User's Manual
Horizon Management
59
Horizon Compact Release 1.01.01 Wireless Ethernet Product User Manual – Volume 1
12.1.2 Management through Port 2 (out-of-band)
Port 2 is available for out-of-band management purposes only. It does not carry customer data traffic. It
has been designed to be used in conjunction with a management overlay network that is separate from
the customer data network. The management overlay network is typically extended back to the Network
Operations Center.
To select out -of -band management use the CLI command set network management interface port2
and press Enter. This allows management of the near end unit only. To gain access to the far end unit
use the CLI command set network management interface port2 extended and press Enter. Note: With
this “extended” command, an Ethernet connection must NOT be present on Port 2 of the far end system
otherwise a network loop will be created.
Port 2 supports management of the Horizon Compact system through Telnet sessions , SNMP and the
Web interface. When the management interface has been set to "port2", all management traffic must
arrive on Port 2, otherwise it is ignored by the system. Customer data traffic continues to be carried over
Port 1.
12.2 Telnet Access
Once correctly configured, the Horizon Compact is accessible through a Telnet session using Super
User, NOC and Admin level user accounts. Refer to Appendix A for details of CLI commands. The
Horizon Compact system can be completely configured, tested and managed through a Telnet session.
The Telnet function is enabled by default but can be disabled within the Horizon Compact system. Use
the CLI command set telnet [on/off] to enable or disable Telnet access.
12.3 Secure Shell Access Security
Telnet sessions over a network, such as the Internet , are not secure. User names and passwords, as well
as commands and system responses, are transmitted in clear text during a Telnet session. A secure shell
(SSH) protocol can be enabled in the Horizon Compact system to ensure that access to the units is
restricted to authorized clients. Horizon Compact uses the Secure Shell SSH2 server programme to
create the secure environment for Telnet sessions. SSH2 is a recognised industry standard, encrypting,
security programme. When enabled, SSH encrypts the entire Telnet session, including all usernames,
passwords, commands and responses from the system. SSH also verifies that you are talking to the
desired server by means of an authentication process using a “fingerprint”. The “fingerprint” is a unique
identifier found only on the desired server.
Enable/disable SSH by issuing the CLI command set ssh server [on/off] then press Enter.
The server “fingerprint” can be returned by issuing the CLI command get ssh server fingerprint then
press Enter.
A Secure Shell client programme needs to be installed on any computer which is to be used to manage a
Horizon Compact system with SSH enabled. A free SSH client programme (PuTTY) is available on the
Web.
Note that both SSH and Telnet can be enabled at the same time. To ensure security, once SSH has been
enabled, disable Telnet.
12.4 Supported SNMP Versions
DragonWave Horizon Compact systems support three versions of SNMP.
• Version 1 (SNMP v1) is the initial implementation of SNMP.
• Version 2 (SNMPv2c) is the second release of SNMP, which has additions and enhancements to
data types, counter size and protocol operations.
• Version 3 (SNMPv3) is the most recent version of SNMP. The functionality of SNMPv1 and
SNMPv2c remain intact, but SNMPv3 has significant enhancements to administration and
security.