OFF position.
Alcatel-Lucent 1830 PSS-64: Before removing the power supply cable at a Power Supply,
Filter, and Clock Interface Card (PSF3T8), ensure that all associated circuit breakers
that are located in the external High Power Connection, Fuse & Alarm Panel (HPCFAP)
are in the OFF position.

....................................................................................................................................................................................................................................
1830 PSS
1-63
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking out of operation

....................................................................................................................................................................................................................................

Weight

WARNING
Risk of injury due to unsecured rack or subrack
A fully equipped Alcatel-Lucent 1830 PSS-64 subrack weighs up to 125 kg (276 lbs), a
fully equipped rack up to 215 kg (474 lbs). A fully equipped Alcatel-Lucent 1830 PSS-36
or Alcatel-Lucent 1830 PSS-32S subrack weighs up to 84.5 kg (186.3 lbs). A rack
equipped with two Alcatel-Lucent 1830 PSS-36 or Alcatel-Lucent 1830 PSS-32S subracks
weighs up to 259 kg (571 lbs). Although Alcatel-Lucent 1830 PSS-16 and Alcatel-Lucent
1830 PSS-32 subracks weigh less, a fully equipped subrack can still weigh more than
30 kg (66 lbs).
Such a fully equipped rack or subrack can cause considerable injuries if it is knocked
over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people and/or a lifting device to transport and position
the rack or subrack.

NOTICE
Damage to system components due to unsecured rack or subrack
A fully equipped rack or subrack can cause serious damage to the rack or subrack if it is
knocked over or dropped.
Use a sturdy vehicle for transportation and secure the rack or subrack against dropping.
Always use a sufficient number of people or a lifting device to transport and position the
rack or subrack.
Risk of burns due to hot surfaces

CAUTION
Hot-surface hazard
Hot surfaces of system components can cause burns to the hands.
Do not touch system components that are marked with the hot surfaces warning label.

....................................................................................................................................................................................................................................
1830 PSS
1-64
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Taking out of operation

....................................................................................................................................................................................................................................

Electrostatic discharge (ESD)

NOTICE
ESD hazard
Electronic components can be destroyed by electrostatic discharge.
Hold circuit packs only at the edges or on the insertion and removal facilities. Always
observe the ESD instructions (see Electrostatic discharge (p. 1-26)).
Electric shock

DANGER
Electric-shock hazard
The 4-mm banana plug at the end of the ESD wrist-strap cord is intended to be only used
for connecting to the ESD jack on the rack/subrack ESD bonding point. Connecting the
banana plug to AC or DC wall sockets or any type of power supply units may lead to the
risk of electric shock.
Never connect the banana plug to AC or DC wall sockets or any type of power supply
units.
Disposal

The equipment in the Alcatel-Lucent 1830 PSS system series must be disposed of at the
end of its lifetime. Please contact us in this case and we will arrange for proper and
environment-friendly disposal of your equipment (most parts of the system can be
recycled).

....................................................................................................................................................................................................................................
1830 PSS
1-65
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Safety
Safety requirements in specific deployment phases

Event of failure

....................................................................................................................................................................................................................................

Event of failure
Hazard levels

In the event of failure, the hazard levels given in the Alcatel-Lucent 1830 PSS Product
Information and Planning Guide apply. The hazard levels define the potential optical
hazard at any accessible location within an optical fiber telecommunication system. See
Alcatel-Lucent 1830 PSS Product Information and Planning Guide.
Invisible laser radiation

WARNING
Laser hazard
Alcatel-Lucent 1830 PSS systems operate with invisible laser radiation. Laser radiation
can cause considerable injuries to the eyes.
Never look into the end of an exposed fiber or into an open optical connector as long as
the optical source is switched on. Always observe the laser warning instructions (see
Laser safety (p. 1-13)).

....................................................................................................................................................................................................................................
1830 PSS
1-66
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

S2ecurity administration
procedures

Overview
Purpose

This chapter describes the security administration tasks.


Contents
Security management and user administration on the OCS
application

2-5

User administration concept

2-6

Security concepts

2-7

User provisioning

2-13

Security management and user administration on the WDM


application

2-14

User accounts and privileges

2-15

Configuring user accounts

2-20

Login sessions

2-24

System security features

2-26

Authentication

2-35

Administer user logins on the OCS application using the


Alcatel-Lucent 1830 PSS ZIC

2-40

Procedure 2-1: Create a user login

2-42

Procedure 2-2: Set system-wide user security parameters

2-45

Procedure 2-3: Display system-wide user security parameters

2-49

System-wide user security parameters

2-50

Procedure 2-4: Delete a user login

2-52

Procedure 2-5: Inhibit a user login

2-53

...................................................................................................................................................................................................................................
1830 PSS
2-1
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures

Overview

....................................................................................................................................................................................................................................

Procedure 2-6: Allow a user login

2-54

Procedure 2-7: Display user property information

2-55

Procedure 2-8: Edit user logins

2-56

Procedure 2-9: Log off user

2-59

Procedure 2-10: Retrieve information on all active user logins

2-60

Procedure 2-11: Change password

2-61

Procedure 2-12: Send a short free form text message to other users

2-63

Procedure 2-13: Modify command access security level assigned to a TL1


command.

2-65

Procedure 2-14: Display command access security level assigned to a TL1


command

2-67

Command access security level assigned to a TL1 command

2-68

Procedure 2-15: Copy security sensible files or data from/to an NE to/from a


remote file server

2-69

Security File Transfer

2-73

Procedure 2-16: Configure SSL authentication for ZIC to NE communication


(high-level procedure)

2-75

Procedure 2-17: Install a certificate for SSL authentication

2-76

Procedure 2-18: Generate a new SSL key for SSL authentication

2-77

Procedure 2-19: Request a new certificate for SSL authentication

2-79

Certificate for SSL authentication

2-80

Procedure 2-20: Generate a new SSL key for SSL authentication

2-81

Current NE Public Key.

2-82

Procedure 2-21: Configure RADIUS server attributes

2-83

Procedure 2-22: Modify RADIUS server attributes

2-86

Procedure 2-23: Set RADIUS server authentication parameters

2-88

Procedure 2-24: Delete a RADIUS server

2-90

User management and administration procedures on the WDM


application using the WebUI

2-91

Procedure 2-25: Create a user

2-93

The Create User window

2-94

Procedure 2-26: View or modify user details

2-97

The User Security Administration screen

2-98

Procedure 2-27: Delete a user

2-99

....................................................................................................................................................................................................................................
1830 PSS
2-2
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures

Overview

....................................................................................................................................................................................................................................

Procedure 2-28: Change password

2-100

Procedure 2-29: View / terminate sessions

2-101

The Sessions screen

2-102

Procedure 2-30: View SNMP v3 users

2-104

Procedure 2-31: Create SNMP v3 user

2-105

Procedure 2-32: Modify SNMP v3 user

2-106

The SNMP v3 Users screen

2-107

Procedure 2-33: View / modify system security attributes

2-108

Procedure 2-34: Setting / viewing syslog properties

2-109

Syslog Administration

2-110

Procedure 2-35: Setting / viewing CLI user activity logging properties

2-111

CLI Logging

2-112

Procedure 2-36: Setting / viewing SNMP user activity logging properties

2-113

SNMP Logging

2-114

Procedure 2-37: View security log

2-115

The Security Log screen

2-116

Procedure 2-38: View all logs

2-117

The All Logs screen

2-118

Procedure 2-39: Save a retrieved log to a file

2-119

Procedure 2-40: Set/view user preferences

2-120

User Preferences

2-121

Procedure 2-41: Create RADIUS server

2-122

Create RADIUS Server

2-123

Procedure 2-42: View/modify RADIUS server

2-124

Modify RADIUS Server

2-125

Procedure 2-43: Delete RADIUS server

2-126

Procedure 2-44: Provision RADIUS properties

2-127

RADIUS Properties

2-128

Procedure 2-45: Create trap destinations

2-129

The Create SNMP Trap Destinations screen

2-130

Procedure 2-46: Delete trap destinations

2-131

Procedure 2-47: View trap destinations

2-132

The SNMP Trap Destinations screen

2-133

....................................................................................................................................................................................................................................
1830 PSS
2-3
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures

Overview

....................................................................................................................................................................................................................................

Procedure 2-48: View/modify community strings

2-135

The SNMP Community Strings screen

2-136

....................................................................................................................................................................................................................................
1830 PSS
2-4
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Overview
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

Security management and user administration on


the OCS application
Overview
Purpose

This section provides descriptive information concerning the Alcatel-Lucent 1830 PSS
Security management and user administration on the OCS application.
Contents
User administration concept

2-6

Security concepts

2-7

User provisioning

2-13

....................................................................................................................................................................................................................................
1830 PSS
2-5
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User administration concept
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

User administration concept


Overview

User administration comprises the following:

Creating, modifying, or deleting user logins,


Specifying associated passwords,
Assigning access privileges,
Enabling users
Disabling users,

Logging out users,


Viewing user details.

User permission

Administration on the security databases can only be performed by a security


administrator, that means a super user login is required.

....................................................................................................................................................................................................................................
1830 PSS
2-6
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

Security concepts
Overview

Alcatel-Lucent 1830 PSS uses logins, passwords, authentication, and access levels to
protect against unauthorized access. It also keeps a security log.
RADIUS server support for user authentication

Remote Authentication Dial In User Service (RADIUS) provides a centralized way of


user login/authentication and management. A RADIUS server is an external entity
(server) that keeps a centralized database of user login, password and privilege
information. Each NE in the network acts as RADIUS client and delegates user
authentication to the RADIUS server.
For resiliency purposes, the NE supports a primary and a secondary RADIUS server.
After the maximum of retries per server is reached on the primary server a connection to
the secondary server is attempted. Special local (maintenance) accounts can be optionally
activated by the customer for troubleshooting in case that RADIUS is not available.
Successful and unsuccessful access attempts via RADIUS are logged (SECULOG). The
information of the log follows User Activity Log (UAL) principles. In case that local
accounts are also configured as RADIUS backup, the access attempts through these
accounts are also logged.
RADIUS allows the optional use of the MD5 hashing algorithm to encrypt the
User-Password and other attributes such as Tunnel-Password.
NTP server authentication

The NTPv4 protocol supports authentication using either symmetric key or public key
cryptography. Alcatel-Lucent 1830 PSS implements authentication using the symmetric
key cryptography feature. This method ensures an unbroken chain of trust between the
client system and the primary servers at the root of the timing distribution network. This
chain is known as the provenance of the client. The protocol provides the credentials to
ensure that the source of the timing signal is not being spoofed since the attacker does not
have the cryptographic key information to provide authentic credentials.
When authentication is in use, every message contains a message authentication code
(MAC) appended to the NTP header in the message. The MAC is calculated using a
cryptographic hashing algorithm (in the form of SHA-1 or MD5) to produce a
mathematical fingerprint that uniquely identifies each message. The hashing algorithm
used is up to the user. Under the symmetric key method, both the server and the client
share a key, that is distributed outside this protocol. The server uses the key to create the
MAC. When the message arrives, the client uses the key to create its own version of the

....................................................................................................................................................................................................................................
1830 PSS
2-7
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

MAC. The client then compares its calculation to the MAC inserted in the message.
When the two codes match the client concludes that the message was indeed sent from
the intended server.
User identifiers

Alcatel-Lucent 1830 PSS users are required to log in with a user identifier and a password
at the start of a session. To ensure security, they should log out at the end of a session. If a
user is inactive for a configurable period of time, the user is logged off automatically.
This period can be set up by the administrator in a range from 0 to 999 min. The default
value is 60 min.
The system supports up to 512 different user IDs. The user management is performed by
a user with administrative privileges. User management includes addition and deletion of
users as well as assigning privileges to them. Multiple logins with the identical user
identifier will be denied.
Alcatel-Lucent 1830 PSS has five pre-installed default users for external TL1 login which
cannot be deleted: SERVICE, EML001, EML002, USER05, and Unprvlgd.
For internal purposes Alcatel-Lucent 1830 PSS supports the following default users
which cannot be deleted: WDMUSER1, ZICUSR, OMSREAD{1,2},
OMSPROV{1,2}, OMSCONF{1,2}, OMSNETADMIN{1,2}, and
OMSSEC{1,2}.
The SERVICE user allows an Alcatel-Lucent technician to log-in to the NE. The initial
password for this user is contained in the persistent database and can be modified. The
User Security Level of this user is 5, as well any security administrator user. The
SERVICE user cannot be deleted, but can be disabled and enabled.
The ZICUSR is for internal use only and cannot be used for logins from outside.
User identifiers that are strings of 5 to 12 case-sensitive alphanumeric characters where
the first character is an alphabetic character. The following special characters are also
valid: % (percent), + (plus sign), # (number sign), and _ (underscore).
Dormant account management

Dormant accounts are those users that have not logged on for a period of time. A user
with sufficient security privileges is able to provision per User ID a User ID aging
interval expressed in days. At the end of this interval, a User ID is disabled and inhibited
from logging in if during this interval it has never been used to login. The longest interval
allowed is 999 days with a minimum of 1 day. The default for the system-wide user
identifier aging interval is 60 days.
The system allows to disable the User ID aging per user by setting the User ID aging
interval to 0. After a user's User ID has been disabled, the system allows a privileged user
to reactivate (enable) the disabled User ID.
....................................................................................................................................................................................................................................
1830 PSS
2-8
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

The system resets the User ID aging interval per user when

the User ID aging interval changes

the user account is created


the user logs in to the system
the user is enabled by a privileged user after the User ID has been disabled

User ID aging is not applicable to system default users and super users.
User community authorization level (UCAL)

The system supports user privilege categories for accessing functionality on the system.
A user community authorization level (UCAL) is assigned to each user ID by the
administrator when the user ID is created. This numerical value between 1 and 5 defines
the access privileges for the user. A user community authorization level of 5 stands for
administrative privileges.
For each possible transaction with the system, that means for each TL1 command, a
command community authorization level (CCAL) is defined. A user can only perform a
transaction if his or her UCAL is greater or equal to the CCAL of the transaction.
A super user (that means a system administrator with security administration privileges,
indicated by UCAL equal to 5) is able to:

Add users to the NE


Delete users from the NE

Edit the security information of any user


Retrieve security information about users (not password)
Change the password of other users without entering the old password

Logoff a particular user (included a User with security administration privileges)


Obtain user info about the user currently logged on to the NE
Inhibit and allow users

Set system wide user security attributes


Retrieve security information about authenticated (logged on) and unauthenticated
(not logged on) sessions

Set command privilege partitioning


Do anything that a normal user can do

A normal user (that means a user without administration privileges, indicated by UCAL
less than 5) is able to:

Establish a session with the NE (logon)


Change own user password
Obtain own user info

....................................................................................................................................................................................................................................
1830 PSS
2-9
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

Retrieve system wide user security attributes


Retrieve command privilege partitioning
Terminate the session (logoff)

Execute accessible/privileged NE command language requests

Passwords

A password is a case-sensitive string of 8 to 12 alphanumeric characters with at least three


of the following: at least one uppercase alphabetic character, at least one lowercase
alphabetic character, at least one numeric character, at least one special character. The
following special characters are valid: % (percent), + (plus sign), # (number sign),
_ (underscore), ! (exclamation mark), @ (at sign), $ (dollar sign), (double
quotation mark), & (ampersand), '(apostrophe), ( (left parenthesis), ) (right
parenthesis), * (asterisk), and . (period). The first character of the password can be
any alphabetic, numeric, or a valid special character.
The password must not have more than 3 consecutive identical characters, for example,
User_00001 will be denied. The password must not be the same as the associated user
ID. The password must not be the reverse of the associated user ID. More than one user
can have the same password.
All passwords are stored and transported only encrypted throughout Alcatel-Lucent
1830 PSS and the management systems.
If specified by the administrator, users can change their own passwords at their discretion,
following a configurable minimum interval since the last change.
Password aging can be configured. The system notifies in advance and, upon expiration,
forces users to change their passwords by the following actions:

The system informs the user when the password expiry date is nearly reached. Default
is 7 days before the expiration.
The system forces the user to enter a new password at the login attempt after
password expiration, if the user has the ability to change the password.
For a user updating a password, there is a specified minimum period of waiting before
an existing password can be updated.
For a user updating a password, the system does not allow the reuse of a specified
number of most recently used passwords. This discourages password flipping.

Access control lists for IP addresses and ports

The Alcatel-Lucent 1830 PSS system supports the configuration of access control lists
(ACL) or filters to limit the access to the administration and other management protocols
only to certain ranges of authorized source IP addresses and ports. It is also possible to
configure multiple disjoint ranges specified through IP network and mask. IP access
....................................................................................................................................................................................................................................
1830 PSS
2-10
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

control lists can be configured for filtering traffic, which is forwarded by the network
element. One use-case for this is to prevent attacks to the network from hijacked CPE
boxes.
Firewall traversal

The NE or the underlying protocols used by the NE do not pose any restriction for
firewalls in the management or control plane. For instance:

Firewall-friendly protocols are used


Server ports are on server side
The number of server ports is reduced to a small range and documented

System log

The NE maintains a system log with a size of up to 50 MB. Among all other commands
and responses, also the ones related to security are stored. A filter capability is available
to retrieve only security events. The events/responses are kept in a non-volatile memory.
The log can be retrieved from the NE. The logs are stored in a file that can be retrieved by
the management system via SFTP, to optimize bandwidth and simplify the request
mechanism.
Secure shell

Alcatel-Lucent 1830 PSS provides a way to secure the traffic between the operator and
the network element with strong encryption and cryptographic protection to provide
confidentiality, integrity, and replay protection. The system supports secure shell 2
(SSH-2) encryption for TL1 communication, also on the debug port.
For host authentication, Alcatel-Lucent 1830 PSS supports the following:

Initialization of the supported public key

Distribution of the supported public key


Retrieval of the fingerprint (a cryptographic hashing of the supported public key)

Alcatel-Lucent 1830 PSS supports secure file transfers from and to other hosts.
NE-NE and NMS-GNE IPoIP (IP over IP) tunneling

Alcatel-Lucent 1830 PSS supports tunneling IP packets through an IP network (IP in IP


Tunnels, IPIPT). So the NEs can interconnect management systems and NEs via an
out-of-band (OoB) DCN, which is managed as an independent IP routing domain or
control plane nodes can build out-of-band protection links for in-band (ECC) links used
by the control plane. The transport part is accomplished by encapsulating IP datagrams in
IP packets and route them through an IP tunnel on the OoB DCN to the node that

....................................................................................................................................................................................................................................
1830 PSS
2-11
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security concepts
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

represents their next-hop IP address towards their destination. IP-in-IP encapsulation


according to RFC 2003is supported. IP-in-GRE-in-IP encapsulation according to RFC
2784is supported.
Inter-compound communication

The NE internal communication security applies for multi-shelf network elements with
compound architecture. Inter-compound communication is required when uplink cards
are successfully provisioned in the OCS compound . The system provides a default user
for TL1 based communication between the WDM application and the OCS application.
Only one session at a time is allowed for this user. The list of allowed IP addresses can be
set for this user to allow only logins from the IP address of the WDM compound.
SSL/TLS

The Alcatel-Lucent 1830 PSS system supports SSL/TLS secured HTML communication
for access of the Alcatel-Lucent 1830 PSS ZIC . All communication associated with
Alcatel-Lucent 1830 PSS ZIC uses separate SSL/TLS connections.
Host-to-host authentication between the NMS and the NE, and between the ZIC and the
NE is done using a certificate distribution based on SSL. The Alcatel-Lucent 1830 PSS
system supports a management for the certificates that are used by SSL and TLS for
server authentication.
Secure mode for open ports

The Alcatel-Lucent 1830 PSS system is configured in a way that non-essential ports and
services are avoided:

Only logical ports that are needed to manage the equipment are open
Only physical ports that are needed to manage the equipment are open
Ports needed for example for debug access are only opened on user request.

All logical ports are secure interfaces (SSH, SSL/TLS or SFTP).


User activity logs

The Alcatel-Lucent 1830 PSS system supports user activity logs (UAL, also known as
command logs) that are compatible with the Alcatel-Lucent 1350 OMS format:

The Alcatel-Lucent 1350 OMS user is supported in the UAL: The logs report the
name of Alcatel-Lucent 1350 OMS user as configured
File transfer of UAL: The logs are transferred from the NE to the Alcatel-Lucent
1350 OMS via SFTP.

....................................................................................................................................................................................................................................
1830 PSS
2-12
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User provisioning
Security management and user administration on the OCS
application
....................................................................................................................................................................................................................................

User provisioning
Predefined user profiles
Table 2-1

Predefined user types

Default User

USER05

EML001

EML002

Unprvlgd

Default Password
identifier

ADMIn005

Eml__001

Eml__002

Only4ReadXX

Default User Profiles for internal purpose

The users described here are intended for NE internal communication purposes. They are
all used internally and not configureable.
Table 2-2

Default user types for internal purpose

Default User

for OMS

for ZIC

for WDM
compound

OMSREAD1

ZICUSR

WDMUSER1

OMSREAD2
OMSPROV1
OMSPROV2
OMSCONF1
OMSCONF2
OMSNETADMIN1
OMSNETADMIN2
OMSSEC1
OMSSEC2

The OMS user for OMS accessing the ZIC.


The ZICUSR is used for the internal ZIC server to establish a TL1 user session via the
TCP/IP protocol stack in order to support TL1 transaction-oriented messages between the
server and the NE.
The system provides the default user WDMUSER1 for TL1 based communication between
the WDM compound and the OCS compound

....................................................................................................................................................................................................................................
1830 PSS
2-13
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Overview
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Security management and user administration on


the WDM application
Overview
Purpose

This section provides descriptive information concerning the Alcatel-Lucent 1830 PSS
Security management and user administration on the WDM application.
Contents
User accounts and privileges

2-15

Configuring user accounts

2-20

Login sessions

2-24

System security features

2-26

Authentication

2-35

....................................................................................................................................................................................................................................
1830 PSS
2-14
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User accounts and privileges
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

User accounts and privileges


The purpose of security administration is to manage user accounts (logins, passwords,
authorization levels, external links) and to monitor system security so that only valid
users can perform permitted actions and receive authorized information from the system.
The NE provides the ability to create, modify, delete, and view user profiles and
associated security levels. Each level has distinct privileges for accessing and executing
the commands and performing administrative functions on the NE. The description of
each function or command is listed in the Alcatel-Lucent 1830 Photonic Service Switch
(PSS) Release 6.0 Command Line Interface Guide and/or Alcatel-Lucent 1830 Photonic
Service Switch (PSS) Release 6.0 Photonics TL1 Command Guide including the user
levels that are able to access and execute each specific command (see System access
control (p. 2-30)).
The system does not provide an unsecure user external port. To gain access to an NE
you need a user account with login and password. The user account name, privilege level
and password is created and defined by the Admin user, and is unique for each network
element in the network.
Important! The Alcatel-Lucent 1830 PSS is delivered with two default users as part
of the factory software load: one Admin user (with administration privilege) and one
Service user (with service privilege).
The login ID and passwords are:

For Admin user: admin/admin

For Service user: service/AlcaLu-1830!

Note: The administration of all security functions is only accessible to Admin and
Service users (i.e. the system will only allow access to these security functions to
users with appropriate security administration privileges). The Service user is not
capable of creating/deleting/modifying user profiles. The NE does not allow deletion
of the default users.

....................................................................................................................................................................................................................................
1830 PSS
2-15
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User accounts and privileges
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

The user levels, the privileges assigned to each level, and their intended use are
summarized in Table 2-3, User privilege levels (p. 2-16).
Table 2-3

User privilege levels

Level

Privileges and use

Service

This is the highest level, and is meant for Alcatel-Lucent


technicians. This user has all the Admin privilege (except the
ability to create/delete/modify user profiles), plus the ability to
utilize the debugging and software development tools. The
following applies:

Admin

a maximum of one Service user per NE, created by default, as


part of the SW load. (There is no mechanism to create another
Service user profile or to delete the Service user profile). Only
the Service user can change his/her password

The Admin user can peform all functions accessible via WebUI,
CLI and TL1. The Admin user cannot utilize debugging and
software development tools.

....................................................................................................................................................................................................................................
1830 PSS
2-16
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User accounts and privileges
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Table 2-3

User privilege levels

(continued)

Level

Privileges and use

Provisioner

The WebUI restricts access for a user with Provisioner privilege


level as follows:

A Provisioner user cannot access the following Administrative


functions: User Panel Replacement, Security (with exceptions
below), SNMP, Syslog, Power Commissioning and GMRE
Commissioning.

For the following administrative functions, the Provisioner user


can view the current values, but cannot edit them:

Date/Time and Timezone

System-wide security settings

NTP settings

Database backup/restore

Software upgrade, including Software NE and FTP server


settings

The users own user profile

List of user sessions

GMRE settings, Feasibility file transfer

Access Control Lists

Log file transfer

Technology Types

For the following administrative functions, the Provisioner user


can view and edit:

IP routes

OSPF areas

Change his own password

User Preferences

Ping and Traceroute

A Provisioner user cannot do the following:

A Provisioner user cannot perform a system reboot.

A Provisioner user cannot perform a card-level cold reboot.

A Provisioner user cannot modify OPSA A and B port


switching attributes.

A Provisioner user cannot view the Security Log.

A Provisioner user cannot modify LD/OSCT SIG and LINE


port attributes

A Provisioner user cannot modify Power Management port


attributes

A Provisioner user cannot modify Dynamic Tilt Adjustment

....................................................................................................................................................................................................................................
attributes
1830 PSS
2-17
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User accounts and privileges
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Table 2-3

User privilege levels

(continued)

Level

Privileges and use

Provisioner (continued)

A Provisioner user cannot view or modify Optical Intrusion


Detection parameters

A Provisioner user cannot modify Per-Channel Target Power


Offset attributes

A Provisioner user cannot modify Target Power Offset


attributes

A provisioner user cannot modify or view the Encryption


Attributes on the 11QPEN4 line ports.

A Provisioner user cannot modify UI Mode or OCS IP

A Provisioner user cannot modify WSS attenuation attributes

....................................................................................................................................................................................................................................
1830 PSS
2-18
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User accounts and privileges
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Table 2-3

User privilege levels

(continued)

Level

Privileges and use

Observer

The WebUI restricts access for a user with Observer privilege


level. In addition to the restrictions defined for the Provisioner
user, the Observer user is restricted as follows:

An Observer user cannot initialize the database during NE


configuration.

An Observer user cannot access the functions under the


Test/Analysis buttons. This includes: test LED and loopback.

An Observer user cannot access the alarm configuration


functions under the Fault button.

An Observer user cannot select Alarm Cutoff on the alarm


toolbar.

An Observer user cannot create, modify or delete any


equipment-related items or perform any action on the NE that
will change its status.

For Connections:

An Observer user can view all cross-connects and details, but


cannot create, modify or delete cross-connects.

An Observer user can view all EVPL connections, but cannot


create or delete connections.

An Observer user can view the Physical Topology, but cannot


create or delete a connection.

An Observer can view the Logical Topology with no


restrictions.

For the following administrative functions, the Observer user can


view but cannot edit:

IP routes

OSPF areas

For the following administrative functions, the Observer user


cannot view or edit:

Database backup/restore

Ping and Traceroute

....................................................................................................................................................................................................................................
1830 PSS
2-19
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Configuring user accounts
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Configuring user accounts


Introduction

Login security controls access to the NE(s) by individual users. Client Authentication for
logging in and auditing on each NE requires a user ID (UID) and a complex password.
Security administration enables the system to deny a user access to the NE. The NE
authenticates the user ID against the NE's local security database. Based on this, the NE
either accepts or denies login access to the NE. Access may be denied during one of the
following points in time:

When the user first attempts to log in and the login attempt is denied.
During an active session and the user is disconnected by the NE.

After the user logs into an NE with a valid user ID and Password, user functions can be
performed based on the assigned User Access Privilege (UAP).
User identification and user password definition
User identifier (UID)

User identity is specified using a UID that is a unique identifier used by an NE for
security management. A UID code is a non-confidential, unique, and auditable
representation of a user such as the login name. The NE supports UIDs that are strings of
5 to 12 case-sensitive characters including upper-case letters [A-Z], lower-case letters
[a-z], numbers, and special characters. The first character must be alphabetic. For User
ID, the following special characters are accepted as valid characters for the User ID: %
(percent sign), + (plus sign), # (pound sign) and _ (underscore).
The following conditions apply to UIDs:

Each authorized user (a person, device or a software process having operations related
command inputs access) must have a UID. Each UID must be unique on the NE (i.e.
the system does not support 2 UIDs that are the same).
At any given instant in time, the NE internally maintains the identity of all UIDs
logged on at that time.
The NE supports a maximum of 255 unique UIDs.

Password identifier (PID)

A PID is a case sensitive string of 8 to 32 upper-case letters [A-Z], lower-case letters


[a-z], numbers, and special characters. A valid password must contain at least 1
alphabetic, 1 numeric, and 1 special character. The following special characters are
accepted as valid: % (percent sign), + (plus sign), # (pound sign), _ (underscore) !
(exclamation mark), @ (at sign), $ (dollar sign), (double quotation mark), &

....................................................................................................................................................................................................................................
1830 PSS
2-20
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Configuring user accounts
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

(ampersand), (apostrophe), ( (left parenthesis), ) (right parenthesis), * (asterisk), and .


(period). The first character of the PID can be any alphabetic, numeric, or valid special
character.
Note: , (comma) and : (colon) are not valid special characters.
The following conditions apply to PIDs:

The PID cannot be the same as the associated UID, nor can it be the reverse of the
associated UID.
The password must not have three consecutive identical characters.
The NE will not prevent a user from choosing an already existing password (more
than one user can have the same password).
Note: For all Password attributes, if a value exists, the WebUI displays it as
******** (8 asterisks). This allows the user to know that a value exists.

Password administration

The NE supports the ability for a user with security administration privileges to specify
the following user password attributes: the password age (in days); the number of days
that the existing password can continue to be used before a new password becomes
mandatory; the number of times that the existing password can continue to be used before
a new password becomes mandatory; the password obsolescence interval that must elapse
before an obsolete password can be reused.
A user with security administration privileges can provision a system-wide password
aging interval to encourage users to change passwords periodically. The following
applies:

The default for system-wide password aging interval is 30 days. The allowed range is
from 1 to 999 days.
The system allows the ability to disable the system-wide password aging interval, by
assigning a value of 0 (zero) days.

A password grace period and number of logins allowed after password expiration can also
be provisioned. The following applies:

The default for the password grace period is 7 days.

The default for the number of logins allowed after password expiration is 3.

A password is expired when one of the following events occurs:

the password is expired and neither a grace period nor number of logins is permitted
after password expiration
the password is expired and either a grace period or a number of logins is permitted
after password expiration, but the provisioned value(s) is expired (i.e., the user has no
more days to use the expired password, or no more logins allowed with the expired
password).

....................................................................................................................................................................................................................................
1830 PSS
2-21
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Configuring user accounts
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Users have the ability to change their own password on demand. To change a password,
the user must enter the current password, the new password, and the confirmed new
password (Note: For an Admin user changing another users password, only the new
password value needs to be entered). The NE checks the password for proper length and
syntax in accordance with established password requirements. Before updating the NE's
database, the NE ensures that the current password is different from the new password
and that the new password and confirmed new password are the same. An error message
is generated to notify the user if any of the password requirements are not met.
Adding a User

A user with appropriate security level privileges (Admin user) can add new users to the
User Security Database and to specify for each user his/her User Access Privilege (UAP).
The UAP specifies the set of commands a user can execute based on the access privilege
of the user and of the command.
Note: A maximum of only 1 Service user is allowed in the NE. Multiple users of the
other user levels are allowed.
The NE provides the ability to specify an initial password pertaining to the new user. The
user is prompted to change the password when one of the following conditions occurs:

when that user establishes a session for the first time after the initial password is
assigned
when that user establishes a session for the first time after a user password has been
reset by an administrative action.

The NE denies the session if the user does not comply.


Deleting a user

A user with appropriate security level privileges can delete existing user profiles from the
User Security Database. If the specified user is currently logged on, then the user is also
logged off. Users with security administration privileges can delete any existing user
profile except default users' profiles.
Note: A user with administration or service privileges cannot delete his/her own user
profile. The Admin user cannot delete the Service user, and the Service user cannot
delete himself.

....................................................................................................................................................................................................................................
1830 PSS
2-22
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Configuring user accounts
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Retrieving and editing user privileges

The ability to edit an existing user profile entry (created when entering a user) is provided
to users with appropriate security level privileges. The following conditions apply:

Only users with appropriate administration privileges can change a user profile
database entry for another user.
Only users with administrator privileges can edit the User Security Level User
attributes that exist for each user's profile. The security level user attributes are: user
privilege level, link timeout, and user-id status. It is not possible to modify the UID or
user security level of factory default users.
Any change to the privilege(s) granted to a user do not apply to the user if the user is
currently logged in. Any such change will take effect after the next login.
A user with security administration privileges can retrieve any or all user profile
entries.
Only those parameter values that are actually applied for the specified UID are
reported. This means that those system-wide parameters that have been modified, but
still not applied to the specified UID, are reported with their previous values.

Enabling/disabling a user

A user with appropriate security level privileges can disable existing user profiles in the
User Security Database. If the specified user is logged on, then the user is also logged off.
A user cannot disable himself/herself. A user cannot disable his own user profile.
A user with appropriate security level privileges can enable existing and previously
disabled user profiles in the User Security Database for a specified user(s).
Note: The Admin user can disable and enable all users including the Service user.

....................................................................................................................................................................................................................................
1830 PSS
2-23
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Login sessions
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Login sessions
Overview

There is no limit to the number of simultaneous active sessions per user ID. One user ID
can log into the NE multiple times (via WebUI, TL1, CLI, and SNMP), the maximum of
which is restricted by the number of sessions supported by the NE. The NE creates an
entry in the Security log when a user logs into and logs off from the NE indicating the
UID and the established User Session Number.
The ability to authenticate a session (i.e., activate a user session) is established with the
NE by logging in an existing user through a UID and a PID. The NE will deny the
activation of a user session if authentication for the user cannot be established (e.g. the
specified password does not match the user's password on the NE, the user profile does
not exist on the NE, etc.).
The NE allows a user to cancel a current session which was previously authenticated by a
login request by providing a logoff function for the current session.
The following applies to canceling a user session:

Only users with appropriate administration privileges are able to logoff other users.
Otherwise users can only logoff themselves.
Users with administration privileges and also the Service user can logoff other users
with administration privileges.
A command request to cancel a session will terminate a single active user session on
the addressed NE. In addition any supporting connection which after the termination
of this session is no longer supporting other sessions or connections, is also
terminated.

Session timeout

The NE supports auto log out and auto disconnect of user sessions based upon user link
inactivity (i.e. an idle user). Inactivity is defined as lack of user input. The inactivity
interval (period which triggers log out) is provisionable on a system basis. The longest
such interval allowed for an idle user is 999 minutes, with a minimum of 1 minute and a
default of 60 minutes. The system allows the ability to disable the User Session Link
Timer attribute, on a system basis, by assigning the zero value. A value of 0 implies no
idle timeout, (i.e. the user can remain idle forever).
When the session timer expires, the NE logs out and disconnects a user's session to the
NE. The session timer is reset/restarted by successful user login and user session link
communication input activity after the login occurs.
Each properly logged-in session will either be logged out by the user or by system
inactivity or by connection interruption. When a session is terminated (e.g., normal
logoff, power failure, a break in the physical or logical connection), the NE ensures that
....................................................................................................................................................................................................................................
1830 PSS
2-24
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Login sessions
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

the port drops immediately and terminates the user processes running at the time of
logoff. When the next user attempts to log on to that physical or logical port, the user is
required to go through the entire login procedure including identification and
authentication.
The admin user may configure unique per user session timeout, based on the UID profile.
If provisioned, the timeout value may take on any value up to the system maximum. If
provisioned, the user-defined session timeout takes precedence over the system-wide
session timeout value provisioned.

....................................................................................................................................................................................................................................
1830 PSS
2-25
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

System security features


Encrypted and normal mode

The system supports the ability to set the NE to function in an encrypted or normal mode.
Encrypted or normal mode should be set during initial commissioning. There is no default
mode. Only the administrative user can invoke the security mode on the NE. Changing
the mode from encrypted to normal, or vice versa, causes a warm reboot of the active
Main EC. All current user sessions will be logged off as a result.
The NE does not allow the encrypted mode setting if there is no SSH key initialized on
the system. Encrypted mode can only be turned on after the NE has already generated an
SSH key. The NE applies the following guidelines when setting the mode to either
encrypted or normal. These settings apply to the OAMP port only.
In encrypted mode:

SSH is enabled

telnet is disabled to ports 23, 3082, 3083


SSH is enabled to port 22
SNMP ports (161, 162) are allowed to be enabled

port 69 (tftp) remains open for the internal transfers from the main EC to other circuit
packs on the local NE
NTP port (123) is allowed to be enabled
SNMPv1, SNMPv2c, SNMPv3 (without authentication and privacy) requests to the
NE are disabled
SNMPv3 (with authentication and privacy) requests are allowed by the NE

In normal mode:

SSH is enabled (SSH can be used in both modes)


telnet is enabled to all ports TL1 (3082, 3083) and CLI (22, 23) ports
SNMP ports (161, 163) are allowed to be enabled
NTP port (123) is allowed to be enabled

HTTP (Web interface available) is enabled for remote management


The port 69 (tftp) remains open for the internal transfers from the main EC to other
circuit packs on the local NE
SNMPv1, SNMPv2c requests are allowed by the NE

SNMPv3 (without authentication and privacy) requests are not allowed by the NE
SNMPv3 (with authentication and privacy) requests are allowed by the NE
CLI over the craft serial port is not encrypted

....................................................................................................................................................................................................................................
1830 PSS
2-26
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

The NE supports the enabling and disabling of the following external ports: OAMP, VoIP,
E1, E2, ES1 and ES2 for extension shelves. Only an administrative user has the ability to
enable/disable these interfaces. The serial/console port cannot be disabled.
Note: The two external LAN ports, E1 and E2, connect to externally managed
devices, like RAMAN power booster amplifiers. One User Panel is supported on the
Master Shelf of an NE to provide a maximum of 2 LAN ports for external RAMAN
or Booster devices per NE.
TFTP, FTP, and SFTP

TFTP, FTP, and SFTP file transfer protocols are supported for both encrypted mode and
normal mode.
The following applies:

for PM file transfer TFTP must be used


for software download FTP or SFTP can be used

for database file transfer FTP, SFTP or TFTP can be used


for log file transfer FTP or SFTP can be used
for SSL certificate transfer FTP or SFTP can be used

SFTP (secure FTP) is a program that uses SSH to transfer files. Unlike standard FTP, it
encrypts both commands and data, preventing passwords and sensitive information from
being transmitted in the clear over the network. It is functionally similar to FTP, but
because it uses a different protocol, standard FTP client can't be used to talk to an SFTP
server, nor an FTP server can be connected with a client that supports only SFTP.
The following applies:

FTP and SFTP passwords are stored in the database using AES encryption.

No user interface displays the password for the FTP and SFTP server.
SFTP or TFTP are used regardless of whether the NE is in encrypted or in normal
mode.
Note: Only one tftp transfer can be initiated at a time.

Secure Shell (SSH)

Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure
channel between two network devices. SSH is designed as a replacement for telnet and
other unsecure remote shells which send information (notably passwords) in plaintext,
leaving them open to interception. The encryption used by SSH provides confidentiality
and integrity of data over an unsecure network, such as Internet. SSH allows a trusted
path of communication between two ends (e.g., NE and EMS) using encryption of the
data stream.

....................................................................................................................................................................................................................................
1830 PSS
2-27
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

The following applies:

The 1830 NE supports SSHv2. This applies to 1830 PSS-32/PSS-16/PSS-32S and the
Alcatel-Lucent 1830 PSS-1 (Edge Device).
The NE supports the generation of the SSH crypto Key. This crypto key needs to be
generated before the NE is set to encrypted mode. The NE allows the generation of
the crypto key when the NE mode is normal or encrypted.
SSH Keys can be zeroized (regenerated) in encrypted mode.
The NE supports AES encryption. SSH key must be encrypted with AES before
storing in the disk.
Note: Security mode can only be changed to encypted when:

SSH key exists

Security event log

For security purposes, the system generates a security log to provide an audit trail record
that supports after-the-fact investigation of specific activities (e.g., logins, modification of
critical system resources). The security log provides a means for the Security
Administrator to investigate, audit, detect, and analyze security events in order that proper
remedial actions can be taken. Security logs are protected from unauthorized access and
no modification by any user or process, even debug tools, is allowed.
The system provides the ability to a user with sufficient security level privileges to
retrieve security event log reports that were generated by the system for a given UserID
and between a specified From Date and Time and To Date and Time.
The following applies to the security log:

The security log has a circular (or equivalent) recording mechanism (i.e., oldest
record overwritten by newest), and an appropriate administrator has the capability to
retrieve, print, copy, and upload the security log for long-term storage.
When the security log has reached 90% of its maximum size, the NE sends an
appropriate event to the security administrator.
The security event log file is protected from tampering by any user defined in the user
security database and cannot be deleted by any user defined in the user security
database.
The security event log file is stored in non-volatile memory and survives system
restarts/resets.
The security event log file does not survive software generic upgrades and power
reset.

....................................................................................................................................................................................................................................
1830 PSS
2-28
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Security log contents

Each NE is able to log the following classes of information in the security log:

any action that changes the security attributes and services


any action that changes access controls
any action that changes configuration parameters of the device
each login attempt and its result
each logout or session termination (whether remote or console, whether requested or
due to inactivity timeout)

A security log entry contains the following information:

the identification, address and security level of the user that initiated the action that is
being logged
the actual attempted action that is being logged (the echo of the command/response
message)
an indication of the success or failure of the activity (command completion code)
the date and the time the action (i.e. the command or the message) occurred
Note: The security event log file does not record actual or attempted passwords that
are entered in as passwords.

User activity log

Alcatel-Lucent 1830 PSS supports logging of user activities. Activities are collected in a
user activity log (UAL) in a user-readable format. All user actions via the WebUI are
logged and stored in this UAL along with the time and date of the action, the source IP
address and or user name of the operator, and the action itself. One entry is captured for
each user action. The purpose of this log is to provide non-repudiation.
The administrator can also transfer the UAL log to a remote file server (RFS). The RFS
can be the management system itself, or some other server - the choice is up to the
operator. This transfer mechanism can be performed using FTP or SFTP.
Log file transfer

The WebUI can retrieve and display parameters related to the last log transfer request.
The WebUI also allows the user to modify and view server information for the log file
transfer. When the user initiates a log file transfer, after receiving a successful response
from the NE, the WebUI displays a message to the user indicating that the file transfer has
been initiated. The WebUI then allows the user to navigate to other WebUI screens. The
user can then go back to the Log File Transfer screen to view the status of the transfer.
Note: Log file transfer can also be done via CLI.

....................................................................................................................................................................................................................................
1830 PSS
2-29
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

System access control

System access control prevents an otherwise authenticated (valid) user from unauthorized
access. Not all system resources are available to every user, and restricting resource
availability is extremely important to securing a safe and trusted network. System access
control allows only authorized users access to the NE. Access control level is associated
with each user and is maintained through the User Security Level attribute.
To execute any command, a user needs a User Security Level (User Access Privilege)
including the Command Security Level (Command Access Privilege) assigned to the
command being executed. If the user is denied the privilege of executing a command due
to an insufficient User Security Level, the system indicates to the user that the command
request is invalid due to insufficient privileges.
All physical ports of the NE exercise system access control. This includes direct access
serial and LAN ports (CIT, external OAMP network access, etc.) and access via an
Embedded Communications Channel (ECC) as in the case of GCC between the 1830-PSS
and the 1830-PSS1 (Edge Device).
Any failed login attempt immediately reports to the user that the login process has failed
or is invalid. Information such as invalid user ID or invalid password is not reported.
The NE performs the entire user authentication procedure even if the UID that is entered
is not valid. After a failed login attempt, the system delays for 2 seconds prior to
presenting the next login prompt. This applies to human interaction interfaces (e.g. CLI,
TL1, WebUI).
After the maximum number of consecutive invalid login attempts for a session has been
reached, the system records in the security log the IP address of the source along with the
UID and an intrusion transient condition is reported.
Access control lists (ACL)

The system supports access control lists (ACL) functions.


Filters

The WebUI supports viewing a list of all filters and their associated patterns. Each filter
may be associated with up to 256 patterns. The WebUI also supports creating a new filter.
Up to 100 filters may be defined on the system
The WebUI supports adding a pattern to an existing Filter ID. When adding a pattern, the
WebUI displays a picklist of existing patterns that are not already associated with this
filter to choose from. The user must specify a Pattern Index with each selected pattern.
The WebUI also supports deleting a pattern from an existing Filter ID. A filter can only be
deleted when all patterns have been removed for this filter.
Note: If the user specifies a Pattern Index that is already associated with this Filter ID,
the WebUI will delete the existing Pattern/Filter pair and create a new one with the
specified Pattern ID/Index.
....................................................................................................................................................................................................................................
1830 PSS
2-30
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Patterns

The WebUI supports viewing a list of all patterns used for IP access control. The WebUI
also supports creating, modifying, deleting, and viewing of patterns. A pattern can only be
deleted if it is not associated wth a filter.
Ports

The WebUI supports viewing a list of all port to ACL filter associations.
The WebUI allows a user to create, modify, and view an association between an ACL
filter and a specified port and direction. When creating or modifying an association, the
WebUI displays a picklist of existing filters to choose from. An association between a
filter and port/direction can also be deleted.
Note: Up to 2 filters can be associated with each port, one in the Receive direction
and one in the Transmit direction. If a filter/port association already exists in a
direction, the WebUI will not allow the creation of another association to this port in
the same direction.
The following ports support ACL filtering.
Table 2-4

Ports that support ACL filtering

Card

Port

Signal Rate

112PDM11

L1

OTL4.4

11DPE12

L{1-2}

OTU2

11DPE12A, 11DPE12E

L{1-2}

OTU2

11DPM12

L{1-2}

OTU2

11QPA4, 11QPEN4

L{1-4}

OTU2

11QPA4, 11QPEN4

C{1-4}

OTU2

11QPE24

X{1-4}

OTU2, 10GbE

11STAR1, 11STAR1A

L1

OTU2

11STAR1, 11STAR1A

C1

OTU2

11STMM10

C{1-10}

OTU1

4DPA4

L{1-2}

OTU1

A2325A, AHPHG, AHPLG,


ALPHG,

OSC

A2P2125, AM2125A,
AM2318A, OSCT

OSCSFP

MTC1T9

E1, E2, OAMP

USRPNL

E1, E2, OAMP, VOIP

....................................................................................................................................................................................................................................
1830 PSS
2-31
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

For the following ports, the user can view the system-defined port/filter associations. The
user may not edit the associations for these ports.
Table 2-5

System-defined port/filter associations

Card

Port

EC

CIT

EC (PSS-16, PSS-32 only)

AUX

EC

LAN-PPP

EC

LAN-NODE

MTC1T9

CIT

MXEC320H
MTC1T9

LAN-PPP

MXEC320H
MTC1T9

LAN-NODE

MXEC320H

Optical intrusion detection

The optical intrusion detection feature gives the user the ability to have an optical
intrusion alarm raised upon detection of an outside plant fiber loss. A span loss could be
due to a hacker stripping away the fiber cladding and bending the fiber to cause light
leakage.
The system allows the user the ability to set the threshold values and retrieve baseline
values and threshold values for each optical line. Provisioning of optical intrusion
detection settings is supported on the following cards: A2325A, AHPHG, AHPLG,
ALPHG, AM2125A, AM2125B, AM2318A and OSCT.
The WebUI allows the user to set the Optical Intrusion Loss Threshold value. The
system will raise a MAJ alarm Optical Intrusion Detected against the optical line (OTS)
if the loss detected is equal to or greater than the specified threshold limit during a given
interval. The system also allows a user to clear an optical intrusion detected alarm.
The WebUI supports modifying and viewing of the following optical intrusion detection
attributes

Monitoring Enabled

Span Loss (dB)


Baseline Span Loss (dB)
Loss Theshold (dB)

Polling Period (seconds).

....................................................................................................................................................................................................................................
1830 PSS
2-32
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Data Center Connect (DCC)

General risks can be related to inadequate security policies or human factors. Security
processes often rely on well-designed controls that ensure the confidentiality, integrity,
and availability of data and services for the data center. TheAlcatel-Lucent 1830 Photonic
Service Switch (PSS) DWDM platform provides integrated physical layer encryption that
lowers data center security risks and increases data confidentiality, integrity, and
availability, based on security best practices and common security frameworks used in
data center environments.
Data integrity means detecting and avoiding unauthorized access to, or modification of,
data. The Alcatel-Lucent 1830 PSS provides several security mechanisms to ensure the
integrity of data communication services across the DCC, and the integrity of the
equipment itself. Comprehensive security logs allow an administrator to detect
non-authorized changes to device configuration, complemented by real-time intrusion
prevention alarms. Optical intrusion detection (OID) constantly checks the status of each
optical fiber by monitoring changes in optical loss. A threshold value can be set to raise
an alarm for possible optical intrusion when the optical loss changes beyond the
configured level.
DCC transport risks are related to the uncertainty that vulnerabilities could be exploited to
damage or remove sensitive data assets. To reduce the opportunity for attack, and
therefore the security risk, the Alcatel-Lucent 1830 PSS can be enabled to function in
secure mode, which provides a hardened device configuration with the following
restrictions:

Only the essential logical and physical ports needed to manage the system are open
Software debug functions are disabled
Services of the embedded OS are disabled, as well as any interactive OS access

Only secure NE management protocols such as Secure Sockets Layer (SSL) and
SNMPv3 are supported

Alcatel-Lucent 1830 PSS also supports the security of the optical links within the DCC
with the following capabilities:

Optical intrusion detection (OID) on spans with threshold alarms

Layer 1 hardware encryption @ 10G line rate providing:


Lower latency

Lower cost per encrypted bit


Protocol independence
AES256 + FIPS & Common Criteria compliance

Dynamic key management for private and hybrid/private clouds

....................................................................................................................................................................................................................................
1830 PSS
2-33
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System security features
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

The Alcatel-Lucent 1830 PSS supports the following interface types for DCC
applications:

Fast Ethernet, Gigabit Ethernet, 10GigE (LAN andWAN), and 100GigE


4x10GigE Muxponder (40G) and 10x10GigE Muxponder (100G)
Fiber Channel 1G, 2G, 4G, 8G, and 10G

FICON 1G, and 2G; and FICON-Express


BM Intersystem Channel ISC-3 peer-mode
Video: SD-SDI, HD-SDI, DVB-ASI
Transponderless (direct connection) support of ITU-grid wavelengths from external
equipment

For additional details of the Secure Data Center Connect (DCC) application, see the
Alcatel-Lucent 1830 PSS Product Information and Planning Guide.

....................................................................................................................................................................................................................................
1830 PSS
2-34
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Authentication
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Authentication
Overview

Authentication is the act of verifying a claimed identity, providing a basis for setting up
private communications with full data integrity and logging management activity. The
system supports the following different methods of authentication.

RADIUS authentication

Local NE Authentication
SNMP

RADIUS authentication

RADIUS allows the user to be authenticated and authorized at the same time. The
RADIUS server is provisioned with one or more user profile or profiles. Based on the
user profile and user class definitions, the RADIUS server not only allows the user to
have access to the NE, but also grants the user the user's privilege level. The RADIUS
client works with Steel-Belted RADIUS, WinRADIUS, and FreeRadius servers. The NE
supports provisioning of up to 2 RADIUS Servers. The administrative privilege user can
add/delete the specific RADIUS server.
The following applies:

The administrative privilege user can Enable/Disable the RADIUS servers without
deleting their configuration.
When two servers are configured and enabled, the NE queries the second RADIUS
server (RAD2) only if the first server (RAD1) does not respond after the appropriate
timeout and retries.
Web users are authenticated from the local stored database regardless of whether
RADIUS is enabled.
SNMP users are not authenticated by RADIUS.
RADIUS functionality can be used regardless of whether the NE is in encrypted or
normal mode.
A login by the Service user is never authenticated using RADIUS for any user
interfaces (CLI, TL1, WebUI). The authentication for the Service user is always local.

Table 2-6

RADIUS authentication - VSA information

Vendor Code

7483

Conforms to RADIUS RFC

Yes

Vendor-assigned attribute number

2 for NMS

Attribute format

Decimal

....................................................................................................................................................................................................................................
1830 PSS
2-35
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Authentication
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Table 2-6

RADIUS authentication - VSA information

Attribute value

(continued)

0 for observer
1 for provisioner
2 for admin

RADIUS attributes

The NE supports configuring the following general RADIUS attributes:

Timeout: This is the timeout (in seconds) for the NE to wait for a response from the
RADIUS server. A failure is declared after the timeout is elapsed. The supported value
range for timeout is 1 to 1000. The default value is 5.
Retries: This is the number of attempts that the NE will try to contact the specified
RADIUS server that has failed to respond during the previous request(s). If there is no
response from the server after the specified tries, then the NE will try to contact the
second RADIUS server if one is provisioned. The supported value range for retries is
1 to 100. The default value is 3.

The NE supports the following RADIUS server attributes. The RADIUS attributes can be
configured, edited, deleted, and retrieved by a user with appropriate administrative
privilege. The "sharedSecret" parameter cannot be retrieved.

ServerNum: This is the AID for the RADIUS server. The acceptable values are RAD1
and RAD2.
IPAddr: This is the IP address of the specified RADIUS server.
Port: This is the authentication port of the RADIUS server. The valid value is from 1
to 65000. The default port value is 1812.
sharedSecret: This is the shared secret key between the NE and the target RADIUS
server. This key is an ascii string between 5 to 32 characters.
Status: This is RADIUS server status. The valid values are the following
Enabled - The RADIUS server is online. This is the default value.

Disabled - The RADIUS server is offline.

The NE supports configuring the following authentication ordering behavior options that
can be configured and retrieved by a user with appropriate administrative privilege.

LOCAL: Authentication is based on the local NE's security database. This is the
default.
RADIUS: Authentication is based on the RADIUS server's database.
RADIUS-THEN-LOCAL: The authentication is attempted first using the RADIUS
server's database. If the RADIUS server is not reachable then authentication is based
on local NE's security database.
Note: If the RADIUS server is reachable and the user profile does not exist in
RADIUS server's database, then the authentication fails and the user is denied access.

....................................................................................................................................................................................................................................
1830 PSS
2-36
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Authentication
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Local NE authentication

Local NE Authentication is accomplished via the UID and PID pair created and stored on
the local NE.
Note: The access to the database (for authentication) of the NE where user profiles
are stored, is allowed only on a local connection. This is for the Service user to access
locally via connection to RS232 or local CIT port.
SNMP authentication

The local NE can authenticate and authorize users based on SNMP. SNMP provides for
both security versions and security levels. A security version is an authentication strategy
that is set up for a user and the group in which the user resides. A security level is the
permitted level of security within a security version. A combination of a security version
and a security level will determine which security mechanism is employed when handling
an SNMP packet. Three security versions are available: SNMPv1, SNMPv2c, and
SNMPv3.
The following applies to SNMP:

The NE supports separate DB records for SNMPv3 users. SNMPv3 users are different
from the CLI/TL1/WebUI users. SNMPv3 users can be provisioned via 1354
RM-PhM or WebUI.

The system supports creation of a default SNMP user at initial startup with a known
password. This known password permits 1354 RM-PhM to perform auto-discovery of
NEs. The default SNMP user cannot be deleted. It can only be disabled.
The NE supports changing SNMPv3 users' authentication (auth) and privacy (priv)
passwords.
The system supports enabling and disabling SNMP users.

The NE supports sending Authentication Failure traps and supports enabling and
disabling the sending of Authentication Failure Traps.
The system allows cloning a new SNMP user from an existing user.
Even if RADIUS authentication is enabled on the system, login access to the NE via
SNMP is always based on the UID and PID pair resident on the NE.
Note: Following are two scenarios when the user must update SNMPv3 passwords:
1. Upgrading from a previous release.
After the upgrade, the authentication (auth) and privacy (priv) passwords for
SNMPv3 default user (v3DefaultUser) must be updated.
2. Following a change to the loopback IP address (including the initial loopback IP
address provisioning from its default value).
After the warm restart, the authentication (auth) and privacy (priv) passwords for
all SNMPv3 users, including the ones for SNMPv3 default user (v3DefaultUser).
must be updated.

....................................................................................................................................................................................................................................
1830 PSS
2-37
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Authentication
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Note: If loopback IP address change is followed immediately with clearing


database (without also clearing IP addresses), there is no need to update SNMPv3
passwords.
NTP server authentication

The NTPv4 protocol supports authentication using either symmetric key or public key
cryptography. Alcatel-Lucent 1830 PSS implements authentication using the symmetric
key cryptography feature. This method ensures an unbroken chain of trust between the
client system and the primary servers at the root of the timing distribution network. This
chain is known as the provenance of the client. The protocol provides the credentials to
ensure that the source of the timing signal is not being spoofed since the attacker does not
have the cryptographic key information to provide authentic credentials.
When authentication is in use, every message contains a message authentication code
(MAC) appended to the NTP header in the message. The MAC is calculated using a
cryptographic hashing algorithm (in the form of SHA-1 or MD5) to produce a
mathematical fingerprint that uniquely identifies each message. The hashing algorithm
used is up to the user. Under the symmetric key method, both the server and the client
share a key, that is distributed outside this protocol. The server uses the key to create the
MAC. When the message arrives, the client uses the key to create its own version of the
MAC. The client then compares its calculation to the MAC inserted in the message.
When the two codes match the client concludes that the message was indeed sent from
the intended server.
SNMP trap destinations

The system supports editing and retrieval of SNMP trap destinations. Trap destinations
are SNMP managers provisioned to listen to traps coming from the NE. These SNMP
managers may or may not also be actively managing the NE.
The following SNMP trap server attributes are supported:

ID - this is the ID of the SNMP trap server. The system supports up to 10 remote trap
servers. This value is required to discern which trap server the user is addressing.
Possible values are 1 thru 10.
Destination IP - this is the IP address of the SNMP trap server. Specifies the IP
address of the server that serves as the trap destination.
String - this is the community string sent to the SNMP trap server. It is an ascii string
from 1 to 32 characters.
Port - this is the (IP address) port of the SNMP trap server. Specifies the IP address
port of the server that serves as the trap destination.
Timeout - Specifies the time (round trip), in hundreths of a second, after which the
connection times out if no reply is received. Following a timeout, a retry is attempted,
up to the number of retries specified by the retry variable.

....................................................................................................................................................................................................................................
1830 PSS
2-38
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Authentication
Security management and user administration on the WDM
application
....................................................................................................................................................................................................................................

Retry Count - Specifies an integer value for the number of times the network element
will attempt to retry the connection in the event of a timeout.
SNMP version - the SNMP version to use when formatting the trap. Valid versions are
v1, v2c, and v3.
NMS Station Group ID - Specifies an integer value that uniquely identifies the NMS
workstation serving as the trap destination. (Use 0 for all third party SNMP trap
servers).
Note: Traps are sent in SNMPv2 or SNMPv3 format, depending on the security level
of the NE. If the NE is encrypted, then all traps are encrypted, so the traps will be in
v3 format. All SNMPv3 traps are sent with the SNMPv3 default user. In normal
mode, the version can be v2 or v3.

SNMP community strings

The system supports creation, editing, deletion, and retrieval of SNMP community
strings. Community strings are necessary for authentication (e.g. if the manager comes
into the NE via SNMPv2). Provisioning of these tasks is accomplished via CLI, WebUI,
and SNMP.
Note: If the NE is in encrypted mode, the user can still configure these community
strings, but the remote SNMP manager will connect via SNMPv3.
The following SNMP community attributes are supported:

SNMPComID this is the ID of the SNMP community. The system supports up to 5


pre-configured communities, one for each of the user privilege classes. Possible
values are: admin, provisioner, observer, nms, and 3rdpnms. This parameter requires a
value.
String this is the community string sent from the SNMP manager to the NE. It is an
ascii string from 1 to 32 characters. Based on the string and the privilege level
inherited from the SNMPComID, the NE will either process or deny the SNMP
request. The string must be unique (there cannot be duplicate strings) and the string
cannot start or end with a blank space.
The SNMP string is checked every time an SNMP request is processed by the NE. If
there is a match, then the NE will further check the privilege level of that string to
ensure that the request can be granted given the command privilege level. If the string
does not match any string defined in the NE, the request fails and the NE returns a
failure message. If the privilege level is inadequate for the request being asked, then
the NE returns a failure message, otherwise, the request is processed.

....................................................................................................................................................................................................................................
1830 PSS
2-39
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Overview
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Administer user logins on the OCS application


using the Alcatel-Lucent 1830 PSS ZIC
Overview
Purpose

The following procedures are to be used for user management. It is suggested to use
User administration concept (p. 2-6) as an entry point for user administration activities.
Furthermore, it is recommended to have a list prepared of all the users that probably will
need to have access to the Alcatel-Lucent 1830 PSS ZIC and the NEs, especially if
several user logins are to be created or modified for different NEs. The list should contain
the designated user IDs, associated passwords, access privileges and other related security
parameters, and should be as complete as possible.
Contents
Procedure 2-1: Create a user login

2-42

Procedure 2-2: Set system-wide user security parameters

2-45

Procedure 2-3: Display system-wide user security parameters

2-49

System-wide user security parameters

2-50

Procedure 2-4: Delete a user login

2-52

Procedure 2-5: Inhibit a user login

2-53

Procedure 2-6: Allow a user login

2-54

Procedure 2-7: Display user property information

2-55

Procedure 2-8: Edit user logins

2-56

Procedure 2-9: Log off user

2-59

Procedure 2-10: Retrieve information on all active user logins

2-60

Procedure 2-11: Change password

2-61

Procedure 2-12: Send a short free form text message to other users

2-63

Procedure 2-13: Modify command access security level assigned to a TL1


command.

2-65

Procedure 2-14: Display command access security level assigned to a TL1


command

2-67

Command access security level assigned to a TL1 command

2-68

....................................................................................................................................................................................................................................
1830 PSS
2-40
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Overview
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-15: Copy security sensible files or data from/to an NE to/from a


remote file server

2-69

Security File Transfer

2-73

Procedure 2-16: Configure SSL authentication for ZIC to NE communication


(high-level procedure)

2-75

Procedure 2-17: Install a certificate for SSL authentication

2-76

Procedure 2-18: Generate a new SSL key for SSL authentication

2-77

Procedure 2-19: Request a new certificate for SSL authentication

2-79

Certificate for SSL authentication

2-80

Procedure 2-20: Generate a new SSL key for SSL authentication

2-81

Current NE Public Key.

2-82

Procedure 2-21: Configure RADIUS server attributes

2-83

Procedure 2-22: Modify RADIUS server attributes

2-86

Procedure 2-23: Set RADIUS server authentication parameters

2-88

Procedure 2-24: Delete a RADIUS server

2-90

....................................................................................................................................................................................................................................
1830 PSS
2-41
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-1: Create a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-1: Create a user login


When to use

Use this procedure to create a user login.


Important! Please note that any user administration changes will not take effect until
the next login session.
Each new created user has to change his password at first log in. After changing his
password the user has to exit the Alcatel-Lucent 1830 PSS ZIC and to relaunch a new
session using the new password.
Related TL1 commands

The following TL1 commands are related to this procedure:

ENT-USER-SECU

Before you begin


Required privileges

You must have a User Community Authorization Level of 5 to perform this task.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC navigation pane, select System NE Security
Users.
Then select Create User, either by selecting Action from the main menu or by using the
context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Create User window opens.
...................................................................................................................................................................................................

Place the cursor in the User Identifier text box, then type in the User Identifier assigned
to the new user.
Reference: See User identifiers (p. 2-8).
...................................................................................................................................................................................................

Place the cursor in the Password text box, then type in the password assigned to the new
user.

....................................................................................................................................................................................................................................
1830 PSS
2-42
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-1: Create a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

The password may be preliminary. Each user is permitted to change her/his own
password.
Reference: See Passwords (p. 2-10).
...................................................................................................................................................................................................

Place the cursor in the Re-EnterPassword text box, then type in the password again.
The password may be preliminary. Each user is permitted to change her/his own
password.
Reference: See Passwords (p. 2-10).
...................................................................................................................................................................................................

Place the cursor in the User Community Authorization Level text box and enter the
respective User Community Authorization Level for the new user.
Reference: See User community authorization level (UCAL) (p. 2-9).
...................................................................................................................................................................................................

Place the cursor in the User Name text box, then type in the User Name assigned to the
new user.
...................................................................................................................................................................................................

In the field Link Timer select the respective value.


The User Session Activity Link Timer specifies the amount of time (in minutes) that the
User Session link must be inactive with regards to user input before a user session link
timeout occurs.

0
Disabled, no user session link timeout will occur.

1 to 999
Time in minutes, indicates the LNKTMR time interval. A user session link timeout
occurs if the user session link is inactive with regards to user TL1 input for the time,
in minutes, indicated.

...................................................................................................................................................................................................

In the field Fixed Password you can specify whether the user is created with the ability to
change his/her password.

Yes. The password is fixed and cannot be changed by the user.

No. The password is not fixed and can be changed by the user.

....................................................................................................................................................................................................................................
1830 PSS
2-43
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-1: Create a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Users with fixed password is cannot login multiple times despite the MAXSESSION
setting.
...................................................................................................................................................................................................

Make sure that the settings in the Create User window are correct.
...................................................................................................................................................................................................

10

Click Apply to add the new user login.


Result: The user is added into the list of users.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-44
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-2: Set system-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-2: Set system-wide user security parameters


When to use

Use this procedure to set system-wide user security parameters.


Note: You must have security administrator privileges.
Related TL1 commands

The following TL1 commands are related to this procedure:

SET-ATTR-SECUDFLT

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens.
...................................................................................................................................................................................................

In the Password Aging Interval spin box select the desired value. You can also enter the
value directly.
Additional information The Password Aging Interval indicates the number of days

that a user password (PID) is aged before the system prompts the user to change to a
new password.

Zero, Password aging on user accounts is disabled. User passwords are not
deactivated/disabled by password aging.

1-360

....................................................................................................................................................................................................................................
1830 PSS
2-45
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-2: Set system-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Password Aging Interval in days.


...................................................................................................................................................................................................

In the Minimum Password Aging Interval spin box select the desired value. You can also
enter the value directly.
Additional information The Minimum Password Aging Interval indicates the

number of days that a user password (PID) is aged before the user is allowed to
change to a new password.

Zero, Minimum Password aging on user accounts is disabled. User passwords can
be changed without a minimum aging.

1-360

Password Aging Interval in days.


...................................................................................................................................................................................................

In the Pre Expiration Password Interval spin box select the desired value. You can also
enter the value directly.
Additional information The Pre Expiration Password Interval indicates the number
of days that an NE sends a message to a user for alerting of the next password
expiration.

0 Zero, Pre Expiration on user accounts is disabled. No alert message will be sent.

1-7

Pre Expiration Password Interval in days.


...................................................................................................................................................................................................

In the Max Failed Attempts spin box select the desired value. You can also enter the
value directly.
Additional information The Max Failed Attempts indicates the maximum number of

failed login attempts before an NE logs out a user and locks out the user channel.

Zero, Max Failed Attempts on user accounts is disabled. No limit to the failed
login attempts.

1-15

Max Failed Attempts.


...................................................................................................................................................................................................

In the Password History spin box select the desired value. You can also enter the value
directly.

....................................................................................................................................................................................................................................
1830 PSS
2-46
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-2: Set system-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Additional information The Password History indicates the number of last used

password to be used for the comparison with the new password, when entered for
changing. The new password must be different from all of the passwords in the
history.

Zero, Password History on user accounts is disabled.

1-15

Number of passwords stored in the password history.


...................................................................................................................................................................................................

In the Keep Alive Message Interval spin box select the desired value. You can also enter
the value directly.
Additional information The Keep Alive Message Interval indicates the time interval

in minutes after which the NE sends a KEEP^ALIVE^MESSAGE on a TCP


connection inactivity.

Zero, KEEP^ALIVE^MESSAGE sending is disabled.

1-240

KEEP^ALIVE^MESSAGE timeout value, in minutes.


...................................................................................................................................................................................................

In the Maximum Sessions spin box select the desired value. You can also enter the value
directly.
Additional information The Maximum Number of Simultaneous Sessions defines

the number of simultaneous sessions allowed per UID. Attempts to activate more
sessions for a given UID than allowed by this parameter are denied. The value can be
provisioned using this parameter, on a system-wide basis for accounts where the user
is able to change their password. For users who are unable to change their password,
the maximum number of simultaneous sessions is limited to 1.

1-6

The number of simultaneous sessions allowed on the NE for any user that is able
to change their password. Only 1 session is allowed for users that are unable to
change their password.
...................................................................................................................................................................................................

10

In the User Session Activity Link Timer Defaul spin box select the desired value. You
can also enter the value directly.

....................................................................................................................................................................................................................................
1830 PSS
2-47
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-2: Set system-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Additional information The User Session Activity Link Timer Default specifies

system's default value for the amount of time (in minutes) that the User Session link is
inactive with regards to user TL1 input/output, before a user session link time-out
occurs.

Disabled, no user session link time-out will occur.

1-999

Time in minutes, indicates the LNKTMR time interval. A user session link
time-out occurs if the user session link is inactive with regards to user TL1
input/output for the time, in seconds, indicated.
...................................................................................................................................................................................................

11

Make sure that the settings in the window are correct.


...................................................................................................................................................................................................

12

Click Apply to apply your settings.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-48
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-3: Display system-wide user security
Administer user logins on the OCS application using the
parameters
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-3: Display system-wide user security parameters


When to use

Use this procedure to display system-wide user security parameters.


Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-DFLT-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens displaying system-wide user security

parameters.
Reference: See System-wide user security parameters (p. 2-50).
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-49
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

System-wide user security parameters


Parameter description

The following parameters are available:


Parameter ...

Meaning...

Password Aging Interval

The Password Aging Interval indicates the number of days that a


user password (PID) is aged before the system prompts the user to
change to a new password.

Zero, Password aging on user accounts is disabled. User


passwords are not deactivated/disabled by password aging.

1-360

Password Aging Interval in days.


Minimum Password
Aging Interval

The Minimum Password Aging Interval indicates the number of


days that a user password (PID) is aged before the user is allowed to
change to a new password.

Zero, Minimum Password aging on user accounts is disabled.


User passwords can be changed without a minimum aging.

1-360

Password Aging Interval in days.


Pre Expiration
Password Interval

The Pre Expiration Password Interval indicates the number of days


that an NE sends a message to a user for alerting of the next
password expiration.

0 Zero, Pre Expiration on user accounts is disabled. No alert


message will be sent.

1-7

Pre Expiration Password Interval in days.


Max Failed Attempts

The Max Failed Attempts indicates the maximum number of failed


login attempts before an NE logs out a user and locks out the user
channel.

Zero, Max Failed Attempts on user accounts is disabled. No


limit to the failed login attempts.

1-15

Max Failed Attempts.

....................................................................................................................................................................................................................................
1830 PSS
2-50
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


System-wide user security parameters
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Parameter ...

Meaning...

Password History

The Password History indicates the number of last used password to


be used for the comparison with the new password, when entered
for changing. The new password must be different from all of the
passwords in the history.

Zero, Password History on user accounts is disabled.

1-15

Number of passwords stored in the password history.


Keep Alive Message
Interval

The Keep Alive Message Interval indicates the time interval in


minutes after which the NE sends a KEEP^ALIVE^MESSAGE on a
TCP connection inactivity.

Zero, KEEP^ALIVE^MESSAGE sending is disabled.

1-240

KEEP^ALIVE^MESSAGE timeout value, in minutes.


Maximum Sessions

The Maximum Number of Simultaneous Sessions defines the


number of simultaneous sessions allowed per UID. Attempts to
activate more sessions for a given UID than allowed by this
parameter are denied. The value can be provisioned using this
parameter, on a system-wide basis for accounts where the user is
able to change their password. For users who are unable to change
their password, the maximum number of simultaneous sessions is
limited to 1.

1-36

The number of simultaneous sessions allowed on the NE for any


user that is able to change their password. Only 1 session is
allowed for users that are unable to change their password.
User Session Activity
Link Timer Default

The User Session Activity Link Timer Default specifies system's


default value for the amount of time (in minutes) that the User
Session link is inactive with regards to user TL1 input/output, before
a user session link time-out occurs.

Disabled, no user session link time-out will occur.

1-999

Time in minutes, indicates the LNKTMR time interval. A user


session link time-out occurs if the user session link is inactive
with regards to user TL1 input/output for the time, in seconds,
indicated.

....................................................................................................................................................................................................................................
1830 PSS
2-51
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-4: Delete a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-4: Delete a user login


When to use

Use this procedure to delete a user login. Please note that default users cannot be deleted.
Related TL1 commands

The following TL1 commands are related to this procedure:

DLT-USER-SECU
Important! Any user administration changes will not take effect until the next login
session. If you delete a logged in user, he will be logged out.

Before you begin

The procedure itself is limited to the necessary steps to delete an existing user login using
the NE User Provisioning window.
Required privileges

You must have a User Community Authorization Level of 5 to perform this task.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem NE Security


Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main window.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Delete.
Result: A confirmation window opens.
...................................................................................................................................................................................................

Click on Yes in the confirmation window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-52
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-5: Inhibit a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-5: Inhibit a user login


When to use

Use this procedure to inhibit a user to log in to the system.


Related TL1 commands

The following TL1 commands are related to this procedure:

INH-USER-SECU
Important! Any user administration changes will not take effect until the next login
session. If you delete a logged in user, he will be logged out.

Before you begin

Prior to performing this task, you must be logged in to the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Inhibit User Login.
Result: A confirmation window opens.
...................................................................................................................................................................................................

Click on Yes in the confirmation window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-53
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-6: Allow a user login
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-6: Allow a user login


When to use

Use this procedure to allow reinstatement of a user that has been disabled by Procedure
2-5: Inhibit a user login (p. 2-53) or if the user has been inhibited due to exceeding the
number of failed login attempts (security INTRUSION alarm will be raised in such case)
and if the user has not logged in for a time longer than his individual User ID Aging
period.
Related TL1 commands

The following TL1 commands are related to this procedure:

ALW-USER-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem NE Security


Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Allow User Login.
Result: A confirmation window opens.
...................................................................................................................................................................................................

Click on Yes in the confirmation window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-54
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-7: Display user property information
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-7: Display user property information


When to use

Use this procedure to display user property information.


Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-USER-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens, displaying user profile information.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-55
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-8: Edit user logins
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-8: Edit user logins


When to use

Use this procedure to edit the existing user profile entries, identified by the User Identifier
(UID), in the User Security Database.
Note: You must have security administrator privileges.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-USER-SECU
Important! Any user administration changes will not take effect until the next login
session. Only a logged out user can be modified.

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens.
...................................................................................................................................................................................................

To modify the User Community Authorization Level select the desired value in the User
Community Authorization Level spin box.

....................................................................................................................................................................................................................................
1830 PSS
2-56
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-8: Edit user logins
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Reference: A user can be assigned a security level from 1 through 5. Level 5 is

reserved for users needing system administrator privileges.


...................................................................................................................................................................................................

Place the cursor in the User Name text box, then type in the User Name assigned to the
new user.
...................................................................................................................................................................................................

In the field User Session Activity Link Timer select the respective value.
The User Session Activity Link Timer specifies the amount of time (in minutes) that the
User Session link must be inactive with regards to user input before a user session link
timeout occurs.

0
Disabled, no user session link timeout will occur.

1 to 999
Time in minutes, indicates the LNKTMR time interval. A user session link timeout
occurs if the user session link is inactive with regards to user TL1 input for the time,
in minutes, indicated.

...................................................................................................................................................................................................

In the field User ID Aging Interval select the respective value.


The User ID Aging Interval specifies the aging or expiry interval of a particular User Id.
At the end of this interval, the UID is disabled if during this interval it has never been
used to set up a session.

0
UID aging is disabled.

1 to 999
Number of days left for the user to log in, before UID expiration.

...................................................................................................................................................................................................

In the field Fixed Password you can specify whether the user is created with the ability to
change his/her password.

Yes

Yes. The password is fixed and cannot be changed by the user.

No

No. The password is not fixed and can be changed by the user.

....................................................................................................................................................................................................................................
1830 PSS
2-57
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-8: Edit user logins
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Users with fixed password is cannot login multiple times despite the MAXSESSION
setting.
...................................................................................................................................................................................................

In the field Allowed IP you can enter a &-separated list of allowed source IP addresses for
login with the User Identifier.

An empty list indicates that login to UID is allowed from all IP addresses.
If the parameter is specified without value, then the IP address list is cleared (empty
list).

...................................................................................................................................................................................................

Make sure that the settings in the window are correct.


...................................................................................................................................................................................................

10

Click Apply to apply your settings.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-58
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-9: Log off user
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-9: Log off user


When to use

Use this procedure to log off a specified user.


Note: You must have security administrator privileges.
Related TL1 commands

The following TL1 commands are related to this procedure:

CANC-USER-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Loggoff.
Result: The Logoff User window opens.
...................................................................................................................................................................................................

Click Yes.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-59
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-10: Retrieve information on all active user
Administer user logins on the OCS application using the
logins
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-10: Retrieve information on all active user logins


When to use

Use this procedure to retrieve information on all active (connected) and/or authenticated
(logged on) users.
Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-STATUS

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem NE Security


Users.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select View Users Status.
Result: The View User Status window opens.

The retrieved information consists of:

the Session number

the User Identifier

the IP Address,
indicating where the user is connecting from. If the user is connected to the NE by
means of a TCP/IP connection the address is in the form {0-255}-{0-255}-{0-255}{0-255}. If the user is connected by the OSI stack the address is ECC, and if the user is
connected on the CIT LAN port, the address is FDBGLAN.

OMSID, the 1350 OMS operator name, in the case of login from OMS (ZIC).

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1830 PSS
2-60
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-11: Change password
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-11: Change password


When to use

Use this procedure to change a user password.


Actually, this covers two scenarios:

Normal

The user changes his/her own password, when required, unless the user has UCAL=5
or has fixed password.
The user Password Identifier (PID) must be changed periodically, depending on the
password aging period, minimum password aging period and password history of the
old last passwords not to be reused.
When a PID is changed, the new password must differ from the old password(s). In
order to avoid that a password can get accidentally echoed if invalid syntax is used,
the responsemessage echoes only the TL1 command name without any parameter.
The new password is to be entered twice, to avoid mis-typed password, with
consequent impossibility of logging in.

Forced

The administrator user changes another users password. This can only be done when
the other user is logged out (-> CANC-USER-SECU procedure). Password History
and Minimum Password Age do not apply to this case. Entry of the old password is
not required.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-PID
ED-USER-SECU

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

....................................................................................................................................................................................................................................
1830 PSS
2-61
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-11: Change password
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem NE Security


Users.
Select a user in the list displayed in the right part of the Alcatel-Lucent 1830 PSS ZIC
main menu.
...................................................................................................................................................................................................

If

then

you want to change your own password,

Either by selecting Action from the main menu


bar or by using the context menu opened with
the right mouse button, select Change
Password Normal.

you want to change the password of another


user,

Either by selecting Action from the main menu


bar or by using the context menu opened with
the right mouse button, select Change
Password Forced.

Result: The Edit Password window opens.


...................................................................................................................................................................................................

Place the cursor in the Old Password text box, then type in the old password.
...................................................................................................................................................................................................

Place the cursor in the New Password text box, then type in your new password.
Reference: See Passwords (p. 2-10).
...................................................................................................................................................................................................

Place the cursor in the Re-Enter New Password text box, then type in your new password
again.
Reference: See Passwords (p. 2-10).
...................................................................................................................................................................................................

Click on OK.
Important! Please note that any user administration changes will not take effect until
the next login session.
After changing your password you have to exit the Alcatel-Lucent 1830 PSS ZIC and
to relaunch a new session using your new password.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-62
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-12: Send a short free form text message to
Administer user logins on the OCS application using the
other users
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-12: Send a short free form text message to other


users
When to use

Use this procedure to send a short free form text message to other users.
Related TL1 commands

The following TL1 commands are related to this procedure:

SEND-USER-MSG::ALL

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
...................................................................................................................................................................................................

If you want to sent a


message

Then

to all users

Either by selecting Action from the main menu bar or by using


the context menu opened with the right mouse button, select
Send Message All.

to a single user

Select a user in the list displayed in the right part of the


Alcatel-Lucent 1830 PSS ZIC main menu.
Either by selecting Action from the main menu bar or by using
the context menu opened with the right mouse button, select
Send Message.

....................................................................................................................................................................................................................................
1830 PSS
2-63
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-12: Send a short free form text message to
Administer user logins on the OCS application using the
other users
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Result: The Send User Message window opens.


...................................................................................................................................................................................................

Place the cursor in the Message text box, then type in the message to be submitted.
...................................................................................................................................................................................................

Click on Apply.
Result: If you have sent a message to all users, a User Message screen pops showing
your message. You can close this screen by clicking on Close.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-64
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-13: Modify command access security level
Administer user logins on the OCS application using the
assigned to a TL1 command.
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-13: Modify command access security level


assigned to a TL1 command.
When to use

Use this procedure to change the command access security level (CCAL - Command
Community Authorization Level) assigned to a TL1 command.
Note: You must have security administrator privileges.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-CMD-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security TL1
Commands.
Select a TL1 Commands in the list displayed in the right part of the Alcatel-Lucent
1830 PSS ZIC main window.
You can select any one of the TL1 command codes excluding the following TL1
command codes (i.e. the following commands keep always the factory default value):

ACT-USER
CANC-USER

CANC-USER-SECU
DLT-USER-SECU
ENT-USER-SECU
ED-USER-SECU

ALW-USER-SECU
INH-USER-SECU
ED-CMD-SECU

....................................................................................................................................................................................................................................
1830 PSS
2-65
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-13: Modify command access security level
Administer user logins on the OCS application using the
assigned to a TL1 command.
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

SET-ATTR-SECUDFLT
SET-ATTR-SECULOG
INIT-SSH-KEY

...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens.
...................................................................................................................................................................................................

In the Command Community Authorization Level spin box select the desired value.
Additional information The Command Community Authorization Level, specifies

the command security level assigned to the specified TL1 command.

1-5

...................................................................................................................................................................................................

Make sure that the settings in the window are correct.


...................................................................................................................................................................................................

Click Apply to apply your settings.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-66
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-14: Display command access security level
Administer user logins on the OCS application using the
assigned to a TL1 command
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-14: Display command access security level


assigned to a TL1 command
When to use

Use this procedure to display command access security level assigned to a TL1 command.
Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-CMD-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Users.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Properties General window opens displaying the command access

security level assigned to the TL1 command.


Reference: See Command access security level assigned to a TL1 command

(p. 2-68).
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-67
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Command access security level assigned to a TL1 command
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Command access security level assigned to a TL1 command


Parameter description

The following parameters are available:


Parameter ...

Meaning...

Command

TL1 Command Code, specifies the TL1 command code for which
the security level is assigned.
The value can be any one of the TL1 command codes excluding the
following TL1 command codes (i.e. the following commands keep
always the factory default value):

Command Community
Authorization Level

ACT-USER

CANC-USER

CANC-USER-SECU

DLT-USER-SECU

ENT-USER-SECU

ED-USER-SECU

ALW-USER-SECU

INH-USER-SECU

ED-CMD-SECU

SET-ATTR-SECUDFLT

SET-ATTR-SECULOG

INIT-SSH-KEY

Specifies the command security level assigned to the specified TL1


command.

0-5

....................................................................................................................................................................................................................................
1830 PSS
2-68
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-15: Copy security sensible files or data from/to
Administer user logins on the OCS application using the
an NE to/from a remote file server
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-15: Copy security sensible files or data from/to


an NE to/from a remote file server
When to use

Use this procedure to copy security sensible files or data from/to an NE from/to a remote
file server.
Note: This procedure is allowed to security administrators only.
The following types of file transfer are supported:

NE Public SSH Key from NE to remote file server


NE Public SSL Key in PEM format from NE to remote file server

NE CSR file in PEM format from NE to remote file server


NE X509 Certificate file in PEM format from remote file server to NE
OMS X509 CA Root Certificate file in PEM format from remote file server to NE
User Activity Log (UAL) File in zipped text format from NE to remote file server

The following file names, for the files to be transferred, shall be applied:

id_rsa.pub, for the file with the NE Public SSH Key, generated by RSA, to be
transferred from NE to remote file server
id_dsa.pub, for the file with the NE Public SSH Key, generated by DSA, to be
transferred from NE to remote file server
sslcsr.pem, for the NE CSR file in PEM format, to be transferred from NE to RFS
sslcert.pem, for the NE X509 Certificate file in PEM format, to be transferred from
RFS to NE

Related TL1 commands

The following TL1 commands are related to this procedure:

COPY-RFILE-SECU

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

....................................................................................................................................................................................................................................
1830 PSS
2-69
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-15: Copy security sensible files or data from/to
Administer user logins on the OCS application using the
an NE to/from a remote file server
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Log File Transfer
Start Copy.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Properties General.
Result: The Security File Transfer window opens.
...................................................................................................................................................................................................

In the FROM spin box select the entity to be transferred.


The following types are supported:

LOCSSHKEY

Local NE SSH Public Key

LOCSSLKEY

Local NE SSL Public Key in PEM format

LOCCSRPEM

Local NE CSR File in PEM format

RFSX509PEM

Remote X509 Certificate File in PEM format

LOCALUAL

Local NE User Activity Log File in zipped text format


Additional information
...................................................................................................................................................................................................

In the TO spin box specify the entity that gets created as the result of the command
completion:

RFSSSHKEY

Remote NE SSH Public Key

RFSSSLKEY

Remote NE SSL Public Key in PEM format

RFSCSRPEM

Remote NE CSR File in PEM format

LOCX509PEM

....................................................................................................................................................................................................................................
1830 PSS
2-70
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-15: Copy security sensible files or data from/to
Administer user logins on the OCS application using the
an NE to/from a remote file server
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Local X509 Certificate File in PEM format

RFSUAL

Remote File Server User Activity Log File in Text Zipped format)
Additional information

The following table shows the allowed combinations for the parameters FROM and TO
FROM

TO

LOCSSHKEY

RFSSSHKEY

LOCALUAL

RFSUAL

...................................................................................................................................................................................................

In the field Protocol specify the protocol to be used.


Note: Only sftp is supported.
...................................................................................................................................................................................................

In the field LOCATION:User ID enter the user identifier used for the connection on the
RFS.
...................................................................................................................................................................................................

In the field LOCATION:Password enter the user password used for the connection on the
RFS.
...................................................................................................................................................................................................

In the field LOCATION:FtpHost enter the IP address of the host (the Remote File Server).
...................................................................................................................................................................................................

In the field LOCATION:Port enter the port number to connect to.


Most schemes designate protocols that have a default port number.
The default port number for sftp is 22.
...................................................................................................................................................................................................

10

In the field LOCATION:Url-Path specify the details of how the specified resource (i.e. the
directory where the file(s) reside) can be accessed.
The following syntax has to be used:
[/]<cwd1;>/<cwd2;>/.../<cwdN;>

where <cwd1;> through <cwdN;> are strings that identify directories.


With a leading '/' character, the path is interpreted as an absolute file path inside the RFS's
file system.
....................................................................................................................................................................................................................................
1830 PSS
2-71
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-15: Copy security sensible files or data from/to
Administer user logins on the OCS application using the
an NE to/from a remote file server
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Without the optional leading `/` character, the path is interpreted as a file path relative to
the users's login directory.
...................................................................................................................................................................................................

11

In the field From Date and Time specify the beginning date and time used to filter the
logged events from the seculog buffer.
The following syntax has to be used:
{03-37}-{01-12}-{01-31}-{00-23}-{00-59}- {00-59}
...................................................................................................................................................................................................

12

In the field To Date and Time specify the ending date and time used to filter the logged
events from the seculog buffer.
The following syntax has to be used:
{03-37}-{01-12}-{01-31}-{00-23}-{00-59}- {00-59}
...................................................................................................................................................................................................

13

Click on Send.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-72
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security File Transfer
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Security File Transfer


Parameter description

The following parameters are available:


Parameter ...

Meaning...

FROM

Specifies the entity to be transferred.


The following types are supported:

LOCSSHKEY

Local NE SSH Public Key

LOCALUAL

Local NE User Activity Log File in zipped text format


TO

Specifies the entity that gets created as the result of the command
completion:

RFSSSHKEY

Remote NE SSH Public Key

LOCALUAL

Remote File Server User Activity Log File in zipped text format
The following list shows the allowed combinations for the
parameters FROM and TO

LOCSSHKEY RFSSSHKEY

LOCALUAL RFSUAL

Protocol

Specifies the protocol to be used. Only sftp is supported.

LOCATION:User ID

Specifies the user identifier used for the connection on the RFS.

LOCATION:Password

Specifies the user password used for the connection on the RFS.

LOCATION:FtpHost

Specifies the IP address of the host (the Remote File Server).

LOCATION:Port

Specifies the port number to connect to.


Most schemes designate protocols that have a default port number.
The default port number for sftp is 22.

....................................................................................................................................................................................................................................
1830 PSS
2-73
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Security File Transfer
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Parameter ...

Meaning...

LOCATION:Url-Path

Specifies the details of how the specified resource (i.e. the directory
where the file(s) reside) can be accessed.
The following syntax has to be used:
[/]<cwd1>/<cwd2>/.../<cwdN>
[/]<cwd1;>/<cwd2;>/.../<cwdN;>

where <cwd1;> through <cwdN;> are strings that identify


directories.
With a leading '/' character, the path is interpreted as an absolute file
path inside the RFS's file system.
Without the optional leading `/` character, the path is interpreted as a
file path relative to the users's login directory.
From Date and Time

Specifies the beginning date and time used to filter the logged
events from the seculog buffer.
The following syntax has to be used:
{03-37}-{01-12}-{01-31}-{00-23}-{00-59}- {00-59}

To Date and Time

Specifies the ending date and time used to filter the logged events
from the seculog buffer.
The following syntax has to be used:
{03-37}-{01-12}-{01-31}-{00-23}-{00-59}- {00-59}

....................................................................................................................................................................................................................................
1830 PSS
2-74
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-16: Configure SSL authentication for ZIC to NE
Administer user logins on the OCS application using the
communication (high-level procedure)
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-16: Configure SSL authentication for ZIC to NE


communication (high-level procedure)
When to use

Use this procedure to configure SSL authentication for ZIC to NE communication.


This task description serves as an overview of the individual procedures that must be
carried out.
Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Please refer to the individual procedures for information about the required privileges.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions

Configuring the SSL authentication consists of the procedures listed below.


...................................................................................................................................................................................................

Procedure 2-18: Generate a new SSL key for SSL authentication (p. 2-77)
...................................................................................................................................................................................................

Procedure 2-19: Request a new certificate for SSL authentication (p. 2-79)
...................................................................................................................................................................................................

To upload certificate request, see Procedure 2-15: Copy security sensible files or data
from/to an NE to/from a remote file server (p. 2-69)
...................................................................................................................................................................................................

Download certificate, see Procedure 2-15: Copy security sensible files or data from/to
an NE to/from a remote file server (p. 2-69).
...................................................................................................................................................................................................

Procedure 2-17: Install a certificate for SSL authentication (p. 2-76)


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-75
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-17: Install a certificate for SSL authentication
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-17: Install a certificate for SSL authentication


When to use

Use this procedure to install a new X.509 certificate generated and signed by NMS client,
in accordance to a CSR previously generated, onto the NE.
Once issued, this will trigger the NE to perform some consistency check on the certificate
file to be installed and, in case of successful validation, the certificate will be actually
installed on the NE.
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

INIT-SSL-CERT

Before you begin

Prior to performing this task,

you must be logged into the Alcatel-Lucent 1830 PSS ZIC and the respective network
element.
in accordance to a CSR previously generated and submitted by the NE by means of
INIT-SSL-CSR command.
the X.509 certificate file (PEM format) to be installed, has to be preliminary
downloaded from NMS machine to the NE, see Procedure 2-15: Copy security
sensible files or data from/to an NE to/from a remote file server (p. 2-69).

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
SSL&Certificates.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Install Signed Certif..
Result: The access control rule is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-76
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-18: Generate a new SSL key for SSL
Administer user logins on the OCS application using the
authentication
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-18: Generate a new SSL key for SSL


authentication
When to use

Use this procedure to trigger the NE to generate a new Public/Private key pair associated
to the NE itself, and to be used in the context of SSL authentication.
A new SSL key is generated to replace the default SSL key and certificate, or to renew the
SSL key e.g. in the case that the security of the current SSL key can no longer be
guaranteed.
The generated key has to be embedded in a X.509 certificate, either self signed or issued
by a Certification Authority, to be installed onto the NE and used during the SSL
authentication phase. See Procedure 2-19: Request a new certificate for SSL
authentication (p. 2-79).
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

INIT-SSL-KEY

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Start SSL key generation.

....................................................................................................................................................................................................................................
1830 PSS
2-77
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-18: Generate a new SSL key for SSL
Administer user logins on the OCS application using the
authentication
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Result: The SSL key generation window opens.


...................................................................................................................................................................................................

Using the field Key Type specify the algorithm to generate the specified new NE key pair.

RSA

DSA

...................................................................................................................................................................................................

Using the field Key Length specify the length of the new NE key pair to be generated.

{512-4096}

...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The new NE key pair is generated accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-78
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-19: Request a new certificate for SSL
Administer user logins on the OCS application using the
authentication
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-19: Request a new certificate for SSL


authentication
When to use

Use this procedure to request a new certificate for SSL authentication.


Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

INIT-SSL-CSR

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Start SSL key generation.
Result: The Request SSL Certificate window opens.
Reference: See Certificate for SSL authentication (p. 2-80).
...................................................................................................................................................................................................

Enter the needed parameters as described.


...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The new certificate for SSL authentication is requested.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-79
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Certificate for SSL authentication
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Certificate for SSL authentication


Fields and parameters

The following fields/parameters are available:


Field/parameter ...

Meaning...

TID

identifies the network node TID for the command.

CN

represents the domain name of the server. It is expected to be the NE


IP Address. e.g.: CN=151-98-32-56
Value:

ORG

{0-255}-{0-255}-{0-255}-{0-255}

represents the legal name the organization. e.g.: Alcatel Lucent.


Value:

ORGUNI

<Valid Organization Name>

represents the division of your organization handling the certificate.


e.g.: Optics Division.
Value:

LOC

<Valid Organization Unit Name>

represents the city where your organization is located. e.g.: Milan.


Value:

STATE

<Valid Location Name>

represents the state/region where your organization is located. This


shouldn't be abbreviated. e.g.: Italy.
Value:

COUNTRY

<Valid State/Region Name>

represents the two-letter ISO code for the country where your
organization is location, e.g.: IT.
Value:

MAIL

<Valid Two Letter Country ISO Code>

represents an email address used to contact your organization.


Quoted string.
Value:

<Valid Email Address>

....................................................................................................................................................................................................................................
1830 PSS
2-80
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-20: Generate a new SSL key for SSL
Administer user logins on the OCS application using the
authentication
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-20: Generate a new SSL key for SSL


authentication
When to use

Use this procedure to to retrieve the current NE Public Key.


Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-SSL-KEY

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Retrieve SSL key .
Result: The SSL key window opens.
Reference: See Current NE Public Key. (p. 2-82).
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-81
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Current NE Public Key.
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Current NE Public Key.


Fields and parameters

The following fields/parameters are available:


Field/parameter ...

Meaning...

Key Type

The field Key Type specify the algorithm to generate the specified
new NE key pair.

Key Length

RSA

DSA

Specifies the length of the NE key pair.


Value:

NE SSL Public Key

{512-4096}

The currently active SSL Public Key for the NE (SSL Server) The
parameter is reported as a quoted string with PEM format
Value:

< NE SSL PUBLIC KEY CHARACTERS >

....................................................................................................................................................................................................................................
1830 PSS
2-82
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-21: Configure RADIUS server attributes
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-21: Configure RADIUS server attributes


When to use

Use this procedure to configure RADIUS server attributes so that the client can
communicate with a server for authentication.
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

ENT-RADIUS-SERVER

RTRV-RADIUS-SERVER

Radius server

RADIUS allows the user to be authenticated and authorized at the same time. The
RADIUS server is provisioned with one or more user profile or profiles. Based on the
user profile and user class definitions, the RADIUS server not only allows the user to
have access to the NE, but also grants the user the user's Privilege Level.
RADIUS is a networking protocol, based on RADIUS servers, that provides centralized
Authentication, Authorization and Accounting (AAA) services. The user sends a
connection request to a Network Access Server (NAS), which acts as RADIUS client and
sends a RADIUS access request to the RADIUS server.
The RADIUS server is provisioned with one or more user profiles. Based on the user
profile and user class definitions, the RADIUS server accepts or rejects the NAS request.
In turn the NAS accepts or, respectively, rejects the user connection.
Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Radius server.

....................................................................................................................................................................................................................................
1830 PSS
2-83
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-21: Configure RADIUS server attributes
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Create RADIUS Server Configuration.
Result: The Create RADIUS Server window opens.
...................................................................................................................................................................................................

Using the field Server Number select the RADIUS server to be used.
The valid values are the following:

RAD1

is first server name.

RAD2

is the second server name.


...................................................................................................................................................................................................

In the field IP Address enter the IP address of the specified RADIUS server (RAD1 or
RAD2).
{1-99, 101-126,128-223}-{0-255}-{0-255}-{0-25 5}
...................................................................................................................................................................................................

In the field Port enter the authentication port of the RADIUS server.
Valid values are from 1 to 65000. The default port value is 1812.
...................................................................................................................................................................................................

In the field Secret Key enter the shared secret key between the NE and the target
RADIUS server.
This key is an ascii string between 5 to 32 characters. The secret key is encrypted on the
NE using AES or 3DES..
<5-32 VALID PID CHARACTERS>
...................................................................................................................................................................................................

Using the field Status select the RADIUS server status to be used.
The server status refers to the NE configuration, i.e. whether the NE shall attempt to use
the specified server or not. It does not reflect the servers operational state and
reachability.
The valid values are the following:

ENABLE

The RADIUS server is on-line.

DISABLE

....................................................................................................................................................................................................................................
1830 PSS
2-84
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-21: Configure RADIUS server attributes
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

The RADIUS server is off-line


...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The Radius server is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-85
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-22: Modify RADIUS server attributes
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-22: Modify RADIUS server attributes


When to use

Use this procedure to modify RADIUS server attributes.


Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-RADIUS-SERVER
RTRV-RADIUS-SERVER

Radius server

RADIUS allows the user to be authenticated and authorized at the same time. The
RADIUS server is provisioned with one or more user profile or profiles. Based on the
user profile and user class definitions, the RADIUS server not only allows the user to
have access to the NE, but also grants the user the user's Privilege Level.
RADIUS is a networking protocol, based on RADIUS servers, that provides centralized
Authentication, Authorization and Accounting (AAA) services. The user sends a
connection request to a Network Access Server (NAS), which acts as RADIUS client and
sends a RADIUS access request to the RADIUS server.
The RADIUS server is provisioned with one or more user profiles. Based on the user
profile and user class definitions, the RADIUS server accepts or rejects the NAS request.
In turn the NAS accepts or, respectively, rejects the user connection.
Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Radius server.

....................................................................................................................................................................................................................................
1830 PSS
2-86
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-22: Modify RADIUS server attributes
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Select a RADIUS Server in the list displayed in the right part of the Alcatel-Lucent 1830
PSS ZIC main menu and click on Modify.
Result: The Modify RADIUS Server window opens.
...................................................................................................................................................................................................

In the field IP Address enter the IP address of the specified RADIUS server (RAD1 or
RAD2).
{1-99, 101-126,128-223}-{0-255}-{0-255}-{0-25 5}
...................................................................................................................................................................................................

In the field Port enter the authentication port of the RADIUS server.
Valid values are from 1 to 65000. The default port value is 1812.
...................................................................................................................................................................................................

In the field Secret Key enter the shared secret key between the NE and the target
RADIUS server.
This key is an ascii string between 5 to 32 characters. The secret key is encrypted on the
NE using AES or 3DES..
<5-32 VALID PID CHARACTERS>
...................................................................................................................................................................................................

Using the field Status select the RADIUS server status to be used.
The server status refers to the NE configuration, i.e. whether the NE shall attempt to use
the specified server or not. It does not reflect the servers operational state and
reachability.
The valid values are the following:

ENABLE

The RADIUS server is on-line.

DISABLE

The RADIUS server is off-line


...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The Radius server is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-87
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-23: Set RADIUS server authentication
Administer user logins on the OCS application using the
parameters
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................

Procedure 2-23: Set RADIUS server authentication parameters


When to use

Use this procedure to set the authentication parameters which are used during access to
the RADIUS servers.
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

SET-RADIUS-AUTH

RTRV-RADIUS-AUTH

Radius server

RADIUS allows the user to be authenticated and authorized at the same time. The
RADIUS server is provisioned with one or more user profile or profiles. Based on the
user profile and user class definitions, the RADIUS server not only allows the user to
have access to the NE, but also grants the user the user's Privilege Level.
RADIUS is a networking protocol, based on RADIUS servers, that provides centralized
Authentication, Authorization and Accounting (AAA) services. The user sends a
connection request to a Network Access Server (NAS), which acts as RADIUS client and
sends a RADIUS access request to the RADIUS server.
The RADIUS server is provisioned with one or more user profiles. Based on the user
profile and user class definitions, the RADIUS server accepts or rejects the NAS request.
In turn the NAS accepts or, respectively, rejects the user connection.
Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Radius server.

....................................................................................................................................................................................................................................
1830 PSS
2-88
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-23: Set RADIUS server authentication
Administer user logins on the OCS application using the
parameters
Alcatel-Lucent
1830
PSS
ZIC
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Set RADIUS Server Authentication.
Result: The Set RADIUS Server Authentication window opens.
...................................................................................................................................................................................................

Select the Radius Server to be modified and click Modify.


...................................................................................................................................................................................................

Using the field Authentication Order specify the authentication criteria for the user
when logging to NE.
Valid values are:

LOCAL

Authentication is based only on the local NE's security database.

RADIUS

The NE shall first search for the user ID in the local NE database. If the user ID is
found in the local database, then the user shall be authenticated via the local database.
Otherwise, the NE shall authenticate the user via RADIUS..
...................................................................................................................................................................................................

In the field Retries define the number of attempts that the NE will try to contact the
specified RADIUS server that has failed to respond to the initial request. If there is no
response from the server after the specified number of retries then the NE will try to
contact the second RADIUS server if one is provisioned (status: "Enabled").
The supported value range for retries is 0 to 100. The default value is 3.
...................................................................................................................................................................................................

In the field Timeout define the timeout (in seconds) for the NE to wait for a response
from the RADIUS server. The failure is declared after the timeout is elapsed.
The supported value range for timeout is 1 to 1000. The default value is 5.
...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The Radius server is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-89
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-24: Delete a RADIUS server
Administer user logins on the OCS application using the
Alcatel-Lucent 1830 PSS ZIC
....................................................................................................................................................................................................................................

Procedure 2-24: Delete a RADIUS server


When to use

Use this procedure to delete a RADIUS server.


Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

DLT-RADIUS-SERVER
RTRV-RADIUS-SERVER

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Radius server.
...................................................................................................................................................................................................

Select the RADIUS Server to be deleted in the list displayed in the right part of the
Alcatel-Lucent 1830 PSS ZIC main menu and change it's status to Disabled. See
Procedure 2-22: Modify RADIUS server attributes (p. 2-86).
...................................................................................................................................................................................................

Select the RADIUS Server in the list displayed in the right part of the Alcatel-Lucent
1830 PSS ZIC main menu and click on Delete.
...................................................................................................................................................................................................

Click Apply to confirm.


Result: The Radius server is deleted.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-90
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures

Overview

....................................................................................................................................................................................................................................

User management and administration procedures


on the WDM application using the WebUI
Overview
Purpose

The following procedures are to be used for user management. It is suggested to use
Security management and user administration on the WDM application (p. 2-14) as an
entry point for user administration activities.
Furthermore, it is recommended to have a list prepared of all the users that probably will
need to have access to the WebUI and the NEs, especially if several user logins are to be
created or modified for different NEs. The list should contain the designated user IDs,
associated passwords, access privileges and other related security parameters, and should
be as complete as possible.
Contents
Procedure 2-25: Create a user

2-93

The Create User window

2-94

Procedure 2-26: View or modify user details

2-97

The User Security Administration screen

2-98

Procedure 2-27: Delete a user

2-99

Procedure 2-28: Change password

2-100

Procedure 2-29: View / terminate sessions

2-101

The Sessions screen

2-102

Procedure 2-30: View SNMP v3 users

2-104

Procedure 2-31: Create SNMP v3 user

2-105

Procedure 2-32: Modify SNMP v3 user

2-106

The SNMP v3 Users screen

2-107

Procedure 2-33: View / modify system security attributes

2-108

Procedure 2-34: Setting / viewing syslog properties

2-109

Syslog Administration

2-110

Procedure 2-35: Setting / viewing CLI user activity logging properties

2-111

CLI Logging

2-112

....................................................................................................................................................................................................................................
1830 PSS
2-91
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Overview
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-36: Setting / viewing SNMP user activity logging properties

2-113

SNMP Logging

2-114

Procedure 2-37: View security log

2-115

The Security Log screen

2-116

Procedure 2-38: View all logs

2-117

The All Logs screen

2-118

Procedure 2-39: Save a retrieved log to a file

2-119

Procedure 2-40: Set/view user preferences

2-120

User Preferences

2-121

Procedure 2-41: Create RADIUS server

2-122

Create RADIUS Server

2-123

Procedure 2-42: View/modify RADIUS server

2-124

Modify RADIUS Server

2-125

Procedure 2-43: Delete RADIUS server

2-126

Procedure 2-44: Provision RADIUS properties

2-127

RADIUS Properties

2-128

Procedure 2-45: Create trap destinations

2-129

The Create SNMP Trap Destinations screen

2-130

Procedure 2-46: Delete trap destinations

2-131

Procedure 2-47: View trap destinations

2-132

The SNMP Trap Destinations screen

2-133

Procedure 2-48: View/modify community strings

2-135

The SNMP Community Strings screen

2-136

....................................................................................................................................................................................................................................
1830 PSS
2-92
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-25: Create a user
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-25: Create a user


When to use

Use the following procedure to create a user.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > Users.


...................................................................................................................................................................................................

Click Create.
Result: The Create User screen is displayed (see The Create User window

(p. 2-94)).
...................................................................................................................................................................................................

Enter appropriate information (see Configuring user accounts (p. 2-20) and The
Create User window (p. 2-94)) and click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-93
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Create User window
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The Create User window


Attribute

Values/Format

Additional Info

User ID

<5-12 chars>

Indicates the unique user ID.


The first character must be an
alphabetic character.

Access Privilege

Observer
Provisioner

Level of access privilege


granted to this user.

Administrator
Status

Enabled
Disabled

Session Inactivity Timeout


(minutes)

{1-999}
Disabled (uncheck)

Indicates whether the user


access for this User ID is
enabled or disabled.
The amount of time that a
user session may remain
inactive before the user is
logged out and the session is
closed.
If disabled, the system-level
timeout value is used.

....................................................................................................................................................................................................................................
1830 PSS
2-94
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Create User window
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Attribute
Password

Values/Format

Additional Info
Valid values for the Password
are 8 to 32 case-sensitive
alphabetic [a-z, A-Z], numeric
[0-9] or special characters.
A valid password must
contain at least 1 lowercase
alphabetic, 1 uppercase
alphabetic, 1 numeric and 1
special character. The
following special characters
are accepted as valid
characters for the Password:
% (percent sign), + (plus
sign), # (pound sign)_
(underscore) ! (exclamation
point), @ (at sign), $ (dollar
sign), (double quotation
mark), & (ampersand),
(apostrophe), ( (left
parenthesis), ) (right
parenthesis), * (asterisk), and
. (period). The first character
can be any alphabetic,
numeric or valid special
character, except the # (pound
sign).
In addition, the following
rules apply to the Password
value:

The password must not be


the same as the associated
User ID.

The password must not be


the reverse of the
associated User ID.

The password must not


have three consecutive
identical characters.

When modifying the


password, the new
password must not match
the old password.

....................................................................................................................................................................................................................................
1830 PSS
2-95
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Create User window
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Attribute
Confirm Password

Values/Format

Additional Info
Must have the same value as
Password.

....................................................................................................................................................................................................................................
1830 PSS
2-96
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-26: View or modify user details
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-26: View or modify user details


When to use

Use the following procedure to view or modify user details.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions

Note: Appropriate privilege level is required to configure user accounts.


...................................................................................................................................................................................................

In the WebUI, select Administration > Security > Users.


...................................................................................................................................................................................................

Select the desired user and click Details.


Result: User details are displayed. You can change privilege level or password, or

enable or disable the account.


...................................................................................................................................................................................................

Modify available fields (see Configuring user accounts (p. 2-20)and The User
Security Administration screen (p. 2-98)) and click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-97
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The User Security Administration screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The User Security Administration screen


Attribute

Values/Format

Additional Info

User ID

<5-12 chars>

Indicates the unique user ID.

Access Privilege

Service

Indicates the level of access


privilege granted to this user.

Administrator
Provisioner
Observer
Status

Enabled
Disabled

Session Inactivity Timeout


(minutes)

{1-999}
Disabled

Indicates whether the user


access for this User ID is
enabled or disabled.
The amount of time that a
user session may remain
inactive before the user is
logged out and the session is
closed.
If disabled, the system-level
timeout value is used.

Login Failures

<integer>

Number of login failures


since the last successful login
by this user.

Last Login

<date time>

Date and Time that the user


last logged into the NE.

Create

Displays a window for


entering data to create a new
user account.

Details

Displays details of the


selected user account.

Delete

Deletes the selected user


account.

....................................................................................................................................................................................................................................
1830 PSS
2-98
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-27: Delete a user
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-27: Delete a user


When to use

Use the following procedures to delete a user.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > Users.


...................................................................................................................................................................................................

Select the desired user and click Delete.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-99
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-28: Change password
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-28: Change password


When to use

Use the following procedure to change user passwords.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > Change Password.


...................................................................................................................................................................................................

Enter the old password and the new password, and confirm the new password. Then click
Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-100
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-29: View / terminate sessions
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-29: View / terminate sessions


When to use

Use the following procedure to view or terminate user sessions.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > Sessions.


Result: All active sessions are displayed (see The Sessions screen (p. 2-102)).
...................................................................................................................................................................................................

To terminate a session, select the desired session and click Terminate.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-101
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Sessions screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The Sessions screen


Attribute

Values/Format

User ID

Additional Info
ID of the user that
successfully logged in and
started the session.
If there is no value, the
session has not been
successfully authenticated
with a valid login.

User Type

Unknown

Indicates the type of user.

CLI (Telnet)
CLI (SSH)
CLI (Console)
WebUI
Secure WebUI
TL1 (Raw)
TL1 (Telnet)
TL1 (SSH)
SNMP
Source

<PortName> or <IP
address>

Address indicating where the


user is connecting from. If the
connection was made over the
OAMP port, the value will be
the source IP address and port
number. Otherwise, the value
shall be GCC (if the
originator came over the
GCC), CIT (if the originator
was authenticated over the
CIT), OSC (if the originator
came over the OSC), or
RS232 (if the user is
connected over the serial link)

Login Time

<date/time>

Date and time that the user


logged in and the session was
started.

....................................................................................................................................................................................................................................
1830 PSS
2-102
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Sessions screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Attribute

Values/Format

Additional Info

Session ID

Unique identifier for the


session.

Terminate

Terminates the selected user


session.

....................................................................................................................................................................................................................................
1830 PSS
2-103
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-30: View SNMP v3 users
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-30: View SNMP v3 users


When to use

Use the following procedure to view SNMP v3 users.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > SNMP v3 Users.


Result: All current SNMP v3 users are displayed (see The SNMP v3 Users screen

(p. 2-107)).
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-104
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-31: Create SNMP v3 user
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-31: Create SNMP v3 user


When to use

Use the following procedure to create SNMP v3 users.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > SNMP v3 Users.


Result: All current SNMP v3 users are displayed (see The SNMP v3 Users screen

(p. 2-107)).
...................................................................................................................................................................................................

To create an SNMP v3 user, click Create.


Result: The Create SNMP v3 User window is displayed.
...................................................................................................................................................................................................

Enter User ID, Password, and Access Privilege information. and click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-105
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-32: Modify SNMP v3 user
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-32: Modify SNMP v3 user


When to use

Use the following procedure to modify SNMP v3 users.


Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > SNMP v3 Users.


Result: All current SNMP v3 users are displayed (see The SNMP v3 Users screen

(p. 2-107)).
...................................................................................................................................................................................................

To modify an SNMP v3 user, select the user and click Details.


Result: The SNMP v3 User Details window is displayed.
...................................................................................................................................................................................................

Enter the desired parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-106
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The SNMP v3 Users screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The SNMP v3 Users screen


Attribute

Values/Format

Additional Info

User ID

<1-32 chars>

Unique identifier for the user.

Access Privilege

NMS

Level of access privilege


granted to this user.

Admin
Provisioner
Observer
Status

Enabled
Disabled

Indicates whether the user


access for this User ID is
enabled or disabled.

Create

Displays a window for


entering data to provision a
new SNMP v3 user.

Details

Displays details of the


selected SNMP v3 user.

Delete

Deletes the selected SNMP v3


user.

....................................................................................................................................................................................................................................
1830 PSS
2-107
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-33: View / modify system security attributes
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-33: View / modify system security attributes


When to use

Use the following procedure to view or modify system security attributes (see System
security features (p. 2-26)).
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > System.


Result: The System Security Administration window with current settings is
displayed.
...................................................................................................................................................................................................

To modify existing value(s), enter desired value(s) and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-108
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-34: Setting / viewing syslog properties
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-34: Setting / viewing syslog properties


When to use

Use the following procedure to view syslog properties.


Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Syslog> Properties.


Result: The Syslog Administration screen is displayed.
...................................................................................................................................................................................................

Enter syslog administration parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-109
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Syslog Administration
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Syslog Administration
Attribute

Value/Format

Additional Info

Server IP

<IP address>

Specifies the IP address of the


syslog server.

Port

{1-65535}

Specifies the port on the


syslog server used for system
logging.

Logging Threshold

Emergency

Specifies the minimum


priority level of the messages
to log in the system log.

Alert
Critical
Error
Warning
Notice
Info
Debug
Logging Enabled

(checkbox)

Enable or disable system


logging.

....................................................................................................................................................................................................................................
1830 PSS
2-110
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-35: Setting / viewing CLI user activity logging
User management and administration procedures on the
properties
WDM
application
using
the
WebUI
....................................................................................................................................................................................................................................

Procedure 2-35: Setting / viewing CLI user activity logging


properties
When to use

Use the following procedure to set/view CLI user activity logging properties.
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Syslog > CLI Logging.


Result: The CLI Logging screen is displayed.
...................................................................................................................................................................................................

Select CLI logging properties and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-111
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


CLI Logging
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

CLI Logging
Attribute

Additional Info

Disable All Logging

Enables or disables activity logging for all


users accessing the network element from the
CLI, web interface, or TL1 session..

Admin

Configure the CLI user activity logging


options for admin-level users.

Read

Write

Provisioner

Read

Write

Service

Read

Write

Observer

Read

Write

Configure the CLI user activity logging


options for provisioner-level users.

Configure the CLI user activity logging


options for the service user ID.

Configure the CLI user activity logging


options for observer-level users.

....................................................................................................................................................................................................................................
1830 PSS
2-112
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-36: Setting / viewing SNMP user activity
User management and administration procedures on the
logging properties
WDM
application
using
the
WebUI
....................................................................................................................................................................................................................................

Procedure 2-36: Setting / viewing SNMP user activity logging


properties
When to use

Use the following procedure to set/view SNMP user activity logging properties.
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Syslog > SNMP Logging.


Result: The SNMP Logging screen is displayed.
...................................................................................................................................................................................................

Select SNMP logging properties and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-113
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


SNMP Logging
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

SNMP Logging
Attribute

Additional Info

Disable All Logging

Enables or disables activity logging for all


users accessing the network element via
SNMP.

Admin

Configure the SNMP user activity logging


options for admin-level users.

Read

Write

Provisioner

Read

Write

Service

Read

Write

Observer

Read

Write

NMS

Read

Write

Configure the SNMP user activity logging


options for provisioner-level users.

Configure the SNMP user activity logging


options for the service user ID.

Configure the SNMP user activity logging


options for observer-level users.

Configure the SNMP user activity logging


options for the NMS user ID.

....................................................................................................................................................................................................................................
1830 PSS
2-114
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-37: View security log
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-37: View security log


When to use

Use the following procedure to view the security log.


Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Reports > Logs > Security.


Result: The Security Log is displayed.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-115
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Security Log screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The Security Log screen


Attribute

Value/Format

Additional Info

Number

{1-2,147,483,647}

Number representing the


sequence when the
alarm/event was received by
the NE.

Time

<date time>

The date and time at which


the security event occurred.

Source IP

<IP address>

IP address of the user that


originated the security event.

Description

<0-255 chars>

Text description of the


security event.

Data

<0-255 chars>

Additional data about the


security event.

....................................................................................................................................................................................................................................
1830 PSS
2-116
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-38: View all logs
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-38: View all logs


When to use

Use the following procedure to view all logs.


Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Reports > Logs > All Logs.


Result: The All Logs window is displayed.

Note: All Logs includes not reported alarms.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-117
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The All Logs screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The All Logs screen


Attribute

Value/Format

Additional Info

Number

{1-2,147,483,647}

Chronologically-ordered log
entry.

Time

<date time>

The date and time at which


the alarm or event was raised.

Source

<shelf/slot/port>

Identifier of the component


on which the alarm/event
occurred.

Card

The type of card on which the


alarm/event occurred.

Category

Indicates the category of the


component where the
alarm/event occurred.

Alarm/Event Type

Critical

The type of alarm or event.

Major
Minor
State Change
User Action
General Event
Not Alarmed
None
Unknown
Not Reported
Security
Warning
Description

<0-255 chars>

Condition
SA

Identifies the type of


alarm/event being reported.
Yes
No

Data

Text description of the


reported alarm/event.

<0-255 chars>

Indicates if the alarm/event


affects service.
Additional data about the
alarm/event.

....................................................................................................................................................................................................................................
1830 PSS
2-118
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-39: Save a retrieved log to a file
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-39: Save a retrieved log to a file


When to use

Use the following procedure to save a retrieved log to a file.


Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

When the log is retrieved (see previous procedures), click the Export to Excel symbol.
Note: To use the Export to Excel feature, Internet Explorer must be configured as
follows:
1. In the IE tools menu select Internet Options -> Connections - > LAN Settings ->
Advanced (under Proxy server options)-> Exceptions (add IP address of NE to
Exceptions)
2. Close all IE instances (windows) and re-establish the WebUI connection to the
NE.
Note: The user should also ensure the following in the Internet Browser: Under
Internet Explorer ->Tools ->Internet Options -> Security tab select the Customer
Level button; Scroll down to the ActiveX controls and plug-ins and set Initialize and
Script ActiveX controls not marked as safe for scripting to either Enable or Prompt.
Click OK, and when prompted Are you sure? click Yes. Click OK to close out the
Internet Properties window. When the Excel button is pressed from the WebUI, if
Prompt was selected in the ActiveX controls, a popup for an ActiveX control on this
page might be unsafe to interact with other parts of the page. Do you want to allow
this interaction? will appear. Click Yes and Excel will launch, opening a file with the
retrieved log info.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-119
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-40: Set/view user preferences
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-40: Set/view user preferences


When to use

Use the following procedure to set / view user preferences


Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Setting/viewing user preferences

Note: User preferences are stored on the local PC for each user and are remembered
from session to session; they are not stored on the NE.
...................................................................................................................................................................................................

In the WebUI, select Administration > User Preferences.


Result: The User Preferences screen is displayed.
...................................................................................................................................................................................................

Enter user preference parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-120
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


User Preferences
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

User Preferences
Attribute

Value/Format

Additional Info

Alarm Auto-Refresh

(checkbox)

Indicates whether the Active


Alarm List will automatically
update when alarms raise or
clear.

Date and Time Format

mm/dd/yy HH:MM:SS

Indicates the format for


displaying date/time values.

AM/PM
dd-mm-yy HH:MM:SS

Date and Time Display

Use NE Date/Time (default)


Convert to Local PC
Date/Time

The default value retains the


NE date and time without
converting to the local time
on the PC. If you choose
Convert to Local PC
Date/Time, the setting is

saved on the PC for future


logins.
Display Shelf Description On
Equipment Tree

(checkbox)

Indicates if the text entered


for Shelf Description will be
displayed on the Equipment
Tree.

....................................................................................................................................................................................................................................
1830 PSS
2-121
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-41: Create RADIUS server
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-41: Create RADIUS server


When to use

Use the following procedure to create a RADIUS server. Refer to RADIUS


authentication (p. 2-35).
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > RADIUS > Servers.
Result: The RADIUS Server screen is displayed.
...................................................................................................................................................................................................

Click Create.
Result: The Create RADIUS Server screen is displayed.
...................................................................................................................................................................................................

Enter parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-122
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Create RADIUS Server
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Create RADIUS Server


Attribute

Values/Format

Additional Info

Server

RAD1

Identifier of the RADIUS


server.

RAD2
Server IP

<IP address>

IP address of the RADIUS


server.

Port

1-65000

Authentication port of the


RADIUS server.

1812 (default)
Shared Secret

<5-32 chars>

The shared secret key


between the NE and the
RADIUS server. The secret
key is encrypted on the NE.

Confirm Shared Secret

<5-32 chars>

Must have the same value as


Shared Secret.

Status

Enabled

Enable or disable the


RADIUS server.

Disabled

....................................................................................................................................................................................................................................
1830 PSS
2-123
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-42: View/modify RADIUS server
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-42: View/modify RADIUS server


When to use

Use the following procedure to view/modify a RADIUS server. Refer to RADIUS


authentication (p. 2-35).
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > RADIUS > Servers.
Result: The RADIUS Servers screen is displayed.
...................................................................................................................................................................................................

Select the RADIUS server and click Details.


Result: The RADIUS server details are displayed.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-124
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Modify RADIUS Server
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Modify RADIUS Server


Attribute
Server

Values/Format
RAD1
RAD2

Additional Info
Identifier of the RADIUS
server.

Server IP

<IP address>

IP address of the RADIUS


server.

Port

Range: {1-65000}

Authentication port of the


RADIUS server.

1812 (default)
Shared Secret

<5-32 chars>

The shared secret key


between the NE and the
RADIUS server. The secret
key is encrypted on the NE.

Confirm Shared Secret

<5-32 chars>

Must have the same value as


Shared Secret.

Server Enabled

(checkbox)

Enable or disable the


RADIUS server.

....................................................................................................................................................................................................................................
1830 PSS
2-125
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-43: Delete RADIUS server
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-43: Delete RADIUS server


When to use

Use the following procedure to delete a RADIUS server. Refer to RADIUS


authentication (p. 2-35).
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > RADIUS > Servers.
Result: The RADIUS Servers screen is displayed.
...................................................................................................................................................................................................

Select the RADIUS server and click Delete.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-126
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-44: Provision RADIUS properties
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-44: Provision RADIUS properties


When to use

Use the following procedure to provision RADIUS properties. Refer to RADIUS


authentication (p. 2-35).
Before you begin

The following procedure is available via the WebUI after the user initially connects to the
NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > Security > RADIUS > Properties
Result: The RADIUS Properties screen is displayed.
...................................................................................................................................................................................................

Enter parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-127
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


RADIUS Properties
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

RADIUS Properties
Attribute

Values/Format

Additional Info

Timeout (seconds)

{1-1000}

This is the timeout for the NE


to wait for a response from
the RADIUS server.

Retries

{1-100}

If there is no response from


the server after the specified
retries, the NE will try to
contact the second RADIUS
server if one is provisioned
and has Status = Enabled.

Authentication Order

Local

Local authentication is

RADIUS

based on the local NEs


security database

RADIUS, then Local

RADIUS authentication is

based on the RADIUS


servers database
RADIUS, then Local

authentication is attempted
first using the RADIUS server
database. If the RADIUS
server is not reachable, then
authentication is based on the
NEs security database.

....................................................................................................................................................................................................................................
1830 PSS
2-128
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-45: Create trap destinations
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-45: Create trap destinations


When to use

Use the following procedures to create trap destinations. Refer to SNMP authentication
(p. 2-37).
Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > SNMP > Trap Destinations


Result: The SNMP Trap Destinations screen is displayed (see The SNMP Trap

Destinations screen (p. 2-133)).


...................................................................................................................................................................................................

Click Create.
Result: The Create SNMP Trap Destinations screen is displayed.
...................................................................................................................................................................................................

Enter parameters and click Apply.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-129
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The Create SNMP Trap Destinations screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The Create SNMP Trap Destinations screen


Attribute

Value/Format

Additional Info

ID

<1-32 chars>

Unique identifier for the trap


destination.

Destination IP

<IP address>

Specifies the IP address of the


server that serves as the trap
destination.

Port

Specifies the port of the


server that serves as the trap
destination.

Timeout

1500 (default)

Specifies the time (round


trip), in hundredths of a
second, after which the
connection times out if no
reply is received. Following a
timeout, a retry is attempted,
up to the number of retries
specified by Retry Count.

Retry Count

{0-255}

Specifies an integer value for


the number of times the
network element will attempt
to retry the connection in the
event of a timeout.

3 (default)

SNMP Version

v1
v2c (default)
v3

NMS Station Group ID

{0-65535}

Specifies the SNMP version


to use when formatting the
trap.
Specifies an integer value that
uniquely identifies the NMS
workstation serving as the
trap destination. Use 0 for all
third party SNMP trap
servers.

....................................................................................................................................................................................................................................
1830 PSS
2-130
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-46: Delete trap destinations
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-46: Delete trap destinations


When to use

Use the following procedures to delete trap destinations. Refer to SNMP authentication
(p. 2-37).
Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > SNMP > Trap Destinations


Result: The SNMP Trap Destinations screen is displayed.
...................................................................................................................................................................................................

Select the Trap Destination and click Delete.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-131
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-47: View trap destinations
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-47: View trap destinations


When to use

Use the following procedures to view trap destinations. Refer to SNMP authentication
(p. 2-37).
Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > SNMP > Trap Destinations


Result: The SNMP Trap Destinations screen is displayed.
...................................................................................................................................................................................................

Select the trap destination and click Details.


Result: The Trap Destination details are displayed
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-132
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The SNMP Trap Destinations screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The SNMP Trap Destinations screen


Attribute

Value/Format

Additional Info

ID

<1-32 chars>

Unique identifier for the trap


destination.

Destination IP

<IP address>

Specifies the IP address of the


server that serves as the trap
destination.

Port

Specifies the port of the


server that serves as the trap
destination.

Timeout

1500 (default)

Specifies the time (round


trip), in hundredths of a
second, after which the
connection times out if no
reply is received. Following a
timeout, a retry is attempted,
up to the number of retries
specified by Retry Count.

Retry Count

{0-255}

Specifies an integer value for


the number of times the
network element will attempt
to retry the connection in the
event of a timeout.

3 (default)

SNMP Version

v1
v2c (default)
v3

NMS Station Group ID

Create

Range: {0-65535}

Specifies the SNMP version


to use when formatting the
trap.
Specifies an integer value that
uniquely identifies the NMS
workstation serving as the
trap destination. Use 0 for all
third party SNMP trap
servers.
Displays a window for
entering data to create a new
trap destination.

....................................................................................................................................................................................................................................
1830 PSS
2-133
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The SNMP Trap Destinations screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Attribute
Delete

Value/Format

Additional Info
Delete a selected trap
destination.
NOTE:Traps are not sent to a
deleted destination. Ensure
that other destinations are
available and operational
before deleting an existing
destination.

....................................................................................................................................................................................................................................
1830 PSS
2-134
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


Procedure 2-48: View/modify community strings
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

Procedure 2-48: View/modify community strings


When to use

Use the following procedures to view/modify community strings. Refer to SNMP


authentication (p. 2-37).
Before you begin

The following procedure are available via the WebUI after the user initially connects to
the NE and logs into the system (see The Alcatel-Lucent 1830 PSS WebUI (p. 20-42)).
Instructions
...................................................................................................................................................................................................

In the WebUI, select Administration > SNMP > Community Strings


Result: The SNMP Community Strings are displayed.
...................................................................................................................................................................................................

To modify Community Strings, enter appropriate values in the respective fields and click
Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
2-135
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Security administration procedures


The SNMP Community Strings screen
User management and administration procedures on the
WDM application using the WebUI
....................................................................................................................................................................................................................................

The SNMP Community Strings screen


Attribute

Values/Format

Additional Info

Administrator

<1-20 chars>

Community string for the


administrator community.
SNMP community strings
function as passwords that are
embedded in every SNMP
packet to authenticate access
to the Management
Information Base (MIB) on
the network element.

admin_snmp (default)

Observer

<1-20 chars>
observer_snmp (default)

Provisioner

<1-20 chars>
provisioner_snmp (default)

NMS

<1-20 chars>
nms_snmp (default)

3rd Party NMS

<1-20 chars>
3rdpnms_snmp (default)

Community string for the


observer community.
Community string for the
provisioner community.
Community string for the
NMS community.
Community string for a 3rd
party NMS community.

....................................................................................................................................................................................................................................
1830 PSS
2-136
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

3 ata communication setup


D
procedures

Overview
Purpose

This chapter describes the procedures which have to be performed for the data
communication setup.
Contents
Data communication on the OCS application

3-4

Basic DCN principles

3-5

DCN configuration guidelines

3-8

DCN protocols and services

3-9

General Communication Channel

3-10

NE firewall with provisionable IP access control lists (IP ACL)

3-11

Data communication on the WDM application

3-12

User interfaces

3-13

Communications network

3-18

Gateway NE (GNE) management

3-21

CIT port

3-24

OCS Setup procedures

3-25

Procedure 3-1: Change the Site Identifier (SID)

3-27

Procedure 3-2: Retrieve IP and MAC addresses

3-29

View IP Addresses

3-30

Procedure 3-3: Set the FLC IP Addresses of the NE

3-31

Procedure 3-4: Set the loopback IP address of the NE

3-34

Procedure 3-5: Set the control plane IP addresses of the NE

3-36

...................................................................................................................................................................................................................................
1830 PSS
3-1
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures

Overview

....................................................................................................................................................................................................................................

Procedure 3-6: Modify the TCP/IP stack parameters

3-38

Procedure 3-7: Create an access control rule

3-41

Procedure 3-8: Modify an existing access control rule

3-42

Procedure 3-9: Delete an internet protocol access rule

3-43

Procedure 3-10: Retrieve internet protocol access list

3-44

Internet Protocol Access Control Lists

3-45

Procedure 3-11: Modify the ASAP of the Customer LAN interface

3-57

Procedure 3-12: Configure LAN interfaces to form a multi-shelf compound

3-59

Procedure 3-13: Create a network interface on the embedded communication


channels (ECCs)

3-63

Procedure 3-14: Modify the ASAP of a network interface

3-66

Procedure 3-15: Add a GCC leg to an ECC protection group

3-67

Procedure 3-16: Remove GCC legs from the ECC protection group

3-69

Procedure 3-17: Enable or disable a network interface

3-71

Procedure 3-18: Delete a network interface and an ECC protection group

3-73

Procedure 3-19: Create an IP-in-IP tunnel

3-75

Procedure 3-20: Set the alarm severity profile of an IP-in-IP tunnel

3-78

Procedure 3-21: Delete an IP-in-IP tunnel

3-80

Procedure 3-22: Enter (add) a new static IP route in the IP routing table

3-81

Procedure 3-23: Delete a static IP route from the IP routing table

3-85

Procedure 3-24: Create the NTP Server address

3-87

Procedure 3-25: Manage the NTP server address

3-89

Procedure 3-26: Retrieve the NTP sync state

3-91

Procedure 3-27: Configure the global OSPF parameters

3-93

Procedure 3-28: Create an OSPF area

3-96

Procedure 3-29: Modify an OSPF area

3-98

Procedure 3-30: Delete an OSPF area

3-100

Parameters of a OSPF Area

3-101

Procedure 3-31: Configure the IP address range for the OSPF area

3-102

Procedure 3-32: Delete the IP address range of an OSPF area

3-104

Procedure 3-33: Configure OSPF interface parameters

3-106

Procedure 3-34: Modify OSPF Authentication settings

3-109

WDM setup procedures

3-111

....................................................................................................................................................................................................................................
1830 PSS
3-2
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures

Overview

....................................................................................................................................................................................................................................

Procedure 3-35: View network (NE name, NE IP, software release) map
information

3-113

Network Map

3-114

Procedure 3-36: View / modify IP route metric settings

3-115

IP Route Redistribute Metric Settings

3-116

Procedure 3-37: Create IP static route

3-117

Create Static IP Route

3-118

Procedure 3-38: View all IP routes

3-119

IP Routes

3-120

Procedure 3-39: Delete IP static route

3-121

Procedure 3-40: Create OSPF area

3-122

Create OSPF Area

3-123

Procedure 3-41: View OSPF areas

3-127

OSPF Areas

3-128

Procedure 3-42: View/modify OSPF details

3-132

OSPF Area Details

3-133

Procedure 3-43: Delete OSPF area

3-137

Procedure 3-44: Configure orderwire function

3-138

Procedure 3-45: Create / view NTP server

3-140

Create NTP Server

3-142

Procedure 3-46: View NTP properties

3-143

NTP Properties

3-145

Procedure 3-47: Create/view NTP keys

3-146

Create NTP Key

3-147

Procedure 3-48: Set date and time manually

3-148

Date and Time Administration

3-149

....................................................................................................................................................................................................................................
1830 PSS
3-3
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

Overview

....................................................................................................................................................................................................................................

Data communication on the OCS application


Overview
Purpose

This chapter deals with the basic theoretical background of Data Communication
Networks (DCNs) and provides DCN configuration guidelines for Alcatel-Lucent
1830 PSS systems.
Contents
Basic DCN principles

3-5

DCN configuration guidelines

3-8

DCN protocols and services

3-9

General Communication Channel

3-10

NE firewall with provisionable IP access control lists (IP ACL)

3-11

....................................................................................................................................................................................................................................
1830 PSS
3-4
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

Basic DCN principles

....................................................................................................................................................................................................................................

Basic DCN principles


Overview

This subsection serves as an entry point, it describes the basic DCN principles.
Purpose of a data communication network

A Data Communication Network (DCN) is used for the exchange of management data.
This section provides an overview of the Data Communication Network and describes the
type of communication between the nodes in the network and the used protocols.
OTN management network

The OTN management network is an overlay network of the transmission network. A


management system and the network elements together are the nodes of this network. The
customer LAN, Generic Communication Channels (GCCs; see General Communication
Channel (p. 3-10)) provide the physical connection between the nodes.
External DCN Interfaces

Fast Ethernet LAN ports (OAMP) provide the interface between the OTN management
network and the External (outband) DCN Topology towards the management system.
OAMP LAN redundancy is ensured when connecting both OAMP LAN ports from the
two FLC cards to LAN switches that support Rapid Spanning Tree protocol (RSTP)
according to IEEE802.1D-2004.
For initial configuration the Zero Installation Craft application (ZIC) can be accessed via
the CIT LAN ports on each FLC card while afterwards the OAMP LAN ports have to be
used. In addition the CIT LAN ports can be used for debug access. In case the network
element consist of main and extension shelves only the LAN ports on the main shelf FLC
cards provide management and ZIC access.
Embedded Communication Channels ECC

The Embedded Communication Channels (ECC) are part of the OTN line signal (GCC)
and are used for inband transport of management information. The ECC terminate on the
OTN port cards that are connected via shelf internal links (ECC Link) or inter-shelf LAN
connections (ILAN) to the First-Level-Controller (FLC) where the communication stack
is running.
The physical communication between each OTN port card and the first level controller in
the same shelf is based on TDM full duplex point-to-point links operating at 19.44 Mb/s
bitrate as a point-to-point serial link. Each ECC link pair from the OTN port cards are
duplicated to both shelf FLC_A and FLC_B as a double star topology.

....................................................................................................................................................................................................................................
1830 PSS
3-5
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

Basic DCN principles

....................................................................................................................................................................................................................................

For multishelf configuration, ECC traffic from extension shelves is transported from
extension shelf FLC to main shelf FLC via GbE ILAN.
Per system, there is a maximum number of ECC channels of 512, independent of
bandwidth.
Table 3-1

Maximum number of ECC channels supported per shelf

ECC Channel
Type

ECC Bandwidth Equivalents

Number of supported Channels


per shelf

GCC
(OTU2/ODU2)

256

GCC
(OTU2e/ODU2e)

168

GCC
(OTU3/ODU3)

64

GCC
(OTU3e2/
ODU3e2)

64

GCC
(OTU4/ODU4)

20

64

DCN protocols

The following table shows the TCP/IP protocol stack:


Layer

Name

Service / Protocol

Application

TL1 over SSH, SSH for debug access, control plane CLI over SSH,
SSH file transfer (SFTP), ntp, HTTPS (ZIC), RMI over SSL/TLS
(ZIC), CORBA-MTNM (ASON Mgmt of control plane)

Presentation

Session

Transport

TCP, UDP

Network

IPv4, ICMP, OSPF, ARP or IPv4 encapsulated in IPv4 (RFC2003 or


RFC2784)

Data Link

PPP over HDLC (RFC 1662),


IPCP (RFC 1332), LCP (RFC
1661),

MAC (802.1D),

Physical

GCC

802.3 Ethernet

....................................................................................................................................................................................................................................
1830 PSS
3-6
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

Basic DCN principles

....................................................................................................................................................................................................................................

Management protocol: TL1

The management of Alcatel-Lucent 1830 PSS s based on the use of the Transaction
Language 1 (TL1, defined by Telcordia Technologies standards (formerly Bellcore).

....................................................................................................................................................................................................................................
1830 PSS
3-7
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

DCN configuration guidelines

....................................................................................................................................................................................................................................

DCN configuration guidelines


Background information
Guidelines

Please observe the following engineering guidelines when configuring a DCN with
Alcatel-Lucent 1830 PSS systems involved:

TL1 is supported via the following TCP ports:


Telnet encoded TL1 over SSH on port 6085
Raw encoded TL1 over SSH on port 6084

Raw encoded TL1 on port 3082 (unencrypted)

75 simultaneous telnet encoded connections are supported (all over port 6085)
75 simultaneous raw encoded connections are supported (each either over port 6084
or over port 3082)

The NE supports 1 user session per TCP connection


The NE supports up to 512 ECC in total over all shelves
The NE supports up to 512 ECC bandwidth equivalents per shelf, which can be
grouped to form ECCs.

An OTU2/ODU2 GCC uses two (2) ECC bandwidth equivalent.


An OTU2e/ODU2e GCC uses three (3) ECC bandwidth equivalent.
An OTU3/ODU3 GCC uses eight (8) ECC bandwidth equivalent.
An OTU3E2/ODU3E2 GCC uses eight (8) ECC bandwidth equivalent.

An OTU4/ODU4 GCC uses eight (20) ECC bandwidth equivalent.


As a gateway network element (GNE), the NE supports ECC communications to at
least 1500 nodes distributed over 32 separate pairs of ECCs on 32 ring or APS
subnetworks.
Note: Normally, for large networks it is desirable to configure an additional GNE for
every 30-40 managed nodes.

Max number of IP-in-IP tunnels supported is 64.


The NE can be connected to up to three non-backbone OSPF areas, plus the backbone
OSPF area.

The NE supports up to 500 nodes in an OSPF area.

Related information

For related information please refer to:

General Communication Channel (p. 3-10)

....................................................................................................................................................................................................................................
1830 PSS
3-8
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

DCN protocols and services

....................................................................................................................................................................................................................................

DCN protocols and services


Overview

Alcatel-Lucent 1830 PSS network elements support the exchange of management


information over GCC and Ethernet over LAN.
The Alcatel-Lucent 1830 PSS OS interfaces supported include the following:

TL1 over SSH (for system management function)


SFTP over SSH (for software download, database backup and restore).
CORBA-MTNM (Control Plane (GMRE) management)

Linux Root Access over SSH


Secure ZIC access via SSL/TLS (HTTPS)
GMRE CLI management via SSH

....................................................................................................................................................................................................................................
1830 PSS
3-9
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

General Communication Channel

....................................................................................................................................................................................................................................

General Communication Channel


Overview

The General Communication Channel (GCC) was defined by ITU-T Recommendation


G.709 as in-band channel used to carry management and signaling information between
OTN elements.
Two types of GCC are available:

GCC0 - two bytes within OTUk overhead. GCC0 can be used to carry management
information.
GCC1/GCC2- four bytes (each of two bytes) within ODUk overhead. These bytes can
be used for management information or for control-plane signaling information
(GCC2 is not supported in current relase).

GCC bandwidth depends on line rate. For example GCC0 bandwidth in case of OTU2 is
about 1.3 Mbit/s as for OTU3 its bandwidth is about 5.2 Mbit/s.

....................................................................................................................................................................................................................................
1830 PSS
3-10
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the OCS application

NE firewall with provisionable IP access control lists (IP


ACL)

....................................................................................................................................................................................................................................

NE firewall with provisionable IP access control lists (IP ACL)


Overview

The Alcatel-Lucent 1830 PSS supports Internet Protocol Access Control Lists.
The Internet Protocol Access Control Lists are administered on a per NE basis. They meet
U.S. Government security requirements and corporate security requirement. IP ACLs
cover source and/ or destination IP addresses, protocols and ports. They include blocking
source/destination IP addresses, ports and protocol IDs.
For detailed information refer to the Alcatel-Lucent 1830 PSS DCN Planning and
Engineering Guide (Photonic applications), chapter DCN configuration, Security, NE
firewall with provisionable IP access control lists (IP ACL).

....................................................................................................................................................................................................................................
1830 PSS
3-11
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Overview

....................................................................................................................................................................................................................................

Data communication on the WDM application


Overview
Purpose

This section deals with the basic theoretical background of Data Communication
Networks (DCNs) on the WDM application.
Contents
User interfaces

3-13

Communications network

3-18

Gateway NE (GNE) management

3-21

CIT port

3-24

....................................................................................................................................................................................................................................
1830 PSS
3-12
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

User interfaces

....................................................................................................................................................................................................................................

User interfaces
Overview

The NE hosts LAN, serial, and debug interfaces sufficient to support EMS, local craft
terminal and serial or LAN based processor access for debug purposes. The NE supports
a single LAN IP address (Router ID) for all LAN functions. This address is provisionable
and is required when bringing up the system. This is the IP address used for all IP
communications over the OSC, GCC0, and OAMP if the OAMP port assumes the Router
ID.
A Craft Interface Terminal (CIT) interface provides access for local craft workers to
WebUI, CLI, and TL1 interfaces via local craft PCs. The WebUI interface provides a
graphical user interface to the node software using HTML, JavaScript, and Java. The
application runs on the NE and is controlled and viewed through a standard web browser
that is provided by the PC.
A local craft terminal (laptop or PC) connected either through a serial or a LAN interface
can establish TL1 or CLI connections to any NE reachable via the local NE. In addition,
the LAN interfaces can establish SNMP connections to any SNMP management system
that is reachable via the local NE.
On initial turn-up, the systems IP address (Router ID) is 172.16.0.1. The Router ID can
be provisioned via a connection to the serial craft port using the appropriate CLI or TL1
command. The Router ID can also be provisioned via the CIT port, whereby the user
simply connects his laptop to the CIT port of the master Equipment Controller (EC) and
accesses the WebUI.
Note: The following applies to the CIT:

When a user manually configures the CIT Port Admin State, the CIT Auto State is
disabled

When a user manually disables the CIT Auto State the CIT Port Admin State is
automatically set to the default value of Enabled.

Web User Interface (WebUI)

The web user interface (WebUI) provides web-based access to the network element (NE).
The WebUI interface is accessed using a web browser running on a computer that is
connected via Ethernet to the NE, either directly or over a LAN. The WebUI supports
provisioning, administration, performance monitoring, and display of alarms and
conditions from the NE. It provides an intuitive, easy-to-use tool to assist in the initial
installation and troubleshooting of NEs.

....................................................................................................................................................................................................................................
1830 PSS
3-13
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

User interfaces

....................................................................................................................................................................................................................................

Command Language Interface (CLI)

The Command Line Interface (CLI) is a line-oriented user interface that runs on the NE.
A user can access the CLI using a terminal device connected to the NE. The CLI provides
commands that allow the user to configure, manage, and monitor the NE, the NE
interfaces, and the services running on the NE.
Transaction Language 1 (TL1)

TL1 is a common protocol for NE management. The Alcatel-Lucent 1830 PSS TL1
interface is a text-based command line interface that allows the operator to configure and
manage Alcatel-Lucent 1830 PSS hardware, software, and services.
Note: TL1 is functionally and structurally defined by Telcordia documents such as
GR-831, GR-199 & GR-474.
Simple Network Management Protocol (SNMP)

SNMP is used in the management of various types of networks. The SNMP


communications occur over the Alcatel-Lucent 1830 PSS control network. SNMP has two
types of entities: management network elements (managers) and managed network
elements (agents). There are instances when the agent must notify the manager of an
event it has experienced without first having received a request from the manager. The
agent does this through traps. SNMP traps, therefore, are asynchronous messages from a
network element agent to a network manager that signals an event that may require user
attention.
In an Alcatel-Lucent 1830 PSS network, the 1354 RM-PhM or other external operations
system (such as surveillance center) acts as the management network element or manager.
The Alcatel-Lucent 1830 PSS network element acts as a managed network element or
network element agent. Traps are messages that the Alcatel-Lucent 1830 PSS network
element sends to the 1354 RM-PhM or external management system on an as-needed
basis to notify the manager of events the network element has experienced. Besides
autonomous messages (such as traps), the SNMP manager can retrieve or modify the NE
configuration (using GET or SET functions).
Note: Alcatel-Lucent 1830 PSS supports SNMP versions v1, v2c, and v3 of the
protocol.
User Panel (USRPNL)

The Alcatel-Lucent 1830 PSS provides a User Panel (USRPNL) located on the main
shelf, which supports the majority of communication connections for the NE. This user
panel includes the following ports:

Craft serial connection via DB9


Craft serial connection via USB-B
OAMP LAN connection via RJ45

....................................................................................................................................................................................................................................
1830 PSS
3-14
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

User interfaces

....................................................................................................................................................................................................................................

VoIP LAN connection via RJ45


E1/E2 LAN connection via RJ45
Note: The user panel OAMP port was meant to connected to a router/switch. In a
fixed configuration. When connected to a PC/laptop, a crossover cable must be used.
In auto-negotiation mode, either straight or crossover cable can be used.

There are four (4) general purpose switched auto-sensing LAN ports (10/100BaseTX), for
connection to EMS/NMS, VoIP, and externally managed devices. The four general
purpose switched auto-sensing LAN ports on the user panel are as follows:

The OAMP port is used to connect to the External Management System (EMS) and is
the main control interface to the NE. The signaling format is 10/100BaseT. By
default, the OAMP LAN inherits the Router ID IP address when the OAMP LAN port
is enabled for service. However, the user is free to change the IP address of the
OAMP LAN port.
The VoIP port is used to connect to an IP phone. With IP phones at every site,
customers/field technicians can talk to one another simply by dialing the IP address of
the destination phone. The IP address and status of the port can be user provisioned.
There are two External LAN ports (which can be used to connect to externally
managed devices), labeled E1-LAN and E2-LAN. These ports are auto-sensing, so
either a cross-over or straight-thru Ethernet cable can be used.

The ports designated as the OAMP and Craft ports on the USRPNL, support access to the
CLI and TL1 commands. Further, the serial craft port (which is the DB-9/USB-B port)
supports only CLI and TL1, and the OAMP port also supports SNMP management. The
VoIP port on the USRPNL is disabled by default. External IP address and MAC address
remain fixed and follow the active LAN ports on the USRPNL. There is one MAC for the
OAMP port and one MAC for the VoIP port. The Alcatel-Lucent 1830 PSS NE's MAC
addresses associated with the LAN ports on the USRPNL are installed/assigned at the
factory.
Note: The USRPNL status LED reflects status of the USRPNL itself rather than shelf
status.
Attention: The OAMP port supports both fixed configuration and auto mode. It is
provisionable via CLI or WebUI. It is not recommended to have one side as auto and
other as fixed configuration. The configuration should match on either side.
The user panel OAMP port was meant to connected to a router/switch. In a fixed
configuration, when connected to a PC/laptop, a crossover cable must be used. In
auto-negotiation mode, either straight or crossover cable can be used.
User panel replacement

After an in-service replacement of the User Interface Panel, it is necessary to synchronize


the USRPNL with the Network Element database in order to avoid a "database invalid
alarm". This can be done via the WebUI using the following procedure.
....................................................................................................................................................................................................................................
1830 PSS
3-15
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

User interfaces

....................................................................................................................................................................................................................................

Synchronize the USRPNL with the Network Element database


1. From the WebUI menu, select Administration > Database > USRPNL Replacement
Update.
2. In the USRPNL Replacement Update window, select Synchronize USRPNL with
Network Element Database: and click Apply.
Note: For detailed procedure on Replacing User Panel and detailed procedure for
User Panel replacement interrupted by a restart, see the Alcatel-Lucent 1830
Photonic Service Switch (PSS) Release 6.0 Maintenance and Trouble-Clearing Guide.
Craft interface

The NE supports two craft ports including a female (DB9) and a USB-B port. Both ports
support local RS-232C serial interface for connection to a CIT via serial link.
Either the DB9 port or the USB-B port can be used to connect serially to the NE.
However, only one port can be active at any given time. The NE automatically detects the
presence of a laptop (or any equivalent active device) when it is connected to the USB-B
port on the USRPNL. When both USB-B port and DB9 ports are simultaneously
connected, preference is given to the USB-B port. The USB-B port becomes active, and
the DB9 port is rendered inactive.
Note: The parity setting for the USB port must be set to Odd. The parity setting for
the DB9 interface must be set to None.
Equipment controller (EC)

Every PSS-32 and PSS-16 shelf contains one or two ECs (depending on whether
redundancy is desired). The EC provides four auto-sensing RJ45 LAN ports. The first
port (labeled CIT) located at the topmost of the EC, is dedicated for CIT connection. The
CIT port is active for ECs residing on the master shelf and disabled for ECs residing on
sub-shelves. The user may plug the CIT laptop into either of the Master ECs CIT port
and the SW will auto switch to the active EC.
Configurable attribute values on the two Master CIT ports are always the same; updating
the values on one port will automatically update the values on the other port. However,
when a newly introduced redundant EC is installed, CIT port data from the first EC would
need to be copied to the CIT port on the new EC.
The CIT port supports DHCP server. When a connection (e.g. using a laptop) is detected,
the NE provides an IP address in response to the DHCP request from the laptop. The CIT
port allows the client to connect locally to manage the NE, and it can also allow the client
to connect to any remote NE reachable by the local NE. The port also supports SNMP
(via 1354 RM-PhM) and FTP.

....................................................................................................................................................................................................................................
1830 PSS
3-16
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

User interfaces

....................................................................................................................................................................................................................................

The available addresses start at the beginning of the network address range as long as
they don't conflict with either the broadcast or local address. The DHCP server assigns the
IP to the client PC when connected to CIT port in the following manner:

If assign 192.168.5.1/24, and the dhcp_range is 5, the available addresses are


192.168.5.2,3,4,5,6

If assign 192.168.5.5/24, and the dhcp_range is 5, the available addresses are


192.168.5.1,2,3,4,6
If assign 192.168.5.96/24, and the dhcp_range is 5, the available addresses are
192.168.5.1,2,3,4,5

If assign 192.168.5.5/29, and the dhcp_range is 10, the available addresses are
192.168.5.1,2,3,4,6
Note: The WebUI does not run the full features like the 1354 RM-PhM. The CIT port
will only provide basic NE management (for local and remote management via
SNMP). IP Routing functions in 1830 PSS-32/PSS-16/PSS-32S and Alcatel-Lucent
1830 PSS-1 have to be configured so that all NEs intended to be managed, are
reachable from the local NE. In other words, IP applications from any external DCN
network will work only when there is full IP reach capability to every GNE and RNE
in the network.

The bottom two ports on the EC (labeled ES1 and ES2) are used to connect to
Alcatel-Lucent 1830 PSS extension shelves (sub-shelves). The 1830 PSS NE may be
comprised of multiple 1830 shelves. In order to enable protected communication between
1830 PSS shelves which comprise one NE (single TID), ES1/ES2 ports on these shelves
need to be connected in a daisy-chain fashion.
Note: Direct cabling of ES1/ES2 ports between two different 1830PSS nodes may
impact the ethernet connectivity of all XCOM ports such as OAMP, VOIP, E1, E2 &
CIT.
Failure of any EC in a duplex controller configuration does not prohibit communication
between the affected sub-shelf and the main shelf. Likewise, failure of any EC in a
simplex controller configuration does not prohibit communication between the main shelf
and all other sub-shelves, unless the simplex EC is the controller for the master Shelf.
Note: For detailed procedure on Replacing Equipment Controller, see the
Alcatel-Lucent 1830 Photonic Service Switch (PSS) Release 6.0 Maintenance and
Trouble-Clearing Guide.
Matrix and Controller Card (MTC1T9)

Every Alcatel-Lucent 1830 PSS-32S shelf contains two MTC1T9 cards. Like the EC, it
has CIT, ES1 and ES2 ports. Since the PSS-32S is always configured as an extension
shelf, the CIT port is disabled. The ES1 and ES2 ports are used to connect to the main
shelf and other extension shelves.
....................................................................................................................................................................................................................................
1830 PSS
3-17
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Communications network

....................................................................................................................................................................................................................................

Communications network
The basic communications network architecture for the Alcatel-Lucent 1830 PSS includes
all LAN interfaces, OSC interfaces, and GCC interfaces. LAN interfaces include the
OAMP, VoIP, E1, E2, CIT, and Extension Shelf (ES) connections. The OSC interfaces can
vary from one up to 8, one for each degree. The OSC carries node-to-node
communication, sharing of OSPF LSAs, wavetracker keys, SCOT messages, etc.
Note: Wave key opaque LSAs can only be enabled in one OSPF Area.
Note: The external communication (Voice/data) through the LAN ports (VoIP, OAMP,
E1, E2) in the User Interface Panel (USRPNL) are lost (dropped) when the active
controller (EC) fails (by autonomous or manual switchover command). The
communication will be established again when the EC becomes active. This also
applies to OSC and GCC as well.
For the communications network, static routes or OSPF must be used.
The GCC interfaces can vary from 1 up to 32, depending on the number of supported
Optical Transponders (OT's) that are provisioned for GCC0 termination.
Note: GCC0 terminations on the Alcatel-Lucent 1830 PSS system are supported by
the following:

112PDM11 OTL4.4 line port

11DPE12(A/E) OTU2 line port


11DPM12 OTU2 line port
11QPA4 OTU2 client port
11QPA4 OTU2 line port

11QPE24 OTU2 X port


11QPEN4 OTU2 client port
11QPEN4 OTU2 line port
11STAR1 OTU2 client port

11STAR1 OTU2 line port


11STAR1A OTU2 client port

11STAR1A OTU2 line port


11STMM10 OTU1 client port
4DPA4 OTU1 line port

These ports are used for connecting with the Alcatel-Lucent 1830 PSS-1 (Edge
Device), Alcatel-Lucent 1830 PSS-4 or other Alcatel-Lucent 1830 PSS NEs.
For newly added GCC interfaces in new or existing installations it is highly
recommended to immediately set the interface GCC to standard mode of operation.
....................................................................................................................................................................................................................................
1830 PSS
3-18
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Communications network

....................................................................................................................................................................................................................................

For existing GCC interfaces in existing installations it is highly recommended to plan


to upgrade ALL GCC interfaces to standard mode of operation. This must be a
planned action as changing the GCC standard mode of operation will cause the
interface data link to go DOWN until the GCC standard mode of operation on the
opposite end is changed to match.
Note: GCC is not supported on IO & Uplink packs.
Note: For newly added OSC/GCC interfaces in new or existing installations it is
highly recommended to immediately set the interface MTU size to 1500 bytes.
For existing OSC/GCC interfaces in existing installations it is highly recommended to
plan to upgrade ALL OSC/GCC interface MTU size to 1500. This must be a planned
action as changing the MTU size on one side of the OSC/GCC interface may cause
the interface data link to go DOWN until the MTU size on the opposite end is
changed to match.
Changing the MTU size to 1500 bytes allows for the remote management of
RAMAN/EDFA boxes through an 1830 network as well as increased throughput due
to minimized packet fragmentation.
Table 3-2, Communications Network Sizing (p. 3-19) provides a communications
network sizing summary.
Table 3-2

Communications Network Sizing

Connection Type

Maximum Value

Comment

TL1 (ports 3082, 3083)

20 sessions (see table note)

Multiple TL1 user sessions to


any NE

WebUI

16 sessions

This is for Craft Interface


Terminal (CIT) from the local
craft, or remotely connected

CLI

10 sessions

From the local craft or remote

SNMP

10 sessions

Management from 1354


RM-PhM or equivalent
SNMP manager

GCC0

32

For management connection


extension to SPB

OSC

20

Maximum of 8 fiber pairs

RNEs managed from one


GNE

128

Size of TID-IP map per GNE

256

TID to IP mapping over the


OSC and GCC0

....................................................................................................................................................................................................................................
1830 PSS
3-19
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Communications network

....................................................................................................................................................................................................................................

Table 3-2

Communications Network Sizing

(continued)

Connection Type

Maximum Value

Comment

Active users

32

Combinations of TL1,
WebUI, CLI, and SNMP users

Number of degrees supported


by one NE

52

32 GCC0 + 20 OSC

Number of NEs in one OSPF


area

256

Default OSPF area is 0

Number of provisionable
OSPF areas supported on the
NE

Note: Once the maximum allowed count of 20 TL1 sessions are open, the user needs
to cancel the current TL1 log-in session(s) to allow any new users. A new user needs
to wait for 2 minutes to log-in after cancelling any of the already logged-in users.

....................................................................................................................................................................................................................................
1830 PSS
3-20
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Gateway NE (GNE) management

....................................................................................................................................................................................................................................

Gateway NE (GNE) management


Overview

A Gateway Network Element (GNE) is defined as an NE that provides user access to all
NEs within the maintenance subnetwork. Any Alcatel-Lucent 1830 PSS can function as a
gateway NE. The GNE is able to send over the ECC (OSC and GCC0) the TL1
commands which are destined for a Remote NE. The GNE routes the messages between
members of the maintenance subnetwork.
The NE maintains a Gateway mapping table which contains mapping entries for every
reachable NE on the network. Each entry in the table contains the TID of the NE and its
corresponding IP address. The table contains entries for every reachable NE (over the
OSC for the Alcatel-Lucent 1830 PSS , as well as over the GCC for the Alcatel-Lucent
1830 PSS-1). The gateway mapping table is capable of holding a maximum of 128
entries.
Note: Upon reaching the maximum of 128 entries, the NE will raise an alarm to
indicate that the maximum size has been reached.
The NE supports creating and deleting system-level OSPF areas. The NE can be part of
up to 3 OSPF areas, in addition to the default backbone area (0-0-0-0). After an OSPF
Area is created, it can then be assigned to an OAMP, VOIP, E1, E2, OSC or GCC
interface. Opaque LSAs are used to advertise/distribute association parameters.
Note: OSPF does not need to run on the CIT, since this port is meant to be local LAN
(i.e. a stub network, not one where routes need to be discovered).
When OSPF is enabled on the OAMP or GCC0 interfaces, the default area for those
interfaces is 0. When OSPF is enabled on the OSC interface, the default area for this
interface is also 0. However, the system supports configuration of different areas on
these supported interfaces.
The GNE functionality supported in the Alcatel-Lucent 1830 PSS comes in handy if a
customer does not want to enable OSPF on the OAMP interface. Without OSPF to
discover the internal network and distribute this network to the management DCN, the
EMS is not able to directly connect to any remote NE (RNE). Connection method must
then be made thru the GNE. For example, in order to connect to an RNE, the customer
must first telnet to the GNE and from there, connect to the desired RNE.
Note: If any NEs are GNEs using static IP routing and then are reconfigured as
non-GNEs, any routers on the local subnet should have their ARP entries cleared so
that re-routing may take place immediately.

....................................................................................................................................................................................................................................
1830 PSS
3-21
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Gateway NE (GNE) management

....................................................................................................................................................................................................................................

Note: In a network design where OSPF is enabled on the GNE OAMP management
ports or static routes are configured such that an alternate path for the 1830 NEs is
available via the customer DCN in addition to inter-NE paths via OSC/GCC
interfaces the following should be adhered too:
1. At the GNE NEs the Loopback IP should be provisioned with the snmp_src option
such that all SNMP requests to the NE must use only the Loopback IP of the NE
(the OAMP IP address will not be valid for SNMP requests). Likewise any SNMP
traps from the NE will contain the Loopback IP as the source IP address.
2. When OSPF is enabled at the OAMP port the OSPF metric should be provisioned
to be greater than the largest Inter-NE path cost. This will allow for NE-NE
application data messages to prefer inter-NE paths over customer DCN paths.
3. When static routes are configured at the GNE in order to provide an alternate path
for the 1830 NEs via the customer DCN in addition to inter-NE paths via
OSC/GCC interfaces - the distance value provisioned for each static route should
be greater than 110. This will allow for NE-NE application data messages to
prefer inter-NE paths over customer DCN paths.
For applications based on IP stack (i.e. SNMP, ftp, telnet), the EMS directly
communicates with the RNE, without using any translation function on the GNE. In this
case, all IP packets are routed to the appropriate destination, and the GNE does not need
to perform any association or mediation services.
To provide redundant paths between NMS and Alcatel-Lucent 1830 PSS network, dual
GNE configurations may be used (two examples of dual GNE configurations are shown
in Figure 3-1, Dual GNE configurations (p. 3-23).

....................................................................................................................................................................................................................................
1830 PSS
3-22
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

Gateway NE (GNE) management

....................................................................................................................................................................................................................................

Figure 3-1 Dual GNE configurations

For NE-to-EMS messages, the GNE routes the TL1 message over an IP address to the
appropriate EMS based on the connection on which the message was received.
Note: Enabling and disabling of TL1 autonomous messaging is supported via the
WebUI. The default state is for messages to be suppressed. To enable TL1
autonomous messaging, check TL1 Autonomous Messages Enabled in the System
Properties window display.

....................................................................................................................................................................................................................................
1830 PSS
3-23
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


Data communication on the WDM application

CIT port

....................................................................................................................................................................................................................................

CIT port
Remote NE management via the CIT port(s) can be supported, but only if the operator
assigns unique IP addresses to these CIT ports. Either CIT port on the active EC or
standby EC (if equipped) can be used to connect to the external device (e.g. laptop).
The system allows a user (Admin or Service user) to auto-disable the CIT port status.
Disable Port Automatically can only be set to Yes if Source IP is configured (does not
equal 0.0.0.0).
Note: Configurable attribute values on the two CIT ports are always the same;
updating the values on one port will automatically update the values on the other port.
When a redundant EC is installed, CIT port data from the first EC would need to be
copied to the CIT port on the new EC.
Once the laptop verifies that it can talk to its gateway, then the user can run the CIT,
telnet to the TL1 port, or telnet into the CLI. From the locally connected-to-CIT-port
laptop the NE will respond as follows:

If the user runs the WebUI, the NE responds with a login screen.
If the user runs the telnet session to the TL1 port the NE responds with a TL1
command prompt.
If the user runs the telnet session to the CLI, the NE responds with a CLI login
prompt.
The SNMP function is fully supported over the CIT, so the CIT can be used to
manage the entire Alcatel-Lucent 1830 PSS network if needed.

....................................................................................................................................................................................................................................
1830 PSS
3-24
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Overview

....................................................................................................................................................................................................................................

OCS Setup procedures


Overview
Purpose

This section describes procedures which have to be performed for data communication
setup in a OCS application.
Contents
Procedure 3-1: Change the Site Identifier (SID)

3-27

Procedure 3-2: Retrieve IP and MAC addresses

3-29

View IP Addresses

3-30

Procedure 3-3: Set the FLC IP Addresses of the NE

3-31

Procedure 3-4: Set the loopback IP address of the NE

3-34

Procedure 3-5: Set the control plane IP addresses of the NE

3-36

Procedure 3-6: Modify the TCP/IP stack parameters

3-38

Procedure 3-7: Create an access control rule

3-41

Procedure 3-8: Modify an existing access control rule

3-42

Procedure 3-9: Delete an internet protocol access rule

3-43

Procedure 3-10: Retrieve internet protocol access list

3-44

Internet Protocol Access Control Lists

3-45

Procedure 3-11: Modify the ASAP of the Customer LAN interface

3-57

Procedure 3-12: Configure LAN interfaces to form a multi-shelf compound

3-59

Procedure 3-13: Create a network interface on the embedded communication


channels (ECCs)

3-63

Procedure 3-14: Modify the ASAP of a network interface

3-66

Procedure 3-15: Add a GCC leg to an ECC protection group

3-67

Procedure 3-16: Remove GCC legs from the ECC protection group

3-69

Procedure 3-17: Enable or disable a network interface

3-71

Procedure 3-18: Delete a network interface and an ECC protection group

3-73

Procedure 3-19: Create an IP-in-IP tunnel

3-75

Procedure 3-20: Set the alarm severity profile of an IP-in-IP tunnel

3-78

....................................................................................................................................................................................................................................
1830 PSS
3-25
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Overview

....................................................................................................................................................................................................................................

Procedure 3-21: Delete an IP-in-IP tunnel

3-80

Procedure 3-22: Enter (add) a new static IP route in the IP routing table

3-81

Procedure 3-23: Delete a static IP route from the IP routing table

3-85

Procedure 3-24: Create the NTP Server address

3-87

Procedure 3-25: Manage the NTP server address

3-89

Procedure 3-26: Retrieve the NTP sync state

3-91

Procedure 3-27: Configure the global OSPF parameters

3-93

Procedure 3-28: Create an OSPF area

3-96

Procedure 3-29: Modify an OSPF area

3-98

Procedure 3-30: Delete an OSPF area

3-100

Parameters of a OSPF Area

3-101

Procedure 3-31: Configure the IP address range for the OSPF area

3-102

Procedure 3-32: Delete the IP address range of an OSPF area

3-104

Procedure 3-33: Configure OSPF interface parameters

3-106

Procedure 3-34: Modify OSPF Authentication settings

3-109

....................................................................................................................................................................................................................................
1830 PSS
3-26
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-1: Change the Site Identifier (SID)

....................................................................................................................................................................................................................................

Procedure 3-1: Change the Site Identifier (SID)


When to use

Use this procedure to change an already provisioned NE name (also referred to as the Site
Identifier (SID)).
NE names

NE names must be unique within a network to guarantee the reachability by management


systems and the proper interworking of NEs.
Related TL1 commands

The following TL1 commands are related to this procedure:

SET-SID

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem.


...................................................................................................................................................................................................

Then select System Commands Set Site Identifier, either by selecting Action from
the main menu bar or by using the context menu opened with the right mouse button.

....................................................................................................................................................................................................................................
1830 PSS
3-27
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-1: Change the Site Identifier (SID)

....................................................................................................................................................................................................................................

Result: The Alcatel-Lucent 1830 PSS ZIC Set Site Identifier window opens.
...................................................................................................................................................................................................

Place the cursor in the SID text box and key in the new SID observing the following
configuration rules:

Each NE name must be unique within the network.


The following characters are allowed in an NE name:
Uppercase letters (A .. Z),

Lowercase letters (a .. z),


Special characters (-),
Digits (0 .. 9).
Each NE name must be at most 20 characters in length.

The SID must start with a letter and must end with an alphanumeric character.
Consecutive hyphens (-) are not allowed.
Number of hyphens must not be greater than 4.

If a lower-case character string is entered for the SID, it is automatically converted to


an uppercase character string for comparison to any TID value entered in a command.

Please note that NE names are case-insensitive.


...................................................................................................................................................................................................

Click Apply to assign the new SID and to dismiss the window.
...................................................................................................................................................................................................

Confirm the resulting system message by clicking OK.


Attention: Change of SID causes the active user session to become closed.
...................................................................................................................................................................................................

Exit the Alcatel-Lucent 1830 PSS ZIC. Then restart the Alcatel-Lucent 1830 PSS ZIC.
Repeat a refresh of the 1830 PSS ZIC page in the browser window until the new NE
name is present in NE TID field and ZIC SERVER state is ALIGNED. Then launch ZIC
application again.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-28
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-2: Retrieve IP and MAC addresses

....................................................................................................................................................................................................................................

Procedure 3-2: Retrieve IP and MAC addresses


When to use

Use this procedure if you want to view the IP and MAC addresses of an NE.
Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-IP-ADDR

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking.


Then select IP Addresses IP Addresses , either by selecting Action from the main menu
bar or by using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens. See View IP

Addresses (p. 3-30).


...................................................................................................................................................................................................

Click on Close to exit to the IP Address window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-29
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

View IP Addresses

....................................................................................................................................................................................................................................

View IP Addresses
Purpose

This window is used to display the TCP/IP addresses in the network element NE).
Fields and parameters

The following fields/parameters are available:


Parameter

Meaning

Active FLC IP

Displays the Internet Protocol address configured on the currently


active FLC.
Configured on the OAMP LAN.

Control Plane IP

Displays the control plane node IP address of the NE.

FLC A IP

Displays the Internet Protocol address configured on the left FLC


card.
Configured on the OAMP LAN.

FLC B IP

Displays the Internet Protocol address configured on the right FLC


card.
Configured on the OAMP LAN.

LAN Gateway

Displays the Internet Protocol address of the gateway router,


connected to the OAMP LAN.

Loopback IP

Displays the loopback IP address of the NE. Used by several


network interfaces (ECCs, and IPIPTs), and used as OSPF router Id.

IP Mask

Displays the subnet mask of the network the NE is connected to.


Configured on the OAMP LAN.

MAC Address

Displays the MAC address.

....................................................................................................................................................................................................................................
1830 PSS
3-30
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-3: Set the FLC IP Addresses of the NE

....................................................................................................................................................................................................................................

Procedure 3-3: Set the FLC IP Addresses of the NE


When to use

Use this procedure to modify the FLC IP Addresses of the NE.


Note: This IP address can also be set using Procedure 20-1: Initialize the NE using
EZ setup tool (p. 20-27).
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-IP-ADDR

RTRV-IP-ADDR.

Before you begin

Prior to performing this task, you must:

Have a valid user login and password


Be connected to the subject NE

Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC.

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking.


Then select IP Addresses, either by selecting Action from the main menu bar or by using
the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens.
...................................................................................................................................................................................................

Select the list entry you want to modify.


...................................................................................................................................................................................................

Click Edit FLCIP Addresses.


Result: TheEdit FLC IP Addresses window opens.
...................................................................................................................................................................................................

In the field Active FLC IP Address enter the IP address for the currently active FLC.

....................................................................................................................................................................................................................................
1830 PSS
3-31
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-3: Set the FLC IP Addresses of the NE

....................................................................................................................................................................................................................................

Additional information: {1-99,101-126,128-223} - {0-255} - {0-255} - {0-255}.

Neither the network nor the host portion of the address (with respect to the value of
the MASK parameter) when viewed in binary format may be all 0s or all 1s.
This address follows the active FLC on each FLC EPS switch.
The factory default is 18-70-1-3.
...................................................................................................................................................................................................

In the field FLC-A IP Address modify the IP address of the left FLC.
Additional information: {1-99,101-126,128-223} - {0-255} - {0-255} - {0-255}.

Neither the network nor the host portion of the address (with respect to the value of
the MASK parameter) when viewed in binary format may be all 0s or all 1s.
The factory default is 18-70-1-1. This address is always configured on the (front
view) leftmost FLC card (Slot 73 in PSS-64 system, Slot 23 in PSS-36 system)
...................................................................................................................................................................................................

In the field FLC-B IP Address modify the IP address of the right FLC.
Additional information: {1-99,101-126,128-223} - {0-255} - {0-255} - {0-255}.

Neither the network nor the host portion of the address (with respect to the value of
the MASK parameter) when viewed in binary format may be all 0s or all 1s.
The factory default is 18-70-1-2. Once changed, this parameter cannot be reset to the
factory default. This address is always configured on the rightmost FLC card (Slot 75
in PSS-64 system Slot 40 in PSS-36 system)
...................................................................................................................................................................................................

In the field Subnet Mask enter the subnet mask of the network the NE is connected to on
the Customer LAN.
Additional information: {128-255} - {0-255} - {0-255} - {0-248}

Alternative the mask can be entered in CIDR notation: {1-29}


The mask, in binary representation, must contain a contiguous string of 1s (the
network portion) followed by a contiguous string of 0s (the host portion). All IP
addresses specified have to be in the same subnet.
The factory default is 255-255-255-0.
...................................................................................................................................................................................................

In the field LAN Gateway enter the internet Protocol address of the gateway router,
connected to the OAMP LAN
Additional information: {1-99,101-126,128-223} - {0-255} - {0-255} - {0-255}

Internet Protocol address of the gateway router, connected to the OAMP LAN. The
address must be part of the IP subnet configured on the OAMP LAN via the
ACTIVEFLCIP, FLCAIP, FLCBIP, MASK parameters. The address must not be
....................................................................................................................................................................................................................................
1830 PSS
3-32
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-3: Set the FLC IP Addresses of the NE

....................................................................................................................................................................................................................................

identical to any of the ACTIVEFLCIP, FLCAIP, FLCBIP addresses. Neither the


network nor the host portion of the address (with respect to the value of the MASK
parameter) when viewed in binary format may be all 0s or all 1s.
The factory default is 0-0-0-0, meaning that no default route is set via the OAMP
LAN. Changing the value back to 0-0-0-0 is equivalent to removing the default route.
Note: Do not provision a LAN Gateway address for a Remote NE, that is not
physically connected to an OAMP LAN
...................................................................................................................................................................................................

Click Apply.
Result: The IP change is sent to NE and the Alcatel-Lucent 1830 PSS ZIC shows the

updated address.
...................................................................................................................................................................................................

10

Exit to the IP Address window.


...................................................................................................................................................................................................

11

Reconnect to the Alcatel-Lucent 1830 PSS ZIC.


Change of the FLC IP Addresses causes the active user session to become closed.
Reconnect to the Alcatel-Lucent 1830 PSS ZIC page with the browser using the newly
provisioned IP address and refresh the presented page until the ZIC SERVER state is
ALIGNED. Then launch ZIC application again.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-33
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-4: Set the loopback IP address of the NE

....................................................................................................................................................................................................................................

Procedure 3-4: Set the loopback IP address of the NE


When to use

Use this procedure to set or modify the loopback IP address of the NE, which is shared as
interface address by all ECC network interfaces (NETIF), IP over IP tunnel interfaces
(IPIPT), and which is also used as OSPF router Id.
Note: This IP address can also be set using Procedure 20-1: Initialize the NE using
EZ setup tool (p. 20-27).
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-IP-ADDR
RTRV-IP-ADDR

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

Have proper User Community Authorization Level to perform this task,


ensure that no OSPF interface is enable in the system
ensure that neither a NETIF interface nor an IPIPT tunnel is provisioned.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking.
Then select IP Addresess, either by selecting Action from the main menu bar or by using
the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens.
...................................................................................................................................................................................................

Click Edit Loopback IP Address.

....................................................................................................................................................................................................................................
1830 PSS
3-34
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-4: Set the loopback IP address of the NE

....................................................................................................................................................................................................................................

Result: The Edit Loopback IP Address window opens.


...................................................................................................................................................................................................

In the field Loopback IP Address enter the loopback address of the NE.
Note: This address is an alias to the SYSTEM IP address as set up with Procedure
3-6: Modify the TCP/IP stack parameters (p. 3-38).
Additional information: The address 0-0-0-0 is not allowed.

The NE loopback address is also used as OSPF Router Id. The address must not be
part of the IP subnet configured on the customer LAN via the ACTIVEFLCIP,
FLCAIP, FLCBIP, MASK parameters. The address must not be identical to the CPIP
address.
The factory default is 0-0-0-0.
...................................................................................................................................................................................................

Click Apply.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens.
...................................................................................................................................................................................................

Exit the IP Address window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-35
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-5: Set the control plane IP addresses of the NE

....................................................................................................................................................................................................................................

Procedure 3-5: Set the control plane IP addresses of the NE


When to use

Use this procedure to set the control plane IP addresses of the NE, if not already done
using Procedure 20-1: Initialize the NE using EZ setup tool (p. 20-27).
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-IP-ADDR
RTRV-IP-ADDR

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking.
Then select IP Addresess, either by selecting Action from the main menu bar or by using
the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens.
...................................................................................................................................................................................................

Select the list entry you want to modify.


...................................................................................................................................................................................................

Click Edit Control Plane IP Address.


Result: The Edit Control Plane IP Address window opens.
...................................................................................................................................................................................................

In the field Control Plane IP Address enter the control plane node IP address of the NE.

....................................................................................................................................................................................................................................
1830 PSS
3-36
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-5: Set the control plane IP addresses of the NE

....................................................................................................................................................................................................................................

Additional information: The address 0-0-0-0 is not allowed.

The address must not be part of the IP subnet configured on the customer LAN via the
ACTIVEFLCIP, FLCAIP, FLCBIP, MASK parameters. The address must not be
identical to the LOOPBACKIP address.
The factory default is 0-0-0-0.
Note: This address is an alias to the control plane IP address as set up with
Procedure 3-6: Modify the TCP/IP stack parameters (p. 3-38).
Note: After the GMRE processes have been activated by setting the GMRE
Administrative State to UP the Control Plane IP address cannot be modified
anymore.
...................................................................................................................................................................................................

Click Apply.
Result: The Alcatel-Lucent 1830 PSS ZIC IP Address window opens.
...................................................................................................................................................................................................

Exit the IP Address window.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-37
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-6: Modify the TCP/IP stack parameters

....................................................................................................................................................................................................................................

Procedure 3-6: Modify the TCP/IP stack parameters


When to use

This procedure can also be used to configure TCP/IP parameters for some of the
interfaces:

LAN-OAMP (management LAN interface),


SYSTEM (Router ID),
CPN (Control Plane Node).

The configured IP address on System AID is the NE's loopback IP address, which is
shared as interface address by all unnumbered network interfaces.
The configured IP address on System AID will be also used as OSPF Router ID.
The configured IP address on control plane node AID is used as TDM control plane node
address. This address has to be provisioned, before the TDM control plane is started on
the NE. This address is used by the control plane for communicating with direct
neighbors.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-IP-IF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking IP
Addresses IP Interfaces.

....................................................................................................................................................................................................................................
1830 PSS
3-38
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-6: Modify the TCP/IP stack parameters

....................................................................................................................................................................................................................................

Result: The Alcatel-Lucent 1830 PSS ZIC Manage IP Interfaces window opens.
...................................................................................................................................................................................................

Select the interface for which you want to configure:

SYSTEM

Loopback Address

CPN

Local Control Plane Node


( the CPN address cannot be set before the SYSTEM address is set)

CPNOTIFY (only displayed, can not be edited)

Local Control Plane Notify Interface

LAN-OAMP

Customer LAN
...................................................................................................................................................................................................

Click Modify.
Result: The Alcatel-Lucent 1830 PSS ZIC Manage IP Interfaces window opens.
...................................................................................................................................................................................................

Enter the Internet Protocol address of the NE on the addressed interfacein the IP Address
field.
For the IP address the following restrictions exist:

Possible values are {1-99, 101-126, 128-223} - {0-255} - {0- 255} - {0-255}

0-0-0-0 is not allowed


Neither the network nor the host portion of the address when viewed in binary format
may be all 0s or all 1s.

...................................................................................................................................................................................................

Enter the subnet mask fore NE in the Subnet Mask field.


For the IP address the following restrictions exist:

the Mask Parameter only applies to the LAN interface

Possible values are {128-255} - {0-255} - {0- 255} - {0-248}


The mask, in binary representation, must contain a contiguous string of 1s (the
network portion) followed by a contiguous string of 0s (the host portion)..

...................................................................................................................................................................................................

Enable the Internet Protocol on the addressed LAN interface.


Select Yes in the respective drop-down list box.

....................................................................................................................................................................................................................................
1830 PSS
3-39
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-6: Modify the TCP/IP stack parameters

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Click Apply to confirm.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-40
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-7: Create an access control rule

....................................................................................................................................................................................................................................

Procedure 3-7: Create an access control rule


When to use

Use this procedure to add a new access control rule to the NE firewall.
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

ENT-IPACLIST

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
...................................................................................................................................................................................................

Either by selecting Action from the main menu bar or by using the context menu opened
with the right mouse button, select Add Rule.
Result: The Create access control rule window opens.
Reference: See Internet Protocol Access Control Lists (p. 3-45).
...................................................................................................................................................................................................

Enter the needed parameters as described.


...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The access control rule is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-41
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-8: Modify an existing access control rule

....................................................................................................................................................................................................................................

Procedure 3-8: Modify an existing access control rule


When to use

Use this procedure to modify an existing access control rule of the NE firewall.
Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-IPACLIST

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
...................................................................................................................................................................................................

Select an access control rule in the list displayed in the right part of the Alcatel-Lucent
1830 PSS ZIC main menu and click on Modify.
...................................................................................................................................................................................................

Modify the parameters as described.


Reference: See Internet Protocol Access Control Lists (p. 3-45).
...................................................................................................................................................................................................

Click Apply to apply your settings.


Result: The access control rule is configured accordingly.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-42
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-9: Delete an internet protocol access rule

....................................................................................................................................................................................................................................

Procedure 3-9: Delete an internet protocol access rule


When to use

Use this procedure to delete an internet protocol access rule.


Important! This is allowed to a security administrator only.
Related TL1 commands

The following TL1 commands are related to this procedure:

DLT-IPACLIST

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
Result: The Access Control Lists are displayed in the display pane of the

Alcatel-Lucent 1830 PSS ZIC.


...................................................................................................................................................................................................

Select the access control rule and click Delete.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-43
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-10: Retrieve internet protocol access list

....................................................................................................................................................................................................................................

Procedure 3-10: Retrieve internet protocol access list


When to use

Use this procedure to retrieve the internet protocol access rules.


Related TL1 commands

The following TL1 commands are related to this procedure:

RTRV-IPACLIST

Before you begin

Prior to performing this task, you must be logged into the Alcatel-Lucent 1830 PSS ZIC
and the respective network element.
Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System NE Security
Access Control Lists.
Result: The Access Control Lists are displayed in the display pane of the

Alcatel-Lucent 1830 PSS ZIC.


Reference: See Internet Protocol Access Control Lists (p. 3-45).
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-44
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Internet Protocol Access Control Lists


Access Control Lists for IP addresses and ports

The device supports the configuration of access control lists (ACL) or filters to limit the
access to the administration and other management protocols only from certain ranges of
authorized source IP addresses and ports. It is also possible to configure multiple disjoint
ranges specified through IP network and mask.
Access control lists are configurable on NEs to filter traffic which is destined for the NE
itself and forwarded by the NE. E.g.:

Completely block an NE service, which is not used in the operator context.


Restrict access to a service to a limited range of IP addresses.

Filter rules

Packet filter rules for IP forwarding can be defined by specifying ID as FORWARD.

There is one global filter chain for IP forwarding.

Packet filter rules for traffic destined to the NE can be defined by specifying ID as a
specific service value.

There is one filter chain for each service of the NE, specified via the ID parameter.

Each filter chain is an ordered list of rules. When matching a packet against rules of a
chain, the rules of the chain are applied one-by-one according to the given order. If one
rule matches, the TARGET action, specified by that rule is executed on the packet.
No further rules in the chain are applied to that packet, after one rule matched.
This matching mechanism allows to define and make use of conflicting rules.
As a typical example, a rule for accepting a set (A) of packets can be followed by a rule
for dropping a superset (B, including A) of packets. In sum, this has the effect of dropping
all packets in set B except for those, which are also in set A.
As a factory default, each chain contains a single rule, which unconditionally accepts
every packet. To define a more restrictive rule set, the following procedure can be
applied:

First append rules to the chain, which accept all desired specific traffic types.

Append one final rule, which drops or rejects everything.


Finally delete the 'accept all' factory default rule, which is still at the beginning of the
chain.

Creating a new rule

The default behavior is to append the new rule to the chain.

....................................................................................................................................................................................................................................
1830 PSS
3-45
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

When specifying Index, the new rule is inserted before the existing rule indicated by the
value of Index. When inserting a rule into a chain, Index values of all existing rules (of
the same chain) with the same or a higher Index value are incremented by one.

....................................................................................................................................................................................................................................
1830 PSS
3-46
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Fields and parameters

The following fields/parameters are available:


Field/parameter ...

Meaning...

ID

Identifies the id of the chain, to which the rule belongs:

FORWARD

IP forwarding chain

TL1RAWUNSEC

Input chain for the raw encoded TL1 service on TCP port 3082

TL1RAW

Input chain for the raw encoded TL1 over SSH port 6084

TL1TELNET

Input chain for the telnet encoded TL1 over SSH port 6085

ZIC

Input chain for all SSL/TLS ports used by communication to


ZIC-GUI

DBG

Input chain for debug shell SSH port 22

CPMGT

Input chain for control plane management via CORBA over


TCP port 34567

CPCLI

Input chain for the control plane CLI over SSH port 6087

CPRSVP

Input chain for the control plane signaling protocol RSVP

CPOSPFTE

Input chain for the control plane OSPF-TE protocol (data plane
routing)

CPLMP

Input chain for the control plane LMP protocol on UDP port 701

NTP

Input chain for the NTP protocol on UDP port 123

OSPF

Input chain for the OSPFv2 routing protocol

ICMP

Input chain for ICMP messages

MON

Input chain for NE monitoring on TCP port 8649

ALL

ALL AID

....................................................................................................................................................................................................................................
1830 PSS
3-47
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Index

The index of the rule in the chain addressed by AID.


{1-4000}
When creating a new rule, this specifies in front of which existing
rule to insert the new rule. Index values are incremented for all rules
behind the inserted new rule.

Interface Input

Defines the interface(s) on which matching packets may have


entered the NE

LAN-{OAMP, CIT}

Customer LAN
only packets coming in on the specific interface can match the
rule

NETIF-{1-512}

Network Interface on an ECC protection group


only packets coming in on the specific interface can match the
rule

NETIF-ALL

packets coming in on any NETIF can match the rule

IPIPT-{1-64}

Internet Protocol in Internet Protocol Tunnel


only packets coming in on the specific interface can match the
rule

IPIPT-ALL

packets coming in on any IPIPT can match the rule

ALL

packets coming in on any interface can match the rule

....................................................................................................................................................................................................................................
1830 PSS
3-48
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Interface Output

Defines the interface(s) on which matching packets leave the NE.


This parameter is only supported for the forwarding chain, i.e. if
AID is reported as FORWARD.

LAN-{OAMP, CIT}

Customer LAN
only packets coming in on the specific interface can match the
rule

NETIF-{1-512}

Network Interface on an ECC protection group


only packets coming in on the specific interface can match the
rule

NETIF-ALL

packets coming in on any NETIF can match the rule

IPIPT-{1-64}

Internet Protocol in Internet Protocol Tunnel


only packets coming in on the specific interface can match the
rule

IPIPT-ALL

packets coming in on any IPIPT can match the rule

ALL

packets coming in on any interface can match the rule

....................................................................................................................................................................................................................................
1830 PSS
3-49
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

IP Protocol

Defines the IP protocol of matching packets.

{0-255}

Numeric protocol value from the IP header

ICMP

Equivalent to protocol number = 1

IGMP

Equivalent to protocol number = 2

TCP

Equivalent to protocol number == 6

UDP

Equivalent to protocol number = 17

RSVP

Equivalent to protocol number = 46

OSPFTE

Equivalent to protocol number = 55

OSPF

Equivalent to protocol number = 89

ALL

Equivalent to protocol number = 0, matches any protocol


number
When retrieving the internet protocol access rules this parameter is
only reported for the forwarding chain, i.e. if ID is reported as
FORWARD.
Note: This parameter is only allowed to be specified, if
adding/changing rules of the forwarding chain.
ICMP Type

Defines the ICMP header type field value of matching packets


For the forwarding chain, this parameter is only accepted, if ICMP is
specified via IP Protocol. For a service specific chain, this
parameter is only accepted, if the addressed service is ICMP.
Values:

{0-255}

ALL

Equivalent to numerical value 255, matches any value.


The ICMP type is not considered for matching.

....................................................................................................................................................................................................................................
1830 PSS
3-50
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

ICMP Code

Defines the ICMP header code field value of matching packets.


For the forwarding chain, this parameter is only accepted, if ICMP is
specified via IP Protocol. For a service specific chain, this
parameter is only accepted, if the addressed service is ICMP.
Values:

{0-255}

ALL

The code type is not considered for matching.

....................................................................................................................................................................................................................................
1830 PSS
3-51
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Source Port.

Defines the TCP or UDP source port of matching packets.


Values:

{0-65535}

TL1RAWUNSEC

Equivalent to TCP port 3082

TL1RAW

Equivalent to TCP port 6084

TL1TELNET

Equivalent to TCP port 6085

HTTPS

Equivalent to TCP port 443

SSH

Equivalent to TCP port 22

CPMGT

Equivalent to TCP port 684

CPCLI

Equivalent to TCP port 6087

NTP

Equivalent to UDP port 123

MON

Equivalent to TCP port 8649

ALL

The source port is not considered for matching.


For the forwarding chain, this parameter is only accepted, if UDP or
TCP is specified via the IPPROTOCOL= parameter. For a service
specific chain, this parameter is only accepted, if the addressed
service is based on UDP or TCP.
A symbolic port name is only allowed, if it matches to the protocol
(TCP or UDP) specified via IPPROTOCOL=.
A set of ports can be specified via && ranging and & grouping.
Up to 15 ports can be given, where a && range specification counts
as 2 ports.
Only numeric values are allowed in a && ranging term.

....................................................................................................................................................................................................................................
1830 PSS
3-52
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Source Addr

Defines the source IP address of matching packets.


Values:
{0-255}-{0-255}-{0-255}-{0-255}

Together with the Source Mask parameter, an address range can be


specified. The wildcard value 0-0-0-0 with Source Mask=0 means,
source IP address is not considered for matching. Any address
different from 0-0-0-0 with Source Mask=32 means, a single
address is considered for matching
Source Mask

Defines the Source Mask of matching packets.


Values:
{0-255}-{0-255}-{0-255}-{0-255}
{0-32}

Defines the range of matching packets together with the source IP


address.
The mask can be given in CIDR notation or in dotted decimal
notation (e.g. 24 standing for CIDR notation /24 being synonym to
255-255-255-0, standing for dotted decimal notation
255.255.255.0).
Destination Addr

Defines the destination IP address of matching packets.


Values:
{0-255}-{0-255}-{0-255}-{0-255}

Together with the Destination Mask parameter, an address range can


be specified. The wildcard value 0-0-0-0 with Destination Mask=0
means, source IP address is not considered for matching. Any
address different from 0-0-0-0 with Destination Mask=32 means, a
single address is considered for matching
Destination Mask

Defines the Destination Mask of matching packets.


Values:
{0-255}-{0-255}-{0-255}-{0-255}
{0-32}

Defines the range of matching packets together with the Destination


address.
The mask can be given in CIDR notation or in dotted decimal
notation (e.g. 24 standing for CIDR notation /24 being synonym to
255-255-255-0, standing for dotted decimal notation
255.255.255.0).

....................................................................................................................................................................................................................................
1830 PSS
3-53
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Destination Port

Defines the TCP or UDP destination port of matching packets.


Values:

{0-65535}

TL1RAWUNSEC

Equivalent to TCP port 3082

TL1RAW

Equivalent to TCP port 6084

TL1TELNET

Equivalent to TCP port 6085

HTTPS

Equivalent to TCP port 443

SSH

Equivalent to TCP port 22

CPMGT

Equivalent to TCP port 684

CPCLI

Equivalent to TCP port 6087

NTP

Equivalent to UDP port 123

MON

Equivalent to TCP port 8649

ALL

The source port is not considered for matching.


For the forwarding chain, this parameter is only accepted, if UDP or
TCP is specified via the IPPROTOCOL= parameter. For a service
specific chain, this parameter is not supported.
A symbolic port name is only allowed, if it matches to the protocol
(TCP or UDP) specified via IPPROTOCOL=.
A set of ports can be specified via && ranging and & grouping.
Up to 15 ports can be given, where a && range specification counts
as 2 ports.
Only numeric values are allowed in a && ranging term.

....................................................................................................................................................................................................................................
1830 PSS
3-54
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

State

This defines the connection tracking state of matching packets.


Values:

INVALID

The packet is associated with no known connection.

NEW

The packet has started a new connection, or is otherwise


associated with a connection which has not seen packets in both
directions.

ESTABLISHED

The packet is associated with a connection which has seen


packets in both directions.

RELATED

The packet is starting a new connection, but is associated with


an existing connection, such as an FTP data transfer, or an
ICMP error.

ALL

The connection state is not considered for matching.


Via & grouping, a list of states can be specified. The rule matches,
if one of the listed states applies.
This parameter is only supported for the forwarding chain,
Fragmentation.

Specifies, whether and how to match packets based on being


fragmented.

match packets which are a second or later packet

match packets which are not fragmented, or are a first fragment

ALL

don't care about fragmentation


Note: This parameter is only supported tor the forwarding chain.
Retrieving internet protocol access rules:
When retrieving internet protocol access rules this parameter is only
reported, if fragmentation is actually considered for matching. ALL
is never reported).

....................................................................................................................................................................................................................................
1830 PSS
3-55
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Internet Protocol Access Control Lists

....................................................................................................................................................................................................................................

Field/parameter ...

Meaning...

Treatment

Specifies how packets are treated, which match this rule

ACCEPT

matching packets are accepted

DROP

matching packets are silently discarded

REJECT

matching packets are discarded, an ICMP error message is sent


back

....................................................................................................................................................................................................................................
1830 PSS
3-56
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-11: Modify the ASAP of the Customer LAN


interface

....................................................................................................................................................................................................................................

Procedure 3-11: Modify the ASAP of the Customer LAN


interface
When to use

Use this procedure to modify the ASAP of the Customer LAN interface.
This applies to the following ports:

OAMP:
The OAMP faceplate LAN connector on the main shelf FLC cards. This is intended
for connecting the NE to the DCN for central management

Related TL1 command

The following TL1 command is related to this procedure:

ED-LAN.

Before you begin

Prior to performing this task, you must:

Have a valid user login and password


Be connected to the subject NE
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


Customer LAN .
...................................................................................................................................................................................................

Select the LAN-OAMP entry in the list.


...................................................................................................................................................................................................

Then select Properties Alarm Severity - Set either by selecting Action from the main
menu bar or by using the context menu opened with the right mouse button.
Result: The Edit Alarm Profile Pointer window opens.
...................................................................................................................................................................................................

In the field Alarm Profile select the Alarm Severity Assignment Profile to be used.

....................................................................................................................................................................................................................................
1830 PSS
3-57
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-11: Modify the ASAP of the Customer LAN


interface

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-58
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-12: Configure LAN interfaces to form a


multi-shelf compound

....................................................................................................................................................................................................................................

Procedure 3-12: Configure LAN interfaces to form a


multi-shelf compound
When to use

Use this procedures to configure shelf interconnection LAN Ports on MTX cards for
setting up a multi-shelf compound.
For compound concept information refer to Alcatel-Lucent 1830 PSS Product Information
and Planning Guide.
Interconnection in a single multi-shelf compound

When extension shelves are used the main shelf and the extension shelves must be
interconnected by LAN cables in the following way to form a single compound:

The external LAN interfaces (ES1, ES2) of the left matrix card must be connected to
the external LAN interfaces (ES1, ES2) of the left matrix card of the neighbor
shelves.

The external LAN interfaces (ES1, ES2) of the right matrix card must be connected to
the external LAN interfaces (ES1, ES2) of the right matrix card of the neighbor
shelves
The ES1 interfaces of a shelf are always connected to the ES2 interfaces of its
neighbor shelf.

This must be done from one shelf to the next shelf until a ring closure is achieved.

Refer to the following figure for clarification:

A single compound can be configured as OCS or as WDM compound and both can be
interconnected as well. Compound interconnnect is done via OAMP LAN.
....................................................................................................................................................................................................................................
1830 PSS
3-59
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-12: Configure LAN interfaces to form a


multi-shelf compound

....................................................................................................................................................................................................................................

For additional configuration details on interconnecting compounds (for example, to


configure the interconnection of OCS compound to WDM compound) see Chapter 4 of
the 1830 PSS User Provisioning Guide.
Related TL1 command

The following TL1 command is related to this procedure:

ED-LAN.

Before you begin

Prior to performing this task, you must:

Have a valid user login and password


Be connected to the subject NE
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Enable LAN interfaces


...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking
Internal LAN.
...................................................................................................................................................................................................

Select a LAN entry in the list.


On the Alcatel-Lucent 1830 PSS-64:

LANPORT-1-1-71-ES1

LANPORT-1-1-71-ES2

LANPORT-1-1-72-ES1

LANPORT-1-1-72-ES2

On the Alcatel-Lucent 1830 PSS-36:

LANPORT-1-<shelf>-11-ES1

LANPORT-1-<shelf>-11-ES2

LANPORT-1-<shelf>-15-ES1

LANPORT-1-<shelf>-15-ES2

....................................................................................................................................................................................................................................
1830 PSS
3-60
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-12: Configure LAN interfaces to form a


multi-shelf compound

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Then select Properties General either by selecting Action from the main menu bar or
by using the context menu opened with the right mouse button.
Result: The Properties General window opens.
...................................................................................................................................................................................................

Enable the addressed LAN interface, if not already enabled by default


Select Enabled in the respective drop-down list box.
...................................................................................................................................................................................................

Click Apply to close the window.


E...................................................................................................................................................................................................
N D O F S T E P S

Set the ASAP of an internal LAN interface


...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking
Internal LAN.
...................................................................................................................................................................................................

Select a LAN entry in the list.


On the Alcatel-Lucent 1830 PSS-64:

LANPORT-1-1-71-ES1

LANPORT-1-1-71-ES2

LANPORT-1-1-72-ES1

LANPORT-1-1-72-ES2

On the Alcatel-Lucent 1830 PSS-36:

LANPORT-1-<shelf>-11-ES1

LANPORT-1-<shelf>-11-ES2

LANPORT-1-<shelf>-15-ES1

LANPORT-1-<shelf>-15-ES2

...................................................................................................................................................................................................

Then select Properties Alarm Severity - Set either by selecting Action from the main
menu bar or by using the context menu opened with the right mouse button.

....................................................................................................................................................................................................................................
1830 PSS
3-61
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-12: Configure LAN interfaces to form a


multi-shelf compound

....................................................................................................................................................................................................................................

Result: The Edit Alarm Profile Pointer window opens.


...................................................................................................................................................................................................

In the field Alarm Profile select the Alarm Severity Assignment Profile to be used.
Additional information: Select LBL-ASAPLAN-SYSDFLT, if not already selected.

For further information on alarm profiles refer to the Product Information and
Planning Guide, table System-defined ASAP instances.
...................................................................................................................................................................................................

Click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-62
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-13: Create a network interface on the


embedded communication channels (ECCs)

....................................................................................................................................................................................................................................

Procedure 3-13: Create a network interface on the embedded


communication channels (ECCs)
When to use

Use this procedure to create a network interface on the ECC for data communication
purposes.
This procedure creates an ECC protection group with the ECC channel specified as its
single member and automatically enables IP on the network interface.
ECC termination is done on IO cards. ECC bytes are transported between IO cards and
the central ECC routing component on FLC cards via dedicated bidirectional backplane
links.
You can add or remove ECC channels to/from the ECC protection group (see Procedure
3-15: Add a GCC leg to an ECC protection group (p. 3-67)).
The ECC channel can be the GCC0 of the specific OTU facility. The GCC0 is identified
by means of the OTU AID and the (optional) DCCCHNL parameter.
The ECC channel can be the GCC1 of the specific ODU facility. The GCC1 is identified
by means of the ODU AID and the (optional) DCCCHNL parameter.
ECC backplane capacity restrictions

The following ECC backplane capacity restrictions apply per I/O card:

a 2XANY40G card provides 297 bytes ECC backplane capacity towards the FLC
dedicated to ECCs from port 1, and 297 bytes ECC backplane capacity towards the
FLC dedicated to ECCs from port 2.

a 10XANY10G card provides 297 bytes ECC backplane capacity towards the FLC
a 43SCUP card provides 297 bytes ECC backplane capacity towards the FLC.
an ODU2 GCC uses 22 ECC backplane bytes
an OTU2 GCC uses 22 ECC backplane bytes

an ODU2e GCC uses 23 ECC backplane bytes


an OTU2e GCC uses 23 ECC backplane bytes
an ODU3 GCC uses 84 ECC backplane bytes.
an OTU3 GCC uses 84 ECC backplane bytes.

an ODU3E2 GCC uses 87 ECC backplane bytes

an OTU3E2 GCC uses 87 ECC backplane bytes


An ODU4 GCC uses 216 ECC backplane bytes
An OTU4 GCC uses 216 ECC backplane bytes

....................................................................................................................................................................................................................................
1830 PSS
3-63
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-13: Create a network interface on the


embedded communication channels (ECCs)

....................................................................................................................................................................................................................................

Related TL1 commands

The following TL1 commands are related to this procedure:

ENT-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,

Be connected to the subject NE,


Have proper User Community Authorization Level to perform this task.
Loopback IP is configured.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


Network Interfaces.
Then select Create Interface, either by selecting Action from the main menu bar or by
using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Network Interfaces Provisioning Dialog

window opens.
...................................................................................................................................................................................................

In the field Add facilty select the ODU facilty which should be used.
...................................................................................................................................................................................................

In the field ECC Channel specify the type of the referred ECC channel.

GCC0

the referred ECC is a GCC0 of an OTU facility

GCC1

the referred ECC is a GCC1 of an ODU facility


...................................................................................................................................................................................................

If needed you can reference Alarm Severity Assignment Profile (ASAPNETIF) instance
by selecing the respective Alarm Profile User Label.

....................................................................................................................................................................................................................................
1830 PSS
3-64
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-13: Create a network interface on the


embedded communication channels (ECCs)

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Using the Status field you can specify the administrative status of the network interface:

ENABLED

DISABLED

Once enabled the network interface is taken into service, and IP is automatically
enabled on the network interface. Once disabled the network interface is taken out of
service.
Important! While the PPP and IP protocols are automatically enabled on a newly
created network interface, OSPF has to be enabled manually. Make sure to enable
OSPF on each newly created network interface.
...................................................................................................................................................................................................

Make sure that the settings in the Network Interfaces Provisioning Dialog window are
correct.
...................................................................................................................................................................................................

Click Apply.
Result: The command is sent.
E...................................................................................................................................................................................................
N D O F S T E P S

Adding or removing channels to/from the ECC protection group

To add or remove ECC channels to/from the ECC protection group see Procedure 3-15:
Add a GCC leg to an ECC protection group (p. 3-67).

....................................................................................................................................................................................................................................
1830 PSS
3-65
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-14: Modify the ASAP of a network interface

....................................................................................................................................................................................................................................

Procedure 3-14: Modify the ASAP of a network interface


When to use

Use this procedure to modify the ASAP of a network interface.


Related TL1 command

The following TL1 command is related to this procedure:

ED-NETIF

RTRV-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password


Be connected to the subject NE
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking
Network Interfaces .
...................................................................................................................................................................................................

Select a NETIF entry in the list.


...................................................................................................................................................................................................

Then select Properties Alarm Severity - Set either by selecting Action from the main
menu bar or by using the context menu opened with the right mouse button.
Result: The Edit Alarm Profile Pointer window opens.
...................................................................................................................................................................................................

In the field Alarm Profile select the Alarm Severity Assignment Profile to be used.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-66
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-15: Add a GCC leg to an ECC protection group

....................................................................................................................................................................................................................................

Procedure 3-15: Add a GCC leg to an ECC protection group


When to use

Use this procedure to add a GCC leg to an ECC protection group.


ECC protection restrictions

The following ECC protection restrictions apply:

ECC protection group can contain both GGC0 and GCC1, but not of the same port

ECC protection group can only contain GCC from within same shelf

ECC backplane capacity restrictions

The following ECC backplane capacity restrictions apply per I/O card:

a 2XANY40G card provides 297 bytes ECC backplane capacity towards the FLC
dedicated to ECCs from port 1, and 297 bytes ECC backplane capacity towards the
FLC dedicated to ECCs from port 2.
a 10XANY10G card provides 297 bytes ECC backplane capacity towards the FLC
a 43SCUP card provides 297 bytes ECC backplane capacity towards the FLC.

an ODU2 GCC uses 22 ECC backplane bytes


an OTU2 GCC uses 22 ECC backplane bytes
an ODU2e GCC uses 23 ECC backplane bytes
an OTU2e GCC uses 23 ECC backplane bytes

an ODU3 GCC uses 84 ECC backplane bytes.


an OTU3 GCC uses 84 ECC backplane bytes.

an ODU3E2 GCC uses 87 ECC backplane bytes


an OTU3E2 GCC uses 87 ECC backplane bytes

An ODU4 GCC uses 216 ECC backplane bytes


An OTU4 GCC uses 216 ECC backplane bytes

Related TL1 commands

The following TL1 commands are related to this procedure:

ED-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

....................................................................................................................................................................................................................................
1830 PSS
3-67
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-15: Add a GCC leg to an ECC protection group

....................................................................................................................................................................................................................................

Have proper User Community Authorization Level to perform this task.


Loopback IP is configured.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


Network Interfaces.
...................................................................................................................................................................................................

Select the NETIF to which you want to add a GCC leg.


...................................................................................................................................................................................................

Then select ECC Facilities Add, either by selecting Action from the main menu bar or
by using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Network Interfaces Add DCC Facilities
Dialog opens.
...................................................................................................................................................................................................

In the field Add facilty select the ODU facilty which should be used.
...................................................................................................................................................................................................

In the field DCC Channel specify the type of the referred ECC channel.

GCC0

the referred ECC is a GCC0 of an OTU facility

GCC1

the referred ECC is a GCC1 of an ODU facility


...................................................................................................................................................................................................

Click Apply.
Result: The command is sent.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-68
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-16: Remove GCC legs from the ECC protection


group

....................................................................................................................................................................................................................................

Procedure 3-16: Remove GCC legs from the ECC protection


group
When to use

Use this procedure to remove GCC legs from a ECC protection group.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


Network Interfaces.
...................................................................................................................................................................................................

Select the NETIF from which you want to remove a GCC leg.
...................................................................................................................................................................................................

Then select ECC Facilities Manage, either by selecting Action from the main menu bar
or by using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Network Interfaces Add DCC Facilities
Dialog opens.
...................................................................................................................................................................................................

Select the GCC leg you want to remove.


...................................................................................................................................................................................................

Click Delete.

....................................................................................................................................................................................................................................
1830 PSS
3-69
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-16: Remove GCC legs from the ECC protection


group

....................................................................................................................................................................................................................................

Result: The Alcatel-Lucent 1830 PSS ZIC Network Interfaces Remove DCC Facility
Dialog opens.
...................................................................................................................................................................................................

Click Apply.
Result: The GCC leg is removed.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-70
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-17: Enable or disable a network interface

....................................................................................................................................................................................................................................

Procedure 3-17: Enable or disable a network interface


When to use

Use this procedure to enable or disable a network interface.


Related TL1 commands

The following TL1 commands are related to this procedure:

ED-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking
Network Interfaces.
...................................................................................................................................................................................................

Select the NETIF you want to enable or disable.


...................................................................................................................................................................................................

Then select Properties General, either by selecting Action from the main menu bar or
by using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Properties Gereal window opens.
...................................................................................................................................................................................................

Using the field Status you can specify the administrative status of the network interface:

ENABLED

DISABLED

....................................................................................................................................................................................................................................
1830 PSS
3-71
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-17: Enable or disable a network interface

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Click on Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-72
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-18: Delete a network interface and an ECC


protection group

....................................................................................................................................................................................................................................

Procedure 3-18: Delete a network interface and an ECC


protection group
When to use

Use this procedure to delete a network interface and an ECC protection group. This puts
all member channels of the ECC protection group to the non-terminated state, disables
data communication on those channels, and frees all ECC resources previously held by
those channels.
Related TL1 commands

The following TL1 commands are related to this procedure:

DLT-NETIF

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


Network Interfaces.
...................................................................................................................................................................................................

Select the NETIF you want to delete.


...................................................................................................................................................................................................

Then select Delete, either by selecting Action from the main menu bar or by using the
context menu opened with the right mouse button.
Result: The Delete Network Interface window opens.
...................................................................................................................................................................................................

Click on Yes.

....................................................................................................................................................................................................................................
1830 PSS
3-73
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-18: Delete a network interface and an ECC


protection group

....................................................................................................................................................................................................................................

Result: The Network Interface with all protection members is deleted.


E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-74
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-19: Create an IP-in-IP tunnel

....................................................................................................................................................................................................................................

Procedure 3-19: Create an IP-in-IP tunnel


When to use

Use this procedure to establish IP-in-IP Tunnels (IPIPT) between NEs and towards
Network Management System. The IP tunnels are basically uni-directional and have to be
created from each side to get a bi-directional tunnel.
IP-in-IP tunnel

This function allows NEs to build Out-of-band protection links for In-Band (ECC) links
used by the control plane, or to tunnel management traffic through parts of the External
DCN topology, which are under different administrative control. The NE supports GRE
encapsulation according to RFC2784 and IP-in-IP encapsulation according to RFC2003.
The encapsulation method used on a tunnel can be defined and retrieved respectively
using this procedure.
The remote endpoint of the IP-in-IP tunnel can be specified and retrieved as the IP
address of the remote NE respectively via the ENT-NE-IPIPT and RTRV-NE-IPIPT
commands.
The local and remote endpoint addresses are the addresses used as source and destination
IP addresses in the outer delivery IP header of the encapsulated packet.
Local interface address

The local interface address is the address, which is used as source IP address in the
inner/payload IP header of locally originated packets, which are sent via the tunnel.
For this purpose either the IP address is used to which the service is bound that is using
the tunnel or in all other cases the NE loopback address is used that was specified in
Procedure 3-3: Set the FLC IP Addresses of the NE (p. 3-31).
The loopback IP address is the local IP address for all unnumbered interfaces and must be
configured first, before any tunnel can be configured.
IP routing

The IP routing for IP-in-IP tunnels is:

Static, by specifying a static route


Dynamic, by using OSPF.

When OSPF is used, it shall be possible to assign the tunnel interface to any of the OSPF
areas configured on the NE. If no additional area is configured then the backbone area
(0.0.0.0) is used by default. The IP-in-IP tunnel can be configured to be bound to a

....................................................................................................................................................................................................................................
1830 PSS
3-75
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-19: Create an IP-in-IP tunnel

....................................................................................................................................................................................................................................

customer LAN interface. If an IP-in-IP tunnel is bound to a LAN interface, it is to be


ensured, that packets, which are sent via the tunnel, will leave the NE only via the
specific LAN interface.
Related TL1 commands

The following TL1 commands are related to this procedure:

ENT-NE-IPIPT
RTRV-NE-IPIPT

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


IP-in-IP Tunnel.
Then select Create Interface either by selecting Action from the main menu bar or by
using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Create IP-in-IP Tunnel window opens.
...................................................................................................................................................................................................

Using the AID text box, the identifier of the specific IP-in-IP tunnel can be modified.
Note: The AID value will be pre-populated with the next available AID. Can be
changed, but usually not necessary
...................................................................................................................................................................................................

Place the cursor in the Local Tunnel Endpoint IP Address text box, then type in the IP
Address of the Local Tunnel Endpoint.

....................................................................................................................................................................................................................................
1830 PSS
3-76
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-19: Create an IP-in-IP tunnel

....................................................................................................................................................................................................................................

Additional info The local tunnel endpoint address has to be identical to the local NE

address. Use the active FLC IP address.


...................................................................................................................................................................................................

Place the cursor in the Remote Tunnel Endpoint IP Address text box, then type in the IP
Address of the Remote Tunnel Endpoint.
...................................................................................................................................................................................................

In the field Encapsulation Type specify the way of encapsulating IP packets in IP


packets.

GRE

Generic Routing Encapsulation according to RFC2784.

IPINIP

IP-in-IP encapsulation. Encapsulation is according to RFC2003.


...................................................................................................................................................................................................

Using the field Bound 2 LAN, select LAN to which the tunnel is bound.
The only possible value is LAN-OAMP.
...................................................................................................................................................................................................

Using the field Alarm Profile you can reference to an existing IPIPT related Alarm
Severity Assignment Profile instance.
...................................................................................................................................................................................................

Make sure that the settings in the Create IP-in-IP Tunnel window are correct and
corresponds to the settings of the remote tunnel endpoint.
...................................................................................................................................................................................................

Click Apply.
Result: The IP-in-IP tunnel is created.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-77
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-20: Set the alarm severity profile of an IP-in-IP


tunnel

....................................................................................................................................................................................................................................

Procedure 3-20: Set the alarm severity profile of an IP-in-IP


tunnel
When to use

Use this procedure to set the alarm severity profile of an IP-in-IP tunnel.
Related TL1 commands

The following TL1 commands are related to this procedure:

ED-NE-IPIPT
RTRV-NE-IPIPT

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,

Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree selectSystem Networking


IP-in-IP Tunnel.
...................................................................................................................................................................................................

Select the respective IP-in-IP tunnel.


Then select Properties Alarm Severity - Set either by selecting Action from the main
menu bar or by using the context menu opened with the right mouse button.
Result: The Alcatel-Lucent 1830 PSS ZIC Edit Alarm Profile Pointer window opens.
...................................................................................................................................................................................................

Using the field Alarm Profile you can reference to an existing IPIPT related Alarm
Severity Assignment Profile instance.
...................................................................................................................................................................................................

Make sure that the settings in the Edit Alarm Profile Pointer window are correct.

....................................................................................................................................................................................................................................
1830 PSS
3-78
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-20: Set the alarm severity profile of an IP-in-IP


tunnel

....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

Click Apply.
E...................................................................................................................................................................................................
N D O F S T E P S

....................................................................................................................................................................................................................................
1830 PSS
3-79
8DG-61259-AAAA-TCZZA Release 6.0.0
Issue 1 June 2013

Data communication setup procedures


OCS Setup procedures

Procedure 3-21: Delete an IP-in-IP tunnel

....................................................................................................................................................................................................................................

Procedure 3-21: Delete an IP-in-IP tunnel


When to use

Use this procedure to delete an IP-in-IP Tunnels (IPIPT) between NEs.


Related TL1 commands

The following TL1 commands are related to this procedure:

DLT-NE-IPIPT

RTRV-NE-IPIPT

Before you begin

Prior to performing this task, you must:

Have a valid user login and password,


Be connected to the subject NE,
Have proper User Community Authorization Level to perform this task.

Required equipment

The following equipment is required to perform this task:

Alcatel-Lucent 1830 PSS ZIC

Instructions
...................................................................................................................................................................................................

In the Alcatel-Lucent 1830 PSS ZIC selection tree select System Networking
IP-in-IP Tunnel.
...................................................................................................................................................................................................

Select the IP-in-IP Tunnel you want to delete.


...................................................................................................................................................................................................

Then select Delete, either by selecting Action from the main menu bar or by using the
context menu opened with the right mouse button.
Result: The Delete IP-in-IP Tunnel window opens.
...................................................................................................................................................................................................

Click on Yes.
Result: The IP-in-IP Tunnel is deleted.
E.................................................................................................