Tuesday, September 28, 2021

How to test 1+1 Protection of the Cross-Connect Board and Clock Board for OptiX OSN 8800?

1+1 protection is configured by using the cross-connect board and clock board. This section describes how to test the 1+1 protection switching of the cross-connect board and clock board, thus ensuring that the protection switching is normal.

Prerequisites

For the OptiX OSN 8800 T16, slots 9 and 10 must house the high cross-connection, system control and clock processing board.

For the OptiX OSN 8800 T32, slots 9 and 10 must house the cross-connect board.

For the OptiX OSN 8800 T64, slots 9 and 43 (or slots 10 and 44) must house the cross-connect board.

For the OptiX OSN 8800 T32, slots 42 and 44 must house the clock board.

For the OptiX OSN 8800 T64, slots 75 and 86 must house the clock board.

The NE commissioning data must be configured.

Tools, Equipment, and Materials

NMS

Procedure

  1. Double click the ONE icon on the Physical Map, and the NE Panel tab is displayed.
  2. Right-click the NE icon and choose NE Explorer.
  3. Choose Configuration > Board 1+1 Configuration. Click Query. The queried Active Board should be the same as the Working Board.


    For the OptiX OSN 8800 T16, Working Board is the cross-connection, system control and clock processing board in slot 9, and Protection Board is the cross-connection, system control and clock processing board in slot 10. Active Board is the cross-connection, system control and clock processing board that is actually working.

    For the OptiX OSN 8800 T32, Working Board is the cross-connect board in slot 9, and Protection Board is the cross-connect board in slot 10.Active Board is the cross-connect board that is actually working.

    For the OptiX OSN 8800 T64, Working Board is the cross-connect board in slot 9 or 10, and Protection Board is the cross-connect board in slot 43 or 44. Active Board is the cross-connect board that is actually working.

    For the OptiX OSN 8800 T32, Working Board is the clock board in slot 42, and Protection Board is the clock board in slot 44. Active Board is the clock board that is actually working.

    For OptiX OSN 8800 T64, Working Board is the clock board in slot 75, and Protection Board is the clock board in slot 86. Active Board is the clock board that is actually working.

  4. Select Cross-Connect Board 1+1 Protection or Clock 1+1 Protection, and then click Working/Protection Switching. In the Microsoft Internet Explorer dialog box that is displayed, click OK. In the Operation Result dialog box that is displayed, click Close.

    When you select the cross-connect board or the clock board for switching, the cross-connect board and the clock board perform switching at the same time.

  5. Repeat step 3 to perform the query. The queried Active Board should be the same as the Protection Board.
  6. Select Cross-Connect Board 1+1 Protection or Clock 1+1 Protection, and then click Restore Working/Protection. In the Confirm dialog box that is displayed, click OK. In the Operation Result dialog box that is displayed, click Close.

    When you select the cross-connect board or the clock board for switching, the cross-connect board and the clock board perform switching at the same time.

    The 1+1 protection switching on the cross-connect boards and clock boards is non-revertive. When Protection Board becomes Active Board, restore the cross-connect boards and clock boards to the original working/protection state by removing the protection board, or by clicking Restore Working/Protection on the NMS.

  7. Repeat step 3 to perform the query. The queried Active Board should be the same as Working Board.
Posted by at No comments:
Labels: , ,

Friday, September 10, 2021

RADIUS, LDAP, HWTACACS, TACACS+ which one do I choose?

As one of the most important parts of the authentication network, the authentication server is responsible for the users' login information, usually the combination of username and password, verification. It can be said the authentication server is the most important barrier to keep illegal users from accessing. In this article, the most widely used authentication server, including RADIUS, LDAP, HWTACACS, and TACACS+, will be discussed.

authentication protocol

Figure 1: Authentication protocol selection

RADIUS

The RADIUS is a standard protocol that uses UDP 1812 for authentication and authorization, and UDP 1813 for accounting. As the most used authentication protocol, the most advantage of RADIUS is its standardization. RADIUS is normalization in RFC 2865, as the OSPF does, the RFC document restricts the vendors to use the unified communication mechanism for the protocol programming so that the RADIUS can be used between various vendors' devices. In other words, users are able to make a choice between different vendors, rather than binding with the specific vendor.

RADIUS uses the TLV packet structure to carry the information. For example, RADIUS uses the attribute User-Name, which length ranges from 1 byte to 253 bytes, to deliver the login user's account. Due to this TLV packet structure, RADIUS provides a flexible packet encapsulation, that allows the vendors to extend the protocol themselves. For example, Huawei extends the standard RADIUS attributes Vendor-Specific to deliver more private information, such as HW-Policy-Route, it specifies the next-hop address in the policy-based routing.

radius protocol

Figure 2 The RADIUS attributes

As we introduced, RADIUS uses the UDP 1812 for the authentication and authorization, in other words, RADIUS is not able to implement the authorization and authentication in different servers, this is totally different from the HWTACACS or TACACS+.

Despite the RADIUS advantages, the most disadvantage of RADIUS is the password field encryption only in the packets, which would lead to the user's information leakage.

LDAP

Before discussing the LDAP authentication, we'll introduce the LDAP firstly.

LDAP, short for Lightweight Directory Access Protocol, is an open, standard, and platform-crossing application protocol that is used for the distributed directory information service maintenance. It is transmitted through the HTTPS. The LDAP server which stores the data is quite different from the traditional database, unlike a table, the LDAP server stores the data in a tree structure, which is similar to the MIB and OID. Simply, the DN, distinguished name, marks the entrance of the query operation. When the DN is specified, the LDAP server will search the LDAP database according to the OU, organization unit, to get the wanted data.

LDAP

Figure 3: LDAP directory tree structure

In this kind of store, the data querying could be much faster than the other database. On the contrary, the data insertion is not the advantage of the LDAP server, actually, the data insertion is not a key index that the authentication service requires.

The same as the RADIUS, LDAP is also a standard protocol. On the other hand, since the LDAP is based on HTTPS, that means the transferring data could be encrypted and this makes the LDAP much safer than the RADIUS does.

When using the LDAP server for the authentication, the network device delivers the username and password to the LDAP server, and the server will search the LDAP directory tree for verification.

HWTACACS

HWTACACS is a private authentication protocol released by Huawei, Unlike the RADIUS, HWTACACS separates the authentication and authorization, which means authentication, authorization, and accounting can be implemented on different servers. But the private protocol limits the other vendors and manufacturers from using this protocol. On the other hand, HWTACACS supports the command recording to record the executed commands on the HWTACACS server for the accounting.

TACACS+

As one of the most important vendors, Cisco optimizes its TACACS and published the TACACS+. The TACACS+ is a private authentication protocol, which uses TCP 49 for transmission. And the most important disadvantage of this protocol is the protocol privateness, which means it can not be used by other vendors and manufacturers. The same as the HWTACACS, TACACS+ also provides independent authentication, authorization, and accounting.


If you have other questions about Huawei or Cisco switch, you can contact our supports@thunder-link.com.


More related:

LST7X48SX6S0


S12700E-4
S5721-28X-SI-24S-AC


Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)