E5-400 R2.1 User Guide#220-00487, Rev. 10
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Contents
Introducing the Calix E5-400
..................................................................................
10
About the E5-400 Interfaces
...................................................................................
13
About the E5-400 Command-Line Interface (CLI)
........................................... 13 About the E5-400 Web
Interface
.....................................................................
17
Connecting to the E5-400
........................................................................................
19
Connecting a PC to the E5-400
......................................................................
20 Logging In to the E5-400 Web Interface
......................................................... 23
Logging In to the E5-400 Command-Line Interface (CLI)
............................... 25
Configuring the E5-400 Management Interface
..................................................... 28
Configuring the Front Craft Ethernet Port
....................................................... 29
Configuring the Rear Craft Ethernet Port
........................................................ 31
Configuring the In-Band Management Interface
............................................. 33 Viewing the Craft
Serial Port
...........................................................................
35
Performing Initial System Turn-Up
........................................................................
36
Using the E5-400 System Turn Up Tool
......................................................... 37
Provisioning Basic E5-400 System Settings
................................................... 43
Managing an E5-400 in CMS
...................................................................................
46
Adding an E5-400 Node to CMS
.....................................................................
46 Creating a Graphical Link Between Calix Devices
.......................................... 48 Viewing or Modifying
E7 and E5-400 Platform Details ....................................
49 Modifying the E5-400 Default User Name or Password
.................................. 51
Chapter 2: E5-400 System Administration ..........................
53
Managing System User Accounts
..........................................................................
54
Creating a System User Account
....................................................................
54 Modifying a System User Account
..................................................................
56 Changing System User
Passwords.................................................................
56
4
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuring SNMP Management
............................................................................
58
Configuring the SNMP Agent Port
..................................................................
59 Managing SNMPv3 User Accounts
.................................................................
59 Creating an SNMP Community
.......................................................................
62 Configuring an SNMP Trap Destination
.......................................................... 63
Configuring Secure System Access
......................................................................
66
Adding a System RADIUS Server
...................................................................
67 Modifying the RADIUS Server Parameters
..................................................... 68
Configuring the RADIUS Client
.......................................................................
69 Deleting a System RADIUS Server
.................................................................
70
Performing Backup and Restore Operations
........................................................ 71
Backing Up the System Database
..................................................................
71 Restoring a Backup Database
........................................................................
74 Scheduling an E5-400 Node Backup
..............................................................
77
Upgrading System Software
...................................................................................
80
Performing a System Software Upgrade
......................................................... 80
Performing a System Software Revert
............................................................
86
Rebooting the System
.............................................................................................
88
Creating Policies for Quality of
Service.................................................................
90
Creating a Class Map and Rules
....................................................................
91 Creating a Policy Map and
Policies.................................................................
93
Creating Service Profiles
........................................................................................
96
Creating a Class of Service CoS Queue
......................................................... 96
Creating an Ethernet Port GOS Profile
...........................................................
98
Configuring an Ethernet or LAG Interface
...........................................................
100
Configuring an Ethernet Port
...............................................................................
110
Bulk Modifying Ethernet Ports
.............................................................................
115
Creating an ERPS Domain
....................................................................................
116
Creating VLANs
.....................................................................................................
121
Creating an IGMP
Profile.......................................................................................
128
5
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Provisioning VLAN Ranges
..................................................................................
133
Creating VLAN Memberships
...............................................................................
136
Configuring RSTP Settings
...................................................................................
143
Configuring Transport & Aggregation Support
.................................................. 148
Ethernet Transport Applications
....................................................................
149 E5-400 Redundant Link Applications
............................................................ 156
Ethernet Uplink Applications
.........................................................................
161 Ethernet Downlinks for Aggregation Applications
......................................... 168 Ethernet Business
Service Applications
........................................................ 175
Chapter 5: System Maintenance and Troubleshooting .... 181
Configuring Ethernet Port Mirroring
....................................................................
182
Configuring a VLAN Monitor
................................................................................
185
Configuring a Syslog Server
................................................................................
186
Configuring Interface Quality Audit
.....................................................................
189
Digital Diagnostics Monitoring
.............................................................................
191
Monitoring E5-400 Performance Data
..................................................................
192
Viewing Ethernet Port Performance Data
..................................................... 193 Viewing
ERPS Domain Performance Data
................................................... 195 Viewing
Ethernet Port Statistics
....................................................................
197 Viewing ERPS Statistics
...............................................................................
199 Viewing IGMP Statistics
................................................................................
201
Viewing Notification Logs
.....................................................................................
203
Element Alarms
............................................................................................
205 Environmental Alarms
...................................................................................
221 Events
...........................................................................................................
233
6
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Troubleshooting
....................................................................................................
238
In-Band Management System Lockout
......................................................... 239 Log
In Connection
.........................................................................................
240 Abort Script
...................................................................................................
241 User Password
.............................................................................................
242 SNMP Communication
..................................................................................
243 Network Connection to Host
.........................................................................
244 Recovering a Database
................................................................................
245 Recovering the Software
...............................................................................
249 Resetting the Database to Factory Defaults
................................................. 250 Recovering
from a System Lock-out
.............................................................
251
7
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
About This Guide
The Calix E5-400 platforms have an embedded graphical user
interface that operates on a standard web browser, enabling
management access via local or remote TCP/IP connections. This
document describes how to perform all system management and
operational functions using the Calix E5-400 web interface. The
E5-400 shares a common architecture and features set with the Calix
E5-312 Active Ethernet (AE) platform. For simplicity, this document
refers to E5-400 only, as the E5-312 is very similar to the
E5-400.
Intended Audience
This document is intended for personnel responsible for turning up
and managing carrier network systems and services. This document
assumes that the user's PC is equipped with a supported web browser
(Internet Explorer or Firefox) and that the user is familiar with
using a web browser. Familiarity with datacom, telecom, and
standards-based Ethernet technologies and conventions is
recommended.
Related Documentation
The Calix E5-400 documentation set includes:
Calix E5-400 Installation Guide Calix E5-400 User Guide Calix
E-Series CLI Reference Calix E7 and E5-400 Software Upgrade Guide
Calix E-Series Engineering and Planning Guide Calix E5-400 Quick
Start Guide Calix CMS Guide
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Chapter 1
Getting Started with the Calix E5-400
This section introduces the Calix E5-400 platform and its web
interface for system management. This section also provides
instructions for initial system turn-up and how to configure the
management interface ports.
Note: For instructions on how to install the E5-400 hardware and
connect physical network interfaces, see the Calix E5-400
Installation Guide.
Topics Covered
This section covers the following topics:
Introducing the Calix E5-400 About the E5-400 web interface
Connecting to the Calix E5-400 Configuring the E5-400 management
interface Performing initial system turn-up Managing the E5-400 in
CMS
10
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Introducing the Calix E5-400 The Calix E5-400 transport and
aggregation platform is a compact (1 RU), environmentally hardened
Ethernet switching platform that delivers scalable, high-bandwidth
Ethernet services. The E5-400 is fully hardened for maximum
deployment flexibility, and supports standards-based Ethernet
technologies such as 10GE, NxGE, and GE transport (ERPS) and
aggregation (LAG/RSTP), as well as point-to-point Ethernet or
high-capacity Ethernet business service delivery.
The E5-400 provides multiple layers of protection to ensure network
flexibility and redundancy. These include ITU G.8032-aligned
Ethernet ring protection switching (ERPS), IEEE 802.1w rapid
spanning-tree (RSTP), and IEEE 802.3ad link aggregation (LAG). ERPS
creates a fault-tolerant network topology; RSTP maximizes redundant
link flexibility; link aggregation streamlines bandwidth
expansion.
Front View of E5-400 Chassis
The E5-400 is a complementary extension to the Calix C7
multiservice access platform (MSAP), the E5-100 Ethernet service
platforms (ESPs) and the F5 GPON OLT platform.
The E5-400 provides the following standard services:
Transport of Ethernet traffic across standards-based
point-to-point, star and ring network topologies
Aggregation of Calix products' IP voice, video, and data traffic
onto Ethernet-based transport network(s)
Aggregation of 3rd party IP DSLAM platforms Delivery of
point-to-point Ethernet business services Delivery of ONT based
last mile Ethernet business or subscriber services
Calix E5-400 features The key Calix E5-400 system features are
described below.
Ethernet line interfaces: The E5-400 front panel is equipped with
the following Ethernet line interfaces:
(12) GE Small Form-Factor Pluggable (SFP) ports (SFP1 to
SFP12)
(2) 10GE SFP+ ports (SFP+1 and SFP+2)
(2) 10GE XFP ports (XFP1 and XFP2)
11
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Each port has a single LED to indicate an established link and data
traffic activity.
See the following Calix Quick Tip bulletins on the Calix website
for information on the support for SFP modules and direct attach
cables:
Calix Equipment Support for SFP Modules Pairing Bidirectional SFPs
to Support Single-Fiber Ethernet Links
High-capacity uplinks: You can configure any of the GE or 10GE
ports as network uplinks (trunk links). With the use of 802.3ad
Link Aggregation Protocol, you can combine multiple GE ports to
provide uplink bandwidths from 1 to 12 Gbps, based on the number of
ports (NxGE) included in the link aggregation group.
High-capacity downlinks: You can configure any of the GE or 10GE
ports as downlinks (edge links) to subtended devices, including
Calix C7, E5-100, or F5 systems.
Management ports: The E5-400 has the following ports available for
device management:
Out-of-band management ports, available from 10/100 Fast Ethernet
(FE) ports located on the front and rear panels. The front FE port
is accessible via an RJ-45 port located on the front panel; the
rear FE port is accessible via wire-wrap pins on the rear
panel.
In-band management port, available from any Ethernet line interface
linked to the management VLAN
RS-232 serial management port, accessible via wire-wrap pins on the
rear panel.
Fan module: The E5-400 fan tray module cools the chassis to allow
reliable operation in all environments. The fan tray module also
hosts the front Ethernet management port, Alarm Cutoff (ACO), and
alarm LEDs.
Power inputs: The E5-400 is equipped with dual power inputs to
support redundant – 48VDC power feeds (A and B), switching between
them when one source fails.
Alarm inputs and outputs: The E5-400 supports four input alarms and
four configurable input/output alarms, located on the rear
panel.
Operational LEDs: The E5-400 is equipped with the following LED
operational indicators:
Ethernet line LEDs - Located at each SFP/SFP+/XFP slot on the front
panel; indicate when an Ethernet link is established (green) and
when passing traffic (orange).
Status LEDs - Located on the fan module front panel; indicate
management link operation.
Alarm LEDs - Located on the fan module front panel; indicate
critical, major, and minor alarms.
12
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
System management: The E5-400 provides the following user
interfaces for system management:
Command-line interface (CLI) - Embedded CLI that supports local or
remote access. See Calix E-Series CLI User Guide for more
information.
Web interface - Embedded graphical user interface (GUI) that
operates on a standard web browser for local or remote access (as
described in this document).
The Calix Management System (CMS) supports E5-400 auto-discovery
integration for element management and alarm aggregation.
13
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
About the E5-400 Interfaces
This section describes the Calix E5-400 command-line interface
(CLI) and web interface that are available for system management
access via local or remote TCP/IP connections and local console
connections.
Another available interface is the Calix Management System (CMS)
which is a client/server application that provides a graphical user
interface for managing multiple Calix nodes.
About the E5-400 Command-Line Interface (CLI)
This topic describes the CLI environment and operation. Detailed
information about using the CLI commands appears in subsequent
sections. See the Calix E7/E5-400 Command-Line Interface (CLI)
Reference for a comprehensive list of available commands.
Command assistance
The E5-400 offers command interactive help, command completion and
history, as well as the ability to recognize abbreviations. As you
type, the following keys can assist you with specifying the command
you want:
The ? key displays the interactive help that is a list of valid
keywords or values, along with brief descriptions. This helps new
users learn the system as they use it.
The and arrows allow access and use of previous commands. The
Ctrl+P key combination accesses the previous command. The Ctrl+N
key combination accesses the next command. The Tab key expands a
partially typed keyword and completes commands when unique
abbreviations are recognized by the system. These features allow
experienced users to administer system control with a minimum of
typing.
The and arrows allow editing in the current line. The Ctrl+A key
combination moves the cursor to the beginning of the line. The
Ctrl+C key combination cancels commands that have more than one
step. For
example, prompting for a password. The Ctrl+E key combination moves
the cursor to the end of the line. The Ctrl+B key combination moves
the cursor back a space. The Ctrl+F key combination moves the
cursor forward a space. The Ctrl+U key combination erases text from
the cursor to the beginning of the line. The Ctrl+K key combination
erases text from cursor to the end of the line.
14
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Command syntax
The straight-forward command syntax has the following rules:
The E5-400 commands are “imperative,” meaning they start with a
verb and instruct the system to perform some action.
For commands that have optional parameters, you can specify them in
any order or omit any that are unnecessary.
When naming a database backup file, only use the following
acceptable characters: letters, digits, underscore, and dash.
When restoring a backup database file from a Windows-based server,
use a forward slash (/) as a path separation character when working
with FTP application operations.
When referencing an entity name that has spaces, use quotation
marks around the entity name. For example, use "Test 123" to
enclose the name Test 123.
Note: If you type an invalid string—for example, the name of a
command or statement that does not exist—the message “Invalid input
detected at '^' marker” appears. The caret (^) indicates where the
error is located.
Displaying valid keywords
The CLI provides the ability to display a list of valid keywords at
the current level. This section presents some examples of how to
evoke lists of particular command keywords and corresponding
information.
Example 1:
Type "?" at the prompt and press Enter to see a list of the
first-level commands available.
Possible commands:
clear Clear system diagnostic information.
commit Commit to a software version.
create Create system equipment and service objects.
delete Deletes system components.
disable Disable system equipment and service objects.
enable Enable system equipment and service objects.
exit Logout from this session.
extract Extract system data to server.
help Ask for help.
logout Logout from this session.
ping Ping another host.
reboot Reboot shelf, using the current software version.
remove Remove items from a collection.
15
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
reset Reset system components.
revert Revert to a software version.
set Configure system equipment and service objects.
show Show attributes of equipment and service objects.
snapshot Captures the current system database.
switch Switch to the loaded database.
telnet Start a telnet session to another host.
traceroute Find the route to another host.
turn-up Starts the interactive turn-up tool.
upgrade Upgrade system components.
Example 2:
Type clear ? to see a list of all possible completions for the
clear command.
Possible completions:
stats Clear cumulative statistics.
Example 3:
Type clear log ? to see a list of all possible completions for the
clear log command.
Possible completions:
dbchange Clear the database change log.
event Clear the event log.
security Clear the security log.
tca Clear the TCA log.
Displaying configuration settings
The CLI also provides information on the current configuration
settings and performance monitoring data for the E5-400. This
section presents an example of how to evoke lists of particular
information.
Example 4:
Type show interface <interface name> and press Enter to list
the current configuration settings for the specific Ethernet port
interface.
Note: For E7, you can specify the name of a LAG interface, a card
number, or a card/Ethernet port specification. For example, 2/g1.
Permitted values for the port type are "g" (for Gigabit Ethernet)
or "x" (for 10-Gigabit Ethernet).
16
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuration settings shown:
Example 5:
Type show ? to see all of the possible sets of configuration
parameters.
17
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
About the E5-400 Web Interface
The Calix E5-400 supports an embedded graphical user interface that
operates on a standard web browser. The web browser format allows
for management access via local or remote TCP/IP connections. You
can perform all system management and operational functions from
the web interface.
Note: The E5-400 also supports an embedded command line interface
(CLI) for system management. See the Calix E-Series Command Line
Interface (CLI) Reference for CLI usage information.
User PC system requirements
Calix recommends using a computer equipped with the following
minimum hardware and software to access the E5-400 web
interface:
PC Hardware 400 MHz (or higher) Pentium-compatible computer Minimum
of 256 MB of memory (RAM) 1024 x 768 pixels minimum recommended
screen resolution
Operating System Windows XP Windows 2000
Web Browser MS Internet Explorer 7.0 and above (JavaScript enabled)
Mozilla Firefox 3.5 and above (JavaScript enabled)
18
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
E5-400 web interface design
The E5-400 web interface is comprised of three functional areas
(frames), defined as follows:
1 Navigation Tree: Displays the physical and logical elements of
the system. The E5-400 chassis is at the highest level, with its
fan tray, physical Ethernet ports, and logical sub-interfaces
(VLANs, logical Ethernet ports) at the next level. Click an object
on the navigation tree to display its attributes in the main window
(Work Area).
2 Work Area: Displays information and attributes about objects
selected on the Navigation Tree. View and modify settings in the
Work Area, which includes overhead tabs and sub-tabs for displaying
more specific functions for the selected category.
3 Alarm Status Area: Displays a table of all standing alarms,
events, and threshold events, and includes a color-coded status
monitor.
E5-400 web interface controls
The E5-400 web interface's basic operational controls are performed
as follows:
Click an object on the navigation tree to display its attributes in
the Work Area. Click the overhead tabs and sub-tabs to display menu
options for that function. Click the Apply button on overhead tabs,
sub-tabs, or in pop-up dialog boxes to apply
provisioning changes. Click Logout to end a session and log out of
the web interface.
19
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Connecting to the E5-400
This section describes how to connect to the E5-400 for system
management. The following tasks are covered:
Establishing a PC connection to the E5-400 Configuring the PC to
communicate with the E5-400 Logging in to the E5-400
20
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Connecting a PC to the E5-400
This topic describes how to connect your PC to the E5-400 and
configure the PC to communicate with the E5-400. These tasks are
required to access the E5-400 web interface.
Connection options
Access the E5-400 interface by connecting a TCP/IP link between
your PC and one of the following management ports:
Front out-of-band Ethernet management port Rear out-of-band
Ethernet management port In-band management port
Use the front Ethernet port first: The E5-400 rear Ethernet and
in-band management ports are disabled by default, so initial system
turn-up requires connecting to the front Ethernet management port.
After initially connecting to the E5-400 front Ethernet port, you
can then enable and configure the rear Ethernet and/or in-band
management ports to support management connections.
DHCP support: The front and rear Ethernet management ports are
equipped with internal DHCP servers, allowing user PCs connected to
these ports to get an IP address in the same (management) subnet
automatically. By default, the front port DHCP server provides up
to three host leases, to limit the E5-400 responses to other DCHP
host broadcasts if the front FE port is connected to the LAN. The
rear port DHCP server is disabled by default.
Connecting a PC to the E5-400 front Ethernet port
To access the web interface, connect your PC to the E5-400 front
Ethernet port. Use a standard Ethernet jumper cable (RJ-45
connectors on both ends) as follows:
1. Connect one cable end to the E5-400 front Ethernet management
port, located on the front panel (labeled ETH MGMT 1).
2. Connect the other cable end to the Ethernet port on your
PC.
For detailed wiring instructions, see the Calix E5-400 Installation
Guide.
21
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Note: The front Ethernet management port is intended for direct
local management access, and should remain available for this
purpose. If you require permanent out-of-band management
connectivity to the E5-400, Calix recommends using the rear
Ethernet management port.
The following procedures apply to PCs running Microsoft Windows XP.
Before making changes, record your current settings to restore them
later, if needed.
Configuring your PC to communicate with the E5-400 using DHCP
Use this procedure to configure your PC if:
You are connecting to the E5-400 front Ethernet management port,
and The front or rear Ethernet management port's internal DHCP
server is enabled.
To configure your PC to communicate with the E5-400 using
DHCP
1. On the PC Start menu, click Settings > Network Connections.
Right-click Local Area Connection, then click Properties.
2. In the Local Area Connection Properties dialog box, do the
following:
a. On the General tab, click Internet Protocol (TCP/IP).
b. Verify that the check box for Internet Protocol (TCP/IP) is
selected.
c. Click Properties.
3. In the Internet Protocol (TCP/IP) Properties dialog box, on the
General tab, do the following:
a. Click the Obtain an IP Address Automatically option.
b. Click the Obtain DNS Server Address Automatically option.
4. Click OK in all open dialog boxes to save your network
connection settings.
Configuring your PC to communicate with the E5-400 (no DHCP)
Use this procedure to configure your PC if:
You are connecting to the E5-400 front or rear Ethernet management
port and its internal DHCP server is disabled, or
You are connecting to the E5-400 in-band management port.
22
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
To configure your PC to communicate with the E5-400 without using
DHCP
1. On the PC Start menu, click Settings > Network Connections.
Right-click Local Area Connection, then click Properties.
2. In the Local Area Connection Properties dialog box, do the
following:
a. On the General tab, click Internet Protocol (TCP/IP).
b. Verify that the check box for Internet Protocol (TCP/IP) is
selected.
c. Click Properties.
3. In the Internet Protocol (TCP/IP) Properties dialog box, on the
General tab, do the following:
a. Click the Use The Following IP Address option.
b. In the IP Address box, type 192.168.1.2
c. In the Subnet Mask box, type 255.255.255.0
d. In the Default Gateway box, leave the box blank.
e. Leave both DNS Server address boxes empty.
4. Click OK in all open dialog boxes to save your network
connection settings.
After completing the task above, your PC is ready to connect to the
E5-400.
Related topics
Configuring the E5-400 Management Interface (on page 28)
Configuring the Rear Craft Ethernet Port (on page 31) Logging In to
the E5-400 (on page 23) Logging in to the E5-400 Command-Line
Interface (CLI) (on page 25)
23
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Logging In to the E5-400 Web Interface
Launch an E5-400 web interface session by entering the E5-400 IP
address into your browser. The E5-400 supports 15 simultaneous web
interface sessions.
To establish an E5-400 web interface session
1. Verify that your PC is connected to the E5-400.
2. Open a web browser window (i.e., Internet Explorer or
Firefox).
3. In the browser's URL Address box, type the E5-400 management IP
address, then press the Enter key. For example, type 192.168.1.1
(default IP address of the E5-400 front Ethernet management
port).
Note: The web interface operates in secure HTTP mode (HTTPS) by
default. Therefore, you must type https:// before typing the E5-400
management IP address. You can change this default setting.
4. In the Login dialog box, do the following:
a. In the User Name box, type your user name. For example, type e5
(default).
b. In the Password box, type your password. For example, type admin
(default).
24
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Note: For security, Calix recommends changing the password for the
default e5 user ID.
5. Click OK to log in to the web interface.
Upon logging in for the first time, the system displays a "System
Turn Up" utility that you can use to simplify the system turn-up
process. To bypass the tool, click Close. All configurations
performed by the tool are available elsewhere in the web interface
and can be performed later.
Note: Because the E5-400 web interface operates in secure HTTP mode
(HTTPS) by default, upon logging in for the first time, your web
browser may present a security warning message. Accept the
certificate to proceed to the web interface as described
below.
The following example is from Firefox 2.0. In the security message
dialog box, choose either Accept this certificate permanently or
Accept this certificate temporarily for this session and then click
OK.
25
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
The following example is from Internet Explorer. In the security
message dialog box, click Yes to proceed.
Note: Click Log Out at the top-right corner of the browser window
when you want to close an E5-400 session. If you use other methods
to close the browser, the session remains open for 30
minutes.
Related topics
Connecting a PC to the E5-400 (on page 20) Performing Initial
System Turn-Up (on page 36) Managing System User Accounts (on page
54) Using the E5-400 System Turn Up Tool (on page 37)
Logging In to the E5-400 Command-Line Interface (CLI)
The E5-400 supports both TCP/IP and RS-232 serial connections to
the command-line interface (CLI). The E5-400 supports 5
simultaneous CLI sessions. Access the CLI using one of the
following methods:
TCP/IP connection: To use a local or remote TCP/IP connection, you
must be connected to one of the E5-400 Ethernet management ports or
the in-band management port. You can access the CLI via telnet or
SSH (port 22).
RS-232 serial connection: To use an RS-232 serial connection, you
must be connected to the E5-400 serial port. You can access the CLI
via a terminal emulation program, such as HyperTerminal or ProComm
Plus.
26
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Note: As an "unsecure" connection type, telnet and HTTP access to
the E5-400 is not enabled by default. Therefore, for initial system
turn-up over a TCP/IP connection, use a terminal emulation program
configured for SSH Authentication or a web browser using the Secure
HTTP protocol (HTTPS) to access the E5-400. After initially
connecting via SSH (port 22), you can enable telnet access by
issuing the following command: set system telnet-server
enabled.
Note: The CLI command disable session timeout disables the default
behavior of logging out the current session after five minutes of
inactivity. This setting is useful for collecting debugging
information, yet, it should be used sparingly. A session could
become stranded if you forget which terminal window it was in,
causing the session to be unavailable for other users.
Establishing a Telnet Connection
You can connect to the CLI locally or remotely via telnet. For
initial system turn-up, connect to the E5-400 front Ethernet
management port.
To establish a telnet connection to the CLI
1. Verify that your PC is connected to the E5-400.
2. Launch a telnet session as follows:
a. On your PC Start menu, click Run.
b. In the Open box, type cmd and click OK open the DOS command
prompt window.
c. At the command prompt, type telnet to start the telnet
client.
3. Log into the E5-400 CLI as follows:
a. At the telnet command prompt, type o (open host) followed by a
space and the host IP address, then press <Enter>. For
example, type o 192.168.1.1 (default IP address of the E5-400 front
Ethernet port).
b. At the Username prompt, enter your user name. For example, type
e5 (default).
c. At the Password prompt, enter your password. For example, type
admin (default).
Note: The logon ID and password are case sensitive.
The Calix> command prompt displays upon successful login to the
E5-400 CLI.
Establishing a Local Console Connection
You can connect locally to the CLI from the E5-400 serial
port.
27
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
To establish a local console connection to the CLI
1. Verify that your PC is connected to the E5-400 serial port. See
the Installation Guide for instructions.
2. On your PC, use a VT100 terminal emulation program to start a
console session. For example, launch a HyperTerminal session as
follows:
a. On the Start menu, click Programs > Accessories >
Communications > HyperTerminal.
b. In the Connection Description dialog box's Name field, type a
name for the session, then click OK.
c. In the Connect To dialog box, in the Connect Using list, select
the PC serial port to which the console cable is connected. For
example, click COM1.
d. In the COM# Properties dialog box, on the Port Settings tab, do
the following:
In the Bits per Second list, click 38400.
In the Data Bits list, click 8.
In the Parity list, click None.
In the Stop Bits list, click 1.
In the Flow Control list, click None.
e. Click OK to connect.
3. In the console window, press the Enter key to initiate the
console CLI session.
4. Log into the E5-400 CLI as follows:
a. At the Username prompt, enter your user name. For example, type
e5 (default).
b. At the Password prompt, enter your password. For example, type
admin (default).
Note: The logon ID and password are case sensitive.
The Calix> command prompt displays upon successful login to the
E5-400 CLI.
Note: Upon logging in for the first time, the system automatically
runs an "initial configuration" script that you can use to simplify
the system turn-up process. At the prompts, type the requested
information to configure the E5-400 control and system
functions.
Note: For security, Calix recommends changing the password from the
default user ID.
28
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuring the E5-400 Management Interface
The Calix E5-400 is equipped with several management interface
ports to support multiple connection methods to the E5-400 web
interface and/or command-line interface (CLI).
Front Ethernet management port: The front Ethernet management port
is an out-of- band 10/100 Fast Ethernet (FE) port, accessible via
an 10/100 Base-T Ethernet (RJ-45) jack located on the front panel.
Use the front Ethernet management port for local management access,
including initial system turn-up. This port provides a one-way
security model for a single connection to corporate management and
does not allow for node-to-node connections within a network or
subnetwork.
Rear Ethernet management port: The rear Ethernet management port(s)
is an out-of- band 10/100 Fast Ethernet (FE) port, accessible via
an RJ-45 jack located on the rear panel. Use the rear Ethernet
management port to provide a permanent out-of-band network
connection to back office management connections. This port
provides a one- way security model for a single connection to
corporate management and does not allow for node-to-node
connections within a network or subnetwork. The E7-20 has redundant
ports on the rear panel.
In-band management port: The in-band management port supports
remote management configured on any VLAN on any E5-400 Ethernet
port interface, where the 1-GE or 10-GE port is added to the
management VLAN. This port allows for node-to node connections
within a network.
RS-232 serial port: The RS-232 serial port (RJ-11) is accessible on
the front panel. Use the serial port to establish local console
connections to the CLI only. The serial port is always on and uses
fixed connection settings.
29
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuring the Front Craft Ethernet Port
The E5-400 is equipped with a 10/100 Fast Ethernet (FE) management
port on its front panel, accessible via an RJ-45 jack on the fan
module. Use the front Ethernet management port for local,
out-of-band (Craft) management access, such as during initial
system turn-up. This port provides a one-way security model for a
single connection to corporate management and does not allow for
node-to-node connections within a network or subnetwork. For
instructions to access the front Ethernet port for the first time,
see Connecting a PC to the E5-400 (on page 20).
The front Ethernet management port is configured with a default IP
address of 192.168.1.1. The port is also equipped with a built-in
DHCP server to automatically provide the user PC connected to it
with an IP address in the same (management) subnet. By default, the
internal DHCP server provides up to three host leases, to limit the
E5-400 responses to other DCHP host broadcasts if the front FE port
is connected to the LAN. The DHCP lease time is 10 minutes.
The front Ethernet management port is identified in the web
interface as Craft FE: Front. You can modify the front Craft FE
front port settings from the defaults as required.
To configure the front Ethernet management port (Craft FE:
Front)
1. On the Navigation Tree, click E5-400.
2. In the work area, click Management > Craft Mgmt Interfaces
> Ethernet Port.
3. In the table view, click the Front row to display the port
settings for Craft Fast Ethernet port located on the E5-400 front
panel.
4. Modify the Craft FE front port settings as follows:
a. In the Admin Status list, select enabled to enable front Craft
FE front port access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the front Craft FE
front port, or accept the default (192.168.1.1)
c. In the Subnt Mask box, type a subnet mask for the front Craft FE
front port, or accept the default.
d. In the Enable DHCP Server? box, select Y (Yes) to enable the
internal DHCP server on this port, or select N (No) to disable
it.
Perform the following additional steps only if you enabled the
internal DHCP server (Enable DHCP Server? = Y in Step 4d).
e. In the DHCP Server Start Address box, type the first IP address
of a range to assign to hosts.
30
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
f. In the DHCP Server End Address box, type the last IP address of
a range to assign to hosts.
g. In the DHCP Server Defined Gateway list, select Y (Yes) to
define this port's IP address as the gateway for DHCP hosts, or
select N (No) to not define a gateway address for hosts. Calix
recommends selecting No for most applications.
5. Click Apply to update the settings.
Note: To establish a permanent out-of-band management connection to
the E5-400, Calix recommends using the rear Ethernet management
port.
For CLI:
show craft-fe front
enable craft-fe front
disable craft-fe front
Related topic
31
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuring the Rear Craft Ethernet Port
The E5-400 is equipped with a secondary 10/100 Fast Ethernet (FE)
management port on its rear panel, accessible via wire-wrap pins.
Use the rear Ethernet management port to provide a permanent
out-of-band connection for local management of the E5-400. This
port provides a one-way security model for a single connection to
corporate management and does not allow for node-to-node
connections within a network or subnetwork.
The rear Ethernet management port is disabled by default. To use
it, you must enable the port and configure it with an IP address.
The rear Ethernet port is equipped with a built-in DHCP server that
you can use to automatically provide IP addresses to user PCs
connected to the port. By default, the DHCP server on the rear port
is disabled.
The rear Ethernet management port is identified in the web
interface as Craft FE: Rear. You can modify the rear Craft FE port
settings as described below.
Note: If the front and rear Ethernet management ports (Craft FE:
Front, Craft FE: Rear) are both enabled, their IP addresses must
belong to different subnets. Also, the craft management ports
cannot use IP addresses from the same subnet where DHCP Snooping is
enabled.
To configure the rear Ethernet management port (Craft FE:
Rear)
1. On the Navigation Tree, click E5-400.
2. In the work area, click Management > Craft Mgmt Interfaces
> Ethernet Port.
3. In the table view, double-click the CraftFe: Rear row to display
the port settings for Craft Fast Ethernet.
4. Modify the Craft FE rear port settings as follows:
a. In the Admin Status list, select enabled to enable rear Craft FE
rear port access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the rear Craft FE
rear port.
c. In the Subet Mask box, type a subnet mask for the rear Craft FE
rear port.
d. In the Enable DHCP Server? box, select Y (Yes) to enable the
internal DHCP server on this port, or select N (No) to disable
it.
Perform the following additional steps only if you enabled the
internal DHCP server (where Enable DHCP Server? = Y in Step
4d).
e. In the DHCP Server Start Address box, type the first IP address
of a range to assign to hosts.
32
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
f. In the DHCP Server End Address box, type the last IP address of
a range to assign to hosts.
g. In the DHCP Server Defined Gateway list, select Y (Yes) to
define this port's IP address as the gateway for DHCP hosts, or
select N (No) to not define a gateway address for hosts. Calix
recommends selecting No for most applications.
5. Click Apply to update the settings.
For CLI:
set craft-fe rear [ip|netmask|dhcp-server|dhcp-ip-start|dhcp-ip-
end|dhcp-dflt-gw|admin-state]
show craft-fe rear
33
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Configuring the In-Band Management Interface
The E5-400 is equipped with an in-band management port, to support
remote management over its "in band" Ethernet line interfaces. The
in-band management port is accessible from any of the system's
Gigabit Ethernet (GE) or 10-Gigabit Ethernet (10GE) line
interfaces, provided that the line port is added to the management
VLAN. Connection speed depends on the line rate of the access port
(GE or 10GE) as well as the priority assigned to the management
VLAN.
Note: Calix strongly recommends that you reserve a VLAN for the
purpose of management traffic only and not use it for regular
network traffic.
The in-band management port is disabled by default. To use in-band
management, you must provision the following parameters, which you
may have already done via the System Turn Up tool:
1. Enable the in-band management port.
2. Configure the management port with an IP address.
3. Provision a management VLAN.
4. Assign the port interface to the management VLAN.
Note: If all of the E5-400 management ports are enabled, their IP
addresses must belong to different subnets.
To configure the in-band management interface
1. If the management VLAN does not already exist, you must create
it before continuing.
2. On the Navigation Tree, click E5-400.
3. In the work area, click Management > Inband Mgmt Interface to
display the port settings for Management Configuration 1.
4. Modify the in-band management port settings as follows:
a. In the Admin Status list, select enabled to enable in-band
management access, or select disabled to disable it.
b. In the IP Address box, type an IP address for the in-band
management port.
c. In the Subnet Mask box, type a subnet mask for the in-band
management port.
d. In the Management VLAN box, type the VLAN ID number of the
management VLAN.
Note: You must specify an existing VLAN ID. If the VLAN does not
exist, an error message displays when you click Apply. ven if no
interface is currently using VLAN 1 as the Native VLAN, it is still
off limits for user provisioning, including use as the Management
VLAN.
34
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
5. Click Apply to update the settings.
6. Once a management VLAN is established, you can add GE or 10GE
port interfaces to the management VLAN as required to enable
in-band management over those links.
7. On the Navigation Tree, click E5-400.
8. In the work area, click System > Provisioning to define a
default gateway for all E5-400 management traffic. Any received
traffic with an unknown destination IP address will be forwarded to
the default gateway.
9. For the IP Gateway box in the System Provisioning screen, enter
the Gateway IP address for network management.
For CLI:
set craft-fe rear [ip|netmask|dhcp-server|dhcp-ip-start|dhcp-ip-
end|dhcp-dflt-gw|admin-state]
show craft-fe rear
show craft-fe rear
set craft-fe rear
disable craft-fe rear
enable craft-fe rear
Example of set command: set craft-fe rear ip 192.168.1.1 netmask
255.255.255.0 dhcp-server enabled dhcp-ip-start 192.168.1.50
dhcp-ip-end 192.168.1.55
Related topics
Using the E5-400 System Turn Up Tool (on page 37) Creating VLANs
(on page 121) Creating VLAN Memberships (on page 136)
35
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Viewing the Craft Serial Port
The E5-400 is equipped with an RS-232 serial port, accessible from
the FTA front panel. You can use the serial port to connect to the
E5-400 command line interface (CLI). The web interface is not
accessible from an RS-232 serial connection.
The serial port is always enabled and uses the following fixed
connection settings:
Baud Rate: 38400
Data Bits: 8
Note: You cannot currently modify the serial port connection
settings.
To view the craft serial port
1. On the Navigation Tree, click E5-400.
2. In the work area, click Management > Craft Mgmt Interfaces
> Serial Port.
3. Check the serial port signaling settings as required.
For instructions to connect an RS-232 cable to the serial port
pins, see the Calix E5-400 Installation Guide. Establish a console
connection to the CLI using a standard VT100 terminal emulation
program (such as HyperTerminal or ProComm Plus).
For CLI: show craft-serial
36
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Performing Initial System Turn-Up
This section describes how to perform an initial turn-up of an
E5-400 system. The E5-400 provides two optional methods for
performing the initial configuration:
Using the "System Turn Up" tool The tool simplifies the process by
providing configuration of several key system elements from a
series of provisioning screens. The "System Turn Up" tool appears
automatically when you first log in to the E5-400 web
interface.
Provisioning basic system settings manually All of the system
elements configured by the System Turn Up tool are also available
elsewhere in the web interface and can be configured
individually.
This section covers both of the initial system turn-up
methods.
37
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Using the E5-400 System Turn Up Tool
This topic describes how to turn up an E5-400 using the "System
Turn Up" tool that appears when you first login to the system. The
tool includes provisioning support for the following
categories:
System Configuration - defines the general network-related
settings. Further settings are available in the System Provisioning
screen.
Craft Eth Port Front Configuration - defines the 10/100 Ethernet
management port that is located on the front panel, intended for
local connection to a PC for initial system turnup.
Craft Eth Port Rear Configuration - defines the Ethernet management
port that is located on the rear panel, intended for a permanent
out-of-band connection for local management of the E5-400. This
port provides a one-way security model for a single connection to
corporate management and does not allow for node-to-node
connections within a network or subnetwork.
Inband Management Configuration - defines the parameters of the
in-band management interface. This interface allows remote
management through any of the GE or 10GE port interfaces.
SNMP Configuration - defines aspects of a fault management
capability that captures performance data and sends it to a
designated destination. You must configure these settings to view
E5-400 alarms in the Calix Management System (CMS).
Management Gateway Configuration - defines the address for the IP
gateway.
Note: After the initial turn-up procedure, if you want to change
the IP address to an address in another subnet, first change the
default gateway to 0.0.0.0 and then change the IP address. This
prevents the situation where the gateway is not on the same
subnet.
For standalone shelves, all of the parameters included in the tool
can be modified after the E5-400 initial turn up using either of
the following methods:
Manually restarting the tool described in this topic: a. On the
Navigation Tree, click E5-400.
b. Click System > Provisioning tabs.
c. From the menu, click Action > System Turn Up.
For CLI: Use the turn-up command to restart the tool and then
respond to a series of prompts.
Before starting
Before starting the turn-up process, check that the following
conditions are met:
The E5-400 Ethernet management port is connected to a laptop
computer and you have logged into the system.
38
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
System turn up parameters
You can provision the following parameters for the system turn up
process:
Parameter Description Valid Options
System (ID) A unique name to identify the particular unit in a
network. 31 characters
System Location Name of the system location. 31 characters
CLI Telnet Whether a telnet session to another host is allowed. Y
(Yes) N (No) ‡
HTTP enabled Specifies whether basic (unsecure) HTTP protocol can
be used for the web interface. Y (Yes) enables basic HTTP, N (No)
enables only Secure HTTP (HTTPS).
Y (Yes) N (No) ‡
Time Zone Global time zone the E5-400 uses as a reference. Any
available time zone
NTP Server NTP server the E7 uses as a reference time source. The
E5-400 does not provide time reference service to other
devices.
4-byte IP address
Craft Eth Ports
IP Address IP address of the E7 Ethernet management port. To change
the IP address to an address in another subnet, first change the
default gateway to 0.0.0.0 and then change the IP address. This
prevents the situation where the gateway is not on the same
subnet.
4-byte IP address
Front craft = 192.168.1.1 ‡
Rear craft = 0.0.0.0 ‡
Subnet Mask Subnet mask for the Ethernet management port. 4-byte IP
address
Front craft = 255.255.255.0 ‡
Rear craft = 0.0.0.0 ‡
Enable DHCP Server? Whether the Fast Ethernet ports provide DHCP
service that automatically configures the DHCP-enabled client
computer to communicate with the E5-400 upon connection.
Y (Yes) N (No)
DHCP Server Start Address
IP address that starts the block of addresses available for
assignment through DHCP.
4-byte IP address
Front craft = 192.168.1.100 ‡
Rear craft = 0.0.0.0 ‡
DHCP Server End Address
IP address that ends the block of addresses available for
assignment through DHCP.
4-byte IP address
Front craft = 192.168.1.102 ‡
Rear craft = 0.0.0.0 ‡
Inband Management Configuration
Admin State Admin state of the management interface. enabled
disabled ‡
IP Address IP address of the E5-400 Ethernet management port. To
change the IP address to an address in another subnet, first change
the default gateway to 0.0.0.0 and then change the IP address. This
prevents the situation where the gateway is not on the same
subnet.
4-byte IP address
Subnet Mask Subnet mask for the Ethernet management port. 4-byte IP
address
Management VLAN Name of VLAN (or VLAN ID). VLANs can be specified
by name or by numeric VLAN ID. Note: Calix strongly recommends that
you use a dedicated VLAN for management traffic. Using the Native
VLAN for management traffic is not recommended.
2-4093
39
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Parameter Description Valid Options
SNMP
Trap Destination* Index of SNMP trap destination. Typically the IP
address of the CMS server.
4-byte IP address
SNMP Version* SNMP version. v2c v3
User Name 1
Password 1
Access Level 1
Specifies the security features available for the user. nosec
auth-unencr auth-encr
V2C Community 2
Management Gateway Configuration
IP Gateway Gateway IP address for network management. To change the
IP address to an address in another subnet, first change the
default gateway to 0.0.0.0 and then change the IP address. This
prevents the situation where the gateway is not on the same
subnet.
4-byte IP address
1 Applies to SNMP v3 only
2 Applies to SNMP v2c only. For CMS R10.3, use SNMPv2c only
‡ Default value
To initially turn up the E5-400
1. Log in to the E5-400 system, if you have not already done
so.
2. In the System Configuration section of the System Turn Up dialog
box, do the following:
a. In the System ID box, enter a name to identify the shelf.
b. In the System Location, enter a description of the E5-400
system.
c. In the CLI Telnet box, select whether to enable the telnet
access to the command line interface. By default, Telnet is
disabled.
d. In the HTTP enabled box, select whether to enable the unsecure
HTTP on the E5- 400. By default, HTTP is disabled.
e. In the Time Zone box, select the correct time zone for the
location of the E5-400.
f. In the NTP Server box, enter the NTP server IP address that the
E5-400 will use as a reference time source. If you want to assign
other NTP servers for redundancy, see "To assign multiple NTP
servers" later in this topic.
g. Click Next.
40
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
3. In the Craft Eth Port Front/Rear Configuration sections of the
System Turn Up dialog box, do the following:
a. In the IP Address box, enter the IP address of the Ethernet
management port.
b. In the Subnet Mask box, enter the subnet mask for the Ethernet
management port.
c. In the Enable DHCP Server list, select whether to enable DHCP
service that automatically configures the DHCP-enabled client
computer to communicate with the E5-400 upon connection to the
Ethernet management port.
d. In the DHCP Server Start Address box, enter the IP address that
starts the block of addresses available for assignment through
DHCP.
e. In the DHCP Server End Address box, enter the IP address that
ends the block of addresses available for assignment through
DHCP.
f. Click Next.
4. In the Inband Management Configuration section of the System
Turn Up dialog box, do the following:
a. In the Admin State list, select whether the management interface
is enabled.
b. In the IP Address box, enter the IP address for the management
interface.
Note: To change the IP address to an address in another subnet,
first change the default gateway to 0.0.0.0. and then change the IP
address. This prevents the situation where the gateway is not on
the same subnet.
c. In the Subnet Mask box, enter the IP network mask of the IP
management interface.
d. In the Management VLAN box, enter the name of the management
VLAN or the VLAN ID.
Note: Calix strongly recommends that you use a dedicated VLAN for
management traffic.
e. Click Next.
5. In the SNMP Configuration section of the System Turn Up dialog
box, do the following:
a. In the Trap Destination box, enter the IP address where the
notifications are sent (typically the CMS server IP address).
b. In the Port box, enter the alternate port for the SNMP agent.
The default is 161, which is the standard port number defined by
the IANA.
c. In the SNMP Version list, select the SNMP version that you will
be using for the network.
d. If you selected v2c, do the following:
In the V2c Community box, enter the community string (typically
"public").
41
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
e. If you selected v3, do the following:
In the User Name box, enter the user name assigned to the SNMPv3
user account.
In the Password box, enter the password assigned to the SNMPv3
user.
In the Access Level box, enter the security level assigned to the
SNMPv3 user.
Note: You can also create additional SNMP user accounts.
f. Click Next.
6. In the IP Gateway box in the Management Gateway Configuration
section of the System Turn Up dialog box, enter the Gateway IP
address for network management.
7. Click Finish.
For CLI:
Use the turn-up command and then answer a series of prompts to
configure several key system elements, as described in the
parameters table above.
To modify a parameter that was set in the system turn up
1. In the Navigation Tree, click E5-400.
2. Click the System > Provisioning tabs, and then click Action
> System Turn Up.
3. Follow the steps above.
For CLI:
Use the turn-up command and then answer a series of prompts to
configure several key system elements. Or, use the appropriate set
command. To modify values for an expansion shelf, use the set
craft-fe command.
To assign multiple NTP servers
1. In the Navigation Tree, click E5-400.
2. Click the System > NTP tabs.
3. In the NTP Settings screen, do the following:
a. In the Admin Status box, select whether to enable the service.
Selecting disabled allows the system time to drift away from a
reference source that is known to be reliable. This is not
recommended.
b. In the Server 1 IP box, enter the IP address for the NTP server
that the E5-400 uses as a time reference.
c. In the Server 2 IP box, enter the IP address for the NTP server
that the E5-400 uses as a time reference if Server 1 is
unavailable.
42
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
d. In the Server 3 IP box, enter the IP address for the NTP server
that the E5-400 uses as a time reference if both Server 1 and
Server 2 are unavailable.
4. From the menu, click Apply.
For CLI:
Related topics
Logging In to the E5-400 (on page 23) Provisioning Basic E5-400
System Settings (on page 43) Configuring the E5-400 Management
Interface Ports (on page 28) Configuring SNMP Management (on page
58)
43
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Provisioning Basic E5-400 System Settings
This topic describes how to provision system attributes that are in
addition to the parameters accessible from the System Turn Up
tool.
Before starting
Before starting the system configuration process, check that the
following conditions are met:
The E5-400 Ethernet management port is connected to a laptop
computer and you have logged in to the system.
You have already set the parameters accessible in the System Turn
Up dialog box.
System configuration parameters
You can provision the following parameters for the system
configuration:
Parameter Description Valid Options
System (ID)
A unique name to identify the particular unit in a network. 31
characters
System Location Name of the system location. 31 characters
CLI Telnet Whether a telnet session to another host is allowed. Y
(Yes) N (No) ‡
HTTP enabled Whether the HTTP is enabled. The HTTPS is always
enabled. Y (Yes) N (No) ‡
IP Gateway Gateway IP address for network management.
Note: To change the IP address to an address in another subnet,
first change the default gateway to 0.0.0.0 and then change the IP
address. This prevents the situation where the gateway is not on
the same subnet.
4-byte IP address
Password Expiry (Days) Password expiration interval for CLI and web
browser users' accounts. Setting the value to "0" causes the system
to never have the password expire.
0-100
Primary DNS Server IP address of primary DNS server. This is an IP
address in "dotted quad" format: "192.168.1.100." Alternatively,
set the value to "0.0.0.0."
0.0.0.0
Sec. DNS Server IP address of secondary DNS server. This is an IP
address in "dotted quad" format: "192.168.1.100." Alternatively,
set the value to "0.0.0.0."
0.0.0.0
Time Zone World time zone the E5-400 uses as a reference.
First Reserved VLAN First reserved VLAN in a set of four contiguous
VLANs that are used for internal system operation.
2-4093
BAR Transfer Protocol Backup and Restore (BAR) transfer protocol
used during the E5- 400 database backup or restore process.
ftp-active ‡ ftp-passive sftp
44
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Parameter Description Valid Options
ftp-active ‡ ftp-passive sftp
BAR Transfer Port Port number for the Backup and Restore (BAR)
transfer that is either a default value that correlates to the
Backup and Restore (BAR) protocol choice, or an alternate port
number you specify.
ftp default = 21 sftp default = 22 Alternate = 1-65000
Upgrade Transfer Port Port number for the software upgrade transfer
that is either a default value that correlates to the upgrade
transfer protocol choice, or an alternate port number you
specify.
ftp default = 21 sftp default = 22 Alternate = 1-65000
User Authorization Order Order to follow for user authorization:
local database only, local database then RADIUS server, RADIUS
server only, RADIUS server then local database.
local‡, local-radius, radius, radius-local
1. On the Navigation Tree, click E5-400.
2. Click System > Provisioning tabs.
3. In the System Provisioning screen, do the following:
a. In the Admin State box, select whether the E5-400 is in
service.
b. In the System ID box, enter a unique name to identify the E5-400
system.
c. In the System Location, enter a description of the E5-400
system.
d. In the CLI Telnet box, select whether to enable the telnet
access to the command line interface. By default, Telnet is not
enabled.
e. In the HTTP enabled box, select whether to enable the unsecure
HTTP on the E5- 400. By default, HTTP is not enabled.
f. In the IP Gateway box, enter the Gateway IP address for network
management.
Note: To change the IP address to an address in another subnet,
first change the default gateway to 0.0.0.0 and then change the IP
address. This prevents the situation where the gateway is not on
the same subnet.
g. In the Password Expiry box, enter the password expiration
interval in days for CLI and web browser users.
h. In the Primary DNS Server box, enter the IP address of the DNS
server that the E5- 400 uses for assigning IP addresses to the
management interfaces.
i. In the Sec. DNS Server box, enter the IP address of the DNS
server that the E5-400 uses for assigning IP addresses to the
management interfaces, if the primary DNS server is
unavailable.
j. Next to the Time Zone box, click the button and select the
correct time zone for the location of the E5-400.
45
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
k. In the First Reserved VLAN box, enter the first value in the set
of VLANs that are reserved.
l. In the BAR Transfer Protocol list, select the transfer protocol
for the E5-400 database backup and restore (BAR) processes.
m. In the Upgrade Transfer Protocol list, select the transfer
protocol for the E5-400 software upgrade processes.
n. In the BAR Transfer Port list, select whether the port number
for the backup-and- restore (BAR) transfer process is a default
value that correlates to the BAR protocol choice (ftp=21, sftp=22)
or specify an alternate value.
o. In the Upgrade Transfer Port list, select whether the port
number for the software upgrade transfer process is a default value
that correlates to the upgrade transfer protocol choice (ftp=21,
sftp=22) or specify an alternate value.
p. In the User Authorization Order list, select the order to follow
for authorizing users.
4. Click Apply.
For CLI:
Use the set system command to provision system attributes that are
in addition to the parameters accessible from the System Turn-up
tool.
Examples of the commands to use for basic system settings:
show system
set system user-auth-order
Related topics
Connecting a PC to the E5-400 (on page 20) Using the E5-400 System
Turn Up Tool (on page 37)
46
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Managing an E5-400 in CMS
This section describes how to add an E5-400 node to a CMS network
group, allowing management of the device from CMS.
Adding an E5-400 Node to CMS
Adding an E5-400 or E7 device to a CMS network group allows
management of the device from CMS. Part of the process of adding
the device to the network group involves setting up CMS as a trap
destination on the E5-400 or E7 node. When this process is
completed, the E7 notifies the CMS upon a GPON ONT or AE ONT
arrival, immediately establishing a relationship without a
synchronization task.
Optionally, you can create a graphical link from another Calix
network element, such as a C7 shelf, and view the link in Topology
view.
Creating an E5-400 or E7 device requires Full CMS Administration
privileges.
To add an E5-400 or E7 unit to a CMS network group
Note: Default SNMP and network login settings are defined in the
Systems Settings Work Area.
1. On the Navigation Tree, select a network group.
2. Click Network Details > E5-400 or E7.
3. From the menu, click Create.
Note: You must be in the Topology, Map View, or Network Details
Work Area to create a node.
4. In the New E7 or E5-400 dialog box, do the following:
a. In the Name text box, type a device name.
Note: Device names can contain alphanumeric characters,
underscores, and spaces, and are case-sensitive. In addition, you
cannot use the same name for a device that has already been
created.
b. In the Location list, select the parent network group for the
new device.
c. In the IP Address box, enter an IP address for the device.
d. In the Netconference Port (NetConf Port) box, enter a port
number to use. By default, port 830 is used.
47
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
e. In the SNMP Version list, select the SNMP version to use for the
device, and then do one of the following:
SNMPv2c: In the SNMP Community box, leave the field blank to use
the default community string defined in CMS, or type the community
string specific to the device.
SNMPv3: Leave the SNMPv3 User Name and Password fields blank to
accept the default E5-400 or E7 settings defined in CMS, or type
the SNMP user name and password specific to the device. In the
SNMPv3 Access Control list, select the encryption setting to
use.
f. In the HTTP and HTTPS Port fields, accept the default ports to
use for nonsecure and secure connections between the CMS server and
the Web interface.
g. In the Network Login User Name and Password fields, leave the
fields blank to use the default settings defined in CMS, or type
the user name and password specific to the device.
h. In the Auto Connect list, accept the default Y (Yes) to
automatically connect to CMS, or select N (No) to create the device
without connecting to it.
i. In the Enable Global Profile list, accept the default Y (Yes) to
automatically synchronize global profiles with CMS, or select N
(No) to create the device without synchronizing global
profiles.
j. (Optional) Specify an address or a latitude and longitude for
viewing the new node icon in Map View. Click the ellipsis button to
the right of the Address Location Info box to open the entry dialog
box, and do one of the following:
Type the address location in the box provided. Click OK to save the
information.
Click the Enter Lat/Lng radio button and type the latitude and
longitude in the respective boxes. Click OK to save the
information.
k. At the bottom of the New Node dialog box, click OK to create the
node.
5. (Optional) In the network group Topology Work Area, move the new
node icon by clicking and dragging it.
6. (Optional) Create a graphical link to view the device in a
network topology.
7. Once the E5-400 node has been added in CMS, if you have not
already done so, set the SNMP trap destination on the node using
the System Turn Up screen. You can use CMS to access the Web
cut-through for the device.
Related topics
Using the E5-400 System Turn Up Tool Creating a Graphical Link
Between Devices (on page 48)
48
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Creating a Graphical Link Between Calix Devices
A graphical link represents a connection between the devices in a
network group and is shown in Topology View, for example, a fiber
link between two Calix network elements within a network group. CMS
self-discovers the node links within B6 and C7 networks (green
links). Therefore, you only need to create cross-platform
connections (blue links).
Before creating a graphical link, you must add the devices to a
network group.
Creating a graphical link between devices requires Full CMS
Administration privileges.
To create a topology link between network elements (drag-and-drop
method)
1. On the Navigation Tree, select the Network Group that contains
the devices.
2. In the Topology Work Area, locate the task list to the right of
the zoom ratio list. Select Topology Links.
3. Click on a starting node, and then click on another node to
terminate the link.
4. In the Topology Links dialog box, do the following:
In the From Endpoint and To Endpoint areas, specify the ports on
the devices you are creating a link from and to.
Click Add to move the endpoints to the Topology Links to be Created
area.
Optionally, in the Link Type, Description, and Bandwidth fields,
type the information to be associated with the link.
At the bottom of the dialog box, click Create.
5. Click OK to confirm the action.
In the Topology and Map View Work Areas, a blue link displays
between the two devices.
Tip: Hover the mouse over the new link to display topology link
information in a Tooltip.
To create a topology link (table method)
1. On the Navigation Tree, select the Network Group that contains
the devices.
2. In the Work Area tabs, click Topology Links.
3. In the Toolbar, click Create.
49
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
4. In the Links table, do the following:
In the From Endpoint and To Endpoint areas, specify the Calix
devices you are creating a link from and to:
For C7 networks, select the network, shelf, facility, and
port.
For other Calix nodes, select the node in the Network field, and
type a port in the Facility field.
Click Add to move the endpoints to the Links to be Created
area.
Optionally, in the Link Type, Description, and Bandwidth fields,
type the information to be associated with the link.
At the bottom of the dialog box, click Create.
5. Click OK to confirm the action.
In the Topology and Map View Work Areas, a blue link displays
between the two devices.
Tip: Hover the mouse over the new link to display the topology
information in a Tooltip.
To delete a topology link
1. On the Navigation Tree, select a Network Group with a link
between devices.
2. In the Work Area, click Topology Links. In the link list, select
one or more links to delete.
3. Click Delete.
If there are two or more links, a list displays where you can
select the links to be deleted. Click OK.
4. In the Confirmation dialog box, click OK to confirm the
deletion.
Viewing or Modifying E7 and E5-400 Platform Details
After creating an E5-400 in CMS, you can view or edit the
parameters listed in the following table:
Network Detail Description
Display Name The name that displays next to the unit on the
Navigation Tree.
Network Group* The parent network group under which the unit is
nested on the Navigation Tree.
Connection State The current unit connection status (Connected,
Connecting, Diagnosing, Disconnected, Dynamic Synchronizing,
Partially Connected, Secure Connecting, Synchronized,
Synchronizing, or Unknown).
IP Address* The IP address of the platform.
50
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Network Detail Description
SNMP Port* This field is currently not used.
Device Type* E5-400 or E7
Network Login Name* The user name or ID used to log in to the
device. If you are using the default login user name, that user
name displays in this field.
Auto Connect* Yes (Y) automatically attempts to reach to the node
via SNMP approximately once every minute.
No (N) turns off this feature.
Note: If you set the Auto Connect parameter to N (do not
automatically reconnect) and the node gets disconnected, it will be
skipped when a scheduled task runs.
Time Zone* Specifies the network time zone in the number of hours
in relation to GMT. When you create a network, you assign it to a
time zone.
Running Version Specifies the software version currently running on
the device.
Note: The device can hold two versions of the software. See the
following two field definitions to understand how the Alternate
Version is used.
Committed Version The version of the software (Running Version or
Alternate Version) configured as the version that will be used when
a device resets due to a failure condition (such as a power
failure).
Note: For information on how to toggle the Committed Version
locally, see the Calix E5-400 documentation.
Alternate Version The non-running version of software that is
loaded on the device.
Global Profile Enabled* Specifies whether global profiles are
enabled (Y) or disabled (N).
* Parameters listed above with an asterisk can be edited.
Viewing and editing E5-400 details requires Full CMS Administration
privileges.
To view and edit E5-400 details
1. On the Navigation Tree, click the root region, parent region, or
network group.
2. In the Work Area, click Network Details > E5-400.
3. To edit a parameter, do the following:
a. In the node list, hold down the Ctrl key and click the unit(s)
to edit.
b. In the Edit row, modify the editable parameters as needed.
c. Click Apply, and then click OK to save the new settings.
Deleting an E5-400 platform requires Full CMS Administration
privileges.
Note: E5-400 platforms can be deleted in a synchronized or
unsynchronized (disconnected) connection state.
51
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
To delete an E5-400 platform
1. On the Navigation Tree, click the root region, parent region, or
network group.
2. In the Work Area, click Network Details > E5-400.
3. In the device list, select the units(s) to delete.
4. (If the node displays as Connected in the Connection State
column) In the toolbar, click Action > Disconnect, and then
click OK to confirm the action.
5. In the toolbar, click Delete, and then click OK to confirm the
deletion.
Modifying the E5-400 Default User Name or Password
You can change the default user name and password used to connect
to E5-400 systems. To change a device user name and password, you
must modify them locally on the unit.
Note: If the login user name or password does not match the user
name or password, you cannot connect to the device from CMS.
Modifying an E5-400 device user name or password requires Full CMS
Administration privileges.
To change an E5-400 device user name or password
1. On the Navigation Tree, click CMS.
2. In the Work Area, click System > E5-400.
3. Change the user name and password fields to match the new
default values.
Note: User names and passwords are case-sensitive and must match
the corresponding user name and password of the E5-400
system.
4. Click Apply, and then click OK to save the new settings.
52
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Chapter 2
E5-400 System Administration
This section describes how to manage user access and perform
administrative tasks on the database and software.
Topics Covered
Managing system user accounts Configuring SNMP management
Configuring secure system access Performing backup and restore
operations Upgrading system software Rebooting the system
54
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Managing System User Accounts
This section describes how to create and manage system user
accounts. The system supports 100 user accounts that are locally
defined (not in the RADIUS server).
Note: Click Log Out at the top-right corner of the browser window
when you want to close an E5-400 session. If you use other methods
to close the browser, the session remains open for 30
minutes.
System user access level
You can create system user accounts that allow the following
privileges:
Administrative privileges:
Issue provisioning commands Manage users and sessions Perform
software upgrades Administer the database
Provisioning privileges:
Software upgrades
Database restore
Note: You can also create a system user account with read-only
privileges. These users are intended as temporary "guest" accounts
as they cannot change provisioning or alter the operation of login
sessions, yet they can modify their passwords.
Creating a System User Account
This topic shows you how to create a system user account that
allows access to the E5-400 web browser interface and the
command-line interface (CLI).
55
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
System user account parameters
You can provision the following parameters for system user
accounts:
Parameter Description Valid Options
User Name* User name for the account. String up to 31
characters
Access Level*
Access level assigned to the system user. read-only prov
admin
Password* Password assigned to the user account. String 6-31
characters
Re-enter Password* Password assigned to the user account. String
6-31 characters
Admin Status Service state of the account. enabled disabled
*Required fields
To create an E5-400 web browser and CLI user account
1. On the Navigation Tree, click E5-400.
2. Click Management > Craft Users tabs.
3. From the menu, click Create.
4. In the Create Web GUI/CLI User dialog box, do the
following:
a. In the User Name box, enter the user name for the account you
are creating.
b. In the Access Level list, select the security level to be
assigned to the user.
c. In the Password box, enter the password assigned to the
user.
d. In the Re-enter Password box, enter the password assigned to the
user.
e. In the Admin Status list, select whether the user account is in
service.
5. Click Create.
set user <user name> admin-state enabled
The username is restricted to letters, numbers, underscore (_),
plus sign (+), and dot (.).
You will be prompted for the new user password and then again for
confirmation of the password.
Related topics
56
Proprietary Information: Not for use or disclosure except by
written agreement with Calix. © Calix. All Rights Reserved.
Modifying a System User Account
This topic shows you how to modify web browser/CLI user
accounts.
To edit a system user account
1. On the Navigation Tree, click E5-400.
2. Click Management > Craft Users tabs.
3. Double-click the user name in the list of users.
4. In the Web GUI/CLI User screen, do the following:
a. In the Access Level list, select the security level.
b. In the Admin Status list, select whether to put the account in
service.
5. Click Apply from the menu.
To delete a system user account
1. On the Navigation Tree, click E5-400.
2. Click Management > Craft Users tabs.
3. Click the user name in the list of users to select it.
4. In the menu, click Delete.
For CLI:
LOAD MORE