7/31/2019 R1.9 Service Visibility Manager Configuration Guide
1/23
NetSocket Service Visibility Solution Suite
Service Visibility ManagerConfiguration Guide
Release 1.9
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
2/23
THE PRODUCT INFORMATION PRESENTED WITHIN THIS DOCUMENT IS SUBJECT TO CHANGE
WITHOUT NOTICE. ALL PRODUCT INFORMATION IS BELIEVED TO BE ACCURATE, BUT IS PROVIDED
WITHOUT WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED. NETSOCKET, INC. ACCEPTS NO
RESPONSIBILITY FOR USERS SPECIFIC APPLICATION OF THE PRODUCT(S ) FEATURED WITHIN THIS
DOCUMENT. NEITHER NETSOCKET, INC. NOR ITS SUPPLIERS SHALL BE LIABLE FOR DAMAGES OF
ANY KIND, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR REVENUE, ARISING FROM THE
USE OF THE FEATURED PRODUCT(S) AND ASSOCIATED INFORMATION PRESENTED WITHIN THIS
DOCUMENT.
NETSOCKET INC., CONFIDENTIAL
THE INFORMATION CONTAINED IN THIS DOCUMENT IS THE PROPERTY OF NETSOCKET. EXCEPT AS
SPECIFICALLY AUTHORIZED IN WRITING BY NETSOCKET, THE HOLDER OF
THIS DOCUMENT SHALL KEEP THE INFORMATION CONTAINED HEREIN CONFIDENTIAL AND SHALL
PROTECT SAME IN WHOLE OR IN PART FROM DISCLOSURE AND DISSEMINATION
TO THIRD PARTIES AND USE SAME FOR EVALUATION, OPERATION AND MAINTENANCE PURPOSES
ONLY.
THE CONTENT OF THIS DOCUMENT IS PROVIDED FOR INFORMATION PURPOSES ONLY AND IS
SUBJECT TO MODIFICATION. IT DOES NOT CONSTITUTE ANY REPRESENTATION OR WARRANTY
FROM NETSOCKET AS TO THE CONTENT OR ACCURACY OF THE
INFORMATION CONTAINED HEREIN, INCLUDING BUT NOT LIMITED TO THE SUITABILITY AND
PERFORMANCES OF THE PRODUCT OR ITS INTENDED APPLICATION.
NetSocket 2012
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
3/23
NetSocket, Inc. - Proprietary and Confidential i
Table of Contents1 Introduction ................................................................................................................................ 1-1
1.1 About the Document ........................................................................................................ 1-11.2 Audience .......................................................................................................................... 1-11.3 How to Get Help .............................................................................................................. 1-11.4 Product Documentation ................................................................................................... 1-1
2 System Overview ...................................................................................................................... 2-12.1 Session2Topology Correlation..................................................................................... 2-12.2 SVM ................................................................................................................................. 2-22.3 SVP .................................................................................................................................. 2-22.4 SVA .................................................................................................................................. 2-2
2.4.1 SVA Standard IP MOS Monitoring ...................................................................... 2-32.4.2 SVA IP MOS Plus Analogue ............................................................................... 2-3
2.5 SVM Dashboard .............................................................................................................. 2-33 Initial System Access ................................................................................................................ 3-1
3.1 1U Server ......................................................................................................................... 3-13.2 2U Server ......................................................................................................................... 3-23.3 CLI Access using the Default IP Address ........................................................................ 3-23.4 CLI Access using the Serial Ports ................................................................................... 3-3
3.4.1 System Serial Ports ............................................................................................. 3-33.4.2 Accessing the CLI from a Serial Port .................................................................. 3-4
3.5 CLI Access using a Monitor and Keyboard ..................................................................... 3-4 4 General System Configuration .................................................................................................. 4-1
4.1 System Configuration Example ....................................................................................... 4-14.1.1 General Configuration ......................................................................................... 4-24.1.2 TACACS Configuration ....................................................................................... 4-44.1.3 Maintenance Window Configuration ................................................................... 4-64.1.4 Host Login Lockout Resolution ........................................................................... 4-6
5 SVM Configuration .................................................................................................................... 5-15.1 SVP Monitoring ................................................................................................................ 5-15.2 Web Server Configuration ............................................................................................... 5-15.3 Alert Notification via SNMP Traps ................................................................................... 5-25.4 Alert Notification via E-mail .............................................................................................. 5-35.5 Software Upgrade ............................................................................................................ 5-4
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
4/23
NetSocket, Inc. - Proprietary and Confidential 1-1
1 IntroductionThe NetSocket solution consists of the Service Visibility Manager (SVM), the Service VisibilityPoint (SVP), and the Service Visibility Analyzer (SVA). This document provides basicdescription of the SVM, SVP, and SVA, as well as a web-based Graphical User Interface (GUI)
called the SVM Dashboard.
1.1 About the Document
This Configuration Guide describes the steps used to configure the NetSocket visibility solution.
A brief overview of the solution at the beginning of the document is followed by configurationexamples.
1.2 Audience
The Configuration Guide is intended for the individuals tasked with the turn-up and
configuration of the SVM, SVP, and SVA in the customers network.
1.3 How to Get Help
To receive technical support, contact NetSocket in one of the following ways:
NetSocket technical support e-mail address: [email protected]
Visit the NetSocket Support Portal at http://www.support.netsocket.com.
1.4 Product Documentation
Following is the list of all documents included into the product documentation suite:
Software Release Notes
Installation Guide contains installation procedures.
User Guide contains description and explanation of the SVM, SVP, and SVA
functionality. The User Guide is intended for SVM Dashboard users.
SVM Configuration Guide contains details and examples of the commands used to
configure an SVM.
SVP Configuration Guide contains details and examples of the commands used to
configure an SVP.
SVA Configuration Guide contains details and examples of the commands used to
configure an SVA. Command Reference contains CLI command definitions.
SVM SNMP Reference contains information about NetSockets proprietary MIBs and
SNMP Traps.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
5/23
NetSocket, Inc. - Proprietary and Confidential 2-1
2 System OverviewThe NetSocket Visibility Solution provides real-time IP service assurance in Fixed MobileConvergence (FMC), IP MPLS, and Enterprise environments by performingSession2Topology correlation for real-time IP services such as VoIP and Video.
The solution consists of three system types:
The Service Visibility Manager (SVM) is an element management system for the SVPsand SVAs. The SVM provides a web based GUI, called the Dashboard, used to monitorthe NetSocket Visibility Solution.
The Service Visibility Point (SVP) is a server appliance that monitors the layer-3 IPnetwork and the layer-4 session signaling.
The Service Visibility Analyzer (SVA) is a server appliance that monitors and analyzesRTP media streams associated with the sessions monitored by the SVP.
The NetSocket Visibility Solution works in a hierarchical model where one SVM monitors one ormore SVPs and an SVP can monitor zero or more SVAs. After the initial configuration, the user
accesses and monitors the entire solution via the SVM Dashboard.
This chapter provides a functional overview of the SVM, the SVP and the SVA. The following
topics are covered within this chapter:
Session2Topology Correlation
SVM
SVP
SVA
SVM Dashboard
2.1 Session2Topology CorrelationAs the name suggests, this key technology automatically correlates the real-time state and
changes in the IP network to the individual sessions being carried through that network. Inreal-time, the NetSocket solution knows the exact hop-by-hop path of any session, and canidentify what network event has impacted, or is impacting, that session. Further, this same
knowledge is used to proactively alert the service manager to changes in network configurationthat can impact the traffic on the network.
Unique aspects of the Session2Topology correlation engine include:
Works in real time to create a service assurance mashup, providing a dynamic "map" of
the network onto which media and application/service information is correlated.
Monitors the network without imposing any burden on the deployed network nodes, such
as routers; it passively participates in the routed network using standard IP routing
protocols.
The results of the Session2Topology correlation are presented in the Quality of SessionRecord (QSR).
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
6/23
System Overview
NetSocket, Inc. - Proprietary and Confidential 2-2
2.2 SVM
The Service Visibility Manager is a management node for the SVPs and SVAs deployed in a
network. For each application, the SVM provides metrics applicable to that application. Inaddition, the SVM provides Fault, Configuration, Accounting, Performance, and Security
(FCAPS) management for the SVPs deployed. The SVM receives operational information fromall the SVPs within the network, which is then displayed on the SVM Dashboard. An industrycompatible Command Line Interface (CLI) is also supported by the SVM. The CLI is used forconfiguration and maintenance. A user can access the CLI remotely through the SVMsEthernet ports, or locally through the console serial ports.
Remote CLI access is through SSH or Telnet. CLI access authentication and authorization can
be enabled via RADIUS or TACACS+. Further, the solution allows a user to configure accesslists to filter incoming or outgoing traffic on any interface.
SNMP traps can be used to provide the operators NMS/OSS with SVM fault/alarm information.
The SVM supports SNMP v1 and v2c for this purpose.
2.3 SVPThe Service Visibility Point provides a way to monitor user traffic (i.e., sessions) in a routed IP
network, giving carriers the power to understand how these sessions traverse their IP networks.It determines the paths taken by sessions through an IP network, stores information pertainingto the sessions, and provides real-time and historical operational statistics for the network. With
this understanding, service providers can quickly identify and rectify issues, increaseoperational efficiency, and improve customer satisfaction.
The SVP learns network topology and status of available network resources by using standard
IP routing protocols, such as OSPF and BGP, and by collecting information from the monitoredrouters using SNMP and CLI. The SVP passively monitors signaling information exchanged
with the session control node (e.g., Femtocell Gateway in a Femtocell deployment, a CallController in a VoIP deployment, etc.) to obtain real-time session information. This information
is correlated to the IP network topology monitored in real-time by the SVP. This correlation iscalled Session2Topology correlation, and is key to the network visibility provided by the
NetSocket solution.
As sessions are established and released, the SVP maintains operational metrics about eachsession. If these metrics deviate outside the normal operational range (based on user definedthresholds), the SVP alerts the Operations team of potential problems and provides a list of
affected sessions. This allows proactive management of the network and can significantlyreduce the Mean Time to Isolate (MTTI) in problem resolution.
2.4 SVAThe Service Visibility Analyzer analyzes voice and video RTP streams associated with thesessions monitored by an SVP. Each SVA provides four 10/100/1000 Ethernet monitoring
interfaces or two 10-Gigabit Ethernet monitoring interfaces. The SVA can be deployed with twodifferent monitoring configurations: standard IP MOS monitoring and IP monitoring plus
analogue analysis.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
7/23
System Overview
NetSocket, Inc. - Proprietary and Confidential 2-3
2.4.1 SVA Standard IP MOS Monitoring
The SVA Standard IP MOS Monitoring configuration analyzes RTP streams for degradationthat can be attributed directly to the IP network. The metrics are independently collected oneach monitoring interface. The SVA calculates interval metric values every 30 seconds and atthe end of the session. Cumulative metrics are also provided, which are calculated over the
entire session. It is important to note that the interval and cumulative metrics are doneindependently. The cumulative metrics are not averages of the interval metrics.
Cumulative metrics are also calculated for any Call Hold and Re-invite scenarios that occurfollowing call establishment.
2.4.2 SVA IP MOS Plus Analogue
The SVA IP MOS Plus Analogue configuration analyzes both directions of the G.711 A-law andG.711 -law RTP streams associated with a call. Therefore, unlike the standard configuration,RTP streams for all configured interfaces are analyzed as a whole. Duplication of streamsacross multiple interfaces must be avoided so that accurate results can be calculated. In this
configuration, the SVA reports the standard IP MOS monitoring metrics as well Signal to Noise
and Echo. The reporting of the standard IP MOS monitoring metrics is the same as described inthe SVA Standard IP MOS Monitoring section above. The Signal to Noise and Echo
calculations are performed over a subset of the entire call according to the media analysisconfiguration command on the SVA. The results are reported as part of the cumulative IP MOS
metrics.
2.5 SVM Dashboard
The SVM contains a web server to enable access to the SVM Dashboard using industry
standard web browsers such as Firefox and Internet Explorer. The Dashboard can be accessedfrom any personal workstation within an operators network where the SVM is deployed. It
presents information about the SVM-monitored domain in an easily understood and meaningful
format and allows a user to run various searches and reports, while analyzing a network issue.
The SVM Dashboard presents information about SVPs, SVAs and the operators network in
both tabular and graphical formats.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
8/23
NetSocket, Inc. - Proprietary and Confidential 3-1
3 Initial System AccessThe SVM, SVP, and SVA systems are delivered with the NetSocket software installed but willneed to be configured before they are placed in service. The systems are configured using acommand line interface (CLI) which is typically accessed via SSH or Telnet using the IP
address assigned to the management interface. However, during the initial configuration thisinterface will not have an IP address that is accessible on the management network. The
following sections describe how to access the CLI using the default IP address, the serial ports,and a monitor and keyboard. The figures and table below show the connection points used to
access the CLI using these three methods.
3.1 1U Server
Figure 3-1 - 1U Server Rear Panel Connection Points
Table 3-1 2U Server CLI Access Connection Points
Letter Location Description
A Rear Panel Serial port
B Rear Panel VGA connector
C Rear Panel USB ports
D Rear Panel Management interface (nnet0)
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
9/23
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-2
3.2 2U Server
Figure 3-2 U2 Server Front Panel Connection Points
Figure 3-3 U2 Server Rear Panel Connection Points
Table 3-2 2U Server CLI Access Connection Points
Letter Location Description
A Front Panel Serial port
B Front Panel USB port
C Rear Panel Serial port
D Rear Panel VGA connector
E Rear Panel USB ports
F Rear Panel Management interface (nnet0)
3.3 CLI Access using the Default IP Address
The NetSocket systems ship with a default IP address of 192.168.0.1 and network mask of255.255.255.0 configured on the management interface. To access the CLI using the default
IP address, connect a PC or laptop directly to the management port using an Ethernet cable.The network interface on the PC or laptop should be configured with a static IP address of
192.168.0.2 and a network mask of 255.255.255.0. Once this interface has been configuredthe system will be reachable via SSH or Telnet using the IP address 192.168.0.1.
Opening an SSH or Telnet connection to the default IP address will display the CLI loginprompt. The default login credentials are username admin and password adminn.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
10/23
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-3
3.4 CLI Access using the Serial Ports
3.4.1 System Serial Ports
The 1U servers have a single serial port located on the rear panel. The 2U servers have two
serial ports; one on the front panel and one at the rear panel. Connections can be made toeither the front or the rear port. However, if the front panel serial port is used the rear serial
port is deactivated. Both ports cannot be used at the same time. The serial ports have 8-pinRJ-45 connectors.
The table below lists the pinout for the front and back panel serial port connectors.
Table 3-3 - Serial Port Pinout
Pin Signal
1 RTS (Request to Send)
2 DTR (Data Terminal Ready)
3 TXD (Transmit Data)
4 GND
5 RIA (Ring Indicator)
6 RXD (Receive Data)
7 DSR/DCD (Data set Ready / Data Carrier Detect
8 CTS (Clear to Send)
To connect a PC to the system a RJ-45 to DB-9 adapter will be required. The pinout for this
adapter is provided in the table below.
Table 3-4 - RJ-45 to DB-9 Adapter Pinout
SVM/SVP/SVA RJ-45 Serial Port PC DB-9 Serial PortSignal Pin Pin Signal
RTS 1 8 CTS
DTR 2 6 DSR
TXD 3 2 RXD
GND 4 5 GND
RIA 5 5 GND
RXD 6 3 TXD
DSR/DCD 7 4 DTR
CTS 8 7 RTS
The serial port on the NetSocket servers has the same pinouts as Cisco routers and switches.
Therefore, console cables that can be used to connect to a Cisco device may also be used toconnect to a NetSocket server. Note that the NetSocket serial port uses a higher baud rate
than Cisco devices as shown in the table below.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
11/23
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-4
The following table provides the terminal settings used to connect to the serial ports.
Table 3-5 - Serial Port Terminal Settings
Setting Value
Baud Rate 115200
Data Bits 8
Parity None
Stop Bits 1
Flow Control RTS/CTS
3.4.2 Accessing the CLI from a Serial Port
After connecting to one of the serial ports, pressing the enter key will cause the system shelllogin prompt to be displayed. The default login credentials are username admin and passwordadminn. Once the shell prompt (%) is displayed, type cli to enter the CLI. The default
username and password are also used to login to the CLI. At the initial CLI prompt (>) type
enable to enter enable mode.
By default, the console uses a terminal length of 25 lines. If you are using a terminal windowwith more than 25 lines, you will need to set the terminal length so the paging behavesproperly. This can be accomplished using the terminal length CLI command.
3.5 CLI Access using a Monitor and Keyboard
The CLI can also be accessed using a monitor and USB keyboard. The monitor should beconnected to the VGA connector on the rear panel. The USB keyboard can be connected toany of the USB connectors on the front or rear panels.
After the keyboard is connected, pressing the enter key will cause the CLI login prompt to bedisplayed. The default login credentials are username admin and password adminn. At theinitial CLI prompt (>) type enable to enter enable mode.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
12/23
NetSocket, Inc. - Proprietary and Confidential 4-1
4 General System ConfigurationWhen the system is delivered it may not contain information specific to the deployment site;specifically the system's IP address. Therefore, these commands may need to be issued usingthe console port connection.
This chapter identifies the initial configuration steps common to the SVM, SVP, and SVA. The
information is presented according to configuration tasks. The first section of the chapter givesan example configuration. The syntax for the CLI commands used in the exampleconfigurations are defined in the SVSS Command Reference document.
Note that the configuration changes will not be persistent across a system reboot until theconfiguration is saved using the copy running-config startup-config command.
4.1 System Configuration Example
This section contains configuration necessary for initial turn-up of the SVM, SVP, and SVA.
Figure 4-1 - System Configuration Example Network
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
13/23
General System Configuration
NetSocket, Inc. - Proprietary and Confidential 4-2
4.1.1 General Configuration
Commands
The table below lists the commands used for general system configuration.
Command Description
clock summer-time Configure daylight savings time
clock timezone Configure the time zone
hostname Configuration hostname
interface Configure interface settings.
ip address Configure interface IP address.
ip domain-name Sets the default domain name.
ip name-server Sets the domain name server.
ip route Provisions static route as needed for connectivity.
ntp server Provisions the system to get its timing from an NTP server
rcp-reboot Reboot the system so that SV specific configuration takes
effect.
rcp-shutdown Shuts the system down and powers it off
speed Configure interface speed (optional)
sv-config Provision SV specific server configuration.
username Provisions user accounts for CLI and Web only access.
Configuration Example
The example below shows the general configuration on the SVM shown in the SystemConfiguration Example Network above:
The SV config is set to indicate the server performs the SVM function in a VoIP
deployment.
The hostname is set to SVM1.
The system is configured to lookup domain names using a DNS server at 192.168.1.9.
Three user accounts are configured, the CLI admin account, a GUI admin account, and a
standard GUI user account. The user accounts created using the gui keyword cannot be
used to login to the SVM CLI. The GUI admin account is set to privilege level 15 and willenable the user to access the admin functionality in the SVM Dashboard.
An IP address is configured on nnet0, the management interface.
The interface speed is set purely as an example. This is only required for nnet0 or em
interfaces when connected to an interface not running at gigabit speed.
A default route is added to the SVM to route traffic to the default gateway on the
management network.
The system is configured to get its timing from an NTP server at 192.168.1.8
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
14/23
General System Configuration
NetSocket, Inc. - Proprietary and Confidential 4-3
The time zone is set to Central Standard Time (CST) which is -6 hours from UTC
Daylight savings time is set to Central Daylight Time (CDT) which starts at 2:00 am on
March 11th
2012 and ends at 2:00 on November 4th
2012.
sv-config sv-type svm deployment-type voip
!configure terminal
!
hostname SVM1
!
ip domain-name netsocket.com
ip name-server 192.168.1.9
!
username admin password clipassword
username guiadmin privilege 15 password guipassword gui
username guiuser password userpassword gui
!
interface nnet0ip address 192.168.1.2/24
speed 1000
exit
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ntp server 192.168.1.8
!
clock timezone CST -6
!
clock summer-time CDT date Mar 11 2012 02:00 Nov 04 2012 02:00 60
!
end
!
copy running-config startup-config
!
rcp-reboot now
Note: The general configuration for the SVP and SVA are the same as the example above,
however, the SVP and SVA do not require GUI users to be configured.
Note: To function properly, the timing on the SVM must be synchronized with all monitored
SVPs and SVAs as well as the computer running the web browser connected to the SVMDashboard. It is recommended that all systems get timing from a common NTP server as
shown in the example above. An alert will be declared via the SVM if any monitored SVP orSVA is not synchronized.
Note: The reboot is required in order for the SV configuration to take effect.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
15/23
General System Configuration
NetSocket, Inc. - Proprietary and Confidential 4-4
4.1.2 TACACS Configuration
The previous section showed how to configure the CLI and user accounts using the localdatabase. TACACS can be configured as the primary means for user authentication andauthorization. The local database can be used in the event that the TACACS server isunavailable.
As discussed above there are two types of accounts: CLI accounts and GUI accounts. The
authorization for CLI accounts must be specified in the TACACS configuration file. The GUIaccounts should not be given any authorization. This will allow them to be authenticated by theWEB server and will prohibit them from using the CLI. The GUI administrator account stillrequires being entered via the CLI since the WEB server requires a local database todistinguish this user from other GUI users. However, the password authentication will still be
done via TACACS. Also it is suggested that the CLI administrator account be provisionedlocally in case the TACACS service is unavailable.
Note: The tacacs-server command could use the server name instead of an IP address as
shown in the example to allow for redundancy in the event of failures.
The username commands below replace the username commands in the previous example.
Commands
Command Description
aaa authentication login Configures the SV node to authentication for user logins.
aaa authorization exec Creates the default EXEC authorization list.
aaa new-model Enables creation of the aaa authentication and
authorization.
tacacs-server host Configure TACACS server and encryption key.
username Provisions user accounts for CLI and Web only access.
Configuration Example
The example below shows the general configuration on the SVM.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
16/23
General System Configuration
NetSocket, Inc. - Proprietary and Confidential 4-5
configure terminal
!
username admin password clipassword
username guiadmin privilege 15 password guipassword gui
!
tacacs-server host 192.168.1.10 key cle_tacacs
!
aaa new-model
aaa authentication login default tacacs+ local
aaa authorization exec default tacacs+ local
end
copy running-config startup-config
NOTE: the addition of local keyword following tacacs+ allows the SVM to use the localdatabase in the event that communication with the TACACS server is down.
TACACS Configuration File Example
The example below shows the general configuration on the TACACS server.
# tacacs configuration file
# set the key to match SVMtacacs key
key = cle_tacacs
# CLI admin account
user = admin {
default service = permit
login = cleartextclipassword
}
# GUI admin account required for authentication no authorization
user = guiadmin {
default service = deny
login = cleartextguipassword
}
# Additional gui user only entered here not in CLI
user = guiuser {
default service = deny
login = cleartextuserpassword
}
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
17/23
General System Configuration
NetSocket, Inc. - Proprietary and Confidential 4-6
4.1.3 Maintenance Window Configuration
The system performs daily maintenance activities. This command configures the time thisactivity should be performed and should coincide periods the network activity is expected to belight.
Commands
Command Description
maintenance-window Provision daily time period monitored network is expected to
be quiescent.
Configuration Example
The following example configures the maintenance window to be between 2:15 am and 3:15am.
configure terminalmaintenance-window start-time 02:15 end-time 03:15
end
copy running-config startup-config
4.1.4 Host Login Lockout Resolution
User login via telnet and SSH are monitored to thwart access by unauthorized personnel. If sixconsecutive login failures are detected from the same host machine, the system will lockoutsubsequent login connections from that IP address. The lockout persists until cleared via a CLI
command.
Commands
Command Description
show host-login-lockout Command displays host IPs that have been locked out from
further access.
clear host-login-lockout Clear lockout for host.
Command Example
The following example demonstrates how these commands can be used to clear a lockout.
show host-login-lockout
10.0.0.5 4 consecutive failures
10.0.0.6 locked out
clear host-login-lockout 10.0.0.6
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
18/23
NetSocket, Inc. - Proprietary and Confidential 5-1
5 SVM Configuration
5.1 SVP Monitoring
The SVM must be configured to monitor one or more SVPs. The SVM will only collect anddisplay information from SVPs that it is configured to monitor. Each SVM can monitor up to 10
SVPs.
Commands
The table below lists the commands necessary to configure the SVM to monitor one or moreSVPs.
Command Description
rcpm monitor Provision SVP that this SVM is supposed to monitor.
Configuration Example
The following example configures the SVM to monitor an SVP with the IP address 192.168.1.3.
configure terminal
rcpm monitor rcp-ip-address 192.168.1.3
end
copy running-config startup-config
5.2 Web Server ConfigurationCommands
The table below lists the commands necessary to configure the SVM web server.
Configuration Example
The example below shows the web server configuration on the SVM for the network shown inthe SVM Configuration Example Network above:
The SSL certificate is installed. The SSL certificate files are provided by the user and
must be named netsocket.crt and netsocket.key. Prior to executing the ssl-certificate-
install command the SSL certificate files must be copied to the SVM using the copy
command. In this example, the files are available on an FTP server with the IP address
192.168.1.5.
Command Description
enable service http Start web server process and enable external access.
ssl-certificate install Install SSL certificate files to be used by web server.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
19/23
SVM Configuration
NetSocket, Inc. - Proprietary and Confidential 5-2
The http service is enabled so users can connect to the SVM Dashboard
copy ftp://username:[email protected]/netsocket.crt ftproot:
copy ftp://username:[email protected]/netsocket.key ftproot:
!
ssl-certificate-install!
configure terminal
enable service http
end
copy running-config startup-config
5.3 Alert Notification via SNMP Traps
Commands
The table below lists the commands necessary to configure the SVM to generate SNMP trapsto an NMS.
NOTE: Several of the traps are generated when alerts are received from the monitored SVPs.The SVP only generates alerts that are enabled by configuration. See the SVP ConfigurationGuide for more information on how to configure alert thresholds.
Command Description
snmp-server enable traps Enable traps to be sent.
snmp-server-host Provision hosts to whom the SVM should send traps.
Configuration Example
The following example configures the SVM to send SNMP traps to an EMS with the IP address
192.168.1.7.
configure terminal
snmp-server enable traps rcpm
snmp-server host 192.168.1.7 traps version 2c public udp-port 162 rcpm
end
copy running-config startup-config
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
20/23
SVM Configuration
NetSocket, Inc. - Proprietary and Confidential 5-3
5.4 Alert Notification via E-mail
Commands
The table below lists the commands necessary to configure sending alert notifications via e-
mail.
NOTE: Several of the traps are generated when alerts are received from the monitored SVPs.The SVP only generates alerts that are enabled by configuration. See the SVP Configuration
Guide for more information on how to configure alert thresholds.
Configuration Example
The example below configures the SVM to send email notification of alerts. The example usesdomain name of enterprise.com. The alert emails will be sent with a From ID of
[email protected]. The SVM is configured to send alert emails to two email accounts,[email protected] and [email protected]. The send-alert command that followssaving the running configuration will send a test e-mail to both users with the subject line InitialInstall Test Email.
configure terminal!
hostname NYSVM
!
ip domain-name enterprise.com
ip name-server 10.25.15.9
!
send-alert user-email [email protected]
send-alert user-email [email protected]
!
enable service e-mail domain-name enterprise.com
!
end
copy running-config startup-config
!
send-alert mail-test subject "Initial Install Test Email"
Command Description
enable service e-mail Start e-mail server to handle outbound e-mail requests.
ip domain-name Name of domain.
ip name-server IP address of domain name server.
send-alert user-email E-mail address of user that should receive alert. This
command can be entered up to 25 times.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
21/23
SVM Configuration
NetSocket, Inc. - Proprietary and Confidential 5-4
5.5 Software Upgrade
A software upgrade consists of the following three steps:
1. Copy the software load to the swdepot directory on the SVM2. Upgrade the SVPs and SVAs via the SVM Dashboard
3. Upgrade the SVM via the SVM CLI
Software upgrade of the SVPs and SVAs (step 2 in the list above) is done using the SVMDashboard which is executed from a browser. The procedure is explained in the SVSS UserGuide.
Steps 1 and 3 are performed using the SVM CLI and are explained in the sections below.
The SVM upgrade is done from the SVM CLI since the Web Server is halted as part of the
upgrade process making it impossible to monitor the progress of the upgrade from the browser.
Commands
The table below lists the commands used in the Software Upgrade
Command Description
copy Copy the software package to the swdepot directory in
preparation for the upgrade
dir Lists files in a directory
install Install the software on the system
Copy Command Example
The following example assumes the NetSocket software is available via ftp on 192.168.1.5.
copy ftp://user:[email protected]/netsocksw-1.9.0.0.0.0-2012Feb21.tgz swdepot:
Connected to 192.168.1.5.
220 swdepot.netsocket.com FTP server (Version 6.00LS) ready.
331 Guest login ok, send your email address as password.
230 Guest login ok, access restrictions apply.
200 Type set to I.
250 CWD command successful.
Local directory now /
local: netsocksw-1.9.0.0.0.0-2012Feb21.tgz remote: netsocksw-1.9.0.0.0.0-
2012Feb21.tgz
200 PORT command successful.
150 Opening BINARY mode data connection for netsocksw-1.9.0.0.0.0-
2012Feb21.tgz
100% |******************************************************| 391 MB 00:00 ETA
226 Transfer complete.
410715530 bytes received in 44.42 seconds (8.82 MB/s)
221 Goodbye.
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
22/23
SVM Configuration
NetSocket, Inc. - Proprietary and Confidential 5-5
The contents of the swdepot directory can be displayed using the dir command as shown
below.
dir swdepot:
Directory of swdepot:/
-rw- 445997385 Oct 20 20:54:12 2011 netsocksw-1.8.0.5.0.0-2011Oct20.tgz
-rw- 469230902 Feb 21 16:49:06 2012 netsocksw-1.9.0.0.0.0-2012Feb21.tgz
Install Command Example
Note: After entering the install command the system will prompt for confirmation. To continue
the installation type a y as shown below.
install netsocksw-1.9.0.0.0.0-2012Feb21.tgz self
!!!This is an active stand-alone mcp. Enter 'Y/y' to proceed[confirm?(y|n)]y
Installing package [netsocksw-1.9.0.0.0.0-2012Feb21.tgz]Validating package [etsocksw-1.9.0.0.0.0-2012Feb21]
needs 413601274 bytes in /swdepot partition
Unpacking sub-package
Validating package [routerChiaros-1.9.0.0.0.452-2012Feb21]
needs 8929 bytes in / partition
needs 43543689 bytes in /swdepot partition
Unpacking sub-package
...
7/31/2019 R1.9 Service Visibility Manager Configuration Guide
23/23