Documente Academic
Documente Profesional
Documente Cultură
Alcatel-Lucent 9900
WIRELESS NETWORK GUARDIAN | RELEASE 2.1
PRODUCT GUIDES
Alcatel-Lucent Proprietary This document contains proprietary information of Alcatel-Lucent and is not to be disclosed or used except in accordance with applicable agreements. Copyright 2010 Alcatel-Lucent. All rights reserved.
Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Copyright 2010 Alcatel-Lucent. All rights reserved.
Disclaimers
Alcatel-Lucent products are intended for commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The customer hereby agrees that the use, sale, license or other distribution of the products for any such application without the prior written consent of Alcatel-Lucent, shall be at the customer's sole risk. The customer hereby agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the products in such applications. This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation. Alcatel-Lucent assumes no responsibility or liability for incorrect or incomplete information provided about non-Alcatel-Lucent products. However, this does not constitute a representation or warranty. The warranties provided for Alcatel-Lucent products, if any, are set forth in contractual documentation entered into by Alcatel-Lucent and its customers. This document was originally written in English. If there is any conflict or inconsistency between the English version and any other version of a document, the English version shall prevail.
Preface
The 9900 Wireless Network Guardian is a GUI-based system that is designed to manage data flows, and monitor network activities and demands for network resources.
planning and system architecture hardware installation and maintenance software maintenance and upgrades commissioning 9900 WNG system management interfaces configuration procedures network performance reporting and management network anomaly reporting and management security monitoring and administration user account administration and security database administration
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
iii
Preface
Important information
The following conventions are used to indicate important information:
Danger Danger indicates that the described activity or situation
may result in serious personal injury or death; for example, high voltage or electric shock hazards.
Warning Warning indicates that the described activity or situation
Note Note provides important information that is, or may be, of special interest.
iv
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Preface
Measurement conventions
Measurements in this guide are expressed in metric units and follow the Systeme International dUnites standard for abbreviation of metric units. If imperial measurements are included, they appear in brackets following the metric unit. Table 3 lists the measurement conventions used in this document but not covered by SI.
Table 3 Bits and bytes conventions
Measurement bit kilobit gigabit byte kilobyte megabyte (1 of 2) Symbol b kb Gb byte kbyte Mbyte
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Preface
Measurement gigabyte (2 of 2)
Symbol Gbyte
Click on the Search button. Adobe Reader displays the search results. You can expand the entries for each file by clicking on the + symbol.
Note After you click on a hyperlink, you can right-click and choose Previous View from the contextual menu to return to the location of the previous hyperlink.
Contact information
If you have questions or comments about this documentation, please contact: documentation.feedback@alcatel-lucent.com
vi
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
Preface
ix
About the guides ....................................................................................... ix Conventions used in this guide........................................................................ x Important information.................................................................. x Acronyms and initialisms............................................................... x Procedures with options or substeps ................................................. x Procedure 1 Example of options in a procedure.................................. xi Procedure 2 Example of substeps in a procedure ................................ xi Measurement conventions ............................................................ xi Multiple PDF file search.............................................................................. xii Procedure 3 To search multiple PDF files for a term ........................... xii Contact information .................................................................................. xii
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
vii
Contents
1-1
1.4 1.5
9900 WNG overview..................................................................... 1-2 9900 WNG Detector and Central ...................................................... 1-2 9900 WNG Detector .................................................................. 1-4 9900 WNG Central.................................................................... 1-4 9900 WNG hardware .................................................................... 1-5 9900 WNG Detector hardware...................................................... 1-5 9900 WNG Central hardware ....................................................... 1-6 Detecting hardware failures........................................................ 1-6 9900 WNG software ..................................................................... 1-6 Detecting software problems....................................................... 1-7 9900 WNG external user interfaces .................................................. 1-7
2-1
2.5
2.6
Planning overview....................................................................... 2-2 9900 WNG Central and Detector server planning .................................. 2-2 9900 WNG Central planning ........................................................... 2-2 9900 WNG Detector planning.......................................................... 2-3 Processing data ....................................................................... 2-3 Tapping into the network ........................................................... 2-4 Estimating 9900 WNG Detectors needed ......................................... 2-5 Network technology ................................................................. 2-5 Determine location to view network activity .................................... 2-6 CDMA network activity .............................................................. 2-6 UMTS network activity .............................................................. 2-8 Geographic configuration for 9900 WNG Detectors ............................ 2-10 IP addresses and port numbers planning ........................................... 2-11 9900 WNG Central interfaces...................................................... 2-11 9900 WNG Detector interfaces .................................................... 2-11 Additional interfaces ............................................................... 2-11 Site preparation planning ............................................................. 2-12 9900 WNG server and rack hardware specifications ........................... 2-12 Rack-mount requirements ......................................................... 2-13 Power requirements ................................................................ 2-13 Cabling requirements............................................................... 2-14 Environmental requirements ...................................................... 2-15
viii
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
Hardware installation
3 Safety and regulatory specifications
3.1 3.2
3-1
3.3
Safety hazards ........................................................................... 3-2 Signal words........................................................................... 3-2 General hazard statements ......................................................... 3-3 Product use and safety guidelines .................................................... 3-3 Heed safety instructions ............................................................ 3-3 System power on and off............................................................ 3-4 Hazardous conditions, devices, and cables ...................................... 3-4 ESD and ESD protection ............................................................. 3-4 ESD and handling boards ............................................................ 3-4 Installing or removing jumpers..................................................... 3-4 Equipment handling practices...................................................... 3-4 Safety steps ........................................................................... 3-5 Cooling and airflow .................................................................. 3-5 Power supply.......................................................................... 3-5 Power cord warnings................................................................. 3-6 Equipment rack anchoring .......................................................... 3-6 Regulatory specifications .............................................................. 3-6 Product Safety Compliance ......................................................... 3-6 Product EMC Compliance - Class A Compliance ................................. 3-6
4-1
4.5
4.6
9900 WNG Detector and Central server installation overview ................... 4-2 Required hardware................................................................... 4-2 Power requirements .................................................................... 4-3 AC power supplies.................................................................... 4-3 DC power supplies.................................................................... 4-4 Receiving the shipment ................................................................ 4-5 Procedure 4-1 To inspect a 9900 WNG package ................................ 4-6 Installing the 9900 WNG server in a rack ............................................ 4-6 Prerequisites .......................................................................... 4-6 Rack installation...................................................................... 4-7 Procedure 4-2 To install the 9900 WNG in a 4-post rack ...................... 4-7 Procedure 4-3 To install the 9900 WNG in a 2-post rack ..................... 4-11 Grounding a DC-powered server ..................................................... 4-15 Prerequisites and safety precautions ............................................ 4-16 Procedure 4-4 To prepare the ground wire .................................... 4-16 Procedure 4-5 To ground the server............................................. 4-16 Connecting the cables ................................................................. 4-17 9900 WNG Central external ports................................................. 4-18 9900 WNG Detector external ports ............................................... 4-18 Cable connections................................................................... 4-19 Procedure 4-6 To connect cables for a 9900 WNG Detector ................ 4-19 Procedure 4-7 To connect cables for a 9900 WNG Central server .......... 4-20 Connecting power cables .......................................................... 4-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
ix
Contents
5-1
Powering up and down the 9900 WNG Central and Detector overview......... 5-2 Powering up the 9900 WNG Central and Detector .............................. 5-2 Powering down the 9900 WNG Central and Detector........................... 5-2 Powering up and down the 9900 WNG Central ..................................... 5-2 Procedure 5-1 To power up 9900 WNG Central ................................. 5-2 Procedure 5-2 To power down the 9900 WNG Central ........................ 5-3 Powering up and down a 9900 WNG Detector ...................................... 5-4 Procedure 5-3 To power up a 9900 WNG Detector ............................. 5-4 Procedure 5-4 To power down the 9900 WNG Detector....................... 5-5 Powering up, powering down, or resetting the 9900 WNG Detector or Central using the BMC device .................................................. 5-5 Procedure 5-5 To power up, power down, or reset a 9900 WNG Detector or Central using the BMC device.................................. 5-5
Commissioning
6 License requirements
6.1
6-1
6.2 6.3
Licensing overview ...................................................................... 6-2 License limit exceeded.............................................................. 6-2 License expiration.................................................................... 6-2 Retrieving license expiration data................................................. 6-3 Obtaining a license file................................................................. 6-3 Procedure 6-1 To obtain the host identifier of 9900 WNG Central .......... 6-3 Installing the license file on the 9900 WNG Central ............................... 6-3 Procedure 6-2 To install a new license on the 9900 WNG Central........... 6-4
7-1
Mandatory configuration procedures overview ..................................... 7-2 Mandatory configuration procedures................................................. 7-2 Procedure 7-1 To perform the prerequisites to configure the management interface and BMC LAN on a 9900 WNG server ............ 7-2 Procedure 7-2 To configure the management interface and BMC LAN on the 9900 WNG Central and Detector ............................... 7-3 Procedure 7-3 To provision the 9900 WNG Central ............................ 7-5 Procedure 7-4 To provision the 9900 WNG Detector server .................. 7-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
Hardware maintenance
8 Replacing CRUs
8.1 8.2 8.3 8.4
8-1
CRU overview ............................................................................ 8-2 Replacing hardware precautions...................................................... 8-2 Electrostatic discharge precautions ............................................... 8-3 Replacing a power supply.............................................................. 8-3 Procedure 8-1 To replace the power supply .................................... 8-3 Replacing a hard disk drive ............................................................ 8-4 Procedure 8-2 To replace a hard disk drive ..................................... 8-5
9-1
9.4
9900 WNG software upgrade overview .............................................. 9-2 Software upgrade CLI commands ..................................................... 9-2 Software repositories................................................................... 9-3 Configuring the 9900 WNG Central server as the software repository ....... 9-4 Procedure 9-1 To configure the 9900 WNG Central as the software repository........................................................................ 9-4 Displaying the enabled software repository ..................................... 9-4 Procedure 9-2 To display the enabled software repository................... 9-4 Software upgrades and updates ...................................................... 9-5 Upgrading software .................................................................. 9-5 Procedure 9-3 To upgrade software on the 9900 WNG Central and Detector using the 9900 WNG Central repository ......................... 9-6 Procedure 9-4 To upgrade software on the 9900 WNG Central and Detector using an external software repository ........................... 9-7 Procedure 9-5 To upgrade software on the 9900 WNG Central and Detector using a USB removable hard drive as the software repository........................................................................ 9-8 Displaying software packages ...................................................... 9-9 Procedure 9-6 To display the software packages that are in the software repository ............................................................ 9-9
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xi
Contents
User Guide
9900 WNG overview
10 9900 WNG system
10.1 10.2 10.3
10-1
9900 WNG overview.................................................................... 10-2 Key 9900 WNG functions ........................................................... 10-2 Key 9900 WNG benefits ............................................................ 10-3 9900 WNG Detector and Central ..................................................... 10-4 9900 WNG Detector ................................................................. 10-6 9900 WNG Central................................................................... 10-6 9900 WNG external user interfaces ................................................. 10-7
11-1
Configuration procedures
12 Optional configuration procedures
12.1 12.2
12-1
Optional configuration procedures overview ...................................... 12-2 9900 WNG Detector optional configuration procedures.......................... 12-2 Specifying the 9900 WNG Detector deployment mode ........................ 12-2 Procedure 12-1 To specify the 9900 WNG Detector deployment mode ............................................................................ 12-3 Configuring the RNC load threshold .............................................. 12-3 Procedure 12-2 To configure an RNC load threshold ......................... 12-4 Configuring CDMA RNC-to-PCF IP address mapping ............................ 12-4 Procedure 12-3 To configure RNC-to-PCF IP address mapping .............. 12-5 Configuring UMTS RNC-to-SAI mapping .......................................... 12-5 Procedure 12-4 To configure RNC-to-SAI mapping ............................ 12-6 Specifying the mobile IP address range.......................................... 12-7 Procedure 12-5 To specify the mobile IP address range ..................... 12-7 Modifying the anomaly event throttle rate ..................................... 12-8 Procedure 12-6 To modify the anomaly event throttle rate................. 12-8 Adding subnets to a whitelist ..................................................... 12-8 Procedure 12-7 To add subnets to a whitelist ................................. 12-8 Modifying the mobile dormancy timeout value................................. 12-9 Procedure 12-8 To modify the mobile dormancy timeout value .......... 12-10 Specifying the VLANs from which packets are captured .................... 12-10 Procedure 12-9 To include, exclude, clear, and show VLAN IDs to process ........................................................................ 12-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xii
Contents
12.3
Disabling the reporting of specific anomaly events.......................... Procedure 12-10 To disable the reporting of an anomaly event .......... Specifying the intensity level for reporting anomaly events ............... Procedure 12-11 To specify the intensity level for a reported anomaly event ............................................................... Adding a detector to a 9900 WNG system ..................................... Procedure 12-12 To add a 9900 WNG Detector .............................. Copying files from a 9900 WNG Detector...................................... Procedure 12-13 To copy 9900 WNG Detector configuration files to another 9900 WNG Detector............................................... Deleting a 9900 WNG Detector.................................................. Procedure 12-14 To delete a 9900 WNG Detector........................... 9900 WNG Central optional configuration tasks................................. Adding entries to the application map table ................................. Procedure 12-15 To configure the application map table ................. Enabling the security event manager feed.................................... Procedure 12-16 To enable the security event manager feed ............ Loading a saved login banner ................................................... Procedure 12-17 To load a saved login banner .............................. Generating a public key .......................................................... Procedure 12-18 To generate and display a public key ....................
12-11 12-11 12-12 12-13 12-14 12-14 12-15 12-15 12-15 12-16 12-16 12-16 12-18 12-20 12-21 12-21 12-21 12-21 12-22
13-1
14 CLI
14.1
14-1
CLI overview ............................................................................ 14-2 Accessing the 9900 WNG Central and Detector................................. 14-2 CLI roles, privileges, and modes .................................................. 14-3 CLI timeout........................................................................... 14-5 Logging in to the CLI................................................................... 14-6 Logging in to the CLI on the 9900 WNG Central ................................ 14-6 Procedure 14-1 To log in to the CLI on the 9900 WNG Central from a Windows or UNIX platform using SSH....................................... 14-6 Procedure 14-2 To log in to the CLI on the 9900 WNG Central from the GUI.......................................................................... 14-7 Accessing the CLI on the 9900 WNG Detector .................................. 14-7 Procedure 14-3 To log in to the CLI on the 9900 WNG Detector ............ 14-8 Changing modes and target servers ................................................. 14-8 Procedure 14-4 To change your mode on the 9900 WNG Central or Detector ........................................................................ 14-8 Procedure 14-5 To change target servers at the same mode................ 14-9 Procedure 14-6 To change your mode and target server................... 14-10 CLI command syntax ................................................................. 14-12
xiii
14.2
14.3
14.4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
14.5
14.6
CLI navigation tips ................................................................... Displaying available commands ................................................. Using shortcuts .................................................................... Scrolling through commands .................................................... Paging through the CLI output .................................................. CLI commands ........................................................................
15 PC client installation
15.1 15.2 15.3
15-1
PC client installation overview....................................................... 15-2 PC client installation .................................................................. 15-2 Provisioning your PC ................................................................ 15-2 Procedure 15-1 To provision your PC............................................ 15-2 Launching the GUI client.............................................................. 15-3 Procedure 15-2 To launch the GUI client ....................................... 15-3 Deployment by Java Web Start ................................................... 15-3
16 GUI
16.1 16.2 16.3
16-1
GUI overview............................................................................ 16-2 Menu-based and dynamic navigation............................................. 16-2 Logging in to the GUI .................................................................. 16-2 Procedure 16-1 To log in to the GUI............................................. 16-2 GUI components ........................................................................ 16-2 GUI menus ............................................................................ 16-4 9900 WNG status indicators ....................................................... 16-4 Navigation menu and views in the workspace panel .......................... 16-6 Common features and functions ..................................................... 16-6 Sorting functions .................................................................... 16-6 Export functions ..................................................................... 16-7 Calendar and time widget ......................................................... 16-7 Using the whois query .............................................................. 16-7 Configuring the language on the GUI ............................................... 16-8 Procedure 16-2 To display the current language resource file.............. 16-8 Procedure 16-3 To install a language resource file ........................... 16-9 Configuring preference settings ..................................................... 16-9 Procedure 16-4 To change the default data retrieval settings .............. 16-9 Procedure 16-5 To change the default event reporting settings.......... 16-10 Procedure 16-6 To modify subscriber report preferences ................. 16-11 Procedure 16-7 To configure Network Graph preferences ................. 16-12 Procedure 16-8 To reset default configuration settings.................... 16-12
16.4
16.5 16.6
17-1
9900 WNG Central webpage .......................................................... 17-2 Procedure 17-1 To access the 9900 WNG Central webpage ................. 17-2
18 BMC
18.1
18-1
BMC....................................................................................... 18-2
xiv
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
19 SNMP
19.1 19.2 19.3 19.4
19-1
SNMP interface ......................................................................... 19-2 Configuring SNMPv1/v2c .............................................................. 19-3 Procedure 19-1 To specify the NMS servers and configure SNMPv1/v2c settings .......................................................... 19-3 Configuring SNMPv3 .................................................................... 19-5 Procedure 19-2 To configure SNMPv3 settings ................................. 19-5 SNMP user accounts.................................................................... 19-7 Procedure 19-3 To create an SNMP user account ............................. 19-8 Procedure 19-4 To create a n SNMP group ..................................... 19-8 Procedure 19-5 To delete an SNMP user account ............................. 19-8 Procedure 19-6 To delete an SNMP group ...................................... 19-8 Procedure 19-7 To display SNMP user accounts ............................... 19-8 Managing SNMP components.......................................................... 19-9 Procedure 19-8 To update SNMP location information ....................... 19-9 Procedure 19-9 To update the SNMP agent contact .......................... 19-9 Deleting SNMP components ......................................................... 19-10 Procedure 19-10 To delete IP addresses from an SNMP server ............ 19-10 Procedure 19-11 To delete an SNMP community ............................ 19-10 Procedure 19-12 To delete an SNMP host..................................... 19-11 Procedure 19-13 To delete an SNMP view .................................... 19-11 Configuring SNMP for anomaly, trend, and congestion alerts ................. 19-11 Procedure 19-14 To configure SNMP for anomaly, trend, and congestion alerts ............................................................ 19-11 SNMP commands...................................................................... 19-12 SNMP SET ........................................................................... 19-12 SNMP GET........................................................................... 19-12 SNMP TRAP ......................................................................... 19-12 SNMP MIBs ............................................................................. 19-15 Procedure 19-15 To access the SNMP MIBs ................................... 19-15
19.5 19.6
19.7 19.8
19.9
20 Motive API
20.1 20.2 20.3
20-1
20.4
Motive API ............................................................................... 20-2 Motive API security..................................................................... 20-3 Motive API user accounts ............................................................. 20-3 Procedure 20-1 To create a Motive API user account......................... 20-3 Procedure 20-2 To delete a Motive API user account......................... 20-3 Procedure 20-3 To display Motive API user accounts ......................... 20-4 Motive API CLI commands............................................................. 20-4 Adding Motive API subnets ......................................................... 20-4 Procedure 20-4 To add Motive API subnets..................................... 20-4 Deleting Motive API subnets ....................................................... 20-5 Procedure 20-5 To delete Motive API subnets ................................. 20-5 Displaying statistics and log files ................................................. 20-5 Procedure 20-6 To display Motive API statistics ............................... 20-6 Procedure 20-7 To display Motive API log file ................................. 20-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xv
Contents
GUI components
21 Dashboard view
21.1 21.2 21.3
21-1
21.4 21.5
21.6
21.7
9900 WNG Central Dashboard View overview...................................... 21-2 Dashboard features ................................................................. 21-2 Dashboard View components ......................................................... 21-2 Dashboard elements ................................................................ 21-4 Plotting elements in the Dashboard View .......................................... 21-5 Maximum number of element plots .............................................. 21-5 Plotting procedures ................................................................. 21-5 Procedure 21-1 To plot an element in the dashboard ........................ 21-5 Procedure 21-2 To configure mandatory parameters for element charts ........................................................................... 21-5 Dashboard View components and controls ......................................... 21-8 Element display controls ........................................................... 21-9 Axes controls......................................................................... 21-9 Configuring optional properties for dashboard elements ........................ 21-9 Procedure 21-3 To configure optional preferences for intensity tables.......................................................................... 21-10 Procedure 21-4 To configure optional properties for element charts.... 21-11 Modifying chart display properties ................................................ 21-12 Right-click customization options .............................................. 21-12 Configuring chart display properties ........................................... 21-12 Procedure 21-5 To configure chart display properties ..................... 21-13 Moving a dashboard chart to a new dashboard .................................. 21-13 Procedure 21-6 To move an chart to a new dashboard..................... 21-13
22-1
22.3
22.4
Real-time Events overview ........................................................... 22-2 Common features and components in the Real-time Events View .......... 22-2 Real-time Events common components.......................................... 22-2 Anomaly Events view .................................................................. 22-5 Anomaly Events view components................................................ 22-6 Event Details in the Anomaly Events view ...................................... 22-7 Filtering Anomaly Events........................................................... 22-8 Procedure 22-1 To filter Anomaly Events....................................... 22-8 Working in the Anomaly Events view............................................. 22-9 Performance Events view ........................................................... 22-10 Performance Events view components ........................................ 22-10 Configuring a Performance Events filter ...................................... 22-11 Procedure 22-2 To filter Performance Events ............................... 22-11 Working in the Performance Events view ..................................... 22-11 Anomaly History view................................................................ 22-12 Anomaly History menu components and functions........................... 22-12 Filtering Anomaly History records .............................................. 22-12 Procedure 22-3 To filter Anomaly History records .......................... 22-13 Anomaly History view components ............................................. 22-14 Working in the Anomaly History view .......................................... 22-14
xvi
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
23 Forensic View
23.1 23.2 23.3 23.4
23-1
Forensic View overview ............................................................... 23-2 Generating Forensic View reports ................................................ 23-2 Forensic View menu components .................................................... 23-2 Forensic View tab ................................................................... 23-2 Historic View tab .................................................................... 23-3 Forensic View reports ................................................................. 23-3 Forensic reports components...................................................... 23-4 Working in the Forensic View ........................................................ 23-5 Operations in the Forensic Events Details panel ............................... 23-5 Querying data in the Forensic Events Details panel ........................... 23-6 Opening the Mobile Flow view .................................................... 23-6
24 Topology view
24.1 24.2 24.3 24.4 24.5
24-1
Topology view overview............................................................... 24-2 Element Tables view................................................................... 24-2 Working in the Element Tables ................................................... 24-5 Network Graph view ................................................................... 24-6 Opening the Network Graphs view ............................................... 24-6 Network Graph components and controls ....................................... 24-7 Working in the Network Graphs view ............................................... 24-8 Display functions .................................................................... 24-8 Operations in the Network Graph view ........................................ 24-10 Provisioning operations using the Network Element tables ................... 24-11 Naming convention................................................................ 24-11 Bulk provisioning NE groups from the Element Tables ...................... 24-11 Procedure 24-1 To provision NEs in bulk using the Network Element table........................................................................... 24-11 Searching for NEs using the Network Element table......................... 24-12 Procedure 24-2 To search for NEs using the Network Element table .... 24-12
25-1
25.3 25.4
Network Forensic view overview .................................................... 25-2 Hop reports .......................................................................... 25-2 Network Element reports .......................................................... 25-2 Network Forensic view menu components ......................................... 25-2 Generating a Network Forensic report........................................... 25-3 Procedure 25-1 To generate a network forensic report ...................... 25-3 History tab ........................................................................... 25-4 Network Forensic reports components ............................................. 25-4 Network Forensic concise report components .................................. 25-5 Network Forensic detailed report components................................. 25-5 Working in the Network Forensic view.............................................. 25-7 Export functions ..................................................................... 25-7 Sort functions for table data ...................................................... 25-7 Operations in the Network Forensic view ....................................... 25-7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xvii
Contents
26 System View
26.1 26.2 26.3
26-1
26.4 26.5
System View overview................................................................. 26-2 System View menu icons .............................................................. 26-2 System Events view .................................................................... 26-2 System Events components ........................................................ 26-3 System Events display preferences ............................................... 26-4 Procedure 26-1 To filter system events......................................... 26-5 System History view ................................................................... 26-5 Working in the System View .......................................................... 26-6 Operations............................................................................ 26-6
27-1
Mobile Flow records overview........................................................ 27-2 Mobile Flow menu and query form components................................ 27-2 Generating Mobile Flow reports .................................................. 27-2 Procedure 27-1 To generate a Mobile Flow report ............................ 27-2 Mobile Flow record components ..................................................... 27-3 Event Details panel ................................................................. 27-5 Working in the Mobile Flow view .................................................... 27-7 Operations in the Mobile Flow Event Details panel ............................ 27-7 Opening Network Forensic reports from the Path tab......................... 27-8 Considerations regarding Mobile Flow measurements............................ 27-8 RTT measurements (in the Performance tab) .................................. 27-8 Throughput measurement (in the Performance tab) .......................... 27-8
28 CLI view
28.1
28-1 29-1
29 Subscriber view
29.1 29.2 29.3 29.4 29.5 29.6 29.7 29.8 29.9 29.10 29.11 29.12
Subscriber overview ................................................................... 29-2 Subscriber menu components ........................................................ 29-2 Subscriber view components ...................................................... 29-3 Active Reports and Historic Reports tabs........................................ 29-3 Characteristics of subscriber reports ............................................... 29-4 Generating subscriber reports ....................................................... 29-4 Acquiring subscriber IDs ............................................................ 29-4 Procedure 29-1 To configure and generate a subscriber report ............ 29-5 Components of subscriber reports................................................... 29-7 Statistics tab ............................................................................ 29-8 Top Applications tab................................................................... 29-8 Top Servers tab....................................................................... 29-10 Anomaly Events tab.................................................................. 29-11 Flow/Session tab ..................................................................... 29-11 Plots in the Flow/Session tab ................................................... 29-13 Flow Details button ............................................................... 29-14 Path tab components ................................................................ 29-14 Path panel interactions with Graphics view and Forensic reports......... 29-15 Billing tab ............................................................................. 29-15
xviii
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
30-1
30.4 30.5
30.6
Browser-based reporting overview .................................................. 30-2 Legacy reports ....................................................................... 30-2 Generating a browser-based report ................................................. 30-2 Procedure 30-1 To generate a browser-based report......................... 30-2 Input parameters page components................................................. 30-3 Report controls ...................................................................... 30-4 Filters ................................................................................. 30-4 Time parameter fields.............................................................. 30-4 Time zones ........................................................................... 30-5 Lag period to current time ........................................................ 30-5 Impact of daily summarization on early morning queries..................... 30-6 Report presentation page............................................................. 30-6 Tool tips .............................................................................. 30-6 Navigation icons on the presentation page ..................................... 30-6 Report types ............................................................................ 30-7 Time-series charts .................................................................. 30-7 Stacked area charts................................................................. 30-8 Cumulative distribution function charts ......................................... 30-9 Pie charts........................................................................... 30-10 Table reports ...................................................................... 30-11 Exporting reports..................................................................... 30-12 Export icons on the presentation page ........................................ 30-12 Exporting graphical reports to an Excel or a CSV file ....................... 30-13
31-1
Browser-based reports parameters overview ...................................... 31-2 Network resource usage reports ..................................................... 31-2 Description of network resource usage reports ................................ 31-2 Parameters overview for network resource usage reports ................... 31-4 Network statistics reports ............................................................ 31-5 Description of network statistics reports........................................ 31-5 Parameters overview for network statistics reports........................... 31-8 Network elements reports .......................................................... 31-10 Description of network element reports ...................................... 31-10 Parameters overview for network element reports ......................... 31-22 Common configuration options for network reports ......................... 31-24 Hop reports ........................................................................... 31-25 Description of hop reports ....................................................... 31-26 Parameters overview for hop reports .......................................... 31-27 Security reports ...................................................................... 31-28 Description of security reports.................................................. 31-28 Subscriber reports.................................................................... 31-29 Description of subscriber reports ............................................... 31-30 Parameters overview for subscriber reports .................................. 31-35
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xix
Contents
31.8
31.9 31.10
Applications reports ................................................................. Description of applications reports............................................. Parameters overview for applications reports................................ Configuring application parameters............................................ Devices reports ....................................................................... Description of device reports ................................................... Parameters overview for device reports ...................................... Troubleshooting ......................................................................
32-1
Subscriber Group Manager overview ................................................ 32-2 Interactions with web-based subscriber reports ............................... 32-2 Subscriber Group Manager page components ...................................... 32-2 Creating a subscriber group .......................................................... 32-3 Procedure 32-1 To create a subscriber group.................................. 32-3 Searching for a subscriber ............................................................ 32-4 Procedure 32-2 To search for a subscriber ..................................... 32-4 Changing the subscriber group view ................................................ 32-4 Procedure 32-3 To change the subscriber group view ........................ 32-4 Importing subscriber data ............................................................ 32-5 Procedure 32-4 To import subscriber data ..................................... 32-5
33-1
33.7
Threat detection and network anomalies overview .............................. 33-2 Threat detection in a CDMA network ............................................... 33-2 Inputs and outputs .................................................................. 33-3 Threat detection in a UMTS network................................................ 33-3 Inputs and outputs .................................................................. 33-5 High-level workflow to investigate an anomaly event ........................... 33-5 Procedure 33-1 To investigate an anomaly event ............................. 33-5 Network anomaly events.............................................................. 33-6 Wireless attack events ................................................................ 33-7 Signaling attacks from a single source ........................................... 33-7 Battery attacks from a single source............................................. 33-8 Distributed battery attacks ........................................................ 33-9 RNC overloads ..................................................................... 33-10 Single source mobile floods...................................................... 33-11 Distributed mobile floods ........................................................ 33-12 ICMP router discovery abuses ................................................... 33-13 Port scans and unwanted source events.......................................... 33-14 Horizontal port scan events ..................................................... 33-14 Vertical port scan events ........................................................ 33-15 Unwanted source .................................................................. 33-16
xx
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
33.8
33.9
Abusive subscriber events .......................................................... High-usage subscriber events ................................................... High signaling subscriber event ................................................. Always-active subscriber ......................................................... Peer-to-peer mobile traffic events............................................. Specifying the threshold values for anomaly events............................ Procedure 33-2 To specify the threshold values for an anomaly event ..........................................................................
34-1 35-1
35 Managing licenses
35.1 35.2
Viewing the current license status .................................................. 35-2 Procedure 35-1 To view licensing information using the CLI ................ 35-2 Viewing license violation system events............................................ 35-2
36-1
36.2
User account management overview................................................ 36-2 Roles .................................................................................. 36-2 Privileges ............................................................................. 36-2 Passwords............................................................................. 36-3 Managing user accounts ............................................................... 36-4 Creating a user account ............................................................ 36-5 Procedure 36-1 To create a user account with CLI, GUI, and Reports roles ............................................................................. 36-5 Changing passwords................................................................. 36-5 Procedure 36-2 To change the password for another user................... 36-6 Procedure 36-3 To change your password using the CLI ..................... 36-6 Procedure 36-4 To change your password using the GUI ..................... 36-6 Modifying privileges................................................................. 36-7 Procedure 36-5 To modify the privileges for a role ........................... 36-7 Modifying the name of an account ............................................... 36-7 Procedure 36-6 To modify the name of an account........................... 36-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
xxi
Contents
36.3
Setting the password timeout ..................................................... 36-8 Procedure 36-7 To reset the default timeout for all passwords ............ 36-8 Procedure 36-8 To reset the default timeout for a specific password ..... 36-8 Setting the idle timeout............................................................ 36-9 Procedure 36-9 To set the idle timeout for user accounts................... 36-9 Disconnecting users ................................................................. 36-9 Procedure 36-10 To disconnect one or all users from active GUI sessions ......................................................................... 36-9 Deleting user accounts ........................................................... 36-10 Procedure 36-11 To delete a user account ................................... 36-10 Monitoring user accounts ........................................................... 36-10 Displaying user accounts ......................................................... 36-11 Procedure 36-12 To display CLI, GUI, and Reports roles that are on the 9900 WNG Central ...................................................... 36-11 Procedure 36-13 To display user accounts with a pattern ................. 36-12 Displaying idle timeouts.......................................................... 36-12 Procedure 36-14 To display the idle timeout for the GUI and Reports roles ................................................................. 36-12
37-1
37.4
37.5
Monitoring the 9900 WNG system.................................................... 37-2 Monitoring the 9900 WNG using log files ........................................... 37-2 Procedure 37-1 To view 9900 WNG log files using CLI ........................ 37-3 Sample log reports .................................................................. 37-3 Monitoring GUI reports and queries ............................................... 37-10 Subscriber Report ................................................................. 37-11 Network Forensic Element Report.............................................. 37-11 Network Forensic Hop Report ................................................... 37-11 Mobile Flow Query ................................................................ 37-12 Measuring system performance .................................................... 37-12 show stats .......................................................................... 37-13 show memory ...................................................................... 37-16 show system........................................................................ 37-17 show backhaul ..................................................................... 37-18 show compressionStatus ......................................................... 37-18 show top ............................................................................ 37-18 Monitoring a remote 9900 WNG Central and Detector using the BMC ....... 37-29 Procedure 37-2 To monitor a 9900 WNG Detector or Central remotely using the BMC .................................................... 37-30 Displaying the health status of the 9900 WNG Detector or Central ....... 37-31 Procedure 37-3 To display the health status of the 9900 WNG Detector or Central ......................................................... 37-31 Displaying the sensor status of the 9900 WNG Central or Detector ....... 37-31 Procedure 37-4 To display the sensor status of the 9900 WNG Central or Detector ......................................................... 37-32
xxii
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Contents
38 System events
38.1 38.2 38.3 38.4 38.5 38.6 38.7 38.8 38.9 38.10 38.11 38.12 38.13 38.14
38-1
System events overview............................................................... 38-2 Viewing system events ............................................................. 38-2 System Event types ................................................................. 38-2 License Violation system event ...................................................... 38-2 Link Down system event .............................................................. 38-3 Clearing a Link Down event........................................................ 38-3 Process Down system event .......................................................... 38-3 Process Start system event ........................................................... 38-4 CPU Usage system event .............................................................. 38-4 Disk Usage system event .............................................................. 38-4 Exceptions for the 9900 WNG Central root partition .......................... 38-5 Memory Usage system event ......................................................... 38-5 No Packet system event............................................................... 38-6 Packet Drop system event ............................................................ 38-6 Line rate threshold system event.................................................... 38-6 Queue Usage system event ........................................................... 38-7 Hardware Failure system event ...................................................... 38-8 Swap Usage system event............................................................. 38-8
Database administration
39 Backup and restore
39.1
39-1
39.2
39.3
39.4 39.5
Backup and restore overview ........................................................ 39-2 Recommended frequency of full database backups ........................... 39-2 Restoring backup data.............................................................. 39-3 Location of backup and restore files ............................................. 39-3 Accessing SCP locations ............................................................ 39-3 Backup filename format ........................................................... 39-3 Backing up 9900 WNG Central files.................................................. 39-4 Procedure 39-1 To back up 9900 WNG Central files .......................... 39-4 Incremental backups of the reports database .................................. 39-5 Procedure 39-2 To perform an incremental backup of the reports database ........................................................................ 39-5 Restoring 9900 WNG Central files ................................................... 39-5 Procedure 39-3 To restore 9900 WNG Central files ........................... 39-5 Incrementally restoring report database files .................................. 39-6 Procedure 39-4 To restore reports database increments .................... 39-6 Backing up 9900 WNG Detector files ................................................ 39-7 Procedure 39-5 To backup a 9900 WNG Detector ............................. 39-7 Restoring 9900 WNG Detector files.................................................. 39-7 Procedure 39-6 To restore a 9900 WNG Detector ............................. 39-7
Glossary
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA xxiii
Contents
Index
xxiv
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900
WIRELESS NETWORK GUARDIAN | RELEASE 2.1
PLANNING, INSTALLATION, AND UPGRADE GUIDE
Alcatel-Lucent Proprietary This document contains proprietary information of Alcatel-Lucent and is not to be disclosed or used except in accordance with applicable agreements. Copyright 2010 Alcatel-Lucent. All rights reserved.
Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Copyright 2010 Alcatel-Lucent. All rights reserved.
Disclaimers
Alcatel-Lucent products are intended for commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The customer hereby agrees that the use, sale, license or other distribution of the products for any such application without the prior written consent of Alcatel-Lucent, shall be at the customer's sole risk. The customer hereby agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the products in such applications. This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation. Alcatel-Lucent assumes no responsibility or liability for incorrect or incomplete information provided about non-Alcatel-Lucent products. However, this does not constitute a representation or warranty. The warranties provided for Alcatel-Lucent products, if any, are set forth in contractual documentation entered into by Alcatel-Lucent and its customers. This document was originally written in English. If there is any conflict or inconsistency between the English version and any other version of a document, the English version shall prevail.
1. LICENSE
1.1 Subject to the terms and conditions of this Agreement, Alcatel-Lucent grants to Customer and Customer accepts a nonexclusive, nontransferable license to use any software and related documentation provided by Alcatel-Lucent pursuant to this Agreement ("Licensed Program") for Customer's own internal use, solely in conjunction with hardware supplied or approved by Alcatel-Lucent. In case of equipment failure, Customer may use the Licensed Program on a backup system, but only for such limited time as is required to rectify the failure. Customer acknowledges that Alcatel-Lucent may have encoded within the Licensed Program optional functionality and capacity (including, but not limited to, the number of equivalent nodes, delegate workstations, paths and partitions), which may be increased upon the purchase of the applicable license extensions. Use of the Licensed Program may be subject to the issuance of an application key, which shall be conveyed to the Customer in the form of a Supplement to this End User License Agreement. The purchase of a license extension may require the issuance of a new application key.
1.2
1.3
2.2
3. TERM
3.1 This Agreement shall become effective for each Licensed Program upon delivery of the Licensed Program to Customer.
iii
3.2
Alcatel-Lucent may terminate this Agreement: (a) upon notice to Customer if any amount payable to Alcatel-Lucent is not paid within thirty (30) days of the date on which payment is due; (b) if Customer becomes bankrupt, makes an assignment for the benefit of its creditors, or if its assets vest or become subject to the rights of any trustee, receiver or other administrator; (c) if bankruptcy, reorganization or insolvency proceedings are instituted against Customer and not dismissed within 15 days; or (d) if Customer breaches a material provision of this Agreement and such breach is not rectified within 15 days of receipt of notice of the breach from Alcatel-Lucent. Upon termination of this Agreement, Customer shall return or destroy all copies of the Licensed Program. All obligations of Customer arising prior to termination, and those obligations relating to confidentiality and nonuse, shall survive termination.
3.3
4. CHARGES
4.1 Upon shipment of the Licensed Program, Alcatel-Lucent will invoice Customer for all fees, and any taxes, duties and other charges. Customer will be invoiced for any license extensions upon delivery of the new software application key or, if a new application key is not required, upon delivery of the extension. All amounts shall be due and payable within thirty (30) days of receipt of invoice, and interest will be charged on any overdue amounts at the rate of 1 1/2% per month (19.6% per annum).
iv
6.2
ALCATEL-LUCENT EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, REPRESENTATIONS, COVENANTS OR CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OR REPRESENTATIONS OF WORKMANSHIP, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, DURABILITY, OR THAT THE OPERATION OF THE LICENSED PROGRAM WILL BE ERROR FREE OR THAT THE LICENSED PROGRAMS WILL not INFRINGE UPON ANY THIRD PARTY RIGHTS. Alcatel-Lucent shall defend and indemnify Customer in any action to the extent that it is based on a claim that the Licensed Program furnished by Alcatel-Lucent infringes any patent, copyright, trade secret or other intellectual property right, provided that Customer notifies Alcatel-Lucent within ten (10) days of the existence of the claim, gives Alcatel-Lucent sole control of the litigation or settlement of the claim, and provides all such assistance as Alcatel-Lucent may reasonably require. Notwithstanding the foregoing, Alcatel-Lucent shall have no liability if the claim results from any modification or unauthorized use of the Licensed Program by Customer, and Customer shall defend and indemnify Alcatel-Lucent against any such claim. Alcatel-Lucent Products are intended for standard commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The Customer hereby agrees that the use, sale, license or other distribution of the Products for any such application without the prior written consent of Alcatel-Lucent, shall be at the Customer's sole risk. The Customer also agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the Products in such applications.
6.3
6.4
7. LIMITATION OF LIABILITY
7.1 IN NO EVENT SHALL THE TOTAL COLLECTIVE LIABILITY OF ALCATEL-LUCENT, ITS EMPLOYEES, DIRECTORS, OFFICERS OR AGENTS FOR ANY CLAIM, REGARDLESS OF VALUE OR NATURE, EXCEED THE AMOUNT PAID UNDER THIS AGREEMENT FOR THE LICENSED PROGRAM THAT IS THE SUBJECT MATTER OF THE CLAIM. IN NO EVENT SHALL THE TOTAL COLLECTIVE LIABILITY OF ALCATEL-LUCENT, ITS EMPLOYEES, DIRECTORS, OFFICERS OR AGENTS FOR ALL CLAIMS EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO ALCATEL-LUCENT HEREUNDER. NO PARTY SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, WHETHER OR not SUCH DAMAGES ARE FORESEEABLE, AND/OR THE PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The foregoing provision limiting the liability of Alcatel-Lucent's employees, agents, officers and directors shall be deemed to be a trust provision, and shall be enforceable by such employees, agents, officers and directors as trust beneficiaries.
7.2
8. GENERAL
8.1 Under no circumstances shall either party be liable to the other for any failure to perform its obligations (other than the payment of any monies owing) where such failure results from causes beyond that party's reasonable control. This Agreement constitutes the entire agreement between Alcatel-Lucent and Customer and supersedes all prior oral and written communications. All amendments shall be in writing and signed by authorized representatives of both parties. If any provision of this Agreement is held to be invalid, illegal or unenforceable, it shall be severed and the remaining provisions shall continue in full force and effect. The Licensed Program may contain freeware or shareware obtained by Alcatel-Lucent from a third party source. No license fee has been paid by Alcatel-Lucent for the inclusion of any such freeware or shareware, and no license fee is charged to Customer for its use. The Customer agrees to be bound by any license agreement for such freeware or shareware. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE THIRD PARTY SOURCE PROVIDES NO WARRANTIES AND SHALL HAVE NO LIABILITY WHATSOEVER IN RESPECT OF CUSTOMER'S POSSESSION AND/OR USE OF THE FREEWARE OR SHAREWARE. Alcatel-Lucent shall have the right, at its own expense and upon reasonable written notice to Customer, to periodically inspect Customer's premises and such documents as it may reasonably require, for the exclusive purpose of verifying Customer's compliance with its obligations under this Agreement. All notices shall be sent to the parties at the addresses listed above, or to any such address as may be specified from time to time. Notices shall be deemed to have been received five days after deposit with a post office when sent by registered or certified mail, postage prepaid and receipt requested. If the Licensed Program is being acquired by or on behalf of any unit or agency of the United States Government, the following provision shall apply: If the Licensed Program is supplied to the Department of Defense, it shall be classified as "Commercial Computer Software" and the United States Government is acquiring only "restricted rights" in the Licensed Program as defined in DFARS 227-7202-1(a) and 227.7202-3(a), or equivalent. If the Licensed Program is supplied to any other unit or agency of the United States Government, rights will be defined in Clause 52.227-19 or 52.227-14 of the FAR, or if acquired by NASA, Clause 18-52.227-86(d) of the NASA Supplement to the FAR, or equivalent. If the software was acquired under a contract subject to the October 1988 Rights in Technical Data and Computer Software regulations, use, duplication and disclosure by the Government is subject to the restrictions set forth in DFARS 252-227.7013(c)(1)(ii) 1988, or equivalent. Customer shall comply with all export regulations pertaining to the Licensed Program in effect from time to time. Without limiting the generality of the foregoing, Customer expressly warrants that it will not directly or indirectly export, reexport, or transship the Licensed Program in violation of any export laws, rules or regulations of Canada, the United States or the United Kingdom.
8.2
8.3
8.4
8.5
8.6
8.7
8.8
vi
8.9
No term or provision of this Agreement shall be deemed waived and no breach excused unless such waiver or consent is in writing and signed by the party claimed to have waived or consented. The waiver by either party of any right hereunder, or of the failure to perform or of a breach by the other party, shall not be deemed to be a waiver of any other right hereunder or of any other breach or failure by such other party, whether of a similar nature or otherwise.
8.10 This Agreement shall be governed by and construed in accordance with the laws of the Province of Ontario. The application of the United Nations Convention on Contracts for the International Sale of Goods is hereby expressly excluded.
vii
viii
1-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1-2 1-2
1.2 9900 WNG Detector and Central 1.3 9900 WNG hardware 1.4 9900 WNG software 1-5 1-6
1-7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1-1
1.1
1.2
The connections between the 9900 WNG and other NEs in a wireless data CDMA network are shown in Figure 1-2.
1-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1 9900 WNG system architecture Figure 1-2 Network architecture for a CDMA environment
NMS
AAA
RNC
BTS
RNC BTS
The 9900 WNG supports UMTS networks. The connections between the 9900 WNG and other network elements in a UMTS network are shown in Figure 1-3.
Figure 1-3 Network architecture for a UMTS environment
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1-3
UMTS environment
supports up to two million packets per second or up to 4 Gb/s, whichever is lower supports up to one million subscriber sessions supports up five million simultaneous flows tracks information from the subscriber registration activities to associate the dynamically assigned IP address with the user device identification and network path infers loads across the wireless data network by watching signaling and data traffic detects wireless 3G/4G network anomaly behavior using proprietary algorithms monitors individual subscriber session behavior (Mobile Flow records) monitors mobile-to-mobile and Internet-to-mobile traffic
In the UMTS environment, the 9900 WNG Detector observes mirrored IP traffic on two interfaces: between the AAA Server and the SGSN (Serving GPRS Service Node) and between the SGSN and the GGSN (Gateway GPRS Service Node). It is expected that an available Ethernet port from each of these interfaces is available from a switch or router within the Service Providers network. To avoid congestion on the capture ports, the capture port speed shall match or exceed the snooped interface. The 9900 WNG Detector snoops the path to the mirrored AAA Server for information regarding active mobile IP data sessions and reports anomalous behavior to the 9900 WNG Central. The 9900 WNG Detector supports CDMA technology and Universal Mobile Telecommunications System (UMTS) technology at the same time.
1-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
UMTS environment
configures and manages 9900 WNG Detectors in the system as well as itself supports up to 10 Detectors provides GUI and CLI capabilities collects, stores, and reports event data and notifications from the Detectors provides a status display of the 9900 WNG system and provides the ability to relay status and alarm information on external and internal interfaces as needed by the configuration provides the WSP with a user-friendly means of observing, recording, and interpreting the alarms and reports on anomaly status downloads software upgrades to the Detectors manages events at an aggregated average rate of 2500 events per second manages servers at a peak rate of 10 000 events per second
The 9900 WNG Central has an EMS and also supports a northbound system log and Simple Network Management Protocol (SNMP) interface to the Network Management Systems (NMS), if required.
1.3
Multi-core server 32GB RAM, 667 MHZ DIMMS. six hot-swappable 2.5 SAS HDD media storage, with at least 146GB space per
HDD
4 x 1Gbps Gigabit Ethernet NIC Up to four SFP modules (optical or copper) BMC
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1-5
Dual DC, 600W power supplies or Dual AC power supplies 32 Gb memory server (TIGH2U)
The 9900 WNG Detector is a NEBS-3 and ETSI certified product that is suited for a host of applications in the Telecom Central Office and industrial environment.
Multi-core server 32GB RAM, 667 MHZ DIMMS six hot-swappable 2.5 SAS HDD media storage, with at least 146GB space per
HDD CD-ROM and/or DVD-ROM BMC Dual DC, 600W power supplies or Dual AC power supplies
1.4
Performs traffic analysis Runs a CLI Hosts a GUI Processes anomaly event streams from the 9900 WNG Detector Generates alarms Produces reports Reports to northbound network and security operations platforms
1-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1.5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1-7
1-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-2 2-2
2.2 9900 WNG Central and Detector server planning 2.3 9900 WNG Central planning 2.4 9900 WNG Detector planning 2-2 2-3 2-11
2.5 IP addresses and port numbers planning 2.6 Site preparation planning 2-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-1
2.1
Planning overview
You must consider the following before for you use the 9900 WNG in your network:
evaluate the current network capacity for optimum use of the 9900 WNG determine the appropriate physical location of the 9900 WNG Central and
Detector identify the necessary equipment for 9900 WNG implementation
2.2
2.3
co-location with one or more 9900 WNG Detectors in a geographic cluster where it is accessible for physical maintenance needs AC and DC power supply options are available other locations, as determined by organizational requirements the Central management port must be connected to a LAN that is accessible for remote monitoring because the user interfaces are on the 9900 WNG Central
average rate feed of 2000 events/s from all 9900 WNG Detectors peak rate feed of 10000 events/s from all 9900 WNG Detectors
2-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2.4
Internet
AAA HA Home network PDSN PDSN PDSN HA Roaming network PDSN AAA
21188
Internet
21187
Processing data
Table 2-2 describes the data that is processed by the 9900 WNG Detectors based on the network type.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-3
2 9900 WNG planning Table 2-2 Data collection by the 9900 WNG Detector
Network 3GPP2/CDMA Data collected
All incoming/outgoing subscriber data traffic Simple IP MIP: IP-IP tunneled Signaling traffic to relate IP traffic to subscriber/device/network elements MIP signaling traffic AAA accounting records (A11 signaling traffic) All incoming/outgoing subscriber data traffic mobile IP (MIP): IP-IP tunneled (GTP-U packets between SGSN and GGSN) Signaling traffic to relate IP traffic to subscriber/device/network elements AAA accounting records (GTP-C signaling packets between SGSN and GGSN)
3GPP/UMTS
3GPP2/CDMA networks PDSN and Home Agent PDSN and AAA (accounting records only) (A11 interface to PDSN) 3GPP/UMTS networks SGSN and GGSN
Tap feeds are mirrored from a router or switch at the tap points, and sent to the 9900 WNG Detector. Tap feeds that lose packets reduce the accuracy of the 9900 WNG Detector. This out-of-band capability of the 9900 WNG Detector means that any downtime is not service affecting to the network. The 9900 WNG Detector can support four 1 Gb/s tap ports or one 10 Gb/s tap port. The 9900 WNG Detector can be configured with optical or copper SFPs (or a mix) tap ports to support 1000TX (copper), and 1000SX (multimode optical) physical tapping points. If the number of tap feeds is greater than the number of ports available on the 9900 WNG Detector, you can use an external aggregator to condense multiple taps into the ports on the 9900 WNG Detector.
Note Aggregated feeds that are mapped on a single tap port must not exceed the maximum line rate of the port, or packets are lost.
2-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
geographic placement of tapping points to feed the 9900 WNG Detector number of tapping points required to analyze the entire wireless network traffic
to capture all PDSN-to-HA and PDSN-to-AAA (accounting links) and PDSN A11 interface in a CDMA environment, and SGSN-to-GGSN links in a UMTS environment. anticipated number of simultaneous active subscriber sessions to observe at one 9900 WNG Detector and also collectively in the entire network as an appropriate product license is required. See chapter 6 for more information. anticipated traffic rate fed into one 9900 WNG Detector for analysis. In some cases, the captureVLAN CLI command can be used to restrict the number of packets fed into a 9900 WNG Detector by filtering the packet feed to only include the appropriate VLAN traffic that the Detector needs to analyze. the data rate of the events that are generated by one 9900 WNG Detector to the 9900 WNG Central must not exceed the data connection link for the management connection between the 9900 WNG Detector and 9900 WNG Central. The eventrate CLI command can be used to provide traffic limiting on this management link to match the physical link to provide smoothing of event feed to the 9900 WNG Central. Estimating exact rules of deployment based on the above considerations depends on several factors and may change from deployment to deployment, the nature of traffic analyzed in the wireless network, and anticipated rate of traffic growth. Contact your Alcatel-Lucent technical support representative for support in planning your network deployment.
9900 WNG Detector specifications
up to four capture ports that can aggregate packets for analysis from traffic taps
(unidirectional or bidirectional). A 9900 WNG Detector is equipped with either four ports with a maximum line rate of 1 Gb/s, or one port with a maximum line rate of 10 Gb/s. maximum packet processing of 2 million packets per second up to 1 million simultaneous active subscriber data sessions monitored up to 2 million simultaneous active flows monitored
Network technology
The 9900 WNG Detector supports both CDMA and UMTS technologies.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-5
CDMA
The 9900 WNG Detector supports CDMA technology as per the 3GPP2 standards. This includes 1xRTT, EV-DO rev 0, and EV-DO rev A. The Detector can be used to analyze both MobileIP and SimpleIP sessions by decoding MobileIP signaling (PDSN-to-HA link) and AAA/RADIUS accounting records (PDSN-to-AAA link). The mode in which the Detector operates can be set with the deploymentMode command to process MobileIP only, SimpleIP only, or both MobileIP and SimpleIP sessions.
UMTS
In a UMTS environment, the Detector monitors the GPRS Tunneling Protocol (GTP) messages (GTP-C and GTP-U packets) across the Gn interface between the Serving GPRS Service Node (SGSN) and the Gateway GPRS Service Node (GGSN).
Southbound of the HA (CDMA) Northbound of the PDSN (CDMA) Southbound of the GGSN (UMTS) Northbound of the SGSN (UMTS)
For 3GPP2/CDMA networks, the PDSN-AAA accounting records and optionally the A11 interface must be tapped and fed to the 9900 WNG Detector.
Figure 2-3 shows a 9900 WNG Detector installed southbound of the HA in a CDMA network.
2-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
One 9900 WNG Detector can handle higher traffic loads from a larger section of
the wireless service provider network (that is, several PDSNs) subject to the limits of the Detector specifications given earlier in this section of the document. The ability to observe the wireless service provider's own roaming subscribers' traffic when the subscribers are served by a foreign PDSN on a roaming partner network. The support for MobileIP only subscribers. SimpleIP traffic is not seen when deployed southbound of Home Agent. The ability to report on inter-PDSN traffic, which s includes inter-PDSN handoff reports and session state tracking capability across PDSNs.
Note When deployed southbound of the Home Agent, a separate tap or feed must be provided for the AAA/RADIUS accounting records and, optionally, for the A11 interface.
Figure 2-4 shows a 9900 WNG Detector installed northbound of the PDSN in a CDMA network.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-7
Placement of the 9900 WNG Detector northbound of the PDSN provides the following features and advantages:
useful in large wireless networks where the amount of network traffic exceeds the
capacity of one 9900 WNG Detector support can be provided for both MobileIP and SimpleIP data sessions served by the PDSN observation of all PDSN-to-AAA/RADIUS accounting records can be provided on the same tap point near the PDSN analyzes traffic for subscribers from roaming partners as they roam onto the network served by the PDSN
Note 1 Deploying northbound of the PDSN results in the
appearance of a new session when a subscriber roams inter-PDSN. The HA handoff report is not applicable in this configuration.
Note 2 The placement of the 9900 WNG Detector should be such
that one 9900 WNG Detector sees the MobileIP signaling or the AAA/RADIUS accounting signaling or both that corresponds to the bearer traffic that it observes. Optionally, the A11 interface may also be processed.
2-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Figure 2-5 shows a 9900 WNG Detector installed southbound of the GGSN in a UMTS network.
Figure 2-5 Southbound of the GGSN (UMTS)
Placement southbound of the GGSN provides the following features and advantages:
one 9900 WNG Detector can support higher traffic loads from a larger section of
the wireless service provider network (several SGSNs) subject to the limits of the 9900 WNG Detector specifications ability to observe subscriber traffic when the subscriber is served by a SGSN on a roaming partner network. provides reports for inter-SGSN traffic, which includes inter-SGSN handoff reports and session state tracking capacity across SGSNs
Northbound of the SGSN
Figure 2-6 shows a 9900 WNG Detector installed northbound of the SGSN in a UMTS network.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-9
Placement of the 9900 WNG Detector northbound of the SGSN provides the following features and advantages:
useful in large wireless networks where the amount of network traffic exceeds the
capacity of one 9900 WNG Detector
analyzes traffic for subscribers from roaming partners as they roam onto the
network served by the SGSN
2-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2.5
Additional interfaces
In addition to configuring the IP addresses of the 9900 WNG Central and Detector, the following IP addresses should be known in order to provide configuration for other features:
IP address of NTP server for obtaining clock/time synchronization IP address of SNMP network management server so that the 9900 WNG system
events can be reported to an external SNMP management server. SNMP reporting is optional. port numbers are required for accessing the 9900 WNG Central. The <central IP> in the following example is the address that is given to the 9900 WNG Central management port. The BMC IP address is the out-of-band management port that is used for remote console and remote power cycle.
IN: allow in from <ext> to <central IP> TCP port 22,80,443,3306,52802,52806 allow in from <ext> to <central IP> UDP port 161 allow in from <ext> to <BMC> TCP port 80,443 allow in from <ext> to <BMC IPs> TCP port 623 allow in from <ext> to <BMC IPs> UDP port 623 OUT: Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
[for snmp]
2-11
allow out from <central IP> to <ext> UDP port 162 [for snmp] allow out from <central IP> to <ext> UDP port 123 [for NTP] <ext> = your external network/mask or specific IP <central IP> = IP of eth0 on 9900 WNG Central <BMC> = IPs of all the BMC modules in central and detector
2.6
An additional clearance of 1.5 inches (38 mm) is required behind the server for cable bend allowance.
External disk array specifications
Table 2-4 describes the dimensions of the external disk array that is included with the 9900 WNG Central.
Table 2-4 External disk array dimensions
Dimension Height Width Depth (1 of 2) Value 3.39 inches (87.6 mm) 17.66 inches (435.3 mm) 21.26 inches (540 mm)
2-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Value 30 inches (760 mm) 24 inches (620 mm) 59.55 lbs (15.8 kg)
Rack-mount requirements
The 9900 WNG Central and Detectors, and the external disk array that must be mounted in a customer-supplied rack.
19 racks supported are 2-post and 4-post racks with Electronic Industry
Association (EIA) Universal and EIA wide hole spacing.
23 racks supported are 2-post and 4-post racks with EIA Universal, EIA wide
and European Telecommunications Standards Institute (ETSI) hole spacing. The rack mount kits can be installed in 2-post racks with equipment mounting posts from 3 to 5 inches deep. The rack mount kits can be installed in 4-post racks with front equipment mounting rail to rear equipment mounting rail distance not exceeding 24 inches. Mounting hardware for 19 racks is included. Mounting extension plates for 23 racks are included. These extension plates allow the 19" rack mount system to be installed in a 23 frame.
Power requirements
Depending on the customer needs, the power supply is either DC (600 W) or AC. The AC and DC versions can be used in either an operations data center or a central office. Typically, data centers use the AC version and a central office uses the DC version. The power supply (AC or DC) is redundant and is supplied on separate power buses. Table 2-5 describes the power requirements.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-13
Maximum continuous output power: 604 W Maximum continuous current output @ -48VDC: 12.6 A Peak power: 680 W Peak current @ -48V: 14.2 A Chassis input voltage range: -40.0 to -60.0 V Power supply: two hot swappable 600W power supplies Number of power feeds: two pairs Supplied DC power cable assemblies: Two 1-ft cables Two 14-ft cables The power supply shuts down when input drops below 36 VDC and powers back up when DC input returns to >36 VDC. Input voltage range: -36 to -72 VDC Power consumption: 530 W Current at -48 VDC: 11 A
Maximum continuous power: 604 W Maximum continuous current output @ 110VAC: 5.5 A Maximum continuous current output @ 220VAC: 2.75 A Peak Power: 680 W Peak current @ 110VAC: 6.2 A Peak current @ 220VAC: 3.1 A Chassis input voltage range: 100-127 V or 200-240 V Power supply: Two hot swappable 600 W AC power supplies Number of power feeds: 2 pairs Supplied AC power cable assembly: Two 6-foot US AC 110 V power cords Input voltage range: 90 to 264 VAC Power consumption: 530 W
A power distribution unit is not required. However, if present, the fuse recommendation is 20A.
Cabling requirements
The following describes the cabling requirements:
Supplied: Power cables for the 9900 WNG Central and 9900 WNG Detector, and
an SAS cable to connect the external disk array to the 9900 WNG Central Supplied equipment ground cables: The DC chassis provides two threaded studs for chassis enclosure grounding. A single 45 standard barrel #14 -10 AWG conductor/-6 AWG barrel must be used for proper safety grounding.
2-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Environmental requirements
Consider the following environmental requirements when are choosing a location for your 9900 WNG equipment.
Locating the equipment
The system is designed to operate in a typical office environment. Choose a site that is:
clean, dry, and free of airborne particles (other than normal room dust) well-ventilated and away from sources of heat including direct sunlight and
radiators
away from sources of vibration or physical shock isolated from strong electromagnetic fields produced by electrical devices in regions that are susceptible to electrical storms, we recommend you plug your
system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm provided with a properly grounded wall outlet (AC) or appropriate power connections DC) provided with sufficient space to access the power supply cords
Temperature
The temperature in which the server operates when installed in an equipment rack must not go below 5C (41F) or rise above 35C (95F). Extreme fluctuations in temperature can cause a variety of problems in your server.
Ventilation
The equipment rack must provide sufficient airflow to the front of the server to maintain proper cooling. The rack must also include ventilation sufficient to exhaust a maximum of 1200 BTU/h for the server. The rack selected and the ventilation provided must be suitable to the environment in which the server is to be used.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
2-15
2-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Hardware installation
3-1 4-1
5 Powering up, powering down, and resetting 9900 WNG components 5-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
3-2 3-3
3.2 Product use and safety guidelines 3.3 Regulatory specifications 3-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
3-1
3.1
Safety hazards
Hazard statements describe the safety risks relevant while performing tasks on Alcatel-Lucent products during deployment and/or use. Failure to avoid the hazards may have serious consequences.
Signal words
The signal words that identify the hazard severity levels are described in Table 3-1.
Table 3-1 Signal words for hazard severity
Signal word DANGER WARNING CAUTION Description Indicates an imminently hazardous situation (high risk) which, if not avoided, results in death or serious injury. Indicates a potentially hazardous situation (medium risk) which, if not avoided, could result in death or serious injury. Indicates a potentially hazardous situation (low risk) which, if not avoided, may result in personal injury or property damage, such as service interruption or damage to equipment or other materials.
3-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This equipment is only suited for permanent connection. Before connecting the power supply, establish a grounding connection.
Caution Components can be damaged by static discharges.
The following rules must be followed when handling any module containing semiconductor components:
3.2
Conform to local occupational health and safety requirements when moving and
lifting equipment. Use mechanical assistance or other suitable assistance when moving and lifting equipment. To reduce the weight for easier handling, remove any easily detachable components.
3-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
A microprocessor and heat sink can be hot if the system has been running. Also,
there can be sharp pins and edges on some board and chassis parts. Contact should be made with care. Consider wearing protective gloves. Danger of explosion if the battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the equipment manufacturer. Dispose of used batteries according to manufacturers instructions.
Safety steps
Whenever you remove the chassis covers to access the inside of the system, follow these steps:
Turn off all peripheral devices connected to the system. Turn off the system by pressing the power button. Unplug all AC power cords from the system or from wall outlets. Label and disconnect all cables connected to I/O connectors or ports on the back of the system. Provide electrostatic discharge (ESD) protection by wearing an antistatic wrist strap attached to chassis ground of the systemany unpainted metal surfacewhen handling components. After you have completed the safety steps, remove the system covers. To do this:
Unlock and remove the padlock from the back of the system if a padlock has been
installed.
Remove and save all screws from the covers. Remove the covers. Cooling and airflow
For proper cooling and airflow, always reinstall the chassis covers before turning on the system. Operating the system without the covers in place can damage system parts. To install the covers:
Check first to make sure you have not left loose tools or parts inside the system. Check that cables, add-in boards, and other components are properly installed. Attach the covers to the chassis with the screws removed earlier, and tighten them
firmly. Insert and lock the padlock to the system to prevent unauthorized access inside the system. Connect all external cables and the AC power cords to the system.
Power supply
The power supply in this product contains no user-serviceable parts. There may be more than one supply in this product. Refer servicing only to qualified personnel.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
3-5
To avoid electrical shock or fire, check the power cords to be used with the
product as follows: Do not attempt to modify or use the AC power cords if they are not the exact type required to fit into the grounded electrical outlets. The power cords must meet the following criteria: The power cord must have an electrical rating that is greater than that of the electrical current rating marked on the product. The power cord must have safety ground pin or contact that is suitable for the electrical outlet. The power supply cords are the main disconnect device to AC power. The socket outlets must be near the equipment and readily accessible for disconnection. The power supply cords must be plugged into socket-outlets that are provided with a suitable earth ground. Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. A product with more than one power supply has a separate AC power cord for each supply.
3.3
Regulatory specifications
The 9900 WNG meets the specifications and regulations for safety and EMC described in this chapter.
USA/Canada: UL 60950-1, 1st Edition/CSA 22.2 Europe: Low Voltage Directive 2006/95/EC to EN60950-1, 1st Edition Product EMC Compliance - Class A Compliance
The 9900 WNG has been has been tested and verified to comply with the following electromagnetic compatibility (EMC) regulations:
USA: FCC 47 CFR Parts 2 and 15, Verified Class A Limit Canada: IC ICES-003 Class A Limit International: CISPR 22, Class A Limit, CISPR 24 Immunity Electromagnetic
Compatibility Notices
3-6 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Europe: EMC Directive, 2004/108/EEC EN 300-386 - Electromagnetic Compatibility and Radio spectrum Matters (ERM) EN55022, Class A Limit, Radiated & Conducted Emissions EN55024 Immunity Characteristics for ITE EN61000-4-2 ESD Immunity (level 2 contact discharge, level 3 air discharge) EN61000-4-3 Radiated Immunity (level 2) EN61000-4-4 Electrical Fast Transient (level 2) EN61000-4-5 Surge EN61000-4-6 Conducted RD EN61000-3-2 Harmonic Currents EN61000-3-3 Voltage Flicker
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
3-7
3-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4.1 9900 WNG Detector and Central server installation overview 4-2 4.2 Power requirements 4.3 Receiving the shipment 4-3 4-5 4-6
4.4 Installing the 9900 WNG server in a rack 4.5 Grounding a DC-powered server 4.6 Connecting the cables 4-17 4-15
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-1
4.1
installation of the 9900 WNG Central, Detector, and the external disk array into
the racks connecting the 9900 WNG Central and 9900 WNG Detector server to an existing network See chapter 7 for more information about the mandatory configuration procedures for the 9900 WNG. Table 4-1 lists the tasks that you must perform to install the 9900 WNG Central Detectors, in the order that you need to perform them.
Table 4-1 9900 WNG installation tasks
Task Set up the required AC or DC power supplies Install the 9900 WNG Central and Detector using the appropriate rack mounts Ground the servers, if you are using a DC power supply Connect the 9900 WNG to your OAM and traffic networks See section 4.2 4.4 4.5 4.6
Required hardware
Table 4-2 describes the hardware that is required for installing 9900 WNG Central and Detector.
Table 4-2 Hardware requirements for the 9900 WNG Central and Detectors
Equipment WNG Central Server
(1) (1)
Description The 9900 WNG Central server The 9900 WNG Detector is a NEBS-3 and ETSI certified product which is suited for a host of applications in the Telecom Central Office and industrial environment. (1) An external redundant data storage device for the 9900 WNG Central. Cat5e or better: Various lengths for direct connections Cables must be shielded and grounded at both ends.
Transceiver (1 of 2)
Copper or optical transceivers are required for the ports on the packet capture card. See section 4.6 for more information about ports on the packet capture card.
4-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Equipment SAS cable Mounting rack for servers Power supply cable Fiber optic cables (optional)
Description A SAS cable used to connect the 9900 WNG Central to the external disk array. 19-inch mounting brackets and 23-inch adapters Two 6-foot US 110V AC power cable Various lengths:
50/125 m multi-mode fiber (MMF), Duplex LC-SC connectors 50/125 m multi-mode fiber (MMF), Duplex LC-ST connectors 50/125 m multi-mode fiber (MMF), Duplex LC-LC connectors
(2 of 2) Notes (1) 9900 WNG equipment is delivered with the required software installed. (2) Contact your Alcatel-Lucent technical support representative for ordering information.
4.2
Power requirements
This section describes the power requirements of the 9900 WNG for both AC and DC power supplies.
AC power supplies
Table 4-3 describes the requirements for AC power.
Table 4-3 AC power requirements
Component Main AC Voltage Continuous power Description The AC line voltage source must be 50 or 60 Hz, and have a voltage of 100 to 127 VAC for 110 V operation or between 200 and 240VAC for 220V operation. The 9900 WNG has the following continuous AC power requirements:
Peak power
maximum continuous output power: 604W maximum continuous current: 5A maximum peak output power: 680W maximum peak current: 5.6A
Main AC power connection
The AC power cords are considered the main connection for the server and must be readily accessible. If the individual server power cords are not readily accessible, then you must install an AC power connection for the entire rack unit. This main connection must be readily accessible, and it must be labeled as controlling power to the entire rack, not just to the servers. To avoid the potential for an electrical shock hazard, you must include a third wire safety ground conductor with the rack installation. If the server power cord is plugged into an AC outlet that is part of the rack, then you must provide proper grounding for the rack itself. If the server power cord is plugged into a wall AC outlet, the safety ground conductor in the power cord provides proper grounding only for the server. You must provide additional, proper grounding for the rack and other devices installed in it.
(1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-3
Description The equipment is designed for an AC line voltage source with up to 20 A of over-current protection per cord feed. If the power system for the equipment rack is installed on a branch circuit with more than 20 A of protection, you must provide supplemental protection for the server. The overall current rating of a configured server is less than 6 amperes. The external disk array has the following AC power requirements:
(2 of 2)
Note Do not modify or use an AC power cord set that is not the exact type required. You must use a power cord set that meets the following criteria:
DC power supplies
The server with DC input is to be installed in a Restricted Access Location in accordance with articles 110-16, 110-17, and 110-18 of the National Electric Code, ANSI/NFPA 70. The DC source must be electrically isolated from any hazardous AC source by double or reinforced insulation. The DC source must be capable of providing up to 300 W of continuous power per feed pair.
Caution Connection with a DC source should only be performed by trained service personnel.
4-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4 9900 WNG Detector and Central server installation Table 4-4 DC power requirements
Component Main DC Voltage Continuous power Description Redundant DC power feeds are supported for high reliability. The 9900 WNG requires a -48V DC power source. The 9900 WNG has the following continuous DC power requirements:
Peak power
maximum continuous output power: 604W maximum continuous current: 12.6A maximum peak output power: 680W maximum peak current: 14.2A
Main DC power connection Grounding the server
The UL-listed circuit breaker of a centralized DC power system may be used as a disconnect device when easily accessible and must be rated no more than 10 A. This server is intended for installation with an isolated DC return (DC-I) and is to be installed in a CBN per NEBS GR-1089. To avoid the potential for an electrical shock hazard, you must reliably connect an earth grounding conductor to the server. The earth grounding conductor must be a minimum 6 AWG connected to the earth ground studs on the rear of the server. The safety ground conductor must be connected to the chassis stud with a Listed closed two-hole crimp terminal having 5/8-inch pitch. The nuts on the chassis earth ground studs must be installed with a 10 in-lbs of torque. The safety ground conductor provides proper grounding only for the server. You must provide additional, proper grounding for the rack and other devices installed in it. Over-current protection UL-listed circuit breakers must be provided as part of each host equipment rack and must be incorporated in the field wiring between the DC source and the server. The branch circuit protection is rated minimum 75 VDC, 10A maximum per feed pair. If the DC power system for the equipment rack is installed with more than 10 A of protection, you must provide supplemental protection for the server. The overall current rating of a maximum configured server is 8 A. The external disk array has the following DC power requirements:
Over-current protection
4.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-5
1 2 3
The delivery receipt is available to check against the contents that you received. The 9900 WNG Central and Detector are packaged separately, each in their own carton.
Check that all materials that are noted on the packing slip are accounted for. Visually inspect the package to be sure there is no visible damage to the shipping container. Perform one of the following: a b If the server is damaged, record the problems on the shipping manifest and report the damage to the transport company. If server is not damaged go to step 4.
4 5
Carefully remove the chassis from the carton. If you use a box cutter to cut the outer carton, exercise caution and ensure that you do not damage the chassis. Remove the anti-static bag that surrounds the chassis only when you are ready to install the chassis.
4.4
Only trained and qualified personnel should anchor and install the
rack. Only trained and qualified personnel should mount the chassis. Always wear an electrostatic discharge (ESD) preventive wrist or ankle strap in contact with bare skin. Always connect the ESD strap with a banana plug to a proper ESD grounding point, typically located off the front of the equipment rack.
Prerequisites
Ensure the following:
secure all tools for anchoring and installing the brackets and rack follow all safety instructions verify that the rack is properly bolted and braced and is well grounded to a
grounding electrode
Rack installation
Each 9900 WNG server includes a rack mount kit to install the server in a 19-in rack, with four extension brackets to support a 23-in rack. Procedure 4-2 describes how to assemble the rack mount for a 4-post rack. Procedure 4-3 describes how to assemble the rack mount for a 2-post rack.
If you are installing more than one system, install the first system in the lowest available position in the rack. Because of the size and weight of the system, never attempt to install the system in the mounting rails by yourself.
Caution Before you install systems in a rack, install the front and side stabilizers on stand-alone racks or the front stabilizer on racks joined to other racks. Failure to install stabilizers accordingly before installing systems in a rack could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Always install the stabilizers before installing components in the rack.
1 Attach the two inner rails (marked LEFT and RIGHT) to the chassis, each with three 8-32x1/4 SEMS screws, as shown in Figure 4-1.
Figure 4-1 Attaching inner rails to the 9900 WNG
Attach the universal front mounting bracket to the chassis, each with two 8-32x1/4 SEMS screws.
Note The universal front mounting bracket can be flipped to position the system further forward in the rack, as shown in Figure 4-2.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-7
4 9900 WNG Detector and Central server installation Figure 4-2 Universal front mounting bracket
Using two 8-32 KEPS nuts per L-bracket, assemble L-brackets to the outer rail's four outermost threaded studs. (Installation kit contains both EIA and ETSI L-brackets.) 23-in. Figure 4-3 shows the EIA L-brackets.
Figure 4-3 Outer rail assembly (EIA L-brackets)
4-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Install the outer rail subassemblies into the rack using ten or twelve (19" or 23" kits, respectively) 10-32x1/2 SEMS screws. If bar-nuts are used, they must be installed such that all threads are aligned vertically, ensuring the center hole is not skewed with respect to the holes on the rack rail. Figure 4-4 shows the mounting bracket assembly.
Note 1 If mounting a 1U system in a 1U confined space, four 2U bar-nuts are included to replace the 1U bar-nuts. The 2U bar-nuts need to be installed in the 1U space either above or below the 1U space where this kit is being mounted. When installing multiple 1U systems, the 2U bar-nuts must be used in the next to last kit. Note 2 L-brackets must be adjusted front-to-back to fit rack depth. The distance between the front equipment mounting rail and rear equipment mounting rail cannot exceed 24 inches. Note 3 Mounting brackets must be adjusted based on rack depth.
Figure 4-4 Mounting bracket assembly
Slide the system into the rack making sure the inner rails are captured by the outer rails. Support the weight of the system until the lock features on the inner rails engage with the slot features on the outer rails. An audible click is heard. Figure 4-5 shows how to insert the 9900 WNG.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-9
4 9900 WNG Detector and Central server installation Figure 4-5 Inserting the 9900 WNG
Note After engaged, the lock features must be released to remove the system from the rack. To release the lock features, depress the two latches with the blue arrows (one on either side) downward. While depressing the lock features and supporting the system weight, pull the system out. Pressure can be released after the lock features disengage from the outer rail. Figure 4-6 shows the lock features.
Figure 4-6 9900 WNG lock features
Install two 10-32X1/2 SEMS screws to hold the universal front mounting brackets to either the L-brackets or the rack's equipment mounting rails (23-in. or 19-in., respectively). Figure 4-7 shows the 9900 WNG installed using mounting brackets.
4-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4 9900 WNG Detector and Central server installation Figure 4-7 Installing the 9900 WNG using mounting brackets
Note If installing into a 19-inch 4-post rack that has EIA wide hole spacing, the EIA wide adapter bracket must be used. Install this bracket onto the face of the L-brackets using the same 10-32x1/2 SEMS screws that fasten the L-brackets to the rack's front equipment mounting rails. Figure 4-8 shows the EIA wide adapter bracket.
Figure 4-8 EIA wide adapter bracket installation
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-11
4 9900 WNG Detector and Central server installation Figure 4-9 Attaching mounting brackets to the 9900 WNG
Note The universal front mounting bracket can be flipped to locate the system further forward in the rack, as shown in Figure 4-10.
Using three 8-32 KEPS nuts per L-bracket, assemble the appropriate L-brackets and the 2-post mounting bracket to the outer rail. (The kit contains both EIA and ETSI L-brackets.) The 2-post mounting bracket is installed onto the two front-most studs, overlapping the front L-bracket and sharing two threaded studs with it. 23-inch EIA L-brackets are shown in Figure 4-11.
4-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4 9900 WNG Detector and Central server installation Figure 4-11 EIA L-bracket assembly
Install the two outer rail subassemblies in the rack using twelve 10-32x1/2 SEMS screws or other appropriate fasteners. If bar-nuts are used, they must be installed such that all threads are aligned vertically, ensuring the center hole is not skewed with respect to the holes on the rack rail. Figure 4-12 shows the outer rail subassemblies.
Note 1 If mounting a 1U system in a 1U confined space, four 2U bar-nuts are included to replace the 1U bar-nuts. The 2U bar-nuts need to be installed in the 1U space either above or below the 1U space where this kit is being mounted. When installing multiple 1U systems, the 2U bar-nuts must be used in the next to last kit. Note 2 L-Brackets must be adjusted front-to-back to fit rack channel depth.
Figure 4-12 Outer rail subassemblies
Slide the system into the rack making sure the inner rails are captured by the outer rails. Support the weight of the system until lock features on the inner rails engage with the slot features on the outer rails, as shown in Figure 4-13. An audible click is heard.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-13
4 9900 WNG Detector and Central server installation Figure 4-13 Inserting the 9900 WNG
Note After engaged, the lock features must be released to remove the system from the rack. To release the lock features, depress the two latches with the blue arrows (one on either side) downward. While depressing the lock features and supporting the system weight, pull the system out. Pressure can be released after the lock features disengage from the outer rail. Figure 4-14 shows the lock features.
Figure 4-14 9900 WNG lock features
Install two 10-32X1/2 SEMS screws to hold the universal front mounting bracket to the 2-post mounting bracket, as shown in Figure 4-15.
4-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4 9900 WNG Detector and Central server installation Figure 4-15 Attaching the 2-post mounting bracket
4.5
The copper wire that is used for grounding must be a 6 AWG copper wire. Double lug terminals must have 45 angle tongue. The ring terminal must have an inner diameter of 1/4 inch (5 to 7 mms) on a 5/8
inch (1.5875 cm) spacing with a width of 0.48 inches.
Figure 4-16 Grounding terminals: 9900 WNG rear view
The length of the grounding wire depends on the location of the router and the proximity to proper grounding facilities. Two grounding screws are located on the rear side of the server. See section 4.2 for more information about DC power connections.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-15
The server must be connected to a reliable earth ground. The earth ground wire
must be installed in accordance with local safety standards.
The server ground wire must be connected directly to the cabinet or frame ground
which is ultimately connected to earth ground. Do not connect the server ground point to the VRTN path of the DC supply. See section 3.2 for more information about safety requirements.
Danger 1 Before powering-up the shelf, ensure the ground
connections, and after the power connection is made, do not touch the power terminals.
4-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4.6
a connection between the 9900 WNG Central and any associated 9900 WNG
Detectors, either through a network or a direct cable connection a connection that provides the 9900 WNG Detector with an appropriate network traffic feed. See chapter 2 for more information about tap points and the network traffic feed. a connection between the 9900 WNG Central and the external disk drive an optional connection between the 9900 WNG Central and a separate BMC lights-out management network an optional connection between the 9900 WNG Detector and a separate BMC lights-out management network
Figure 4-17 shows the cable connections for a 9900 WNG system where the 9900 WNG Detectors are connected to the 9900 WNG Central using a LAN.
Figure 4-17 9900 WNG cable requirements using a LAN
Network Traffic Tap points 9900 WNG Detector 9900 WNG Detector 9900 WNG Detector
SAS cable
21209
Figure 4-18 shows the cable connections for a 9900 WNG system where a 9900 WNG Detector is connected directly to the 9900 WNG Central using a cross-over cable.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-17
4 9900 WNG Detector and Central server installation Figure 4-18 9900 WNG cable requirements using a direct connection
Network Traffic Tap points 9900 WNG Detector 9900 WNG Detector 9900 WNG Detector
SAS cable
21210
Ethernet port 2
SAS port
4-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4 9900 WNG Detector and Central server installation Table 4-6 9900 WNG Detector external ports
External port Ethernet port 1 Function Used to connect the 9900 WNG Detector to the 9900 WNG Central, either using a network or directly using a cross-over cable Can be used to connect the 9900 WNG Detector to a BMC lights-out management network Used to connect the 9900 WNG Detector to a network traffic feed. A packet capture card has one of the following sets of ports:
one 10Gb/s port, which requires an XFP optical transceiver four 1Gb/s copper SFP ports four 1Gb/s optical SFP ports
Cable connections
Perform Procedure 4-6 to connect cables to 9900 WNG Detector servers. Perform Procedure 4-7 connect cables to a 9900 WNG Central server
Caution Connecting the 9900 WNG to a router is only recommended if the 9900 WNG and the router are on the same grounding plane, either isolated or integrated. Otherwise, Alcatel-Lucent recommends using a demarcation patch panel, and the Ethernet cable shields must terminate at the ground.
3 4
If you are using a separate BMC lights-out management network, connect the Ethernet cable for the BMC network to Ethernet port 2 on the 9900 WNG Detector. Connect cables for designated network taps in your network to the ports on the capture card. The ports available, and the cables required, depend on the capture card that is installed in the 9900 WNG Detector. Repeat steps 1 to 4 for all other 9900 WNG Detectors.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
4-19
If you need to connect the 9900 WNG Central directly to a 9900 WNG Detector, perform the following: i ii Connect a cross-over Ethernet cable to Ethernet port 2 on the 9900 WNG Central. Connect the other end of the cable to Ethernet port 1 on the 9900 WNG Detector.
If you need to connect the 9900 WNG Central to a separate BMC lights-out management network, perform the following: i ii Connect an Ethernet cable to Ethernet port 2 on the 9900 WNG Central Connect the other end of the cable to a router or patch panel in your maintenance network.
Connect the 9900 WNG Central to the external disk array using a mini-SAS cable.
4-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5.1 Powering up and down the 9900 WNG Central and Detector overview 5-2 5.2 Powering up and down the 9900 WNG Central 5.3 Powering up and down a 9900 WNG Detector 5-2 5-4
5.4 Powering up, powering down, or resetting the 9900 WNG Detector or Central using the BMC device 5-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5-1
5.1
Powering up and down the 9900 WNG Central and Detector overview
You can power up, power down, and reset the 9900 WNG Central and Detector servers.
5.2
5-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5 Powering up, powering down, and resetting 9900 WNG components Figure 5-1 9900 WNG Central control panel
Press and release the power switch. The following LEDs are green:
The following in an example of the output: Broadcast message from root (pts/2) (Fri Jan 18 09:21:31 2008): The system is going down for system halt NOW!
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5-3
5.3
Press and release the power switch. The following LEDs are green:
5-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5.4
Powering up, powering down, or resetting the 9900 WNG Detector or Central using the BMC device
Perform Procedure 5-5 to power up, power down, or reset a 9900 WNG Detector Central using the BMC device.
Procedure 5-5 To power up, power down, or reset a 9900 WNG Detector or Central using the BMC device
1 Ensure that the following tasks have been completed:
The BMC interface has been configured, as described in Procedure 7-2. The IPMI management utility has been installed on the machine (Linux or Windows) from which you need to access the BMC.
Power up, power down, or reset a 9900 WNG Detector or Central by typing:
hwreset [-d|u|c] -N nodename -U admin -P password
The following example shows the hwreset command that was used to power down a 9900 WNG Detector or Central with IP address 1.1.1.2 and remote password admin:
hwreset -d -N 1.1.1.2 -U admin -P admin hwreset ver 1.30 Opening connection to node 1.1.1.2... -- BMC version 0.62, IPMI version 2.0
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5-5
hwreset: powering down ... chassis_reset ok hwreset: IPMI_Reset ok hwreset: completed successfully
The following example shows the hwreset command that was used to power up a 9900 WNG Detector or Central with IP address 1.1.1.2 and remote password admin:
hwreset -u -N 1.1.1.2 -U admin -P admin hwreset ver 1.30 Opening connection to node 1.1.1.2... -- BMC version 0.62, IPMI version 2.0 hwreset: powering down ... chassis_reset ok hwreset: IPMI_Reset ok hwreset: completed successfully
The following example shows the hwreset command that was used to reset or power cycle a 9900 WNG Detector or Central with IP address 1.1.1.2 and remote password admin.
hwreset -c -N 1.1.1.2 -U admin -P admin hwreset ver 1.30 Opening connection to node 1.1.1.2... -- BMC version 0.62, IPMI version 2.0 hwreset: powering down ... chassis_reset ok hwreset: IPMI_Reset ok hwreset: completed successfully
5-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Commissioning
6 License requirements
6-1 7-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
License requirements
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
6-1
6 License requirements
6.1
Licensing overview
A valid product activation license file must be obtained and installed on the 9900 WNG Central. The license file determines the releases of the 9900 WNG that can be installed. The license file supports specific releases of the 9900 WNG. For example, if you have a license file for Release 2.1, you can install the 9900 WNG, Release 2.1 or earlier; a release later than 2.1 is not supported. Typically, the license file is already installed on your system, but you can obtain the license file by contacting your Alcatel-Lucent account representative. Table 6-1 describes the parameters that are in the license file.
Table 6-1 License file
Parameter Hostid Version Expiration Date Max Sessions Description The hostid must match the hardware hostid of your 9900 WNG Central machine. The version number must indicate a later version of the 9900 WNG product release than what is currently installed on 9900 WNG Central. The license is valid until the expiration date and time. After the license expires, the 9900 WNG in inoperable. You can obtain a permanent license that does not expire. The maximum number of simultaneous active subscriber sessions that can be viewed in the network at any time across all of the 9900 WNG Detectors. If the number of sessions exceeds the license maximum session limit, the following events may occur:
the system operates up to the session limit key information that is related to additional subscriber sessions is lost anomaly events and report information are not accurate because of lost information
See chapter 35 for information about how to view the current license status and license violation system events.
License expiration
A license expires if an expiration date is specified in the license. Otherwise, the license is a permanent license. When a license has an expiration date, the license expires within 12 hours after the end of the day that is specified by the expiration date in the license. A license expiration check is performed every 12 hours, unless the license expiration field is specified as permanent. When a license expires, a critical system event is generated and an SNMP trap is sent to the northbound NMS.
6-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
6 License requirements
6.2
6.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
6-3
6 License requirements
Perform Procedure 6-2 to install a new license on the 9900 WNG Central server. A new license may be required in the following cases:
the initial install of the product license on a new system the license has expired or is near the expiration date and a new one has been
obtained to extend the expiration date a license has been obtained to increase the number of monitored simultaneous mobile sessions the system has been upgraded to a new release and a new license has been obtained to activate the software
The 9900 WNG Central verifies and validates the license file. Information about the license is loaded into the 9900 WNG; for example, version, expiration date, quantity, and issue date.
6-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
7.1 Mandatory configuration procedures overview 7.2 Mandatory configuration procedures 7-2
7-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
7-1
7.1
7.2
Note
(1)
Procedure 7-1 To perform the prerequisites to configure the management interface and BMC LAN on a 9900 WNG server
1 2 3 Install the 9900 WNG Central and Detector servers in equipment racks. See chapter 4 for more information. Connect all necessary cables. See chapter 4 for more information. Save the 9900 WNG Central license key as alu9900.lic on a USB storage device. See chapter 6 for more information.
7-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Ensure that you have an LMT available to configure the 9900 WNG Detector and Central servers. The LMT can be a laptop or workstation. The examples in this chapter assume the use of a laptop. Obtain the following information:
Procedure 7-2 To configure the management interface and BMC LAN on the 9900 WNG Central and Detector
1 2 3 Perform Procedure 7-1 to complete the prerequisites. Connect your LMT to the management interface on the 9900 WNG. On the LMT, open a terminal emulation program and create a serial connection to the 9900 WNG. Table 7-2 lists the properties for the serial connection.
Table 7-2 Serial connection properties
Attribute Speed Data bits Parity Stop bits Flow control Terminal emulation Value 9600bps 8 bits None 1 None VT1000
At the prompt, log in as root. If you are accessing the BMC on the 9900 WNG for the first time and you do not know the password, contact your Alcatel-Lucent technical support representative. You are prompted to enter a new root password after you log in.
1) Configure Interfaces 2) Set Hostname 3) Set DNS 4) Configure BMC 5) Exit Please select an option
7 8 9
Use the arrow keys to select the Edit a device params option, and press the space bar. Select the eth0 option, and press the space bar. The configuration menu for Ethernet port 0 appears. Configure the attributes, as described in Table 7-3.
Table 7-3 BMC ethernet port attributes
Attribute Static IP Netmask Default gateway IP Value The IP address of the 9900 WNG The network mask for the 9900 WNG The IP of the gateway for the 9900 WNG
10 11
Click on OK, and then click on Quit. The network configuration script menu is displayed. Specify the hostname of the 9900 WNG by typing:
2 hostname
where hostname is the hostname of the 9900 WNG
12
Specify the IP address of the DNS server for the 9900 WNG by typing:
3 IP.address
where IP.address is the IP address of the DNS server for the 9900 WNG
13
14
15 16
When prompted, enter the IP address, network mask, and IP gateway for the BMC interface. Configure the password for the BMC LAN by typing:
2 password
where password is the new password for the BMC LAN
17
18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
7-5
5 6
Add a new user to the 9900 WNG Central, as described in Procedure 36-1. Repeat step 5 to add new users, as required.
Configure the NTP server address for the 9900 WNG Detector by typing:
ntp server add IP_address
where IP_address is the IP address of the 9900 WNG Central.
7-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Hardware maintenance
8 Replacing CRUs
8-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Replacing CRUs
8-2 8-2
8.2 Replacing hardware precautions 8.3 Replacing a power supply 8.4 Replacing a hard disk drive 8-3 8-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8-1
8 Replacing CRUs
8.1
CRU overview
CRUs are components that can be removed and replaced by service provider personnel without technical assistance or special training from Alcatel-Lucent. Table 8-1 describes the CRUs on the 9900 WNG Central and Detectors that you can use for ordering.
Table 8-1 CRUs on the 9900 WNG Central and Detector servers
Orderable item 300988870 300988888 300988896 Description SPARE, HARD DISK DRIVE, 147GB SAS, FOR ALU9900WNG CENTRAL/DETECTOR SPARE, POWER SUPPLY, AC PWR INPUT, FOR ALU9900WNG CENTRAL/DETECTOR SPARE, POWER SUPPLY, 48VDC PWR INPUT, FOR ALU9900WNG CENTRAL/DETECTOR Comm code 409073657 409073632 409073640
8.2
Follow all installation instructions. Remove rings and watches before beginning the procedure to avoid a short across
the high-current power supply output terminals Never install telecommunication wiring or connections during lightning storms or in wet areas. Never touch uninsulated wires or terminals unless power has been disconnected at the interface.
8-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8 Replacing CRUs
Wear a grounding strap when working with any parts of the system. Minimum
acceptable precautions include a grounded wrist or heel strap that is attached to the frame and a grounded, static-dissipating floor mat. Work in an area that is protected against electrostatic discharge. Use conducting floor and bench mats that are conductively connected to the rack electrostatic protection bonding point. Wear working garment made of 100% cotton to avoid electrostatic charging. Ensure that the rack is grounded.
8.3
antistatic wrist strap electrostatic discharge mat a replacement power supply module
Note The AC cord is a standard cord that plugs into an AC receptacle. To disconnect it, pull the plug from the power supply.
The DC connection has a short cable that is attached to the power supply on one end, and a connector on the other end. That connector plugs into the permanently connected power feed that has the mating connector. Power can be removed by either separating the connectors, or, if the power feeds are attached on an upstream circuit protector (breaker or fuse), to remove power, open the circuit protector. 1 2 Power down the device, as described in Procedure 5-2 (9900 or 5-4 (9900 WNG Detector).
WNG Central)
Disconnect the appropriate power cord. The power cord connections for DC and AC power supply modules are shown in Figure 8-1.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8-3
3 4 5 6 7
Press the green safety lock down and hold. Grasp the handle, pull the module out, and place it on the electrostatic discharge mat. To insert a new power supply, press and hold the green safety lock downward and slide the power supply module into the chassis slot. Reconnect the power cables or close the circuit protector, and then power up the unit. After a few minutes, the unit powers up. Verify that the power supply module that you just installed is functioning properly by checking the green power LED. If the power LED reports power supply failure, contact your Alcatel-Lucent technical support representative.
8.4
8-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
When you remove a hard disk drive, a major alarm is generated. The alarm continues to be generated even after you have replaced the hard drive. The CLEI labels are shipped in a three-label set. The replacement hard disk drive should be affixed with two text CLEI labels. The third (2D) CLEI label, shipped loose with the drive, should be affixed to the carrier after the drives are swapped. The old 2D label on the carrier have the serial number of the drive embedded in the data, so it should be covered with the new label. Perform Procedure 8-2 when troubleshooting or when fault clearance procedures indicate that there is a need to replace a hard disk drive.
Antistatic wrist strap Electrostatic discharge mat A replacement hard disk drive CLEI label for the replacement hard disk drive
This procedure typically takes 5 to 10 min to perform. 1 Attach the antistatic wrist strap to the grounding lug on the equipment rack.
Danger A wrist strap must be worn that is attached to the cabinet framework at an ESD grounding point. Hold components only at the edges or on the insertion and removal facilities. Always observe general ESD instructions.
2 On the lower-left front panel of the 9900 WNG Detector or Central server, locate the faulty hard disk drive.
Caution Ensure that you are removing a faulty hard disk drive. Removing an operating hard disk drive can cause system failure!
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8-5
8 Replacing CRUs
Remove the front bezel using the following instructions: a b c Disconnect the cables from the front panel USB port and / or serial port connectors. Loosen the bezel retention screw from the right side (A). Rotate the bezel outward as shown and remove (B).
Figure 8-3 Front bezel
Remove the drive tray by pressing the green button, opening the lever, and pulling out the hard drive/tray assembly.
Figure 8-4 Hard drive tray assembly, removed from the HDD bay.
Remove the four screws securing the hard drive to the tray. Remove the hard drive and place it on an antistatic discharge mat.
8-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8 Replacing CRUs Figure 8-5 Hard drive unscrewed from the tray
6 7 8
Locate the old CLEI label on the tray and cover it with the new CLEI label. Install the new drive into the tray and secure it with four screws. With the drive tray locking lever in the fully open position, slide the hard drive/tray assembly into the chassis opening until it stops. Close the lever, pressing it until it snaps shut.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8-7
8 Replacing CRUs Figure 8-6 Replacement hard drive assembly before insertion into chassis
Replace the bezel on the device. a b c Align the four tabs on the left side of the bezel with the slots in the front panel. Then, rotate the free end of the bezel to the closed position. Snap the front bezel into place and tighten the screw at the right edge of the bezel (if used). Re-connect the serial port and USB cables if they are used.
10
8-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9 Managing software
9-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Managing software
9.1 9900 WNG software upgrade overview 9.2 Software upgrade CLI commands 9.3 Software repositories 9-3 9-5 9-2
9-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9-1
9 Managing software
9.1
OS updates or patches are available that the 9900 WNG needs 9900 WNG application software updates
Software upgrades and updates for the 9900 WNG are performed using the software management tools that are described in Table 9-1.
Table 9-1 Software management tools
Software management tool RPM Description A core component of the Red Hat Enterprise Linux Operating System. RPM is a command line driven package management system that is capable of installing, uninstalling, verifying, querying, and updating computer software packages. Each software package consists of an archive of files along with information about the package such as its version, a description, and the like. A software package manager tool for installing, updating, and removing packages and their dependencies on RPM-based systems. It automatically computes dependencies and determines what should occur to install packages on the product. Yum makes it easier to maintain groups of machines without having to manually update each one using RPM.
Yum
You can use the 9900 WNG Central, an external repository, or a USB memory stick as the software repository. See section 9.3 for more information. CLI commands are used for software upgrades and updates. See section 9.2 for more information about CLI commands and section 9.4 for more information about upgrade procedures.
9.2
9-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Note For the install CLI commands, the packageName contains the version of the software package to be loaded. For the update CLI commands, you do not need to specify the version of the software package because the most current version of the software package that is in the repository is loaded.
9.3
Software repositories
You can use any of the following as a software repository:
the 9900 WNG Central (on a disk that is reserved for software updates or
upgrades) an external repository that is not on the 9900 WNG Central server a USB memory stick
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 9-3
9 Managing software
The 9900 WNG Central and Detectors are upgraded independently of each other on a per machine basis. The 9900 WNG Central can serve as the repository for 9900 WNG Detectors.
Procedure 9-1 To configure the 9900 WNG Central as the software repository
When you use the 9900 WNG Central server as the software repository, the area that is reserved on the hard disk for the repository is at: /var/www/aware-yum. 1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Enable the 9900 WNG Central Repository by typing:
repo enable central
Perform Procedure 9-5 to upgrade software on the 9900 WNG Central using the 9900 WNG Central as the repository.
9-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9 Managing software
9.4
Upgrading software
The following procedures describe how to upgrade software on the 9900 WNG Central.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9-5
9 Managing software
Procedure 9-3 To upgrade software on the 9900 WNG Central and Detector using the 9900 WNG Central repository
1 2 Perform Procedure 9-1 to configure the 9900 WNG Central as the software repository. Import the RPMs into the repository on the 9900 WNG Central server by performing one of the following: a Import the software packages from a USB memory stick that is installed in the 9900 WNG Central server by typing:
repo import usb
Note The CLI command searches for /repo on the USB memory stick. All USB memory sticks that contain the 9900 WNG and/or OS software upgrades/updates are created by your Alcatel-Lucent technical support representative.
b Import the software packages from a secure file copy from an external machine by typing:
repo import scp user@host:/pathname
Note The path in the CLI command must be the path of an existing software repository that was initially created by your Alcatel-Lucent technical support representative.
3 Start the software upgrade or update by performing one of the following: a Upgrade or update the software on the 9900 WNG Central server by typing:
update software central packageName
where packageName is the name of the software to upgrade or update
The command updates all of the 9900 WNG Central servers and OS packages that are available in the repository.
Note Executing the update software central packageName only updates the package name that is included in the command line.
Upgrade or update the software on the 9900 WNG Detector server by typing:
update software detector detectorName packageName
where detectorName is the name of the 9900 WNG Detector packageName is the name of the software to upgrade or update
9-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9 Managing software
The command updates all of the 9900 WNG Detectors and OS packages that are available in the repository.
Note Executing the update software detector detectorName packageName only updates the package name that is included in the command line.
Procedure 9-4 To upgrade software on the 9900 WNG Central and Detector using an external software repository
1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Configure the repository location by typing:
repo setExternal repo URL
where URL is https://yumuser:get-updates@hostname/path
Start the software upgrade or update by performing one of the following: a Upgrade or update the software on the 9900 WNG Central server by typing:
update software central packageName
where packageName is the name of the software to upgrade or update
The command updates all of the 9900 WNG Central application and OS packages that are available in the repository.
Note Executing the update software central packageName command only updates the package name that is included in the command line.
b Upgrade or update the software on the 9900 WNG Detector server by typing:
update software detector detectorName packageName
where detectorName is the name of a specific 9900 WNG Detector packageName is the name of the software to upgrade or update
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9-7
9 Managing software
The command updates all of the 9900 WNG Detectors and OS packages that are in the repository.
Note Executing the update software detector detectorName packageName command only updates the package name that is included in the command line.
Procedure 9-5 To upgrade software on the 9900 WNG Central and Detector using a USB removable hard drive as the software repository
1 2 3 Logged into the CLI on the 9900 WNG Central with the sudo privilege, as described in Procedure 14-1 or 14-2. Install the USB memory stick that has been provided by your Alcatel-Lucent technical support representative into the 9900 WNG Central server. Type:
repo mount usb
Start the software upgrade or update by performing one of the following: a Upgrade or update the software on the 9900 WNG Central server by typing:
update software central packageName
where packageName is the name of the software to upgrade or update
The command updates the 9900 WNG Central server and OS packages that are available in the repository.
Note Executing the update software central packageName updates only the package name that is included in the command line.
Upgrade or update the software on the 9900 WNG Detector server by typing:
update software detector detectorName packageName
where detectorName is the name of a specific 9900 WNG Detector where packageName is the name of the software to upgrade or update
9-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9 Managing software
The command updates the 9900 WNG Detectors and OS packages that are available in the repository.
Note Executing the update software detector detectorName packageName only updates the package name that is included in the command line.
Procedure 9-6 To display the software packages that are in the software repository
1 2 Access the CLI with the user or admin privilege, as described in Procedure 14-1 or 14-2. Enter the following CLI command:
show software repo option
where option is one of the options that are listed in Table 9-4.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9-9
9 Managing software
9-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
USER GUIDE
Alcatel-Lucent 9900
WIRELESS NETWORK GUARDIAN | RELEASE 2.1
USER GUIDE
Alcatel-Lucent Proprietary This document contains proprietary information of Alcatel-Lucent and is not to be disclosed or used except in accordance with applicable agreements. Copyright 2010 Alcatel-Lucent. All rights reserved.
Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Copyright 2010 Alcatel-Lucent. All rights reserved.
Disclaimers
Alcatel-Lucent products are intended for commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The customer hereby agrees that the use, sale, license or other distribution of the products for any such application without the prior written consent of Alcatel-Lucent, shall be at the customer's sole risk. The customer hereby agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the products in such applications. This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation. Alcatel-Lucent assumes no responsibility or liability for incorrect or incomplete information provided about non-Alcatel-Lucent products. However, this does not constitute a representation or warranty. The warranties provided for Alcatel-Lucent products, if any, are set forth in contractual documentation entered into by Alcatel-Lucent and its customers. This document was originally written in English. If there is any conflict or inconsistency between the English version and any other version of a document, the English version shall prevail.
10-1 11-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10.2 9900 WNG Detector and Central 10.3 9900 WNG external user interfaces
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10-1
10.1
analyzes subscriber IP traffic using the hints extracted from wireless signaling
traffic profiles the behaviors of the network and endpoints (including subscribers and servers) detects and reports anomalous behaviors provides broad detection capabilities for issues that affect networks such as:
battery drain anomalies where IP layer activity causes excessive subscriber device
battery drain
RNC overload source of traffic that is not requested or wanted by wireless subscribers port scans for vulnerabilities and service exploitation (vertical port scans and
horizontal port scans) always active subscribers who have anomalously high usage of the radio channel high usage subscribers who consume significant amounts of bandwidth subscribers using peer-to-peer applications that may violate end-user agreements ICMP router discovery abuse that may disrupt active subscriber sessions flooded mobile, where a subscriber session is overwhelmed by unsolicited traffic battery drain anomalies from distributed sources where subscriber device battery is drained by unwanted traffic from multiple sources high signaling subscribers who contribute large amounts of signaling load to the network
For information about the attacks, see chapter 33. detects low-volume behaviors that consume anomalously high radio access network resources generates mobile flow records determines how subscriber IP traffic affects multiple layers of the network by measuring the consumption of network resources, such as air resources, signaling overhead, and bandwidth
(1 of 2)
10-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description Service providers can establish a baseline measurement of network use at the individual subscriber level, allowing more accurate predictions of network capacity trends. The benefit is better capacity planning and network architectures, along with savings in network build-out strategies. Service providers can ensure that packet transmissions from devices and networks are consistent with the design and are not being sent fraudulently. The benefit is a more predictable network performance, per design and specification Service providers can detect a new class of wireless-specific DOS attacks targeted at the signaling layer and exhausting RF channels, as well as the mobile devices that are directly or surreptitiously participating in the attacks. The benefit is reduced network outages and downtime. Service providers gain better ways to determine the network cost associated with supporting any application, thereby enabling applications-level ROI calculations. The benefit is increased awareness of the overall cost of delivering specific applications and services.
Engineering
Security
Marketing
(2 of 2)
New wireless traffic behaviors threaten the capacity of wireless resources Existing solutions are inadequate
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10-3
10.2
The connections between the 9900 WNG and other NEs in a wireless data CDMA network are shown in Figure 10-2.
10-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10 9900 WNG system Figure 10-2 Network architecture for a CDMA environment
NMS
AAA
RNC
BTS
RNC BTS
The 9900 WNG supports UMTS networks. The connections between the 9900 WNG and other network elements in a UMTS network are shown in Figure 10-3.
Figure 10-3 Network architecture for a UMTS environment
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10-5
UMTS environment
supports up to two million packets per second or up to 4 Gb/s, whichever is lower supports up to one million subscriber sessions supports up five million simultaneous flows tracks information from the subscriber registration activities to associate the dynamically assigned IP address with the user device identification and network path infers loads across the wireless data network by watching signaling and data traffic detects wireless 3G and 4G network anomaly behavior using proprietary algorithms monitors individual subscriber session behavior (Mobile Flow records) monitors mobile-to-mobile and Internet-to-mobile traffic
In the UMTS environment, the 9900 WNG Detector observes mirrored IP traffic on two interfaces: between the AAA Server and the SGSN (Serving GPRS Service Node) and between the SGSN and the GGSN (Gateway GPRS Service Node). It is expected that an available Ethernet port from each of these interfaces is available from a switch or router within the Service Providers network. To avoid congestion on the capture ports, the capture port speed shall match or exceed the snooped interface. The 9900 WNG Detector snoops the path to the mirrored AAA Server for information regarding active mobile IP data sessions and reports anomalous behavior to the 9900 WNG Central. The 9900 WNG Detector supports CDMA technology and Universal Mobile Telecommunications System (UMTS) technology at the same time.
10-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
UMTS environment
configures and manages 9900 WNG Detectors in the system as well as itself supports up to 10 Detectors provides GUI and CLI capabilities collects, stores, and reports event data and notifications from the Detectors provides a status display of the 9900 WNG system and provides the ability to relay status and alarm information on external and internal interfaces as needed by the configuration provides the WSP with a user-friendly means of observing, recording, and interpreting the alarms and reports on anomaly status downloads software upgrades to the Detectors manages events at an aggregated average rate of 2500 events per second manages servers at a peak rate of 10 000 events per second
The 9900 WNG Central has an EMS and also supports a northbound system log and Simple Network Management Protocol (SNMP) interface to the Network Management Systems (NMS), if required.
10.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
10-7
The 9900 WNG external interfaces that are used to configure, monitor, and control NEs and their managed resources are:
See chapter 13 for more information about 9900 WNG external interfaces.
10-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
11-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
11-1
11.1
Feature
Description
Use
Platform, hardware, and system performance Platform software and firmware Increase platform memory Platform software and firmware are upgraded to the current versions Platform memory is increased to 64 Gbytes, which:
improves the system performance when running user reports on systems with data flows that are greater than 400 Mbytes per day increases the capacity of the 9900 WNG Central To process the maximum line rate of 4 Gb/s, whether the line rate is from a 4 x 1 Gb/s or one 10G interface. See chapter 2 for more information about port cards.
Supports an optional 10 Gb/s traffic input port on the 9900 WNG Detector. You can order the 9900 WNG Detector with four 1 Gb/s tap ports or one 10 Gb/s tap port. Supports the tracking of hand ups and hand downs counts at the session level across 2.5G and 3G technologies. The 2.5G and 3G filter in the Subscriber Cumulative Distribution web report can be used to view the subscriber distribution across subscribers who operate only in 2.5G and 3G networks. Supports expanded redundant data storage for the 9900 WNG Central; for example 30 to 60 days of mobile flow and sessions record for forensic GUI reports, for approximately 400 days of long-term history for the web reports. The number of storage days can vary because of the network traffic load. A hot spare disk and RAID 5 configuration is used for increased reliability.
To store mobile flow and session records, and all of the long term data that is used for reporting. See chapter 4 for more information about the external disk array.
System administration Incremental backups Supports the incremental backup of the reports database To decrease the amount of time and resources to perform a backup of the reports database. See Procedure 39-2 to perform an incremental backup. Automatic saving of configuration changes Supports the automatic saving of 9900 WNG Detector configuration changes that were made using CLI commands. The changes are copied to the startup.xml file. The copy running startup CLI command is no longer required. To reduce system administration and decrease configuration errors. See Table 14-8 for descriptions of CLI commands.
Monitoring Disk failure monitoring Supports an SNMP trap and system event for disk failures on the 9900 WNG Central and Detector. A hot spare disk configuration in the external array is the default configuration. The hot spare disk configuration automatically replaces a problem disk that is in the RAID 5 configuration. To replace a failed disk. See section 38.13 for more information about the Hardware Failure system event. See Table 19-6 for more information about the HW Failure SNMP trap.
(1 of 6)
11-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description Supports the monitoring of the 9900 WNG Central using a heartbeat, system event, and SNMP trap if the 9900 WNG Central stops processing some events The show stats CLI command displays the current and peak rates of the 9900 WNG Detector traffic feed inputs. A system event is generated when the line rate is greater than or equal to:
Use To provide extra reliability and automatic recovery. See Table 19-6 for more information about the Process Down SNMP trap event. To determine whether the traffic feed input is reaching the maximum port line, which indicates a high probability that packets are being dropped before they reach the 9900 WNG Detector. See show stats in section 37.4 for more information. To size the backhaul communication from the 9900 WNG Detector to Central. See show backhaul in section 37.4 for more information for more information. To detect and monitor problems. See the following for more information:
Additional statistics
Backhaul information
950 MB/s for a 1 Gb/s interface 3900 MB/s for a 10 Gb/s interface
The show backhaul command displays the current and peak management backhaul communication rates between the 9900 WNG Detector and Central. Supports the following system events:
System events
Line rate thresholdto monitor the traffic feed to the 9900 WNG Detector Swap Usageto monitor potential performance degradation because the 9900 WNG Central or Detector is swapping to the disk, which indicates the system memory is at the maximum capacity Hardware Failurefor the external disk array when a problem is identified by the 9900 WNG, which indicates that disk may need to be replaced
section 38.11 for the Line rate threshold system event section 38.14 for the Swap Usage system event section 38.13 for the Hardware Failure system event
To facilitate monitoring of the system and troubleshooting system problems. See Table 14-8 for descriptions of CLI commands. See chapter 37 for information about monitoring the 9900 WNG Central and Detector.
User roles and privileges User roles and privileges Supports additional levels for the GUI and Web Reports role. GUI and Reports roles can be set to any or a combination of the following: To provide increased security by setting the access level for the GUI and Reports roles. See chapter 36 for more information about user accounts and roles.
Subscriber Network Admin (only GUI role) AppsDevices (only Reports role) Anomaly Demo
The Demo role is not for standard operations, but it can be used for demonstrations to hide sensitive information, such as APNs, realms, or subscriber IDs. The CLI role is unchanged. Timeout for GUI and Web sessions Supports the idleTimeout CLI command that sets a timeout for user sessions after a specified period of inactivity To configure an idle timeout. See Procedure 36-14 for information about how to set the idle timeout.
(2 of 6)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
11-3
Description
Use
Supports reporting for specific CDMA device manufacturer and model type, which are based on the input that is entered from the service provider device or subscriber database. The CDMAdeviceMode CLI command is used to configure the mode for the system. Only one mode can be supported at a time. The modes are:
To provide device-related information for CDMA networks. See Table 14-8 for more information about the CDMAdeviceMode CLI command.
For UMTS/3GPP based devices, the manufacturer and model type identification is always supported, regardless of the CDMA device setting. Subscriber session timeout Subscriber session timeout Performance KPI TCP Downlink Saturated Throughput performance KPI Supports the TCP Downlink Saturated Throughput performance KPI. The saturated throughput KPI measures only the flows that have saturated TCP or that have passed the typical TCP slow start phase. This KPI appears in mobile flow and dashboard elements, and it is a parameter that can be used for plotting in web reports. To provide an accurate measurement of the network capacity. See the following for more information: Supports a subscriber session timeout for sessions that have not sent or received data in two weeks To provide protection against traffic feed issues or a lost RADIUS or signaling message.
Tables 27-4, 29-8, 29-9 Sessions and performance parameters for network element reports in section 31.4 Parameters overview for subscriber reports in section 31.7
Trend alerts Trend alert enhancements Support the configuration of an alert that is generated when a load parameter for a specific NE deviates from the past history, as determined by the 9900 WNG To improve the accuracy of trends for specific load parameters which deviate from past history. See Table 14-8 for descriptions of pattern CLI commands. See section 22.3 for information about how to view trend alerts.
Network hops and path tracking Increase number of network hops tracked by the 9900 WNG Detector Supports the following number of hops that are tracked by the 9900 WNG Detector:
60 000 RNC-Cell hops 7500 SGSN-RNC hops (UMTS) 7500 PDSN-RNC hops (CDMA) 1500 GGSN-SGSN hops (UMTS) 1500 HA-PDSN hops (CDMS)
RNC-Cell hops include 2.5G RNC equivalents (BSC- or MSC-based) and 3G RNC. The number of hops can by modified based on your operational needs. Contact your Alcatel-Lucent technical support representative. (3 of 6)
11-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Feature
Description
Use
Application mapping tables Application mapping tables Supports additional default application mappings to identify highly accessed URLs, such as Google, Facebook, and Yahoo. To reduce effort for configuring the application map table. See Adding entries to the application map table in section 12.3 for information about how to update the application mapping table for Internet websites.
GUI Provider parameter for the Roaming report Supports the Provider parameter for HA, PDSN, GGSN, and SGSN NEs in the NE tables, which are automatically populated based on a list of known IP addresses that are used by service providers. You can also manually enter IP addresses for the Provider parameter, as previously supported. Supports audit logging of the following reports that are run from the GUI: To automatically display the provider name in the Roaming report for the HA, PDSN GGSN, and SGSN NEs. See Tables 24-1, 24-2, 24-5, and 24-6 and Roaming traffic report in section 31.2 for more information. To use the show log gui CLI command to display information about the report input parameter, the user that runs the report, and the execution time. See chapters 25, 27, 29 for more information about the supported reports. See show log gui in section 37.2 fore more information. To change the start and end times for the Network Element Forensic report so that the report can be run in shorter intervals, without manually entering start and stop times. See Procedure 25-1 for more information about how to configure and generate a network forensic report. Anomaly History reports System Event History reports Export to file for Subscriber reports Quicker display of the Overall Network Topology Graph Plotting the performance KPIs in the Dashboard view CDMA device information JRE 1.6 versions Enhancements to the Anomaly History view, which displays the results of queries about anomaly and performance events Enhancements to the System Events History, which displays the results of queries about system events Supports the export of path information To display several history query results in multiple tabs. See section 22.4 for more information. To display several system history query results in multiple tabs. See section 26.4 for more information. To export flow, session, and path data. See sections 29.10 and 29.11 for more information. Improved response times for displaying the Overall Network Topology Graph and other reporting performance improvements Supports plotting the performance KPIs, such as Downlink TCP throughput, RTT, and Packet Loss Supports additional CDMA device information, such as manufacturer and model information Supports all JRE 1.6 versions, with the exception of using the GUI CLI with the Chinese language on the end-user computer, which requires JRE 1.6 version 19 or later.
Start and stop times for the Network Element Forensic report
Network Element Report and Network Hop Report that are accessed from the Network Forensic Report view Mobile Flow query Subscriber Report
Supports the setting of start and stop times for the Network Element Forensic report by zooming an area on the report plot output
To plot almost real-time performance KPIs in the Dashboard view. See Table 21-3 for more information. To display device and manufacturing data. See section 31.9 for more information.
(4 of 6)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
11-5
Description Supports the Chinese and Spanish languages on the GUI. You can customize and import from the CLI a new language resource file on the 9900 WNG Central. Supports the Saturated Throughput measure on the Mobile Flow details performance tab
Use To change the language of the GUI. See section 16.5 for more information.
To display the Saturated Throughput measure. See Table 27-4 for more information.
Subscriber and VIP group reporting Subscriber and VIP group reporting Supports groups of IMSI/NAI that represent subscribers. You can create the groups using the subscriberGroup import CLI command or the Group Manager interface. Supports subscriber groups as a filter on the following reports: To filter groups in some subscriber reports. See chapter 32 for more information about the Group Manager interface and Table 14-8 for information about the subscriberGroup CLI command. To configure a filter to display a report about a group of subscribers. See Tables 31-40, 31-41, and 31-43 for more information.
Web-based Group Manager interface
Subscriber Cumulative Distribution Subscriber Top Mobiles (single day, multiple parameter) Devices Performance KPI by Manufacturer/Model
Supports a web-based Group Manager interface from the 9900 WNG Central webpage to:
To decrease effort for reporting information about subscribers. See chapter 32 for more information.
Web reports Realm/APN reports
create subscriber groups search for subscribers groups view or modify subscribers groups
Supports the Realm/APN comparison table which collects the data that is associated with UMTS APNs or CDMA realms, and displays the information in one table. The Realm/APN resource breakdown pie charts indicate the relative usage across the top Realm/APNs. Supports additional Network Element reports in the main reporting web interface. The reports are:
To report information about APNs/realms. See Realm/APN comparison table report in section 31.7 for more information.
Network Element Comparison tables for the Cell, RNC, SGSN, or GGSN/HA NEs in UMTS networks and Cell, RNC, PDSN, or HA NEs for CDMA networks Multi-Element Comparison tables for the Cell, RNC, SGSN, or GGSN NEs in UMTS networks, and Cell, RNC, PDSN, or HA NEs in CDMA networks Cell Cumulative distribution function tables for traffic and session/performance for UMTS networks, and traffic and session/performance for CDMA networks
To display all of the data that is associated with one or more NEs. You can use the exported data for additional analysis. See Network elements reports in chapter 31 for more information.
NE Comparison Table
Supports an NE Comparison Table that has one row per NE. The table can be sorted by a specific parameter. Separate tables are provided for Cell, RNC, SGSN/PDSN, and GGSN/HA NEs. Supports the Multi-Element Time Trend table that collects the hourly data for several NEs in one table. You can use an input parameter to report information for the entire day or specific hours.
To display information about multiple NEs for comparison purposes. See Network elements reports in chapter 31 for more information. To display information for multiple NEs in one time-trend table. See Network elements reports in chapter 31 for more information.
(5 of 6)
11-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Use To report information about subscriber groups. See Procedures 32-1 to 32-4 for more information.
Browser-based reports interface Filtering using wildcards Supports the percentage sign (%) as a wildcard character in the Mobile ID/IMSI filter in the following reports: To expand searches using a wildcard character. See Table 31-40 and Table 31-44 for more information. To plot Hop reports for a configurable interval. See Time Resolution in section 31.5 for information about how to set the plotting interval. Decimal values to identify cells Supports specifying the MCC, MNC, LAC and CID for UMTS cells, or the SID, NID, and CID for CDMA cells using decimal values in the following reports: To provide decimals values as filter criteria for CDMA and UMTS cells. See Tables 31-11, 31-12, and 31-15 to 31-20 for more information.
Hop report plotting increments
Supports the plotting of hop reports in daily, hourly, and minute increments
2.5G, 3G, and 4G access filtering Top Applications report
comparison table (CDMA) comparison table (UMTS) multi-element time-trend table (CDMA) multi-element time-trend table (UMTS) cumulative dist. (CDMA; traffic) cumulative dist. (CDMA; session & perf) cumulative dist. (UMTS; traffic) cumulative dist. (UMTS; session & perf)
Supports filtering by 2.5G, 3G, and 4G access on the Overall subscriber cumulative distribution report. The4G LTE is not supported. The Top Applications web report provides information about all of the configured applications and the top unconfigured applications. The report is based on an application category.
To filter by 2.5G, 3G, and 4G access. See Table 31-40 for more information. To display the number of subscribers for configured applications, regardless of whether the applications are on the Top Application list. See Top applications reports in section 31.8 for more information.
Multiple performance improvements for the reports interface; for example, device reporting results are displayed faster than in previous releases
Motive customer care API Web services-based Motive customer care API Provides the interface with the Alcatel-Lucent Motive customer care product. The information that can be retrieved using the API includes: To allow customer care technicians to access specific usage data for the subscribers that require assistance. See chapter 20 for more information.
(6 of 6)
overall data usage device types used anomaly events which may have affected the subscriber specific application usage whether the subscriber had accessed an area of the network that was experiencing network congestion
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
11-7
11-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Configuration procedures
12-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-2 12-2
12.2 9900 WNG Detector optional configuration procedures 12.3 9900 WNG Central optional configuration tasks 12-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-1
12.1
12.2
Log in to the 9900 WNG Detector, as described in Procedure 14-3. Specify the deployment mode by typing:
deploymentmode option
where option is one of the command line options that is described in Table 12-2
simpleIPandMobileIP
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-3
Log in to the 9900 WNG Detector remotely, as described in Procedure 14-3. Configure the RNC load threshold value by typing:
rncLoadThreshold set rnc_ID value1 value2 ... valueN
where rnc_ID is the RNC identifier that is used in reports and the RMS GUI value1 is an integer value between 0 and 10 000 000 value2 to valueN are optional, additional integer values between 0 and 10 000 000
4 5
Repeat step 3 to configure additional RNC threshold values, as required. Display the RNC load threshold settings by typing:
show rncLoadThreshold all
12-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Log in to the 9900 WNG Detector remotely, as described in Procedure 14-3. Perform one of the following: a Enter multiple IP addresses in a single command by typing:
rncPcfMap addlist RNC_ID IP_address
where RNC_ID is the RNC identifier to which you need to map IP addresses, and IP_address is a list of IP addresses separated by spaces. For example, 100.1.1.1 100.2.2.2.
You are prompted to enter IP addresses. When you are finished entering addresses, press on a blank line. 4 Display the RNC-to-PCF mapping entries by typing:
show rncPCFmap all
You are prompted to add additional SAI mappings. The following is an example:
rncSaiMap add rnc_801 Add Sai Address:1234567890abc0 Add Sai Address:1234567890abcd Add Sai Address: OK.
12-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-7
Log in to the CLI with the admin privilege, as described in Procedure 14-1 or 14-2. Log in to the 9900 WNG Detector remotely, as described in Procedure 14-3.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Perform one of the following: a b Go to step 4 to add one subnet to the whitelist. Go to step 5 to add multiple subnets to the whitelist.
You are prompted to add subnets. The following is an example of the information that is displayed.
Add subnet: 1.1.1.1/24 Add subnet: successfully added subnet(s)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-9
Procedure 12-9 To include, exclude, clear, and show VLAN IDs to process
1 2 3 Log in to the CLI with the admin privilege, as described in Procedure 14-1 or 14-2. Log in to the 9900 WNG Detector remotely, as described in Procedure 14-3. Perform one of the following: a b c d 4 Go to step 4 to include VLAN IDs. Go to step 5 to exclude VLAN IDs. Go to step 6 to show VLAN IDs. Go to step 7 to clear VLAN IDs.
Specify the VLAN IDs that the 9900 WNG Detector captures packets for by typing:
captureVLAN include vlan1 vlan2 ... vlanN
where vlan1 to vlanN are VLAN IDs from 0 to 4095
In the following example, the first command configures Detector99 to process only packets from VLAN IDs 15 and 95. The second command verifies the settings.
detector:detector99# captureVLAN include 15 95
12-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Packets will only be processed from VLANs: 15 95 detector:detector99# show captureVLAN captureVLAN include 15 95
Specify the VLAN IDs that the 9900 WNG Detector does not captures packets for by typing:
captureVLAN exclude vlan1 vlan2 ... vlanN
where vlan1 to vlanN are VLAN IDs from 0 to 4095
In the following example, the first command configures Detector99 to ignore packets from VLAN ID 101:
captureVLAN exclude 101 All packets will be processed except from VLANs: 101
Clear all settings and configure the 9900 WNG Detector to process packets from all VLAN IDs by typing:
captureVLAN clear
The following example clears all settings and configures Detector99 to process packets from all VLANs:
detector: detector99# captureVLAN clear No VLAN filtering will be done, all packets will be processed
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-11
The following example disables event generation for always active event:
anomalyEventMask alwaysActive off Event type AlwaysActive is disabled.
12-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Procedure 12-11 To specify the intensity level for a reported anomaly event
1 2 3 Log in to the CLI with the admin privilege, as described in Procedure 14-1 or 14-2. Log in to the 9900 WNG Detector remotely, as described in Procedure 14-3. Specify the intensity at which an anomaly event is reported by typing:
anomalyEventmask event_type intensity
where event_type is one of the following values: all, alwaysActive, batteryAttackDistributed, batteryAttackSingleSrc, floodMobileDistributed, floodMobileSingleSrc, highSignalingSubscriber, highUsage, p2pMobile, portScanHoriz, portScanVert, rncOverload, sigAttackSingleSrc, routerDiscoveryAbuse, or unwantedSrc intensity is a value from 0 to 5
The following example shows how to configure the 9900 WNG Detector to report always-active subscriber events only if the event is at intensity level 2 or higher:
detector99# anomalyEventMask alwaysActive 2 Event type AlwaysActive was previously enabled, however it is now enabled for the event intensity values above 2.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-13
routerDiscoveryAbuse threshold 0
5 6
Configure the management interface and lights-out management interface on the 9900 WNG Detector, as described in Procedure 7-2. Provision NTP on the 9900 WNG Detector by typing:
ntp server add ntp-server
where ntp-server is the IP address of the NTP server
If the software repository is on 9900 WNG Central, update the software on the 9900 WNG Detector by typing:
repo enable central
10
12-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Procedure 12-13 To copy 9900 WNG Detector configuration files to another 9900 WNG Detector
1 2 Log in to the CLI with the admin privilege, as described in Procedure 14-1 or 14-2. Copy the 9900 WNG Detector configuration file to another 9900 WNG Detector by typing:
copy detector source destination
where source is the name of a provisioned 9900 WNG Detector from which you are copying configuration files destination is the name of the destination 9900 WNG Detector
Verify that the configuration files have been successfully copied to the destination 9900 WNG Detector by typing:
detector detector_name
where detector_name is the name of the destination 9900 WNG Detector for the configuration file
dir
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-15
Verify that the 9900 WNG Detector has been deleted by typing:
show detectors
12.3
12-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12 Optional configuration procedures Table 12-4 Location of information from the application map table
Location Web reports Description The Applications report provides application specific information for resources and performance metrics for subscribers, devices, RNCs, and APNs. See section 31.8 for more information. Application information appears in the following:
GUI
Top Applications tabs in the Subscriber report; see section 29.7 Flow/Session tab in the Subscriber report; see section 29.10 Top Applications tab in the Network Forensic report (detailed); see section 25.3 Mobile Flow forensic report; see section 27.1
Built-in Configurations
The 9900 WNG provides built-in configurations that identify the applications. Table 12-5 lists the built-in configurations and their associated category.
Note The applications cannot be removed. However, the applications can be moved to the Other category.
Default configurations
The 9900 WNG identifies applications based on a combination of server IP addresses, ports, and protocols. The 9900 WNG provides default configurations for traffic to and popular servers, such as Google, Yahoo, Apple, and Microsoft. Based on the server port, traffic to and from ther servers, the 9900 WNG provides additional classifications for the server. For example, the traffic to and from Google servers on ports 143, 110, 25, and 993 are classified as Gmail. The traffic to and from Apple servers on port 5223 are classified as Apple Push Notification, which is for Apple iPhone devices.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-17
Go to step 3 to delete an application from the application map table. Go to step 4 to update an application name or application category from the application mapping by typing Go to step 5 to import multiple applications. 3 Delete an application from the application mapping by typing
applicationMap delete all/appname/appcategory
where all/appname/appcategory is all applications, an application name, or application category
Update an application name or application category from the application map table by typing:
applicationMap update appname/appcategory new_appname/new appcategory
where appname/appcategory is an application name or application category new_appname/appcategory is the new name of the application category
12-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Import multiple applications by performing one of the following: a Import multiple application configurations from a CSV file using SCP by typing one of the following:
applicationMap import add scp user@host:/path applicationMap import replaceall scp user@host:/path
where user@host:/path is the location of the file in the local or remote host
Import multiple application configurations from a CSV file that is on a USB disk by typing one of the following:
applicationMap import add usb filename applicationMap import replaceall usb filename
where filename is the name of the file on the USB to be imported
For example, the following commands create a WEB category for all traffic that goes to 2 WAP proxies and to a class C subnet that contains the customer portal web servers, which is accessed through https (port 443) and http (port 80):
applicationmap add wapproxy01 WEB 1.1.144.144 ANY TCP applicationmap add wapproxy02 WEB 1.1.144.145 ANY TCP applicationmap add customerportal WEB 1.1.212.0/24 443 TCP applicationmap add customerportal WEB 1.1.212.0/24 80 TCP
The following are examples of commands to create a Blackberry category for three Blackberry servers:
applicationmap add blackberry01 Blackberry 1.1.1.140 15771 ANY applicationmap add blackberry02 Blackberry 1.1.145.141 15771 ANY applicationmap add blackberry03 Blackberry 1.2.145.142 ANY ANY
------------------------------------------------------------------------
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-19
OTHER VPN
ANY ANY
See Application configuration priority rules in this section for information about how the 9900 WNG determines which configurations in the application map table to use.
The following are the rules for configurations in the application map tables: 1 When there are two application configurations with server_ip/subnets, the application configuration that has a more specific network prefix has the higher priority. Using the following two application mappings, appname2 has the higher priority because appname2 has a larger network prefix and any traffic to or from 10.1.1.X maps to appname2. Traffic to or from 10.1.Y.Z is mapped to appname1: appname1 appcategory1 10.1.0.0/16 ANY ANY appname2 appcategory2 10.1.1.0/24 ANY ANY 2 When there are two application mapping with the same server_ip/subnet, but one application mapping uses ANY for a generic port and another application mapping uses a specific port number, the application mapping with the specific port number has a higher priority. Using the following two application mappings, appname3 has the higher priority. All traffic to 10.1.1.X to and from port 80 are mapped to appname3 and traffic to the other ports are mapped to appname2. appname2 appcategory2 10.1.1.0/24 ANY ANY appname3 appcategory2 10.1.1.0/24 80 ANY
12-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
The banner is loaded from the /banner directory on the USB. 4 Load the banner from the SCP by typing:
load banner scp_location
where scp_location is the location of the SCP
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
12-21
12-22
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
13-1
15-1
17-1
20 Motive API
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
13 Interfaces overview
13-2 13-3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
13-1
13 Interfaces overview
13.1
Interfaces overview
Table 13-1 describes the interfaces that can be used to configure, monitor, and control NEs and their managed resources.
Table 13-1 9900 WNG interfaces
Description
See chapter
The 9900 WNG Central webpage and related pages provides access to 9900 WNG reports and to the GUI. The 9900 WNG EMS is a software application that resides on the 9900 WNG Central. The 9900 WNG EMS manages the 9900 WNG components including the 9900 WNG Central itself and the 9900 WNG Detectors. The 9900 WNG GUI is a graphical user interface developed to support all OA&M activities on the 9900 WNG system. The EMS user interface supports fault management, configuration management, performance management, security management, and system administration. 9900 WNG Central displays key information on the GUI in real time.
17 16
The CLI provides a text-based command interface for issuing 9900 WNG OA&M commands on 9900 WNG Central and Detector.
14
The 9900 WNG system supports basic BMC functionality, which is a location-independent remote access to the 9900 WNG Central and Detector, to respond to critical incidents and to perform maintenance. Both the 9900 WNG Central and Detector include a hardware module that provides the BMC functionality. The BMC module is independent of the server and it connects to the network on an independent Ethernet connection. If the 9900 WNG Central or Detector is out of service, the module can support remote system operations. You can use the BMC to:
18
SNMP
view the server hardware status from a remote location turn on, turn off, or reset the server from the remote location 19 GET SET TRAP
All SNMP interactions with the 9900 WNG Detector use the 9900 WNG Central. The 9900 WNG Central supports SNMP version v1, v2c, and c3 and can be configured for any of these versions. The 9900 WNG Central generates SNMP traps to integrate with a northbound network interface management functions from a bidirectional monitoring, control, and management interface. Motive API NMS Motive is an Alcatel-Lucent product that provides a unified care environment for end-to-end visibility of the network with automated problem analysis and resolution. The NMS is a combination of hardware and software used to monitor and administer a network. Network management functions include activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of a network system. The NMS receives SNMP traps from the 9900 WNG Central. 20
Figure 13-1 shows the 9900 WNG components and the associated interfaces.
13-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
13.2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
13-3
13 Interfaces overview
13-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
14.3 Changing modes and target servers 14.4 CLI command syntax 14.5 CLI navigation tips 14.6 CLI commands 14-12 14-12
14-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-1
14 CLI
14.1
CLI overview
The CLI provides a text-based command interface for performing 9900 WNG OA&M commands on the 9900 WNG Central and Detector including:
detector detection parameters detector configuration management central configuration software upgrade SNMP configuration report deletion Motive customer care
14-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
For information about Log in to the CLI on the 9900 WNG Central Log in to the CLI on the 9900 WNG Detector Change privileges in the CLI Change from the 9900 WNG Central or Detector in the CLI CLI command syntax CLI navigation tips CLI commands (2 of 2)
Section 14.3
admin user reportonly demoony
UNIX type commands shutdown reboot user add, delete, and modify NTP configuration backup, restore, add, or delete a 9900 WNG Detector start, stop, and restart application processes software upgrade commands
Access to the user and enable levels of the CLI, which includes configuration of the 9900 WNG Central and Detector Access to only the user-level CLI commands, which are mainly read-only commands Access to only the change password CLI command. The account in the CLI is used to create the Reports role, which provides access to reports. Access to only the user level CLI commands, which are mainly read-only commands. The GUI does not display IP addresses for the demoonly role.
Table 14-3 lists how each privilege maps to a mode. Your privilege determines the CLI commands that you can execute. See Changing modes and target servers in this section for more information.
Table 14-3 CLI privileges and modes
Privilege Mode sudo sudo (1 of 2) enable admin
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-3
14 CLI
Privilege
admin user (2 of 2)
Each privilege and the mode that is associated with the CLI command determines the CLI commands that you can use. See section 14.6 for information about the CLI commands for each privilege. To navigate to different modes, you need the appropriate privileges, as listed in Table 14-3. A user with the sudo privilege can access all of the modes; a user with the user privilege can access only the user mode. The user cannot move up to the admin or sudo mode. You can only move up or down one mode level at a time, as shown in Figure 14-1. For example, to move from sudo mode to the user mode, you must move from the sudo mode, to the enable mode, and then to the user mode. See Procedure 14-4 for information about how to change modes.
Figure 14-1 Changing modes
Central mode Detector mode
Central mode
Detector mode
21171
You can change from the 9900 WNG Central to a 9900 WNG Detector or change from a 9900 WNG Detector to the 9900 WNG Central. You must use two separate CLI commands to change your mode and target server. Figure 14-2 shows the commands that are required to move between modes and target servers. Table 14-4 lists the modes and whether you can move up or down on the 9900 WNG Central or Detector, if you have the required privilege. The prompts identify your location and mode, as listed in Table 14-5. Table 14-7 lists where to find information about how to change modes and target servers.
14-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI Figure 14-2 CLI commands to move between modes and target servers
detector name central> central enable exit detector name central# central sudo exit detector name central:sudo# central
21172
detector:name:sudo
CLI prompts
The CLI prompt indicates your privilege level and whether you are on the 9900 WNG Central or Detector, as listed in Table 14-5.
Table 14-5 CLI prompts
Account sudo admin user 9900 WNG Central prompt 9900 WNG Detector prompt
See section 14.3 for information about how to change roles and target servers.
CLI timeout
When you are logged in to 9900 WNG Central or Detector using the CLI, you are logged out from the CLI session after one hour of inactivity. See section 14.2 for information about how to log in to the CLI.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-5
14 CLI
14.2
Procedure 14-1 To log in to the CLI on the 9900 WNG Central from a Windows or UNIX platform using SSH
Note To log in to the CLI, you must have a user, admin, or sudo privilege.
Perform one of the following: a To log in from a UNIX platform, open a terminal window and type:
ssh user@hostname
where user is your 9900 WNG username hostname is the host name of the 9900 WNG Central server
The CLI prompt indicates your mode and whether you are on the 9900 WNG Central or Detector, as listed in Table 14-5. By default, you are logged in to the 9900 WNG Central with the user mode. Go to step 3. b To log in from a Windows platform, use the information that is included with your SSH client to open a connection to the 9900 WNG Central server. Go to step 2.
14-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Perform one of the following: a b To switch to the enable mode, go to step 4. To switch to the sudo mode, go to step 5.
To display commands that are available for your role, enter a question mark (?). If you have an admin or user role, you can perform higher level roles in the CLI, as described in Procedure 14-4. You can access CLI command on the 9900 WNG Detector, as described in Procedure 14-3.
Procedure 14-2 To log in to the CLI on the 9900 WNG Central from the GUI
Note To log in to the CLI, you need a user account on the 9900 WNG Central.
1 2
Start the 9900 WNG Central GUI from the 9900 WNG Central webpage, as described in Procedure 17-1. The 9900 WNG Central GUI appears. Double-click on CLI from the navigation tree. When you access the CLI from the GUI for the first time, a message warning that the authenticity of the host cannot be established may appear. Click on the Yes button to continue. The CLI window appears. You are logged into the 9900 WNG Central with the user mode. The CLI prompt indicates your mode and whether you are on the 9900 WNG Central or Detector, as listed in Table 14-5. See step 3 in Procedure 14-1 for information about how to access the sudo and admin privileges. If you have an admin or sudo privilege, you can assume higher-level modes on the CLI, as described in section 14.3. To display commands that are available to your role, enter a question mark (?).
14 CLI
14.3
Procedure 14-4 To change your mode on the 9900 WNG Central or Detector
See Table 14-4 for the mode levels and whether you can move up or down a level. 1 2 Log in to the 9900 WNG Central, as described in Procedure 14-1 or 14-2. Perform one of the following: a b c Go to step 3 to change from the user to the sudo mode on the 9900 WNG Central. Go to step 4 to change from the user to the sudo mode on a 9900 WNG Detector. Go to step 5 to change from the sudo to the user mode on the 9900 WNG Central, change from the sudo to the user mode on a 9900 WNG Detector, or move to the mode one level down from your current mode.
Change from the user to the enable mode on the 9900 WNG Central by typing:
enable sudo
14-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
central:sudo#
Go to step 5. 4 Change from the user to the enable mode on the 9900 WNG Detector by typing:
enable sudo
Go to step 5. 5 To move to the mode one level down from your current mode, type:
exit
The following is an example of how to change from the sudo mode to the user mode on the 9900 WNG Central:
Central:sudo# exit Central# exit Central>
The following is an example of how to change from the sudo mode to the user mode on the 9900 WNG Detector:
detector:detector_name:sudo# exit detector:detector_name# exit detector:detector_name>
where detector_name is the name of a 9900 WNG Detector
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-9
14 CLI
Change from the 9900 WNG Central to a 9900 WNG Detector at the same mode by typing:
detector detector_name
where detector_name is the name of the 9900 WNG Detector that you need to access
Change from the 9900 WNG Detector to a 9900 WNG Central at the same role level by typing:
central
Change from the 9900 WNG Central to a 9900 WNG Detector at a different mode by performing one of the following: a Change to the mode that you need on the 9900 WNG Central and then change to the 9900 WNG Detector by typing:
detector detector_name
where detector_name is the name of the 9900 WNG Detector
The prompt that appears depends on your mode; see Table 14-5. The following is an example of switching from the sudo mode on the 9900 WNG Central to the user mode on the 9900 WNG Detector:
central:sudo# exit central# exit central> detector detector_name detector:detector_name>
where detector_name is the name of the 9900 WNG Detector
Change to the 9900 WNG Detector and then the mode that you need on the 9900 WNG Detector by typing:
detector detector_name
where detector_name is the name of the 9900 WNG Detector
14-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
The following is an example of switching from the sudo mode on the 9900 WNG Central to the user mode on the 9900 WNG Detector:
central:sudo# detector detector_name detector:detector_name:sudo# exit detector:detector_name# exit detector:detector_name>
where detector_name is the name of the 9900 WNG Detector
Change from a 9900 WNG Detector to the 9900 WNG Central in a mode by performing one of the following: a Change to the mode that you need on the 9900 WNG Detector and then change to the 9900 WNG Central by typing:
central
The prompt that appears depends on your mode; see Table 14-5. The following is an example of switching from the user mode on the 9900 WNG Detector to the sudo mode on the 9900 WNG Central.
detector:detector_name> enable detector:detector_name# sudo detector:detector_name:sudo# central central:sudo#
where detector_name is the name of the 9900 WNG Detector
Change to the mode that you need on the 9900 WNG Central. The following is an example of switching from the user mode on the 9900 WNG Detector to the sudo mode on the 9900 WNG Central:
detector:detector_name> central central> enable central# sudo central:sudo#
where detector_name is the name of the 9900 WNG Detector
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-11
14 CLI
14.4
Parameters appear in italics and represent one or more additional inputs that must
be included in the command. Commands are listed alphabetically in a table.
Braces {} enclose two or more choices that are separated by the pipe symbol (|).
Enter only one of the choices as part of the command. Choices can include parameters. Brackets [] enclose optional input. Optional input can include parameters and choices. If brackets [] enclose two or more words that are separated by the pipe symbol (|), the input is optional and you enter only one of the choices as part of the command. The following is an example of the user add syntax: user add id password [cli role] [firstname] [lastname]
14.5
14-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
central# ? # applicationMap copy detector disable exit history history load logout paging ping securityMgrFeed show snmpAgent sudo user comment application Mapping copy command enter into detector mode disabled view exit this level display the current session's command line load command logout of the command line interface paging settings four ICMP pings security Event Manager Enabling/ Disabling system information snmp agent settings enter the root mode change password of current user
Using shortcuts
When you enter a command, you can type just enough characters to specify a unique string. The system fills in the rest of the name automatically. For example, to enter the history command, you only need to type h and then press the Enter key: central# h 1 2 3 enable sudo history
The shortcut applies only to command names and arguments; it does not apply to created variables, such as detector names, IP addresses, or accounts.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-13
14 CLI
Command completion
You can enter a unique string from the name of the command, then press the Tab key and the system completes the command name or argument. The following example shows how the system completes the command when you enter rnc and then press the Tab key: detector: central# rncP + Tab key detector: central# rncPcfMap When you press Enter, the system displays the options for the rncPcfMap command
detector:detector99# rncPcfMap add addList clear delete deleteList
14.6
CLI commands
Table 14-8 lists the 9900 WNG CLI commands, their associated privilege, and how to use them. See Table 9-2 for CLI upgrade commands, See section 14.4 about command syntax.
Table 14-8 CLI commands
Command
Description
See
# comment (1 of 24)
14-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Sets the intensity for the specific anomaly event. The values for intensity are 0 to 5. The list of anomalyEventType is:
Procedure 12-11
all (used to set the intensity setting for all the anomaly events) alwaysActive batteryAttackDistributed batteryAttackSingleSrc floodMobileDistributed floodMobileSingleSrc highSignalingSubscriber p2pMobile portScanHoriz portScanVert rncOverload routerDiscoveryAbuse sigAttackSingleSrc unwantedSrc
See Procedure for more information about how to set the intensity for the specific anomaly event. api add subnet <subnet> api add user <id> <password> api delete subnet <subnet> api delete user <id> api deleteList subnet applicationmap add appname category server_ip port protocol applicationmap delete all applicationmap delete appname appname applicationmap delete category category applicationMap push (2 of 24) Adds subnets for Motive API access Adds Motive API users Deletes the Motive API subnet Deletes Motive API users Deletes the list of Motive API subnets Adds a new application mapping Procedure 20-4 Procedure 20-1 Procedure 20-5 Procedure 20-2 Procedure 20-5 Procedure 12-15
Interactively selects and deletes the application mapping entries Deletes the application mapping for a specific application name Interactively selects and deletes the application mapping entries in a specific category Sends the current application mapping settings to all of the 9900 WNG Detectors
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-15
14 CLI
Command
Description
See
Uploads the application mappings in bulk from a file add option adds application mappings without changing the existing mappings replaceAll removes all of the existing mappings and adds the mappings that are in the file source defines the file containing the application mapping records. The file can be imported through scp or usb. The imported file is parsed before the mappings are loaded in the system and if it has syntax errors, out of range/invalid data, duplicate records, appnames or {serverIP, port, protocol} combinations, an error message is generated and the command exits without adding any mapping. The file is in the CSV format.
Procedure 12-15
applicationmap update category curappname category autoDetectMobilesFrom AAA [enable | disable] backhaulTracking clear backup [all|config|security|db|lo gs|reports|license] [usb|scp location]
Changes the category setting for an existing application map entry Enables or disables the autoDetectMobilesFromAAA
Procedure 39-1
Resets the peak backhaul number Backs up the 9900 WNG Central, which includes the following:
configuration files security files database logs reports license files Procedure 39-5 Procedure 39-2 Procedure 12-9 Procedure 12-9
backup detector detector-id backup incremental {scp <location> | usb} captureFilter expression expression captureVLAN clear captureVLAN exclude vland1 vlan2 ... vlanN captureVLAN include vland1 vlan2 ... vlanN
Backs up a specific 9900 WNG Detector Creates incremental backups in a specified location Sets the expression to filter capture packets Clears the VLAN Sets the list of VLAN IDs that do not have their packets captured vlan1...N = string with maximum 50 characters Sets the list to VLAN IDs that have their packets captured vlan1...N = string with maximum 50 characters
Procedure 12-9
(3 of 24)
14-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
manufacturerOnlythe exact model of CDMA device cannot be determined rangesrequires an import of MEID/ESN and the manufacturer and model for each range block. The same manufacturer and model device type may contain several blocks. The pESN resolution cannot be displayed. listrequires an import of each instance of device that contains a mapping of ESN or MEID to the manufacturer and model. The known subscriber NAI for the device can be optionally imported for resolving pESN hash conflicts for improved accuracy of pESN reporting. The list may also optionally contain the following: Device Category, such as Data Card, Smartphone, or WAP phone Device OS, such as Blackberry, Android, AppleOS, Symbian, or PalmOS
The Device Category and Device OS values can be determined by the service provider. clearBatchDBcounts clearDroppedPacketCount clearMaxSubscriberSessio nCount copy Resets failure counts Clears the dropped packet count that is kept in the 9900 WNG Detectors Resets the high water mark for the license Saves configuration to a file. The options are: Procedure 12-13
copy detector source destination copyDetectorConfig usb|scp| source (4 of 24)
copy file file1 file2 (copies file1 to file2) copy running to file2 (saves running configuration to file2) copy startup running (loads startup.xml and makes it running configuration) copy startup to file2 (saves startup.xml to file2) Procedure 12-13 Procedure 12-13
Copies a 9900 WNG Detector configuration to another 9900 WNG Detector Copies the configuration file to the 9900 WNG Detector
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-17
14 CLI
Command
Description
See
date date
Example: 070823592008 sets the date to: Tue Jul 8 13:30:00 EDT 2008 DBflushHosts delete config_file_name delete language gui <filename> deploymentMode [SimpleIPOnly | MobileIPOnly | SimpleIPOnlyandMobileIP Only detectionThresholds eventype threshold1 [threshold2] [threshold3] [threshold4] [threshold5] Deletes all of the database host data Deletes a specific configuration file. The startup configuration file cannot be deleted. Deletes the language resource file Sets the deployment mode for the 9900 WNG Detector to SimpleIP, MobileIP , or both Procedure 12-1
Sets the event intensity thresholds values for a specific event type:
alwaysActivepermitted values: 0.0-1.0 batteryAttackSingleSrcpermitted values: 0.0-1.0 batteryAttackDistributedpermitted values: 0.0-1.0 floodMobileDistributedpermitted values: 0.0-1.0 floodMobileSingleSrcpermitted values: 0.0-1.0 highSignalingSubscriberpermitted values: 0..10000 highUsagepermitted values: 0..100000000 p2pMobilepermitted: values 0..1000 portScanHorizpermitted values: 0..1000 portScanVertpermitted values: 0..1000 rncOverloadpermitted values: 0..10000000 routerDiscoveryAbusepermitted values: 0..100 sigAttackSingleSrcpermitted values: 0..1000 unwantedSrcpermitted values: 0..500000000 Procedure 7-4
Starts the CLI for a 9900 WNG Detector Provisions a specific 9900 WNG Detector
14-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Deletes a specific 9900 WNG Detector Displays the difference between two configuration files.
Procedure 12-14
dir disable dormancy timeout enable eventmask eventype [enable|disable]
diff running startupthe difference between running and startup configuration diff startup lastrunningthe difference between startup and lastrunning configuration diff test1.xml test2.xmlthe difference between test1.xml and text 2.xml Procedure 12-8
Lists the name of the existing configuration file on the 9900 WNG Detector Returns to user mode from privileged mode Sets the Mobile dormancy timeout. The values are 0 to 1000. Enters the privileged mode Sets the mask value for the awareness events that are provided by eventype. The values for eventype are:
eventrate anomalyEvents rate eventrate awarenessEvents rate exit grep log central-err <pattern> grep log compression <pattern> (6 of 24)
a11SessionUpdate detectorTrafficUpdate gtpSessionUpdate HATrafficUpdate mipSessionUpdate MobileFlow PDSNTrafficUpdate RNCLoad radiusSessionUpdate subscriberSession hopTrafficUpdate pathTrafficUpdate ranapSessionUpdate Procedure 12-6
Sets the send rate for anomaly events Sets the send rate for awareness events Next lower access level Determines if there is pattern in the 9900 WNG Central error log Determines if there is a pattern in the compression log
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-19
14 CLI
Command
Description
See
Exports the various log files that can be viewed from the CLI to an external host For the 9900 WNG Central view, the values for logname are:
grep applicationMap <pattern> grep log audit|central|detector| gui|syslog|systemEvents| webAccess pattern
For the 9900 WNG Detector view, the values for logname are: detector syslog
Displays the application mapping that meet the specific pattern Searches for a pattern in logging details:
grep log audit patternsearch for pattern in CLI logging details grep log Central patternsearch for pattern in Central logging details grep log detector patternsearch for pattern in Detector logging details grep log gui patternsearch for pattern in GUI logging details grep log syslog pattern search for pattern in Syslog logging details grep log systemEvent patternsearch for pattern in system event logging details grep log webAccess patternsearch for pattern in web access logging details Procedure 12-3 Procedure 12-4 Procedure 36-13 Procedure 36-10
grep log database <pattern> grep log ipmi <pattern> grep log motive <pattern> grep rncLaiMap <pattern> grep rncPcfMap <pattern> grep rncSaiMap <pattern> grep users <pattern> guiDisconnect {all | user user} [clean | noclean]
Searches for a pattern in the database log Searches for BMC details that have a specific pattern Searches for a pattern in the motive log Displays the RNC-LAI mapping that has a specific pattern Displays the RNC-PCF mapping that has a specific pattern Displays the RNC-SAI mapping that has a specific pattern Displays the users that have a specific pattern Disconnects a specified user or all the connected GUI sessions. The clean option is used in upgrades to disconnect the existing sessions and reload the new configuration.
(7 of 24)
14-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Displays the history of the CLI commands that were used by the logged in account Specifies the idle timeout for GUI and web users that have not had activity in a specified amount of time. The default is 0. Alcatel-Lucent recommends the timeout is set to a value that is greater than or equal to one day and the timeout can match any network timeout for subscriber sessions.
Procedure 36-9
ignoreDNSPackets {enable | disable} install software central packageName install software detector detectorName packageName load deviceTable {umts | cdmaList | cdmaRange} {scp location | usb filename} load language gui {scp <location> | usb <filename>} load load banner [usb | scp location]
Specifies whether DNS packets are ignored Installs a specific software package on a 9900 WNG Central Installs a specific software package on a specific 9900 WNG Detector Reload the device tables in different modes
Procedure 16-3
Loads a banner file. By default, the default banner file is loaded. The options are:
Procedure 12-17
load license [usb | scp location] load providerTable {scp <location> | usb} load reportPackage [usb | scp location] load userguide [usb | scp location] logLevel
load from usb /banner directory copy using scp Procedure 6-2
Loads the license file Loads the providerTable from provider_ip_map.sql.bz2 to the specified location Imports the report package using a USB or SCP Imports the updated customer documentation using a USB or SCP Specifies the log level value. The values are:
logout (8 of 24)
emergsystem is unusable alertaction must be take immediately critcritical conditions errerror conditions warningwarning conditions noticenormal, but significant, conditions infoinformational message debuggingdebug-level message
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-21
14 CLI
Command
Description
See
lossRateThreshold intensi ty value mobileIPSubnets add mobileIPSubnets addList subnet [subnet...] mobileIPSubnets clear mobileIPSubnets delete subnet mobileIPSubnets deleteList module {a11 | gtpc | radius | mobileip} {enable | disable} moduleCounts {gtpc | mobileip} clear more config_file_name ntp disable ntp enable ntp server add ntp server delete ip_address packetCounts clear paging disable paging enable peakLineRates clear ping ip_address repo disable central repo disable external repo disable local repo enable central repo enable external repo enable local (9 of 24)
Specifies the loss rate threshold for the specific intensity level Prompts you to enter Mobile IP subnets one at a time. Press Enter to end the input. Adds the listed subnets to the existing list of Mobile IP subnets Clears all of the Mobile IP subnets Deletes the subnets from the existing list of Mobile IP subnets Deletes the listed subnets from the existing list of Mobile IP subnets Enables or disables various signaling decoder modules Resets the gtpc or mobileip module counters Displays the information contained in a specific configuration file
Disables NTP service Enables NTP service Specifies the IP address of NTP servers Removes a server IP address from the list of configured NTP servers Resets all of the packet counts Disables paging Enables paging Resets the peak line rate history for the 9900 WNG Detector traffic feed inputs
Displays the reachability status of a machine Disables the 9900 WNG Central repository Disables the external repository Disables the local repository Enables the 9900 WNG Central repository Enables the external repository Enables the local repository
14-22
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Imports a repository on the 9900 WNG Central using SCP. To import only a specific package, replace package with a package name. If you do not provide an optional package name, all of the packages with the specific package name are imported. Imports a repository on the 9900 WNG Central using a USB device. To import only a specific package, replace package with a package name. If you do not provide an optional package name, all of the packages with the specific package name are imported. Mounts a repository from a USB device Deletes proxy server details Specifies the proxy server details Specifies the repository to the external yum repository Unmounts a repository Specifies the minimum number of bytes that must be observed by a 9900 WNG Detector for a mobile session before that session is considered for a billing discrepancy. The setting prevents reporting on sessions with relatively small amounts of data. Replace value with a number from 0 to 2147483647. Specifies the minimum number of bytes that must be observed by a 9900 WNG Detector for a mobile session before that session is considered for a billing discrepancy. This prevents reporting on sessions with relatively small amounts of data. value is a number from 0 to 2147483647.
Procedure 9-3
Procedure 9-3
repo mount repo proxy clear repo proxy set proxyServer port repo setExternal URL repo unmount reports billingValidationMinimum Bytes value
delete all reports delete reports of a particular day delete reports between start date to end date
Specifies the maximum number of realms or APNs that are reported separately in realm-based generated reports. realm is a value from 1 to 100. The top MaxReportableRealms are used in the report. If the value of MaxReportableRealms is greater than the number of detected realms, all of the realms are reported.
(10 of 24)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-23
14 CLI
Command
Description
See
configuration files security files database logs reports license files Procedure 39-6
restore detector detector-id rncLoadThreshold clear all rncLoadThreshold clear rncid rncid rncLoadThreshold set rncid value1 value2 ... valueN
Restores a 9900 WNG Detector Resets all of the RNC load threshold values to the default values Resets the RNC load threshold values for the specific RNC ID to the default. rncid = string with maximum of 50 characters Specifies the RNC load threshold values for the specific RNC ID. Enter the threshold values in one line, each separated by space. rncid is a string of up to 50 characters value1 ... valueN is an integer between 0 and 10 000 000
Procedure 12-2
Adds a list of RNC-PCF address mappings. Enter the address list all in one line, each separated by a space Adds a list of RNC-PCF mappings inputted sequentially Clears all of the RNC-PCF mapping Clears the RNC-PCF mapping for the specific RNC Deletes a list of RNC-PCF address mappings. Enter the addresses in one line, each separated by a space) Deletes one or more RNC-PCF mapping for a specific RNC
Procedure 12-3
rncPcfMap addList rncId pcfIP [pcfIP...] rncPcfMap clear all rncPcfMap clear rncId rncPcfMap delete rncId pcfIP {pcfIP } rncPcfMap deleteList rncId (11 of 24)
Procedure 12-3
14-24
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Uploads, in bulk, the RNC-PCF mappings from a file through SCP or USB. The imported file is parsed before the mappings are loaded to the system. If the file has syntax errors, invalid data, or duplicate records, the commands exits without adding any mapping and sends the messages to correct the records in the file. source is the file that contains the RNC-PCF mapping records. The syntax of the source file must be in the following format: rnc-group,pcf_ip_address rnc-group,pcf_ip_address rnc-group,pcf_ip_address where rnc-group is a string and pcf_ip_address is a valid IP Address For example: RNC_TEST_2, 123.1.1.21 RNC_TEST_2, 123.1.2.21 BSC_CO_5, 113.1.1.22 BSC_CO_5, 113.1.2.22 BSC_CO_5, 113.1.1.23 If a pcf_ip_address already existed with specified values for pcf_ip_address, and the import file includes more addresses within the same group, the pre-existing entries from this group are assigned to un-named group. Only the new mappings in the imported file belongs to this group. If the imported list includes a PCF address that is already in an existing group, the mapping is updated with the new group.
Adds a list of RNC-SAI mappings. Enter the mappings in one line, each separated by a space. Adds list of RNC-SAI mapping inputted one after the other. rncid = string with maximum 50 characters sai = a hex string with exactly 14 characters
Procedure 12-4
Procedure 12-4
Clears all values that are entered for the RNC-SAI mappings Clears the RNC-SAI mapping for the specific RNC ID. rncid = string with maximum 50 characters Deletes a list of RNC-SAI mappings. Enter the list of mappings in one line, each separated by a space) rncid = string with maximum 50 characters sai = a hex string with exactly 14 characters
(12 of 24)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-25
14 CLI
Command
Description
See
Deletes one or more RNC-SAI mapping for a specific RNC rncid = string with maximum 50 characters Automatically groups SAIs that do not belong to any RNC Group. The SAIs are grouped by their LAC (the first 10 characters of their value). Uploads RNC-SAI mappings from a file, in bulk, through SCP or USB. The imported file is parsed before the mappings are loaded to the system. If there are syntax errors, invalid data, or duplicate records, the command exits without adding any mapping and with a message that the records in the file must be corrected. The syntax of the source file must be in the following format: rnc-group,sai rnc-group,sai where sai is a 14-character hexadecimal value and the starting character is 2 to 7 or 9 rnc-group is a valid RNC group. For example: RNC_TEST_3, 26800600004cb5 RNC_TEST_3, 800600004cb51 BSC_CO_1, 268006eb2857f8 BSC_CO_1, 268006eb2857f9 BSC_CO_1, 268006eb28586e For an example, if an existing RNC group called RNC-ABC has SAIs and the import file includes SAIs mapped to the RNC-ABC group. The preexisting entries from RNC-ABC are moved to the unnamed group and only the new mappings from the imported file are assigned to RNC-ABC. If the import file includes an SAI mapping that already exists in another group, the mapping is updated with the new group. If a mapping has the same SAI value as an RNC group, that mapping is rejected.
rncSaiMap groupByLAC
securityMgrFeed disable securityMgrFeed enable syslogCollectorHost syslogCollectorPort netflowCollectorHost netflowCollectorPort service central restart service central start service central stop (13 of 24)
Disables the security event manager Enables the security event manager
Procedure 12-16
Restarts the 9900 WNG Central Starts the 9900 WNG Central Stops the 9900 WNG Central
14-26
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
service detector restart service detector start service detector stop service snmpAgent restart service snmpAgent start service snmpAgent stop show anomalyEventmask anomalyEventType
Restarts the 9900 WNG Detector Starts the 9900 WNG Detector Stops the 9900 WNG Detector Restarts the SNMP agent Starts the SNMP agent Stops the SNMP agent Displays the intensity setting for the specific anomaly event. The list of anomalyEventType is:
show api users show api stats show api subnets show applicationMap all show applicationMap category category show autoDetectMobilesFromAA A show backhaul
all (used to see the intensity setting for all the anomaly events) alwaysActive batteryAttack batteryAttackDistributed floodMobileDistributed floodMobileSingleSrc highSignalingSubscriber highUsage p2pMobile portScanHoriz portScanVert rncOverload routerDiscoveryAbuse sigAttack unwantedSrc Procedure 20-3 Procedure 20-6 Procedure 20-4 Procedure 12-15
Displays Motive API users Displays statistics for each Motive interface Displays the subnets for motive API access Displays all of the defined application mapping Displays the list of application mapping for the specific category. The category can be any string value. Displays whether autoDetectMobilesFromAAA is enabled or disabled
Displays the line rates for management interfaces that are between the 9900 WNG Detector and Central Displays the filter that is used for capture Displays the VLAN IDs for the capture VLAN
show captureFilter show captureVLAN show CDMADeviceMode show cliSessions (14 of 24)
Displays the setting for the CDMA device mode Displays information about the active CLI sessions
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-27
14 CLI
Command
Description
See
show compressionStatus
Displays the current daily summary and number of uncompressed tables until the next hourly summary Displays the mysql information, such as open connections, process list, and list of queries Displays the deployment mode for a 9900 WNG Detector Shows the event intensity thresholds values for a specific event type:
Procedure 12-1
show detectors show diskArray show dormancy show eventmask eventype
alwaysActive batteryAttack batteryAttackDistributed floodMobileDistributed floodMobileSingleSrc highSignalingSubscriber highUsage p2pMobile portScanHoriz portScanVert rncOverload routerDiscoveryAbuse sigAttack unwantedSrc Procedure 12-8
Displays the list of 9900 WNG Detectors that are registered with the 9900 WNG Central Displays the disk status; for example, if the disk has failures or is running optimally Displays the mobile dormancy timeout value Displays the mask setting for the events specified by the variable eventype. The values are:
show eventrate anomalyEvents show eventrate awarenessEvents show hostId show hostname
a11SessionUpdate detectorTrafficUpdate mobileFlow sessionUpdate subscriberSession hopTrafficUpdate Procedure 12-6 Procedure 6-1
Displays the send rate for anomaly events Displays the send rate for awareness events Displays the platform hardware host ID Displays the hostname of the 9900 WNG Central or Detector, depending on which server executed the command
(15 of 24)
14-28
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
show idleTimeout {GUI | web} show ignoreDNSPackets show interface all show interface name show inventory show language gui show license show log audit show log central show log central-err show log compression show log database show log detector show log gui show log ipmi show log motive show log syslog show log systemEvents show log webAccess show logLevel show lossRateThreshold show memory show mobileIPSubnets show module show moduleCounts {gtpc | mobileip} show ntp
Displays the idle timeout for GUI and Web users Displays whether DNS packets are ignored
Procedure 36-14 Procedure 16-2 Procedure 35-1 Procedure 20-7 show memory in section 37.4 Procedure 12-5
Displays information about the network interfaces Displays information about a specific network interface Displays hardware information for the 9900 WNG Central or Detector
Displays the language resource file Displays the license and license violation details
Displays the CLI/GUI logging details Displays logging information for the 9900 WNG Central Displays the 9900 WNG Central error log Displays the compression log Displays the mysql log Displays logging information for a specific 9900 WNG Detector
Displays logging information for a specific GUI Displays logging information for the BMC Displays the motive log Displays system level logging information for the 9900 WNG Displays system event logging information for the 9900 WNG Displays web access logging information Displays the log event settings Displays the loss rate threshold for different levels Displays the system memory information Displays the IP subnets that are used for mobiles Displays the enabling status for signaling decoder modules Displays the gtpc or mobileip module counters
Displays the NTP configuration information for the 9900 WNG Central or Detector, depending on which server the command is executed
(16 of 24)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-29
14 CLI
Command
Description
See
show packetCounts show processes show reportTime [verbose] show reports maxReportableRealms show reports billingValidationDifferenc eThreshold show reports billingValidationMinimum Bytes show repoStatus show rncLoadThreshold all show rncLoadThreshold rncid rncid show rncpcfmap all show rncPcfMap discoveredPCFConfigured show rncPcfMap discoveredPCFNotConfigur ed show rncpcfmap rncid rncid show rncpcfmap summary show rncSaiMap all|rncid rncid show rncSaiMap discoveredSaiConfigured show rncSaiMap discoveredSaiNotConfigur ed show rncpcfmap summary show runningConfig show securityMgrFeed status (17 of 24)
Displays the 9900 WNG Detector packet counts Displays the list of running processes Displays the earliest day of the reporting period and any missing data gaps, if verbose Displays the maximum number of realms or APNs that are reported separately in the realm-based generated reports Displays the difference between the observed bytes and the RADIUS reported bytes for a mobile session that causes the reporting of a billing discrepancy Displays the minimum number of bytes that must be observed by a 9900 WNG Detector for a mobile session before that session is considered for a billing discrepancy Displays the settings for all repositories Displays all existing RNC load threshold values Displays the RNC load threshold values for a specific RNC ID rncid = string with maximum 50 characters Displays the RNC-PCF mapping Displays the discovered PCFs that are configured Displays the discovered PCFs that are not configured Displays the RNC-PCF mapping for the specific RNC Displays a summary of RNC-PCF mappings Displays all of the existing RNC-SAI mappings or the mapping for a specific RNC ID. rncid is a string of up to 50 characters Displays the discovered SAIs that are configured Displays the discovered SAIs that are not configured Displays a summary of RNC-SAI mappings Displays the configuration that is currently running on the 9900 WNG Detector Displays whether the Security Event Manager is enabled or disabled
Procedure 12-4
14-30
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
show snmpAgent community show snmpAgent groups show snmpAgent hosts show snmpAgent info show snmpAgent users show snmpAgent views show software installed central [all] show software installed detector show software installed detector all show software repo [all|alu9900|central|dete ctor] show stats
Displays the list of SNMP communities Displays the SNMP groups Displays information about the SNMP host (managers) that are used to forward traps Displays information about SNMP, such as contact, location, and SNMP enabling Displays the list of SNMP users Displays the SNMP view details Displays information about the software that are installed on the 9900 WNG Central Displays information about the software that is installed on a specific 9900 WNG Detector Displays information about the software that is installed on all 9900 WNG Detectors Displays software package information
Displays statistics for all of the mobile NEs, such as PDSN and HA. Statistics include, current and peak rates of the 9900 WNG Central or Detector traffic feed inputs Displays subscriber group information
Displays all of the system information, such as CPU, memory usage, system name, location, and contacts See for more information. Displays a snapshot of the UNIX top utility Displays all of the mobile network elements, such as PDSN and HA, for all of a specific 9900 WNG Detector (in the detector view)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-31
14 CLI
Command
Description
See
Displays the trend threshold values for different trends Values for elementTypes are: HA_GROUP, PDSN_GROUP, RNC_GROUP. Settings for trendName are:
show uptime show uniTCPFlows (19 of 24)
num_active_m nnum_hoin num_hoou i2m_pkts i2m_flows i2m_bytes m2i_pkts m2i_flows m2i_bytes m2m_pkts_up m2m_flows_up m2m_bytes_up m2m_pkts_down m2m_flows_down m2m_bytes_down down_rtt_mean down_tcp_pkts down_tcp_loss uni_i2m_pkts uni_i2m_flows uni_i2m_bytes uni_m2i_pkts uni_m2i_bytes ni_m2m_pkts_up uni_m2m_flows_up uni_m2m_bytes_up uni_m2m_pkts_down uni_m2m_flows_down uni_m2m_bytes_down loss_rate rtt_mean tcp_reset_i2m_pkts tcp_reset_m2i_pkts tcp_reset_m2m_pkts_down tcp_reset_m2m_pkts_up icmpunreach_i2m_pkts icmpunreach_m2i_pkts icmpunreach_m2m_pkts_down icmpunreach_m2m_pkts_up num_conn_setup_up num_conn_setup_down
Displays the time of the 9900 WNG Central or Detector servers since the last reboot Displays the statistics for the unidirectional TCP
14-32
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
show users show version show whitelist snmpAgent add community community ro|rw|wo ipaddress snmpAgent add group name [noAuthNoPriv|authNoPri v|authPriv] Read-view Write-view Notification-view snmpAgent add host v1 IpAddress port community | v2c IpAddress port community | v3 IpAddress port userName snmpAgent add user username groupname [authProtocol] [authPassword] [privPassword] snmpAgent add view view old [excluded | included] snmpAgent add community community ro|rw|wo ipaddress snmpAgent delete group name snmpAgent delete host IpAddress snmpAgent delete user user snmpAgent delete view view snmpAgent update contact contact snmpAgent update location location snmpServer add ip snmpServer addList ip[ip] [ip]... (20 of 24)
Displays the list of currently configured CLI and GUI users on the 9900 WNG Central. Displays the version of the 9900 WNG Detector Displays the whitelist subnets
Specifies the community string that is used for SNMPv1/v2c get/set Specifies the access control rules for the group. The group name must be unique.
Procedure 19-4
Specifies the host for forwarded SNMP traps. IPaddress is the IP address of the trap recipient machine, port is the target port. For SNMP v1 or v2c, the community string is required. For SNMP v3, a user name is required to configure the trap host. Creates SNMP users. The authProtocol and authPassword parameters are required only when the user requires authorization or privacy, whereas privPassword is required for privacy support. Specifies the SNMP view. The SNMP view name should be unique. See Procedure for more information. Adds the community string that is used for SNMPv1/v2c get/set Deletes the SNMP group with the group name Deletes the host from the trap-receiving host list Deletes the SNMP user with a specific name Deletes the SNMP view with a specific name Sets the value of the SNMP contact string Specifies the SNMP location string Adds an NMS server to send SNMPv3 requests to the agent Adds a list of NMS servers to send SNMPv3 requests to the agent
Procedure 19-3
Procedure 19-2
Procedures 19-1 and 19-2 Procedure 19-6 Procedure 19-5 Procedure 19-2 Procedure 19-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-33
14 CLI
Command
Description
See
snmpServer delete
Deletes a NMS server from the list of allowed NMS servers that send SNMPv3 requests to the agent Deletes NMS servers one at a time from the list of allowed NMS servers that send SNMPv3 requests to the agent Specifies the intensity of anomaly events. The SNMP trap for the selected event type is generated only if the event intensity is greater than or equal to the specified intensity. The values for intensity is 1 to 5, and off. Specify one of the following event types:
snmpServer deleteList
Procedure 19-14
snmp trap trendAlerts intensity
AlwaysActive batteryAttackDistributed batteryAttackSingleSrc floodMobileDistributed floodMobileSingleSrc highSignalingSubscriber highUsage p2pMobile portScanHoriz portScanVert rncOverload routerDiscoveryAbuse sigAttackSingleSrc unwantedSrc
Specifies the intensity of trend alerts. The SNMP trap for the selected event type is generated only if the event intensity is greater than or equal to the set intensity. The values for intensity is 1 to 5, and off. Specifies the intensity of congestion alerts. The SNMP trap for the selected event type is generated only if the event intensity is greater than or equal to the set intensity. The values for intensity is 1 to 5, and off. Sets the intensity of trend alerts. The SNMP trap for the selected event type is generated only if the event intensity is greater than the set intensity. The values for intensity is 1 to 5, and off.
Deletes one or more subscriber groups. After a subscriber group is deleted, all of the subscribers which were contained in the group are ungrouped.
14-34
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Bulk uploading of the subscriber group-subscribers mappings from a file.The source specifies the file that contains the groupName-subscriber mapping records. The file can be imported using SCP or USB. The imported file is parsed before the mappings are loaded. If the file contains syntax errors, invalid data, or duplicate records, the mappings are not changed. A subscriber can be contained in multiple groups. The syntax of the file containing the mapping is: subscriber_groupName,NAI/IMSI where subscriber_groupName is the name of the subscriber group, which can contain up to 64 NAI/IMSI (without realm) is an NAI/IMSI value The following describes the options:
addincrementally adds the subscribers to the subscriber group. Use createOrReplace command to create new or replace existing groups createOrReplacecreates or overwrites one or more subscriber groups that are in the file
The following is a sample file: Sub1, 1234567890 Sub1, 1234562890 Sub2, 1234567890 system reboot Reboots the 9900 WNG Detector or Central, depending on which server the command is executed Halts the system after bringing it down Removes or resets the trend threshold values for the specified trend. elementTypes are: HA_GROUP, PDSN_GROUP, RNC_GROUP The following are the trend names:
Procedure 5-2
(22 of 24)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-35
14 CLI
Command
Description
See
Specifies the trend threshold values for a specific trend. A trend threshold can be configured for a trend that is recognized by combination of three fields: element type, trend name, and node name. Specify one of the following values for elementTypes are: HA_GROUP, PDSN_GROUP, RNC_GROUP The list of trend names are:
update software central packageName update software detector detectorName packageName user add id password group firstname lastname user changePassword id
num_active_mn i2m_flows i2m_bytes m2i_flows m2i_bytes num_conn_setup_up num_conn_setup_down airtime_up airtime_down Procedure 9-4 Procedure 9-4
Updates a specific software package on the 9900 WNG Central Updates a specific software package on a specific 9900 WNG Detector Creates a CLI, GUI, Web, or ReportOnly user account. The options for the group are user, admin, reportonly, sudo, or demoonly. If the command is used in sudo mode, you must specify the ID to reset the password of a specific user. If the command is used from the user or admin mode, your password is changed. Deletes a specific the CLI, GUI, Web, ReportOnly, or Demoonly user Changes the CLI role for an account. The role can be user, admin, reportonly, or demoonly. Changes the GUI role for an account. The role can be NE, ano, subs, or admin.
Procedure 36-1
user delete id user modify group CLI <id> <group> user modify group GUI <id> <gui_role1> [gui_role2] [gui_role3] [gui_role4] [gui_role5] user modify group id group user modify group Reports <id> <rep_role1> [rep_role2] [rep_role3] [rep_role4] user modify name id firstname lastname (23 of 24)
Changes a specific user role. The role cannot be upgraded to sudo. Changes a specific role for a Reports account. The roles NE, subs, apps, or admin.
Procedure 36-5
Procedure 36-6
14-36
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14 CLI
Command
Description
See
Resets the specific user current and future passwords to expire after the specified number of days Sets the default password for new and existing accounts. A current password lasts for the specified number of days. Prompts you to enter whitelisted subnets one at a time. Press Enter to finish entering whitelisted subnets. Specifies one or more whitelisted subnets Clears all of the whitelisted subnets Deletes the subnets from the list of whitelisted subnets Deletes the whitelisted subnets one at a time. Press Enter to finish deleting the whitelisted subnets.
Procedure 36-8
Procedure 36-7
Procedure 12-7
whitelist addList subnet [subnet...] whitelist clear whitelist delete subnet whitelist deleteList
Procedure 12-7
(24 of 24)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
14-37
14 CLI
14-38
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
15 PC client installation
15-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
15-1
15 PC client installation
15.1
secure PC-based GUI and CLI client interfaces to enable remote monitoring and
administration threat analysis SSH cut-through to 9900 WNG components a view of the entire wireless network that is being monitored on-demand reports
15.2
PC client installation
The 9900 WNG EMS is a software application that runs on the client PC. It is downloaded from 9900 WNG Central through the Java Web Start. The EMS manages 9900 WNG components (NEs), including the 9900 WNG Central and Detector. The 9900 WNG Central web applications run on client terminal platforms that meet these conditions:
Windows XP Minimum screen resolution: 1024 x 768 Internet Explorer 6.0 Java 1.6 or later Processor speed - a minimum of 1GHz
Provisioning your PC
Before you can run the GUI client on a machine, the machine must first be provisioned. Additionally, when your System Administrator changes the server certificate on the 9900 WNG Central server you must provision your PC again. Perform Procedure 15-1 to provision your PC.
15-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
15 PC client installation
If you cannot provision your PCI, click on the Common launch problems link located on the 9900 WNG Central webpage for troubleshooting information.
15.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
15-3
15 PC client installation
15-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16 GUI
16-2 16-2
16-6 16-8
16.5 Configuring the language on the GUI 16.6 Configuring preference settings
16-9
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-1
16 GUI
16.1
GUI overview
The 9900 WNG includes a GUI client application that runs on your personal computer. The GUI has the following key functions:
Threat and performance analysisThe GUI is designed to allow you to view and
analyze network threats and performance issues. The GUI is a dynamic interface that supports a variety of on-demand reports for real-time monitoring and analysis of network anomalies. Element managementyou can use the GUI to manage 9900 WNG Central and Detector devices. The GUI supports the following features:
secure PC-based GUI and CLI client interfaces to enable remote monitoring and
administration SSH cut-through to 9900 WNG components using the CLI menu item in the navigation menu
16.2
16.3
GUI components
The first time that you open the GUI client, the Dashboard View appears as shown in Figure 16-1
16-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Workspace panel
21132
Table 16-1 describes the 9900 WNG GUI window components. The components in the GUI are persistent or variable. Persistent components remain visible in the GUI window and provide access to high-level navigation, commands, and monitoring functions. Variable components appear in the workspace panel. the layout and format of the workspace panel depend on the item that you select in the navigation menu.
Table 16-1 9900 WNG GUI persistent components
Component Main menu Description Contains menu and submenu items: See Table 16-2 for a description of the Preferences commands
Status bar
File Preferences Help User name and privileges the name of the 9900 WNG Central server that hosts the GUI LED status indicators
(1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-3
16 GUI
Description Contains a list of items that represent the available GUI functions. Each item opens a specific view that appears in the workspace panel. Use the Navigate menu to navigate to a specific GUI function. You can navigate from one view to another without affecting the data in the views.
Workspace panel
The layout and content of this panel depends on the navigation menu item that you choose. The workspace panel is used to perform network performance monitoring and anomaly management
(2 of 2)
GUI menus
The GUI menu provides the top-level controls for the GUI client. Table 16-2 describes the menus.
Table 16-2 GUI menus
Menu File Preferences Submenu or command Exit command Set Data Retrieval Size Filter Received Events Set Subscriber Report Preferences Topology Preferences Reset Configuration Settings Help About command Provides information about the following: Description Provides access to the Exit command, which closes the GUI Provides options to change the default display settings for the GUI-based reports See Section 16.6
current version of the 9900 WNG current version of Java current OS run time for the current GUI session
16-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Red
System
Green Yellow
Red
Troubleshooting LEDs
Table 16-4 describes the color information for LEDs for troubleshooting.
Table 16-4 Troubleshooting LEDs
LED color Red Solution If all LEDs are red, there is either a network connectivity issue or the system is down. If you are able to access the 9900 WNG webpage but cannot authenticate yourself, contact your Alcatel-Lucent technical support representative. If you are unable to access the 9900 WNG webpage, check your network connectivity and/or verify that the 9900 WNG Central is powered up. Yellow Yellow/red If the database LED is yellow, you are likely making too many report/database accesses. If the system or anomaly LEDs are yellow/red, the GUI automatically retries and after the Central processes are up, these LEDs change to green.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-5
16 GUI
Forensic view
Use this view to investigate threat events and analyze general mobile flow records, such as records that do not relate to an anomaly event. The Historic View tab contains a list of past forensic queries that are sorted from most recent to oldest.
Topology and network forensics System View Mobile flow CLI Subscriber
Provides a view of the network elements observed by the 9900 WNG Detector while monitoring the network traffic. Includes Element tables and Network graphs Displays current events representing health alerts and troubleshooting. Displays usage records that combine the typical network flow information with wireless-specific information. Provides SSH cut through to the Central CLI Displays reports about subscribers
16.4
Sorting functions
The 9900 WNG includes a variety of ways to sort the data in the workspace panel. The sort functions depend on the report type that you view.
Tabular reports
Some tabular reports support the sorting of table data in ascending and descending order based on the column header that you choose. You can click on the column header to realign the order of the table for the following reports:
16 GUI
Mobile Flow records Subscriber Anomaly Events tab Network Forensic History tab
Report-specific filters
For all other filter operations, see the appropriate chapter for the GUI-based report.
Export functions
Table 16-6 describes the common export functions.
Table 16-6 Common Export functions
Action Buttons Export Opens a dialog box that allows you to choose the content (tabs) to be exported and the format: CSV, PDF, or both Exports the data to a CSV file Subscriber (all tabs) Network Forensic Description View where used
Export to CSV
Forensic View
Element Tables
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-7
16.5
16-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16 GUI
16.6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-9
16 GUI
Change the settings for the fields, as described in Table 16-10. Select from settings in the drop-down menu to the right of each field.
Note The number of events that you display can affect the system performance. The system required more time to process a large number of events than a small number of events of the same type.
500 (default), 1000, 1500, 2000, 2500 20, 50, 100, 500 (default), 1000
Anomaly History view in chapter 22 Chapter 23 (Forensic View) Chapter 29 (Subscriber View)
Specifies the number of events that are shown in the Mobile Flow View
Chapter 27
16-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16 GUI
Event name HIGH_SIGNALING_SUB RNC_OVERLOAD BATTERYATTACK_SINGLE_SRC BATTERYATTACK_DISTRIBUTED FLOOD_MOBILE_SINGLE_SRC FLOOD_MOBILE_DISTRIBUTED PORTSCAN_VERT PORTSCAN_HORIZ ALWAYS_ACTIVE_SUB HIGH_USAGE_SUB P2P_MOBILE UNWANTED_SRC ROUTER_DISCOVERY_ABUSE (2 of 2)
Description High signaling subscriber RNC overload Battery attack from a single source Battery attack from a group of sources Flood mobile from a single source Flood mobile from multiple sources Vertical port scan Horizontal port scan Always active airtime subscriber High usage subscriber Peer-to-peer mobile Unwanted source of traffic ICMP router discovery abuse
b c 4
Click on the Select All button to display all types of anomaly events in the the views. Click on the Deselect All button to deselect all events.
(1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
16-11
16 GUI
Parameter Discrepancy Difference Threshold in bytes (1) Restore defaults button (2 of 2) Note
(1)
Description Specifies the difference between the observed bytes and the bytes reported by RADIUS for a mobile session. If the threshold is reached or exceeded, the system reports a billing discrepancy. Restores the values in the form to the default values
The GUI settings do not affect other users or the daily/weekly/monthly billing discrepancy report that is set using the CLI.
16-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
17-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
17-1
17.1
open the browser-based reports interface open the 9900 WNG Central client GUI open the Group Manager log out or change password get SNMP MIBs view customer documentation
Note Users with the reportonly privilege cannot view the GUI
link.
Perform Procedure 17-1 to access the functions supported by the 9900 WNG Central webpage.
Note The 9900 WNG Central converts HTTP queries into HTTPS queries. For example:
http://centralhostname is converted to https://centralhostname 2 3 Enter your username and password and click on the Login button. The 9900 WNG Central home page appears. Choose one of the links in Table 17-1, which describes the functions that you can access and where to find more information.
17-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
17 9900 WNG Central webpage Table 17-1 Links on the 9900 WNG Central home page
Link Get reports Description Browser-based reports provide you with information about short and long-term trends in network events and activities. The reports are web-based and accessed by using a browser. The 9900 WNG GUI client supports the following activities: See Chapter 30 for information about how to access and use browser-based reports. See chapter 31 for detailed information about each type of report that you can generate. Chapter 16 for information about how to access and use the 9900 WNG GUI. See chapters 21 to 29 for information about the types of real-time reports that you can generate.
Group Manager
Threat and performance analysis in real-time Element management and SSH cut through to the CLI for the 9900 WNG Central and Detector
The Subscriber Group Manager webpage enables you to create subscriber groups which you can use to classify and manage a large number of subscribers Download the 9900 WNG MIB file
Chapter 32 for information about how to create and manage subscriber groups Section 19.9
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
17-3
17-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
18 BMC
18.1 BMC
18-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
18-1
18 BMC
18.1
BMC
The BMC provides system administrators with remote access to the 9900 WNG Central and Detectors. If the 9900 WNG Central or Detector hardware fails for any reason, the system administrator can access the status of the hardware and take corrective action. BMC firmware enables server management functions, such as remote reset and remote power off, even when the server operating system is down. The BMC LAN interface is configured with a separate IP address to enable remote access. The IPMI Management Utilities are used to send commands to the BMC firmware. These commands include accessing the firmware system event log, launching the remote console, and performing remote power off. The IPMI Management Utilities must be installed on the machine from which the system administrator wants to access BMC. The IPMI Management Utilities can be installed on a Linux or Windows platform. Table 18-1 lists where to find more information about the BMC.
Table 18-1 BMC information
For information about Configure the management interface and BMC LAN on the 9900 WNG Central Monitoring the 9900 WNG Central and Detectors using the BMC Powering up, powering down, or resetting a 9900 WNG Central or Detectors using the BMC IPMI CLI commands See Procedures 7-1 and 7-2 Section 37.5 Procedure 5-5 Table 14-8
18-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
19-2 19-3
19.2 Configuring SNMPv1/v2c 19.3 Configuring SNMPv3 19.4 SNMP user accounts
19.7 Configuring SNMP for anomaly, trend, and congestion alerts 19-11 19.8 SNMP commands 19.9 SNMP MIBs 19-15 19-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-1
19 SNMP
19.1
SNMP interface
SNMP is a UDP-based network protocol that is used to monitor and manage complex networks. Table 19-1 describes the components in an SNMP-managed network.
Table 19-1 SNMP-managed network components
Component Managed device Description A network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional access to node-specific information. Managed devices exchange node-specific information with the NMSs. Managed devices, also known as NEs, can be any type of device, including, routers, access servers, switches, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers. A network-management software module that resides on a managed device. An agent has local knowledge of management information and translates the information to or from an SNMP-specific form and reports the information to the NMS. The higher level manager that monitors and manages a group of hosts or devices in the network.
Agent
NMS
SNMP agents interprets management data on the managed systems as variables. The variables that are accessible using the SNMP interface are organized in hierarchies containing OIDs. The hierarchies, and other meta data, such as type and description of the variable, are described by the MIB. Each OID identifies a variable that can be read or set using the SNMP. The SNMP specifies five core PDUs in version 1 and 2. Other PDUs were added to create SNMPv2c and then SNMPv3. The information between the agent and manager is exchanged in form of PDUs. SNMPv1 is the initial implementation of the SNMP. SNMPv1 and SNMPv2c have community (plain text) based authentication. However, the SNMPv3 architecture uses the USM for message security and the VACM for access control. See section 19.2 for more information about SNMPv1/v2c. See section 19.3 for information about SNMPv3. The 9900 WNG Central supports the SNMP interface. There is an SNMP agent that is on the 9900 WNG Central and the SNMP agent monitors processes, hardware, and software in the 9900 WNG Central and Detectors. You can use the SNMP agent to configure one or more NMSs to communicate and share information. A community, user-based authentication is required to communicate between the agent and manager. Table 19-2 describes the components of SNMP that must be configured.
Table 19-2 SNMP configurations
Component SNMP servers Community string Hosts (1 of 2) Description NMS servers that are allowed to send requests to the 9900 WNG Central Allows access the 9900 WNG MIB data The destination NMS for SNMP traps SNMPv1/v2c SNMPv3
19-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
Description Restricts the user to have access to only the MIB Maps users to views. For each group, you can configure a read view, a write view, or both. For communicating between the agent and manager. An authentication protocol, password, and privacy password are required, depending on the group and specified authentication type.
SNMPv1/v2c
SNMPv3
(2 of 2)
See Table 14-8 for information about all SNMP CLI commands.
19.2
Configuring SNMPv1/v2c
SNMP versions 1 and 2 provide a level of security by using community strings, which, like public and private keys, are used to match valid requestors at the network component. Perform Procedure 19-1 to specify the NMS servers and configure SNMPv1/v2c settings.
Procedure 19-1 To specify the NMS servers and configure SNMPv1/v2c settings
This procedure requires the following privileges:
1 2
sudoto specify the NMS server entries adminto configure the SNMPv1/v2c settings
Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Configure the NMS server by performing one of the following: a Add one NMS server by typing:
snmpServer add IP_address
where IP_address is the IP address of an NMS server.
The following example shows how to configure a single server using the add option.
central:sudo# snmpServer add 1.1.1.1 Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-3
19 SNMP
The following example shows how to configure multiple servers using the addlist option:
central:sudo# snmpServer addList 1.1.1.1 2.2.2.2 3.3.3.3 Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Exit the sudo privilege and change to the admin privilege to configure SNMPv1/v2c settings by typing:
exit
Add the SNMP host for the destination of the SNMP traps by typing:
snmpAgent add host version IP_address port community
where version is v1 or v2c IP_address is the IP address of the NMS server that receives the traps port is the port to which the trap is sent community is the community string used to receive the traps
7 8
Update SNMP location information, as described in Procedure 19-8. Update the SNMP agent contact, as described in Procedure 19-9.
19-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
19.3
Configuring SNMPv3
SNMPv3 provides encryption and a USM for authentication and privacy services. The SNMPv3 with USM protects the system against:
modification of information masquerading the identity of an authorized entity message stream modification disclosure of information
Perform Procedure 19-2 to specify the NMS servers and configure SNMPv3 settings.
1 2
sudoto specify the NMS server entries adminto configure the SNMPv3 settings
Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Provision the NMS server by performing one of the following: a Add an NMS server by typing:
snmpServer add IP_address
where IP_address is the IP address of the NMS server
Replace IP_address with the IP address an NMS server. The following example shows how to configure a single server using the add option:
central:sudo# snmpServer add 1.1.1.1 Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
The following example shows how to configure multiple servers using the addlist option:
central:sudo# snmpServer addList 1.1.1.1 2.2.2.2 3.3.3.3 Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-5
19 SNMP
Exit the sudo privilege and change to the admin privilege to configure the SNMPv3 settings by typing:
exit
Verify that there are views. If there are views go to step 8. If there are no views, go to step 7 to create views. The following example shows that SNMP views:
central# show snmpAgent views
19-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
Context
Access
Read-View noAuthView
Write-view
10
Note The authProtocol and authPassword parameters are required only when the user requires authorization or privacy. The privPassword parameter is required for privacy support.
Enabling authentication and specifying a privacy password for a user are optional. 11 Add the SNMP host for the destination of SNMP traps by typing:
snmpAgent add host version IP_address port userName
where version is v3 IP_address is the IP address of the NMS server to receive the traps port is the port to which the trap is sent userName is the SNMPv3 username that is used to authenticate traps
12 13
Update SNMP location information, as described in Procedure 19-8. Update the SNMP agent contact, as described in Procedure 19-9.
19.4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-7
19 SNMP
19 SNMP
Table 19-3 describes the information that appears for SNMP user accounts.
Table 19-3 show snmpAgent users command
Column User-name Group-name Access Auth-Protocol Description The name of the SNMP user account The group name that contains the SNMP user account The access level for the SNMP user account, such as authNoPriv or no AuthNoPriv The authorization protocol for the account, such as MD5
19.5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-9
19 SNMP
19.6
19-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
19.7
Procedure 19-14 To configure SNMP for anomaly, trend, and congestion alerts
1 2 Log in to the CLI with the admin privilege, as described in Procedure 14-1 or 14-2. Configure the types of anomalies that are reported as SNMP traps and the intensity level which the traps are generated by typing:
snmp trap anomaly anomaly intensity
where anomaly is the anomaly event for which an SNMP trap is generated. The values are: alwaysActive, batteryAttackDistributed, batteryAttackSingleSrc, floodMobileDistributed, floodMobileSingleSrc, highSignalingSubscriber, highUsage, p2pMobile, portScanHoriz, portScanVert, rncOverload, routerDiscoveryAbuse, sigAttackSingleSrc, or unwantedSrc. intensity is the event intensity value, which can be 1 to 5 and off. If an anomaly event with equal or greater intensity is generated, a corresponding trap is generated for the anomaly.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-11
19 SNMP
Add the intensity level for congestion alerts, above which an SNMP trap is generated, by typing:
snmp trap congestionAlerts intensity
where intensity is the event intensity value, which can be 1 to 5 and off. If a congestion alert with equal or greater than intensity is generated, a corresponding trap is generated.
Specify the intensity level for trend alerts above which an SNMP trap is generated by typing:
snmp trap trendAlerts intensity
where intensity is the event intensity, which can be 1 to 5 and off. If a trend alert with equal or greater than intensity is generated, a corresponding trap is generated.
19.8
SNMP commands
The 9900 WNG Central supports the following SNMP commands:
SNMP SET
The SNMP SET request is used to change the state of the network to down or up.
SNMP GET
The SNMP GET request can be sent to the 9900 WNG Central from any northbound interface to access network interface details; for example, current state, packet counts, for of the 9900 WNG Central and Detectors.
SNMP TRAP
Table 19-6 describes the SNMP traps that are generated by the 9900 WNG Central and sent to the northbound interface.
19-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
congestionAlerts CPU Usage Threshold
AlwaysActive BatteryAttackDistributed BatteryAttackSingleSrc FloodMobileDistributed FloodMobileSingleSrc HighSignalingSubscriber HighUsage P2pMobile PortScanHoriz PortScanVert rncOverload routerDiscoveryAbuse SigAttackSingleSrc unwantedSrc
A congestion alert trap is generated when the congestion level meets or exceeds the specified level. See Procedure 19-14. The critical trap is generated when the CPU usage on the 9900 WNG Central or any of the 9900 WNG Detectors exceeds the threshold value. A trap is generated when the threshold value is greater than or equal to 90%. The trap is cleared when the usage value is less than or equal to 80%. The critical trap is generated when the disk usage on the 9900 WNG Central or any of the 9900 WNG Detectors exceeds the threshold value. A trap is generated when the threshold value is greater than or equal to 90%. The trap is cleared with the threshold value is less than or equal to 80%. The partitions that are monitored are:
For the 9900 WNG Central: root /aware /awaredb /tmp /var /dev/shm For 9900 WNG Detectors: root /tmp /var /aware
The critical trap is generated at the 9900 WNG Central when there is a failure in the external disk array. The sub-object instance value for the trap is EXTARRAY. The critical trap is generated when one of the following occurs:
(1 of 3)
when the maximum session exceeds a threshold value. A trap with warning severity is generated when usage is greater than or equal to 85% and a trap with critical severity is generated when usage is equal to 100%. A warning trap is generated if the threshold is less than or equal to 95%. A clearing trap is sent when usage is less than or equal to 80%. if the license is not valid or the hostid is incorrect when the license expired. A warning alarm is sent 5 days before the license expires
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-13
19 SNMP
Description The critical trap is generated when one of the following occurs:
the traffic feed input rate is greater than or equal to 950 Mbits/s for 1G card or 3900 Mbits/s for the 10G card. The event indicates a high probability that of packets are being dropped. the transmitting rate by the 9900 WNG Detector is greater than or equal to 30 Mbits/s or the receiving rate of the 9900 WNG Central is greater than or equal to 40 Mbits/s the traffic feed input rate is less than or equal to 900 Mbits/s for 1G card or 3750 Mbits/s for the 10G card the transmitting rate for the 9900 WNG and the receiving rate for the 9900 WNG Central is less than or equal to 15 Mbits/s PortA PortB PortC PortD BACKHAULRCV BACKHAULXMIT
Link down
The critical trap is generated from the 9900 WNG when a link between two components is down. The sub-object instance for the specific event can be anomaly channel, awareness channel, snmp channel, system event channel, sysmonToSECChannel, or centralToSECChannel. The critical trap is generated when the memory usage on 9900 WNG Central or any of the 9900 WNG Detectors exceeds the threshold value. A trap is generated when the memory usage is:
noPacketsReceived
greater than or equal to 97% for the 9900 WNG Central greater than or equal to 98% for the 9900 WNG Detectors less than or equal to 92% for the 9900 WNG Central less than or equal to 93% for the 9900 WNG Detectors
The major trap is generated from the 9900 WNG when packets are not displayed on the capture interface for more than 60 s. The trap is cleared when the capture interface receives the packets. A major trap is generated from the 9900 WNG when the queue threshold is full at the 9900 WNG Central or the usage is greater than or equal to 75% at the 9900 WNG Detector. The trap is cleared when the queue is not full at the 9900 WNG Central or the usage is less than or equal to 60% at the 9900 WNG Detector. The informational trap is generated from the 9900 WNG when the packet drop threshold is exceeded. By default, a trap is generated when 1000 packets are lost in a 5 min interval.
queueThresholdExceeded
packetDropThresholdExceeded
(2 of 3)
19-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19 SNMP
Description The critical trap is generated when any of the monitored processes on the 9900 WNG Central or Detector fail or a heartbeat is not detected at the 9900 WNG Central. A corresponding clearing trap is generated when the process returns to operation. The following processes are monitored:
For the 9900 WNG Central: Centrald Compression mysql NTP Daemon Snmp System monitor Tomcat For 9900 WNG Detectors: Awared NTP Daemon System event reporter System monitor
The authorization failure trap is generated whenever there is an invalid attempt to access SNMP information from any northbound interface. The critical trap is generated when the swap usage for the 9900 WNG Central or any of the 9900 WNG Detectors is greater than or equal to 50%. The trap is cleared when the usage is less than or equal to 10%. A trend alert trap is generated when the trend level meets or exceeds the specified level.
trendAlerts (3 of 3)
19.9
SNMP MIBs
SNMP-compliant devices, on the network components or agents, store data about the component in MIBS and return this data to the SNMP requestors. Procedure 19-15 describes how to access the SNMP MIBs.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
19-15
19 SNMP
4 5
Click on the Save button. Navigate to the location of the zipped file of the SNMP MIBs, as chosen in step 3, and unzip the file. The following MIBs appear:
19-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20 Motive API
20.3 Motive API user accounts 20.4 Motive API CLI commands
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20-1
20 Motive API
20.1
Motive API
Motive is an Alcatel-Lucent product that provides a unified care environment for end-to-end visibility of the network with automated problem analysis and resolution. For more information about Motive, see: http://www.motive.com/solutions/msm/msm.asp The 9900 WNG provides an interface to Motive. The data from the 9900 WNG is used for advanced customer care support. The Motive product queries the 9900 WNG database to get information to resolve customer issues. By using the 9900 WNG and Motive, a service provider can offer advanced customer care for their customers, such as whether:
the customer is receiving satisfactory data throughput on their mobile device any configuration in the mobile device may be adversely affecting the customer
experience, such as DNS configurations any data limitation issue may be adversely affecting the customer; for example, the customer exceeded the bandwidth usage this month any unsolicited traffic may be interfering with the resources of the customer mobile device and any resulting in battery drain; for example, network attacks or port scans multiple mobile devices that the customer used have any device configuration issues any applications on the mobile device may adversely affect usability, such as:
peer-to-peer applications; for example, file sharing applications viruses that are consuming excessive bandwidth daemons; for example, e-mail client servers that periodically check for e-mails and
result in excessive signaling and airtime
the 9900 WNG identified the anomalies; for example, victims or originators of
excessive data usage any network congestion caused a delay or disruption, and identify the congested NE; for example, as an overloaded cell The 9900 WNG provides a set of APIs to Motive. The APIs that use WSDL web service. The web services use HTTPS to ensure that the data exchange is secure, authenticated, and encrypted. The following additional layers of security are provided by the 9900 WNG:
The Motive host (or the subnet) that sends the requests to 9900 WNG must be
authenticated. Every API that sends messages must provide a username and password. See section 20.2 for more information about security.
20-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20 Motive API
20.2
The IP address of the Motive server, which starts the API, or the subnet must be
configured.
Every Motive transaction contains a username and password. All of the data is encrypted.
CLI commands are used to configure the security functions for the Motive API. See Table 14-8 for information about the Motive API CLI commands.
20.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20-3
20 Motive API
20.4
You are prompted to add subnets. The following is an example of the information that is displayed.
Add api subnet: 1.1.1.1/24 Add api subnet: 2.2.2.2/24 Add api subnet: successfully added api subnet(s)
20-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20 Motive API
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
20-5
20 Motive API
Statistics collected for the Motive API, which are the total number of transactions and average, minimum, and maximum durations for the following:
The log file contains the statistics that are collected for the Motive API, which are the total number of transactions and average, minimum, and maximum durations for the following:
20-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GUI components
21 Dashboard view
21-1 22-1
25-1
29 Subscriber view
29-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
21.1 9900 WNG Central Dashboard View overview 21.2 Dashboard View components 21-2
21-2
21.3 Plotting elements in the Dashboard View 21.4 Dashboard View components and controls
21.5 Configuring optional properties for dashboard elements 21.6 Modifying chart display properties 21-12 21-13
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-1
21 Dashboard view
21.1
Dashboard features
The 9900 WNG Central dashboard provides the following features:
You can dynamically change the number of columns (1 to 10) that appears for
each NE dashboard view.
The following dashboard preferences are automatically saved when you exit the
GUI:
dashboard NEs and placement on each of the dashboards for incident and unidirectional NEs, individual threshold settings for each item and
which items are displayed in the NE
for plot NEs, chart properties including Parameter Selection, Network Elements
Selection, and Plots Color Selection
for plot NEs, Chart Duration and Chart Interval At Startup settings The GUI auto-discovers newly configured NEs and automatically updates the
dashboard to show all configured Network Elements.
21.2
21-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view Figure 21-1 9900 WNG window components Dashboard View
Palette button Multi-dashboard control Element chart Intensity tables Element title bar Element display controls
Dashboard
Dashboard columns
Element icons
21177
Dashboard components and controls Dashboard Icon palette Element icons Displays up to 12 element charts at a time Contains an icon for each type of element that you can display in the dashboard. See Dashboard elements for more information. Represent the types of charts that you can plot in the dashboard. Drag and drop an icon to display the element chart in the dashboard. Changes the number of columns in which the elements are displayed. You can view up to ten columns. Toggles the display of the icon palette Returns the view of a new dashboard to the primary dashboard. See section 21.7 for information about how to move a plot to a new dashboard.
Dashboard element components and controls Element chart Displays a graphical representation of the data that you can plot for each type of element. The x axis of a chart is always time. The y axis is configurable, as described in Procedure 21-2. Displays the intensity level of anomalous events and unidirectional flows
Intensity table (1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-3
21 Dashboard view
Component Element title bar and display controls Element chart controls
Description Title identifies the type of element that is displayed in the dashboard. The displays controls are described in section 21.4. Controls the display of the element chart. You use the context-sensitive drop down menus to plot the contents of the chart. See section 21.3 for information about how to use the controls and options. Changes the time resolution of the element chart Displays the chart in a minimized format to enhance the usability of the dashboard workspace. You can collapse the view of the element chart using the element display controls, as described in Table 21-6
(2 of 2)
Dashboard elements
The dashboard icon palette contains element icons that you drag and drop onto the dashboard view as shown in Figure 21-1. The element icons that appear in the palette depend on the data in the database. For example, UMTS icons do not appear unless one or more of the 9900 WNG Detectors has detected UMTS traffic. If traffic for a particular technology later appears while the GUI is operational, the corresponding icon automatically appear in the icon palette. Table 21-2 lists the dashboard elements that are available and selectable from the icon palette.
Table 21-2 Dashboard elements that are available and selectable from the icon palette
Dashboard element Element charts HA PDSN CDMA RNC GGSN SGSN UMTS RNC Detector Element tables Incidents Displays a view of the intensity and the count of events in the system. Each row represents a type of event. When you place your cursor on an event, a tooltip is displayed with additional information about the event. You can double-click on any row to open a dashboard plot for the specified event. Highlights anomalous changes to unidirectional packet counts observed in the network. Excessive unidirectional traffic may indicate that an outage has occurred. NE types that you can analyze in individual charts. You can select and compare multiple color-coded NEs based on parameters that you choose. See sections 21-3 and 21-5 for information about how to configure element charts. Description
Unidirectional
21-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
21.3
plot elements in the dashboard configure the mandatory parameters to display the element chart Maximum number of element plots
You can plot up to 12 elements in the dashboard at a time. This limit applies across all dashboards. For example, if you have 12 dashboards created with one NE in each, you will not be able to drag any additional NEs. Similarly, if you have 12 dashboards created and one dashboard has 12 NEs on it, you will not be able to drag additional NEs on any of the dashboards, including those with no NEs on them. When you reach the maximum number, the icon palette no longer appears and the palette button is dimmed. You can plot only one Incidents table at a time. If you attempt to plot an additional table, the old one is removed and replaced by a new one.
Plotting procedures
Perform Procedure 21-1 to plot an element in the dashboard. After you plot the element, you must configure the parameters that you need to display in the element chart, as described in Procedure 21-2.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-5
In Out All Value options: M2I I2M M2M Up M2M Down All M2I I2M M2M Up M2M Down All M2I I2M M2M Up M2M Down All M2I I2M M2M Up M2M Down All Down RTT Max Down RTT Min Down RTT Mean Saturated Throughput Throughput Path Loss
All traffic
Plot all traffic that occurs in a specified direction using a specified unit of measure
Direction options:
Uni Directional
Plot all unidirectional traffic that occurs in a specified direction using a specified unit of measure
Direction options:
Value options:
TCP Reset
Direction options:
ICMP Unreachable
Direction options:
Performance
KPI options:
(1 of 2)
21-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
Plot Handoffs All traffic Uni Directional TCP Reset ICMP Unreachable Performance (2 of 2)
Options
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-7
M2I PKTS, Flows, and Bytes I2M PKTS, Flows, and Bytes M2M PKTS, Flows, and Bytes Up M2M PKTS, Flows, and Bytes Down Active Mobiles Uni M2I PKTS, Flows, and Bytes Uni I2M PKTS, Flows, and Bytes Uni M2M PKTS, Flows, and Bytes Up Uni M2M PKTS, Flows, and Bytes Down TCP-Resets I2M PKTS, M2I PKTS, M2M UP PKTS, and M2M Down PKTS ICMP Unreachable I2M PKTS, M2I PKTS, ICMP M2M Up PKTS, Down PKTS
SigAttacks Single Source RNC Overload Battery Attack Single Source Port Scan Vertical Port Scan Horizontal Always Active Sub High Usage Peer-toPeer Mobile Unwanted Src Connection Record Mobile Flow High Signaling Subscribers Battery Attack Distributed Flood Mobile Single Source Flood Mobile Distributed Router Discovery
Handoffs All traffic Uni Directional TCP Reset ICMP Unreachable Performance
Click on the Go button to plot the data. The system generates the chart based on the specified parameters.
21.4
21-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
Axes controls
The x axis of a chart is always time. The y axis is configurable, as described in Procedure 21-2. You can change the x-axis time scale for a chart from 1 hour to 24 hours (the default is 24 hours). The plots show the data for a 24-hour interval. You can view a shorter interval two ways:
View a smaller region of the plotplace the mouse on the plot, hold down the
left mouse button, and move the mouse down and to the left. To return to the 24-hour view, place the mouse on the plot, hold down the left mouse button, and move the mouse up and to the left. Move the slide bar below the plot to the right
Note The values for the last 1 hour are plotted every minute; values that older than 1 hour are plotted only every 6 minutes to improve the GUI performance.
21.5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-9
21 Dashboard view
2 3
In the Intensity Preferences window, select the anomaly events that you need to plot or click the Select All button to plot all events in the system. Set the intensity for each event type that you choose by doing the following: i ii Highlight an item in the anomaly events list. Set the intensity thresholds by dragging the top pointer (which represents the critical threshold) and the bottom pointer (which represents the warning threshold). The values are expressed in a range of 0 to 100. The value you choose also appears in numeric format in the field that indicates the color code associated with each threshold. Repeat steps i and ii for each event type that you need to plot.
iii 4
21-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
Left-click on the middle icon (wrench) on the right side of the title bar. The Specify Chart Properties window appears with the Parameter Selection tab displayed. Figure 21-1 shows the Specify Chart Properties window.
Figure 21-3 Specify Chart Properties window
Select the parameters that you need to plot. The parameters are organized by type:
Traffic Load Unidirectional Traffic Only Mobile Metrics Performance KPIs Networking Resets
Click on the Network Elements Selection tab to specify the NEs that you need to plot.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-11
21 Dashboard view
Click on the Plots color Selection tab to specify the color for each NE that you need to plot. To change the color, perform the following sub-steps: i ii iii Left-click on the color box adjacent to an NE. The Select Color widget opens Choose a color from the Swatches, HSB, or RGB tabs. Click on the OK button.
21.6
21-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21 Dashboard view
Textenter a title for the chart Fontchoose a font type in which to display the title Colorchoose a color in which to display the title
Domain axis tabchoose a label, font, color, and tick (that is, the points in the chart) format Range axischoose a label, font, color, tick and range format Appearancechoose a format and color for the plot line, the background color for the chart, and the orientation (horizontal or vertical) for the plot line.
Background paintchoose a background color for the chart Draw anti-aliasedselect this option to smooth the variations in the plot line. The system automatically adjusts the y axis. Other options in this window are dimmed and are not supported.
Choose OK. All changes take effect after the chart is refreshed.
21.7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
21-13
21 Dashboard view
21-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-2
22-10
22-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-1
22.1
Severity indicators
22-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Table 22-2 describes the columns in the Real-time Events View and the types of views in which the columns appear.
Table 22-2 Real-time Events table columns
Column Sev Description Severity of the anomaly event. For more information, see Severity indicators for the Real-time Events View in this section. Type of network anomaly event Intensity of the attack. Each event has an intensity level. Reported values are 0 to 5, with 5 being the most intense. For a cleared event, the value reported is 0. Most recent occurrence of this type of attack Name of the 9900 WNG Detector on which the event was detected Address of attacker Number of incidents from this attacker Date and time that the event was detected. The NE affected by the performance event Anomaly Performance Anomaly History
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-3
Description The content is context specific. If the event is a CONGESTION_ALERT, the column displays the NE (such as an HA, RNC, or PDSN) where the congestion is detected. If the event is a TREND_ALERT, the column displays the trend name. Name of the 9900 WNG Detector on which the event was detected Depending on event type, the content of the column can display:
Anomaly
Performance
Anomaly History
Detector/NE Attacker/Param/NE
(2 of 2)
NE name (in case of congestion alerts) NAI (in case of port scans, high usage subscriber etc.,) IP Address (if the origin of the event is an Internet source) Multiple Sources (if the event is a distributed battery attack in which the packets originate from multiple sources)
Table 22-3 describes the severity indicators that are displayed on the 9900 WNG GUI in the real-time events views.
Table 22-3 Severity indicators for real-time events
Icon Severity and status Critical Description Critical Anomaly Event, such as RNC Overload
Major
Minor
Signaling Attack Single Src Unwanted Source PortScan Horizontal PortScan Vertical ICMP Router Discovery Abuse Battery Attack Single Src Battery Attack Distributed P2P Mobile Always Active Subscriber High Usage Subscriber Flood Mobile Distributed Flood Mobile Single Src High Signaling Subscriber
Warning
(1 of 2)
22-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Icon
Cleared
Event is cleared
Critical/Cleared
Major/Cleared
Minor/Cleared
Warning/Cleared
Informational/ Cleared (2 of 2)
22.2
real-time events in the network severity of the event 9900 WNG Detector ID associated with the event IP address of the attacker Mobile ID or Internet source date and time of the event was creation and update historic view of the events that were created and updated
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-5
22 Real-time Events views Figure 22-2 Real-time Events Anomaly Events components
Active fields
21133
Severity indicators Table filters Launch Mobile Flow button Event counter Event Details panel Active fields
Indicates the severity of the event Filters the list of anomaly events by event type, Detector, or intensity Opens the Mobile Flow view for a detailed view about how the data traverses the network Displays the number of active events Displays details about the specified event Context-sensitive fields that are used to navigate dynamically to other views for information about the anomaly event.
22-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Table 22-5 lists the Anomaly event types. See chapter 33 for a detailed description of each type of event.
Table 22-5 Anomaly event types
9900 WNG event name Wireless attack events SIGATTACK_SINGLE_SRC BATTERYATTACK_SINGLE_SRC BATTERY_ATTACK_DISTRIBUTED RNCOverload FLOOD_MOBILE_SINGLE_SRC FLOOD_MOBILE_DISTRIBUTED ICMP_ROUTER_DISCOVERY_ABUSE Port scans and unwanted source events PORTSCAN_HORIZ PORTSCAN_VERT UNWANTED_SRC Abusive subscriber events HIGH_USAGE_SUB HIGH_SIGNALING_SUB ALWAYS_ACTIVE_SUB P2P_MOBILE High usage subscriber High signaling subscriber Always active airtime subscriber Peer-to-peer mobile Horizontal port scan Vertical port scan Unwanted source of traffic Signaling attack from a single source Battery attack from a single source Battery attack from a group of sources RNC Overload Flood mobile from a single source Flood mobile from multiple sources ICMP router discovery abuse Event name
the technology (CDMA or UMTS) and the Event Type. A subset of the fields is displayed in the Event Details panel.
Table 22-6 Fields in the Events Details panel
Fields Attacker Attacker IP Event Type (1 of 2) Intensity RNC Id Victim IP Active Time Active Ratio Up Bytes
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-7
Fields Start Time End Time Corr ID Severity DownLink Vol Victim ESN Attack Duration IMSI (2 of 2) Victim #Ports Scanned Port Scanned #Hosts Scanned Attacker ESN Victim MSID Flood Volume MSISDN Down Bytes #Orig Peers #Recv Peers UpLink Vol Attacker MSID Application IMEI
the name of the 9900 WNG Detector that you need to monitor All detectors
Intensity.
The Contents of the Anomaly events table changes according to the filter preferences.
22-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
The main purpose of the Events Details panel is to allow you to view anomalies and to drill-down into the details of the problem. When the Event Details panel is populated, some of the event fields become clickable, depending on the type of the event that you select from the Anomaly table. Table 22-7 lists the operations that you can invoke from selected Events Details fields.
Table 22-7 Anomaly Events Details panel clickable fields
Event Details parameter value Left-click on field Forensic View Corr ID Attacker IP Attacker IMSI Attacker IMEI Attacker MS ISDN Attacker ESN Attacker NAI Attacker MSID Victim IP Victim NAI Victim ESN Victim MSID Right-click for contextual menu Copy to Clipboard History Filter Subscriber Report Whois <IP address> Device Details
You can open the Mobile Flow view for a specified anomaly event by clicking on the Mobile Flow button. See chapter 27 for more information about how to use the features in the Mobile Flow view.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-9
22.3
Trend Alerts, which are applicable to specific network elements such as a PDSN
or RNC
Congestion Alerts, which are applicable to the link between two NEs
Performance events are closely coupled with the Network Forensic view that is described in chapter 25.
21183
22-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description Displays the number of outstanding performance events Displays detailed information about the performance event that is selected in the events table. Network Forensic button Table filters
See Operations in the Performance Events Details panel Opening the Network Forensic view Procedure 22-2
(2 of 2)
Intensity
The contents of the Performance Events table automatically changes according to the filter criteria.
When the Event Details panel is populated, some of the event fields become clickable, depending on the type of the event that you select from the Performance Events table. Table 22-7 lists the operations that you can invoke from selected Performance Events Details fields.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-11
22 Real-time Events views Table 22-9 Performance Events Details panel clickable fields
Event Details parameter value Right-click for contextual menu Left-click on field Network Forensic View Corr ID Network Element ID Forensic View Copy to Clipboard Network Forensic View
See chapter 25 for more information about how to use the features in the Network Forensic view.
Historic queries for performance events
You can run historic queries on performance events using the Anomaly History view. For information about how to run historic queries, see section 22.4.
Performance events on Network Graphs
Alert and congestion trends are also displayed in the Network Graph view. For more information, see Operations in the Network Graph view.
22.4
22-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Select one of the following radio buttons to specify a value for the time period: a Select the Specify Date radio button and enter values in the following fields:
You can enter a value for the date and time in the fields or you can left-click on the drop-down icon to display the calendar widget from which you can configure the date and time. b Select the Specify Recent radio button and enter values in the following fields:
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
22-13
Specify the search criteria by selecting the check boxes adjacent to the following items that appear in the Search by panel:
Click on the View button. A tab opens in the Anomaly History view that lists the events that match the search criteria.
22-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
23 Forensic View
23-2 23-2
23.2 Forensic View menu components 23.3 Forensic View reports 23-3
23-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
23-1
23 Forensic View
23.1
When you generate an a forensic report, the Forensic View automatically appears with the Forensic View tab displayed. A corresponding sub-menu item appears under the Forensic View item in the navigation menu, as shown in Figure 23-1.
23.2
23-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
The Forensic View and the Historic View each have a table that presents the data in the following columns:
Forensic Criteriathe ID associated with the anomaly that you are investigating.
You can click on a value in the column to open the corresponding report. Forensic Typethe type of anomaly that you are investigating Executed Atthe time at which you generated the report Removecheck boxes that you can use to remove reports from the view
23.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
23-3
You can use the headers to sort the rows in ascending or descending order. Displays the time of the first and last event, the number of event instances, and the number of unique event types. Includes the Mobile Flow button, with which you can open the Mobile Flow report for the selected event. Displays detailed information about the event that is selected in the events table. Supports the following functions:
23-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
23 Forensic View
Table 23-3 describes the columns that appear in the Forensic View table.
Table 23-3 Forensic View columns
Column Sev Event Type Int Description Severity of the anomaly event. For more information, see Severity indicators for the Real-time Events View in chapter 22. Type of network anomaly event Intensity of the attack. Each event has an intensity level. Reported values are 0 to 5, with 5 being the most intense. For a cleared event, the value reported is 0. Date and time that the event was detected Name of the 9900 WNG Detector on which the event was detected Depending on event type, the content of the column can display:
Cnt Status Corr ID
NE name (in case of congestion alerts) NAI (in case of port scans, high usage subscriber etc.,) IP Address (if the origin of the event is an Internet source) Multiple Sources (if the event is a distributed battery attack in which the packets originate from multiple sources)
Number of incidents from this attacker The current status of the event The ID associated with the anomalous event
23.4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
23-5
All event transitions in the same incident (that is, events with same correlation
ID) Other events that were generated by the same Attacker IP address Other events that were generated by the same Attacker ID
mobile network access identifier (NAI) (user@realm) mobile electronic serial number (ESN) mobile subscriber identifier (MSID) Events that attacked the same victim IP address Events attacking the same victim ID mobile NAI (user@realm) mobile ESN mobile MSID Opening the Mobile Flow view
You can open the Mobile Flow by clicking on the Mobile Flow button in the Forensic Summary panel. See chapter 27 for more information about how to use the features in the Mobile Flow view.
23-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24 Topology view
24.1 Topology view overview 24.2 Element Tables view 24.3 Network Graph view
24-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-1
24 Topology view
24.1
HA PDSN GGSN
24.2
24-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Table 24-1 describes the NEs that appear on the Element Table tabs.
Table 24-1 Element Table Home Agents tab
Label Home Agent Name Description Logical name of each Home Agent. You can set the Home Agent Name by double-clicking in the cell of the table and entering in the Name. Once set, this setting appears in the Topology screen for subsequent accesses across all users. Setting this field is optional. IP address of the HA This setting is derived from a whois query on the IP address. This field is automatically populated one day after initial installation. If the 9900 WNG Central does not have network connectivity to do the whois query, this field is not set. To override the result from the whois query, you can change the provider name manually in two ways, if required:
Region
use the show topology command from the CLI double-click in the Provider cell to edit the text.
You can change the region name by double-clicking in a Region cell and typing a new name for the region. See Figure 24-1, which shows the region cell in row 4 as a text field. This check box specifies whether an NE is included or excluded in a report or a calculation that results in a report. To exclude a specific NE, deselect the check box. By default, NEs are included in reports.
Reporting Enabled
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-3
24 Topology view
Description IP address of the PDSN See Table 24-1 for information about the Provider. See Table 24-1 for information about the Region. See Table 24-1 for information about the Reporting Enabled check box.
24-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-5
24 Topology view
Sort by column
The events tables support the right-click operations described in Table 24-9.
Table 24-9 Clickable fields for element tables
Operation Copy Selected Row(s) Copy Single Cell Description Copies the selected table row or rows to the clipboard Copies the selected cell to the clipboard. You can paste the value that you save into other fields. Highlights all rows so that you can perform an operation such as export to CSV Used for bulk provisioning operations. See section 24.5 for more details. Home Agent PDSN GGSN SGSN CDMA RNC UMTS RNC ExportTable as CSV ExportSelection as CSV Whois <IP address> Exports the entire table or the selected rows to a CSV file Performs a whois query on the selected IP address cell All tabs Applies to All tabs
24.3
24-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Legend
Graph controls
21179
Legend
display a pop-up window that contains information about the NE, such as NE name, type, address, region, and provider highlight the NEs to which the selected NE is connected
Color code for and number of each type of NE displayed in the graph. The number of cells is contextual; that is, the number of cells associated with an RNC appears as 0 in the Legend until you display the cells associated with the RNC.
(1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-7
24 Topology view
Description Refresh buttonreload data on the network graph. Newly discovered and grouped elements are not automatically displayed on the graph. To display the latest snapshot, you must reload data on the network graph. The graph is updated automatically only when the system receives or clears a congestion or trend alert. Distance sliderto increase or decrease the length of the links between NEs. The font size of the NE labels are unchanged. Zoom sliderto zoom in or out of the graph Search fieldto search for a node element in the network graph. Enter the network element name that you need to locate on the map. As you type characters, all the network elements starting with those characters are highlighted in a yellow background color, as shown in Figure 24-2. To clear the text in the field, click on the X symbol in the search field. Legend buttonto toggle the display of the legend on the screen. In Figure 24-2, legends are displayed. Click this button to hide the legends.
(2 of 2)
24.4
switch between supported mobile technologies search a node element in the network graph reload data to the network Graph. expand base stations collapse base stations from a specific RNC use network graph controls view grouped elements in the network graph view grouped and ungrouped elements in the network graph view network forensic from network graph display congestion and trend alerts display mobile flow and subscriber path graphs
Display functions
The following sections describe how to use the display functions of the network graph.
Configuring Network Graph preferences
You can configure the number of base stations that are displayed using the Preferences menu. See Procedure 16-7 for information about how to configure the display preferences for the Network Graph.
24-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24 Topology view
To display information about an individual NE, hover your mouse over a NE. A tool tip appears that indicates the type of NE.
Displaying or collapsing cells associated with an RNC
By default, a cell is displayed on a network graph when there is a congestion alert and cell nodes are expanded. If you attempt to expand or collapse cells while the system is refreshing the graph view because of an alert, you might have to try for a second time before you can successfully expand or collapse the cells.
Note The number of cells associated with an RNC appears as 0 in
the Legend until you display the cells associated with the RNC.
Double-click on the RNC to display the associated cells. See Figure 24-3 for an example of the cell view.
Figure 24-3 Example of an expanded cells view
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-9
24 Topology view
Collapsing cells
To collapse cells (that is, to remove the cells from the display), double-click the RNC icon.
Trend Alert
A NE with a trend alert is represented on the network graph with a red background. The background color of a network element turns red for any trend configured in the system. If the event clears, the background color is reset to the default color for the NE type. Congestion Alert A link between the nodes turns red when there is a congestion alert. If there is an active congestion alert and if one of the nodes involved is a cell, the cell is displayed on the network graph.
Generating Network Forensic reports from a Network Graph
You can invoke the Network Forensic View screen from a network graph. To invoke the Network Forensic View screen, right-click on an NE or link. Table 24-11 lists the command for each type of NE.
Table 24-11 Interactive controls
NE CDMA Cell HA PDSN RNC UMTS Cell GGSN RNC SGSN Connections Connector Hop Forensic Network Forensic Reports configuration form (for Hop report) 25 BSForensic GGSNForensic UMTS_RNCForensic SGSNforensic Network Forensic Reports configuration form (for NE) 25 BSForensic HAForensic PDSNForensic CDMA_RNCForensic Network Forensic Reports configuration form (for NE report) 25 Right-click Opens See chapter
24-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24 Topology view
24.5
Naming convention
The following characters are allowed for NE, provider, or region fields: ":" , ";" , "" , "`" , "=" , "\"" , "?" , "(", ")", "{", "}", "~", "%", "*", "+", "|", "?", ">", "<", ",", "!", "@", "\\" , "$" , "^" , "[" , "]" If you use an invalid character, the system generates an error message.
Procedure 24-1 To provision NEs in bulk using the Network Element table
1 2 3 Click on the tab in the Network Element view that corresponds to the NEs that you need to provision. Highlight the rows that you need to provision. Right-click on the highlighted rows and choose Provision and one of the following options:
Set tab Nameto provision a name for the selected NEs. The change applies to all members of the group. Set Provider Nameto provision a provider name for the selected NEs. The change applies to all members of the group. Set Regionto provision a common region name for the selected NEs. The change applies to all members of the group. Set Reportingto enable or disable reporting on the selected NEs
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
24-11
24 Topology view
A window appears that corresponds to the option you chose in which you can specify a value for the parameter option. 4 5 Enter a value in the text field and click on the Save button. The system prompts you to confirm that you are applying the change to the entire group. Choose Yes to apply the setting to all of the NEs that belong to the group (that is, the NEs with the same name).
Procedure 24-2 To search for NEs using the Network Element table
1 Right-click on a tab and choose Search tabname.
Where tabname represents any tab in the Element Tables view except Detector.
A Search window appears. 2 Choose a search criterion by selecting the radio button beside one of the following parameters:
3 4 5
Enter a value in the text box that corresponds to the parameter you chose. Click on the Search button. The system highlights the first row in the table that corresponds to the search criterion. Click on the Search Next button to search for additional instances of NEs that match the search criterion.
24-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25-2 25-2
25.2 Network Forensic view menu components 25.3 Network Forensic reports components 25.4 Working in the Network Forensic view
25-4 25-7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25-1
25.1
25.2
Network Forensic Report tabused to configure the parameters for the report Historyused to store a list of the 25 most recent network forensic queries
Figure 25-1 shows Network Forensic Report input parameter page that appears when you click on the Network Forensic View menu.
25-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25 Network Forensics view Figure 25-1 Network Forensic View menu and input parameter page
Query Duration Selection Start Time and End Time. Enter a date and time in the text field, or left-click on the drop-down icon to display the calendar widget. See Calendar and time widget for more information. Hop Start and Hop End
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25-3
Query Duration Selection Start Time and End Time. Enter a date and time in the text field, or left-click on the drop-down icon to display the calendar widget. See Calendar and time widget for more information. Network Element. Enter a valid
Select whether you want to generate a concise or detailed report. The options are:
Selectedthe output consists of the information in the Statistics tab, as described in Network Forensic concise report components. Unselectedthe output consists of the information in multiple tabs, including the Statistics tab, Top Servers, Top Applications, Top Mobiles, Top Sources, as described in Network Forensic detailed report components.
Note Detailed reports take longer to process than concise reports. The time period for the report affects the number of records that the 9900 WNG must process.
6 Click on the Generate button to create the report.
History tab
The History tab contains a list of past network forensic queries that are sorted from most recent to oldest. A maximum of 25 query items are shown; the oldest query items are automatically discarded. To remove query items manually, select the corresponding check box in the Remove column and then click the Remove button at the bottom of the GUI. The History tab presents data in a table with the following columns (from left to right):
# (that is, Report Number) Hop Start and Hop End columns Executed At Interval Start and Interval End columns Actual Event Time Remove
To re-execute a query, click on the corresponding hyper link. The query is executed and the results displayed as a submenu item in the Network Forensic menu.
25.3
25-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Statistics report
The Statistics report displays a snapshot of the activities for the NE for the time period specified in the input parameters page. The report also provides information about the volume of traffic that the network is handling. The type of information in the Statistics report varies depending on the type of network element. From the Statistics report, you can modify the duration covered in the report or specify a concise report or detailed report.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25-5
25 Network Forensics view Table 25-1 Detailed Network Forensic reports tabs
Tab Top Servers Top Application Top Mobiles Top Sources Description Plots four pie charts:
Figure 25-3 shows the Network Forensic view in the detailed format.
Figure 25-3 Network Forensic report in detailed format
By default, the detailed reports tabs display data as charts. You can view information in each tab as a table or as a chart by clicking on the Show Table/Show Chart option. The tabular format supports clickable fields, as described in Operations in the Network Forensic view.
25-6 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25.4
Export functions
The Network Forensic view supports report export functions. You can export the contents of the concise and detailed reports, as described in Common features and functions in section 16.4.
Top Servers Server IP Application Proto Port Sum Top Applications Application Prto Port Sum Top Mobiles Mobiles Top Sources Mobiles (uplink volume) Servers (downlink volume) (1) (2) (2) (1)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
25-7
25-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
26 System View
26.1 System View overview 26.2 System View menu icons 26.3 System Events view 26.4 System History view
26-2 26-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
26-1
26 System View
26.1
26.2
Indicator Arrow on a red background Arrow on a green background Arrow on a purple background Exclamation point
Description Indicates an outstanding event condition that has caused a system event. This may include an Info severity system event condition such as Process Started or Packets Dropped which requires a manual clear to remove. Indicates that there are no outstanding system event conditions Indicates that you have viewed all system events that are currently outstanding. If the GUI is on the System Event page, this symbol is always an arrow. Indicates that there has been a change to the system events: a previously viewed event is cleared or a new system event is detected. An exclamation point (!) on a green background indicates that the last outstanding system event condition has cleared. When you view the System Event page, the exclamation point reverts back into an arrow.
26.3
26-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Ack Clear
Lists the number of events in the table Displays detailed information about individual events in the table Includes the following:
Monitor the number of outstanding events View details about the event. You can right-click on the Correlation ID to copy the value to the clip board or to filter the data using the System Events Display Preferences window.
Procedure 26-1
Severity of the event Reporting element Status of the event Correlation ID Sub Object A description of the event
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
26-3
26 System View
Table 26-3 describes the columns that appear in the System Events table.
Table 26-3 Columns in the System Events table
Field Severity Specifies Severity of the event. Varies depending on the type of event:
Critical: red Major: orange Minor: yellow Clear: green Warning: Cyan Info: Dark Blue
Info severity events are generated only during an active GUI session. You can manually clear Info events. When you close the GUI, Info severity events are cleared. Event type Type of system event. See chapter 38 for a description of each of the following system events:
Object ID Subobject ID
License Violation Link Down Process Down Process Start CPU Usage Disk Usage Memory Usage No packet Packet Drop Hardware Failure Swap Usage Queue Usage Line rate threshold
The device where the system event was detected. The values indicate if the condition is associated with 9900 WNG Central or a specific 9900 WNG Detector. Further qualifies the Event Type. The values vary depending on the type of system event. For more information, see the description page for the specific system event later in this chapter. Not all system events report a value for the Subobject ID field. Condition of the event Varies according to the type of event. For more information, see the description page for the specific system event later in this chapter. Date and time that the event was detected GUI user or administrator who acknowledged or cleared the event Correlation ID
26-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
26 System View
Time Periodspecify a date and time range or the most recent N number of days, hours, minutes, and seconds The following parameters:
Event typesee Table 26-3 for a list of event types Owner Severitysee Table 26-3 for a list of severity indicators Object IDCentral, specific Detector ModuleMIP, tracker, detector, or GUI Statusauto_cleared, active, acknowledged, manual_cleared, or reset_cleared Correlation ID
Click on the View button to view the filtered results. A tab appears in the System History view. The tab is identified as follows: Query: date and time stamp. The results are presented in a tabular format that is the same as the System Events table shown in Figure 26-1.
26.4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
26-5
26 System View Figure 26-2 History Filter tab in System History view
The History Filter tab window has the same parameters as the System Events Display Preferences window, that is described in Procedure 26-1. After the filter query has been processed, you must click the Filter button to display the System Events Display Preferences window. The event data can be exported to a CSV format report by clicking on the Report to CSV button. You can save the report to a directory.
26.5
Operations
The System View is intended mainly a monitoring interface. However, to investigate a particular system event further, you can right-click on the Correlation ID field that appears in the Events Details panel of the System Events and System History views and copy the value to the clipboard. You can paste the value into another form to generate other reports.
26-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27.1 Mobile Flow records overview 27.2 Mobile Flow record components 27.3 Working in the Mobile Flow view
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27-1
27.1
After you generate a mobile flow, a record for the query is produced and a corresponding submenu item appears in the navigation menu under Mobile Flow.
Dynamically, using the Mobile Flow button that appears in the following views: Anomaly Events, as described in Opening the Mobile Flow view in chapter 22 Anomaly History, as described in Working in the Anomaly History view in
chapter 22
Forensic Events, as described in Opening the Mobile Flow view in chapter 23 Manually in the input parameters tab, as described in Procedure 27-1.
Procedure 27-1 To generate a Mobile Flow report
1 2 Click on the Mobile Flow menu item in the navigation menu. The Mobile Flow input parameters tab appears in the GUI. Configure the input parameters, as described in Table 27-1.
27-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
ID_1
Flow Peer # 2
IP_2
ID_2
Click on the Mobile Flow Summary button to generate the report. The Mobile Flow records for the specified dates are displayed, as shown in Figure 27-2.
27.2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27-3
Mobile Flow filter panel Mobile Flow summary panel Event details panel tab Mobile Flow event details panel Table control buttons
21134
(1 of 2)
Direction of the flow Start time Originator IP address Originator port number Responder IP address Responder port number Protocol Application type Originator Packets Responder Packets
27-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description Indicate the direction of the flow. The icons that appear in the event table and in the Mobile Flow Summary panel represent the following (displayed from left to right):
Clickable fields Mobile Flow Filter Criteria panel
Perform other operations. Supports right-click commands on the Orig IP and Resp IP fields. See Section 27.3 for more information.
Start and end time of the attack Originators IP address and/or ID Responders IP address and/or ID Flow of the attack (for example, Originator to Responder or Responder to Originator or bidirectional)
Retrieve new data if you change the filter parameters in the Mobile Flow Filter Criteria panel
Recordsthe total number of records and a breakdown of the number by flow direction Distinctthe total number of individual peers and protocols involved in the mobile flow Totalthe total number of bytes, packets, airtime and connections Mobile Flow Event Details Performance Path
Analyze details, performance indicators, and the associated network path. See Event Details panel in this section for more information. Table Control buttons Common control buttons:
Table 27-3 list the fields that can appear in the Mobile Flow Events Details tab.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27-5
27 Mobile Flow view Table 27-3 Mobile Flow Events Details tab
Field Duration Orig IMSI Resp IMSI Airtime O2R_Bytes Description Indicates the duration of the flow. The format is hh:mm:ss.ms. IMSI of the originator IMSI of the responder Indicates the up and down airtime of the flow. The format is hh:mm:ss.ms/hh:mm:ss.ms. The number of bytes transmitted from the originator to the receiver. If the flow is I2M, the originator is an Internet source and the receiver is a mobile device. MSISDN of the originator MSISDN of the responder Number of connections The number of bytes transmitted from the receiver to originator IMEI of the originator IMEI of the responder Indicates the method of opening a connection. For most TCP connections it is 'tcpSyn'. Typically TCP sockets are established when an originator sends a TCP packet with the SYN flag set, thus initiating a sequence number. The name of the 9900 WNG Detector that captures the data GGSN of the originator GGSN of the responder Indicates that a flow was terminated. A value of finClose, which is a bit in the TCP header, indicates that the sender has no more data to send and is closing a TCP session. A value of flowTimeout indicates that the system waited for a specified period of time with no data flow; the flow was terminated.
Orig MSISDN Resp MSISDN #Conn setup R2O Bytes Orig IMEI Resp IMEI Open
Performance tab
Table 27-4 lists the fields that can appear in the Performance tab.
Table 27-4 Performance tab
Field Throughput (kbps) Description Indicates the downlink TCP throughput for the flow. The throughput is calculated based on the amount of downlink bytes transferred over the busy interval. For more information about throughput measurements, see RTT measurements (in the Performance tab). Indicates the downlink TCP saturated throughput for the flow. The value is based only on the flows that saturate TCP. For more information about the saturated throughput measurement, see Throughput measurement (in the Performance tab). Down TCP Bytes (1 of 2) Downlink data sent to mobile for this flow
27-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Field Duration RAN Loss Rate Downlink RAN Loss Downlink Total Pkts Srvr Syn RTT (ms) RAN Syn RTT (ms)
Description Total duration of this flow (hours:minutes:seconds:milliseconds) The TCP packet loss rate for the data sent to mobile Number of TCP packets lost in the downlink Total number of packets sent to the mobile Round Trip Time seen for TCP Syn messages between the detector and the remote server Round Trip Time taken for TCP Syn messages between the detector and the mobile. For information about how RAN RTT is calculated, see RTT measurements (in the Performance tab). Average Round Trip Time Minimum Round Trip Time Maximum Round Trip Time Number of samples (packets) considered while computing the above RTT parameters Number of TCP Syn Acks Number of TCP Syn sent message Number of TCP Syn Timeouts
Avg Data RTT (ms) Min Data RTT (ms) Max Data RTT (ms) RTT Samples Syn Acks Syn Sent Timeout (2 of 2)
Path tab
The Path tab shows the path taken by the selected mobile flow.
Note There may be a slight delay in displaying the path.
The Path tab displays a graphical representation of the Cell ID, RNC, PDSN/SGSN, or the HA/GGSN through which packets for the flow traverse. The Path tab shares the same right-click and mouse-over features as the Network Graph. See Table 24-10 for information about mouse-over functions, and Generating Network Forensic reports from a Network Graph for information about interactions with Network Forensic reports.
27.3
27.4
The message, t1, is not acknowledged by the mobile due to Delayed ACK implementations. Since the t3 message is the acknowledgement for message t2, the RTT is measured as the interval between t3 and t2. The diagram also depicts message t5 acknowledged in response to t4 after a brief delay of 'td' duration. Therfore, measuring RTT as (t5 - t4) is not accurate. If accurate RTT cannot be calculated, the 9900 WNG does not report them.
27-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Figure 27-4 shows that the traffic from the server to the mobile is sent and the mobile in turn sending responses (such as TCP Ack) over the interval t1 to t6. This interval is termed as busy time, since the data transfer is active during this interval.
Figure 27-4 Traffic from the server to the mobile
In contrast, the interval between t6 and t7 is not considered busy, since there is no data transfer. The interval between t8 and t9 is busy as well. The throughput is calculated as the ratio of data transferred over the busy interval and the busy interval. Some applications such ssh, telnet, and so forth, have a lot of idle time and hence calculating the throughput (as data transferred over the duration of the session) yields values that are much smaller than the 'true' throughput of the link. While computing the throughput, if the 9900 WNG detects inaccuracies (such as when the ACK from mobile is much later than the 'busy' traffic, potentially indicating delayed ACKs), the throughput is not reported.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27-9
27-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
28 CLI view
28-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
28-1
28 CLI view
28.1
CLI view
The CLI item in the navigation menu allows you to open the command line interface to the 9900 WNG Central server in the GUI workspace. The first time that you log in to the CLI interface in each session a dialog box appears that asks you to confirm that you have the correct RSA authentication key. Click on the yes button to continue. The welcome screen for the CLI view appears and the CLI cursor appears at the central prompt:
Last login: Mon Jun 7 13:17:59 2010 from machine.com
Welcome 9900 WNG user! Last login: pts/15 central> caottx01234.ca.a Mon Jun 7 13:42:14 -0400 201
You can use the CLI to issue 9900 WNG OA&M commands to the 9900 WNG Central and Detector. See chapter 14 for a complete list of all CLI commands for the 9900 WNG.
28-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view
29-7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-1
29 Subscriber view
29.1
Subscriber overview
You can generate reports from the Subscriber view by manually executing queries based on data that you derive from existing reports. Subscriber reports provide a broad range of information about the following:
29.2
29-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view
Report Criteria Report Type Executed At Start Date End Date Remove
A maximum of 100 query items are shown; the oldest query items are automatically discarded. To remove query items manually, select the corresponding check box in the Remove column and then click the Remove button at the bottom of the GUI. To re-execute a query, click on the corresponding hyper link. The query is executed and the results displayed as a submenu item under Subscriber in the Navigation menu.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-3
29 Subscriber view
29.3
Flows: flows that start in window, statistics include any interim period that
happened in +/- 1 hour window
Sessions: sessions that start/end in +/- 4 hour window, gets statistics for interim
session records that occur Anomalies: shows anomalies that were active any time in the window Reported values:
The value that is reported for Effective Rate for Flows is calculated as bytes/flow
duration, so the accuracy of the calculation as a rate depends on nature of flow traffic. The value that is reported for Effective Rate for Sessions is calculated as bytes/actual airtime and duration, which makes it more accurate measure than flow effective rate. The Cumulative Resource usage plot in the Flow/Session tab assumes linear usage over the life of flow. The following limitations apply:
If a flow or session has started, but does not have an interim or end record,
statistics are not reported for that flow/session. A session can display zero volume, but flows show traffic. For accurate numbers, specify a time period that includes the session end to capture all information for one or more subscriber sessions.
29.4
copy a mobile or device ID from a report and paste it into the appropriate field in
the Subscriber Reports tab, as described in Procedure 29-1
open the Subscriber Reports tab directly by clicking on a field in one of the
following:
Events Details panel of a report Top Mobiles or Top Sources tables in the Network Forensics view
29-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view
Click on Subscriber in the navigation menu. The Subscriber Reports tab appears, which contains a query form to configure the time period and subscriber criteria for the report. Specify the time period for the report, as described in Table 29-2.
Note The duration of the time period can affect the 9900 WNG system performance. The longer the duration, the longer the 9900 WNG needs to return results. Queries consume computational resources such as CPU, swap space, database connections, and temporary table space on the 9900 WNG Central server. Only one query per GUI is allowed at a time for the Network Forensic, Subscriber report, or Mobile Flow. If you attempt to run a list of Subscriber and Network Forensic queries, the queries are queued one at a time for execution.
Table 29-2 Subscriber report input parameters - Time Period
Parameter Query Duration Selection Option Start Time End Time Description Enter a date and time in the text field or left-click on the drop-down icon to display a calendar. You can specify a time period of up to 30 days.
Configure the Subscriber Criteria in the query form by performing one of the following: a b c Go to step 5 to configure the By Mobile ID (NAI/IMSI) option. Go to step 6 to configure the By Device ID (ESN/IMEI) option. Go to step 7 to configure the By Multiple Mobile IDs (NAI/IMSI) option.
Configure the By Mobile ID (NAI/IMSI) option. i ii iii Click on the By Mobile ID (NAI or IMSI) radio button. For the first field, enter an ID. For the second field, perform one of the following:
Choose a provider from the drop-down menu or enter a provider. Enter an known ID in the field. Paste an ID in the field that you have copied from another form.
Go to step 9.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 29-5
29 Subscriber view
Configure the By Device ID By Device ID (ESN/IMEI) option. i ii Click on the By Device ID By Device ID (ESN/IMEI) radio button. Perform one of the following:
Enter an known ID in the field. Paste an ID in the field that you have copied from another form.
Go to step 9. 7 Configure the By Multiple Mobile IDs (NAI/IMSI) option. i ii iii Click on the By Multiple Mobile IDs (NAI/IMSI) radio button. Click on the combo box. The Type in a multiple line string window appears. Enter an ID on each line. For example, multiple NAIs must appear as follows:
123456789@provider.com 345678901@provider.com 456789012@roamer.com
iv v
Individual, to create one report for each Mobile ID Group, to create one report for the group of Mobile IDs
Go to step 9. 8 Open the Subscriber Reports page directly from one of the following forms. The data for the ID that you select is automatically entered in the query form. a Real-time Events anomaly event view. Right-click the NAI, IMSI, ESN or IEMI field in the Event Details panel and choose Subscriber Report. See Table 22-7 for more information. Network Forensics view. Right-click on the Mobiles field in the Top Mobiles or Top Sources tables and choose Subscriber Report. See Table 25-2 for more information.
Click on the Generate button. A progress bar appears. You can access completed reports during the generation of a report. After the data is collected, the Subscriber Reports window appears with the Statistics tab displayed, as shown in Figure 29-2.
29-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view Figure 29-2 Subscriber Report showing the statistics tab
Subscriber report tab buttons
29.5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-7
29 Subscriber view
Description The area of the GUI where the subscriber data is plotted Detailed data about the subscriber. The format depends on the type of data, and can include tables, pie charts, bar graphs, or line graphs
See Sections 29.6 to 29.12 for information about the type of data that is displayed in the workspace
(2 of 2)
29.6
Statistics tab
Table 29-4 describes the specific plots in the Subscriber Statistics tab. Figure 29-4 shows an example of the Statistics tab.
Table 29-4 Subscriber Reports window - Statistics tab
Component Subscriber Totals Description Summary that lists:
uplink, downlink, and total statistics for: bytes airtime signaling flows and volumes for: internet to mobile scans total and completed number of sessions average duration of a sessionA subscriber may have more than one session. If there are multiple sessions, the average duration specifies the average time that the sessions lasted.
Protocol Breakdown by Volume Mobile Originated Flow Distribution Internet Originated Flow Distribution
Pie chart that displays the protocol breakdown, such as, TCP, UDP, ICMP, by volume Bar graph that displays the percentage of flows by packets per flow that originated from the subscriber Line graph that displays the percentage of flows by packets per flow that the subscriber received from the Internet
29.7
29-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view Figure 29-3 Subscriber Reports window - Top Applications tab
The data in the pie charts are from the destination port numbers in flows that were originated by the mobile in the time period that was specified in the subscriber report. The tab also includes any applications that were configured using the applicationMap CLI command. Internet originated flows are not used to determine the top applications, and therefore, the pie charts may not include some streaming traffic. Table 29-5 describes the components of the Top Applications view.
Table 29-5 Subscriber Reports window - Top Applications tab
Component Applications by Volume Applications by Airtime Applications by Signaling Applications by Flow Description Pie chart that displays the top applications used in the network by percentage Pie chart that displays the percentage of airtime consumed by the top applications Pie chart that displays the percentage of signaling consumed by the top applications Pie chart that displays the percentage of flows associated with the top applications
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-9
29 Subscriber view
You can export the contents of the Top Applications reports, as described in Common features and functions in section 16.4. When you export the subscriber report to a CSV file, the file contains the top 50 applications. The top applications are exported in four separate .csv files; one file for each of the following volume, airtime, signaling, and flow count.
29.8
Internet originated flows are not used to determine the top servers and therefore, the pie charts may not include some streaming traffic. Table 29-6 describes the components of the Top Servers tab.
29-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view Table 29-6 Subscriber Reports window - Top Servers tab
Component Servers by Volume Servers by Airtime Servers by Signaling Servers by Flow Description Pie chart that displays the top servers by IP address and the percentage of the total traffic processed by the server Pie chart that displays the top servers by IP address and the percentage of the total airtime processed by the server Pie chart that displays the top servers by IP address and the percentage of the total signaling processed by the server Pie chart that displays the top servers by IP address and the percentage of the mobile flows processed by the server
You can export the contents of the Top Servers reports, as described in Common features and functions in section 16.4. When you export the subscriber report to a CSV file, the file contains the top 50 servers. The top servers are exported in four separate .csv files; one file for each of the following: volume, airtime, signaling, and flow count.
29.9
29.10
Flow/Session tab
The Flow/session displays three time-based plots that measure the flow of the specified session. Figure 29-5 shows the components of the Flow/Session view.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-11
Plots
Mobile Flow legendindicates whether the flow originated from the mobile or from the Internet and whether the flow was unidirectional or bidirectional Cumulative Resource legendindicates the direction of the data as uplink or downlink
(1 of 2)
29-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view
Description Specifies the parameter for the Y axis. You can change the Y axis in the plot.
See Plots in the Flow/Session tab in this section for information about the parameters that you can plot Procedure 29-1
X axis (time)
Specifies the time range for the report. All plots share the same X axis. A flow or session can start before or after the beginning of the specified time period.
(2 of 2)
You can export the contents of the Flow/Session report, as described in Common features and functions in section 16.4.
Mobile Flow chart (upper chart) Session chart (middle chart) Cumulative Resources chart (lower chart)
Mobile Flow chart
Each flow is represented by a horizontal line spanning the duration of the flow. Short flows or flows with one packet often appear as a dot (.) on the plot. The Y-axis represents a parameter selected from the Change Y axis drop-down on the right side of the plot. By default, the number of flows that can be displayed is 200. You can change the limit by using the Preferences menu on the GUI, as described in Procedure 16-6. Table 29-8 lists the Y-axis parameters that you can display in the Mobile Flow plot.
Table 29-8 Mobile Flow plot Y-axis options
Parameters Uplink bytes Downlink bytes Total bytes Saturated Throughput (kbps) Uplink bytes per packet Downlink bytes per packet Downlink TCP Packet Loss Count Downlink TCP Packet Loss Rate (%) Average TCP RTT (ms) Minimum TCP RTT (ms) Maximum TCP RTT (ms) TCP RTT Samples Server TCP Syn RTT (ms) RAN TCP Syn RTT (ms) TCP Syn Retries
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-13
29 Subscriber view
Session chart
Each session (PPP session for CDMA or PDP context for UMTS) is represented by a horizontal line spanning the duration of the session. The y-axis represents a parameter selected from the Change Y axis drop-down menu on the right side of the plot. Table 29-9 lists the available Y-axis parameters that you can display in the Session plot.
Table 29-9 Session plot Y-axis options
Parameters Uplink bytes Downlink bytes Total bytes Effective Uplink Rate(kbps) Average TCP RTT Saturated Throughput(kbps) Downlink Throughput(kbps) Downlink TCP packet loss count Downlink TCP loss
The bottom plot represents the cumulative volume, airtime, or signaling (selected from the Change Y axis drop-down menu on the right side of the plot) caused by the subscriber's flows in the time window. The Y-axis parameters that you can display in the Cumulative Resources plot are:
29.11
29-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29 Subscriber view
29.12
Billing tab
The Billing tab displays the billing mismatch summary data and information for each session mismatch. Figure 29-6 shows the components of the Billing tab.
Figure 29-6 Subscriber Reports window - Billing tab
You can export the contents of the Billing report, as described in Common features and functions in section 16.4. See Billing Discrepancy report in section 31.7 for more information.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
29-15
29 Subscriber view
29-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30 Browser-based reporting overview 31 Configuring browser-based reports 32 Subscriber Group Manager 32-1
30-1 31-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30.1 Browser-based reporting overview 30.2 Generating a browser-based report 30.3 Input parameters page components 30.4 Report presentation page 30.5 Report types 30-7 30-12 30-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-1
30.1
Network resource usage reports Network statistic reports Network elements reports Hop reports
See Table 31-1 for a lists the types of reports that you can generate and where you can find more information.
Legacy reports
If your system has reports generated by Release 1.2 or earlier, the link Get Legacy Reports (from Release 1.2 or earlier) appears on the 9900 WNG Central webpage. For information about how to use Release 1.2 reports, see the Release 1.2 User Guide.
30.2
30-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
5 6
Click on the Run Report button. The report is created and displayed in a report summary window. To change the input parameters, click on the Report Options button to return to the input parameters form.
30.3
The following subsections describe the behavior of the commonly used fields.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-3
Report controls
The following control buttons appear in the input parameter page, as listed in Table 30-1.
Table 30-1 Report controls
Button Reset Run Report Description Returns the input parameter form to the default values Executes the request based on the parameters that you configure. The report is generated and is displayed in a presentation page. Figure 30-2 shows an example of a chart report and Figure 30-3 shows an example of a table report. Cancels the request and returns to the Standard Reports page. You can also click on the Standard Reports tab to cancel and return to that page.
Cancel
Filters
You can specify input parameters for filters for some reports. Typically, the default values for the filters is #All#, which specifies that all data of the specified type is admitted in the report. You can change the default to allow only a subset of the data to be admitted in the report. Filter input parameters are displayed in list boxes. You can specify more than one filter criteria by holding down the CTRL button and clicking on multiple choices in the list box. To specify that all data be admitted, use the wildcard, which is a percentage sign (%).
The first field of every input parameters page is Time Period. The field has a drop-down menu that enables you to select a time period that is relative to the current execution time, for example, Today, Yesterday, or Last Week (Sun to Sat) inclusively. This feature is particularly useful when you are scheduling a report. For example, to schedule a report to run early tomorrow morning, select Yesterday. When the report is executed, the report pulls data for yesterday relative to the report execution time.
Default settings for the Time period field
The default setting for the Time Period parameter is called Specified Below (the first selection). The Specified Below parameter indicates that the time period is specified in the following time-related fields which appear directly below the Time Period Parameter:
Start Day (or Start Day and Time) End Day (or End Day and Time)
30-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
You use the Users running a report interactively (as opposed to scheduling the report), most likely specified the start day/time and end day/time using the preceding fields. Reports that pull data from a single day includes only one time-related field, Choose a date (located below the Time Period field). The Overall subscriber cumulative distribution report is an example of this type of report.
Start Day/End Day versus Start Time/End Time fields
Reports that do not support sub-day time resolutions (that is Minute and Hour) display the Start Day and End Day fields. Reports that supports sub-day time resolutions display the Start Day Time and End Day and Time fields.
Calendar widgets
To display a calendar widget, click on the calendar icon on the input parameter. If the field is a Date and Time field, a Time field is also displayed below the monthly calendar. You can click on the hour and minute fields to increase the value, or shift-click on the hour and minute fields to decrease the value. You can also click on the hour and minute fields, and then drag right to increase the value; or click and then drag left to decrease the value. For the end day (or date/time), the specified value is always used inclusively for the time range. For example, to display data for the first two days of 2009, set the start date to January 1, 2009 and the end date to Jan 2, 2009 (not Jan 3, 2009). If the report supports sub-day resolutions (minute or hour), set the start date and time to Jan 1, 2009 00:00, and the end date to Jan 2, 23:59. Data for until the end of minute is included (that is, from 23:59:00.000 to 23:59.59.999).
Time zones
When you specify a time range and when you are reading a report, keep in mind that in browser-based reports, the time zone is always the local time zone of the Central machine.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-5
Alcatel-Lucent recommends that you query for yesterdays data after 7:00 AM. If you generate a report in the early morning, the default end date/time on the input parameter page is the day before yesterday. In contrast, if you generate a report later in the day, the default end date/time on the input parameter page is yesterday. You can override the system default and select the end date/time.
30.4
Tool tips
Graphical charts are embedded with tool tips. If you move your cursor over a certain data point in a time-series plot or a data pie in a pie chart, you can display the data values of that data point. Tool tips offer a convenient way to display exact data values for certain data points.
Back
30-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30.5
Report types
The 9900 WNG web reports interface can generate report is several formats, depending on the type of data that you need to analyze or export. The report types are:
time-series charts stacked area charts cumulative distribution function charts pie charts tables
Time-series charts
Time-series charts are a type of line graph in which the x axis is always time, and the y axis is a variable that you can choose. Some time-series charts, such as those that treat NEs, allow you to view information about multiple NE for the purpose of comparison and trend analysis. Comparative charts use colored plots and lines and a color-coded legend to distinguish and identify the NEs. Figure 30-2 shows an example of a typical time-series chart.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-7
30-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-9
Pie charts
A pie chart is a graphical display of data that shows at-a-glance the relative proportion among the measured parameters. Each part of the chart is color-coded and explained in the legend. Key data for each part of the pie chart is identified by callout. You can also use the mouse-over function to view detailed information about each part. Figure 30-5 shows an example of a typical pie chart.
30-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Table reports
Reports in tabular format allow you to compare items (such as a type of entity or event) that share the same KPIs. The rows in the table can be configured to rank the entries. Figure 30-6 shows an example of a typical table report.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-11
30.6
Exporting reports
The available export functions depend on the type of report that you generate: graphical chart-based or table-based.
Export to RTF
Export to CSV
(1 of 2)
30-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description Displays the presentation page in a browser in Flash format. You can export chart- or table-based reports
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
30-13
30-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31.1 Browser-based reports parameters overview 31.2 Network resource usage reports 31.3 Network statistics reports 31.4 Network elements reports 31.5 Hop reports 31-25 31-28 31-29 31-36 31-5 31-10 31-2
31-2
31-41 31-47
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-1
31.1
31.2
Incident breakdown by event type (pie chart) report Incident breakdown by event type (time plot) report Resource breakdown by event type report Resources breakdown by top application report
This report is a time-series chart that shows the distinct count of incidents, broken down by event type. The counts are distinct counts. Distinct counts of different time periods cannot be summed to get the distinct counts of the combined periods.
31-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-2 Incident breakdown by event type (time plot) report
Component Lag period to current time Input parameters and filters Report type Description None You can apply a filter on an event type to select a subset of incidents for the report. See the list of event types in Parameters overview for network resource usage reports in this section. Time resolution can be displayed in hours, days, or months. This report can be displayed in the following formats:
a time-series plotused for accurately comparing the relative counts of different event types stacked-area plotused to view the overall distribution at-a-glance
See Figure 30-2 for an example of a time-series chart and Figure 30-3 for an example of a stacked area chart. Raw data option Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report displays a pie chart that shows the distinct counts of different incidents, broken down by event type.
Table 31-3 Incident breakdown by event type (pie chart) report
Component Lag period to current time Input parameters Report type Raw data option Remarks Description None The field parameters are set and cannot be changed. See the list of event types in Parameters overview for network resource usage reports in this section. See Figure 30-5 for an example of a pie chart report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. The counts are distinct counts; distinct counts of different time periods cannot be summed to get the distinct counts of the combined periods.
This report shows three pie charts that compare the consumption of resourcesTraffic Volume, Airtime, and Number of Connection Setups by different event types.
Table 31-4 Resource breakdown by event type report
Component Lag period to current time (1 of 2) Description None
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-3
Description The event type parameters are set and cannot be changed. See the list of event types in Parameters overview for network resource usage reports in this section. See Figure 30-5 for an example of a pie chart report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. When the Show the OTHER category field is checked, pie charts compare the relative resource consumption of anomaly events to the total resource consumption in the network, which can result in anomaly-event pies too small to compare. To display only the breakdown of anomaly-event consumption, uncheck the box; in this scenario, the total value of each pie chart is all the resource consumption due only to anomaly events. Because of space limitation, some pie charts do not have call-out labels. Mouse-over a section of the chart to display a tooltip with information about the data in the chart.
(2 of 2)
This report shows three pie charts that compare the resources consumptionsTraffic Volume, Airtime, and Number of Connection Setupsby different top applications.
Table 31-5 Resources breakdown by top application report
Component Lag period to current time Input parameters Description 7 to 31 hours. After 7:00 AM, the report can report data collected as late as last midnight; before 7:00 AM, the report can report data collected as late as two midnights before. The input parameters are set and cannot be changed:
Filters and options
Total traffic volume (Mbytes) Total airtime (hours) Total number of connection setups filter by realmto limit the data in the report to one or more realms Top Nto set the number of top application that are plotted. You can choose up to 20 top application to plot.
Report type Raw data option Remarks
See Figure 30-5 for an example of a pie chart report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. For any given value of N (as in Top N), the report displays pie charts with more than N pies. This occurs because the set of Top N applications for the different types of resource consumption differ, and this report displays a consistent set of top applications that is a union of the sets of Top N applications for all three types of resource consumption. In each of the three big pie charts on the report, the total value is the total resource consumption for the top applications (that is, excluding those for the other applications). To display how the resource consumptions of this top set compare to the set of the other applications, use the three small pie charts (Top Apps versus Others) on the lower right corner. Because of space limitation, some pie charts do not have call-out labels. Mouse-over a section of the chart to display a tooltip with information about the data in the chart.
SIGATTACK_SINGLE_SRC BATTERYATTACK_SINGLE_SRC P2P_MOBILE ALWAYS_ACTIVE_SUB HIGH_USAGE_SUB HIGH_SIGNALING_SUB PORTSCAN_HORIZ PORTSCAN_VERT UNWANTED_SRC FLOOD_MOBILE_SINGLE_SRC BATTERYATTACK_DISTRIBUTED FLOOD_MOBILE_DISTRIBUTED ROUTER_DISCOVERY_ABUSE MIP_SIGNALING_ABUSE
31.3
Overall network time plot (traffic) report Overall network time plot (sessions and events) report Detector time plot (traffic) report Detector time plot (sessions and events) report Roaming traffic report
This report is a time-series plot that shows the overall network traffic data volume, data rate, packets, or flows).
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-5
31 Configuring browser-based reports Table 31-6 Overall network time plot (traffic) report
Component Lag period to current time Input parameters Report type Raw data option Description None The Time Resolution parameter enables fractional-day time resolutions by day, hour, and minute. For a list of traffic parameters that you can plot, see Traffic parameters in this section. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows information about the overall network with respect to one of the following categories:
Component Lag period to current time Input parameters Report type Raw data option
Description None The Time Resolution parameter enables fractional-day time resolutions by day, hour, and minute. For a list of fields that you can plot, see Sessions and events parameters in this section. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows the traffic datavolume, data rate, packets, or flowsas measured by one or more 9900 WNG Detectors. You can also plot the sum of the data that is measured across all 9900 WNG Detectors.
Table 31-8 Detector time plot (traffic) report
Component Lag period to current time (1 of 2) Description None
31-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description The Time Resolution parameter enables fractional-day time resolutions by day, hour, and minute.You can choose multiple detectors to compare according to the traffic parameters. For a list of traffic parameters that you can plot, see Traffic parameters in this section. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows one of the following categories as measured by one or more 9900 WNG Detectors:
Description None The Time Resolution parameter enables fractional-day time resolutions by day, hour, and minute. You can choose multiple detectors to compare according to the session and event parameters. For a list of parameters that you can plot, see Sessions and events parameters in this section. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report presents For either format, the numbers are broken down by providers. For multi-day reports, you can show the data as a daily average or a multi-day total.
Table 31-10 Roaming traffic report
Component Lag period to current time (1 of 2) Description 7 to 31 hours. After 7:00 AM, the report can report data collected as late as last midnight; before 7:00 AM, the report can report data collected as late as two midnights before
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-7
Report type Raw data option Remarks
Time Period filterto display data about multiple cells during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Provider nameto generate the report with data for one or more specified providers Order by (mandatory field)to sort the table data according to one of the following Number of concurrent sessions Volume Organization name Packets Flows Network families filterto filter on 3GPP, 3GPP2, or all networks Roaming-inshows the traffic data (volume, packet count, flow count, number of concurrent sessions) of other providers subscribers on your network. Roaming-outshows the traffic data of your subscribers being served by other providers in their networks. a daily average a multi-day total
See Figure 30-6 for an example of a table report. Not applicable You must always exclude the name of your service provider, otherwise the traffic data of your non-roaming subscribers are included in the report. (Check the field, My provider name(s) to be excluded.) Visibility of data depends on the location of the 9900 WNG Detectors that probe the network. For example, if the Detectors are probing from the south of a GGSN/HA, the roaming-in reports may show no data.
(2 of 2)
Data in any permutations of the attributes All traffic, Total (Uplink+Downlink), and Volume (Mbytes):
31-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Direction Total (Uplink + Downlink) Uplink Downlink M2I (Mobile to Internet) I2M (Internet to Mobile) M2M Uplink (Uplink Mobile to Mobile) M2M Downlink (Downlink Mobile to Mobile) Traffic measure type: Volume (Mbytes) Data Rate (Mb/s) Packets Flows
Sessions and events parameters
The following types of sessions and events can be plotted and/or tabulated:
Number of concurrent sessions Number of SIGATTACK_SINGLE_SRC Number of RNC_OVERLOAD Number of BATTERYATTACK_SINGLE_SRC Number of PORTSCAN_VERT Number of PORTSCAN_HORIZ Number of ALWAYS_ACTIVE_SUB Number of HIGH_USAGE_SUB Number of P2P_MOBILE Number of UNWANTED_SRC Number of MOBILE_FLOW Number of HIGH_SIGNALING_SUB Number of BATTERYATTACK_DISTRIBUTED Number of FLOOD_MOBILE_SINGLE_SRC Number of FLOOD_MOBILE_DISTRIBUTED Number of ROUTER_DISCOVERY_ABUSE Number of MIP_SIGNALING_ABUSE TCP Reset Packets I2M TCP Reset Packets M2I TCP Reset Packets M2M Uplink TCP Reset Packets M2m Downlink ICMP Unreachable Packets I2M ICMP Unreachable Packets M2I ICMP Unreachable Packets M2M Uplink ICMP Unreachable Packets M2M Downlink
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-9
31.4
Tier 1 cells Cell comparison table (CDMA) report Cell comparison table (UMTS) report Cell time plot (traffic) report Cell time plot (sessions and performances) report Cell multi-element time-trend table (CDMA) report Cell multi-element time-trend table (UMTS) report Cell cumulative dist. (CDMA; traffic) report Cell cumulative dist. (CDMA; session & perf) report Cell cumulative dist. (UMTS; traffic) report Cell cumulative dist. (UMTS; session & perf) report Tier 2 RNCs RNC comparison table report RNC time plot (traffic) report RNC time plot (sessions and performances) report RNC multi-element time-trend table report Tier 3 SGSNs (UMTS systems), PDSNs (CDMA systems), or both SGSN/PDSN comparison table report SGSN or PDSN time plot (traffic) report SGSN or PDSN time plot (sessions and performances) report SGSN/PDSN multi-element time-trend table report Tier 4 GGSNs (UMTS systems) and HAs (CDMA systems) GGSN/HA comparison table report GGSN or HA time plot (traffic) report GGSN or HA time plot (sessions and performances) report GGSN/HA multi-element time-trend table report
Cell comparison table (CDMA) report
This report is a table that shows the total activity for a specified CDMA cell or group of cells, including key indicators that measure traffic, sessions, and performance, such as total traffic, throughput, number of concurrent session, and number of handoffs. See Parameters overview for network element reports in this section for a list of the parameters that are plotted in this report.
31-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-11 Cell comparison table (CDMA) report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Hours of the day filterto display data about the cell during specified hours of the day, such as peak hours Hierarchical filterto display only the cells that are connected to one or more specified RNCs. ID filtersto specify the SID, NID, CID for CDMA cells in decimal format. The ID fields support the wildcard search function, in which a percentage symbol (%) represents the wildcard.
This report is a table that shows the total activity for a specified UMTS cell or group of cells, including key indicators that measure traffic, sessions, and performance, such as total traffic, throughput, number of concurrent session, and number of handoffs. See Parameters overview for network element reports in this section for a list of the parameters that are plotted in this report.
Table 31-12 Cell comparison table (UMTS) report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time of day filterto display data about the cell during specified periods of the day, such as peak hours Hierarchical filterto display only the cells that are connected to one or more specified RNCs. ID filtersto specify the MCC, MNC, LAC, and Cell-ID for UMTS cells in decimal format. The ID fields support the wildcard search function, in which a percentage symbol (%) represents the wildcard.
This report is a time-series plot that shows the traffic data (volume, data rate, packets, or flows) as seen on one or more cell sites. See Parameters overview for network element reports in this section for a list of the parameters that are plotted in this report.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-11
31 Configuring browser-based reports Table 31-13 Cell time plot (traffic) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Traffic filtersSee Parameters overview for network element reports in this section for information about traffic measures and traffic measure types that you can plot Top N cellsSee Specifying network elements in network element reports in this section for information about how to specify and sort the cells on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows one of the following categories as seen on one or more cell sites:
number of sessions number of connection setups airtime, number handoffs number TCP reset number ICMP unreachable downlink RTT downlink loss rate downlink subscriber throughput.
Table 31-14 Cell time plot (sessions and performances) report
Component Lag period to current time Input parameters, filters, and options
Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Session and performance filtersSee Sessions and performance parameters for network element reports in this section for a list of the parameters that you can plot Top N cellsSee Specifying network elements in network element reports in this section for information about how to specify and sort the cells on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
31-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This report is a time trend table that displays data about one or more CDMA cells in one table.
Table 31-15 Cell multi-element time-trend table (CDMA) report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data about multiple cells during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Hour of day filterto display data about multiple cells during specified periods of the day, such as peak hours Hierarchical filterto display only the cells that are connected to one or more specified RNCs. ID filtersto specify the SID, NID, CID for CDMA cells in decimal format. See Specifying cells by ID in this section for more information. Time resolutionto modify the reporting interval by minute, hour, or day for the specified range of dates
This report is a time trend table that displays data about one or more UMTS cells in one table.
Table 31-16 Cell multi-element time-trend table (UMTS) report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time of day filtersto display data about multiple cells during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Hour of day filterto display data about multiple cells during specified periods of the day, such as peak hours Hierarchical filterto display only the cells that are connected to one or more specified RNCs. ID filtersto specify the MCC, MNC, LAC, and Cell-ID for UMTS cells in decimal format. See Specifying cells by ID for more information Time resolutionto modify the reporting interval by minute, hour, or day for the specified range of dates
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-13
This report is a cumulative distribution function plot in which the x axis is a specified traffic KPI and the y axis is the percentage of cells that have the field value equal to or smaller than x.
Table 31-17 Cell cumulative dist. (CDMA; traffic) report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data for a specified day Traffic filtersSee Parameters overview for network element reports for information about traffic measures and traffic measure types that you can plot Hierarchical filterto display only the cells that are connected to one or more specified RNCs ID filtersto specify the SID, NID, CID for CDMA cells in decimal format. See Specifying cells by ID for more information. Top N cellsSee Specifying network elements in network element reports for information about how to specify and sort the cells on which to report
See Figure 30-4 for an example of a CDF report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a cumulative distribution function plot in which the x axis is a specified session and performance KPI and the y axis is the percentage of cells that have the field value equal to or smaller than x.
Table 31-18 Cell cumulative dist. (CDMA; session & perf) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Period filterto display data for a specified day Session and performance filtersSee Sessions and performance parameters for network element reports for a list of the parameters that you can plot Top N cellsSee Specifying network elements in network element reports for information about how to specify and sort the cells on which to report Time resolutionSee Specifying time resolutions in network element reports for information about the characteristics of different time resolutions
See Figure 30-4 for an example of a CDF report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
31-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This report is a cumulative distribution function plot in which the x axis is a specified traffic KPI and the y axis is the percentage of cells that have the field value equal to or smaller than x.
Table 31-19 Cell cumulative dist. (UMTS; traffic) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Period filterto display data for a specified day Traffic filtersSee Parameters overview for network element reports in this section for information about traffic measures and traffic measure types that you can plot Hierarchical filterto display only the cells that are connected to one or more specified RNCs ID filtersto specify the MCC, MNC, LAC, and Cell-ID for UMTS cells in decimal format. See Specifying cells by ID in this section for more information. Top N cellsSee Specifying network elements in network element reports in this section for information about how to specify and sort the cells on which to report
See Figure 30-4 for an example of a CDF report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a cumulative distribution function plot in which the x axis is a specified session and performance KPI and the y axis is the percentage of cells that have the field value equal to or smaller than x.
Table 31-20 Cell cumulative dist. (UMTS; session & perf) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Period filterto display data for a specified day Session and performance filtersSee Sessions and performance parameters for network element reports in this section for a list of the parameters that you can plot Hierarchical filterto display only the cells that are connected to one or more specified RNCs ID filtersto specify the MCC, MNC, LAC, and Cell-ID for UMTS cells in decimal format. See Specifying cells by ID in this section for more information. Top N cellsSee Specifying network elements in network element reports in this section for information about how to specify the top cells on which to report
See Figure 30-4 for an example of a CDF report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-15
This report is a table that shows the total activity for a specified RNC or group of RNCs, including key indicators that measure traffic, sessions, and performance, such as total traffic, throughput, number of concurrent session, and number of handoffs.
Table 31-21 RNC comparison table report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data for a specified day Hour of day filterto display data about the RNC during specified periods of the day, such as peak hours Hierarchical filterto display only the RNCs that are connected to one or more SGSN or PDSN NEs. RNC comparison filterto specify specific RNCs for comparison Top NsSee Specifying network elements in network element reports in this section for information about how to specify and sort the top RNCs on which to report
This report is a time-series plot that shows the traffic data (volume, data rate, packets, or flows) on one or more RNCs.
Table 31-22 RNC time plot (traffic) report
Component Lag period to current time Input parameters Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. See Parameters overview for network element reports in this section for a list of available parameters. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Traffic filtersSee Parameters overview for network element reports in this section for information about traffic measures and traffic measure types that you can plot RNC comparison filterto specify specific RNCs for comparison Top NSee Specifying network elements in network element reports in this section for information about how to specify and sort the RNCs on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. For information about how to specify network element reports, see section 31.4.
31-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This report is a time-series plot that shows one of the following statistics on one or more RNCs:
number of sessions number of connection setups airtime, number handoffs number TCP reset
number ICMP unreachable downlink RTT downlink loss rate downlink subscriber throughput
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Session and performance filtersSee Sessions and performance parameters for network element reports in this section for a list of the parameters that you can plot RNC comparison filterto specify specific RNCs for comparison Top NSee Specifying network elements in network element reports in this section for information about how to specify and sort the RNCs on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time trend table that displays data about one or more RNCs in one table.
Table 31-24 RNC multi-element time-trend table report
Component Lag period to current time (1 of 2) Description None
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-17
Time Period filterto display data about the RNC during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Hour of day filterto display data about multiple cells during specified periods of the day, such as peak hours Hierarchical filterto display only the RNCs that are connected to one or more specified SGSNs or PDSNs RNC comparison filtersto specify one or more RNCs for comparison Time resolutionto modify the reporting interval by minute, hour, or day for the specified range of dates
This report is a table that shows the total activity for a specified SGSN or PDSN or group of SGSNs or PDSNs, including key indicators that measure traffic, sessions, and performance, such as total traffic, throughput, number of concurrent session, and number of handoffs.
Table 31-25 SGSN/PDSN comparison table report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data for a specified day Hour of day filterto display data about the SGSNs or PDSNs during specified periods of the day, such as peak hours SGSN and PDSN comparison filterto specify specific SGSNs and PDSs for comparison Top NsSee Specifying network elements in network element reports in this section for information about how to specify and sort the top SGSNs and PDSNs on which to report
This report is a time-series plot that shows the traffic datavolume, data rate, packets, or flow dataas seen on one or more SGSNs (UMTS systems) or PDSNs (CDMA systems).
31-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-26 SGSN or PDSN time plot (traffic) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Traffic filtersSee Parameters overview for network element reports in this section for information about traffic measures and traffic measure types that you can plot SGSN and PDSN comparison filterto specify specific SGSNs and PDSs for comparison Top NsSee Specifying network elements in network element reports in this section for information about how to specify and sort the top SGSNs and PDSNs on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows one of the categories of information as seen on one or more SGSNs (UMTS systems) or PDSNs (CDMA systems):
number of sessions number of connection setups airtime, number handoffs number TCP reset number ICMP unreachable downlink RTT downlink loss rate downlink subscriber throughput.
Table 31-27 SGSN or PDSN time plot (sessions and performances) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Session and performance filtersSee Sessions and performance parameters for network element reports for a list of the parameters that you can plot SGSN and PDSN comparison filterto specify specific SGSNs and PDSs for comparison Top NsSee Specifying network elements in network element reports in this section for information about how to specify and sort the top SGSNs and PDSNs on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
Report type (1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-19
Description Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time trend table that displays data about one or more SGSN or PDSNs in one table.
Table 31-28 SGSN/PDSN multi-element time-trend table report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data about the NE during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Hour of day filterto display data about multiple cells during specified periods of the day, such as peak hours SGSN/PDSN filterto specify a SGSN or PDSN, or to compare multiple SGSNs or PDSNs Time resolutionto modify the reporting interval by minute, hour, or day for the specified range of dates
This report is a table that shows the total activity for a specified GGSN or HA or group of GGSNs or HAs, including key indicators that measure traffic, sessions, and performance, such as total traffic, throughput, number of concurrent session, and number of handoffs.
Table 31-29 GGSN/HA comparison table report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data for a specified day Hour of day filterto display data about the GGSNs or HAs during specified periods of the day, such as peak hours GGSN and HA comparison filterto specify specific GGSNs and HAs for comparison Top NsSee Specifying network elements in network element reports in this section for information about how to specify and sort the top GGSNs and HAs on which to report
Report type (1 of 2)
31-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This report is a time-series plot that shows the traffic datavolume, data rate, packets, or flowsas seen on one or more GGSNs (UMTS systems) or HA (CDMA systems).
Table 31-30 GGSN or HA time plot (traffic) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Traffic filtersSee Parameters overview for network element reports in this section for information about traffic measures and traffic measure types that you can plot GGSN and HA comparison filterto specify specific GGSNs and HAs for comparison Top NsSee Specifying network elements in network element reportsin this section for information about how to specify and sort the top GGSNs and HAs on which to report Time resolutionSee Specifying time resolutions in network element reports in this section for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time-series plot that shows one of these information as seen on one or more SGSNs (UMTS systems) or PDSNs (CDMA systems):
number of sessions number of connection setups airtime number handoffs number TCP reset
number ICMP unreachable downlink RTT downlink loss rate downlink subscriber throughput
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-21
Time Periodto specify an inclusive time period. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Session and performance filtersSee Sessions and performance parameters for network element reports for a list of the parameters that you can plot GGSN and HA comparison filterto specify specific GGSNs and HAs for comparison Top NsSee Specifying network elements in network element reports for information about how to specify and sort the top GGSNs and HAs on which to report Time resolutionSee Specifying time resolutions in network element reports for information about the characteristics of different time resolutions
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report is a time trend table that displays data about one or more GGSN or HAs in one table.
Table 31-32 GGSN/HA multi-element time-trend table report
Component Lag period to current time Input parameters, filters, and options Description None The following filters are available:
Time Period filterto display data about the NE during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Hour of day filterto display data about multiple cells during specified periods of the day, such as peak hours GGSN/HA comparison filterto specify a GGSN or HA, or to compare multiple GGSNs or HAs Time resolutionto modify the reporting interval by minute, hour, or day for the specified range of dates
31-22
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Shows a data field with any permutation of the attributes All traffic, Total (Uplink+Downlink), and Volume (Mbytes)
All traffic or unidirection only All traffic Unidirection only Direction Total (Uplink + Downlink) Uplink Downlink M2I (Mobile to Internet) I2M (Internet to Mobile) M2M Uplink (Uplink Mobile to Mobile) M2M Downlink (Downlink Mobile to Mobile)
Traffic measure types parameters for network element reports
Volume (Mbytes); Bytes for RNCs Data Rate (Mb/s) Packets Flows
Number of Concurrent Sessions Min Number of Concurrent Sessions Max Number of Concurrent Sessions Number of Connection Setups Total (Up+Down) Min Number of Connection Setups Uplink Min Number of Connection Setups Downlink Airtime Number of Handoffs In Number of Handoffs Out TCP Reset Packets I2M TCP Reset Packets M2I TCP Reset Packets M2M Uplink TCP Reset Packets M2M Downlink ICMP Unreachable Packets I2M ICMP Unreachable Packets M2I ICMP Unreachable Packets M2M Uplink ICMP Unreachable Packets M2M Downlink
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-23
Downlink RTT (Mean) Downlink RTT (Min) Downlink RTT (Max) Downlink TCP Loss Rate Downlink TCP Packets Downlink TCP Loss Saturated Downlink Subscriber Throughput Average Downlink Subscriber Throughput Common configuration options for network reports
The following sections describe common configuration options for the network element reports
Specifying network elements in network element reports
You can specify the network elements on which to report using one of the following methods:
The sorting field for the Top N. The field represents the index parameter for the
table, and can be chosen from the available traffic and session and performance parameters listed in Parameters overview for network element reports in this section. ascending or descending order for the top N
Specifying cells by ID
You can specify the SID, NID, CID for CDMA cells and the MCC, MNC, LAC, and Cell-ID for UMTS cells. To activate the fields, you must select the Select cells by name pattern check box. All ID values are expressed in decimal format. The ID fields support the wildcard search function, in which a percentage symbol (%) represents all IDs of the specified type.
Specifying time resolutions in network element reports
Minute (for Tier 2-4 reports) or Two-minute (for cell reports) Hour Day
31-24
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Reports with a sub-day time resolution have no lag period to current time, whereas reports that rely on a daily summarization procedure have a lag period to current time.
Note Sub-day time resolution reports may take longer to execute. For sub-day reports, a limit is imposed on the number of days that the report covers. See Table 31-33 for more information.
31.5
Hop reports
Network hop reports are time-series charts that report on one of three types of hops, as described in Table 31-34.
Table 31-34 Types of network hops by tier
Tiers of network elements linked by the hop Tier-2 to Tier-1 Tier-3 to Tier-2 Tier-4 to Tier-3 Hop From network element RNC SGSN (UMTS systems) PDSN (CDMA systems) GGSN (UMTS systems) HA (CDMA systems) SGSN (UMTS systems) PDSN (CDMA systems) To network element Cell RNC
The following sections describe of the reports that you can generate, the parameters that you can plot, and the filters that you can configure for hop reports.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-25
RNC-to-cell hop time plot report RNC-to-cell hop time plot report RNC-to-cell hop time plot report
RNC-to-cell hop time plot report
This report displays a time-series plot that shows data as seen on one or more hops from an RNC to a cell site.
Table 31-35 RNC-to-cell hop time plot report
Component Lag period to current time Input parameters Report type Raw data option Description For daily time resolutions, the lag period to current time is 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. See Parameters overview for hop reports in this section for more information. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report displays a time-series plot that shows data as seen on one or more hops from an SGSN (on UMTS systems) or a PDSN (on a CDMA system) to an RNC.
Table 31-36 SGSN/PDSN-to-RNC hop time plot report
Component Lag period to current time Input parameters Report type Raw data option Description For daily time resolutions, the lag period to current time is 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report can displays data collected as late as two midnights before See Parameters overview for hop reports in this section for more information. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report displays a time-series plot that shows data as seen on one or more hops from the GGSN to the SGSN or from the HA to the PDSN.
31-26
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-37 GGSN-to-SGSN or HA-to-PDSN hop time plot reports
Component Lag period to current time Input parameters Report type Raw data option Description For daily time resolutions, the lag period to current time is 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report can displays data collected as late as two midnights before See Parameters overview for hop reports in this section for more information. See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
Number of Concurrent Sessions Min Number of Concurrent Sessions Max Number of Concurrent Sessions Total (Up+Down) Volume Uplink Volume Downlink Volume Total (Up+Down) Data Rate Uplink Data Rate Downlink Data Rate Loss Rate
Specifying hops
Top Nto pick the top N hops as sorted by the field that is being plotted Explicitly specifying hopsto select specific hops on which to report
For RNC-to-base-station hop reports, enter the RNC names and base-station IDs on free-text fields. The syntax of the string for each hop is as follows: RNC_name-BSID For example, test_rnc_lai1-310410a041090b where test_rnc_lai1 is the RNC name and 310410a041090b is the base station ID. For reports of the other two types of hops, select from the drop-down menu of possible hops. In both cases, you can specify more than one network element. For RNC-to-base-station reports, use comma-separated the strings using the syntax described above. For reports of the other two types of hops, you can use Ctrl + click to select more than one entry from the drop-down menu.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-27
Time Resolution
Hop reports can be plotted with fractional-day time resolutions by minute, hour and day:
by minute for a duration of up to 7 days (2 minutes intervals for hops that involve
cells) by hour for a duration of up to 40 days by day. There is no limit on duration.
31.6
Security reports
This sections describes security-related reports. The following sections describe of the reports that you can generate, the parameters that you can plot, and the filters that you can configure for security reports.
Top attackers at or above a specified intensity level report Top scanners report
Top attackers at or above a specified intensity level report
This report displays a table that lists the top attackers according to the following criteria:
Attacker typeto filter by internet source, mobile source or both Event typesSee Event types for network resource usage reports in section 31.2 for a list of event types. Intensity levelto set the level at or above which to report an attacker. Attackers of the same intensity level are sorted by duration and then by attacker identity.
31-28
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Component Remarks
Description Max Duration shows the maximum possible attack duration from an attacker from the moment the attacker launched the attack to the last moment that the same attacker had an ongoing attack, including idle time in between the attacks. This duration is bound by the report time range, so attacks before or after the report time range are not included.
(2 of 2)
This report displays a table that lists the top scanners according to the following criteria:
The number of top scanners (N) is limited to 1000 for a single day report, and 50 for a multi-day report. You can sort by one of the following:
Report type Raw data option
31.7
Subscriber reports
This section describes Subscriber reports. The following sections describe of the reports that you can generate, the parameters that you can plot, and the filters that you can configure for subscriber reports.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-29
Overall subscriber cumulative distribution report Subscriber time plot report Single subscriber time trend table report Top mobile (single day; multiple params) report Top Mobiles reports Top servers report Realm/APN comparison table report Billing Discrepancy report
This report displays the overall distribution of a specified field in a CDF plot. A data point at (x,y) means that there are y% of subscribers having the field value equal to or smaller than x. The x-axis is in log scale.
Table 31-40 Overall subscriber cumulative distribution report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. The following filters are available:
Subscriber group filterto display data about the subscribers that are included in a specified group. See Chapter 32 for information about subscriber groups. Network families filterto filter on 3GPP or 3GPP2 networks Network technology by sessionto filter on 2.5G, 3G, and 4G access or a combination.(1) Device manufacturer or modelto filter on one or more devices Mobile ID or IMSI filterto specify a mobile ID or IMSI. This field supports the use of the percentage sign (%) as a wildcard.
See Figure 30-4 for an example of a CDF report. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. This report always displays data for a single day. The number of included subscribers is displayed on the header of the report. The total number of subscribers can be less than the population size for one of the following reasons:
Some subscribers did not meet a filter criterion and were excluded from the plot For performance-related data fieldsthroughput, RTT, loss ratethere may not be enough measurable samples for some subscribers to make a reliable inference on the data value.
Note
(1)
If a subscriber has accessed more than one technology during the day, the web report interface displays the combined cumulative subscriber usage data and does not separate the data according to the mobile technology. See section 29.10 for more information about how to view the technology used by a subscriber on a per-flow basis using the GUI-based subscriber reports.
This report generates a table that six different fields for a single specified subscriber. Each row in the table displays the data for a specified day.
Table 31-42 Single subscriber time trend table report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. Six input fields are designated as Field1 to Field 6. For each field, choose one of the parameters that are listed in Fields that can be plotted or tabulated for subscriber reports in this section. You must select one subscriber:
by choosing the ID from the Mobile ID drop-down menu By entering a mobile ID in the text field
If you enter a mobile ID in the text field, the selection from the drop-down menu is ignored. In the drop-down menu, the top 10 subscribers (by their recent traffic volumes) are listed first; then, the next 990 top subscribers are listed in the order of their IDs. Report type Raw data option See Figure 30-6 for an example of a table report. Not applicable
This report displays a table listing four different fields of the top subscribers. You can select four fields and specify the field that are used as index to find the top subscribers. For the list of fields that can be tabulated, see section 31.7.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-31
31 Configuring browser-based reports Table 31-43 Top mobile (single day; multiple params) report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. See Fields that can be plotted or tabulated for subscriber reports in this section. The following filters are available:
Subscriber group filterto display data about the subscribers that are included in a specified group. See Chapter 32 for information about subscriber groups. Network families filterto filter on 3GPP or 3GPP2 networks Network technology by sessionto filter on 2.5G, 3G, and 4G access or a combination thereof. Mobile realmto filter on one or more mobile service providers Mobile ID or IMSI filterto specify a mobile ID or IMSI. This field supports the use of the percentage sign (%) as a wildcard.
Four fields can be used to sort the data: the Order by field and the additional output fields. For each field, choose one of the parameters that are listed in Fields that can be plotted or tabulated for subscriber reports in this section. Report type Raw data option Remarks See Figure 30-6 for an example of a table report. Not applicable The report covers a period of one day. The related report, Top Mobiles reports, can cover a multi-day period, but with fewer choices of fields that can be tabulated. If the system cannot derive the manufacturer and/or model name, the column Device Manufacturer/Model is left blank.
Unlike the Top mobile (single day; multiple params) report, which shows one day of data, the Top Mobiles report can tabulate multiple days of data. The report always contains the following fields:
Rank (Mobile ID / IMSI) @ (Realm / APN) Total Traffic Volume (Mbytes) Total Number of Conn Setups Total Airtime (Hours) Total Number of Flows Total Number of Packets
Table 31-44 Top Mobiles report
Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before.
31-32
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description You can select one of the following fields as the sorting index:
Traffic volume Number of conn setups Airtime Number of flows Number of packets The sorting field is indicated in the report by an asterisk (*) on the column header.
See Figure 30-6 for an example of a table report. Not applicable This report runs faster than the Top mobile (single day; multiple params) report.
This report displays seven tabulated field values for the top servers. The set of fields cannot be changed; the report always contains the following fields:
Rank Server Application Average Number of Distinct Active Sessions (per day) Total Traffic Volume (Mbytes)
Total Number of Conn Setups Total Airtime (Hours) Total Number of Flows Total Number of Packets
Report type Raw data option Remarks
Number of Distinct Active Sessions Traffic Volume Number of Conn Setups Airtime Number of Flows Number of Packets The sorting field is indicated in the report by an asterisk (*) on the column header.
See Figure 30-6 for an example of a table report. Not applicable The Application field is derived from the protocol and port number that the server was serving. A server can serve multiple applications; in such a scenario, if there is a predominant application, the report shows the applications configured name or its protocol/port pair; if no application is predominant, the report displays #multiple#.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-33
This report compiles all of the data associated with UMTS APNs or CDMA realms in one table.
Table 31-46 Realm/APN comparison table report
Component Lag period to current time Input parameters, filters, and options Description 7 to 31 hours. After 7:00 AM, the report displays data collected as late as last midnight; before 7:00 AM, the report displays data collected as late as two midnights before. Choose the realms that you need to compare from the Choose realms list. The following filter is available:
Network families filterto filter on 3GPP or 3GPP2 networks Network technology by sessionto filter on 2.5G, 3G, and 4G access or a combination thereof. Mobile realmto filter on one or more mobile service providers Mobile ID or IMSI filterto specify a mobile ID or IMSI. This field supports the use of the percentage sign (%) as a wildcard.
You can sort the data using the Realm name parameter or one of the parameters listed in Fields that can be plotted or tabulated for subscriber reports in this section. Report type Raw data option Remarks See Figure 30-6 for an example of a table report. Not applicable The time period for the comparative table is limited to one day.
This report shows the discrepancies between the traffic data and accounting records detected by the 9900 WNG system. The data is displayed in a table with the following columns:
Mobile NAI Excess Bytes (MB) Uplink Seen (MB) Uplink Acct (MB)
Downlink Seen (MB) Downlink Acct (MB) Seen Pkts Acct Pkts
31-34
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Component Remarks (2 of 2)
Description The table is sorted in descending order according to the Excess Bytes field.
You can use the following fields to filter the output of subscriber reports.
Total (Orig. + Recv.) Volume Orig. Volume Recv. Volume Total (Orig. + Recv.) # Conn Setups Orig. # Conn Setups Recv. # Conn Setups Total (Orig. + Recv.) Flows Orig. Flows Recv. Flows Total (Orig. + Recv.) Pkts Orig. Pkts Recv. Pkts Airtime Duration Uni. Orig. Volume Uni. Recv. Volume Uni. Orig. Flows Uni. Recv. Flows Uni. Orig. Packets Uni. Recv. Packets Average RAN RTT Minimum RAN RTT Maximum RAN RTT Downlink TCP Packet Loss Rate Average RAN Handshake RTT Minimum RAN Handshake RTT Maximum RAN Handshake RTT Average Inet Handshake RTT Minimum Inet Handshake RTT Maximum Inet Handshake RTT Avg. Saturated TCP Thruput Min. Sat. Down TCP Thruput Max. Sat. Down TCP Thruput
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-35
Avg. Downlink TCP Thruput Min. Downlink TCP Thruput Max. Downlink TCP Thruput
31.8
Applications reports
This section describes the reports that you can generate for the different types of applications. The following sections describe of the reports that you can generate, the parameters that you can plot, and the filters that you can configure for applications reports.
Hour-of-day trend comparing applications report Hour-of-day trend comparing days report Hour-of-day trend comparing days of week report Time plot comparing applications report Top applications reports
Report type Raw data option Remarks
Time Period filterto display data about the applications during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Device manufacturers and models ApplicationsSee Application choosers in this section for more information.
See Figure 30-6 for an example of a table report. Not applicable Application categories are indicated by pair of square brackets [ ].
31-36
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
This report displays a time-series chart that plots and compares the hour-of-day trend of different applications. Hour-of-day trends are always measured from midnight to midnight.
Table 31-49 Hour-of-day trend comparing applications report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For a list of fields that can be plotted, see Fields that can be plotted and/or tabulated for application reports in this section. The following filters are available:
Report type Raw data option Remarks
Time Period filterto display data about the applications during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Device manufacturer ApplicationsSee Application choosers in this section for more information
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. For a list of fields that can be plotted and information about how to choose applications for comparison, see section 31.8.
This report displays a time-series chart that plots and compares the hour-of-day trend for up to 5 different days.
Table 31-50 Hour-of-day trend comparing days report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours You can choose to compare up to five specified days. For a list of fields that can be plotted, see Fields that can be plotted and/or tabulated for application reports in this section. The following filters are available:
(1 of 2)
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Device manufacturer ApplicationsSee Application filters in this section for more information
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-37
Description See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. You can compare 1 to 5 days of data by setting the Compare how many days? field. On the input parameter page, however, there are always five Input parameters for Days 1-5 respectively; the input parameters for the extra days are ignored. Hour-of-day trends are always from midnight to midnight. This report does not have the Time Period field, because unlike other reports that have only one start time and end time, this report can have up to five start times and five end times.
(2 of 2)
This report displays a time-series chart that plots the hour-of-day trend for the days of the week. If you select a time range that contains more than one day for a given day of week (for example, Monday), the data plotted is the average value of these days.
Table 31-51 Hour-of-day trend comparing days of week report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For a list of fields that can be plotted, see Fields that can be plotted and/or tabulated for application reports in this section. The following filters are available:
Report type Raw data option Remarks
Time Period filterto display data about the applications during specified time period or range of dates. The options are Last Week (Sunday to Saturday), Last Month, or a specified date range. Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Device manufacturer ApplicationsSee Application filters in this section for more information
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. Hour-of-day trends are always from midnight to midnight.
31-38
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-52 Time plot comparing applications report
Component Lag period to current time Input parameters Input parameters, filters, and options Description Approximately 6 hours See Fields that can be plotted and/or tabulated for application reports in this section. For a list of fields that can be plotted, see Fields that can be plotted and/or tabulated for application reports in this section. The following filters are available:
Report type Raw data option
Time Period filterto display data about the applications during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Time resolution filterto plot data by hour or day Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Device manufacturer and models ApplicationsSee Application choosers in this section for more information
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
This report displays a table that lists the top applications. The fields listed on this report are set and cannot be changed:
Total Airtime (Hours) Total Number of Flows Total Number of Packets Realm(s)
Number of Distinct Active Sessions Traffic Volume Number of Conn Setups Airtime Number of Flows Number of Packets The sorting field is indicated in the report by an asterisk (*) on the column header.
(1 of 2)
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-39
Description See Figure 30-6 for an example of a table report. Not applicable Limits to the number of applicationsIf the specified day range contains more than one day, the maximum number applications N is 50. If the specified day range is exactly one day, the maximum number applications N is 1,000.
(2 of 2)
Following are the fields that you can use to plot and/or tabulate applications reports:
Flow Count Total (Up+Down) Volume Uplink Volume Downlink Volume Total (Up+Down) Data Rate Uplink Data Rate Downlink Data Rate Total (Up+Down) # Conn Setups (Sum) Uplink (Up+Down) # Conn Setups (Sum) Downlink (Up+Down) # Conn Setups (Sum) Total (Up+Down) # Conn Setups (Rate) Uplink (Up+Down) # Conn Setups (Rate) Downlink (Up+Down) # Conn Setups (Rate) Total (Up+Down) Packets Uplink (Up+Down) Packets Downlink (Up+Down) Packets Airtime Path Loss Rate Downlink Thruput Average RAN Handshake RTT Average RAN RTT Configuring application parameters
There are two general types of configuration options for application parameters:
31-40
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Application choosers
For most reports in this section, three fields serve as application choosers. By making choices on these input parameters, you specify the applications to be compared by specifying the following application properties:
For the Hour-of-day trend comparing days and Hour-of-day trend comparing days of week reports, applications are specified using application filters instead of application choosers. The main difference between application filters and choosers is that, for reports using applications filters, in the final plot or table, you do not see individual applications or application categories. Rather, you see the overall traffic data after these filters are applied. Similar to application choosers, application filters also are comprised of the following fields:
31.9
Devices reports
This section describes reports that you can generate for devices. The following sections describe of the reports that you can generate, the parameters that you can plot, and the filters that you can configure for devices reports.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-41
Hour-of-day trend comparing manufacturers report Hour-of-day trend comparing models report Time plot comparing manufacturers report Time plot comparing models report Table comparing manufacturers report Table comparing models report Performance KPI by manufacturer/model report
This report displays a time-series chart that plots and compares the hour-of-day trend of devices from different manufacturers.
Table 31-54 Hour-of-day trend comparing manufacturers report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For the list of fields that can be plotted, see Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
Report type Raw data option Remarks
Time period filtersto display data about the cell during specified time period or range of dates. The options are Today, Yesterday, Last Week (Sunday to Saturday), Last Month, or a specified date range. Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device manufacturers to compare
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. Hour-of-day trend is always from midnight to midnight. If the specified time range contains more than one day, the data within the same hour (for example, 0:00-1:00) for the different days is averaged and the resulting value is displayed in this report.
This report displays a time-series chart that plots and compares the hour-of-day trend for different device models.
31-42
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31 Configuring browser-based reports Table 31-55 Hour-of-day trend comparing models report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For the list of fields that can be plotted, see Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
Report type Raw data option Remarks
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device models to compare
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. Hour-of-day trend is always from midnight to midnight. If the specified time range contains more than one day, the data within the same hour (for example, 0:00-1:00) for these different days is averaged and the resulting value is displayed in this report.
This report displays a time-series chart that plots and compares traffic data of devices from different manufacturers.
Table 31-56 Time plot comparing manufacturers report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For the list of fields that can be plotted, see Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
Report type Raw data option
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device manufacturers to compare
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-43
This report displays a time-series chart that plots and charts traffic data from different devices.
Table 31-57 Time plot comparing models report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours For the list of fields that can be plotted, see Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
Report type Raw data option Remarks
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device models to compare
See Figure 30-2 for an example of a time-series chart. Yes. See Exporting graphical reports to an Excel or a CSV file in chapter 30. For more information about bout Manufacturers versus Models and a list of fields that can be plotted, see Manufacturers versus Models in this section.
This report displays a table that lists six different fields that compare traffic data from devices of different manufacturers.
Table 31-58 Table comparing manufacturers report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours Six input fields are designated as Field1 to Field 6. For each field, choose one of the parameters that are listed in Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
(1 of 2)
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device manufacturers to compare
31-44
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Description See Figure 30-6 for an example of a table report. Not applicable
This report displays a table that compares traffic data for different device models.
Table 31-59 Table comparing models report
Component Lag period to current time Input parameters, filters, and options Description Approximately 6 hours Six input fields are designated as Field1 to Field 6. For each field, choose one of the parameters that are listed in Fields that can be plotted and/or tabulated in device reports in this section. The following filters are available:
Report type Raw data option Remarks
Network type filterto display data about a specified type of mobile network, such as 1xRTT, CDMA, EVDO, GPRS, and UMTS Realm filterto display data for specified realms RNC filtersto specify one or more RNCs Application categories Configured applications Unconfigured applications Device models to compare
See Figure 30-6 for an example of a table report. Not applicable For more information about Manufacturers versus Models and a list of fields that can be plotted, see Manufacturers versus Models in this section.
This report compares the following data for different manufacturers or models:
Saturated Throughput (Kbps) Packet Loss % Average RTT (ms) Device Count
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-45
by manufacturer or model by subscriber group. See chapter 32 for information about subscriber groups.
You can sort the tabular data according to one of seven numeric fields and in ascending or descending order. Report type Raw data option (2 of 2) See Figure 30-6 for an example of a table report. Not applicable
The following fields can be plotted in the device reports. You can choose one of the following parameters:
Flow Count Total (Up+Down) Volume Uplink Volume Downlink Volume Total (Up+Down) Data Rate Uplink Data Rate Downlink Data Rate Total (Up+Down) # Conn Setups (Sum) Uplink (Up+Down) # Conn Setups (Sum) Downlink (Up+Down) # Conn Setups (Sum) Total (Up+Down) # Conn Setups (Rate) Uplink (Up+Down) # Conn Setups (Rate) Downlink (Up+Down) # Conn Setups (Rate) Total (Up+Down) Packets Uplink (Up+Down) Packets Downlink (Up+Down) Packets Airtime Path Loss Rate Downlink Thruput Average RAN Handshake RTT Average RAN RTT
31-46
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Most reports in this section come in pairs of variants: comparing manufacturers and comparing models. Two different manufacturers can assign the same model name to two different phone models, therefore in these reports, the term Model refers to the manufacturer name concatenated with model name.
Note In this release, the 9900 WNG system cannot decode CDMA device ESNs and MEIDs to their model names; the model name field for all CDMA devices displays an empty string. For CDMA networks, the two variants of the same report are effectively identical.
31.10
Troubleshooting
Table 31-61 provides tips for troubleshooting report errors.
Table 31-61 Troubleshooting
Problem No data is shown on the report Solution Verify that the parameter values are correct or try different parameter values. If you applied filters to the report, modify the filters to gather more data. Send the exception message as well as the report name and chosen parameter values to your 9900 WNG technical support representative. Run the report with a smaller date range. Re-run the report using a smaller number of data points. For example, specify a smaller date range or change the time resolution from minute to hour. You can also try to run the report with Show only raw data option selected.
An exception is displayed when you generate a report The report is taking a long time to run (more than 15 minutes) The report appears with broken links instead of charts
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
31-47
31-48
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
32-2 32-2
32.2 Subscriber Group Manager page components 32.3 Creating a subscriber group 32.4 Searching for a subscriber 32-3 32-4 32-4
32.5 Changing the subscriber group view 32.6 Importing subscriber data 32-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
32-1
32.1
Overall subscriber cumulative distribution report Top Mobiles reports Performance KPI by manufacturer/model report
32.2
Status icons
32-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Table 32-1 lists the components in the Subscriber Groups Manager page.
Table 32-1 Subscriber Groups Manager page components
Component Group Type selector panel Subscriber Groups tab Group Editor tab Subscriber Group control panel Description Pick list from which you can select the type of groups to manage. The supports the following Group type: Subscriber Lists the subscriber groups Workspace to create a group, or to add or remove subscribers to/from a group Contains three buttons:
Subscriber data table
Create new groupSee section 32.3 for information about how to use the create new group function. Delete groupto delete a selected group. Import datato import a list of subscribers. See section 32.6 for information about how to use the import function.
Data for the members of the subscriber group are arranged in a table with the following columns:
32.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
32-3
32.4
ii iii 4
Enter a value in the Search String field Choose a value from the Filter by Realm/APN drop-down menu.
Click on the Search button. The search results appear in a tab in the Subscriber Group panel.
32.5
32-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
c d
32.6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
32-5
32-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33.1 Threat detection and network anomalies overview 33.2 Threat detection in a CDMA network 33.3 Threat detection in a UMTS network 33-2 33-3
33-2
33.4 High-level workflow to investigate an anomaly event 33.5 Network anomaly events 33.6 Wireless attack events 33-6 33-7 33-14
33-5
33.7 Port scans and unwanted source events 33.8 Abusive subscriber events 33-17
33-21
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-1
33.1
33.2
In a CDMA network, the 9900 WNG Detector snoops mirrored traffic on the following interfaces:
The interface between the PDSN and the AAA (bidirectional traffic) The interface between the PDSN and the HA
Figure 33-2 9900 WNG Detector in a CDMA network
33-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
The 9900 WNG detector snoops the accounting records sent by the PDSNs to the AAA server, which allows the detector to relate IP traffic to wireless network elements such as HAs, PDSNs, RNCs, and Mobile device/subscription. The 9900 WNG Detector obtains the packets from the mirrored ports and extracts the necessary information from the packet headers such as source/destination IP addresses and port, protocol, packet size, and arrival time.
All incoming and outgoing subscriber data traffic Simple IP traffic Mobile IP (MIP) IP-IP tunneled Signaling traffic to relate IP traffic to subscriber/device/network elements MIP signaling traffic AAA/RADIUS
The output of the 9900 WNG Central device includes the following:
Anomaly events Mobile Flow records: flow records enhanced with wireless-specific information Network statistics: top mobile/server, traffic/resource usage classification Network elements status updates, for example, HA, PDSN, and CDMA RNC Reports
Each 9900 WNG Detector can observe up to 1Gb of bidirectional traffic and up to 500 000 active sessions.
33.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-3
33 Threat detection and network anomaly events Figure 33-3 Threats in a UMTS network
In a UMTS network, the 9900 WNG Detector observes mirrored traffic on the following interfaces:
The interface between the SGSN and the AAA (bidirectional traffic) The interface between the SGSN and the GGSN
Figure 33-4 9900 WNG Detector in a UMTS network
The 9900 WNG detector snoops the accounting records sent by the SGSNs to the AAA server, which allows the detector to relate IP traffic to wireless network elements such as GGSNs, SGSNs, RNCs, and Mobile device/subscription. The 9900 WNG Detector obtains the packets from the mirrored ports and extracts the necessary information from the packet headers such as source/destination IP addresses and port, protocol, packet size, and arrival time.
33-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
All incoming and outgoing subscriber data traffic - Simple IP traffic Signaling traffic to relate IP traffic to subscriber/device/network elements - GTP
traffic The output of the 9900 WNG Central device includes the following:
Anomaly events Mobile Flow records: flow records enhanced with wireless-specific information Network statistics: top mobile/server, traffic/resource usage classification Network elements status updates, for example, GGSN, SGSN, and RNC Reports
Each 9900 WNG Detector can observe up to 1Gb of bidirectional traffic and up to 500,000 active sessions.
33.4
4 5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-5
6 7
Analyze the mobile flow data and the resource usage. Take corrective action to mitigate:
Add filter rules to Firewall/IPS Add filter rules to the Router ACL
Contact or disable accounts for abusive subscribers for the following event type:
Overload RNC
33.5
33-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33.6
Single source mobile floods Distributed mobile floods ICMP router discovery abuses
Major
Impact to the network
A signaling attack from a single source has the following impact to the network:
Causes an overload signal processing unit at RNC Congests paging channels at BTS Wastes air time
Event reporting
When an RNC signaling attack is detected, the following information related to the event is reported:
Internet source: IP address Mobile source: IP source, Network access Identifier (NAI), Mobile Station
Identifier (MSID), Electronic Serial Number (ESN), International Mobile Equipment identifier (IMEI), International Mobile Subscriber Identity (IMSI), Mobile Station integrated Services Digital Network Number (MSISDN) Intensity
Event thresholds
The event is reported when the number of connection setups exceeds the specified threshold. To display current settings, enter the following command:
detector:detector99# show detectionThresholds sigAttack 4 signalAttackThresholds
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-7
A single source attack may trigger the following related anomaly events:
Minor
Impact to the network
A battery attack has the following impact to the mobile device and the network:
Drains the battery of the mobile device Wastes air resources that otherwise would be used by other mobiles Can cause a call to be blocked due to channel exhaustion when multiple mobile
devices are attacked at the same time
Event information
Internet source: IP address Mobile source: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Victim mobile: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity
Event thresholds
33-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Minor
Impact to the network
Drain mobile battery Waste air resources which otherwise would be used by other mobiles Could cause call blocks due to channel exhaustion when attacking many mobiles
at the same time
Thresholds
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-9
Event information
Victim mobile: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity
Related events
Critical
Impact to the network
An RNC overload can cause denial of service to a new connection request, resulting in call drops.
Thresholds
The threshold for an RNC overload event is the number of connection setups/sec the RNC comfortably handles. To display current settings, enter the following command:
detector:detector99# show detectionThresholds rncOverload 5 rncLoadThresholds 6000 12000 18000 24000 36000
Related events
An RNC Overload event may also trigger a single source signaling attack event (SIGATTACK_SINGLE_SRC).
Minor
Impact to the network
Traffic denial of server to mobile, possibly also network Waste network resource
Event information
Attacker: IP address Mobile source: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Victim mobile: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Total unsolicited bytes contributed by the source
Thresholds
This event is generated when a source sends unsolicited traffic to mobile exceeding/close to mobiles link capacity. To display the current thresholds, enter the following command:
detector:detector# show detectionThresholds floodMobileSingleSrc 5 floodMobileSingleSrcThresholds 5000000 10000000 20000000 40000000 80000000
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-11
Related events
Minor
Impact to the network
Traffic denial of server to mobile, possibly also network Waste network resource
Event information
Victim mobile: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Total unsolicited bytes contributed by the sources
Thresholds
This event is generated when unsolicited traffic from multiple sources to a mobile is equal to or exceeds the mobiles link capacity in a specified time period. To display the current thresholds, enter the following command:
detector:detector# show detectionThresholds floodMobileDistributed 5 floodMobileDistributedThresholds 10000000 20000000 40000000 80000000 160000000
Major
Impact to the network
This event is generated when the number of illegitimate ICMP router discovery messages equals or exceeds a defined threshold within a specified period. To display the current thresholds, enter the following command:
detector:detector# show detectionThresholds routerDiscoveryAbuse 5 routerDiscoveryAbuseThresholds 2 5 10 20 50
None
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-13
33.7
Horizontal port scan events Vertical port scan events Unwanted source Horizontal port scan events
A malicious source sends probe packets of same destination port to a large number of victims to explore potential vulnerability, such as in an Internet worm propagation or Botnet compromise.
Severity
Major
Impact to the network
A horizontal port scan exposes mobile devices to a security risk. In addition, it wastes bandwidth, air time, and signaling resources.
Event information
Internet source: IP attacker Mobile source: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Scanned port Number of distinct hosts scanned
Event threshold
This event is generated when the number of distinct hosts probed exceeds a specified threshold. To display the current thresholds, enter the following command.
detector:detector99# show detectionThresholds portScanHoriz 5 portscanHorizontalThresholds 240 360 480 640 720
33-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
A horizontal port scan event may trigger the following related anomaly events:
Major
Impact to the network
A vertical port scan exposes mobile devices to a security risk. In addition, it wastes bandwidth, air time, and signaling resources.
Threshold for vertical ports scan
The threshold for a vertical port scan is the number of distinct ports probed at the same victim. To display current settings, enter the following command:
detector:detector99# show detectionThresholds portScanVert 5 portscanVerticalThresholds 120 240 360 480 640
A vertical port scan event reports the following information about the malicious source:
Internet source: IP Mobile source: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 33-15
Victim mobile: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Number of distinct ports scanned
Related events
A vertical port scan event may trigger the following related events:
Major
Impact to the network
Measures the amount of unsolicited traffic (bytes) from the source during a 2 hour interval. To display current thresholds, enter the following command:
detector:detector99# show detectionThresholds unwantedSrc 4 unwantedThresholds 10000000 20000000 30000000 40000000
33-16
Internet source: IP Mobile source: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Number of distinct destinations of unsolicited traffic Total unsolicited bytes contributed by the source
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Related events
33.8
High-usage subscriber events High signaling subscriber event Always-active subscriber Peer-to-peer mobile traffic events
Minor
Impact to the network
The threshold measured is the total traffic volume (bytes) during a two hour period. To display the current settings, enter the following command:
detector:detector99# show detectionThresholds highUsage 5 highUsageThresholds 20000000 40000000 60000000 80000000 100000000
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-17
Event information
Offending subscriber identity: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Upload volume (in bytes) Download volume (in bytes)
Related events
Minor
Impact to the network
The threshold measured is the number of connection setups during a specified watching window (2 hours). To display the current settings, enter the following command:
detector:detector99# show detectionThresholds highSignalingSubscriber 5 highUsageThresholds 240 360 480 600 720
33-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Event information
Offending subscriber identity: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity Number of connection setups triggered
Related events
Minor
Impact to the network
An always-active device holds on a radio channel that would otherwise be used by other mobile device.
Thresholds
This event is generated when a subscriber is active for a period that exceeds the specified thresholds. To display the current threshold settings, enter the following command:
detector:detector99# show detectionThresholds alwaysActive 5 highAirtimeThresholds 0.5 0.6 0.7 0.8 0.9
Offending subscriber identity: IP, NAI, MSID, ESN, IMEI, IMSI, MSISDN Intensity
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 33-19
Fraction of active time - The fraction of active time for a mobile is the fraction of
time that the mobile holds the radio channel with respect to a pre-defined watching window. The fraction of active time is calculated as: active_time_in_watching_window/watching_window_length. Current session start time
Related events
An always-active subscriber event may trigger the following related anomaly events:
Minor
Impact to the network
Peer-to-peer traffic consumes significant amounts of network capacity and increases bandwidth cost per subscriber, and can therefore lead to significant lost revenue for the service provider.
Event information
The following information about the offending subscriber: IP address NAI MSID ESN IMEI IMSI MSISDN Intensity Number of originating peers Number of responding peers Type of applications Uplink volume Downlink volume
33-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Thresholds
This event is generated when the volume of a subscribers traffic volume (in bytes) exceeds the specified threshold. To display the current thresholds, enter the following command:
detector:detector# show detectionThresholds p2pMobile 5 p2pMobileThresholds 100 200 400 600 1000
High usage subscriber event (HIGH_USAGE_SUB) Always-active subscriber (ALWAYS_ACTIVE_SUB) Single source battery attack (BATTERYATTACK_SINGLE_SRC)
33.9
Table 33-2 lists the anomaly events (event) and the threshold values (thresh) for each event. You can specify up to five threshold values.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
33-21
33 Threat detection and network anomaly events Table 33-2 Threshold and threshold values for each anomaly event
Setting for event Threshold measured Threshold (thresh) value range 0.0 to 1.0 0.0 to 1.0
alwaysActive batteryAttackSingleSrc
The fraction of active time within the watching window. Measures the air resource efficiency, that is, how efficient the air resource is used for data transfer. This value represents a fraction of time within the watching window. The fraction of active time within the watching window. Measures the amount of unsolicited traffic (bytes) from the source going to the mobile during a watching window. Measures the number of connection setups during a specified watching window. Measures the total traffic volume (byte) used in a watching window. The number of connection setups triggered by source in watching window. Total traffic volume (byte) used in watching window. Number of distinct hosts probed during a two hour period Number of distinct hosts probed in watching window. Number of connection setups/sec the RNC comfortably handles. Number of illegitimate ICMP router discovery messages equal to or exceeding a defined threshold within a specified period. Measures the amount of unsolicited traffic (bytes) from the source during the watching window. Amount of unsolicited traffic (bytes) from the source during 2 hour interval.
batteryAttackDistributed floodMobileDistributed
240 to 720 0 to 100 000 000 0 to 1000 0 to 1000 0 to 1000 0 to 1000 0 to 10 000 000 2 to 50
floodMobileSingleSrc
5M to 80M
unwantedSrc
33-22
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900
WIRELESS NETWORK GUARDIAN | RELEASE 2.1
SYSTEM ADMINISTRATION AND SECURITY GUIDE
Alcatel-Lucent Proprietary This document contains proprietary information of Alcatel-Lucent and is not to be disclosed or used except in accordance with applicable agreements. Copyright 2010 Alcatel-Lucent. All rights reserved.
Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Copyright 2010 Alcatel-Lucent. All rights reserved.
Disclaimers
Alcatel-Lucent products are intended for commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The customer hereby agrees that the use, sale, license or other distribution of the products for any such application without the prior written consent of Alcatel-Lucent, shall be at the customer's sole risk. The customer hereby agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the products in such applications. This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation. Alcatel-Lucent assumes no responsibility or liability for incorrect or incomplete information provided about non-Alcatel-Lucent products. However, this does not constitute a representation or warranty. The warranties provided for Alcatel-Lucent products, if any, are set forth in contractual documentation entered into by Alcatel-Lucent and its customers. This document was originally written in English. If there is any conflict or inconsistency between the English version and any other version of a document, the English version shall prevail.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
34 Security overview
34-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
34-1
34 Security overview
34.1
Security overview
Figure 34-1 shows the external interfaces of the 9900 WNG system and the protocols that are implemented to help secure these external interfaces.
Figure 34-1 9900 WNG external interfaces
Table 34-1 describes the features and protocols that you can use to secure the 9900 WNG system from unauthorized access.
Table 34-1 9900 WNG security features and protocols
Protocol or feature SSL Purpose SSL provides authentication and encryption for TCP clients and is used to secure HTTP connections. In addition, SSL provides CLI access. The HTTPS protocol provides a secure web client and server for web-based reporting. (1 of 2)
34-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
34 Security overview
Protocol or feature SSH protocol SNMPv3 Role-based access control Strong password authentication rules Security logging (2 of 2)
Purpose SSH is a software solution for unsafe network commands such as rlogin, rsh, rcp, and Telnet. SSH is used to access the 9900 WNG Detector from 9900 WNG Central using shared key pairs. SNMPv3 provides encryption and encapsulation for management traffic between the NMS and 9900 WNG Central. Ensures that each user performs only those tasks that are allowed by their role. See chapter 36 for more information. Helps to prevent other users or programs from guessing a password Tracks user access data, such as user ID and number of login attempts, is stored in log files. Unauthorized user access is reported.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
34-3
34 Security overview
34-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
35 Managing licenses
35-2 35-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
35-1
35 Managing licenses
35.1
35.2
35-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
35-3
35 Managing licenses
35-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
36.1 User account management overview 36.2 Managing user accounts 36.3 Monitoring user accounts 36-4 36-10
36-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
36-1
36.1
Roles
Each role has privileges, which determines the tasks that can be performed and the information that can be displayed. Table 36-1 describes the roles that can be created.
Table 36-1 Roles
Role Description
Internal interface CLI GUI Reports Creates GUI and Reports roles. See chapter 14 for more information about the CLI role. Used to access the GUI Used to access the web-based reports
External interface SNMP Motive API Sends SNMP messages to various components in a network For customer care technicians to quickly access actual usage data for the subscribers
Privileges
Each role has associated privileges. The CLI role has only one associated privilege, but the GUI and Reports roles can have multiple privileges. Table 36-2 describes the privileges for each role.
Table 36-2 Privileges for each role
Privilege As it appears on the CLI CLI role sudo admin user reportsOnly demoonly (1 of 2) To create the Reports role To create the DemoOnly role See Table 14-2 As it appears on the GUI Description
36-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Privilege As it appears on the CLI GUI NE ano subs Network Anomaly Subscriber To access the Dashboard and Network Forensics views To view Performance Events. If you do not have the Anomaly privilege, you cannot view the Current and History events. To view subscriber identity information and to start a subscriber report or mobile flow query using an IMSI or NAI of the subscriber. If you do not have the Subscriber privilege, anomaly events do not display the identify of the subscriber To configure NEs, and acknowledge and clear system events IP addresses are not displayed As it appears on the GUI Description
Admin DemoOnly
Network Subscriber
If you do not have the Network privilege, you cannot start a Network Elements or Hops report To create subscriber groups. If you do not have the Subscriber privilege, you cannot start a subscriber report that requires the identity or a subscriber. The identify of the subscriber does not appear. If you do not have the AppsDevices privilege, you cannot start a Applications or Device report To access the Group Manager interface. The Subscriber privilege is required to create subscriber groups. IP addresses are not displayed
See Table 14-8 for a list of commands that are available for each account type on the 9900 WNG Central and Detector. The CLI prompt indicates your privilege and whether you are on the 9900 WNG Central or Detector. See Table 14-5 for more information about the different prompts.
Modes
You can switch modes to move up or down a level in CLI. Mode switching ensures that accounts are identified and authenticated at login, and all activity is logged. See section 14.3 for more information.
Passwords
During initial installation, you must change the default password for the root login. Contact your Alcatel-Lucent technical support representative for the default password. Passwords must be a minimum of 6 characters and a maximum of 41 characters for all roles. The password can also contain one more of the special characters that are listed in Table 36-3.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 36-3
The 9900 WNG supports password aging. Passwords are set to expire in 42 days. When your password expires, you are prompted to change your password at your next CLI log in. The sudo privilege in the CLI is required to change the password for another account, but you can change your own password in the CLI. See Procedure 36-2 to change the password for another user and Procedure 36-4 to change your password.
36.2
36-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Task To create a Motive API user account To delete a Motive API user account (2 of 2)
Procedure 36-1 To create a user account with CLI, GUI, and Reports roles
This procedure does not apply to SNMP or Motive API user accounts. See Procedures 19-2 or 20-1. By default, the CLI role is created with default privileges for the GUI and Reports roles. 1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Type:
user add id password [cli_role] [firstname] [lastname]
where id is user login ID (username) that must have a minimum of 3 and a maximum of 31 alphanumeric characters password is the password for the account, which must contain a minimum of 6 and a maximum of 41 characters. See Table 36-3 for a list of special characters. cli_role is the CLI role for the user. The options are user, admin, sudo, reportonly, or demo. firstname is the first name of the user and can contain one or more special characters lastname is the last name of the user can contain one or more special characters
For example, the following command adds the new account jasadmin and assigns the password pwdjas02. The user, John Smith, has admin privileges.
user add jasadmin pwdjas02 admin John Smith
Perform Procedure 36-5 to modify the default privileges for the GUI and Reports roles.
Changing passwords
Perform Procedure 36-2 to change the password for another user account. You must have the sudo privilege to change the password for another user. Perform Procedure 36-4 to change your password.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
36-5
For example, the following command changes the password for jasadmin:
user changepassword jasadmin
For example, the following command changes the password for jasadmin:
user changepassword jasadmin
36-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Modifying privileges
Perform Procedure 36-5 to modify the privileges for a role.
36-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Note Alcatel-Lucent recommends that the timeout is set to a value that is greater than or equal to one day and the timeout can match any network timeout for subscriber sessions. For example, a subscriber session in some networks terminates after one day regardless of activity. In this case, Alcatel-Lucent recommends setting the timeout to one day.
Disconnecting users
Perform Procedure 36-10 to disconnect a specific user or all users that are connected to the GUI.
Procedure 36-10 To disconnect one or all users from active GUI sessions
1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Perform one of the following: a b 3 Go to step 3 to disconnect all users. Go to step 4 to disconnect one user.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
36-9
Use the clean option before an upgrade to disconnect the existing sessions and reload the new configuration. Otherwise, use the noclean option. 4 Disconnect a user by typing one of the following:
guiDisconnect user id clean noclean guiDisconnect user id noclean
where id is the username of the account
Use the clean option before an upgrade to disconnect the existing sessions and reload the new configuration. Otherwise, use the noclean option.
36.3
36-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Task To display Motive API user accounts To display user accounts with a pattern To display the idle timeout for the GUI and Reports roles (2 of 2)
Procedure 36-12 To display CLI, GUI, and Reports roles that are on the 9900 WNG Central
This procedure does not apply to SNMP or Motive API user accounts. See Procedures 19-7 and 20-3. 1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Display all of the configured user accounts by typing:
show users
Table 36-6 describes the information that appears for each user account.
Table 36-6 show users information
Column Name Login CLI Role Description The first and last name of the user. The login name for the user. The access level when the user is using CLI. The CLI roles are sudo, admin, user, readonly, and demoonly. See Tables 36-1 and 36-2 for more information about roles and privileges. The access level when the user is using the GUI. The GUI roles are NE, ano, subs, admin, and demo. See Tables 36-1 and 36-2 for more information about roles and privileges. The access level when the user is using the GUI. The Reports roles are NE, subs, apps, admin, and demo. See Tables 36-1 and 36-2 for more information about roles and privileges.
GUI Role
Reports Role
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
36-11
Procedure 36-14 To display the idle timeout for the GUI and Reports roles
This procedure does not apply to SNMP and Motive API user accounts. 1 2 Log in to the CLI with the sudo privilege, as described in Procedure 14-1 or 14-2. Display the idle timeout for all GUI and Reports roles by typing:
show idleTimeout {GUI | web}
36-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37 Monitoring the 9900 WNG Central and Detector 38 System events 38-1
37-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-2 37-2
37.2 Monitoring the 9900 WNG using log files 37.3 Monitoring GUI reports and queries 37.4 Measuring system performance
37-10
37-12
37.5 Monitoring a remote 9900 WNG Central and Detector using the BMC 37-29
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-1
37.1
CLI-based monitoring tools User accounts Log reports View information about accounts View logs that monitor system events View logs that monitor GUI-based activities View Motive API logs Performance measurements BMC GUI-based tools Status LEDs Status indicators for the following: View logs that measure system performance View reports that monitor remote 9900 WNG Central and Detector hardware Procedure Section 37.4 Section 37.5 Section 36.3 Section 37.2
System events
database anomaly events system CPU Utilization memory utilization disk utilization processes hardware and software failures
Chapter 38
37.2
configuration management activities software upgrades and updates security related events (for example, user login attempts) autonomous notifications internal system errors and corrective actions taken informational messages not associated with alarms or error conditions (for example, state changes, status)
All log files have a maximum size of 10 MB. When a file has reached the maximum size, the log files rollover to another file, with up to seven such files for each log stored on disk.
37-2 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
When you view log files on the CLI, log files are displayed in reverse order (that is, the most recent message received is displayed first in the log file). Procedure 37-1 describes how to view 9900 WNG log files using CLI.
The show log audit command contains all commands that different users have executed through the CLI. The following is sample output from the CLI screen:
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-3
central> show log audit May 8 09:19:38 central123.company.com slwhite1gui: central123.company.com. "show log audit" May 8 09:18:40 central123.company.com slwhite1gui: central123.company.com. "show log syslog" May 8 09:18:29 central123.company.com slwhite1gui: central123.company.com. "login slwhite1gui" May 8 09:16:40 central123.company.com slwhite1gui: central123.company.com. "show log central"
The show log central command shows information on Central processes. For example, license loading errors and what is wrong with the license, as well as connections to the Detectors. The following is sample output from the CLI screen:
central> show log central <13>May 08 08:53:48 WARNING: [DataBaseWriter] batch update failed with size=2, error code:22001 <15>May 08 08:38:52 <15>May 07 20:38:53 <15>May 07 08:38:52 INFO: [AwareCentral] Load license...SUCCESS INFO: [AwareCentral] Load license...SUCCESS INFO: [AwareCentral] Load license...SUCCESS
<13>May 06 23:15:51 WARNING: [DataBaseWriter] batch update failed with size=2, error code:22001
The show log central-err CLI command displays error logging information for the 9900 WNG Central. The following is sample output from the CLI screen.
central> show log central-err Jun 29 14:01:03 aware-central99 anomalyArchival-7654: end:2010-06-29 14:01:01.000000000 -0400 Jun 29 14:01:01 aware-central99 anomalyArchival-7654: start:2010-06-29 14:01:01.000000000 -0400 Jun 29 13:24:01 aware-central99 hourlySummary-7270: Custom HourlySummary on 1277820000 took 0 seconds Jun 29 13:24:01 aware-central99 HourlyNetworkSummary-7300: Hourly Network Summary took 67 seconds Jun 29 13:22:54 aware-central99 hourlySummary-7270: HourlySummary 1277820000 took 31 seconds Jun 29 13:22:23 aware-central99 hourlySummary-7195: Custom HourlySummary on 1277816400 took 0 seconds Jun 29 13:22:23 aware-central99 HourlyNetworkSummary-7234: Hourly Network Summary took 95 seconds 37-4 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Jun 29 13:20:48 aware-central99 hourlySummary-7195: HourlySummary 1277816400 took 36 seconds Jun 29 13:20:12 aware-central99 flowSummary-7012: Custom FlowSummary on mobile_flow_record_20100629113359 took 0 seconds Jun 29 13:20:12 aware-central99 flowSummary-7012: Compressing mobile_flow_record_20100629113359 took 694 seconds Jun 29 13:01:01 aware-central99 anomalyArchival-6922: end:2010-06-29 13:01:01.000000000 -0400 Jun 29 13:01:01 aware-central99 anomalyArchival-6922: start:2010-06-29 13:01:01.000000000 -0400 Jun 29 12:01:03 aware-central99 anomalyArchival-5129: end:2010-06-29 12:01:01.000000000 -0400 Jun 29 12:01:01 aware-central99 anomalyArchival-5129: start:2010-06-29 12:01:01.000000000 -0400 Jun 29 11:58:36 aware-central99 hourlySummary-5037: Custom HourlySummary on 1277812800 took 0 seconds Jun 29 11:58:36 aware-central99 HourlyNetworkSummary-5075: Hourly Network Summary took 79 seconds Jun 29 11:57:17 aware-central99 hourlySummary-5037: HourlySummary 1277812800 took 41 seconds Jun 29 11:56:36 aware-central99 flowSummary-4819: Custom FlowSummary on mobile_flow_record_20100629100709 took 0 seconds
The show log database CLI command displays information about the database. The following is sample output from the CLI screen.
central# show log database Version: '5.1.45-enterprise-commercial-pro' socket: '/var/lib/mysql/mysql.sock' port: 3308 MySQL Enterprise Server - Pro Edition (Commercial) 100628 16:17:28 [Note] /usr/sbin/mysqld: ready for connections. 100628 16:17:28 [Note] Event Scheduler: Loaded 0 events 100628 16:17:28 InnoDB: Started; log sequence number 0 266721272
100628 16:17:28 [Note] Plugin 'FEDERATED' is disabled. 100628 16:17:27 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 100628 16:17:27 mysqld_safe mysqld from pid file /var/lib/mysql/aware-central21.pid ended 100628 16:17:27 [Note] /usr/sbin/mysqld: Shutdown complete 100628 16:17:27 266721272 InnoDB: Shutdown completed; log sequence number 0
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-5
The show log detector command shows information on the Detector processes. The following is sample output from the CLI screen:
central> detector detectorB detector:detectorB> show log detector May 4 16:22:29 detectorB ser: [SystemEventCollector] detector=detectorB time=1209932548.604402 class=4 module=tracker sev=clear corrid=606339080 count=1 type=8 refobj=detectorB subobj=0 value=0.000 cond=Receivingpackets desc=Receivi gpackets May 4 16:22:29 detectorB aware: [awared] Receiving Packets
May 4 13:53:28 detectorB ser: [SystemEventCollector] detector=detectorB time=1209923608.604402 class=4 module=tracker sev=maj corrid=606339080 count=1 type=8 refobj=detectorB subobj=0 value=0.000 cond=NoPackets desc=NoPacketsinla t60seconds May 4 13:53:28 detectorB aware: [awared] No packets in last 60 seconds May 4 13:52:31 detectorB ser: [SystemEventCollector] detector=detectorB time=1209923551.604402 class=4 module=tracker sev=clear corrid=606343948 count=1 type=12 refobj=detectorB subobj=19 value=59.996 cond=<60% desc=EventQueueUsag Normal May 4 13:52:29 detectorB ser: [SystemEventCollector] detector=detectorB time=1209923549.604402 class=4 module=tracker sev=maj corrid=606343948 count=1 type=12 refobj=detectorB subobj=19 value=75.001 cond=>75% desc=HighOccupancyin ventQueue Apr 26 10:10:16 detectorB aware: [awared] Receiving Packets Apr 26 10:10:16 detectorB ser: [SystemEventCollector] detector=detectorB time=1209219015.747128 class=4 module=tracker sev=clear corrid=606339080 count=1 type=8 refobj=detectorB subobj=0 value=0.000 cond=Receivingpackets desc=Receivi
The show log gui command shows all clients connecting to the GUI (that is, user name). For example, when clients shut down, and duplicate client connections. The following is sample output from the CLI screen.
central> show log gui <15>Jun 29 11:38:20 INFO: [GUIBootstrap] Connection UP to GUI(port):cory(4702) <15>Jun 29 08:51:58 INFO: [GUIBootstrap] Connection DOWN to GUI(port):omwal(4248) 37-6 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
<13>Jun 29 08:51:58 WARNING: [GUIHandlerThread$WriteToClient] IO Error writing to gui client... terminating with error: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset <13>Jun 29 08:51:58 WARNING: [GUIHandlerThread$ReadFromClient] IOException: Connection reset GUI User: omwal Execution Time: Tue Jun 29 14:51:39 CEST 2010 Operation: Start Time: End Time: Hop Start: Network Forensic Hop Report Tue Jun 29 02:51:24 CEST 2010 Tue Jun 29 14:51:24 CEST 2010 RNC_520 RNC
4024003C1773 BS Consise
Query Duration : 13016 ms <15>Jun 29 08:51:41 INFO: [GUIHandlerThread$ReadFromClient] Received following operation from gui client: GUI User: omwal Execution Time: Tue Jun 29 14:50:10 CEST 2010 Operation: Start Time: End Time: Hop Start: Network Forensic Hop Report Tue Jun 29 02:50:03 CEST 2010 Tue Jun 29 14:50:03 CEST 2010 RNC_AB RNC
31041057e59eae BS Consise
The show log ipmi CLI command displays BMC logging information for the 9900 WNG Central. The following is sample output from the CLI screen.
central:sudo# show log ipmi
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-7
ipmiutil ver 2.54 showsel: version 2.54 -- BMC version 0.64, IPMI version 2.0 SEL Ver 51 Support 0f, Size = 3938 records (Used=629, Free=3309) RecId Date/Time_______ Source_ Evt_Type SensNum Evt_detail - Trig [Evt_data] 0004 12/24/09 18:33:01 BMC ff] 0018 12/24/09 18:38:34 BMC 0f ff] 10 SEL Disabled #09 Log Cleared 6f [42 0f 14 Button #84 Power Button pressed 6f [40
002c 12/24/09 18:38:36 BIOS 12 System Event #83 Boot: ClockSync_1 6f [05 00 ff] 0040 12/24/09 18:38:36 BIOS 12 System Event #83 Boot: ClockSync_2 6f [05 80 ff] 0054 12/24/09 18:38:36 BMC ff] 0068 02/01/10 21:16:03 BMC 007c 02/01/10 21:16:03 BMC 0090 12/24/09 19:39:02 BMC 09 Power Unit #01 Power Off 6f [40 0f
07 Processor #90 Present 6f [47 0f ff] 07 Processor #91 Present 6f [47 0f ff] 09 Power Unit #01 AC Lost 6f [44 0f ff]
00a4 02/01/10 21:16:04 BMC 09 Power Unit #01 AC Regained ef [44 0f ff] 00b8 02/01/10 21:16:06 BMC 00cc 02/01/10 21:16:10 BMC 0f ff] 08 Power Supply #70 Inserted 6f [40 0f ff] 14 Button #84 Power Button pressed 6f [40
The show log compression CLI command displays information about the hourly and daily summaries. The following is sample output from the CLI screen.
<15>Jun 25 04:56:29 INFO: [DataSummaryGenerator] Now obtaining hourly summary for hour=2010-06-25 00:00 <15>Jun 25 04:52:10 INFO: [DataSummaryGenerator] Now obtaining hourly summary for hour=2010-06-24 23:00 <15>Jun 25 02:34:30 INFO: [DataSummaryGenerator] Running daily summary for: 20100624 with start,endtimes = 1277352000,1277438400
The show log motive command shows information about the Motive API. The following is sample output from the CLI screen.
sudo# show log motive
37-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
maximum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 minimum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 average durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 com.alcatel_lucent.aware.motive.MotiveServer instance(2) complete. Statistics: Server Start: Wed Jun 23 10:03:46 EDT 2010, Server End Time: Wed Jun 23 10:38:13 EDT 2010 # of transactions applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriber Issues=0 deviceInfo=0 maximum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 minimum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 average durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 com.alcatel_lucent.aware.motive.MotiveServer instance(1) complete. Statistics: Server Start: Wed Jun 23 10:03:46 EDT 2010, Server End Time: Wed Jun 23 10:16:18 EDT 2010 # of transactions applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriber Issues=0 deviceInfo=0 maximum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0 minimum durations applicationInfo=0 dataUsage=0 networkCongestion=0 subscriberInfo=0 subscriberIssues=0 deviceInfo=0
The show log syslog command shows all important messages. For example, disk errors. The following is sample output from the CLI screen:
central> show log syslog Feb 4 04:32:46 central123.company.com syslogd 1.4.1: restart (remote reception). Feb 4 04:32:45 central123.company.com syslogd 1.4.1: restart (remote reception). Feb 4 00:01:02 central123.company.com logger: root 26059 2055 0 Feb03 pts/1 Ss 0:00 -bash Feb 3 18:54:04 central123.company.com init: Re-reading inittab central>
The show log systemEvents command shows all system events that have occurred in the system. The following is sample output from the CLI screen.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA 37-9
central> show log systemEvents <15>Jun 29 06:49:56 INFO: [SystemEventHandlerThread$EventMessageHandlerThread] WROTE TO DB: detector=1 time=1.277808596644E9 class=4 module=sysmon sev=crit corrid=16859658 count=1 type=Line rate threshold status=active endtime=0.0 value=955.729 referencedObject=aware-detector99 referencedSubObject=Capture Port A condition=A>950Mbits/sec description=PortAcaptureratetoohigh <15>Jun 29 06:49:56 INFO: [SystemEventBootstrap$SnmpThread] WROTE TO SNMP: detector=1 time=1277808596.644 class=4 module=sysmon sev=crit corrid=16859658 count=1 type=10 refobj=aware-detector99 subobj=66 value=955.729 cond=A>950Mbits/sec desc=PortAcaptureratetoohigh <15>Jun 29 06:49:56 INFO: [SystemEventHandlerThread] RECEIVED: detector=1 time=1277808596.644 class=4 module=sysmon sev=crit corrid=16859658 count=1 type=10 refobj=aware-detector99 subobj=66 value=955.729 cond=A>950Mbits/sec desc=PortAcaptureratetoohigh
The show log webAccess command shows all system events that have occurred in the system. The following is sample output from the CLI screen.
Jun 29 11:36:31 Jun 29 11:36:20 Jun 29 10:30:45 [info] user cory launched the GUI client [info] user cory from 138.120.141.128 logged in [info] demotaylor: file: alu9900mibs.zip
Jun 29 09:27:09 [info] user demotaylor from 138.120.134.113 logged in Jun 29 09:17:50 Jun 29 09:01:31 Jun 29 08:37:14 Jun 29 08:37:08 Jun 29 08:04:05 Jun 29 08:04:05 Jun 29 08:04:05 Jun 29 08:04:05 Jun 29 08:04:05 [info] user hbouvier from 135.120.193.183 logged in [info] user hbouvier from 135.120.193.183 logged in [info] user omwal launched the GUI client [info] user omwal from 172.31.149.32 logged in [info] user vantan from 135.244.112.98 logged in [info] user vantan session timed out or expired [info] user democenter session timed out or expired [info] user fryandi session timed out or expired [info] user scm session timed out or expired
37.3
Subscriber Report
The following is an example of the Subscriber Report log file:
<15>Mar 21 14:51:54 INFO: [GUIHandlerThread$ReadFromClient] Received following operation from gui client: GUI User: jsmith Execution Time: Sun Mar 21 14:51:53 EDT 2010 Operation: Start Time: End Time: Mobile ID: Subscriber Report Sun Mar 21 10:51:00 EDT 2010 Sun Mar 21 14:51:00 EDT 2010 1234567891@mip.1x.bell.ca Individual
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-11
GUI User: jsmith Execution Time: Sun Mar 21 14:58:58 EDT 2010 Operation: Start Time: End Time: Hop Start: Network Forensic Hop Report Sun Mar 21 14:28:00 EDT 2010 Sun Mar 21 14:58:00 EDT 2010 rnc043 RNC
402400000B83 BS Non-concise
Flow Indicator:
37.4
37-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37 Monitoring the 9900 WNG Central and Detector Table 37-3 Performance measurement CLI commands
CLI command show stats show memory show system show backhaul show compressionStatus show top Executed on 9900 WNG Central and Detector 9900 WNG Central and Detector 9900 WNG Central and Detector 9900 WNG Central 9900 WNG Central 9900 WNG Central
show stats
The show stats CLI command when performed at the 9900 WNG Central prompt, provides information about the state of the internal memory buffers and other statistics collected by 9900 WNG Central for each 9900 WNG Detector connected to it. For example, the show stats CLI command displays the number of mobile flows, anomalies, and the breakdown of the types of anomalies from the latest update from the Detector. When the show stats CLI command is performed at the 9900 WNG Detector prompt, it provides similar statistics of the events generated by each 9900 WNG Detector including whether any events are dropped at the 9900 WNG Detector and the timestamp of the last packet seen at the 9900 WNG Detector. The following output is displayed when you enter the show stats command on the 9900 WNG Central.
Number of Connected EMS Clients: 7 (user1:138.120.134.125,user2:137.244.35.254,user3:134.183.211.144,us er4:135.144.119.249,user5:136.222.252.126,user6:138.222.155.111,user 7:139.244.145.151) Number of Connected Detectors: 2 aware-detectorA (192.168.1.3) Anomaly Channel UP since Jun 14 13:43:47 2010 EDT Awareness Channel UP since Jun 14 13:43:49 2010 EDT aware-intel3 (135.112.180.91) Anomaly Channel UP since Jun 14 13:43:49 2010 EDT Awareness Channel UP since Jun 14 13:43:49 2010 EDT Queue Usage at Central: Anomaly Queue: Periodic Status Queue: Mobile Flow Queue: 0 90 9736
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-13
Subscriber Queue: Syslog queue: Active Topology View GGSN/HA count: SGSN/FA count: RNC count: Base Station count: Active Hop count: Events not written to DB Anomaly: Periodic Status: Mobile Flow: Billing Discrepancy Session: Subscriber Session: Detector:aware-detectorA Link_Status: 13:43:47 2010 EDT Total Events Received: Anomaly Events: Periodic Status Events: Subscriber/Connection Events: Mobile Flow Events: 196 5593 9079 16262 22673
1412 0
0 0 0 0 0
2010 EDT
Anomaly Events Last Reported by Detector at Jun 14 15:35:02 Signaling Attacks: RNC Overloads: Battery Attacks: Vertical Portscans: Horizontal Portscans: Always Active Subscribers: High Usage Subscribers: 14 0 8 0 24 0 56
37-14
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Subscribers using p2p: Sources of Unwanted traffic: High signaling subscribers: Distributed Battery Attacks: Mobile Flood(Single Source): Distributed Mobile Floods: Router Discovery Anomalies: Number of Active Mobiles: Detector:aware-intel3 Link_Status: 13:43:49 2010 EDT Total Events Received: Anomaly Events: Periodic Status Events: Subscriber/Connection Events: Mobile Flow Events: 2010 EDT
62 9 659 0 0 0 0 767660
Anomaly Events Last Reported by Detector at Jun 14 15:38:29 Signaling Attacks: RNC Overloads: Battery Attacks: Vertical Portscans: Horizontal Portscans: Always Active Subscribers: High Usage Subscribers: Subscribers using p2p: Sources of Unwanted traffic: High signaling subscribers: Distributed Battery Attacks: Mobile Flood(Single Source): Distributed Mobile Floods: Router Discovery Anomalies: 14 0 22 0 23 0 62 76 9 334 14 0 0 0
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-15
856139
show memory
The show memory CLI command provides a detailed snapshot of memory usage on the 9900 WNG Central or Detector.
Note See the RHEL 5.0 or later manual pages for information about memory statistics.
The following output is displayed when you enter the show memory command on the 9900 WNG.
MemTotal: MemFree: Buffers: Cached: SwapCached: Active: Inactive: HighTotal: HighFree: LowTotal: LowFree: SwapTotal: SwapFree: Dirty: Writeback: AnonPages: Mapped: Slab: PageTables: NFS_Unstable: Bounce: CommitLimit: 32959952 kB 1576692 kB 155320 kB 20200104 kB 0 kB 25577028 kB 5294484 kB 0 kB 0 kB 32959952 kB 1576692 kB 16777208 kB 16777076 kB 1268 kB 0 kB 10516320 kB 29220 kB 435620 kB 39280 kB 0 kB 0 kB 33257184 kB
Committed_AS: 11707416 kB 37-16 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
show system
The show system CLI command provides performance measurements for the CPU, disk usage, and memory consumption. The following output is displayed when you enter the show system command on the 9900 WNG Central.
Uptime: 09:05:46 up 30 days, 7 min, 4 users, load average: 0.18, 0.14, 0.10 CPU Usage: Cpu(s): 3.0%us, 0.2%sy, 0.0%ni, 96.6%id, 0.1%wa, 0.0%hi, 0.0%si, Memory Usage: MemTotal: MemFree: Active: Inactive: Disk Usage: Filesystem Size Used Avail Use% Mounted on 32959952 kB 1531956 kB 25605692 kB 5309488 kB 0.0%st
/dev/mapper/VolGroup00-LogVol00 593G /dev/sdb1 2.0T 2.7G 1.5T 560G 465G 1% / 76% /awaredb
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-17
show backhaul
The show backhaul CLI command displays the current and peak management backhaul communication rates between 9900 WNG Detector and Central, which can be used to size the backhaul communication from the 9900 WNG Detector to the 9900 WNG Central. The following output is displayed when you enter the show backhaul command on the 9900 WNG Central.
eth0: Receive: 14.9 Mbits/sec 1710.9 packets/sec ( 98.4 Mbits/sec peak - 14:41 04/15/10) eth0: Transmit: 0.5 Mbits/sec 1052.9 packets/sec ( 40.1 Mbits/sec peak - 11:38 06/07/10) eth1: Receive: 13.5 Mbits/sec 1363.4 packets/sec ( 26.9 Mbits/sec peak - 13:41 06/14/10) eth1: Transmit: 0.2 Mbits/sec peak - 20:48 06/13/10) 470.4 packets/sec ( 1.1 Mbits/sec
show compressionStatus
The show compressionStatus command displays compression related information.
central:sudo# show compressionStatus Hourly summary available until 2010-06-24 03:00:00 Number of uncompressed tables 3 Latest dailySummary available for 2010-06-22 00:00:00
show top
The show top command displays information about UNIX utilities:
central:sudo# show top top - 10:33:03 up 35 days, 20:07, 15 users, 1.57 Tasks: 226 total, Cpu(s): 14.1%us, 0.3%si, 0.0%st load average: 1.20, 1.56, 0 stopped, 2.7%wa, 0 zombie
0.1%hi, 136728k
Mem: 63924972k total, 61092684k used, buffers Swap: 16777208k total, cached
2832288k free,
PID USER
PR
NI
VIRT
RES
TIME+
COMMAND
37-18
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
17587 root myisamchk 9024 root 1 root 2 root migration/0 3 root ksoftirqd/0 4 root 5 root migration/1 6 root ksoftirqd/1 7 root 8 root migration/2 9 root ksoftirqd/2 10 root 11 root migration/3 12 root ksoftirqd/3 13 root 14 root migration/4 15 root ksoftirqd/4 16 root 17 root migration/5 18 root ksoftirqd/5 19 root
25 17 15 RT 34 RT RT 34 RT RT 34 RT RT 34 RT RT 34 RT RT 34 RT
155m 130m
888 R 100.8
0 10.4g 134m 9072 S 13.8 0 10348 -5 19 -5 -5 19 -5 -5 19 -5 -5 19 -5 -5 19 -5 -5 19 -5 0 0 0 0 0 0 0 0 0 0 0 0 S 0 0 0 0 0 0 0 S 0 0 0 0 0 0 0 S 0 0 0 0 0 0 0 S 0 0 0 0 0 0 S 712 0 0 0 S 596 S 0 S 0 S 0.0 0 S 0 S 0.0 0 S 0 S 0.0 0 S 0 S 0.0 0 S 0 S 0.0 0 S 0 S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0:00.00 watchdog/5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-19
20 root migration/6 21 root ksoftirqd/6 22 root 23 root migration/7 24 root ksoftirqd/7 25 root 26 root 27 root 28 root 29 root 30 root 31 root 32 root 33 root 34 root 543 root 554 root 555 root 556 root 557 root 558 root
RT 34 RT RT 34 RT 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10
-5 19 -5 -5 19 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 S 0 0 0 S
0 S 0 S 0.0 0 S 0 S 0.0
0.0 0.0
0:00.28 0:05.45
0:00.00 watchdog/7 0:00.07 events/0 0:00.01 events/1 0:00.02 events/2 0:00.00 events/3 0:00.00 events/4 0:00.69 events/5 0:00.02 events/6 0:00.18 events/7 0:00.18 khelper 0:00.61 kthread 0:00.10 kblockd/0 0:00.32 kblockd/1 0:02.19 kblockd/2 0:00.11 kblockd/3 0:00.03 kblockd/4
0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0 0 0 0 0 0 0 0 0 0 0 0
0 0
37-20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
559 root 560 root 561 root 562 root 708 root 709 root 710 root 711 root 712 root 713 root 714 root 715 root 718 root 720 root 837 root 840 root 841 root 842 root 843 root 844 root 845 root
10 10 10 20 19 10 10 10 10 10 10 10 11 10 15 10 16 17 17 19 20
-5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 0 -5 -5 -5 -5 -5 -5
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 S 0 S 0 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0:00.44 kblockd/5 0:02.02 kblockd/6 0:00.06 kblockd/7 0:00.00 kacpid 0:00.00 cqueue/0 0:00.00 cqueue/1 0:00.00 cqueue/2 0:00.00 cqueue/3 0:00.00 cqueue/4 0:00.00 cqueue/5 0:00.00 cqueue/6 0:00.00 cqueue/7 0:00.00 khubd 0:00.00 kseriod 0:00.00 khungtaskd 9:33.62 kswapd0 0:00.00 aio/0 0:00.00 aio/1 0:00.00 aio/2 0:00.00 aio/3 0:00.00 aio/4
0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0.0
0 S 0 S 0 S 0 S 0 S 0 S
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-21
846 root 847 root 848 root 1011 root 1090 root 1136 root 1137 root 1138 root 1148 root 1149 root 1150 root 1151 root 1152 root 1153 root 1154 root 1155 root 1156 root 1175 root 1176 root usb-storage 1178 root 1179 root usb-storage
10 10 20 11 12 10 12 11 13 14 15 16 17 17 19 19 18 19 10 10 10
-5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0
0 S 0 S 0 S 0 S 0 S 0 S
0:00.00 aio/5 0:00.00 aio/6 0:00.00 aio/7 0:00.00 kpsmoused 0:00.00 scsi_eh_0 0:00.00 mpt_poll_0 0:00.00 mpt/0 0:00.00 scsi_eh_1 0:00.00 ata/0 0:00.00 ata/1 0:00.00 ata/2 0:00.00 ata/3 0:00.00 ata/4 0:00.00 ata/5 0:00.00 ata/6 0:00.00 ata/7 0:00.00 ata_aux 0:00.00 scsi_eh_2 3:08.16
0.0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0 S 0 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0 0 0 0 0 0 0 0 0
0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S
0 S 0 S
0.0
0.0
0.0
0.0
0 S
0.0
0.0
37-22
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
1181 root 1182 root usb-storage 1184 root 1185 root usb-storage 1196 root 1233 root 1272 root 1299 root 1332 root 2054 root 2055 root awarecli.sh 2061 root 2126 root 2558 root 2562 root 2962 root 2963 root 2964 root 2965 root 2966 root 2967 root
12 10 14 10 11 12 10 11 12 17 23 18 10 15 15 11 11 11 11 11 11
-5 -5 -5 -5 -5 -5 -5 -5
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 780
0 S
0.0
0.0
0 S 0 S
0.0
0.0
0.0
0.0
0:00.00 scsi_eh_5 3:07.71 0:00.00 kstriped 0:00.00 ksnapd 0:13.09 kjournald 0:00.00 kauditd 0:00.14 udevd 0:00.00 su 0:00.00 0:00.02 clish 0:00.00 kedac 0:03.71 sshd 0:00.34 bash 0:00.00 kmpathd/0 0:00.00 kmpathd/1 0:00.00 kmpathd/2 0:00.00 kmpathd/3 0:00.00 kmpathd/4 0:00.00 kmpathd/5
0 S 0 S 0 S 0 S 0 S 456 S
0.0
0.0
0.0 0.0
0.0 0.0
-4 12764 0 0
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-23
11 11
-5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5 -5
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 S 0 S
0.0 0.0
0.0 0.0
2970 root 11 kmpath_handlerd 2997 root 3003 root 3037 root jbd2/sda3-8 10 10 10
0 S 0 S 0 S
0.0
0.0
0.0 0.0
0.0 0.0
3:19.47 kjournald 1:44.19 kjournald 1:07.01 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00
0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S 0 S
3038 root 11 ext4-dio-unwrit 3039 root 11 ext4-dio-unwrit 3040 root 11 ext4-dio-unwrit 3041 root 11 ext4-dio-unwrit 3042 root 11 ext4-dio-unwrit 3043 root 11 ext4-dio-unwrit 3044 root 11 ext4-dio-unwrit 3045 root 11 ext4-dio-unwrit 3049 root 3201 root 3475 root kondemand/0 3476 root kondemand/1 3477 root kondemand/2 3478 root kondemand/3 3479 root kondemand/4 10 15 10 14 15 16 16
0.0
0.0 0.0
0 62624 1216 -5 -5 -5 -5 -5 0 0 0 0 0 0 0 0 0 0
656 S 0 S 0 S 0 S 0 S 0 S
37-24
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
3480 root kondemand/5 3481 root kondemand/6 3482 root kondemand/7 3898 root irqbalance 3912 dbus dbus-daemon 3948 ntp 4532 root 4556 haldaemo 4557 root hald-runner
17 16 17 18 15 15 15 15 15
-5 -5 -5
0 0 0
0 0 0 372 892
0 S 0 S 0 S 244 S 676 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0:00.00 0:00.00 0:00.00 0:11.94 0:00.00 0:00.36 ntpd 0:00.33 crond 0:00.81 hald 0:00.00 0:00.00 0:00.00 3:12.11 3:11.71 3:16.19 3:11.18 8:20.68 0:00.00 smartd 0:00.00 mingetty 0:00.00 mingetty 0:00.00 mingetty 0:00.00 mingetty
0 10760 0 21256
0 31260 4292 1564 S 0 21692 1076 0 12324 0 12324 0 10228 0 10228 0 10228 0 10228 0 10228 0 18416 0 0 0 0 3792 3792 3792 3792 844 844 684 680 680 684 680 472 484 484 484 484 868 S 724 S 732 S 584 S 584 S 584 S 584 S 584 S 268 S 412 S 412 S 412 S 412 S
4564 haldaemo 25 hald-addon-acpi 4567 haldaemo 25 hald-addon-keyb 4580 root 18 hald-addon-stor 4582 root 18 hald-addon-stor 4584 root 18 hald-addon-stor 4586 root 18 hald-addon-stor 4588 root 18 hald-addon-stor 4612 root 4643 root 4644 root 4645 root 4646 root 18 18 18 18 20
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-25
4648 root 4650 root 4651 root 7023 root 7027 root 7557 root 7561 root 7833 root 7834 root awarecli.sh 7840 root 7976 root 8187 root 8228 root 8232 root 8345 root 8481 root
21 18 17 15 16 15 15 17 21 18 15 16 15 15 16 15
0 0 0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.4 0.0
0:00.00 mingetty 0:00.00 mingetty 0:00.00 agetty 0:22.07 sshd 0:00.01 bash 0:00.31 sshd 0:00.01 bash 0:00.00 su 0:00.00 0:00.02 clish 0:00.07 mysql 9:56.87 top 0:00.07 sshd 0:00.00 bash 0:00.00 bash 0:00.00 mysql 0:00.00 0:00.00 16:17.24 sysmon 0:00.00 logger 0:42.93 snmpagent
0 98908 3804 2956 S 0 66056 1568 1152 S 0 98908 3824 2952 S 0 66156 1592 1168 S 0 0 109m 1808 1388 S 8700 992 844 S
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0 98908 3820 2956 S 0 66056 1568 1148 S 0 66164 1588 1168 S 0 77308 1932 1208 S 0 0 0 0 0 9700 1224 996 S
8488 root 18 run_snmpagent.s 8501 root 21 run_systemEvent 8505 root 8510 root 8511 root 18 17 15
0.0
0.4
37-26
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
8523 root 8524 root 8608 root 8612 root 8862 root run_central.sh 9023 root 9076 root 9121 root 9125 root 9860 root 9861 root usb-storage
16 16 15 15 20 16 15 15 15 11 10
0 0
3784
424
360 S
0:00.00 logger 0:08.47 java 0:00.03 sshd 0:00.00 bash 0:00.00 0:00.00 logger 0:00.10 mysql 0:01.50 sshd 0:00.06 bash 0:00.00 scsi_eh_6 0:01.63 0:00.83 0:00.00 mysql 4:39.30 java 0:00.00 0:03.00 pdflush 7809:37 mysqld 0:00.82 pdflush 0:00.02 sshd 0:00.00 0:00.04 clish
0 98908 3800 2952 S 0 66156 1572 1156 S 0 0 9700 1228 1000 S 3784 424 360 S
0 77460 2020 1268 S 0 98912 3836 2964 S 0 66192 1612 1160 S -5 -5 0 0 0 0 680 0 S
0.0
0.0
0 S 584 S
9920 root 18 hald-addon-stor 10241 root 11812 tomcat 16630 root mysqld_safe 16672 root 16751 mysql 17302 root 17352 root 17356 root awarecli.sh 17362 root 15 25 25 15 15 15 15 18 18
0 10228
0 25.1g 0 0
23g 4.8g S 0 0 S
0.0 37.9 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-27
17540 apache 17541 apache 17561 root 17588 root 17590 root 17591 root command.sh 17592 root paginate.sh 17595 root 17597 root 18903 root 18908 root 19601 root 19605 root 19622 root
15 15 15 18 15 19 20 15 21 16 15 15 16 16
0 0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0:00.00 httpd 0:00.00 httpd 0:00.00 mysql 0:00.00 logger 0:00.00 sh 0:00.00 0:00.00 0:00.00 top 0:00.00 cat 0:08.73 sshd 0:00.01 bash 0:00.02 sshd 0:00.00 bash 0:00.00 mysql 0:00.03 0:00.02 0:00.70 syslogd 0:00.00 klogd 0:00.14 httpd 0:00.00 0:00.00 logger
0 77432 1940 1212 S 0 0 0 0 3784 8700 8700 428 944 972 364 S 800 S 828 S 976 S 708 R 324 S
9700 1208
0 99688 3848 2976 S 0 66060 1572 1148 S 0 99820 3820 2952 S 0 66052 1536 1132 S 0 77448 1992 1264 S 0 11060 1432 0 0 0 0 0 0 9924 1472 5908 3804 672 432 968 S 980 S 528 S 344 S
24390 root 18 dailySummary.sh 24568 root syncConfigs.sh 26483 root 26486 root 26777 root 15 16 20 18
37-28
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
27545 root 28010 root 28014 root 29647 root 29651 root 30393 root 30591 root 30592 root awarecli.sh 30598 root 30657 root 30661 root 30863 root 30867 root 31105 root 31119 root awarecli.sh 31126 root
18 15 15 15 15 15 17 22 18 15 15 15 16 15 20 18
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0.4 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
0:58.31 java 0:00.49 sshd 0:00.05 bash 0:00.08 sshd 0:00.03 bash 0:00.01 mysql 0:00.00 su 0:00.00 0:00.05 clish 0:00.20 sshd 0:00.01 bash 0:00.06 sshd 0:00.06 bash 0:00.17 sshd 0:00.00 0:00.05 clish
0 99688 3812 2952 S 0 66160 1604 1180 S 0 98912 3828 2972 S 0 66176 1612 1176 S 0 77440 2008 1280 S 0 0 109m 1816 1388 S 8700 992 844 S
0 36292 3424 1324 S 0 99820 3816 2952 S 0 66188 1568 1160 S 0 99688 3828 2972 S 0 66176 1616 1188 S 0 98928 4376 3460 S 0 8700 992 844 S
37.5
Monitoring a remote 9900 WNG Central and Detector using the BMC
The BMC can be used to monitor the 9900 WNG Central and Detector remotely. The BMC can monitor the status of the fan, system temperature, and the power being supplied to the device. Perform Procedure 37-2 to monitor a 9900 WNG Detector or Central remotely using the BMC.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-29
Procedure 37-2 To monitor a 9900 WNG Detector or Central remotely using the BMC
1 Ensure that the following tasks are complete:
The BMC interface has been configured as described in Procedure 7-2. The IPMI management utility has been installed on the machine (Linux or Windows) from which you access the BMC.
Type:
showsel -N nodename -U admin -R password -l count
where nodename is the nodename or IP address of the BMC LAN interface password is the remote password for the specified nodename count is the number of recent events you want to view
In the following example, the showsel command displays the ten most recent events for the remote device with IP address 1.1.1.2 and remote password admin.
showsel -N 1.1.1.2 -U admin -R admin -l 10 0658 09/12/08 11:25:39 BMC 2 6f [a1 02 11] 0644 09/12/08 11:25:39 BMC 6f [a0 02 01] 0630 09/12/08 11:25:18 BMC 6f [a0 02 01] 061c 09/11/08 13:15:02 BMC 2 6f [a1 02 11] 0608 09/11/08 13:14:55 BMC 6f [a0 02 01] 05f4 08/31/08 15:07:56 BMC 0f ff] 05e0 08/31/08 15:07:56 BMC [41 0f ff] 05cc 08/31/08 15:07:56 BMC ff] 05b8 08/25/08 13:01:11 BMC 2 6f [a1 02 11] 05a4 08/25/08 12:19:46 BMC 2 6f [a1 02 11 2a Session Audit #0a Deactivated User 2a Session Audit #0a Activated User 2 2a Session Audit #0a Activated User 2 2a Session Audit #0a Deactivated User 2a Session Audit #0a Activated User 2 09 Power Unit #02 Not Redundant 0b [43 09 Power Unit #02 Redundancy Lost 0b 08 Power Supply #70 AC Lost 6f [43 0f 2a Session Audit #0a Deactivated User 2a Session Audit #0a Deactivated User
37-30
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Procedure 37-3 To display the health status of the 9900 WNG Detector or Central
1 Log in to one of the following: a b 2 9900 WNG Central, as described in Procedure 14-1 or 14-2. 9900 WNG Detector, as described in Procedure 14-3.
In the following example, the bmchealth command is used to display the health status of the remote device with IP address 1.1.1.2 and remote password admin.
bmchealth -N 1.1.1.2 -U admin -R admin
bmchealth ver 1.9 Opening connection to node 1.1.1.2 ... BMC version 0.62, IPMI version 2.0 BMC manufacturer = 000157 (Intel), product = 0028 (S5000PAL) Power State Selftest status = 00 (S0: working)
= 0055 (OK)
Channel 1 Auth Types: MD5 Straight_Passwd Status = 04, OEM ID 000000 OEM Aux 00 bmchealth: completed successfully
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-31
Procedure 37-4 To display the sensor status of the 9900 WNG Central or Detector
1 Log in to one of the following: a b 2 9900 WNG Central, as described in Procedure 14-1 or 14-2. 9900 WNG Detector, , as described in Procedure 14-3.
View the sensor status of the 9900 WNG Central or Detector by typing:
sensor -N nodename -U admin -R password
where nodename is the nodename or IP address of the BMC LAN interface password is the remote password for the specified nodename
In the following example, the sensor command is used to display the sensor status of the remote device with IP address 1.1.1.2 and remote password admin.
sensor -N 1.1.1.2 -U admin -R admin
sensor: version 1.53 Opening connection to node 135.112.180.71 ... -- BMC version 0.62, IPMI version 2.0 _ID_ SDR_Type_xx Sz Own Typ S_Num Sens_Description Reading 0001 SDR Full 01 37 20 a 02 snum 10 BB +1.1V Vtt Volts 0002 SDR Full 01 37 20 a 02 snum 12 BB +1.5V AUX Volts 0003 SDR Full 01 33 20 a 02 snum 13 BB +1.5V Volts 0004 SDR Full 01 33 20 a 02 snum 14 BB +1.8V Volts 0005 SDR Full 01 33 20 a 02 snum 15 BB +3.3V Volts 0006 SDR Full 01 37 20 a 02 snum 16 BB +3.3V STB Volts 0007 SDR Full 01 37 20 a 02 snum 17 BB +1.5V ESB Volts 0008 SDR Full 01 31 20 a 02 snum 18 BB +5V Volts 0009 SDR Full 01 36 20 a 02 snum 1a BB +12V AUX OK 11.84 Volts 000a SDR Full 01 33 20 a 02 snum 1b BB +0.9V Volts Hex & Interp = ae OK = bd OK = 72 OK = af OK = c4 OK = c5 OK = c0 OK = c1 OK = bf = be OK 0.91 1.10 1.47 1.48 1.79 3.37 3.39 1.50 5.02
37-32
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
= 21
000c SDR Full 01 3b 20 a 01 snum 32 Front Panel Temp = 1e OK 30.00 degrees C 000d SDR Full 01 3b 20 a 01 snum 48 Mem Therm Margin = 00 OK degrees C 000e SDR Full 01 30 20 m 04 snum 50 Fan 1 OK 4896.00 RPM 000f SDR Full 01 30 20 m 04 snum 51 Fan 2 OK 4828.00 RPM 0010 SDR Full 01 31 20 m 04 snum 52 Fan 3A OK 9315.00 RPM 0011 SDR Full 01 31 20 m 04 snum 53 Fan 4A OK 9246.00 RPM 0012 SDR Full 01 31 20 m 04 snum 58 Fan 3B OK 7599.00 RPM = 90 = 8e = 87 = 86 = 95 0.00
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
37-33
37-34
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38 System events
38-2 38-2
38.2 License Violation system event 38.3 Link Down system event 38-3
38.4 Process Down system event 38.5 Process Start system event 38.6 CPU Usage system event 38.7 Disk Usage system event
38-3 38-4
38.8 Memory Usage system event 38.9 No Packet system event 38.10 Packet Drop system event
38.11 Line rate threshold system event 38.12 Queue Usage system event 38-7
38.13 Hardware Failure system event 38.14 Swap Usage system event 38-8
38-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38-1
38 System events
38.1
CPU Utilization memory utilization disk utilizationtriggers database cleanup, if required swap space utilization external disk array processesProcess Down events for daemon processes are generated if a process is not running or stalled
License Violation system event Link Down system event Process Down system event Process Start system event CPU Usage system event Disk Usage system event Memory Usage system event
No Packet system event Packet Drop system event Line rate threshold system event Queue Usage system event Hardware Failure system event Swap Usage system event
38.2
The maximum number of sessions is exceeded The license has expired The license file is invalid (no license, license validity check failed, invalid hostid)
This event is reported on the 9900 WNG Central device.
38-2 Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38 System events
A license violation event can be cleared by obtaining a new license with the required capacity or obtaining license with an extended date See chapter 6 for more information about the license.
38.3
AnomalyChannel (reported by the 9900 WNG Central and Detector) AwarenessChannel (reported by the 9900 WNG Central and Detector) SystemEventChannel (reported by the 9900 WNG Central) SNMPChannel (reported by the 9900 WNG Central) SysMonToSECChannel (reported by the 9900 WNG Central and Detector) CentralToSECChannel (reported by the 9900 WNG Central)
When a Link Down event is generated for the anomaly or awareness channels,
both the 9900 WNG Detector and 9900 WNG Central report the event. You can use the log in 9900 WNG Central to investigate the cause of the event. For information about log files in 9900 WNG Central, see the chapter, Monitoring the 9900 WNG system. A Link Down event can be generated because of a physical link or router problem. If this is the suspected cause, investigate the physical link or the condition of the router. Ping the 9900 WNG Detector from the CLI to verify connectivity. A Link Down event can be generated because of a Process Down condition. For related information, see section 38.4. You can restart the process to clear the event. A Link Down event can indicate an issue with keys used for SSH communication. If this is the suspected cause, backup the detector configuration, delete the detector administratively, and then add it back.
38.4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38-3
38 System events
For a 9900 WNG Central, the SubobjectID can be one of the following:
CentralDthe central service/process on the 9900 WNG Central SNMPthe SNMP service/process on the 9900 WNG Central System Monitorthe system monitor service/process on the 9900 WNG Central MySQLthe MySQL service/process on the 9900 WNG Central Tomcat the Tomcat service/process on the 9900 WNG Central Compressionthe compression service/process on the 9900 WNG Central NTP daemonthe NTP daemon on the 9900 WNG Central
For a 9900 WNG Detector, the SubobjectID can be one of the following:
AwareDthe detector service/process on a 9900 WNG Detector System Monitorthe system monitor service/process on a 9900 WNG Detector System Event Reporterthe system event reporter service/process on a
9900 WNG Detector NTP daemonthe NTP daemon on the 9900 WNG Detector The event is cleared when the process restarts.
38.5
38.6
A Critical event is generated when CPU usage is greater than or equal to 90% of capacity. The event is automatically cleared when usage is less than or equal to 80%.
38.7
38-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Disk usage is verified every 3 min. The objectID field indicates the machine on which the condition was detected. The SubobjectID specifies the disk partition. For the 9900 WNG Central, the SubobjectID can be one of the following partitions:
root partition /tmp partition /var partition /awaredb partition (for the database) /awaredb-ext (external disk array) /awared partition /dev/shm partition
For a 9900 WNG Detector device, the SubobjectID can be one of the following partitions:
38.8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38-5
38.9
The packet capture cards are properly connected The tapping points are properly installed.
If the packet capture cards are properly connected and the tapping points are properly installed, contact your Alcatel-Lucent technical support representative.
38.10
38.11
38-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
950 Mbits/s for the 1G card 3900 Mbits/sec for the 10G card
900 Mbits/s for the 1G card 3750 Mbits/s for the 10G card
The event indicates that there is a high probability that packets are being dropped. When the transmitting rate for the 9900 WNG Detector is greater than or equal to 30 MBits/s or receiving rate for the 9900 WNG Central is greater than or equal to 40 Mbits/s When the transmitting rate for the 9900 WNG Detector and the receiving rate for the 9900 WNG Central is equal to or less than 15 Mbits/s
The objectId field reports whether the detected problem was for the 9900 WNG Central or Detector (central or detector). The subobjectId can be one of the following:
38.12
MIP Memory Pool Signaling Attack Pool Detector Traffic Update Pool RNC Overload Pool Battery Attack Pool Vertical Portscan Pool Horizontal Portscan Pool Always Active Subscriber Pool High Usage Subscriber Pool Unwanted Source Pool P2P Mobile RNC Load Status Pool PDSN Traffic Update Pool HA Traffic Update Pool Radius Session Update Pool
MIP Session Update Pool Connection Record Pool Mobile Flow Record Pool Anomaly Queue Awareness Queue SystemEvent Queue Syslog Queue Battery Attack Distributed Pool Flood Mobile Single Pool Flood Mobile Distributed Pool High Signaling Abuse Pool Router Discovery Abuse Pool All Session Update Pool UMTS Session Update Pool
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
38-7
38 System events
Queue usage events are cleared when the usage goes below factory configured thresholds. For the 9900 WNG Detector, it is cleared automatically when the pool usage is less than or equal to 60% of the capacity.
Use the show eventrate anomalyEvents CLI command for controlling the event
rate of anomaly events. Use the show eventrate awarenessEvents CLI command for controlling the event rate of awareness events. If the pools are in high usage, contact your Alcatel-Lucent technical support representative to determine if pool sizes can be increased, within memory constraints.
38.13
38.14
38-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Database administration
39-1
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39.2 Backing up 9900 WNG Central files 39.3 Restoring 9900 WNG Central files 39.4 Backing up 9900 WNG Detector files 39.5 Restoring 9900 WNG Detector files
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39-1
39.1
archive backups, which erase the original files that are being backed up after they
have been successfully stored in an archive system backups, which store system files but the original files are not erased Table 39-1 describes the categories of files that you can back up and the type of backup that is performed for each category.
Table 39-1 Backup file types
File type Description Backup type
All 9900 WNG Central files. The backup includes configuration, system, license, log, report, and security files. 9900 WNG Central configuration files and stored 9900 WNG Detector backup files 9900 WNG Central license files. See chapter 6 for more information about license files. 9900 WNG Central activity log files 9900 WNG Central raw data files that are used to create reports 9900 WNG Central security records, user data, and passwords 9900 WNG Central system database files
Security System
9900 WNG Detector files Detector All 9900 WNG Detector files. 9900 WNG Detector backup files are stored on the 9900 WNG Central. System
Note
(1)
You can perform an incremental backup of report data, which archives information from the reports database that has changed since the last backup was performed. See Procedure 39-1 for more information.
system failures accidental file removal malicious user activity hardware failures; see section 38.13 for information about Hardware Failure system events errors during installation of system upgrades or updates
39-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Alcatel-Lucent recommends that you perform full database backups as part of regular maintenance. To preserve your data, full backups should be performed before the following tasks:
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39-3
39.2
39-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39.3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39-5
39 Backup and restore Table 39-3 Restore command file type options
Option all
(1)
Files affected 9900 WNG Central configuration, system, license, log, report, and security files Configuration files System database files License files Log files Raw data files that are used to create reports Security files
config db
(1)
Note
(1)
When you restore files of this type, the 9900 WNG Central device restarts.
Repeat step 3 for each increment, from the oldest file to the newest. The report files are restored.
39-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39.4
39.5
The backed up files are restored on the specified 9900 WNG Detector.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
39-7
39-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
Numerics
1xRTT 2.5G 2G One times the number of 1.25 MHz channels for wireless radio transmission technology that is used in CDMA cellular networks. See GPRS. second generation Second generation of wireless telephone technology. 3G third generation Third generation of mobile standards and technology. 3GPP 3rd Generation Partnership Project The joint standardization partnership responsible for standardizing UMTS, HSPA, and LTE. 4G fourth generation Fourth generation of mobile standards and technology. 9900 WNG 9900 Wireless Network Guardian The 9900 WNG is a GUI-based system that is designed to manage data flows, and monitor network activities and demands for network resources. 9900 WNG Central 9900 Wireless Network Guardian Central The component of the 9900 WNG that is deployed in a network or security operations centre.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GL-1
Glossary
9900 Wireless Network Guardian Detector A NEBS-3 and ETSI certified product that is suitable for many applications in the Telecom Central Office and industrial environment.
A
A11 interface AAA The A11 interface is used to carry signaling information between the PDSN and the PCF. authentication, authorization, and accounting The functions of security-based protocols, such as RADIUS, to provide secure communications. AC alternating current AC refers to the 120 V electricity delivered by the local power utility to the 3-pin power outlet in a wall. The polarity of the current alternates between positive and negative, 60 times each second. See also DC. ano ANSI anomaly American National Standards Institute Nonprofit, nongovernmental body supported by over 1000 trade organizations, professional societies, and companies; ANSI was established for the creation of voluntary industry standards. ARIN American Registry for Internet Numbers ARIN manages the distribution of Internet number resources, such as IPv4 and IPv6 addresses. AWG American Wire Gauge U.S. standard set of conductor sizes for copper electrical wiring and telephone wiring, where gauge refers to the diameter of the wire. Telephone wire is usually 22, 24, or 26. The higher the gauge wire, the smaller the diameter and the thinner the wire.
B
BMC baseboard management controller A BMC is a specialized microcontroller that is on the motherboard of a computer, usually a server. The BMC manages the interface between the system management software and the platform hardware. BTS base transceiver station
GL-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
C
Cat5e category 5 cable enhanced Cat5e has 100 impedance and electrical characteristics that support transmissions up to 100 MHz. Cat5e was designed for high-speed GigE. CBN CDMA common bonding network code-division multiple access CDMA refers to 2G and 3G wireless communications. CDMA is a type of multiplexing that allows many signals to occupy a transmission channel. The transmission channel optimizes the available bandwidth. CDMA is used in UHF cellular telephone systems that have 800-MHz and 1.9-GHz bands. CLEI CLI Common Language Equipment Identification command line interface A workstation access method interface that uses CLI commands to communicate with any NE in the network CRU customer replaceable units CRUs are components that can be removed and replaced by service provider personnel without technical assistance or special training from Alcatel-Lucent. CSA Canadian Standards Organization The CSA is the nonprofit Canadian agency that certifies electrical and electronic products that conform to Canadian national safety standards.
D
DC direct current DC is an electric current that flows in one direction only. See also AC. DoS denial of service A type of attack on a network that involves flooding the network with dummy data packets to render the network incapable of transmitting legitimate traffic.
E
EIA Electronic Industries Association A group that specifies electrical transmission standards. For EIA-spaced equipment racks, 1 RU equals 1.75 in. (4.45 cm).
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA GL-3
Glossary
EMS
ESD ETSI
electrostatic discharge European Telecommunications Standards Institute Established to produce telecommunication standards integration in the European community for users, manufacturers, suppliers, and Post Telephone and Telegraph administration. See also ANSI.
EV-DO rev 0 provides access to mobile devices with forward link air interface speeds of up to 2.4 Mb/s. EV-DO rev A is a 3G CDMA technology that is an upgrade of EV-DO. Rev A has faster downlink speeds than EV-DO Rev 0, at 3.1 Mb/s, and faster uplink speeds of 1.8 Mb/s.
F
FCAPS FCAPS is the acronym for a broad categorization of network and service management activities that includes:
FIPS
fault management configuration management accounting/administration management performance management security management
federal information processing standards A set of standards issued by the U.S. National Institute of Standards and Technology.
FTP
File Transfer Protocol FTP is the Internet standard client-server protocol to transfer files from one computer to another computer. FTP generally runs over TCP or UDP.
G
GGSN Gateway GPRS Service Node GGSN provides network access to external hosts that need to communicate with mobile subscribers. GGSN is the gateway between the GPRS wireless data network and other external PDNs such as radio networks, IP networks, or private networks.
GL-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
GigE
Gigabit Ethernet An Ethernet interface with a peak data rate of 1000 Mb/s.
GPRS
General Packet Radio Service A mobile data service extension to the GSM system. Also called 2.5G.
GSM
GTP-C
GTP-U
SGN and MME over the S3 interface SGSN and SGW over the S4 interface SGW and PGW over the S5/S8 interface MMEs over the S10 interface
GTP-User plane This protocol tunnels user data between the Node B and the S-GW, as well as between the S-GW and the P-GW in the backbone network. GTP encapsulates all end-user IP packets.
H
HA HDD HSPA HTTPS home agent hard disk drive high-speed packet access HTTPS is HTTP over SSL, which uses a public and private key encryption system, including the use of a digital certificate for secure transfer of web messages.
I
I I2M IEC IEEE Internet Internet to mobile International Electrotechnical Commission Institute of Electrical and Electronics Engineers The IEEE is a worldwide engineering publishing and standards-making body. It is the organization responsible for defining many of the standards used in the computer, electrical, and electronics industries.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GL-5
Glossary
IPMI
intelligent platform management interface IPMI is a standard, which defines a set of common interfaces for a computer system that system administrators can use to monitor the health of the system and manage the system. IPMI operates independently of the operating system and therefore allows system administrators to remotely manage a system remotely. The system can be managed if there is no operating system or system management software, or if the monitored system is powered off, but connected to a power source.
IPv4
Internet protocol version 4 The version of IP in use since the 1970s. IPv4 addresses are 32 bits. IPv4 headers vary in length and are at least 20 bytes.
IPv6
Internet protocol version 6 The version of IP that succeeds IPv4. IPv6 addresses are 128 bits. IPv6 headers are 40 bytes.
J
JRE Java Runtime Environment
K
Keps nut KPI A Keps nut is a nut that has an attached, free-spinning washer. key performance indicator
L
LMT local management terminal An LMT has all of the required functions to locally operate an HMS-based NE. LOM lights-out management LOM is IPMI implemented by Apple. LTE Long Term Evolution LTE is a standard for wireless mobile broadband networks. LTE networks can offer higher data throughput to mobile terminals than other technologies. LTE is the accepted evolution path for GSM, WCDMA, and CDMA networks. LTE is developed and maintained by the 3GPP standards body.
M
M
GL-6
mobile
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
mobile to Internet mobile to mobile message digest 5 MD5 is a security algorithm that takes an input message of arbitrary length and produces as an output a 128-bit message digest of the input. MD5 is intended for digital signature applications, where a large file must be compressed securely before being encrypted.
MIB
management information base A formal description of a set of network objects that can be managed using SNMP.
N
NAI network access identifier An NAI is the subscriber identity in a 3GPP2 CDMA network. NE NE can be expanded two ways: 1 network element A physical device, such as a router, switch, or bridge, that participates in a network. 2 network An access level for the GUI role. NEBS Network Equipment Building Standards The requirement for equipment deployed in a central office environment. Covers spatial, hardware, craftsperson interface, thermal, fire resistance, handling and transportation, earthquake and vibration, airborne contaminants, grounding, acoustical noise, illumination, electromagnetic compatibility, and electrostatic discharge requirements. NEBS-3 Network Equipment Building Standards level 3 NEBS-3 is a Bellcore standard that has specifications for fire suppression, thermal margin testing, vibration resistance (earthquakes), airflow patterns, acoustic limits, failover and partial operational requirements (such as chassis fan failures), failure severity levels, RF emissions and tolerances, and testing/certification requirements.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GL-7
Glossary
NFPA
National Fire Protection Association A nonprofit organization that develops and publishes codes and standards to reduce the risk of fires.
NIC NMS
network interface card network management system An NMS is a system that manages at least part of a network. An NMS is generally a reasonably powerful and well-equipped computer such as an engineering workstation that communicates with agents to help keep track of network statistics and resources.
NOC
O
OID Object Identifier Each object in the MIB has an OID value. The management station uses the OID to request the object value from the SNMP agent. An OID is a sequence of integers that uniquely identifies a managed object. The OID defines a path to the object through an OID tree or registration tree. OS operating system
P
PCF PDSN PGW PTS Packet Control Function public data switched network packet data network gateway pseudo terminal
R
RADIUS remote authentication dial-in user service An AAA protocol for applications that allows remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows an organization to maintain user profiles in a central database that all remote servers can share. An organization can set up a policy that can be applied at a single administered network point. RNC radio network controller An RNC controls radio resource management in the radio access networks of UMTSs
GL-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
ROI RPM
return on investment Red Hat Linux Package Manager RPM is a core component of the Red Hat Enterprise Linux Operating System.
RSA
Rivest, Shamir, and Adleman algorithm An-FIPS approved algorithm to generate and verify digital signatures.
RTSP
real time streaming protocol RTSP is used to control streaming media servers by establishing and controlling media sessions between endpoints.
RTT
Round-Trip Time The time required for a packet to travel from a source computer to a remote computer or system and back.
S
SAI Service Area Interface An outdoor telecommunications cabinet in which twisted pair wires connect with feeder cables for routing to a central office or remote switch. SAS SCP Serial Attached SCSI secure copy protocol A method of securely transferring files between hosts, based on the SSH protocol. SCSI small computer system interface An SCSI is a set of standards, that specify the commands, protocols, and electrical an optical interfaces, to physically connect and transfer data between computers and peripheral devices. SEMS SFP SGSN SGW SNMP Sealed Expansion Module Shelf Small Form Factor Pluggable Serving GPRS Service Node serving gateway simple network management protocol A protocol used for the transport of network management information between a network manager and an NE. SNMP is the most commonly used standard for most interworking devices.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GL-9
Glossary
SSH
secure shell The SSH protocol is used to support secure remote login. SSH runs over TCP, authenticating and then encrypting a session. SSH is a secure alternative to Telnet but can also be used for FTP, SNMP, and remote execution of programs.
SSL
secure socket layer A protocol that provides endpoint authentication and communications privacy over the Internet using cryptography. The SSL is layered beneath application protocols such as HTTP, Telnet, and FTP, and is layered above TCP. The SSL can add security to any protocol that uses TCP.
subs sudo
subscriber superuser do The account in the CLI that has the highest level of privileges.
T
TCP transmission control protocol A transport layer protocol that is used to establish connections and send data between computers over the Internet. TCP runs on top of IP. Telnet TIA The Internet-standard TCP/IP for remote login service. Telnet allows a user at one site to interact with a remote system at another site. Telecommunications Industry Association
U
UDP User Datagram Protocol A minimal transport protocol above the IP network layer that does not guarantee datagram delivery. UDP is for applications that do not require the level of service that TCP provides or need to use communications services, such as multicast or broadcast delivery, which are not available in TCP. UHF UMTS ultra-high frequency Universal Mobile Telecommunications System UMTS is the technology for 3G mobile services. In addition to voice and video telephony services, UMTS supports data transfer rates up to 144 kb/s in a rural environment and 2 Mb/s in an indoor environment.
GL-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Glossary
UNI
user-network interface UNI is an interface point between ATM end users and a private ATM switch, or between a private ATM switch and the public carrier ATM network. UNI is defined by physical and protocol specifications per ATM Forum UNI documents. UNI is the standard adopted by the ATM Forum to define connections between users or end stations and a local ATM network switch.
USB
Universal Serial Bus A serial bus standard that provides an interface to other USB devices that can be connected.
USM
V
VACM view-based access control model SNMP v3 view-based access control model that defines the elements of the procedure for controlling access to management information. VLAN virtual local area network A VLAN is a logical group of NEs that may be on the same physical network segment. The NEs share the same IP network number. VLAN specifications are in IEEE 802.1Q. VRTN virtual real-time network
W
WCDMA Wideband Code Division Multiple Access WCDMA is an air interface standard for 3G mobile networks. whitelisted subnet WiMAX A subnet from which traffic is ignored by the 9900 WNG. Worldwide Interoperability for Microwave Access WiMAX is a protocol that provides fixed and fully mobile Internet access. WSDL WSP Web Services Description Language wireless service provider
Y
Yum Yum is a software package manager tool that is used to install, update, and remove packages and their dependencies on RPM-based systems.
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
GL-11
Glossary
GL-12
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Index
Numbers
9900 Wireless Network Guardian; See 9900 WNG 9900 WNG, 10-2 9900 WNG Central web page, 17-2 Central, 10-6 components, 1-2, 10-4 Detector, 10-6 external user interfaces, 10-7 features, 11-2 hardware, 1-5 in a CDMA network, 10-5 in a UMTS environment, 10-5 in a wireless network, 10-4 key benefits, 10-3 key functions, 10-2 license, 6-2 planning, 2-2 regulatory specifications, 3-6 safety hazards, 3-2 software, 1-6 software repositories, 9-3 software upgrades, 9-2 system architecture, 10-2 user accounts, 36-2 user interfaces, 13-2
9900 WNG Central adding entries to application map tables, 12-16 changing modes in CLI, 14-8 changing to 9900 WNG Detector, 14-9 changing to 9900 WNG Detector and modes, 14-10 configuring anomaly alerts, 19-11 configuring as the software repository, 9-4 configuring congestion alerts, 19-11 configuring for the first time, 7-5 configuring SNMPv1/v2c, 19-3 configuring SNMPv3, 19-5 configuring trend alerts, 19-11 dashboard, 16-6, 21-2 deleting SNMP communities, 19-10 deleting SNMP hosts, 19-11 deleting SNMP server IP addresses, 19-10 deleting SNMP views, 19-11 displaying health, 37-31 displaying sensor status, 37-31 enabling security event manager feed, 12-20 exceptions for the root partition, 38-5 external ports, 4-18 generating public keys, 12-21 hardware, 1-6 inputs and outputs, 33-5 installing, 4-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-1
loading saved login banners, 12-21 logging in to CLI from GUI, 14-7 logging in to CLI using SSH, 14-6 mandatory configuration procedures, 7-2 monitoring, 37-2 monitoring using BMC, 37-30 obtaining host identifier, 6-3 optional configuration procedures, 12-16 ordering CRUs, 8-2 planning, 2-2 powering down, 5-3 powering down using BMC, 5-5 powering up, 5-2 powering up using BMC, 5-5 replacing hard disk drive, 8-4 replacing power supply, 8-3 resetting using BMC, 5-5 SNMP, 19-2 software upgrades, 9-2 updating SNMP agent contact, 19-9 updating SNMP location information, 19-9 upgrading software using a USB, 9-8 upgrading software using the 9900 WNG Central repository, 9-6 upgrading software using the external software repository, 9-7 9900 WNG Central web page, 17-2 accessing, 17-2 changing your password, 36-6 9900 WNG Centralr inputs and outputs, 33-3 9900 WNG Detector adding, 12-14 backing up, 39-4 backing up files, 39-7 changing modes in CLI, 14-8 changing to 9900 WNG Central, 14-9 changing to 9900 WNG Central and modes, 14-10 configuring for the first time, 7-6 configuring RNC load threshold, 12-4 configuring RNC-to-PCF IP address mapping, 12-4 configuring UMTS RNC-to-SAI mapping threshold, 12-5
IN-2
copying configuration files, 12-15 deleting, 12-16 deployment mode, 12-2 disabling reporting of anomaly events, 12-11 displaying health, 37-31 displaying sensor status, 37-31 estimating number needed, 2-5 external ports, 4-18 hardware, 1-5 inputs and outputs, 33-3, 33-5 installing, 4-2 location, 2-6 logging in to CLI, 14-8 mandatory configuration procedures, 7-2 modifying anomaly event throttle rates, 12-8 modifying mobile dormancy timeout values, 12-9 monitoring, 37-2 monitoring using BMC, 37-30 optional configuration procedures, 12-2 ordering CRUs, 8-2 planning, 2-3 powering down, 5-5 powering down using BMC, 5-5 powering up, 5-4 powering up using BMC, 5-5 replacing hard disk drive, 8-4 replacing power supply, 8-3 resetting using BMC, 5-5 restoring, 39-7 restoring files, 39-7 software upgrades, 9-2 specifying intensity levels for anomaly events, 12-13 specifying IP addresses for whitelists, 12-8 specifying mobile IP address ranges, 12-7 specifying VLANs, 12-10 upgrading software using a USB, 9-8 upgrading software using the 9900 WNG Central repository, 9-6 upgrading software using the external software repository, 9-7
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
9900 WNG EMS installing, 15-2 system requirements, 15-2 9900 WNG GUI; See GUI
A
abusive subscriber events, 33-17 AC power requirements, 4-3 AC power supply, 2-13 access privileges; See privileges access roles; See roles accessing 9900 WNG Central web page, 17-2 accounts creating, 20-3 deleting SNMP, 19-8 accounts; See user accounts Active Reports tab Subscriber view, 29-3 always-active subscriber events, 33-19 anomaly alerts configuring, 19-11 anomaly event throttle rates modifying, 12-8 Anomaly Events filtering, 22-8 anomaly events investigating, 33-5 specifying threshold, 33-21 unwanted source, 33-16 Anomaly Events tab, 29-11 in subscriber reports, 29-11 Anomaly Events view, 22-5 anomaly types, 22-7 components, 22-6 Event Details panel, 22-7 filtering events, 22-8 opening Mobile Flow view from, 22-9 operations, 22-9 working in, 22-9 Anomaly History view, 22-12 components, 22-12 filtering, 22-12
anomaly types in Anomaly Events view, 22-7 API; See Motive API application browser-based reports, 31-36 Application Comparison Table report, 31-36 application map tables adding entries, 12-16 application reports, 31-36 application choosers, 31-41 application filters, 31-41 configuring, 31-40 fields in, 31-40 parameters, 31-40 axes in Dashboard View charts, 21-9
B
backing up, 39-2 9900 WNG Detector, 39-4 configuration files, 39-4 full database, 39-4 full system, 39-4 license files, 39-4 log files, 39-4 reports, 39-4 security files, 39-4 system files, 39-4 backup data restoring, 39-3 battery attacks, 33-8 Billing Discrepancy report, 31-34 Billing tab, 29-15 in subscriber reports, 29-15 BMC, 13-2, 18-2 monitoring 9900 WNG Central, 37-30 monitoring 9900 WNG Detector, 37-30 powering down 9900 WNG Central, 5-5 powering down 9900 WNG Detector, 5-5 powering up 9900 WNG Central, 5-5 powering up 9900 WNG Detector, 5-5 resetting 9900 WNG Central, 5-5 resetting 9900 WNG Detector, 5-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-3
browser-based reports application, 31-36 CDF charts, 30-9 considerations for early-morning queries, 30-6 controls, 30-4 device, 31-41 export icons, 30-12 exporting, 30-12 exporting to CSV file, 30-13 exporting to Excel, 30-13 filters, 30-4 generating, 30-2 hop, 31-25 input parameters page, 30-3 lag period, 30-5 legacy reports, 30-2 navigation icons in, 30-6 network elements, 31-10 network resource usage, 31-2 network statistics, 31-5 pie charts, 30-10 presentation page, 30-6 security, 31-28 stacked area charts, 30-8 subscriber, 31-29 tables, 30-11 time parameters, 30-4 time zones, 30-5 time-series charts, 30-7 tool tips in, 30-6 troubleshooting, 31-47 types, 30-7
C
cables connecting, 4-17 calendar and time widget in GUI, 16-7 calendar widgets, 30-5 CDF charts in browser-based reports, 30-9 CDMA network threat detection, 33-2
Cell comparison table (CDMA) report, 31-10, 31-11 Cell cumulative dist. (CDMA; session & perf) report, 31-14 Cell cumulative dist. (CDMA; traffic) report, 31-14 Cell cumulative dist. (UMTS; session & perf) report, 31-15 Cell cumulative dist. (UMTS; traffic) report, 31-15 Cell multi-element time-trend table (CDMA) report, 31-13 Cell multi-element time-trend table (UMTS) report, 31-13 Cell time plot (sessions and performances) report, 31-12 Cell time plot (traffic) report, 31-11 cells displaying in Network Graph view, 24-9 Central dashboard, 16-6, 21-2 Central web page, 13-2 Central web page; See 9900 WNG Central web page Central; See 9900 WNG Central chart display properties configuring in Dashboard View, 21-12 in Dashboard View, 21-12 right-click options, 21-12 CLEI labels, 8-4 CLI, 13-2, 14-2 See also CLI commands changing modes, 14-8 changing target servers, 14-9 changing target servers and modes, 14-10 logging in to 9900 WNG Central from GUI, 14-7 logging in to 9900 WNG Central using SSH, 14-6 logging in to 9900 WNG Detector, 14-8 managing user accounts, 36-4 measuring performance, 37-12 modes, 14-3 monitoring user accounts, 36-10 navigation tips, 14-12 privileges, 14-3
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-4
prompts, 14-5 role, 36-2 roles, 14-3 shortcuts, 14-13 timeouts, 14-5 viewing log files, 37-3 CLI commands, 14-14 See also CLI backing up, 39-2 Motive API, 20-4 restoring, 39-2 show backhaul, 37-18 show compressionStatus, 37-18 show memory, 37-16 show stats, 37-13 show system, 37-17 show top, 37-18 software upgrades, 9-2 syntax, 14-12 CLI prompts, 14-5 CLI role, 36-2 creating, 36-5 CLI view, 28-2 opening from GUI, 28-2 commands SNMP, 19-12 components GUI, 16-2 in Anomaly Events view, 22-6 in Mobile Flow record, 27-3 in Network Graph view, 24-7 in Performance Events view, 22-10 in subscriber reports, 29-7 in Subscriber view, 29-3 in System Events view, 26-3 configuration files backing up, 39-4 copying, 12-15 restoring, 39-5 configuration procedures; See optional configuration procedures, mandatory configuration procedures
configuring chart display properties in Dashboard View, 21-12 Dashboard View intensity preferences, 21-10 congestion alerts configuring, 19-11 connecting cables, 4-17 connections, 4-17 controls Dashboard View, 21-8 Dashboard View axes, 21-9 Dashboard View element display, 21-9 CPU Usage system event, 38-4 CRUs replacing, 8-2 CSV file exporting browser-based reports to, 30-13 Cumulative Resources chart in Flow/Session tab, 29-14
D
daily summarization process and browserbased reports, 30-6 Dashboard View chart display properties, 21-12 components, 21-2 configuring optional properties for element charts, 21-11 element icons, 21-4 elements, 21-4 features, 21-2 plotting elements in, 21-5 Dashboard View elements moving to a new dashboard, 21-13 dashboards moving elements, 21-13 data retrieval settings preferences in GUI, 16-9 database backing up, 39-4 restoring, 39-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-5
DC power requirements, 4-4 DC power supply, 2-13 deployment mode specifying, 12-2 deployment options Northbound of a PDSN, 2-8 Southbound of an HA, 2-7 Detector time plot (sessions and events) report, 31-7 Detector time plot (traffic) report, 31-6 Detector; See 9900 WNG Detector device browser-based reports, 31-41 device details in Mobile Flow view, 27-7 device reports, 31-41 fields in, 31-46 manufacturer versus models, 31-47 parameters, 31-46 Disk Usage system event, 38-4 distributed battery attacks, 33-9 distributed mobile floods, 33-12
E
Element Tables naming conventions for provisioning, 24-11 provisioning NE groups, 24-11 provisioning operations, 24-11 searching for NEs, 24-12 Element Tables view in Topology view, 24-2 right-click operations, 24-6 sort function, 24-6 working in, 24-5 elements plots in Dashboard View, 21-5 maximum number of, 21-5 procedures, 21-5 EMS GUI:See GUI environmental requirements, 2-15
Event Details panel Anomaly Events view, 22-7 in Mobile Flow, 27-5 event types network usage reports, 31-5 events abusive subscriber, 33-17 always-active subscriber, 33-19 battery attacks, 33-8 distributed battery attacks, 33-9 distributed mobile floods, 33-12 high signaling subscriber, 33-18 high-usage subscriber, 33-17 horizontal port scans, 33-14 ICMP router discovery abuses, 33-13 license violations, 35-2 Memory Usage, 38-5 mobile floods, 33-11 network anomaly, 33-6 peer-to-peer mobile traffic, 33-20 real-time, 22-2 RNC overloads, 33-10 signaling attack, 33-7 system, 38-2 unwanted source, 33-14 vertical port scans, 33-15 wireless attack, 33-7 Events Details panel Forensic View, 23-5 querying forensic events, 23-6 Excel exporting browser-based reports to, 30-13 exporting browser-based reports, 30-12 data from Network Forensic view, 25-7 graphical browser-based reports, 30-13 exporting data from the GUI, 16-7 external interfaces Motive API, 20-2 SNMP, 19-2 external ports 9900 WNG Central, 4-18 9900 WNG Detector, 4-18
IN-6
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
external user interfaces, 1-7, 10-7 BMC, 13-2 Central web page, 13-2 CLI, 13-2 EMS GUI, 13-2 NMS, 13-2 SNMP, 13-2
G
generating browser-based reports, 30-2 Mobile Flow reports, 27-2 reports in Subscriber view, 29-4 GGSN or HA time plot (sessions and performances) report, 31-21 GGSN or HA time plot (traffic) report, 31-21 GGSN-to-SGSN or HA-to-PDSN hop time plot reports, 31-26 GGSN/HA comparison table report, 31-20 GGSN/HA multi-element time-trend table report, 31-22 graphical browser-based reports exporting, 30-13 grounding servers, 4-15 GUI components, 16-2 configuring language, 16-8 Dashboard View, 21-2 data retrieval settings, 16-9 disconnecting users, 36-9 features and functions, 16-6 launching, 15-3 logging in to, 16-2 menus, 16-4 monitoring the 9900 WNG system, 16-4 navigation menu, 16-6 opening CLI view, 28-2 provisioning your PC, 15-2 role, 36-2 GUI components Dashboard View, 21-2 GUI features calendar and time widget, 16-7 exporting data, 16-7 sorting data, 16-6 whois query, 16-7 GUI role, 36-2 creating, 36-5
F
features new, 11-2 filtering Anomaly Events, 22-8 anomaly events, 22-8 Anomaly History events, 22-13 browser-based reports, 30-4 Performance Events, 22-11 System Events, 26-5 Flow Details button in Flow/Session tab, 29-14 Flow/Session tab, 29-11 Cumulative Resources chart, 29-14 Flow Details button, 29-14 in subscriber reports, 29-11 Mobile Flow chart, 29-13 plots in, 29-13 Session chart, 29-14 Forensic View, 23-2 Events Details panel, 23-5 generating, 23-2 generating from Anomaly Events view, 23-2 generating from Anomaly History view, 23-2 generating from Performance Events view, 23-2 GUI-based reports, 23-3 menu components, 23-2 opening Mobile Flow view from, 23-6 operations, 23-5 querying data in Events Details panel, 23-6 reports components, 23-4 tab, 23-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-7
H
hard disk drive ordering, 8-2 replacing, 8-4 hardware 9900 WNG, 1-5 9900 WNG Central, 1-6 9900 WNG Detector, 1-5 connections, 4-17 installing, 4-2 replacing hard disk drive, 8-4 replacing power supply, 8-3 Hardware Failure system event, 38-8 hardware requirements, 4-2 hardware specifications, 2-12 cabling, 2-14 power requirements, 2-13 racks, 2-12 hazard statements, 3-2 high signaling subscriber events, 33-18 high-usage subscriber events, 33-17 Historic Reports tab Subscriber view, 29-3 Historic View tab, 23-3 hop browser-based reports, 31-25 hop reports, 31-25 in Network Forensic view, 25-2 parameters, 31-27 specifying hops, 31-27 time resolution, 31-28 horizontal port scans, 33-14 Hour-of-day trend comparing applications report, 31-37 Hour-of-day trend comparing days of week report, 31-38 Hour-of-day trend comparing days report, 31-37 Hour-of-day trend comparing manufacturers report, 31-42
I
ICMP router discovery abuses, 33-13 icons to export browser-based reports, 30-12 idle timeouts displaying, 36-12 Incident breakdown by event type (pie chart) report, 31-3, 31-3 Incident breakdown by event type (time plot) report, 31-2 installing, 4-2 2-post racks, 4-11 4-post racks, 4-7 9900 WNG Central, 4-2 9900 WNG Detector, 4-2 9900 WNG EMS, 15-2 brackets, 4-7 hardware, 4-2 license, 6-3 server rack, 4-6 servers, 4-7 intensity levels for anomaly events specifying, 12-13 intensity preferences in Dashboard View, 21-10 IP addresses specifying for whitelists, 12-8
L
lag period in browser-based reports, 30-5 language configuring choice of in GUI, 16-8 LEDs status indicators, 16-4 troubleshooting, 16-5 legacy reports, 30-2 license, 6-2 expiration, 6-2 installing, 6-3 obtaining, 6-3
IN-8
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
obtaining 9900 WNG Central host identifier, 6-3 viewing status, 35-2 viewing violations, 35-2 license files backing up, 39-4 restoring, 39-5 License Violation system event, 38-2 Line rate threshold system event, 38-6 Link Down system event, 38-3 log files, 37-2 backing up, 39-4 displaying for Motive API, 20-6 GUI queries, 37-10 GUI reports, 37-10 restoring, 39-5 using to monitor the system, 37-3 viewing using CLI, 37-3 log reports samples, 37-3 logging in 9900 WNG Central CLI from GUI, 14-7 9900 WNG Central CLI using SSH, 14-6 9900 WNG Detector, 14-8 logging in to GUI, 16-2 login banners loading, 12-21
M
mandatory configuration procedures 9900 WNG Central, 7-2 9900 WNG Detector, 7-2 configuring 9900 WNG Central servers, 7-5 configuring 9900 WNG Detector servers, 7-6 configuring management interfaces and BMC LANs, 7-3 prerequisites, 7-2 Memory Usage system event, 38-5 menu icons in System View, 26-2
menus Forensic View, 23-2 GUI, 16-4 Subscriber View, 29-2 MIBs; See SNMP MIBs mobile dormancy timeout values modifying, 12-9 mobile floods, 33-11 Mobile Flow chart in Flow/Session tab, 29-13 Mobile Flow measurements RTT, 27-8 throughput, 27-8 Mobile Flow Queries, 37-12 Mobile Flow record components, 27-3 Mobile Flow report Event Details tab, 27-5 Path tab, 27-7 Performance tab, 27-6 Mobile Flow reports generating, 27-2 Mobile Flow view measurements, 27-8 opening from Anomaly Events view, 22-9 opening from Forensic View, 23-6 opening Network Forensic reports from, 27-8 operations, 27-7 records, 27-2 viewing device details, 27-7 working in, 27-7 mobile IP address ranges specifying, 12-7 modes changing, 14-8 CLI, 14-3 monitoring using log files, 37-2 Motive API, 20-2 adding subnets, 20-4 CLI commands, 20-4 creating accounts, 20-3 deleting subnets, 20-5 deleting users, 20-3
IN-9
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
displaying log files, 20-6 displaying statistics, 20-6 displaying users, 20-4 interface, 20-2 role, 36-2 security, 20-3 Motive API role, 36-2 creating, 20-3 mouse-over function in Network Graph view, 24-9 multiple params) report, 31-31
N
navigation icons in browser-based reports, 30-6 NE reports in Network Forensic view, 25-2 network anomaly events, 33-6 network elements browser-based reports, 31-10 network elements reports, 31-10 configuration options, 31-24 parameters, 31-22 sessions and performance parameters, 31-23 traffic measure types parameters, 31-23 traffic parameters, 31-23 Network Forensic Element Reports, 37-11 Network Forensic Hop Reports, 37-11 Network Forensic reports components, 25-4 concise format, 25-5 detailed format, 25-5 generating from the Network Graph view, 24-10 opening from Mobile Flow view, 27-8 statistics, 25-5 Network Forensic view, 25-2 export functions, 25-7 generating reports, 25-3 History tab, 25-4 hop reports, 25-2 in navigation menu, 25-2 NE reports, 25-2
operations, 25-7 sorting data in, 25-7 working in, 25-7 Network Graph view, 24-6 components, 24-7 display functions, 24-8 displaying and collapsing cell view, 24-9 generating a Network Forensic report from, 24-10 mouse-over function, 24-9 opening, 24-6 operations in, 24-10 preferences, 24-8 working in, 24-8 network resource usage browser-based reports, 31-2 network resource usage reports, 31-2 network statistics browser-based reports, 31-5 network statistics reports, 31-5 parameters, 31-8 sessions and events parameters, 31-9 traffic parameters, 31-8 network usage reports event types, 31-5 resource types, 31-5 NMS, 13-2 No Packet system event, 38-6
O
operations Anomaly Events view, 22-9 in Element Tables view, 24-6 in Forensic View, 23-5 in Network Forensic view, 25-7 in System View, 26-6 Performance Events view, 22-11 optional configuration procedures, 12-2 9900 WNG Central, 12-16 9900 WNG Detector, 12-2 adding 9900 WNG Detectors, 12-14 adding entries to application map tables, 12-16 configuring anomaly alerts, 19-11
IN-10
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
configuring congestion alerts, 19-11 configuring RNC load threshold, 12-4 configuring RNC-to-PCF IP addresses, 12-4 configuring SNMPv1/v2c, 19-3 configuring SNMPv3, 19-5 configuring trend alerts, 19-11 configuring UMTS RNC-to-SAI mappings, 12-5 copying 9900 WNG Detector configuration files, 12-15 deleting 9900 WNG Detectors, 12-16 deleting SNMP communities, 19-10 deleting SNMP hosts, 19-11 deleting SNMP server IP addresses, 19-10 deleting SNMP views, 19-11 disabling anomaly event reporting, 12-11 enabling security event manager feed, 12-20 generating public keys, 12-21 loading saved login banners, 12-21 modifying anomaly throttle rates, 12-8 modifying mobile dormancy timeout values, 12-9 specifying anomaly event intensity levels, 12-13 specifying deployment modes, 12-2 specifying IP addresses for whitelists, 12-8 specifying mobile IP address ranges, 12-7 specifying VLANs, 12-10 updating SNMP agent contact, 19-9 updating SNMP location information, 19-9 Overall network time plot (sessions and events) report, 31-6 Overall network time plot (traffic) report, 31-5 Overall subscriber cumulative distribution report, 31-30
P
Packet Drop system event, 38-6 parameters browser-based reports input page, 30-3
passwords changing for users, 36-6 changing your account using the CLI, 36-6 changing your account using the GUI, 36-6 expiration, 36-3 requirements, 36-3 Path tab, 29-14 in subscriber reports, 29-14 peer-to-peer mobile traffic events, 33-20 performance measuring using CLI, 37-12 Performance Events view, 22-10 components, 22-10 filtering data, 22-11 operations, 22-11 working in, 22-11 Performance KPI by manufacturer/model report, 31-45 pie charts in browser-based reports, 30-10 planning, 2-2 9900 WNG Central, 2-2 9900 WNG Detector, 2-3 cabling, 2-14 environmental requirements, 2-15 IP addresses, 2-11 port numbers, 2-11 power requirements, 2-13 port scans, 33-14 horizontal, 33-14 vertical, 33-15 ports 9900 WNG Central, 4-18 9900 WNG Detector, 4-18 power requirements, 4-3 AC, 4-3 DC, 4-4 power supply ordering, 8-2 replacing, 8-3 powering down, 5-2 9900 WNG Central, 5-3 9900 WNG Detector, 5-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-11
powering up, 5-2 9900 WNG Central, 5-2 9900 WNG Detector, 5-4 preferences GUI, 16-9 menu, 16-9 presentation page browser-based reports, 30-6 privileges, 36-2 admin, 36-2 anomaly, 36-2 application devices, 36-2 changing, 36-7 CLI, 14-3 demo only, 36-2 escalating, 36-3 NE, 36-2 reportonly, 36-2 subscriber, 36-2 sudo, 36-2 user, 36-2 Process Down system event, 38-3 Process Start system event, 38-4 public keys generating, 12-21
Q
queries Mobile Flow, 37-12 Queue Usage system event, 38-7
R
Real-time Events view, 22-2 anomalies, 22-5 Anomaly History, 22-12 columns in table, 22-3 common components, 22-2 common features, 22-2 Performance Events, 22-10 severity indicators, 22-4 Realm/APN comparison table report, 31-34 records Mobile Flow view, 27-2 regulatory specifications, 3-6
IN-12
reporting of anomaly events disabling, 12-11 Reports role, 36-2 reports backing up, 39-4 generating browser-based, 30-2 generating for subscriber, 29-5 generating from Network Forensic view, 25-3 mobile flow, 27-2 Network Forensic Element, 37-11 Network Forensic Hop, 37-11 restoring, 39-5 subscriber, 16-11 Subscriber view, 29-2 reports database performing an incremental backup, 39-5 restoring increments, 39-6 Reports role, 36-2 creating, 36-5 resetting 9900 WNG Central using BMC, 5-5 9900 WNG Detector using BMC, 5-5 resource types network usage reports, 31-5 Resources breakdown by top application report, 31-4 restoring, 39-2 9900 WNG Detector, 39-7 configuration files, 39-5 database, 39-5 full system, 39-5 license files, 39-5 log files, 39-5 procedures, 39-5 reports, 39-5 security files, 39-5 system files, 39-5 restoring backup data, 39-3 right-click options for charts in Dashboard View, 21-12 RNC comparison table report, 31-16 RNC load thresholds configuring, 12-4
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
RNC multi-element time-trend table report, 31-17, 31-18 RNC overloads, 33-10 RNC time plot (sessions and performances) report, 31-17 RNC time plot (traffic) report, 31-16 RNC-to-cell hop time plot report, 31-26 RNC-to-PCF IP address mapping configuring, 12-4 Roaming traffic report, 31-7 roles, 36-2 changing, 36-7 CLI, 14-3, 36-2 GUI, 36-2 managing, 36-4 monitoring, 36-10 Motive API, 36-2 Reports, 36-2 SNMP, 36-2 RTT in Mobile Flow measurements, 27-8
S
safety guidelines, 3-3 hazards, 3-2 safety guidelines, 3-3 safety hazards, 3-2 security, 34-2 browser-based reports, 31-28 Motive API, 20-3 passwords, 36-3 privileges, 36-2 RBAC, 34-2 roles, 36-2 SNMPv3, 34-2 SSH protocol, 34-2 SSL, 34-2 supported protocols, 34-2 security event manager feed enabling, 12-20 security files backing up, 39-4 restoring, 39-5 security reports, 31-28
server grounding, 4-15 installing racks, 4-6 specifications, 2-12 Session chart in Flow/Session tab, 29-14 severity indicators in Real-time Events view, 22-4 SGSN or PDSN time plot (sessions and performances) report, 31-19 SGSN or PDSN time plot (traffic) report, 31-18 SGSN/PDSN multi-element time-trend table report, 31-20 SGSN/PDSN-to-RNC hop time plot report, 31-26 show backhaul, 37-18 show compressionStatus, 37-18 show memory, 37-16 show stats, 37-13 show system, 37-17 show top, 37-18 signaling attack events, 33-7 Single subscriber time trend table report, 31-31 SNMP, 13-2 9900 WNG Central, 19-2 creating accounts, 19-5 deleting accounts, 19-8 deleting communities, 19-10 deleting groups, 19-8 deleting hosts, 19-11 deleting server IP addresses, 19-10 deleting views, 19-11 displaying users, 19-8 interface, 19-2 MIBs, 19-15 role, 36-2 trap events, 19-13 updating agent contact, 19-9 updating location information, 19-9 SNMP commands, 19-12 GET, 19-12 SET, 19-12 TRAP, 19-12 SNMP MIBs, 19-15 accessing, 19-15
IN-13
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
SNMP role, 36-2 creating, 19-5 SNMPv1/v2c configuring, 19-3 SNMPv3 configuring, 19-5 software 9900 WNG, 1-6 displaying enabled repository, 9-4 displaying packages, 9-9 repository, 9-3 upgrading using an external repository, 9-7 upgrading using the 9900 WNG Central repository, 9-6 upgrading using USB, 9-8 software repository configuring the 9900 WNG Central, 9-4 displaying, 9-4 displaying packages, 9-9 software upgrades, 9-2 CLI commands, 9-2 sorting data in Element Tables view, 24-6 data in Network Forensic view, 25-7 data in tables, 16-6 data in the GUI, 16-6 stacked area charts in browser-based reports, 30-8 statistics displaying for Motive API, 20-6 Statistics tab in subscriber reports, 29-8 subnets adding for Motive API, 20-4 deleting for Motive API, 20-5 subscriber browser-based reports, 31-29 Subscriber Group Manager, 32-2 subscriber group view changing, 32-4 subscriber groups changing view, 32-4 creating, 32-3 importing data, 32-5 Subscriber Reports, 37-11
IN-14
subscriber reports, 29-4, 31-29 Anomaly Events tab, 29-11 Billingtab, 29-15 components, 29-7 fields in, 31-35 Flow/Session tab, 29-11 modifying preferences, 16-11 parameters, 31-35 Path tab, 29-14 Statistics tab, 29-8 Top Applications tab, 29-8 Top Servers tab, 29-10 Subscriber Statistics tab, 29-8, 29-8 Subscriber time plot report, 31-30 Subscriber view acquiring IDs for reports, 29-4 Active Reports tab, 29-3 components, 29-3 generating reports, 29-4 Historic Reports tab, 29-3 reports, 29-2 reports characteristics, 29-4 subscribers searching, 32-4 Swap Usage system event, 38-8 system backing up, 39-4 restoring, 39-5 system architecture, 1-2, 10-2 system events, 38-2 CPU Usage, 38-4 Disk Usage, 38-4 Hardware Failure, 38-8 License Violation, 38-2 Line rate threshold, 38-6 Link Down, 38-3 No Packet, 38-6 Packet Drop, 38-6 Process Down, 38-3 Process Start, 38-4 Queue Usage, 38-7 Swap Usage, 38-8 viewing, 38-2
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
System Events view, 26-2 components, 26-3 display preferences, 26-4 table columns, 26-4 system files backing up, 39-4 restoring, 39-5 System History view, 26-5 system requirements 9900 WNG EMS, 15-2 System View, 26-2 menu icons, 26-2 operations, 26-6 working in, 26-6
T
Table comparing manufacturers report, 31-44 Table comparing models report, 31-45 tables in browser-based reports, 30-11 threat detection CDMA network, 33-2 UMTS network, 33-3 threshold values, 33-21 throughput in Mobile Flow measurements, 27-8 time parameters browser-based reports, 30-4 Time plot comparing applications report, 31-38 Time plot comparing manufacturers report, 31-43 Time plot comparing models report, 31-44 time zones in browser-based reports, 30-5 time-series charts in browser-based reports, 30-7 timeouts See also idle timeouts in CLI, 14-5 tool tips in browser-based reports, 30-6 Top applications reports, 31-39 Top Applications tab in subscriber reports, 29-8
Top attackers at or above a specified intensity level report, 31-28 Top mobile (single day, 31-31 Top Mobiles reports, 31-32 Top scanners report, 31-29 Top servers report, 31-33 Top Servers tab, 29-10 in subscriber reports, 29-10 Topology view, 24-2 Element Tables view, 24-2 trend alerts configuring, 19-11 troubleshooting browser-based reports, 31-47 using LEDs, 16-5
U
UMTS network threat detection, 33-3 UMTS RNC-to-SAI mapping configuring, 12-5 unwanted source anomaly event, 33-16 upgrading 9900 WNG Central software using a USB, 9-8 9900 WNG Central software using the 9900 WNG Central repository, 9-6 9900 WNG Central software using the external software repository, 9-7 9900 WNG Detector software using a USB, 9-8 9900 WNG Detector software using the 9900 WNG Central repository, 9-6 9900 WNG Detector software using the external software repository, 9-7 user accounts, 36-2 changing names, 36-8 changing password, 36-6 changing passwords using the CLI, 36-6 changing passwords using the GUI, 36-6 changing roles, 36-7 CLI role, 36-2 creating, 36-5 creating for SNMP, 19-5
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
IN-15
deleting, 36-10 deleting motive API, 20-3 deleting SNMP, 19-8 disconnecting, 36-9 displaying, 36-11 displaying idle timeouts, 36-12 displaying Motive API users, 20-4 displaying patterns, 36-12 displaying SNMP users, 19-8 GUI role, 36-2 managing, 36-4 monitoring, 36-10 Motive API role, 36-2 passwords, 36-3 privileges, 36-2 Reports role, 36-2 resetting the password timeout for all, 36-8 roles, 36-2 setting the idle timeout, 36-9 setting the password timeout for one, 36-8 SNMP role, 36-2 user interfaces, 13-2 9900 WNG Central web page, 17-2 BMC, 18-2 CLI, 14-2 GUI, 16-2 GUI Dashboard View, 21-2 logging in, 13-3 users See also user accounts creating accounts, 36-5
Network Graph, 24-6 Performance Events, 22-10 Subscriber, 29-3 System, 26-2 Topology, 24-2 VLANs specifying, 12-10
W
warning hazards, 3-2 whois query, 16-7 widgets calendar, 30-5 wireless attack events, 33-7
V
vertical port scans, 33-15 viewing license status, 35-2 system events, 38-2 views Anomaly Events, 22-5 Anomaly History, 22-12 CLI, 28-2 Element Tables, 24-2 Forensic, 23-2 Network Forensic, 25-2
IN-16
Alcatel-Lucent 9900 Wireless Network Guardian, Release 2.1 July 2010 3HE 06049 AAAA TQZZA
Customer documentation
http://www.alcatel-lucent.com/myaccess
Product manuals and documentation updates are available at alcatel-lucent.com. If you are a new user and require access to this service, please contact your Alcatel-Lucent sales representative.
Technical Support
http://support.alcatel-lucent.com
Documentation feedback
documentation.feedback@alcatel-lucent.com