• discovery and management instructions The 8950AAAGNE driver extends 5620 SAM management of 8950AAAGNE devices as described in 1.1 “AAAdriver capabilities” (p. 5). You can find more information for the 8950AAAGNE driver in the following guides:
discovery and management instructions. The 8950 AAA GNE driver extends 5620 SAM management of 8950 AAA GNE devices as described ...
5620 SAM SERVICE AWARE MANAGER 8950 AAA GNE Driver Version 1.0.0 Guide 3HE-10614-AAAA-TQZZA Issue 2 June 2020 5620 SAM Legal notice Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or tradenames of their respective owners. The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein. © 2020 Nokia. June 2020 2 3HE-10614-AAAA-TQZZA Issue 2 Contents 5620 SAM Contents About this document............................................................................................................................................4 1 AAA driver description.........................................................................................................................5 2 Restrictions, limitations, issues ...........................................................................................................5 3 Discovery and management ...............................................................................................................6 4 8950 AAA alarms.................................................................................................................................8 June 2020 Issue 2 3HE-10614-AAAA-TQZZA 3 About this document 5620 SAM About this document Purpose The 5620 SAM 8950 AAA GNE Driver Version 1.0.0 Guide provides information about the AAA GNE driver version 1.0.0, including: · driver capabilities · known issues · discovery and management instructions The 8950 AAA GNE driver extends 5620 SAM management of 8950 AAA GNE devices as described in 1.1 "AAA driver capabilities" (p. 5). You can find more information for the 8950 AAA GNE driver in the following guides: · 5620 SAM GNE Driver Installation Guide · 5620 SAM GNE Driver Compatibility Guide Document support Customer documentation and product support URLs: · Documentation Center · Technical support Technical support For details, refer to the Nokia Support portal (https://customer.nokia.com/support/s/). How to comment Documentation feedback June 2020 4 3HE-10614-AAAA-TQZZA Issue 2 AAA driver description 5620 SAM 1 AAA driver description 1.1 AAA driver capabilities The AAA driver extends the 5620 SAM fault management support to 8950 AAA devices so that alarms related to the 8950 AAA can be viewed in the 5620 SAM GUI. The AAA GNE driver version 1.0.0 allows the 5620 SAM to perform fault management for 8950 AAA servers. 1.2 8950 AAA in the Small Cell network The 8950 AAA server provides authentication, authorization, and accounting services for wired, wireless, and converged networks. The 8950 AAA supports the RADIUS protocol for authentication services. In the Small Cell network, the 8950 AAA supports EAP Authentication and Key Agreement (EAP-AKA), the proprietary EAP-DS2460, and Femto-Authorize-Only authentication methods. The 8950 AAA interfaces with external databases, Lightweight Directory Access Protocol (LDAP) servers, and others to authenticate and authorize Small Cell access points. These external servers store authentication details about users, authorization profiles, and blacklisted user data. The 8950 AAA is used for the initial authentication of SC APs before the IPSec tunnel is established. 1.3 5620 SAM management The 5620 SAM supports the following management operations for the 8950 AAA: · Discovery The 5620 SAM supports the discovery of the 8950 AAA. · Link management The 5620 SAM monitors the link to the 8950 AAA, raises an alarm when the link fails and retries automatically for link recovery. When the link is recovered, the 5620 SAM clears the alarm · Fault management The 5620 SAM normalizes fault events from the 8950 AAA and shows them in the context of the 8950 AAA in the SAM GUI. See the AAAAlarmDictionary.xml file for details. · Reach-through to the 8950 AAA from the 5620 SAM GUI The 5620 SAM GUI provides an option to launch an SSH session with the 8950 AAA. 2 Restrictions, limitations, issues 2.1 Closed issues This is version 1.0.0 of the AAA GNE driver, and there are no closed issues to report. 2.2 Outstanding issues This section describes problems that customers need to be aware of before deploying the AAA driver in a live network or lab environment. This is version 1.0.0 of the AAA GNE driver, and there are no outstanding issues to report. June 2020 Issue 2 3HE-10614-AAAA-TQZZA 5 Discovery and management 5620 SAM 2.3 Limitations The 5620 SAM support for the 8950 AAA in the Small Cell network does not include the following functions: · Configuration management · Performance management · Upgrade management · Inventory management · Software management · NE administration and security management · Auto-discovery 2.4 Restrictions The following restrictions apply to the 5620 SAM support of the 8950 AAA: · The 8950 AAA does not have a mechanism to determine the sequence of faults or a way to identify missing inform messages. As a result, the 5620 SAM does not support these features for the 8950 AAA. · The 8950 AAA does not have a mechanism to provide the list of active alarms and, therefore, does not support alarm synchronization. As a result, the 5620 SAM does not support the AlarmSync function for the 8950 AAA. 3 Discovery and management 3.1 Post-installation configuration This section describes how to discover and use the 8950 AAA GNE in the 5620 SAM after the driver was installed. See the 5620 SAM GNE Driver Installation Guide for information about installing a GNE driver. The following instructions are specific to the 8950 AAA device configuration and discovery. See the 5620 SAM User Guide chapter "Device commissioning and management" for full procedural details. Configuring a generic NE profile for the 8950 AAA device Perform the following steps: 1. Choose AdministrationGeneric NE Manager from the 5620 SAM main menu. The Generic NE Manager form opens. 2. Click Create, and choose Create Generic NE Profile. The Generic NE Profile (Create) form opens. 3. Configure the required parameters. The following table list the parameters that need to have specific values for the 8950 AAA GNE. Leave blank the values of the parameters that are not listed in the table. June 2020 6 3HE-10614-AAAA-TQZZA Issue 2 Discovery and management 5620 SAM Parameter Auto-Assign ID Generic NE Type Generic NE Category Sys Object ID Description CLI Supported Value Selected AAA GNE SmallCell .1.3.6.1.4.1.831.1.1 AAA Server Selected 4. Import the E1 interface type. a. Click on the Interface Types tab. b. Click Add. The Select Generic NE Interface Type form opens. c. Choose the E1 interface type and click OK. 5. Click on the General tab. 6. Associate the AAA driver with the NE profile. a. In the Driver Module panel, click Select. The Select Driver Module -- Generic NE Profile form opens. b. Choose the AAA driver that was installed on the 5620 SAM server and click OK. 7. Save your changes and close the forms. Configuring an SNMP v2c mediation policy for the 8950 AAA device Perform the following steps: 1. Choose AdministrationMediation from the 5620 SAM main menu. 2. Click on the Mediation Security tab. 3. Click Create. The Mediation Policy (Create) form opens. 4. Configure all the required SNMP parameters. · For Displayed Name, enter AAA. · Set the Timeout parameter to 40000 milliseconds for the successful discovery of the 8950 AAA. The mediation policy needs to be configured according to the NE configuration. The Security Model, Port and Community String parameter values must match the values of the same parameters configured on the 8950 AAA NE. 5. Save your changes and close the forms. Configuring a discovery rule for the 8950 AAA device Perform the following steps: 1. Choose AdministrationDiscovery Manager from the 5620 SAM main menu. The Discovery Manager form opens. 2. Click Create. The Create Discovery Rule form opens. June 2020 Issue 2 3HE-10614-AAAA-TQZZA 7 8950 AAA alarms 5620 SAM 3. On the Specify General Attributes page, enter AAA in the Description box and click Next. 4. On the Add Rule Elements page, click Create and assign an IP address for the 8950 AAA, and then click Next. 5. On the Configure Mediation Security page, choose the SNMP v2c mediation policy that you configured, and click Finish. After configuring the discovery rule, the 8950 AAA device appears as a GNE in the Equipment and Small Cells views. 4 8950 AAA alarms 4.1 8950 AAA GNE alarm details After performing the AAA driver post-installation configuration, the AAA GNE alarms appear in the 5620 SAM Alarm Window. The following tables provide details about the AAA GNE alarms: · Table 1, "AAA_LongProcessingDelays" (p. 8) · Table 2, "AAA_LowDiskSpace" (p. 9) · Table 3, "AAA_QueueDepthWarning" (p. 10) · Table 4, "AAA_DatabaseReadErrors" (p. 11) · Table 5, "AAA_DatabaseResponseLatency" (p. 11) · Table 6, "AAA_LDAPReadErrors" (p. 12) · Table 7, "AAA_LDAPResponseLatency" (p. 13) · Table 8, "AAA_MAPGWReadErrors" (p. 13) · Table 9, "AAA_MAPGWResponseLatency" (p. 14) You can view details about each GNE alarm in the Alarm Info form. You can also view GNE historical alarm information in the Historical Alarms form. Note: The 5620 SAM does not support the manual alarm clearing for the 8950 AAA GNE. Table 1 AAA_LongProcessingDelays Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description Alarm attribute values AAA_9001_00001 RAN_AAA_Fault_Analysis Long processing delays indicates work items are taking more time than normal to process. A work item is created for each Access-Request received. So if there are 100 authentication requests received there would be 100 work items created. The Item Total Time is the amount of time when the item is created to when it is closed or the amount of time between receiving the Access-Request and sending the Access-Accept. June 2020 8 3HE-10614-AAAA-TQZZA Issue 2 8950 AAA alarms 5620 SAM Table 1 AAA_LongProcessingDelays (continued) Alarm attribute onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values 1. Check processes running on server that are consuming above average CPU and I/O resources 2. Check if additional Femto networks were added. May require additional 8950 AAA servers to be added to network 3. Check for any server hardware failures 4. Check links and performance of external repositories 5. Check processing times for each method in the SMT 6. Monitoring Tools -> Server Statistics -> Methods -> Processing Time to isolate which methods are taking the longest 7. Move non AAA applications off the server if present NA NA AAA id="1" name="AAA" dynamic="no">LongProcessingDelays id="2" name="GneQualityOfServiceAlarm" id="5677" name="performanceDegraded" dynamic="no" id="2" name="minor" dynamic="yes">Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser:$ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 2 AAA_LowDiskSpace Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction Alarm attribute values AAA_9002_00001 RAN_AAA_Fault_Analysis Low Usable Disk Space 1. Check policy.log file size in /run directory 2. Enable log file rotation 3. Offload logs to backup repository 4. Check if other programs is using up space 5. Remove old unused files/logs 6. Add additional disks June 2020 Issue 2 3HE-10614-AAAA-TQZZA 9 8950 AAA alarms 5620 SAM Table 2 AAA_LowDiskSpace (continued) Alarm attribute onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values NA NA AAA id="1" name="AAA" dynamic="no">LowDiskSpace id="4" name="GneEquipmentAlarm" id="5679" name="resourceAtOrNearingCapacity" dynamic="no" id="3" name="major" dynamic="yes">Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser:$ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 3 AAA_QueueDepthWarning Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText Alarm attribute values AAA_9003_00001 RAN_AAA_Fault_Analysis Queue depth warning indicates larger than the normal amount of work items in the queue waiting to be processed. A high queue depth means the server is not keeping up with the amount of Access-Requests being received. 1. Check if any Femto cluster was added or rebooted 2. Check policy.log file in /run directory for any items indicating timeouts. NA NA AAA id="1" name="AAA" dynamic="no">QueueDepthWarning id="2" name="GneQualityOfServiceAlarm" id="5673" name="queueSizeExceeded" dynamic="no" id="2" name="minor" dynamic="yes">Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser:$ServiceUser$, ServiceProvider:$ServiceProvider$ June 2020 10 3HE-10614-AAAA-TQZZA Issue 2 8950 AAA alarms 5620 SAM Table 3 AAA_QueueDepthWarning (continued) Alarm attribute administration: release applicableReleases: release Alarm attribute values firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 4 AAA_DatabaseReadErrors Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values AAA_9004_00001 RAN_AAA_Fault_Analysis Errors retrieving profiles from an external database. 1. Check links, performance of database and IP routing NA NA AAA id="1" name="AAA" dynamic="no">DatabaseReadErrors id="3" name="GneProcessingErrorAlarm" id="5677" name="performanceDegraded" dynamic="no" id="3" name="major" dynamic="yes">Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser:$ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 5 AAA_DatabaseResponseLatency Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason Alarm attribute values AAA_9005_00001 RAN_AAA_Fault_Analysis Longer than normal response times reading from database. 1. Check links, performance of database, IP routing and network bandwidth 2. Check DB application and validate its performance NA NA June 2020 Issue 2 3HE-10614-AAAA-TQZZA 11 8950 AAA alarms 5620 SAM Table 5 AAA_DatabaseResponseLatency (continued) Alarm attribute CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values AAA id="1" name="AAA" dynamic="no">DatabaseResponseLatency id="2" name="GneQualityOfServiceAlarm" id="5672" name="responseTimeExcessive" dynamic="no" id="1" name="warning" dynamic="yes">Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser:$ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 6 AAA_LDAPReadErrors Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values AAA_9006_00001 RAN_AAA_Fault_Analysis Errors retrieving profiles from an external LDAP directory. 1. Check links, performance of LDAP Directory and IP Routing 2. Check LDAP application and validate its performance and availability NA NA AAA id="1" name="AAA" dynamic="no">LDAPReadErrors id="3" name="GneProcessingErrorAlarm" id="5677" name="performanceDegraded" dynamic="no" id="3" name="major" Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser: $ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" June 2020 12 3HE-10614-AAAA-TQZZA Issue 2 8950 AAA alarms 5620 SAM Table 7 AAA_LDAPResponseLatency Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values AAA_9007_00001 RAN_AAA_Fault_Analysis Longer than normal response times reading from LDAP directory. 1. Check links, performance of LDAP Directory, IP routing and network bandwidth NA NA AAA id="1" name="AAA" dynamic="no">LDAPResponseLatency id="2" name="GneQualityOfServiceAlarm" id="5672" name="responseTimeExcessive" dynamic="no" id="1" name="warning" Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser: $ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 8 AAA_MAPGWReadErrors Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity Alarm attribute values AAA_9008_00001 RAN_AAA_Fault_Analysis Errors retrieving quintets from external MAP GW. 1. Check links and performance of MAP GW and AuC/HLR NA NA AAA id="1" name="AAA" dynamic="no">MAPGWReadErrors id="3" name="GneProcessingErrorAlarm" id="5677" name="performanceDegraded" dynamic="no" id="3" name="major" June 2020 Issue 2 3HE-10614-AAAA-TQZZA 13 8950 AAA alarms 5620 SAM Table 8 AAA_MAPGWReadErrors (continued) Alarm attribute additionalText administration: release applicableReleases: release Alarm attribute values Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser: $ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" Table 9 AAA_MAPGWResponseLatency Alarm attribute onlineHelpInfo: faultCode onlineHelpInfo: helpVolume onlineHelpInfo: description onlineHelpInfo: remedialAction onlineHelpInfo: impact onlineHelpInfo: detailedReason CMObjectClassPath objectType specificProblem x733EventType probableCause perceivedSeverity additionalText administration: release applicableReleases: release Alarm attribute values AAA_9009_00001 RAN_AAA_Fault_Analysis Longer than normal response times reading from MAP GW 1. Check links, performance of LDAP Directory, IP routing, SS7 routing and network bandwidth NA NA AAA id="1" name="AAA" dynamic="no">MAPGWResponseLatency id="2" name="GneQualityOfServiceAlarm" id="5672" name="responseTimeExcessive" dynamic="no" id="1" name="warning" Nature:ADAC, Specific Problem:$specificProblem$, Additional Information from NE:$addText$, SecurityAlarmDetector:$SecurityAlarmDetector$, ServiceUser: $ServiceUser$, ServiceProvider:$ServiceProvider$ firstRel="V6.2" lastRel="ALL" internalName="V6.2" name="06_02_00" externalName="06_02_00" June 2020 14 3HE-10614-AAAA-TQZZA Issue 2CDoc 2019