- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- play_arrow Overview
- play_arrow Installation
- play_arrow Installation Tasks Overview
-
- Installing or Upgrading the CTPView Server OS
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Installing the CTPView Server OS (CTPView Server CLI)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- Reviewing the Installation Log for Errors (CTPView Server CLI)
- Verifying the CTPView Server OS Installation (CTPView)
- Validating the CTPView Server Configuration (CTPView)
- play_arrow Upgrade Tasks for Only the CTPView Software
-
- Configuring the CTPView Administrative Settings
- Preparing a New Server
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Default User Account Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)
- Configuring the Network Access (CTPView Server Menu)
- Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Enabling OpenSSL Authentication of Users by Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Importing Certificates Issued by a Third-Party CA (CTPView Server Menu)
- Updating the CTPView Software
- Logging In with a Browser (CTPView)
- Changing the CTPView GUI Default User Account Password (CTPView)
- Creating a New Global_Admin Account (CTPView)
- Configuring Subdomains in Hostnames (CTPView Server Menu)
- play_arrow Upgrade Tasks for CTPOS
- play_arrow Default Accounts and Passwords
- play_arrow Understanding CTPView Upgrade Files
- play_arrow Administration
- play_arrow Managing and Displaying Users (CTPView)
- Managing CTPView Users with the CTPView Admin Center
- Accessing the CTPView Admin Center (CTPView)
- Monitoring CTPView Users (CTPView)
- Adding New CTPView Users (CTPView)
- Modifying CTPView User Properties (CTPView)
- Monitoring CTPView Groups (CTPView)
- Modifying CTPView User Group Affiliation (CTPView)
- Adding a New CTPView User Group (CTPView)
- Modifying CTPView User Group Default Properties (CTPView)
- play_arrow Deleting Users and Groups (CTPView)
- play_arrow Managing User Passwords (CTPView)
- play_arrow Configuring User Login Properties (CTPView)
- Logging Out a CTPView User (CTPView)
- Configuring Automatic Logout for a CTPView User (CTPView)
- Configuring the Number of Login Attempts Allowed Before Lockout (CTPView)
- Configuring a Lockout Period for CTPView Users (CTPView)
- Clearing CTPView User Counters (CTPView)
- Reinstating Locked-Out IP Addresses (CTPView)
- Creating an Access Filter to Allow or Deny IP Addresses (CTPView)
- Removing an IP Access Filter (CTPView)
- Understanding CTPView GUI User Levels
- CTPOS and CTPView Software Password Requirements
- play_arrow Managing the CTPView Server (CTPView)
- Adding and Removing CTP Platforms Managed by CTPView Software (CTPView)
- Adding and Removing Host Groups (CTPView)
- Adding and Removing SNMP Communities (CTPView)
- Managing CTP Platforms in the Network (CTPView)
- Configuring Email Notifications (CTPView)
- Setting the CTPView Server Start-Up Banner (CTPView)
- Setting the CTP Platforms Login Banner (CTPView)
- Configuring an SSH Connection to a CTP Platform that Persists Through the Session (CTPView)
- Setting the CTPView Server Clock (CTPView)
- Setting the CTPOS Clock (CTP Menu)
-
- Accessing the NTP Server Settings Window (CTPView)
- Stopping the NTP Daemon (CTPView)
- Adding an NTP Peer (CTPView)
- Removing an NTP Peer (CTPView)
- Synchronizing the CTPView Server to an NTP Peer (CTPView)
- Adding NTP Network Clients (CTPView)
- Removing an NTP Network Client (CTPView)
- Modifying the Netmask of an NTP Network Client (CTPView)
- play_arrow NTP Authentication Overview on CTP Devices
- Configuring NTP Authentication Using the System Query Page (CTPView)
- Configuring NTP Authentication Using the System Configuration Page (CTPView)
- Configuring NetRef Settings (CTPView)
- Setting a Limit on File Transfer Bandwidth Between the CTPView Server and CTP Platforms (CTPView)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- play_arrow Monitoring CTP Platforms (CTPView)
- Monitoring the Network with the CTPView Software (CTPView)
- Changing the Display Settings for CTPView Network Monitoring (CTPView)
- Displaying Runtime Query Results for a CTP Platform (CTPView)
- Overriding CTP Platform Network Status and Adding Comments (CTPView)
- Saving CTP Platform Configurations (CTPView)
- Setting an Audible Alert for CTP Platform Status (CTPView)
- Displaying CTPView Network Reports (CTPView)
- Field Descriptions in CTPView Network Reports (CTPView)
- Displaying Network Statistics (CTPView)
- Displaying the Management and Circuit Interface Settings (CTP Menu)
- play_arrow Changing CTPView GUI Settings
-
- Accessing the CTPView Server Configuration Menu (CTPView Server Menu)
- play_arrow Managing CTPView Users (CTPView Server Menu)
- Unlocking a User Account (CTP Menu)
- play_arrow Adding a VLAN Interface to a Node (CTP Menu)
- Configuring Separate Interfaces for Management and Circuit Traffic (CTP Menu)
- Accessing the Security Profile Configuration Menu (CTP Menu)
- Classification of CTPView Shell Account Users
-
- Setting the CTPView Server Start-Up Banner (CTPView Server Menu)
- Establishing an SSH Connection (CTP Menu)
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restarting the PostgreSQL Server (CTPView Server Menu)
- Setting the Logging Level (CTPView Server Menu)
-
- Resetting the Default System Administrator Account (CTPView Server Menu)
- Resetting the Data File Permissions (CTPView Server Menu)
- Resetting the CTPView System Files to the Default Values (CTPView Server Menu)
- Burning an Image of CTPOS to a CompactFlash Card (CTPView Server Menu)
- Resetting the Default Firewall Settings (CTPView Server Menu)
-
- Changing Passwords to Improve Access Security
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- play_arrow Troubleshooting
- play_arrow Restoring CLI Access to the CTPView Server
- Restoring Access to a CTPView Server
- Accessing a Shell on the CTPView Server (CTPView Server CLI)
- Setting a New Password for a Nonroot User Account (CTPView Server CLI)
- Setting a New Password for a Root User Account (CTPView Server CLI)
- Creating a Nonroot User Account and Password (CTPView Server CLI)
- play_arrow Restoring Browser Access to a CTPView Server
- play_arrow Changing a CTPOS User Password
Separate Interfaces for Management and Circuit Traffic Overview
Until CTPOS and CTPView Release 7.1, only one network device (the default device) is used for both management and circuit data. In certain network topologies, a segregation is required between the circuit or Ethernet traffic and management traffic. Therefore, separate interfaces need to be used for the management and circuit networks so that traffic segregation can be achieved at the physical interface level. Starting with CTPOS Release 7.2, support for configuring two default gateways, one for management traffic and the other for circuit device, is available, which enables circuit and management traffic to be segregated.
The functionality to segregate management and circuit traffic requires at least two Ethernet devices—one for circuit traffic and the other for management traffic. When this feature is enabled, both management and circuit interfaces are required to be configured. Segregation of traffic is performed on the basis of the management and circuit device or interface. CTP devices that support two default gateways are required—one for management device and other for circuit device. Each interface replies to incoming packets via its own default gateway. All incoming and outgoing packets in the circuit network traverse through the circuit device gateway (main default gateway). All incoming and outgoing packets in the management network traverse through the management device gateway.
For having two default gateways, policy-based routing is required.
Policy-based routing enables the creation of multiple routing tables,
one for each interface. Policy-based routing provides a flexible
mechanism for forwarding data packets based on polices configured
by a network administrator. This capability enables you to implement
policies that selectively cause packets to take different paths. For
circuit traffic, the main routing table, inet.0 is referred and for
management traffic, the newly-created policy-based routing table is
referred. The policy-based routing table is used, based on a set
of rules. Using the main routing table for circuit device enables
any IP table-related changes for the SAToP and CESoPSN bundles to
be avoided. An entry of this newly created policy-based routing table
is stored at /etc/iproute2/rt_tables
.
The “IPV4 configuration” under “Config Network Settings” menu is modified to enable the configuration of different interfaces for management traffic and circuit or Ethernet traffic. The Display network settings menu is modified to display the circuit and management network devices. A separate conf file is implemented to indicate the status of this feature (whether it is enabled or not). Apart from feature status, this configuration file also stores information related to circuit and management device. With this feature to distinguish management and circuit traffic, Ethernet failover is supported only on the circuit interface and not on the management interface. This feature cannot be activated during the first boot process.
After the management device is selected, a new policy based routing table is created for this device. For example, if the routine table is named 10 tab-eth0, 10 denotes the route table number and tab-eth0 signifies the route table name created for management device eth0. This table is referred according to the rule specified in the rule-eth0 file.
The following command displays the main route table and the newly created policy based route table “tab-eth0”:
[root@ctp_90 ctp_cmd 2]# ip route show tab main 1.1.1.0/24 dev eth0 scope link 10.216.118.0/23 dev eth1 scope link 169.254.0.0/16 dev eth1 scope link 127.0.0.0/8 dev lo scope link default via 10.216.119.254 dev eth1
[root@ctp_90 ctp_cmd 3]# ip route show tab tab-eth0 1.1.1.0/24 dev eth0 scope link default via 1.1.1.3 dev eth0
The following command displays the rules added for the policy-based route table:
[root@ctp_90 ctp_cmd 4]# ip rule show 0: from all lookup local 32764: from all to 1.1.1.1 lookup tab-eth0 32765: from 1.1.1.1 lookup tab-eth0 32766: from all lookup main 32767: from all lookup 253
When this feature is disabled, the IP config/query section in the CTP Menu does not display the option for segregating management and circuit traffic.
Operations Performed When Management and Circuit Traffic Are Segregated
When you activate the feature to separate management and circuit traffic, you are prompted to enter the default circuit and default management device. If you enter the same device for both management and circuit devices, an error message is displayed stating that you need to define different devices for circuit and management traffic. When you enter a correct management device (say ethX), a reference for the policy-based routing table is created for management device. An entry of its route-table number and route-table name is added in /etc/iproute2/rt_tables. This route table is referred for the management device according to the rule specified by its rule file (rule-ethX).
After you configure the management device, a route entry for
its own subnet and a default gateway route for that device is added
to the route- ethX file. Rules are added to rule-ethX file to handle
the inbound and outbound packets through this network. The rule-ethX
file contains the rules such that if any packet arrives for the management
network or if any packet is originated from the management network
IP address, then such a packet is transmitted through the management
device gateway. An existing configuration file, /etc/sysconfig/ctp
, is used to store this feature configuration. The configuration
of this feature contains the status of this feature, circuit device
name, and management device name.
The following example illustrates the contents of the /etc/sysconfig/ctp
file:
[root@ctp_90 ctp_cmd 5]# cat /etc/sysconfig/ctp CTP=yes TARGET=yes CTP_IP_PROTO=0 status=1 ckt_dev=eth0 mgmt_dev=eth1
When you disable this feature, the policy-based route table and the rules corresponding to that route table are deleted from the system and the system is configured as it was configured previously (with one default gateway). The route-ethX file and rule-ethX files are also be deleted from the system after the feature is disabled.
This feature is not supported with IPv6-only or independent IPv6 (and not a combination of IPv4 and IPv6) configuration. This limitation denotes that with IPv6 configuration settings specified on a CTP device, the option to separate management and circuit traffic is not available for configuration. If this feature is enabled on CTP150 devices, Ethernet failover cannot be activated because CTP150 devices contain only two Ethernet devices and the PCI mezzanine card (PMC) is not supported on such devices.