Nortel Contivity VPN Switches

Similar documents
Cisco CallManager. Management Module Guide. Document 5116

Broadband Service Containers

Getting Started with SPECTRUM for Operators

SPECTRUM Web Operator

SPECTRUM Alarm Notification Manager (SANM)

Alarm Notification Manager

Enterprise Alarm Manager

Avigilon Control Center 5 System Integration Guide

Oracle Communications Performance Intelligence Center

SPECTRUM/Tivoli Gateway User s Guide

Monitor Alarms and Events

Oracle Retail Furniture Retail System (FRS) Pricewriter to Xmargin Guide Release October 2015

Managing Network Alarms and Events

Monitor Alarms and Events

IndigoVision Alarm Panel. User Guide

Milestone SMI Intrepid II Perimeter Module 1.1 User s Manual

Using ANM Mobile CHAPTER

Contact Product Manager, with details of the application.

Making the Most of Alarms

Enterprise Alarm Manager UserÕs Guide

Front page TBA from Marketing. Network and Device Monitoring. Starter Kit

Avigilon System Integration Guide. Avigilon Control Center with AMAG Symmetry Security Management System 7.0

IndigoVision. GAI-Tronics Integration Module. Administrator's Guide

Avigilon Control Center 5 System Integration Guide

CompleteView Alarm Client User Manual. CompleteView Version 4.6.1

Alarm Client. Installation and User Guide. NEC NEC Corporation. May 2009 NDA-30364, Revision 9

Avigilon Control Center 5 System Integration Guide. with STENTOFON AlphaCom. INT-STENTOFON-C-Rev1

Simplex Panel Interface Guide

Oracle Retail Merchandising System Release Notes Release 12.0 May 2006

Notice... 1 Trademarks... 1 US Patent Numbers... 1 Technical Services Contact Information... 2 Document Conventions... 2 Warranty...

Configuring and Monitoring Alarm

FortiNAC. Lightspeed Single Sign-On Integration. Version: 8.x Date: 8/29/2018. Rev: B

Avigilon Control Center System Integration Guide

Aprilaire WiFi Thermostat Module Application Guide

Monitoring Operator Guide. Access Control Manager Software Version

Figure 1. Proper Method of Holding the ToolStick. Figure 2. Improper Method of Holding the ToolStick

FiRe mobile-2 Operation Manual

Avigilon System Integration Guide. for the Avigilon Control Center and Access Control Manager

AXIS SNMP MIB. User Manual

Avigilon Control Center System Integration Guide

AUTOMATION. Operator s Manual RST Series Web Enabled Input Module. Rev. A2, 1/12

Managing Network Alarms and Events

Oracle Retail Merchandise Financial Planning

BlackBerry AtHoc Networked Crisis Communication Siemens Indoor Fire Panel Installation and Configuration Guide Release Version 7.

Before you install ProSeries Express Edition software for network use

Avigilon System Integration Guide. for the Avigilon Control Center and Access Control Manager

Oracle Communications Performance Intelligence Center

SimpleComTools, LLC 1

Operation Manual Fighter ProVision Software. Version: 0.0 Revision: 1

Supervisor Standard Edition

OnGuard 7.2 Resolved Issues

System Requirements and Supported Platforms for Oracle Real-Time Decisions Applications. Version May 2008

UNC100 Integra Manual

Avigilon Control Center 5 System Integration Guide

MultiSite Manager. Setup Guide

System 800xA Operations

Bosch TCU Integration Module Administrator's Guide

Universal Monitoring System. Model IMEC8A. User Manual Version 1.10 Software version 2.3.1

Oracle Communications Network Charging and Control

HikCentral Web Client. User Manual

Avaya Proactive Contact Release 5.x

Millennium Xtra. Millennium ATMA setup and configuration guide. May Millennium Group, Inc.

HSIM Crestron Module Version 1 Application Guide

JOVY SYSTEMS RE User Manual Rev. 1.00

Raytec Avigilon Integration User Guide Integrating Raytec Network Illuminators with Avigilon Control Center Document Revision 2.0

Alarm Manager Plug-in

Patriot Systems Limited

ArchestrA Direct Connect

HikCentral Web Client. User Manual

ModSync Sequencing System Installation & Operation Manual. For use with Fulton Steam Boilers.

[ [ ADMIN PANEL USER GUIDE

Remote / Network Control for Rack Cabinet Access - DL Series

Proliphix. Remote Management. User Guide

DR Series Appliance Cleaner Best Practices. Technical Whitepaper

MULTISITE. Multisite Activation. Microsoft Dynamics AX White Paper

GE Security. Challenger V8 & V9. User Manual

Certified Solution for Milestone

MODEL 5100 BROADBAND ALARM COMMUNICATOR INSTALLATION & USER S GUIDE PRODUCT ID #

Sensor Cloud User Manual

Applying the Patch Release

RADview-EMS/TDM. Element Management System for TDM Applications Optimux RAD Data Communications Publication 07/04

HERCULES 6 GRAPHICS SYSTEM

Hardware and Software Requirements

IndigoVision. Gallagher Integration Module. Administrator's Guide

Added password for IP setup page : Password must be in IP format!

MPL3115A2 Sensor Toolbox User s Guide

Manage Alert Rules & Teams

Patriot Systems Limited

LineGuard 2300 Program User Manual (FloBoss 107)

Application Notes for Configuring NovaLink NovaAlert SIP with Avaya IP Office Issue 1.0

Setting up and Managing Alarms in McAfee ESM 10.x

Centroid Snet 2. Battery Management Software. User Manual V1.1. Eagle Eye Power Solutions, LLC Keeping an Eye on Your Critical Power!

Apertum. Working with the Alarm Module. How to define and configure alarms How to visualize and recognize alarms. Airviro User s Reference.

Halton SAFE / 7.14 user guide and installation instructions

Advantium 16 System Monitor

Managed Devices and Endpoints

Room Alert. Room Alert 32E/W, 12E, 4E & 3E. Temperature & Environment Monitoring... Made Easy! User s Guide & Reference Manual

Advanced Autodesk Authorized Training Courseware (AATC) AutoCAD. Architecture 2009

Smartphone Application Development Guide for BatteryMole Bluetooth Battery Monitoring System for Automobiles (BMBT)

Ambient Temperature/ Relative Humidity & Dew Point Temperature Sensors to USB Output. Model LFS108B

Transcription:

Notice Copyright Notice Copyright 2002-present by Aprisma Management Technologies, Inc. All rights reserved worldwide. Use, duplication, or disclosure by the United States government is subject to the restrictions set forth in DFARS 252.227-7013(c)(1)(ii) and FAR 52.227-19. Liability Disclaimer Aprisma Management Technologies, Inc. ( Aprisma ) reserves the right to make changes in specifications and other information contained in this document without prior notice. In all cases, the reader should contact Aprisma to inquire if any changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice. IN NO EVENT SHALL APRISMA, ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF APRISMA HAS BEEN ADVISED OF, HAS KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES. Trademark, Service Mark, and Logo Information SPECTRUM, IMT, and the SPECTRUM IMT/VNM logo are registered trademarks of Aprisma Management Technologies, Inc., or its affiliates. APRISMA, APRISMA MANAGEMENT TECHNOLOGIES, the APRISMA MANAGEMENT TECHNOLOGIES logo, MANAGE WHAT MATTERS, DCM, VNM, SpectroGRAPH, SpectroSERVER, Inductive Modeling Technology, Device Communications Manager, SPECTRUM Security Manager, and Virtual Network Machine are unregistered trademarks of Aprisma Management Technologies, Inc., or its affiliates. For a complete list of Aprisma trademarks, service marks, and trade names, go to: http://www.aprisma.com/manuals/trademark-list.htm All referenced trademarks, service marks, and trade names identified in this document, whether registered or unregistered, are the intellectual property of their respective owners. No rights are granted by Aprisma Management Technologies, Inc., to use such marks, whether by implication, estoppel, or otherwise. If you have comments or concerns about trademark or copyright references, please send an e-mail to spectrum-docs@aprisma.com; we will do our best to help. Restricted Rights Notice (Applicable to licenses to the United States government only.) This software and/or user documentation is/are provided with RESTRICTED AND LIMITED RIGHTS. Use, duplication, or disclosure by the government is subject to restrictions as set forth in FAR 52.227-14 (June 1987) Alternate III(g)(3) (June 1987), FAR 52.227-19 (June 1987), or DFARS 52.227-7013(c)(1)(ii) (June 1988), and/or in similar or successor clauses in the FAR or DFARS, or in the DOD or NASA FAR Supplement, as applicable. Contractor/manufacturer is Aprisma Management Technologies, Inc. In the event the government seeks to obtain the software pursuant to standard commercial practice, this software agreement, instead of the noted regulatory clauses, shall control the terms of the government's license. Virus Disclaimer Aprisma makes no representations or warranties to the effect that the licensed software is virus-free. Aprisma has tested its software with current virus-checking technologies. However, because no antivirus system is 100-percent effective, we strongly recommend that you write protect the licensed software and verify (with an antivirus system with which you have confidence) that the licensed software, prior to installation, is virus-free. Contact Information Aprisma Management Technologies, Inc., 273 Corporate Drive, Portsmouth, NH 03801 USA Phone: 603.334.2100 U.S. toll-free: 877.468.1448 Web site: http://www.aprisma.com Page 2

Contents Notice... 2 Preface... 6 Intended Audience... 6 How to Use This Guide... 6 Text Conventions... 7 Document Feedback... 7 Online Documents... 7 Required Reading... 8 Overview... 9 Device Support...10 Model Types...11 Firmware Information...11 Application Support...11 Device MIB Support...12 Traps, Events, and Alarms... 13 Trap Support - ContivityVPNII...13 Trap Support - ContivityVPN...14 Trap Processing...14 Notes...22 Event Frequency...22 VPN Status... 31 Tunnel Interface Filtering... 32 Purpose...32 Enabling and Disabling Tunnel IF Filtering...32 Contivity Enhancements for 6.6 Service Pack 3... 34 Modeling of Tunnel Interfaces...34 Tunnel Interface "Stacking"...34 Page 3

Automatic Connectivity Mapping...34 Interface Model Identification...35 Interface Model Aging...35 Link Down Trap Correlation...35 Status Monitoring of Tunnel Interfaces...36 Recommendations for Management of Contivity Devices with SPECTRUM... 37 Contivity Management Settings...37 Enable Tunnel MIB...37 Enable Link Up/Down Traps...37 Nail-Up Your Monitored Tunnels...37 SPECTRUM Management Settings...38 Automatically Reconfigure Interfaces...38 Reconfigure on LINK change...38 Discovery after Reconfigure...38 Create Sub-Interfaces...38 Suppress Linked Port Alarms...38 Contivity Fault Scenarios... 39 Key...39 Two Link Down Traps For One Down Tunnel...40 Loss of Contact and Link Down Trap...41 Physical Port Down, Loss of Contact, and Link Down Traps...42 Loss of Contact to Whole Network...43 66 SP3 Upgrade Considerations... 44 Reconfiguring Existing Device Models...44 Known Anomalies... 45 Create Sub-Interface Changes...45 Autodiscovery and Public Addresses...45 Port Aging is not Aggressive...45 Web Administration... 47 Page 4

Index... 48 Page 5

Preface Welcome to the user guide for SPECTRUM s Nortel Contivity VPN (SM-NTL1004) management module. Please take a moment to read through this short preface, which explains how the information in this guide is organized and presented and lets you know how to access information about other SPECTRUM products. In This Section Intended Audience How to Use This Guide Text Conventions [Page 7] Document Feedback [Page 8] Online Documents [Page 8] Required Reading [Page 8] Intended Audience This guide is intended for users of SPECTRUM s Nortel Contivity VPN management module. How to Use This Guide Use this guide as a reference for managing the Nortel devices described on [Page 9] with SPECTRUM management module SM-NTL1004. The guide is organized as follows: Overview [Page 9] Traps, Events, and Alarms [Page 12] VPN Status [Page 30] Tunnel Interface Filtering [Page 31] Contivity Enhancements for 6.6 Service Pack 3 [Page 33] Page 6

Recommendations for Management of Contivity Devices with SPECTRUM [Page 36] Contivity Fault Scenarios [Page 38] 66 SP3 Upgrade Considerations [Page 43] Known Anomalies [Page 44] Web Administration [Page 46] Only information specific to SM-NTL1004 is included in this guide. For general information about device management using SPECTRUM and explanations of SPECTRUM functionality and navigation techniques, refer to the topics listed under Required Reading [Page 8]. Text Conventions The following text conventions are used in this document: Element Convention Used Example User-supplied parameter names Courier and Italic in angle brackets <>. The user needs to type the password in place of <password>. On-screen text Courier The following line displays: path= /audit User-typed text Courier Type the following path name: C:\ABC\lib\db Cross-references References to SPECTRUM documents (title and number) Functionality enabled by SPECTRUM Alarm Notification Manager (SANM) Underlined and hypertextblue Italic SANM in brackets []. See Document Feedback [Page 8]. SPECTRUM Installation Guide (9030675) [SANM] AGE_FIELD_ID Page 7

Document Feedback Please send feedback regarding SPECTRUM documents to the following e-mail address: spectrum-docs@aprisma.com Thank you for helping us improve our documentation. Online Documents SPECTRUM documents are available online at: http://www.aprisma.com/manuals Check this site for the latest updates and additions. Required Reading To use this documentation effectively, you must be familiar with the information covered by the SPECTRUM documents listed below. Getting Started with SPECTRUM for Operators (1763) Getting Started with SPECTRUM for Administrators (0985) How to Manage Your Network with SPECTRUM (1909) SPECTRUM Views (2517) SPECTRUM Menus (2519) SPECTRUM Icons (2518) Application View and MIBs (2560) SPECTRUM Software Release Notice (0743) Page 8

Overview This section introduces the SPECTRUM documentation for the Contivity series of VPN devices manufactured by Nortel. In This Section Device Support [Page 9] Firmware Information [Page 10] Application Support [Page 10] Device MIB Support [Page 11] Device Support SPECTRUM management module SM-NTL1004 currently provides modeling for the following Nortel Contivity devices. Table 1: Supported Devices, Firmware, and Model Type Device Firmware Revision Model Type Contivity 100 Instant Internet 7.11 and 7.2 ContivityVPNII Contivity 200 Instant Internet 7.11 and 7.2 ContivityVPNII Contivity 400 Instant Internet 7.11 and 7.2 ContivityVPNII Contivity 600 Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity 1000 Contivity Extranet Switch 4.05, 4.06, and 4.5 ContivityVPN Contivity 1010 Contivity 1050 Contivity 1100 Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity 1500 Contivity Extranet Switch 4.05, 4.06, and 4.5 ContivityVPN Contivity 1600 Contivity 1700 Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity 2000 Contivity Extranet Switch 4.05, 4.06, and 4.5 ContivityVPN Contivity 2500 Contivity Extranet Switch 4.05, 4.06, and 4.5 ContivityVPN Page 9

Device Firmware Revision Model Type Contivity 2600 Contivity 2700 Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity 4000 Contivity Extranet Switch 4.05, 4.06, and 4.5 ContivityVPN Contivity 4500 Contivity 4600 Contivity 5000 Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124* ContivityVPN *Firmware version 4_80.124 is supported in SPECTRUM versions 6.6 SP5 and above. Model Types The model types for models of Nortel Contivity devices are ContivityVPN and ContivityVPNII (see Table 1). Firmware Information This management module was certified against Instant Internet 7.11 and 7.2 as well as Contivity Extranet Switch 4.05, 4.06, 4.5, and 4_80.124. See Table 1: Supported Devices, Firmware, and Model Type [Page 9] for a list of devices and the firmware they support. Application Support This management module supports the RFC2667App (IP Tunnel MIB) application. See the Transmission Applications (5064) document for information. Page 10

Device MIB Support Table 2 lists the MIBs supported by this management module. Table 2: Device MIB References Vendor MIBs ces.mib cestraps.mib ces_trapack.mib Standards RFC 1213 MIB2 RFC 1406 DS1-MIB RFC 1514 HOST-RESOURCES-MIB RFC 1724 RIPv2-MIB RFC 1850 OSPF-MIB RFC 2233 IF-MIB RFC 2667 TUNNEL-MIB RFC 2737 ENTITY-MIB RFC 2787 VRRP-MIB Novell-IPX-MIB Novell-RIPSAP-MIB Page 11

Traps, Events, and Alarms This chapter specifies the supported traps for the Nortel Contivity VPN management module and describes how the trap is processed using SPECTRUM events and alarms. Trap Support - ContivityVPNII The following standard traps are supported by the ContivityVPNII model type. See Supported Devices, Firmware, and Model Type [Page 9] for a list of ContivityVPNII devices. Trap Name OID coldstart 0.0 warmstart 1.0 linkdown 2.0 linkup 3.0 authenticationfailure 4.0 egpneighborloss 5.0 Note: The ContivityVPN model type supports coldstart, warmstart, and egpneighborloss as above. ContivityVPN supports linkdown, linkup, and authenticationfailure as described in Table 3: Nortel Contivity Traps [Page 14] and Table 4: Contivity Event Frequency Table [Page 22]. Page 12

Trap Support - ContivityVPN There are two possible trap support configurations that you can use for the Nortel ContivityVPN devices. The default configuration generates an event and sometimes an alarm when one of the supported traps is received. The alternative configuration tracks the rate at which some traps are received, and only generates an alarm if the number of traps exceeds a specified threshold within a certain time frame. Trap Processing When determining the Event ID that should be generated, the intelligence for the ContivityVPN takes into consideration not only the trap OID but also the Alarm Severity varbind sent along with the trap. This allows for a finer resolution of Event ID generation and provides a better alarm criticality assignment to the device model. Table 3: Nortel Contivity Traps [Page 14] shows the events and alarms created by traps defined in the Nortel CONTIVITY-TRAPS-V1-MIB. This is the default trap support configuration. Table 4: Contivity Event Frequency Table [Page 22] shows the Event Frequency [Page 21] rules for the Nortel Contivity devices. This trap support is based on the rate at which certain traps are received. Note: See the Nortel CONTIVITY-TRAPS-V1-MIB for descriptive information about these traps. Page 13

Trap Name OID Trap Varbind Alarm Severity Table 3: Nortel Contivity Traps Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device harddisk1statustrap 1.3.6.1.4.1.2505.1.1.0.1001 WARNING 0x04620000 0x04620000 Yellow Send Once ALERT 0x04620001 0x04620001 Orange N / A harddisk0statustrap 1.3.6.1.4.1.2505.1.1.0.1002 WARNING 0x04620002 0x04620002 Yellow Send Once ALERT 0x04620003 0x04620003 Orange N / A memoryusagetrap 1.3.6.1.4.1.2505.1.1.0.1003 WARNING 0x04620004 0x04620004 Yellow Send Once ALERT 0x04620005 0x04620005 Orange N / A lancardstatustrap 1.3.6.1.4.1.2505.1.1.0.1004 WARNING 0x04620006 0x04620006 Orange Send Once ALERT 0x04620007 0x04620007 Red N / A Unexpected 0x04620049 0x04620049 Yellow N / A cputwostatustrap 1.3.6.1.4.1.2505.1.1.0.1005 ALERT 0x04620008 0x04620008 Red Send Once fanonestatustrap 1.3.6.1.4.1.2505.1.1.0.1006 ALERT 0x04620009 0x04620009 Orange Send Once fantwostatustrap 1.3.6.1.4.1.2505.1.1.0.1007 ALERT 0x0462000a 0x0462000a Orange Send Once Page 14

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device chassisfanstatustrap 1.3.6.1.4.1.2505.1.1.0.1008 ALERT 0x0462000b 0x0462000b Orange Send Once fivevoltsposstatustrap 1.3.6.1.4.1.2505.1.1.0.1009 ALERT 0x0462000c 0x0462000c Orange Send Once fivevoltsminustrap 1.3.6.1.4.1.2505.1.1.0.10010 ALERT 0x0462000d 0x0462000d Orange Send Once threevoltspositivetrap 1.3.6.1.4.1.2505.1.1.0.10011 ALERT 0x0462000e 0x0462000e Orange Send Once twodotfivevatrap 1.3.6.1.4.1.2505.1.1.0.10012 ALERT 0x0462000f 0x0462000f Orange Send Once twodotfivevbtrap 1.3.6.1.4.1.2505.1.1.0.10013 ALERT 0x04620010 0x04620010 Orange Send Once twelvevoltspositvetrap 1.3.6.1.4.1.2505.1.1.0.10014 ALERT 0x04620011 0x04620011 Orange Send Once twelvevoltsminstrap 1.3.6.1.4.1.2505.1.1.0.10015 ALERT 0x04620012 0x04620012 Orange Send Once normaltemperaturetrap 1.3.6.1.4.1.2505.1.1.0.10016 ALERT 0x04620013 0x04620013 Orange Send Once Page 15

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device criticaltemperaturetrap 1.3.6.1.4.1.2505.1.1.0.10017 ALERT 0x04620014 0x04620014 Red Send Once chassisintrusiontrap 1.3.6.1.4.1.2505.1.1.0.10018 ALERT 0x04620015 0x04620015 Orange Send Once dualpowersupplytrap 1.3.6.1.4.1.2505.1.1.0.10019 ALERT 0x04620016 0x04620016 Orange Send Once t1wanstatustrap 1.3.6.1.4.1.2505.1.1.0.10020 WARNING 0x04620017 0x04620017 Orange Send Once ALERT 0x04620018 0x04620018 Red N / A Unexpected 0x04620049 0x04620049 Yellow N / A t3wanstatustrap 1.3.6.1.4.1.2505.1.1.0.10021 WARNING 0x04620019 0x04620019 Orange Send Once ALERT 0x0462001a 0x0462001a Red N / A Unexpected 0x04620049 0x04620049 Yellow N / A hwacceltrap 1.3.6.1.4.1.2505.1.1.0.10022 UNKNOWN 0x0462001b none none Send Once HEALTH 0x0462001c none none N / A WARNING 0x0462001d 0x0462001d Orange N / A ALERT 0x0462001e 0x0462001e Red N / A Page 16

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device radiusacctservertrap 1.3.6.1.4.1.2505.1.2.0.3001 WARNING 0x04620043 0x04620043 Orange Send Once ALERT 0x04620044 0x04620044 Red N / A backupservertrap 1.3.6.1.4.1.2505.1.2.0.3002 WARNING 0x0462001f 0x0462001f Yellow Send Once ALERT 0x04620020 0x04620020 Orange N / A diskredundencytrap 1.3.6.1.4.1.2505.1.2.0.3003 ALERT 0x04620021 0x04620021 Red Send Once intldapservertrap 1.3.6.1.4.1.2505.1.2.0.3004 WARNING 0x04620022 none none Send Once ALERT 0x04620023 0x04620023 Red N / A loadbalancingservertrap 1.3.6.1.4.1.2505.1.2.0.3005 DISABLED 0x04620024 none none Send Once WARNING 0x04620025 0x04620025 Orange N / A dnsservertrap 1.3.6.1.4.1.2505.1.2.0.3006 WARNING 0x04620026 0x04620026 Orange Send Once ALERT 0x04620027 0x04620027 Red N / A snmpservertrap 1.3.6.1.4.1.2505.1.2.0.3007 WARNING 0x04620028 0x04620028 Orange Send Once Page 17

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device ALERT 0x04620029 0x04620029 Red N / A ipaddresspooltrap 1.3.6.1.4.1.2505.1.2.0.3008 WARNING 0x0462002a 0x0462002a Yellow Send Once ALERT 0x0462002b 0x0462002b Orange N / A extldapservertrap 1.3.6.1.4.1.2505.1.2.0.3009 WARNING 0x0462002c 0x0462002c Orange Send Once ALERT 0x0462002d 0x0462002d Red N / A radiusauthservertrap 1.3.6.1.4.1.2505.1.2.0.30010 WARNING 0x0462002e 0x0462002e Orange Send Once ALERT 0x0462002f 0x0462002f Red N / A certificateservertrap 1.3.6.1.4.1.2505.1.2.0.30011 HEALTH 0x04620030 none none Send Once DISABLED 0x04620031 none none N / A WARNING 0x04620032 0x04620032 Yellow N / A ALERT 0x04620033 0x04620033 Orange N / A extldapauthservertrap 1.3.6.1.4.1.2505.1.2.0.30012 WARNING 0x04620034 0x04620034 Orange Send Once ALERT 0x04620035 0x04620035 Red N / A Page 18

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device cmpservertrap 1.3.6.1.4.1.2505.1.2.0.30013 WARNING 0x04620036 none none Send Once netbufferstrap 1.3.6.1.4.1.2505.1.3.0.5001 WARNING 0x04620037 0x04620037 Orange Send Once ALERT 0x04620038 0x04620038 Red N / A firewalltrap 1.3.6.1.4.1.2505.1.3.0.5002 DISABLED 0x04620039 none none N / A WARNING 0x0462003a 0x0462003a Yellow N / A ALERT 0x0462003b 0x0462003b Orange N / A fipsstatustrap 1.3.6.1.4.1.2505.1.3.0.5003 WARNING 0x0462003c 0x0462003c Yellow Send Once ALERT 0x0462003d 0x0462003d Orange N / A failedlogintrap 1.3.6.1.4.1.2505.1.4.0.101 WARNING 0x0462003e none none N / A securityintrusiontrap 1.3.6.1.4.1.2505.1.5.0.201 ALERT 0x0462003f 0x0462003f Red N / A poweruptrap 1.3.6.1.4.1.2505.1.0.401 WARNING 0x04620040 none none Send Once Page 19

Trap Name OID Trap Varbind Alarm Severity Event Generated Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device periodicheartbeattrap 1.3.6.1.4.1.2505.1.0.601 UNKNOWN 0x04620041 none none Send Once firewallruletriggeredtrap 1.3.6.1.4.1.2505.1.14.3.0.1 WARNING 0x04620042 none none Send Once Down Link (see Notes [Page 21]) Up Link (see Notes [Page 21]) 1.3.6.1.2.1.2.0 N / A 0x04620045 0x0220001 Orange N / A 1.3.6.1.2.1.3.0 N / A 0x04620046 none none N / A Authentication Fail 1.3.6.1.2.1.4.0 N / A 0x04620047 0x04620047 Yellow N / A licensingstatustrap* 1.3.6.1.4.1.2505.1.3.0.5004 WARNING 0x04620050 0x04620050 Yellow N / A ALERT 0x04620051 0x04620051 Orange N / A Unexpected 0x04620049 0x04620049 Yellow N / A natstatustrap* 1.3.6.1.4.1.2505.1.3.0.5005 DISABLED 0x04620052 none none N / A WARNING 0x04620053 0x04620053 Yellow N / A ALERT 0x04620054 0x04620054 Orange N / A Unexpected 0x04620049 0x04620049 Yellow N / A *Supported in SPECTRUM versions 6.6 SP5 and above Page 20

Notes Unexpected SPECTRUM Events and Alarms are generated based on the Trap Varbind Alarm Severity. For each Contivity trap, the potential alarm severities that can be sent are listed. If an unexpected Alarm Severity is sent for a particular trap, an unexpected Alarm Severity event is generated. Link Up / Link Down Traps For ContivityVPN Model Types Nortel Contivity Extranet Switches have Link Up / Link Down Trap Enabled options for BranchOffice Nailed-Up Tunnels and BranchOffice OnDemand Tunnels that you can set. These options are located under the ADMIN > SNMP Traps menu option of the Nortel Contivity web administration application (Web Administration [Page 46]). To change these options, click the Configure button in the Standard IETF section. It is recommended that you leave these options enabled. However, due to the filtering out of interfaces of type tunnel (131), critical alarms will not be mapped to these traps. Event Frequency An alternative Event Disposition file is available to use for processing events. This file contains rules that create an alarm if a certain number of events are received within a specified window of time. These rule apply to some, but not all of the events generated. Table 4 outlines how events are processed with this alternative Event Disposition file. Note: MINOR Alarm mappings (Yellow) were removed from the Rules based EventDisp file. To configure SPECTRUM to do this: 1. Navigate to the <$SPECROOT>/SS/CsVendor/NortelVPN directory. 2. Find the file named EventDisp. Change the name of this file to EventDisp.norules. 3. Navigate to the <$SPECROOT>/SS/CsVendor/NortelVPN/Rules directory and find the file named EventDisp.rules. 4. Copy this file into the <$SPECROOT>/SS/CsVendor/NortelVPN directory. Change the name of this file to EventDisp. Page 21

Table 4: Contivity Event Frequency Table Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device harddisk1statustrap 1.3.6.1.4.1.2505.1.1.0.1001 WARNING 0x04620000 N/A None None Interval 5 Minutes ALERT 0x04620001 3 Times, 15 min 0x04620100 Orange N / A harddisk0statustrap 1.3.6.1.4.1.2505.1.1.0.1002 WARNING 0x04620002 N/A None None Interval 5 Minutes ALERT 0x04620003 3 Times, 15 min 0x04620101 Orange N / A memoryusagetrap 1.3.6.1.4.1.2505.1.1.0.1003 WARNING 0x04620004 N/A None None Interval 5 Minutes ALERT 0x04620005 3 Times, 15 min 0x04620102 Orange N / A lancardstatustrap 1.3.6.1.4.1.2505.1.1.0.1004 WARNING 0x04620006 N/A 0x04620006 Orange Send Once ALERT 0x04620007 N/A 0x04620007 Red N / A Unexpected 0x04620049 N/A 0x04620049 Orange N / A cputwostatustrap 1.3.6.1.4.1.2505.1.1.0.1005 ALERT 0x04620008 N/A 0x04620008 Red Send Once fanonestatustrap 1.3.6.1.4.1.2505.1.1.0.1006 ALERT 0x04620009 N/A 0x04620009 Orange Send Once Page 22

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device fantwostatustrap 1.3.6.1.4.1.2505.1.1.0.1007 ALERT 0x0462000a N/A 0x0462000a Orange Send Once chassisfanstatustrap 1.3.6.1.4.1.2505.1.1.0.1008 ALERT 0x0462000b N/A 0x0462000b Orange Send Once fivevoltsposstatustrap 1.3.6.1.4.1.2505.1.1.0.1009 ALERT 0x0462000c 3 Times, 15 min 0x04620103 Orange Interval 5 Minutes fivevoltsminustrap 1.3.6.1.4.1.2505.1.1.0.10010 ALERT 0x0462000d 3 Times, 15 min 0x04620104 Orange Interval 5 Minutes threevoltspositivetrap 1.3.6.1.4.1.2505.1.1.0.10011 ALERT 0x0462000e 3 Times, 15 min 0x04620105 Orange Interval 5 Minutes twodotfivevatrap 1.3.6.1.4.1.2505.1.1.0.10012 ALERT 0x0462000f 3 Times, 15 min 0x04620106 Orange Interval 5 Minutes twodotfivevbtrap 1.3.6.1.4.1.2505.1.1.0.10013 ALERT 0x04620010 3 Times, 15 min 0x04620107 Orange Interval 5 Minutes Page 23

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device twelvevoltspositvetrap 1.3.6.1.4.1.2505.1.1.0.10014 ALERT 0x04620011 3 Times, 15 min 0x04620108 Orange Interval 5 Minutes twelvevoltsminstrap 1.3.6.1.4.1.2505.1.1.0.10015 ALERT 0x04620012 3 Times, 15 min 0x04620109 Orange Interval 5 Minutes normaltemperaturetrap 1.3.6.1.4.1.2505.1.1.0.10016 ALERT 0x04620013 3 Times, 15 min 0x0462010a Orange Interval 5 Minutes criticaltemperaturetrap 1.3.6.1.4.1.2505.1.1.0.10017 ALERT 0x04620014 3 Times, 15 min 0x0462010b Red Interval 5 Minutes chassisintrusiontrap 1.3.6.1.4.1.2505.1.1.0.10018 ALERT 0x04620015 N/A 0x04620015 Orange Send Once dualpowersupplytrap 1.3.6.1.4.1.2505.1.1.0.10019 ALERT 0x04620016 N/A 0x04620016 Orange Send Once t1wanstatustrap 1.3.6.1.4.1.2505.1.1.0.10020 WARNING 0x04620017 N/A 0x04620017 Orange Send Once ALERT 0x04620018 N/A 0x04620018 Red N / A Unexpected 0x04620049 N/A 0x04620049 Orange N / A t3wanstatustrap 1.3.6.1.4.1.2505.1.1.0.10021 WARNING 0x04620019 N/A 0x04620019 Orange Send Once Page 24

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device ALERT 0x0462001a N/A 0x0462001a Red N / A Unexpected 0x04620049 N/A 0x04620049 Orange N / A hwacceltrap 1.3.6.1.4.1.2505.1.1.0.10022 UNKNOWN 0x0462001b N/A none none Send Once HEALTH 0x0462001c N/A none none N / A WARNING 0x0462001d N/A 0x0462001d Orange N / A ALERT 0x0462001e N/A 0x0462001e Red N / A radiusacctservertrap 1.3.6.1.4.1.2505.1.2.0.3001 WARNING 0x04620043 N/A 0x04620043 Orange Send Once ALERT 0x04620044 N/A 0x04620044 Red N / A backupservertrap 1.3.6.1.4.1.2505.1.2.0.3002 WARNING 0x0462001f N/A none none Interval 5 Minutes ALERT 0x04620020 3 Times, 15 min 0x0462010d Orange N / A diskredundencytrap 1.3.6.1.4.1.2505.1.2.0.3003 ALERT 0x04620021 N/A 0x04620021 Red Send Once intldapservertrap 1.3.6.1.4.1.2505.1.2.0.3004 WARNING 0x04620022 N/A none none Send Once ALERT 0x04620023 N/A 0x04620023 Red N / A Page 25

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device loadbalancingservertrap 1.3.6.1.4.1.2505.1.2.0.3005 DISABLED 0x04620024 N/A none none Interval 5 Minutes WARNING 0x04620025 3 Times, 15 min 0x04620110 Orange N / A dnsservertrap 1.3.6.1.4.1.2505.1.2.0.3006 WARNING 0x04620026 N/A 0x04620026 Orange Send Once ALERT 0x04620027 N/A 0x04620027 Red N / A snmpservertrap 1.3.6.1.4.1.2505.1.2.0.3007 WARNING 0x04620028 N/A 0x04620028 Orange Interval 5 Minutes ALERT 0x04620029 3 Times, 15 min 0x04620112 Red N / A ipaddresspooltrap 1.3.6.1.4.1.2505.1.2.0.3008 WARNING 0x0462002a N/A none none Send Once ALERT 0x0462002b N/A 0x0462002b Orange N / A extldapservertrap 1.3.6.1.4.1.2505.1.2.0.3009 WARNING 0x0462002c 3 Times, 15 min 0x04620118 Orange Interval 5 Minutes ALERT 0x0462002d 3 Times, 15 min 0x04620114 Red N / A radiusauthservertrap 1.3.6.1.4.1.2505.1.2.0.30010 WARNING 0x0462002e 3 Times, 15 min 0x04620119 Orange Interval 5 Minutes Page 26

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device ALERT 0x0462002f 3 Times, 15 min 0x04620115 Red N / A certificateservertrap 1.3.6.1.4.1.2505.1.2.0.30011 HEALTH 0x04620030 N/A none none Send Once DISABLED 0x04620031 N/A none none N / A WARNING 0x04620032 N/A none none N / A ALERT 0x04620033 N/A 0x04620033 Orange N / A extldapauthservertrap 1.3.6.1.4.1.2505.1.2.0.30012 WARNING 0x04620034 3 Times, 15 min 0x0462011a Orange Interval 5 Minutes ALERT 0x04620035 3 Times, 15 min 0x04620116 Red N / A cmpservertrap 1.3.6.1.4.1.2505.1.2.0.30013 WARNING 0x04620036 N/A none none Send Once netbufferstrap 1.3.6.1.4.1.2505.1.3.0.5001 WARNING 0x04620037 3 Times, 15 min 0x0462011b Orange Interval 5 Minutes ALERT 0x04620038 3 Times, 15 min 0x04620117 Red N / A firewalltrap 1.3.6.1.4.1.2505.1.3.0.5002 DISABLED 0x04620039 N/A none none N / A WARNING 0x0462003a N/A none none N / A Page 27

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device ALERT 0x0462003b N/A 0x0462003b Orange N / A fipsstatustrap 1.3.6.1.4.1.2505.1.3.0.5003 WARNING 0x0462003c N/A none none Send Once ALERT 0x0462003d N/A 0x0462003d Orange N / A failedlogintrap 1.3.6.1.4.1.2505.1.4.0.101 WARNING 0x0462003e N/A none none N / A securityintrusiontrap 1.3.6.1.4.1.2505.1.5.0.201 ALERT 0x0462003f N/A 0x0462003f Red N / A poweruptrap 1.3.6.1.4.1.2505.1.0.401 WARNING 0x04620040 N/A none none Send Once periodicheartbeattrap 1.3.6.1.4.1.2505.1.0.601 UNKNOWN 0x04620041 N/A none none Send Once firewallruletriggeredtrap 1.3.6.1.4.1.2505.1.14.3.0.1 WARNING 0x04620042 N/A none none Send Once Down Link (see Notes [Page 21]) Up Link (see Notes [Page 21]) 1.3.6.1.2.1.2.0 N / A 0x04620045 N/A 0x0220001 Orange N / A 1.3.6.1.2.1.3.0 N / A 0x04620046 N/A none none N / A Page 28

Trap Name OID Trap Varbind Alarm Severity Event Generated Event Frequency Default Settings Alarm Generated SPECTRUM Default Alarm Severity Recommended Trap Configuration on Device Authentication Fail 1.3.6.1.2.1.4.0 N / A 0x04620047 N/A 0x04620047 Orange N / A licensingstatustrap* 1.3.6.1.4.1.2505.1.3.0.5004 WARNING 0x04620050 N/A none none N / A ALERT 0x04620051 N/A 0x04620051 Orange N / A Unexpected 0x04620049 N/A none none N / A natstatustrap* 1.3.6.1.4.1.2505.1.3.0.5005 DISABLED 0x04620052 N/A none none N / A WARNING 0x04620053 N/A none none N / A ALERT 0x04620054 0x04620054 0x04620054 Orange N / A *Supported in SPECTRUM versions 6.6 SP5 and above Page 29

VPN Status This management module supports the RFC2667App (IP Tunnel MIB) application. This support includes the availability of the RFC2667App application s VPN Status menu options from the device icon. See the Transmission Applications (5064) document for information. Page 30

Tunnel Interface Filtering Purpose This section describes the Tunnel Interface Filter Functionality added for Nortel Contivity devices. The ContivityVPN device populates the iftable with both user and branch VPN tunnel interface entries. However, it is possible for thousands of user VPN tunnel interfaces to exist. The ContivityVPN interface filtering functionality was introduced to selectively filter out user tunnel interfaces and prevent unnecessary modeling of these interfaces. Note: Tunnel interface filtering is only available for models of type ContivityVPN. Enabling and Disabling Tunnel IF Filtering Tunnel IF filtering (enabled by default in SPECTRUM 6.6 original release) can be disabled or enabled by following the procedure below. Procedure Note: If this setting is changed in the SpectroSERVER database prior to installing the Service Pack 3 enhancement, the tunnel interfaces modeled as Serial_IF_Ports will not be converted automatically to Tunnel_If models upon upgrading. See Reconfiguring Existing Device Models [Page 43]. Note: This procedure only applies to SPECTRUM 6.6 releases prior to Service Pack 3. 1. In the Model Type Editor, set the default list value for attribute If_Mtype_Map handle 0x011fb4. Looking at the list of values, locate OID instance 131. 2. It should be set to a value of 0. Setting it to zero will prevent the interface type from being modeled. 3. To disable tunnel interface filtering and allow these models to be created, set this value to 220013. Page 31

Note: See the Model Type Editor User s Guide (0659) for more information. Page 32

Contivity Enhancements for 6.6 Service Pack 3 This section summarizes the enhancements made with 6.6 Service Pack 3 for the Nortel Contivity Management Module. Modeling of Tunnel Interfaces Creation of models to represent site-to-site or branch tunnel interfaces is now controlled by the Create Sub-Interface attribute of the Contivity device model. This can be set from the Configuration tab of the Global Attribute Editor, or from the Redundancy and Model Reconfiguration Options GIB on an individual model. (No models are ever created to represent "user" tunnels. This behavior is consistent with the previous version.) Tunnel Interface "Stacking" Tunnel interface models are created as sub-interfaces of the physical interface whose IP address matches the tunnel's local address as indicated in the Tunnel MIB. Since Contivity devices don't support the ifstacktable, this mechanism of determining the lower-layer interface is necessary and effective. Automatic Connectivity Mapping When a tunnel interface model activates for the first time (i.e. during initial device modeling or during an interface reconfiguration), SPECTRUM will search for a tunnel interface model representing the other end-point of the tunnel. If such a model is found, the connection between these two interfaces is modeled. SPECTRUM uses the local address and remote address indicated in the Tunnel MIB (rfc2667) to find the other end-point of the tunnel. Page 33

Interface Model Identification Tunnel interface models are now identified uniquely by their local address and remote address as indicated in the Tunnel MIB (rfc2667). This enables SPECTRUM to preserve the interface model even if the ifindex of the interface changes. Interface Model Aging During an interface reconfiguration, any interface model that no longer has a representation in the MIB is marked as "stale" instead of being destroyed. This feature enables SPECTRUM to retain the connectivity modeling between tunnel interfaces and other devices while the tunnel is down. The connectivity information can then be leveraged for event correlation and fault suppression. On subsequent reconfigurations, the port age out time of the device model is compared with how long the interface model has been stale. If the interface does not reappear in the MIB, the interface model will be destroyed after it has aged out. If the interface does reappear in the MIB, then the interface model will be marked as current. The port is marked as stale by setting the "isstale" attribute to TRUE. The port age out time can be set per device by setting the "PortAgeOutTime" on the device to the number of minutes desired. The default age out time for the Contivity is two hours (120 minutes). Link Down Trap Correlation In an effort to reduce multiple alarms for a single network outage, link down traps for "tunnel" interface models are correlated with other conditions. The alarm for the link down trap will be suppressed if the lower layer (i.e. physical interface) is down. Also, if the "Suppress Linked Port Alarms" setting of the Live Pipes model is set to TRUE, the alarm for the link down trap will be suppressed if either of the following conditions are met: 1. The connected device is unreachable (by the SpectroSERVER) 2. The "linked" tunnel interface model is alarmed (RED) Page 34

Status Monitoring of Tunnel Interfaces On the Contivity, the ifoperstatus of a tunnel interface entry is always "UP", right up to the point when it disappears from the iftable. If a tunnel model becomes "stale", and no link down trap has yet been processed for the tunnel, SPECTRUM will generate a red alarm on the model. However, this alarm will be suppressed in the same cases in which a link down trap alarm would be suppressed, that is if the lower layer (i.e. physical interface) is down. Also, if the "Suppress Linked Port Alarms" setting of the Live Pipes model is set to TRUE, this alarm will be suppressed if either of the following conditions are met: 1. The connected device is unreachable (by the SpectroSERVER) 2. The "linked" tunnel interface model is alarmed (RED) Page 35

Recommendations for Management of Contivity Devices with SPECTRUM Some changes to both the Contivity management settings and the SPECTRUM configuration settings may be required to achieve the best possible management of Contivitybased VPNs. Contivity Management Settings The following Contivity settings are recommended. Enable Tunnel MIB Aprisma recommends that the Tunnel IP MIB be enabled on all managed Contivity devices. This allows SPECTRUM to create models to represent the tunnel end points on the device. This MIB can be enabled/disabled from the ADMIN->SNMP section of the Contivity web management pages. Enable Link Up/Down Traps Aprisma recommends that link up and link down traps are enabled for physical interfaces and for "Nailed-Up" branch tunnels. This will give SPECTRUM more immediate notification of link state changes. Our experience has shown that link traps for "OnDemand" tunnels don't provide much value. The tunnel must be down for 15 minutes or so before the trap is sent. Nail-Up Your Monitored Tunnels Aprisma recommends that all tunnels for which connection monitoring is important be "Nailed-Up". SPECTRUM will not alarm "OnDemand" tunnels when they go down. Specifically, the Alarm on LINK down Trap attribute of the Tunnel_If model determines whether it will respond to link down traps or changes to the isstale attribute. A value of Always (1) will cause SPECTRUM to process these events; a value of Never (0) will cause SPECTRUM to ignore them. When SPECTRUM creates Tunnel_If models for the Contivity, it will set this attribute to Always for "Nailed-Up" branch tunnels, and Never for "OnDemand" tunnels. The Alarm on LINK down setting can be changed from the Configuration tab of the Global Attribute Editor, but we recommend you leave it as SPECTRUM has set it. Page 36

SPECTRUM Management Settings The following SPECTRUM management settings are recommended. Automatically Reconfigure Interfaces Set this attribute to TRUE for Contivity models if you want SPECTRUM to manage the branch tunnels of the device. For devices that only support "User" tunnels, this setting should be FALSE. When TRUE, SPECTRUM will reconfigure the interface models whenever the ifnumber object of the device's SNMP agent changes. Reconfigure on LINK change Aprisma recommends this attribute be set to FALSE for all Contivity models. When set to TRUE, SPECTRUM performs an interface reconfiguration after every link up or link down trap received. Discovery after Reconfigure Aprisma recommends this attribute be set to FALSE (the default setting) for all Contivity models. SPECTRUM will model connections between newly found tunnels regardless of this setting. SPECTRUM's Autodiscovery process can add little or no value after most link state changes, especially for the Contivity devices, for which, most link state changes will represent tunnels coming up and going down, and not new router or bridge ports being configured. Create Sub-Interfaces Set this attribute to TRUE for Contivity models if you want SPECTRUM to monitor the branch tunnels. If this attribute is set to FALSE, SPECTRUM will not create models for the tunnel interfaces. All of these settings can be modified using the Configuration tab of the Global Attribute Editor or the Redundancy and Model Reconfiguration Options GIB for a particular device model. Suppress Linked Port Alarms Aprisma recommends setting this attribute of the Live Pipes model to TRUE. This will suppress port alarms when either the connected device is unreachable or the linked port model is already alarmed. This setting can be modified from the Live Pipes Model Information View, which can be accessed from the VNM model's Configuration GIB. Page 37

Contivity Fault Scenarios This section describes fault scenarios likely in a VPN environment and SPECTRUM's response to these scenarios. In This Section Key Two Link Down Traps For One Down Tunnel [Page 39] Loss of Contact and Link Down Trap [Page 40] Physical Port Down, Loss of Contact, and Link Down Traps [Page 41] Loss of Contact to Whole Network [Page 42] Key Figure 1: Key to Diagrams applies to each of the following diagrams. Figure 1: Key to Diagrams Page 38

Two Link Down Traps For One Down Tunnel In this scenario (Figure 2), the SpectroSERVER retains contact to all managed elements in this meshed environment, but a tunnel between two devices goes down. SPECTRUM receives two link down traps. One tunnel interface is alarmed; the other is suppressed. Figure 2: Two Link Down Traps For One Down Tunnel Page 39

Loss of Contact and Link Down Trap In this scenario (Figure 3), SPECTRUM loses contact with a "spoke" Contivity in a hub and spoke network. SPECTRUM also receives a link down trap from the hub, indicating the tunnel to the lost device. SPECTRUM alarms the lost device and suppresses the alarm on the tunnel interface indicated by the trap. Figure 3: Loss of Contact and Link Down Trap Page 40

Physical Port Down, Loss of Contact, and Link Down Traps In this scenario (Figure 4), a physical port of a Contivity goes down or loses its link to the public network. SPECTRUM gets link down traps for the physical port and tunnels of the Contivity, and loses contact with remote Contivity devices. The link down alarms on the tunnel interface models are suppressed, however SPECTRUM's fault isolation will create red alarms on the lost Contivity device models because they have an "up" neighbor. In a future release, SPECTRUM will suppress these alarms and the impact of the physical port alarm will include these lost devices. Figure 4: Physical Port Down, Loss of Contact, and Link Down Traps Page 41

Loss of Contact to Whole Network In this scenario (Figure 5), SPECTRUM loses contact to the entire VPN network. SPECTRUM's fault isolation suppresses all but one loss of contact alarms. Figure 5: Loss of Contact to Whole Network Page 42

66 SP3 Upgrade Considerations This section describes possible upgrade considerations for the Contivity Management Module for SPECTRUM 66 SP3. Reconfiguring Existing Device Models Because of changes to the way tunnel interfaces are modeled, Aprisma recommends forcing an interface reconfiguration for all existing Contivity device models. This can be done using the Search Manager. First, find by model type all Contivity models. Select all desired models, and click on Manage > Reconfigure. It is strongly recommended that Discovery after Reconfigure be set to FALSE prior to forcing reconfigurations in this manner. In the original release of SPECTRUM 6.6, the Contivity MM was configured with a setting that prevented tunnel interfaces from being modeled. The procedure described in Enabling and Disabling Tunnel IF Filtering [Page 31] shows how to change this setting so that Serial_IF_Port models are created for each tunnel interface. If this setting has been changed in the SpectroSERVER database prior to installing the Service Pack 3 enhancement, the tunnel interfaces modeled as Serial_If_Ports will not be converted automatically to Tunnel_If models upon upgrading. Aprisma recommends that these interface models be destroyed prior to initiating reconfigurations on the device models. Page 43

Known Anomalies This section describes known anomalies for the Contivity Management Module for SPECTRUM 66 SP3. Create Sub-Interface Changes If Create Sub-Interfaces is changed from TRUE to FALSE for a Contivity model after tunnel interface models have been created, a subsequent interface reconfiguration will cause the tunnel interface models to go stale and start aging out, rather than being destroyed immediately. In an environment in which tunnel monitoring is desired for some, but not all, Contivity devices, it may be desirable to set the default value of Create Sub-Interfaces for the Contivity model type to FALSE. Once you have set this value to FALSE, set Create Sub-Interfaces to TRUE for the individual models of Contivity devices for which tunnel monitoring is desired. Autodiscovery and Public Addresses It is generally the case that the public addresses on the Contivity devices in a VPN will be in different subnets because they will be separated by several Internet routers. It is possible, however, to have Contivity devices with public interfaces on the same subnet. In this case, SPECTRUM's autodiscovery may attempt to map the connectivity of the public interfaces. The manifestation of this would be a LAN container in the same topology view as the Contivity models with pipes to the Contivity models. A fanout model without the LAN would be connected to the public interface models of the Contivities. Port Aging is not Aggressive When a tunnel goes away, the tunnel interface model is marked as "Stale". Any future reconfiguration that occurs after the "portageouttime" of the device will cause that tunnel model to be destroyed. However, if there are no future reconfigurations of the device, the "Stale" tunnel interface model will stay around. For example, consider a polling interval of 5 minutes and a portageouttime of 30 minutes. If a tunnel goes down at 10:27 and SPECTRUM polls at 10:30, SPECTRUM will detect an ifnumber change and perform and interface reconfiguration. During this process, the tunnel Page 44

interface will be marked as stale. You may expect that, if the tunnel doesn't come back up, the tunnel interface model will be destroyed at 11:00 precisely. However, if ifnumber does not change again for a week, interface reconfiguration won't run again for a week, and this tunnel interface model will remain stale until this time. Then, it will be destroyed. Page 45

Web Administration The Nortel web-based administration application can be launched from the Nortel Contivity device model. To launch the web management view for the Nortel Contivity devices, right click on the device icon of the device model in the Topology view and choose Web Administration. Note: By default, the Web Admin URL is http:// <0x1027f> (the Network_Address attribute). You can use the Global Attribute Editor in Search Manager to change this. See the Global Attribute Editor section of the Search Manager User Guide (2383) for more information. Page 46

Index A Automatically Reconfigure Interfaces [38] C CONTIVITY-TRAPS-V1-MIB [14] Create Sub-Interfaces [38] D Discovery after Reconfigure [38] E Event Frequency Rules [22] F Fault Scenarios [39] Firmware Version Tested Against [11] I ifnumber [45], [46] ifoperstatus [36] ifstacktable [34] Interface Reconfiguration [45] IP Tunnel MIB [11] L Link Up/Down Traps [37] options [22] Page 48

M Management Settings Recommended [37] Model Types [11] N Nailed-Up branch tunnels [37] O OnDemand tunnels [37] P PortAgeOutTime [35], [45] R Reconfigure on LINK change [38] RFC2667app [11], [31] S Serial_IF_Port [32], [44] Suppress Linked Port Alarms [38] T Transmission Applications [11], [31] Trap Processing [14] Tunnel IF Filtering, disable [32] Tunnel MIB (rfc2667) [34], [35] Tunnel_If [32], [37], [44] W Web Administration [47] Page 49

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback