Table of Contents

SYSTEM MANAGEMENT GUIDE

Preface

Preface

About This Guide

Audience

List of Technical Publications

Searching for Information

To search for specific information in this guide

To search for specific information in multiple documents

Technical Support

Getting Started

In This Chapter

Alcatel-Lucent 7750 SR Router Configuration Process

Security

In This Chapter

In This Chapter

Authentication, Authorization, and Accounting

Authentication

Local Authentication

RADIUS Authentication

RADIUS Server Selection

Direct Mode

Round-Robin Mode

Server Reachability Detection

Application Specific Behavior

TACACS+ Authentication

Authorization

Local Authorization

RADIUS Authorization

TACACS+ Authorization

Examples

Accounting

RADIUS Accounting

TACACS+ Accounting

Security Controls

When a Server Does Not Respond

Access Request Flow

CPU Protection

CPU Protection Extensions ETH-CFM

ETH-CFM Ingress Squelching

Distributed CPU Protection (DCP)

Applicability of Distributed CPU Protection

Log Events, Statistics, Status and SNMP support

DCP Policer Resource Management

Operational Guidelines and Tips

Vendor-Specific Attributes (VSAs)

Other Security Features

Secure Shell (SSH)

SSH PKI Authentication

Key Generation

Per Peer CPM Queuing

CPM Filters and Traffic Management

TTL Security for BGP and LDP

Exponential Login Backoff

User Lockout

Encryption

802.1x Network Access Control

TCP Enhanced Authentication Option

Packet Formats

Keychain

Configuration Notes

General

Configuring Security with CLI

Setting Up Security Attributes

Configuring Authentication

Configuring Authorization

Configuring Accounting

Security Configurations

Configuration Tasks

Security Configuration Procedures

Configuring Management Access Filters

Configuring CPM Filters Policy

Configuring IPv6 CPM Filters

Configuring CPM Queues

IPSec Certificates Parameters

Configuring Profiles

Parameters

Wildcards

CLI Session Resource Management

Configuring Users

Configuring Keychains

Copying and Overwriting Users and Profiles

User

Profile

RADIUS Configurations

Configuring RADIUS Authentication

Configuring RADIUS Authorization

Configuring RADIUS Accounting

Configuring 802.1x RADIUS Policies

Configuring CPU Protection Policies

TACACS+ Configurations

Enabling TACACS+ Authentication

Configuring TACACS+ Authorization

Configuring TACACS+ Accounting

Enabling SSH

Configuring Login Controls

Security Command Reference

Command Hierarchies

Configuration Commands

Security Commands

LLDP Commands

Management Access Filter Commands

CLI Script Authorization Commands

CPM Filter Commands

CPM Queue Commands

CPU Protection Commands

Distributed CPU Protection Commands

Security Password Commands

Public Key Infrastructure (PKI) Commands

Profile Commands

CLI Session Commands

RADIUS Commands

SSH Commands

TACPLUS Commands

User Commands

User Template Commands

Dot1x Commands

Keychain Commands

TTL Security Commands

Login Control Commands

Show Commands

Security

Login Control

Clear Commands

Debug Commands

Tools Commands

Configuration Commands

General Security Commands

LLDP Commands

Login, Telnet, SSH and FTP Commands

Management Access Filter Commands

Password Commands

Public Key Infrastructure (PKI) Commands

Profile Management Commands

User Management Commands

CLI Session Management Commands

RADIUS Client Commands

TACACS+ Client Commands

Generic 802.1x COMMANDS

Keychain Authentication

CLI Script Commands

CPM Filter Commands

CPM Queue Commands

TTL Security Commands

CPU Protection Commands

Distributed CPU Protection Commands

Show Commands

Security Commands

Login Control

Clear Commands

CPU Protection Commands

Debug Commands

Tools Commands

Admin Commands

SNMP

In This Chapter

In This Chapter

SNMP Overview

SNMP Architecture

Management Information Base

SNMP Protocol Operations

SNMP Versions

Management Information Access Control

User-Based Security Model Community Strings

Views

Access Groups

Users

Per-VPRN Logs and SNMP Access

Per-SNMP Community Source IP Address Validation

Which SNMP Version to Use?

Configuration Notes

General

Configuring SNMP with CLI

SNMP Configuration Overview

Configuring SNMPv1 and SNMPv2c

Configuring SNMPv3

Basic SNMP Security Configuration

Configuring SNMP Components

Configuring a Community String

Configuring View Options

Configuring Access Options

Configuring USM Community Options

Configuring Other SNMP Parameters

SNMP Command Reference

Command Hierarchies

Configuration Commands

SNMP System Commands

SNMP Security Commands

Show Commands

Configuration Commands

SNMP System Commands

SNMP Security Commands

Show Commands

NETCONF

In This Chapter

In This Chapter

NETCONF Overview

NETCONF Introduction

NETCONF in SR OS

YANG Data Models

Transport and Sessions

NETCONF Operations

<get>

<get-config>

<edit-config>

<copy-config> and <delete-config>

<validate>

Datastores and URLs

General NETCONF behavior

System Provisioned Configuration (SPC) Objects

Establishing a NETCONF Session

XML Content Layer

<edit-config> with XML Content Layer

<get-config> with XML Content Layer

XML Content Layer Examples

CLI Content Layer

CLI Content Layer Examples

NETCONF Command Reference

Command Hierarchies

Configuration Commands

NETCONF System Commands

NETCONF Security Commands

Show Commands

Configuration Commands

NETCONF System Commands

Show Commands

NETCONF System Commands

Event and Accounting Logs

In This Chapter

In This Chapter

Logging Overview

Log Destinations

Console

Session

Memory Logs

Log Files

SNMP Trap Group

Syslog

Event Logs

Event Sources

Event Control

Log Manager and Event Logs

Event Filter Policies

Event Log Entries

Simple Logger Event Throttling

Default System Log

Event Handling System

Accounting Logs

Accounting Records

Accounting Files

Design Considerations

Reporting and Time-Based Accounting

Overhead Reduction in Accounting: Custom Record

User Configurable Records

Changed Statistics Only

Configurable Accounting Records

XML Accounting Files for Service and ESM-Based Accounting

RADIUS Accounting in Networks Using ESM

Significant Change Only Reporting

Immediate Completion of Records

Record Completion for XML Accounting

AA Accounting per Forwarding Class

Configuration Notes

Configuring Logging with CLI

Log Configuration Overview

Log Types

Basic Event Log Configuration

Common Configuration Tasks

Configuring an Event Log

Configuring a File ID

Configuring an Accounting Policy

Configuring Event Control

Configuring Throttle Rate

Configuring a Log Filter

Configuring an SNMP Trap Group

Setting the Replay Parameter

Shutdown In-Band Port

No Shutdown Port

Configuring a Syslog Target

Configuring an Accounting Custom Record

Log Management Tasks

Modifying a Log File

Deleting a Log File

Modifying a File ID

Deleting a File ID

Modifying a Syslog ID

Deleting a Syslog

Modifying an SNMP Trap Group

Deleting an SNMP Trap Group

Modifying a Log Filter

Deleting a Log Filter

Modifying Event Control Parameters

Returning to the Default Event Control Configuration

Log Command Reference

Command Hierarchies

Log Configuration Commands

Accounting Policy Commands

Custom Record Commands

File ID Commands

Event Filter Commands

Event Handling System (EHS) Commands

Event Trigger Commands

Log ID Commands

SNMP Trap Group Commands

Syslog Commands

Show Commands

Clear Command

Configuration Commands

Generic Commands

Log File Commands

Log Filter Commands

Log Filter Entry Commands

Log Filter Entry Match Commands

Event Handling System (EHS) Commands

Event Trigger Commands

Syslog Commands

SNMP Trap Groups

Accounting Policy Commands

Show Commands

Clear Commands

sFlow

In This Chapter

In This Chapter

sFlow Overview

sFlow Features

sFlow Counter Polling Architecture

sFlow Support on Logical Ethernet Ports

sFlow SAP Counter Map

sFlow Record Formats

sFlow Command Reference

Command Hierarchies

System Commands

Show Commands

Configuration Commands

sFlow System Commands

Show Commands

Facility Alarms

In This Chapter

In This Chapter

Facility Alarms Overview

Facility Alarms vs. Log Events

Facility Alarm Severities and Alarm LED Behavior

Facility Alarm Hierarchy

Facility Alarm List

Configuring Logging with CLI

Basic Facility Alarm Configuration

Common Configuration Tasks

Configuring the Maximum Number of Alarms To Clear

Facility Alarms Command Reference

Command Hierarchies

Facility Alarm Configuration Commands

Show Commands

Configuration Commands

Generic Commands

Show Commands

Standards and Protocol Support