How to Access an AXE

USER GUIDE
6/1553-CXA 118 03/4-V2 Uen B
Copyright
© Ericsson AB 2017. All rights reserved. No part of this document may be
reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of
this document.
Trademark List
All trademarks mentioned herein are the property of their respective owners.
These are shown in the document Trademark Information.
Abstract
This document describes the procedures to access an AXE node with APG43L
acting as Adjunct Processor Group (APG).
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
Contents

Contents
1 General 1
1.1 Revision Information 1
1.2 Concepts 1
1.3 Scope 3
1.4 Introduction 3
2 How to Use 15
2.1 AP Session 15
2.2 Restricted AP Session 16
2.3 MML Session 16
2.4 NETCONF Session 19
2.5 File Transfer Session 21
2.6 Troubleshooting Session 21
3 Configuration 25
Glossary 27
Reference List 29
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Access an AXE
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General

1 General
1.1 Revision Information
Changes in APG43L 3.4
This is a new document:
— 6/1553-CXA 118 03/4-V2 Uen
• Rev. B
— Minor changes.

• Rev. A
 — Document applicable for Multi-CP System configuration.
1.2 Concepts
Cluster CP A Central Processor (CP) that is a member of a CP Cluster.
Cluster Operation Mode
The Cluster Operation Mode determines the level of
Operation and Maintenance (OaM) activities allowed in a
Multi-CP System AXE node. There are 2 Cluster Operation
Modes, Expert and Normal, for advanced and regular
activities respectively.
Cluster Session It is an Man Machine Language (MML) session used to
execute all normal OaM cluster level operations, which
includes cluster configuration and retrieving information
for cluster level objects. A Cluster Session is automatically
opened towards the Operative Group if no CP is specified
at connection establishment. This session type is
applicable in both Normal Mode and Expert Mode.
A CP Cluster is a set of Cluster CPs that provides CP
functionality.
CP Cluster
A 1+1 redundant CP (A+B side); the two sides are named
Executive (EX) and Standby (SB).
Dual-Sided CP
Multi-CP System
A system that includes several types of CPs, regardless if
the CPs are Single-Sided CPs or Dual-Sided CPs.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 1
How to Access an AXE
NETCONF protocol
The Network Configuration (NETCONF) protocol
is a network management protocol developed and
standardized by the Internet Engineering Task Force
(IETF). NETCONF provides mechanisms to install,
manipulate, and delete the configuration of a Network
Element (NE). Its operations are realized on top of a
simple Remote Procedure Call (RPC) layer. The NETCONF
protocol uses an Extensible Markup Language (XML)
based data encoding for the configuration data as
well as the protocol messages. The protocol messages
are exchanged on top of a secure transport protocol.
The NETCONF is standard compliant to Request for
Comments (RFC) 4741 and RFC 6241, see Reference [12]
and Reference [13] for more information.
Network Element
A NE is a manageable logical entity uniting one or more
physical devices. Home Location Register (HLR), Mobile
Switching Center (MSC) are identified as NEs.
Operative Group
A set of Cluster CPs, consisting of CPs in states Active and
Intermediate (Time Supervision), that are required to be
configured consistently. The Operative Group (OG) is
normally addressed through a Cluster Session.
Quorum A set of Cluster CPs, in states Active and/or Passive. The
Cluster CPs in the Quorum can fully communicate with
each other. In a CP Cluster, there is only one Quorum.
Restricted CP Session
It is an MML session used to retrieve information of CP
level objects or to perform a local activity that does not
change the configuration data. It is opened when CP
scope is specified at connection establishment and the
CP(s) belong to OG. This session type is applicable in
Normal Mode only.
Single-CP System
A system that includes only one type of CP, regardless if
the CP is a Single-Sided CP or a Dual-Sided CP.
Single-Sided CP A Cluster CP without redundancy on a CP board level.
2 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
Transport Layer Security
Transport Layer Security (TLS) is a protocol used to
establish an authenticated channel between a TLS client
and a TLS server, with confidentiality and integrity
assured for messages sent over the channel. The
connection over TLS, makes it possible to generically
secure connections used for such remote shells. The TLS
is standard compliant to Request for Comments (RFC)
5246, see Reference [14] for more information.
Unrestricted CP Session
It is an MML session used for maintenance activities.
All types of commands are allowed and therefore any
actions should be done with caution to maintain data
consistency. It is opened when CP scope is specified at
connection establishment and:
• The Cluster Operation Mode is set to Normal Mode
and the addressed CP(s) does not belong to the OG.
• The Cluster Operation Mode is set to Expert
Mode and the user is an expert user, that means
having an MML authority and belonging to role
SystemAdministrator.
1.3 Scope
This User Guide describes how to establish a connection between a client and an
AXE based NE for OaM operations to be performed on the APG or CP.
The contents of the following User Guides are prerequisites for this document:
— Managed Element Management
— User Management
1.4 Introduction
APG43L is the platform providing safe and reliable Input/Output (IO) operations
for an AXE-based NE. In particular it provides the remote access to an AXE node,
safe storage support and reliable transfer of AXE related data like statistics, traffic
measurements and billing.
APG43L allows a customer accessing to an AXE-based NE through the following
sessions.
— An AP session, where OaM activities on APG can be performed by executing
Ericsson Command-Line Interface (ECLI) and AP commands.
— An MML session, where OaM activities on CP can be performed by executing
MML commands.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 3
How to Access an AXE
— A NETCONF session, where OaM activities on APG can be performed via
machine to machine communication by executing XML based operations.
— A Troubleshooting (TS) session, where emergency procedures can be
performed by executing shell commands.
An AXE node consists of one APG, one Dual-Sided CP and many Single-Sided CPs.
An APG is a cluster of two AP sides, named Node A and Node B, configured
in active/passive configuration. Three Internet Protocol (lP) addresses are
associated to APG, one for Node A, one for Node B and another logical one called
cluster IP address always addressing the active node.
1.4.1 Network Configuration
The APG cluster IP address is used by a Management System (MS) to access
an AXE node via APG.
Such IP address is associated to a public interface.
Refer to User Guide Transport Management for further information
Figure 1 AXE Node in a Multi-CP System
4 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
1.4.2 Access Sessions
An AXE node can be accessed in three different ways to perform three types of
operations as sketched in Table 1.
Table 1 Type of Operations on AXE
Type of Operations Access Type
Operation and Maintenance
Remote, via a MS
operations
Advanced operations Remote, via a TS console
Remote, via the data center hosting
Recovery operations
the AXE node
OaM operations aim to configure and administer an AXE node. An OaM user
profile is required to establish a Transfer Communication Protocol (TCP)/IP
connection between a remote MS and the cluster IP address associated to the
APG. The user authentication is provided by a central Lightweight Directory
Address Protocol (LDAP) server acting as central user repository database in
the whole customer network. This lets customer configure and manage multiple
systems with a single set of user identity configuration information. LDAP as
functionality is offered by either Ericsson Operations Support System (OSS) or a
customer-chosen LDAP implementation. Within an Ericsson solution, both the MS
and LDAP services are delivered by Ericsson OSS system.
In case of critical OaM operations on CP, it is possible to enable caching of
user credentials so that they can be authenticated also in case of LDAP server
connectivity issues. Caching can be enabled contacting Ericsson customer support.
Advanced operations are TS activities aiming to recover from abnormal AXE
node status, for example when LDAP server is not reachable. A TS user profile
is required to establish a TCP/IP connection between a remote TS console and
one of the three IP addresses associated to the APG .
Recovery operations are emergency activities aiming to recover from disaster
events. Recovery operations are performed using proper procedures on the data
center hosting the AXE node.
One of the following Command-Line Interface (CLI) sessions can be established
between a client and an AXE node depending on TCP port number on APG, user
profile and client type:
— AP session
— Restricted AP session
— MML session
— NETCONF session
— FT session
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 5
How to Access an AXE
— TS session
Note: APG is able to accept a session opening only if the client specifies vt100
as terminal type.
The supported standard client types are Secure File Transfer Protocol (SFTP),
Secure Shell (SSH), Transport Layer Security (TLS), for establishing a secure
communication channel; and, only for backward compatibility reasons, also
File Transfer Protocol (FTP) and Telnet, for establishing a non-secure, thus not
recommended, communication channel.
A TLS-based communication allows trusting the client and the server, the APG, by
using set of certificates generated by a Certification Authority (CA). It can be used
for opening an AP session or a NETCONF session without any needs to provide a
password so making the user accesses simpler to be disciplined.
Refer to User Guide User Management for more detailed information on procedure
to follow for configuring APG to support TLS.
For all session types, before entering the user password a welcome message is
shown; refer to User Guide AXE Security Management for more info on how to
configure the welcome message.
It is not shown when opening an AP session or a NETCONF session over TLS.
Table 2 shows the type of sessions a user can establish for each of available TCP
ports and client types.
6 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
Table 2 Session Types for OaM and TS Users
SESSION
CLIENT TYPES
TYPES
TCP
User Port FTP(Note Telnet(Note
SFTP SSH TLS
Profile Numb 4) 4)
er
OaM
File Transfer
21 and TS
session
User
AP
File Transfer session
22 MML
session
session(
Note 1)
23 AP session
MML session(
 Note 1)
52000
52001
52010
52011 MML session
52100 AP session(No
te 2)
52101
52110
52111
MML session(
Note 3)
52002
AP session(No
te 2)
5000
5001
5010
5011 MML session
5100 AP session(No
te 2)
5101
5110
5111
5002
NETCONF
830
session
AP session
9830 MML session(
Note 1)
NETCONF
6513
session
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 7
How to Access an AXE
Table 2 Session Types for OaM and TS Users
TS session TS
4422 MML session( User
Note 1)
TS session
4423 MML session(
Note 1)
Note:
• Note 1: Via AP command mml into opened AP session.
• Note 2: Via MML command APLOC into opened MML session.
• Note 3: Via Ericsson client WinFIOL.
• Note 4: Insecure client types FTP and Telnet are not recommended.
Table 3 shows the type of sessions a cached OaM user can establish for each
of available TCP ports and client types. Only Restricted AP Session and MML
session can be opened.
Table 3 Session Types for Cached OaM Users
SESSION TYPES CLIENT TYPES
User TCP SFTP
Profile Port
Numb
 er
8 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
Table 3 Session Types for Cached OaM Users
Cached
21 Not allowed OaM
User
Restricted AP
22 Not allowed session
MML session(
Note 1)
Restricted AP
23 session
MML session(
Note 1)
52000
52001
52010
MML session
52011
Restricted AP
52100
session(Note 2)
52101
52110
52111
MML session(
Note 3)
52002 Restricted AP
session(Note 2)
5000
5001
5010
MML session
5011
Restricted AP
5100
session(Note 2)
5101
5110
5111
MML session(
Note 3)
5002 Restricted AP
session(Note 2)
NETCONF
830
session
4422 Not allowed
4423 Not allowed
9830 Not allowed
6513 Not allowed
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 9
How to Access an AXE
Note:
• Note 1: Via AP command mml into opened AP session.
• Note 2: Via MML command APLOC into opened MML session.
• Note 3: Via Ericsson client WinFIOL.
• Note 4: Insecure client types File Transfer Protocol (FTP) and Telnet
are not recommended.
1.4.2.1 AP Session
An AP session is used to perform OaM operations on APG using an OaM user. It
can be opened by establishing:
— An SSH connection with the cluster IP address of the APG on TCP port
number 22.
— A TLS connection with the cluster IP address of the APG on TCP port number
9830, once TLS support has been enabled on APG by following procedure
described in User Guide User Management.
Note: The remote MS client must support terminal raw mode to get AP
session properly working.
— A Telnet connection with the cluster IP address of the APG on TCP port
number 23.
Note: The support of insecure protocol is not recommended.
From an AP session, an authenticated OaM user, depending on the authorization
rules, can:
— Interact with Managed Object Model (MOM) AXE. That is create, delete a
Managed Object (MO), assign a value to an attribute and get the value of
them. Refer to User Guide Ericsson Command-Line Interface and User Guide
Managed Element Management for more information.
— Execute AP commands. They are executable SW residing on APG and
operating on AP functions resources which no MOM is provided for. Refer to
section 3 in User Guide User Management for a list of available AP commands.
From an AP session with AP1, an authenticated OaM user, depending on the
authorization rules, can also:
— Open an MML session giving AP command mml.
— Return to the MML session which the AP session was opened from, giving
the AP command exit.
10 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
An AP Session can be also accessed by TS users for performing emergency
operations like restore the communication with the LDAP server.
An AP session is automatically disconnected if it stays inactive for a period of
time specified by the attribute inactivityTimer in the AP Session Management
function MOM.
1.4.2.2 Restricted AP Session
A Restricted AP session is used to perform OaM operations on CP when LDAP
server connectivity is not available using a cached OaM user. It can be opened by
establishing:
— An SSH connection with the cluster IP address of the APG on TCP port
number 22.
— A Telnet connection with the cluster IP address of the APG on TCP port
number 23.
Note: The support of insecure protocol is not recommended.
From a Restricted AP session, an authenticated cached OaM user can only open
an MML session giving AP command mml. All other ECLI and AP commands are
rejected with the exit string ERROR: Command not allowed in a Restricted
AP session.
A Restricted AP session is automatically disconnected if it stays inactive for
a period of time specified by the attribute inactivityTimer in the AP Session
Management function MOM.
1.4.2.3 MML Session
An MML session is used to perform OaM operations on CP using an OaM user.
An MML session is characterized by a set of properties selected during MML
session establishment phase.
Each property gives a specific behavior to the MML session; the following list
shows all of them:
1. CP side. It is the side of a Dual-Sided CP an MML session is established with.
If the CP side is not specified at logon, an MML session is opened by default to
the EX side. Side EX and side SB work normally together; if side SB is working
separately from side EX then it is possible to open an MML session with it.
2. IO device. It is the IO alphanumeric device an MML session is established on.
There are maximum 1024 IO devices.
3. Spontaneous printouts. Spontaneous printouts, like alarms, can be shown or
not in an MML session.
4. Session identity. It is the session identity assigned to an MML session.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 11
How to Access an AXE
5. Result printouts buffering. A result printout generated by an MML command
is internally buffered or not after an MML session interruption. It is saved per
user and per session identity.
6. IO device for redirection. It is the IO alphanumeric device where all result
printouts are redirected to.
7. CP scope. The CP scope applies in a Multi-CP System only and it is the
name of a Dual-Sided CP, a Single-Sided CP, or a group of Single-Sided CPs
specified at MML session establishment. If the CP scope is omitted, a Cluster
Session is opened by default.
8. Printouts comparison. It applies in a Multi-CP System only and it specifies if
the received printouts should be compared or not in case the name of a CP
group is specified as CP scope.
An MML session can be directly opened using an OaM user or a cached OaM
user via an SSH connection with the cluster IP address of the APG on TCP port
number 520nn (where n=0 or 1).The four TCP port numbers map the four possible
combinations of above properties 1, 2, 3 as per Table 4.
Table 4 TCP Port Numbers for MML Sessions
Spontaneous
TCP Port Number CP Side IO Device
Printouts
Internally
52000, 5000 EX No
selected
Internally
52001, 5001 EX Yes
selected
52010, 5010 EX User specified No
52011, 5011 EX User specified Yes
In case the Ericsson client WinFIOL is available, then an SSH connection can be
established on TCP port 52002 allowing to select all above properties.
In a Multi-CP System, different session types can be established: Cluster Session,
Unrestricted CP Session, Restricted CP Session.
If TCP port 520nn (where n=0 or 1) is used, a Cluster Session is opened by default.
Otherwise the TCP port 52002 can be used for opening also a Unrestricted CP
Session or Restricted CP Session depending on user authority, specified CP scope,
Cluster Operation Mode, and the state of the addressed CPs in the Quorum.
Similarly, the same applies for a Telnet insecure connection with the cluster IP
address of the APG on TCP port number 50nn (where n=0 or 1) or 5002 but it is
not recommended.
MML session can be also opened within an AP session, see Section 1.4.2.1 on page
10, or a TS session, see Section 1.4.2.6 on page 14, by giving AP command mml,
but this is not recommended for a machine to machine communication where a
12 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
General
higher MML command rate is required to be sustained and this can be achieved
by using port 52000 or 5000.
From an MML session, an authenticated OaM user or cached OaM user, depending
on the authorization rules, can:
— Execute MML commands. They are executables SW residing on CP and
operating on CP functions resources which no MOM is provided for. Refer to
User Guide Alphanumeric Device Management for more information on MML
commands usage.
— Open an AP session or a Restricted AP session giving MML command APLOC.
An MML session can be also accessed by TS users but it is not recommended.
An MML session is automatically disconnected if it stays inactive for a period of
time specified by the attribute mmlLoggOffTimeout in the Alphanumeric Device
Management function MOM.
1.4.2.4 NETCONF Session
A NETCONF session is used to perform OaM operations on APG via a machine to
machine communication using an OaM user. It can be opened by establishing:
— An SSH connection with the cluster IP address of the APG on TCP port number
830.
— A TLS connection with the cluster IP address of the APG on TCP port number
6513, once TLS support has been enabled on APG by following procedure
described in User Guide User Management.
A NETCONF session allows an authenticated user to interact with MOM AXE to
create and delete a MO, assign to and get the value of an attribute. Refer to User
Guide NETCONF Interface for more information. It is not recommended for a
human operator using such session type because of complexity of messages to
provide as input.
Note: The AP commands and the MML commands cannot be executed in a
NETCONF session.
An NETCONF session can be also accessed by TS users but it is not recommended.
A NETCONF session is automatically disconnected after five minutes of inactivity,
unless a NETCONF notification subscription is present.
1.4.2.5 File Transfer Session
A FT session is used to access the APG file system for uploading or downloading
files.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 13
How to Access an AXE
A FT session is opened when a OaM user establishes a SFTP connection with the
cluster IP address of APG. The default TCP port number is 22.
Note: FTP insecure connection is supported as well on TCP port 21 but it is
not recommended. Furthermore it will not work on specified operator
networks defined via AP command vlandef.
From a FT session, an authenticated OaM user, depending on the authorization
rules, can handle the APG file system; refer to User Guide File Management for
more information.
A FT session can be also accessed by TS users but it is not recommended.
1.4.2.6 Troubleshooting Session
A TS session is used to perform advanced operations on APG, like first deploy of
an APG or AP/MML session not responding, using a TS user. It can be opened by
establishing:
— An SSH connection with one of the three IP addresses associated to the APG
on TCP port number 4422.
— A Telnet connection with one of the three IP addresses associated to the APG
on TCP port number 4423.
Note: The support of insecure protocol is not recommended.
From a TS session, an authenticated TS user can:
— Execute a restricted set of Operating System (OS) commands not requiring
root authority.
— Administer TS users.
— Execute AP commands specific for TS activities.
— Open an MML session giving AP command mml.
14 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Use

2 How to Use
2.1 AP Session
When a OaM user needs to perform OaM operations on APG, an AP session should
be opened. This can be done using either an SSH, or a TLS, or a Telnet connection.
A TS user can open an AP session as well but only for emergency operations.
2.1.1 Example 1, AP Session Over SSH, OaM User
This example shows how the OaM user ossuser can establish an AP session over
SSH with an APG having 141.137.47.53 as cluster IP address on TCP port 22.
ssh -p 22 -l ossuser 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>
2.1.2 Example 2, AP Session Over SSH, TS User
This example shows how the TS user ts_user can establish an AP session over
SSH with an APG having 141.137.47.53 as cluster IP address on TCP port 22.
ssh -p 22 -l ts_user 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>
2.1.3 Example 3, AP Session Over TLS
This example shows how an OaM user, or a TS user, can establish an AP session
over TLS with an APG having 141.137.47.53 as cluster IP address on TCP port
9830. The command openssl is used from a remote MS client by using needed
certificate files.
No password is provided and no welcome message is shown.
openssl s_client -connect 141.137.47.53:9830 -quiet -tls1 -bugs -cert comuse
>
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 15
How to Access an AXE
2.2 Restricted AP Session
When a cached OaM user needs to perform OaM operations on APG, an AP session
should be opened. This can be done using either an SSH, or a Telnet connection.
2.2.1 Example
This example shows how the cached OaM user ossuser can establish a Restricted
AP session with an APG having 141.137.47.53 as cluster IP address on TCP
port 22.
>ssh -p 22 -l ossuser 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
You have been logged on using cached credentials
RESTRICTED AP SESSION
>
2.3 MML Session
When a OaM user needs to perform OaM operations on CP, an MML session
should be opened either giving AP command mml inside an AP session with AP1 or
establishing an SSH connection with the cluster IP address of AP1 on TCP port
number 52nnn (where n=0 or 1) or on port 52002.
A TS user can open an MML session as well but this is not recommended.
2.3.1 MML Session within AP Session
An MML session can be opened giving AP command mml within an AP session
with AP1.
2.3.1.1 Example 1, Nested MML Session
This example shows how the OaM user mmluser in a Single-CP System can
establish an MML session inside an AP session established with an APG having
141.137.47.53 as cluster IP address on TCP port 22.
ssh -p 22 -l mmluser 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>mml
EX-A 55/5_300R13_CM009_C15 AD-126 TIME 130221 1747 PAGE 1
16 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Use
<
2.3.1.2 Example 2, Nested Cluster Session in Multi-CP System
This example shows how the OaM user mmluser in a Multi-CP System can
establish an MML session inside an AP session established with an APG having
141.137.32.64 as cluster IP address on TCP port 22. No CP scope is specified
into AP command mml so a Cluster Session is opened.
ssh -p 22 -l mmluser 141.137.32.64
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>mml
ACT ITSAAP015 AD-29 TIME 140306 1954 OPGROUP
CLUSTER SESSION - NORMAL MODE
<
2.3.1.3 Example 3, Nested Unrestricted CP Session in Multi-CP System
This example shows how the OaM user mmluser in a Multi-CP System can
establish an MML session inside an AP session established with an APG having
141.137.32.64 as cluster IP address on TCP port 22. The Single-Sided CP BC1 is
specified as CP scope in the AP command mml and, as the NE is in Expert Mode,
an Unrestricted CP Session is opened.
ssh -p 22 -l mmluser 141.137.32.64
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>mml -cp BC1
ACT ITSAAP015 AD-30 TIME 140306 1956 BC1
UNRESTRICTED CP SESSION - EXPERT MODE
<
2.3.1.4 Example 4, Nested Restricted CP Session in Multi-CP System
This example shows how the OaM user mmluser in a Multi-CP System can
establish an MML session inside an AP session established with an APG having
141.137.32.64 as cluster IP address on TCP port 22. The Single-Sided CP
BC2 belonging to the OG is specified as CP scope in the AP command mml so a
Restricted CP Session is opened.
ssh -p 22 -l mmluser 141.137.32.64
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 17
How to Access an AXE
>mml -cp BC2
ACT ITSAAP015 AD-32 TIME 140306 2006 BC2
RESTRICTED CP SESSION - NORMAL MODE
<
2.3.1.5 Example 5, Nested Restricted CP Session with Incomplete Group in Multi-CP
System
This example shows how the OaM user mmluser in a Multi-CP System can
establish an MML session inside an AP session established with an APG having
141.137.32.64 as cluster IP address on TCP port 22. The CP group ALLBC,
including all defined Single-Sided CPs with some of them part of the OG, is
specified as CP scope in the AP command mml so a Restricted CP Session is
opened. Some other ones are not available so a warning printout is printed before
the MML session header.
ssh -p 22 -l mmluser 141.137.32.64
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
>mml -cp ALLBC
INCOMPLETE CP GROUP
CP
BC3, BC5
NA ITSAAP015 AD-32 TIME 140306 2006 ALLBC
RESTRICTED CP SESSION - NORMAL MODE
<
2.3.2 Directly Opened MML Session
An MML session can be directly opened by establishing an SSH connection with
the cluster IP address of AP1 on TCP port number 52nnn (where n=0 or 1) or on
port 52002. Connection with port 52002 requires the usage of a proper client like
the Ericsson client WinFIOL.
2.3.2.1 Example 1, MML Session
This example shows how the OaM user mmluser can establish an MML session
with an APG having 141.137.47.53 as cluster IP address on TCP port 52000.
>ssh -p 52000 -l mmluser 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
EX-A 55/5_300R13_CM009_C15 AD-130 TIME 130221 1808 PAGE 1
18 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Use
<
2.3.2.2 Example 2, Nested AP Session
This example shows how the OaM user mmluser can establish an AP session
within an MML session established with an APG having 141.137.47.53 as cluster
IP address on TCP port 52000.
>ssh -p 52000 -l mmluser 141.137.47.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
EX-A
PAG
<APL 55/5_300R13_CM009_C15 AD-130 TIME 130221 1808 1
E
OC;
>show
ManagedElement=CEMSS07
>
2.3.2.3 Example 3, Cluster Session in Multi-CP System
This example shows how the OaM user mmluser in a Multi-CP System can
establish an MML session with an APG having 141.137.32.64 as cluster IP
address on TCP port 52000. A Cluster Session is opened because no CP scope is
specified.
> ssh -p 52000 -l mmluser 141.137.32.64
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
ACT ITSAAP015 AD-32 TIME 140306 2000 OPGROUP
CLUSTER SESSION - EXPERT MODE
<
2.4 NETCONF Session
When a OaM user needs to perform OaM operations on APG via machine to
machine communication, a NETCONF session should be opened. This can be done
using either an SSH or a TLS connection.
2.4.1 Example 1, NETCONF Session Over SSH
This example shows how the OaM user sysadmin can establish a NETCONF
session over SSH with an APG having 141.137.32.244 as cluster IP address
on TCP port 830.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 19
How to Access an AXE
ssh sysadmin@141.137.32.244 -p 830 -t -s netconf
*******************************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY.
*******************************************************************************
Password:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:com:ericsson:ebase:0.1.0</capability>
<capability>urn:com:ericsson:ebase:1.1.0</capability>
<capability>urn:com:ericsson:ebase:1.2.0</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capabilit
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
<capability>urn:ericsson:com:netconf:action:1.0</capability>
<capability>urn:ericsson:com:netconf:heartbeat:1.0</capability>
<capability>urn:com:ericsson:netconf:operation:1.0</capability>
<capability>urn:ietf:params:netconf:capability:startup:1.0</capability>
</capabilities>
<session-id>3</session-id>
</hello>
]]>]]>
2.4.2 Example 2, NETCONF Session Over TLS
This example shows how a OaM user can establish a NETCONF session over TLS
with an APG having 141.137.32.45 as cluster IP address on TLS port 6513. The
command openssl is used from a remote MS client by using needed certificate
files.
No password is provided and no welcome message is shown.
openssl s_client -connect 141.137.32.45:6513 -quiet -tls1 -bugs -cert comuser_c
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:com:ericsson:ebase:0.1.0</capability>
<capability>urn:com:ericsson:ebase:1.1.0</capability>
<capability>urn:com:ericsson:ebase:1.2.0</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capabilit
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
<capability>urn:ericsson:com:netconf:action:1.0</capability>
<capability>urn:ericsson:com:netconf:heartbeat:1.0</capability>
<capability>urn:com:ericsson:netconf:operation:1.0</capability>
<capability>urn:ietf:params:netconf:capability:startup:1.0</capability>
</capabilities>
20 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Use
<session-id>3</session-id>
</hello>
]]>]]>
2.5 File Transfer Session
When a OaM user needs to transfer files to/from APG file system, a File Transfer
(FT) session should be opened. This can be done using either an SFTP, or an
FTP connection.
A TS user can open an FT session as well but this is not recommended.
2.5.1 Example
This example shows how a OaM user can establish an FT session on TCP port 22
with an APG having 141.137.32.122 as cluster IP address. The command ls is
given to list the folders the user is authorized to handle in APG file system.
sftp ossuser@141.137.32.122
Connecting to 141.137.32.122...
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
sftp> ls
data_transfer
backup_restore
cp
license_file
health_check
sts_scr
media
sw_package
support_data
sftp>
2.6 Troubleshooting Session
When a TS user needs to perform advanced operations on APG, a TS session
should be opened. This can be done using either an SSH connection.
If the TS user authentication succeeds, the bash prompt is displayed as follows:
<APG_node_name>-<APG_host_name>:$
Where: <APG_node_name> is the APG name set in the attribute
networkManagedElementId; <APG_host_name> is the APG host name, it can be
either SC-2-1 or SC-2-2 for Node A or Node B, respectively; and the last character
$ indicates that the connected user is a non root user.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 21
How to Access an AXE
A root user cannot login to APG. In order to gain root access, the TS user first has
to logon into a TS session and then request to become root using its password.
For a root user, the bash prompt is displayed as follows:
<APG_node_name>-<APG_host_name>:#
Where last character is # instead of $, indicating that the user is connected to
the node as a root user.
2.6.1 Example 1, TS Session with Node A
This example shows how the TS user ts_user can establish a TS session on TCP
port 4422 with an APG having 10.35.1.53 as Node A IP address.
ssh -p 4422 -l ts_user 10.35.1.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
CEMSS07-SC-2-1:$
2.6.2 Example 2, Nested MML Session
This example shows how the TS user ts_user can establish an MML session
inside a TS session established on TCP port 4422 with an APG having 10.35.1.53
as cluster IP address.
ssh -p 4422 -l ts_user 10.35.1.53
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
CEMSS07-SC-2-1:$ mml
EX-A 55/5_300R13_CM009_C15 AD-146 TIME 130222 1250 PAGE 1
<
2.6.3 Example 3, TS User Account Locking
This example shows the case when the TS user ts_user fails to establish an AP
session on TCP port 4422 with an APG having 10.35.1.55 as cluster IP address,
due to a wrong password entered too many times. The TS user account is then
locked.
ssh -p 4422 -l ts_user 10.35.1.55
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
22 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
How to Use
Password:
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
****************************************************************
IF YOU ARE NOT AN AUTHORIZED USER, PLEASE EXIT IMMEDIATELY
****************************************************************
Password:
ts_user@10.35.1.55's password:
Permission denied, please try again.
ts_user@10.35.1.55's password:
Permission denied, please try again.
ts_user@10.35.1.55's password:
Received disconnect from 10.35.1.55: 2: Too many authentication
failures for ts_user
The TS administrator user, having tsdmin as user identity, is able to unlock the TS
user account as described in User Guide User Management.
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 23
How to Access an AXE
24 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
Configuration

3 Configuration
-
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 25
How to Access an AXE
26 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
Glossary

Glossary
AP
Adjunct Processor
APG
Adjunct Processor Group
CA
Certification Authority
CLI
Command-Line Interface
CP
Central Processor
ECLI
Ericsson Command-Line Interface
EX
Executive
FT
File Transfer
FTP
File Transfer Protocol
HLR
Home Location Register
IETF
Internet Engineering Task Force
IO
Input/Output
IP
Internet Protocol
LDAP
Lightweight Directory Address Protocol
MML
Man-Machine Language
MO
Managed Object
MOM
Managed Object Model
MS
Management System
MSC
Mobile Switching Center
NE
Network Element
NETCONF
Network Configuration
OaM
Operation and Maintenance
OS
Operating System
OSS
Operations Support System
RFC
Request for Comments
RPC
Remote Procedure Call
SB
Standby
SFTP
Secure File Transfer Protocol
SSH
Secure Shell
TCP
Transfer Communication Protocol
TLS
Transport Layer Security
TS
Troubleshooting
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 27
How to Access an AXE
XML
Extensible Markup Language
28 6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09
Reference List

Reference List
AXE CPI References
[1] Alphanumeric Device Management
USER GUIDE
[2] AXE Security Management
USER GUIDE
[3] Ericsson Command-Line Interface
USER GUIDE
[4] File Management
USER GUIDE
[5] Managed Element Management
USER GUIDE
[6] NETCONF Interface
USER GUIDE
[7] Transport Management
USER GUIDE
[8] User Management
USER GUIDE
Standard References
[9] RFC 1350, "http://datatracker.ietf.org/doc/rfc1350/"
[10] RFC 2131, "http://datatracker.ietf.org/doc/rfc2131/ "
[11] RFC 2132, "http://datatracker.ietf.org/doc/rfc2132/"
[12] RFC 4741, "http://tools.ietf.org/html/rfc4741"
[13] RFC 6241, "http://tools.ietf.org/html/rfc6241"
[14] RFC 5246, https://tools.ietf.org/html/rfc5246
6/1553-CXA 118 03/4-V2 Uen B | 2017-10-09 29