USER MANUAL

FOX61x
Management Communication
FOX61x Management Communication with
FOXCST Local Manager
Management Communication User Manual
Document ID 1KHW028522

Document edition FOX61x System Release: R15B

Revision: A
Date: 2022-01-24

Copyright and confidentiality Copyright in this document vests in Hitachi Energy.

Manuals and software are protected by copyright. All rights reserved. The copying,
reproduction, translation, conversion into any electronic medium or machine
scannable form is not permitted, either in whole or in part. The contents of the
manual may not be disclosed by the recipient to any third party, without the prior
written agreement of Hitachi Energy.
An exception is the preparation of a backup copy of the software for your own use.
For devices with embedded software, the end-user license agreement on the
enclosed CD applies.
This document may not be used for any purposes except those specifically
authorized by contract or otherwise in writing by Hitachi Energy.

Disclaimer ABB is a registered trademark of ABB Asea Brown Boveri Ltd.

Manufactured by/for a Hitachi Energy company.
Hitachi Energy Switzerland Ltd (hereinafter referred to as Hitachi Energy) has taken
reasonable care in compiling this document, however Hitachi Energy accepts no
liability whatsoever for any error or omission in the information contained herein and
gives no other warranty or undertaking as to its accuracy.
Hitachi Energy can accept no responsibility for damages, resulting from the use of
the network components or the associated operating software. In addition, we refer to
the conditions of use specified in the license contract.
Hitachi Energy reserves the right to amend this document at any time without prior
notice.
The product/software/firmware or the resulting overall solution are designed for data
processing and data transmission and may therefore be connected to communication
networks. It is your sole responsibility to provide and continuously ensure a secure
connection between the product/software/firmware or the resulting overall solution
and your network or any other networks (as the case may be). You shall establish
and maintain any appropriate measures (such as but not limited to the installation of
firewalls, application of authentication measures, encryption of data, installation of
anti-virus programs, etc.) to protect the product/software/firmware or the resulting
overall solution, the network, its system and all the interfaces against any kind of
security breaches, unauthorized access, interference, intrusion, leakage and/or theft
of data or information. Hitachi Energy and its affiliates are not liable for damages and/
or losses related to such security breaches, any unauthorized access, interference,
intrusion, leakage and/or theft of data or information.
Although Hitachi Energy provides functionality testing on the products including
related firmware and software that we release, you should institute your own testing
program for any product updates or other major system updates (to include but not
limited to firmware/software changes, configuration file changes, third party software
updates or patches, hardware exchanges, etc.) to ensure that the security measures
that you have implemented have not been compromised and system functionality in
your environment is as expected.

Copyright 2022 Hitachi Energy. All rights reserved. 2

FOX61x | MANAGEMENT COMMUNICATION

Contents
1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1 Precautions and Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2 Symbols and Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4 Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5 Definition of terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 FOX61x Management Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 Network Element IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1.1 User Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1.2 Session Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1.3 Firewall Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2 FOXCST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.1 Local Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.2 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.3 Session Management Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.3 FOXMAN-UN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4.1 Supported SNMP Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.4.2 SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.5 Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.5.1 Syslog Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.5.2 Syslog Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.6 Connection Test of Readiness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.6.1 Configuration and Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.6.2 Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.6.3 Ping and Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4 Management Access Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.1 Management Connection Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2 Management Traffic Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.2.2 OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.2.3 Virtual Router Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4.2.4 Link Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.2.5 RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.2.6 Block on Standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.1 Security Measures Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.2 FOX61x User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.2.1 Local NE Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.2.2 Remote RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.2.3 Example RADIUS Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.2.4 Password Rules for Local Authentication . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3 SNMP v3 User Authentication and Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.4 SSHv2 Encrypted Management Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.4.1 FOXCST over an Encrypted Communication Channel . . . . . . . . . . . . . . . . . 59
5.4.2 CLI over an Encrypted Communication Channel . . . . . . . . . . . . . . . . . . . . 59
5.5 FOX61x Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6 User Interface Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.1 FOXCST Menu File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Copyright 2022 Hitachi Energy. All rights reserved. 3

FOX61x | MANAGEMENT COMMUNICATION

6.1.1 Menu File - Manage Connections … . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.1.2 Menu File - Connect … . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.1.3 Menu File - Close . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.1.4 Menu File - Exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.2 FOXCST Menu Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.2.1 Menu Tools - Modify Password … . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.3 Introduction to the FOXCST “Management” View . . . . . . . . . . . . . . . . . . . . . . . . 66
6.4 AP: / managementNetwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.4.1 AP: / managementNetwork, Overview . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.4.2 AP: / managementNetwork, Main. . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.4.3 AP: / managementNetwork, Configuration . . . . . . . . . . . . . . . . . . . . . . . 69
6.5 AP: / managementNetwork / loopbackInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.5.1 AP: / managementNetwork / loopbackInterfaces, Main. . . . . . . . . . . . . . . . . 71
6.6 AP: / managementNetwork / loopbackInterfaces / lo-x . . . . . . . . . . . . . . . . . . . . . . 71
6.6.1 AP: / managementNetwork / loopbackInterfaces / lo-x, Main. . . . . . . . . . . . . . 71
6.6.2 AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration . . . . . . . . . 72
6.6.3 AP: / managementNetwork / loopbackInterfaces / lo-x, Status . . . . . . . . . . . . . 72
6.7 AP: / managementNetwork / mplsMccInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.7.1 AP: / managementNetwork / mplsMccInterfaces, Overview . . . . . . . . . . . . . . 73
6.7.2 AP: / managementNetwork / mplsMccInterfaces, Main. . . . . . . . . . . . . . . . . 74
6.7.3 AP: / managementNetwork / mplsMccInterfaces, Configuration . . . . . . . . . . . . 74
6.8 AP: / managementNetwork / mplsMccInterfaces / mcc-m . . . . . . . . . . . . . . . . . . . . 75
6.8.1 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Overview. . . . . . . . . . 75
6.8.2 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main . . . . . . . . . . . . 75
6.8.3 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration . . . . . . . 76
6.8.4 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Fault Management. . . . . 79
6.8.5 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Performance Management 79
6.8.6 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status . . . . . . . . . . . 81
6.9 AP: / managementNetwork / router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
6.9.1 AP: / managementNetwork / router, Main . . . . . . . . . . . . . . . . . . . . . . . 82
6.9.2 AP: / managementNetwork / router, Configuration . . . . . . . . . . . . . . . . . . . 83
6.9.3 AP: / managementNetwork / router, Status . . . . . . . . . . . . . . . . . . . . . . . 84
6.10 AP: / managementNetwork / router / ospf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
6.10.1 AP: / managementNetwork / router / ospf, Main . . . . . . . . . . . . . . . . . . . . 85
6.10.2 AP: / managementNetwork / router / ospf, Configuration . . . . . . . . . . . . . . . . 86
6.10.3 AP: / managementNetwork / router / ospf, Status . . . . . . . . . . . . . . . . . . . 89
6.11 AP: / managementNetwork / router / ospf / area-y . . . . . . . . . . . . . . . . . . . . . . . . 94
6.11.1 AP: / managementNetwork / router / ospf / area-y, Main . . . . . . . . . . . . . . . . 94
6.11.2 AP: / managementNetwork / router / ospf / area-y, Configuration . . . . . . . . . . . 95
6.11.3 AP: / managementNetwork / router / ospf / area-y, Status . . . . . . . . . . . . . . . 97
6.12 AP: / managementNetwork / tdmInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
6.12.1 AP: / managementNetwork / tdmInterfaces, Overview . . . . . . . . . . . . . . . . . 98
6.12.2 AP: / managementNetwork / tdmInterfaces, Main . . . . . . . . . . . . . . . . . . . 98
6.12.3 AP: / managementNetwork / tdmInterfaces, Configuration . . . . . . . . . . . . . . . 99
6.13 AP: / managementNetwork / tdmInterfaces / ppp-z . . . . . . . . . . . . . . . . . . . . . . . . 100
6.13.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Overview . . . . . . . . . . . . . 100
6.13.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Main . . . . . . . . . . . . . . . 100
6.13.3 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration . . . . . . . . . . . 101
6.13.4 AP: / managementNetwork / tdmInterfaces / ppp-z, Fault Management . . . . . . . . 105
6.13.5 AP: / managementNetwork / tdmInterfaces / ppp-z, Performance Management . . . . 106
6.13.6 AP: / managementNetwork / tdmInterfaces / ppp-z, Status. . . . . . . . . . . . . . . 108
6.14 AP: / managementNetwork / vlanInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
6.14.1 AP: / managementNetwork / vlanInterfaces, Overview . . . . . . . . . . . . . . . . . 110
6.14.2 AP: / managementNetwork / vlanInterfaces, Main . . . . . . . . . . . . . . . . . . . 110
6.14.3 AP: / managementNetwork / vlanInterfaces, Configuration. . . . . . . . . . . . . . . 111
6.15 AP: / managementNetwork / vlanInterfaces / vlanInterface-v. . . . . . . . . . . . . . . . . . . 111
6.15.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Overview . . . . . . . . 111
6.15.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Main . . . . . . . . . . 112
6.15.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration . . . . . . 112

Copyright 2022 Hitachi Energy. All rights reserved. 4

FOX61x | MANAGEMENT COMMUNICATION

6.15.4 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Fault Management . . . 117

6.15.5 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Performance Management .
117
6.15.6 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status . . . . . . . . . 119
6.16 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w . . . . . . . . . . . . . . 120
6.16.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Main . . . . . . 120
6.16.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Configuration . 122
6.16.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Status . . . . . 124
6.17 Introduction to FOXCST “Shelf View” and “Tree View” . . . . . . . . . . . . . . . . . . . . . . 125
6.18 AP: / ne . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
6.18.1 AP: / ne, Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
6.18.2 AP: / ne, Fault Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.18.3 AP: / ne, Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.19 AP: / unit-x / … / Local Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
6.19.1 AP: / unit-x / port-6 (Local Management), Overview . . . . . . . . . . . . . . . . . . 147
6.19.2 AP: / unit-x / port-6 (Local Management), Main. . . . . . . . . . . . . . . . . . . . . 147
6.19.3 AP: / unit-x / port-6 (Local Management), Configuration . . . . . . . . . . . . . . . . 148
6.19.4 AP: / unit-x / port-6 (Local Management), Fault Management . . . . . . . . . . . . . 149
6.19.5 AP: / unit-x / port-6 (Local Management), Status . . . . . . . . . . . . . . . . . . . . 149
7 Annex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
7.1 Associated FOX61x Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Copyright 2022 Hitachi Energy. All rights reserved. 5

FOX61x | MANAGEMENT COMMUNICATION PREFACE

1 Preface

1.1 Precautions and Safety

Before you handle any equipment you must comply with the safety advices.
Adherence to the safety instructions ensures compliance with the safety requirements as
defined in IEC 62368-1 (Safety of audio/video, information and communication technology
equipment).
Please refer to the following document:
[1KHW002497] Operating Instruction “Precautions and safety”.

1.2 Symbols and Notations

This User Manual uses the following symbols:

Risk of operating trouble!

Indicates that an action may lead to operating trouble or loss of data.
→ Possible actions are given.

Please note:
Shows a significant information.
→ Possible actions are given.

1.3 Document History

Table 1: Document history
Document ID FOX61x Rev. Date Changes since previous version
Release
1KHW028522 R15B A January 2022 - New password rules and password verification as
described in section 5.2.4 and section 6.2.1.
- Added details about required user class for RADIUS
server configuration parameters in section 5.2.2, sec-
tion 6.18.1.3, and section 6.18.3.4.
- Updated branding and copyright statement.
1KHW028522 R15A G June 2021 - New user class “support”.
- RADIUS example in section 5.2.3 corrected.
- IPSec for management communication no longer sup-
ported.
- Update copyright statement.
1KHW028522 R14A F June 2020 - New section 2.4 Network Element IP Address (on
page 12).
- Revised section 3.2.1 Local Access (on page 15).
- New and rearranged section section 4 Management
Access Network (on page 45).
- Support of two VLAN based management interfaces
on the CESM1 and CESM2 unit.

Copyright 2022 Hitachi Energy. All rights reserved. 6

FOX61x | MANAGEMENT COMMUNICATION PREFACE

Table 1: Document history

Document ID FOX61x Rev. Date Changes since previous version
Release
1KHW028522 R3B_SP01 E December 2019 - New display of the management interfaces MAC
address.
- New FOXMAN-UN authentication method with public/
private key pairs.
- Fallback to local NE authentication procedure modi-
fied. See section 3.2.3.4 Local Authentication Fallback
(on page 29).
- Update of references to the synchronization user man-
ual.
1KHW028522 R3B D June 2019 - PPP bandwidth selection corrected for CESM1 and
CESM2.
- Redundant management ports on redundant core
units.
- Update of the SNMP MIBs.
1KHW028522 R3A_SP01 C March 2019 - MTU size of the VLAN management interface configu-
rable.
1KHW028522 R3A B November 2018 - Support of the CESM3 core unit.
- Configurable source IP address for management traf-
fic.
- Configurable user class for the connection to a FOX-
61x with remote authentication and multiple user
classes per user in the RADIUS server.
- Maximum number of management router VLAN inter-
faces is 8 with the CESM3 unit.
- Display of the registered element managers.
- Fault management on the MCC router interfaces.
- Syslog management reworked with FOXCST R3A.
- UDP (SNMP) connection type no longer available.
- Maximum number of VRRP instances reduced from 8
to 2.
- New Hitachi Energy branding.
- Minimum “IP Probing Interval” is 3 s instead of 1 s.
- Clarified the description of the Management Commu-
nication parameters in the Session Management.
1KHW028522 R2C 1 November 2016 - Opening ports for firewall configuration added.
- Local access via VLAN bridge port (IP probing),
remote access (create LSP MCC Interface) and
FOXCST reference reworked.
- FOXCST Session Management Control added.
- Local NE authentication and fallback to local NE
authentication added.
- SNMP and SSH in security measures overview added.
1KHW028522 R2B 2 January 2016 - Port Type and MPLS added.
- Encrypted management connection added.
- SNMP added.
- Some other things reworked.
1KHW028522 R1A 1 April 2013 - First revision for current system release.

1.4 Target Audience

This User Manual is targeted at persons who are entrusted with the provisioning, operation and
administration of the system.
The persons targeted are
• the provisioning personnel, and/or
• the operation and administration personnel

Copyright 2022 Hitachi Energy. All rights reserved. 7

FOX61x | MANAGEMENT COMMUNICATION PREFACE

Please note:
Only instructed or skilled persons as per IEC 62368-1 may install and maintain the
system.

1.5 Definition of terms

Table 2: Specific terms and abbreviations
Term Explanation
ABB_PG Short form of Hitachi Energy.
CESM1 Designates the core and control unit CESM1 or CESM1-F of FOX61x.
CESM2 Designates the core and control unit CESM2 or CESM2-F of FOX61x.
Core Unit Designates the core and control unit CESM1, CESM1-F, CESM2, CESM2-F or
CESM3 of FOX61x.
Where certain features or characteristics apply to a specific core unit only, the
CESM1, CESM1-F, CESM2, CESM2-F or CESM3 is named explicitly.
FOX61x In this User Manual, the term “FOX61x” is used to name the network element types
FOX615 R2, FOX615, FOX612 and FOX611. Where certain features or characteris-
tics apply to a specific network element type only, the respective network element
type is named explicitly.

Copyright 2022 Hitachi Energy. All rights reserved. 8

FOX61x | MANAGEMENT COMMUNICATION INTRODUCTION

2 Introduction

2.1 General
This User Manual provides a detailed description for the FOX61x management communication
using the element manager FOXCST.
The FOX61x management concept is based on the FOX61x network element manager
(FOXCST) for local and remote management and the FOXMAN-UN network manager for
remote management from the Network Management Centre/Network Operation Centre.
The FOXMAN-UN offers Northbound Interfaces (NBI) for the OSS integration. The FOXMAN-
UN can manage both, FOX61x network elements and FOX61x networks, while the FOXCST
manages single FOX61x network elements only.

2.2 Management Overview

Network management Element management
with FOXMAN-UN with FOXCST (EM)

Hitachi Energy pro- Hitachi Energy proprietary pro-

prietary protocol tocol over an encrypted or
over TCP/IP unencrypted connection

Ethernet LAN
Element management
with FOXCST (EM)
Access network with
Hitachi Energy equip-
ment or third party
equipment
FOX61x NE
Interconnections over
- Ethernet LAN,
- TDM PPP links, or Local Connection:
- MPLS MCC links Hitachi Energy proprietary protocol
over an encrypted or unencrypted
Ethernet connection
Network with fur-
ther FOX61x NEs

Figure 1: FOX61x management connections

• Element management with FOXCST:

FOX61x network elements are managed via the standalone management tool FOXCST.
This tool provides the necessary configuration facilities as well as alarm and status supervi-
sion.
• Network management with FOXMAN-UN:
At the network level, FOX61x NEs can be managed via FOXMAN-UN. FOXMAN-UN pro-
vides the network management functions using the services of an integrated FOXCST. FOX-

Copyright 2022 Hitachi Energy. All rights reserved. 9

FOX61x | MANAGEMENT COMMUNICATION INTRODUCTION

61x NEs can be managed in a mixed network together with NEs of different types, e.g.
FOX51x NEs or NEs from third party vendors.
For details on the FOXMAN-UN refer to the Hitachi Energy customer documentation for the
FOXMAN-UN network management system.
• Logical connection between FOXCST and NE:
A standard unencrypted or encrypted protocol can be used for data transport between the
FOXCST and the NE. Upper OSI layers are Hitachi Energy proprietary.
• Management interconnections between FOX61x NEs:
Management interconnections can be
− routed connections via the Ethernet VLAN bridge, or
− routed connections via MPLS MCC links, or
− routed connections via TDM PPP links.
• FOX61x NE management connection:
The FOX61x NE can be accessed
− by direct connection to the Ethernet local management port (not routed);
− by direct connection to the FOX61x Switch via a VLAN switch port (routed);
− by indirect connection via a routed network that can consist of other FOX61x NEs or third
party equipment.

2.3 FOX61x Management Architecture

The core unit of the FOX61x supports routing functionality for management traffic.

Copyright 2022 Hitachi Energy. All rights reserved. 10

FOX61x | MANAGEMENT COMMUNICATION INTRODUCTION

FOX61x NE

Local
Management NE Management Loopback Interface lo-1
Port

Loopback Interface lo-8

Management
Router
MPLS Interface mcc-1

MPLS Interface mcc-10

VLAN Interface-1 TDM Interface ppp-1

VLAN Interface-8 TDM Interface ppp-16

Packet Implicit Access Port

Core Unit
Network
(MPLS-TP) Ethernet Port
(MPLS-TP) Internal Port
(CVP)
Packet Ethernet Port
Network (CVP) VLAN Bridge/
(802.1Q)
MPLS-TP

PBUS
Service Unit
Packet
Ethernet Port
Network
(CVP)
(802.1Q)

Service Unit
Packet
Ethernet Port
Network

Service Unit
P12 or P0-nc TDM channel on a
TDM PDH or SDH service unit
TDM Port
Network

Figure 2: FOX61x management architecture

Please note:
The CESM1 and CESM2 core units offer only two VLAN interfaces to access the
management router.
• NE Management:
The NE management handles the management functions of the network element as they are
displayed in FOXCST.
The NE management is associated with the management router, i.e. any IP address on the
management router can be used as management address, provided IP connectivity between
the FOXCST and the management router is established.
Hitachi Energy suggests to use the first loopback address or one of the VLAN interface
addresses for the management access.

Copyright 2022 Hitachi Energy. All rights reserved. 11

FOX61x | MANAGEMENT COMMUNICATION INTRODUCTION

• Management Router:
The router for management traffic provides both static routing and dynamic routing. The
availability of the management access can be improved using VRRP to protect critical net-
work components like gateway routers.
• Local Management Port (core unit):
The local management port operates as a console port. As shown in Figure 2 this port con-
nects directly to the NE management and has no connection to the router. Therefore the NE
is always accessible via the local management port, even with missing or faulty router con-
figuration.
• VLAN Interfaces:
The VLAN interfaces connect the central VLAN bridge/switch function of the FOX61x NE to
the management router. The interfaces are identified by an IP address on the router side and
by a VLAN ID on the switch side. Two VRRP instances are supported per VLAN interface in
order to solve the single point of failure problem on Ethernet links.
Physical Ethernet ports are necessary in order to connect a logical VLAN router interface to
the outside world. Any Ethernet port of the FOX61x Switch can be used for VLAN bridging.
It is also possible to use internal switch ports for remote management, using appropriate
VLAN tagging, e.g. with the EPSI1 unit.
For more information please refer to [1KHW028566] User Manual “Ethernet Switching”.
• MPLS Interfaces MCC:
The MPLS-TP transport function of the FOX61x NE can be used for remote management via
an MPLS-TP network.
Up to 10 MPLS MCC interfaces are supported in order to build meshed management net-
works. MPLS MCC links can be configured over MPLS-TP sections or over LSPs.
The logical MPLS router interfaces use the core units front ports.
• TDM Interfaces PPP:
Up to 16 TDM interfaces are supported in order to build meshed management networks.
PPP links with various modes can be configured over TDM interfaces.
A physical TDM port is necessary in order to connect the logical TDM router interfaces to the
outside world. Any TDM transport unit with PBUS access can be used.
• Loopback Interfaces:
The management router provides eight loopback interfaces in order to lend IP addresses to
unnumbered PPP and MCC links.

2.4 Network Element IP Address

The IP source address of the outgoing management traffic used by the FOX61x network ele-
ment is per default the IP address of the outgoing port. Therefore, if the outgoing port for man-
agement traffic changes, the source IP address will change too. This behavior can be a problem
if a firewall is involved but also some server applications may have an issue. To solve this issue,
the FOX61x management network can be configured to use always the same source IP
address. The source IP address can be taken from one of the available management router
interfaces or from a loopback interface, see section 6.4.3.1 AP: / managementNetwork, Configu-
ration - Source IP Address (on page 69).

Please note:
Make sure that the configured IP source address is always accessible, even if the
port using this IP address is down.
→ Use a loopback address for management access and enable OSPF on this
loopback interface.

Copyright 2022 Hitachi Energy. All rights reserved. 12

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3 Management Access

3.1 Introduction

3.1.1 User Classes

FOX61x offers four five classes, each one with its distinctive access level:
• Information:
Read access only.
• Maintenance:
Read access plus write access for performance monitoring and diagnostics operations, e.g.
setting of test modes or counter reset.
• Manager:
Read access plus write access for all operations with the exception of those commands and
properties, which are reserved to the session manager.
• Support:
Read access plus write access for all operations with the exception of those commands and
properties, which are reserved to the session manager.
Provides the user with expanded troubleshooting data compared to the manager user.

Please note:
User class “Support” should only be used after consulting technical support. The
expanded troubleshooting options are not described in the user manuals.
• Session Manager:
Read access plus write access for
− session management (administrative states of different access and authentication types,
session times),
− public/private key management for user authentication (FOXMAN-UN only),
− session control (authority to kill any active session except his own),
− RADIUS client attributes,
− SNMP agent attributes (v1/v2 communities, v3 users),
− Modification of passwords.

3.1.2 Session Management

A FOX61x NE allows up to 16 simultaneous management sessions. Up to two sessions can be
active using the local management port.
One session is always reserved for the session manager, the other 15 sessions can be used by
other user classes in any distribution, but only one session of class “Session Manager” is
allowed at a time. More than one simultaneous session of class “Manager” is thus accepted. It
lies in the responsibility of the connected users to avoid configuration conflicts.
However the acceptance of multiple manager sessions is essential in order not to block service
provisioning by FOXMAN-UN, i.e. FOXMAN-UN must be allowed to start a manager session to
any NE at any time.
The session manager has the authority to terminate all active sessions except his own.

Copyright 2022 Hitachi Energy. All rights reserved. 13

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.1.3 Firewall Setup

3.1.3.1 Windows Firewall

In today’s networks the use of a firewall is mandatory unless working in completely isolated net-
works.
However, besides making connections safer, firewalls can also become a problem to legitimate
applications if not configured properly.
Please refer to [1KHW002466] User Manual “FOXCST” for information about the setup of a
Windows firewall.

3.1.3.2 Opening Ports for the FOX61x Management Communication

FOXMAN-UN RADIUS Syslog SSHv2 server with

Workstation NTP Server SNMP host server target SFTP support

LAN
FOXCST Telnet client or
SSHv2 client
inside the firewall
Firewall
outside the firewall

FOX61x
Management network

LAN

Figure 3: Management communication through a firewall

Table 3: Protocols and processes used for management traffic with FOX61x NEs
Protocol Application Port Comments
/ service number
TCP FOXCST 5556 Destination port for unencrypted FOXCST or FOXMAN-UN traffic (the commu-
nication is always initiated by FOXCST or FOXMAN-UN).
TCP FOXCST 5558 Destination port for SSH encrypted FOXCST traffic.
UDP FOXCST 8047 Destination port for notifications from the FOX61x NE to the FOXCST.
UDP NTP 123 Destination port for SNTP queries from the FOX61x NE (NTP client).
UDP SNMP 161 Destination port for SNMP traffic.
UDP SNMP trap 162 Used by the FOX61x NE as destination port for SNMP traps.
TCP FTP 21 Used by the FOX61x NE as destination port for any file transfer in conjunction
with CLI management over Telnet (session initiated by the FTP client in the
FOX61x NE).

Copyright 2022 Hitachi Energy. All rights reserved. 14

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Table 3: Protocols and processes used for management traffic with FOX61x NEs
Protocol Application Port Comments
/ service number
TCP SSH 22 Used by the SSH client as destination port for the SSH session (initiated
by the SSH client).
TCP SSH 22 Used by the SSH client as destination port for any file transfer in conjunction
with CLI management over SFTP (initiated by the SSH client in the FOX61x
NE).
TCP Telnet 23 Used by the Telnet client as destination port for the Telnet session (initi-
ated by the Telnet client).
UDP syslog 514 Standard port for Syslog messages
UDP RADIUS 1812 Used for the user authentication via RADIUS authentication server

3.2 FOXCST
FOX61x network elements are managed via the standalone management tool FOXCST
(Enhanced Configuration Software Tool). The FOXCST is the basic management tool for com-
missioning, operation and performance monitoring of FOX61x Network Elements (NE). It also
provides the static alarm and status supervision.
The FOXCST provides local or remote access to one NE at a time. Several instances of the
FOXCST can run simultaneously, each one connecting to one NE.
The FOXCST can be connected to an NE in one of the following ways:
• Local access to the NE management
− using the Ethernet local management port on the active core unit.
Refer to section 3.2.1 Local Access (on page 15).
• Remote access to the NE management via the management router
− using an Ethernet interface on a core unit or on an Ethernet service unit, or
− using a MPLS MCC interface on a core unit, or
− using a TDM interface on a TDM service unit.
Refer to section 3.2.2 Remote Access (on page 17).
Please refer to [1KHW002466] User Manual “FOXCST” for information about the FOXCST GUI
handling, FOXCST installation and first connection to a FOX61x NE.

3.2.1 Local Access

VLAN untagged traffic FOX61x NE

Local Management NE Management

- accessible from the Local Management
Port Port with the IP Address A.
- IP Address = A - accessible from the Management Router
Port with the IP Addresses BA to BH.

Element Manager

Figure 4: Local management traffic access

Please note:
The local management port on a standby core unit is deactivated, except the core
unit is running in the bootloader.

Copyright 2022 Hitachi Energy. All rights reserved. 15

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.2.1.1 Local Access via the Local Management Port

Local management of a FOX61x network element is done via the Ethernet local management
port of the active core unit. It allows a direct connection to the system using a point-to-point con-
nection. The purpose of the local management interface is commissioning and maintenance of
the FOX61x via a local craft device.
Up to two sessions can be active using the local management port.
For systems with a redundant core unit only the local management port of the active core unit
communicates. The local management port of the standby core unit is deactivated. You have to
connect your element manager to the active core unit.
The local management port is an Ethernet interface of the type 10/100BASE-TX (CESM1 and
CESM2) or 10/100/1000BASE-T (CESM3) and supports auto-negotiation with half- and full-
duplex mode and automatic MDI/MDIx switchover.
The default IP address of the local management port is set to 192.168.1.1 (core unit plugged in
slot-11) or 192.168.1.2 (redundant core unit plugged in slot-13) and belongs to the 192.168.1
subnet, i.e. the IP address of the element manager PC must be in the range 192.168.1.3 to
192.168.1.254.

Please note:
The IP address and network mask of the local management port can be config-
ured.
→ Please refer to section 6.19 AP: / unit-x / … / Local Management (on page 147).
Management traffic accesses the NE management with untagged Ethernet traffic. The local
management port cannot become a management router interface. Furthermore the 192.168.1
subnet will not be distributed by the router as connected network.

Please note:
For an example of a local management connection using the local management
port please refer to [1KHW002466] User Manual “FOXCST”.

Copyright 2022 Hitachi Energy. All rights reserved. 16

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.2.2 Remote Access

FOX61x NE

Loopback Interface lo-1

NE Management - IP Address = CA
- accessible from the Management Router
Ports with t he IP Addresses
BA to BH, CA to CH, DA to DJ and EA to EP. Loopback Interface lo-8
- IP Address = CH

MPLS Interface mcc-1

- IP Address = DA
Management
Router MPLS Interface mcc-10
- IP Address = DJ

VLAN Interface: VLAN Interface: TDM Interface ppp-1

- IP Address = BA - IP Address = BH - IP Address = EA
- VLAN ID = Mgmt-VI D - VLAN ID = Mgmt-VI D
TDM Interface ppp-16
- IP Address = EP
NE management via Ethernet

Implicit Access Port Implicit Access Port

(not shown in the AP tree; (not shown in the AP tree; IP traffic is routed bet ween the
with PVID = Mgmt-VID A) with PVID = Mgmt-VI D H) vlanInterfaces, the tdmInterfaces
and mplsMccInterfaces.
VLAN untagged traffic
The Local Management Port cannot
Packet Access Port become an OSPF router interface.
Network (CVP)
(802.1Q) - PVID = one of the Mgmt-VI D

PBUS
VLAN tagged traff ic with VID = one of the Mgmt-VID.
The Mgmt-VID must be added to the Bridge

Packet
Network Trunk Port
(CVP)
Bridge
(802.1Q)

NE management via a MPLS-TP net work.

The MCC link must be t erminated in the MPLS-TP net work

Packet
Network Trunk Port
(MPLS-TP)
(MPLS-TP)

NE management via a TDM network.

The PPP link must be terminated in the TDM network

TDM PPP transport:

TDM Port
Network P12/P0-nc

Figure 5: Remote management traffic access

Please note:
The CESM1 and CESM2 core units offer only two VLAN interfaces to access the
management router.
Remote management of a FOX61x network element is done via a FOX61x customer VLAN
bridge port (CVP) or via a data communication network (DCN).
In order to be able to connect to your FOX61x from a remote FOXCST, you need to pre-config-
ure the FOX61x’s traffic interface (Ethernet, TDM, MPLS) and the router port(s) via a local man-
agement connection using the local management port. Refer to section 3.2.1.1 Local Access via
the Local Management Port (on page 16).

Copyright 2022 Hitachi Energy. All rights reserved. 17

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
In general a loopback interface IP address should be used to access a network ele-
ment if a redundant path is available. The advantage of a loopback interface IP
address is that it is always up and running independent of the state of a physical
interface.
For an example of a remote management connection using an OSPF loopback interface please
refer to section 3.2.2.4 Remote Management using OSPF (on page 24).

3.2.2.1 Remote Access via a FOX61x Customer VLAN Bridge Port

FOX61x network elements can be connected over a 802.1Q packet network using FOX61x
Switch (customer VLAN bridge) ports. When connecting a FOX61x network element to a
switched or routed network, management traffic can be forwarded to any Ethernet port of the
FOX61x Switch.
Pre-configure your FOX61x’s Ethernet port, the IP address and management VLAN ID of the
used VLAN interfaces. Also the routers VLAN interface must be created and enabled:
• If the management traffic is VLAN tagged outside the FOX61x, the management traffic
accesses the FOX61x Switch via a “trunk” port, a “trunk with native VLAN” port or a “general”
port supporting tagged Ethernet frames. The management traffic’s VLAN ID must be the
same as configured for the used VLAN Interface of the FOX61x management network:
− AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - VLAN.
The management VLAN ID must also be added to the bridge at the AP: Switching / Bridges /
bridge-1, VLANs.
The NE management VLAN ID can be configured in the range 1 … 4089. It is not recom-
mended to use the default VLAN ID 1 as the management VLAN ID.

Please note:
The management VLAN ID must not be used as PTP VLAN ID. Select a manage-
ment VLAN ID that is not used by a PTP VLAN.
→ Please refer to [1KHW029105] User Manual “Synchronization”.
• If the management traffic is untagged outside the FOX61x, the management traffic accesses
the FOX61x Switch via an “access” port, a “trunk with native VLAN” port or a “general” port
supporting untagged Ethernet frames. The port VLAN ID of the access ports (PVID) must be
the same as configured for the used VLAN Interface of the FOX61x management network.
For systems with a redundant core unit two ports can be configured for management traffic
access, one on the working and one on the redundant core unit. The “Block on Standby” param-
eter of the physical port (AP: /unit-x/port-y, Main - Physical) allows to have only the port on the
active core unit communicating while the port on the standby unit forwards no traffic. You can
connect your element manager to both core units in parallel without using xSTP.

Risk of operating trouble!

Do not enable RSTP on a port which has enabled “Block on Standby”.
Management traffic is routed between the router’s VLAN- (vlanInterface), TDM (ppp)- and MPLS
(mcc) interfaces.

Please note:
For the configuration of the management VLAN interface using the FOXCST Basic
Settings dialog please refer to [1KHW002466] User Manual “FOXCST”.
For the configuration of the management VLAN interface please refer to section
6.15 AP: / managementNetwork / vlanInterfaces / vlanInterface-v (on page 111).

Please note:
For the configuration of the FOX61x Switch parameters please refer to
[1KHW028566] User Manual “Ethernet Switching”

Copyright 2022 Hitachi Energy. All rights reserved. 18

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Risk of operating trouble!

Changing the management VLAN ID can result in loss of the management connec-
tions, depending on the network topology.

Layer 2 802.1Q remote access setup

This action list shows step by step how to configure the 802.1Q parameters used for the remote
management connection.
To connect from a remote location to a FOX61x NE the following configuration steps must be
performed using a local management connection:
- The FOX61x switch ports used for the management connection must be configured and
enabled (Port Type = CVP, AdminState = Up).
- The management VLAN must be added to the bridge (FOX61x Switch) and assigned to
switch ports.

Please note:
The management VLAN ID must not be used as PTP VLAN ID. Select a manage-
ment VLAN ID that is not used by a PTP VLAN.
→ Please refer to [1KHW029105] User Manual “Synchronization”.
- The management VLAN interface must be configured and enabled (IP Address and Netmask
(same subnet), VLAN ID = management VLAN ID, AdminState = Up).
- The bridge interface mode must be configured to transport management and user traffic
(Mode = Trunk).

→ Set up the FOX61x Switch interface. Proceed as follows:

1. Configure the switch interface:
- FOXCST “Tree View”, AP: /ne, Main - Port Type.
- Select the Ethernet Ports,
e.g. /unit-11 (CESM1)/port-4:Ethernet.
- Set Usage = CVP (customer VLAN port).
- Apply the changes.
2. Configure the port blocking on the redundant core units:
- FOXCST “Tree View”, AP: /unit-11/port-4, Main - Physical.
- Configure the port blocking with unit redundancy,
Block on Standby = true.
- Apply the changes.
- FOXCST “Tree View”, AP: /unit-13/port-4, Main - Physical.
- Configure the port blocking with unit redundancy,
Block on Standby = true.
- Apply the changes.
3. Set the administrative state of the Ethernet interface(s) to up:
- FOXCST “Tree View”,
e.g. AP: /unit-11 or unit-13 (CESM1)/port-4:Ethernet, Main - General.
- Select the Interface Status, Admin Status = Up.
- Apply the changes.
Result: The switch port is configured.

Copyright 2022 Hitachi Energy. All rights reserved. 19

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

→ Set up the bridge management VLAN and port. Proceed as follows:

1. Configure the switch VLAN:
- FOXCST “Switching” view, AP: /Switching/Bridges/bridge-1, VLANs.
- Create a new VLAN.
- Set VLAN ID = 4089 (= example value).
- Set Name = management (= example value).
- Click “OK”.
- Apply the changes.
2. Configure the switch port:
- FOXCST “Switching” view, AP: /Switching/Bridges/bridge-1, Ports.
- Select Reference = /unit-11 or unit-13 (CESM1)/port-4:Ethernet.
- Set Port Mode = Trunk (= example value).
- Set PVID = 4089 (for untagged traffic only if e.g. Mode = Access).
- Apply the changes.
Result: The VLAN and port are configured.

→ Set up the VLAN interface. Proceed as follows:

1. Create the VLAN interface:
- FOXCST “Management” view,
AP: /managementNetwork/vlanInterfaces, Configuration - MgmtVlan.
- Create a management VLAN interface.
- Select an interface ID, e.g. vlanInterface-1.
- Set the management VLAN ID = 4089.
- Apply the changes.
2. Configure the VLAN interface:
- FOXCST “Management” view,
AP: /managementNetwork/vlanInterfaces/vlanInterface-1, Configuration - IP.
- Set the IP Address and Netmask.
- Apply the changes.
3. Set the administrative state of the VLAN interface to up:
- FOXCST “Management” view,
AP: /managementNetwork/vlanInterfaces/vlanInterface-1, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The VLAN interface parameters are defined.
End of instruction

Please note:
For the case a network element is connected to several other network elements
two or more FOX61x Switch ports have to be used. The VLAN interface is always
up and running as long the VLAN interface is enabled.

Please note:
For an example to configure OSPF, please refer to section 3.2.2.4 Remote Man-
agement using OSPF (on page 24).
For more information related to use MPLS and switching protocols in one network element and
for general VLAN interface and bridge configuration please refer to [1KHW028566] User Manual
“Ethernet Switching”.

Copyright 2022 Hitachi Energy. All rights reserved. 20

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.2.2.2 Remote Access via a TDM Port with a DCN Connection

The DCN connection allows a remote connection to the FOX61x network element using an
embedded communication channel (ECC) of the SDH or PDH transport units. The management
communication is terminated in the management router instance of the core unit.
The FOX61x management router offers 16 TDM interfaces using the PPP protocol.
The DCN method for the remote management of the FOX61x requires the configuration of the
FOX61x’s IP address, router parameters and DCN transport channels via a local management
connection.
Management traffic is routed between the router’s VLAN- (vlanInterface), TDM (ppp)- and MPLS
(mcc) interfaces.

Remote access via TDM PDH ECC

This action list shows step by step how to configure the TDM parameters used for the remote
management connection.
To connect from a remote location to a FOX61x NE using a TDM transport channel the following
configuration steps must be performed:
- The PDH channel have be configured and enabled.
- The Router TDM interface has to be created, configured and enabled.
- The TDM cross connection has to be established.

→ Set up a PDH channel. Proceed as follows:

1. Configure a TDM channel on a PDH unit (e.g. LEDE1):
- FOXCST “Tree View”, AP: /unit-x, port-y, Configuration - General.
- Select the Termination Mode = PCM30C.
- FOXCST “Tree View”, AP: /unit-x, port-y, Configuration - Channels.
- Click “Create Channel”.
- The “Create Channel” opens.
- Set n = 1 (1 TS = 64kb/s).
- Set Start Timeslot = 1
- Click “OK”.
2. Set the administrative state of the port-y to up:
- FOXCST “Tree View”, AP: /unit-x/port-y, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The channel is configured.

→ Router TDM interface. Proceed as follows:

1. Create the router PPP interface of the management network:
- FOXCST “Management” view,
AP: /managementNetwork/tdmInterfaces, Configuration - TDM.
- Click “Create PPP Interface …”.
- The “Create PPP Interface” opens.
- Select the Bandwidth “n=1 (64 kbit/s)”,
(set Bandwidth to the same value as the configured number of channel timeslots).
- Select the PPP Interface “ppp-1”.
- Click “OK”.
2. Configure the router PPP interface:
- FOXCST “Management” view,
AP: /managementNetwork/tdmInterfaces/ppp-1, Configuration - IP.
- Select the Addressing Mode = Numbered or Unnumbered,
for “Numbered” configuration set the IP Address and Netmask (same subnet as the
neighbor),
for “Unnumbered” configuration select “Unnumbered From” = lo-1.
- Apply the changes.

Copyright 2022 Hitachi Energy. All rights reserved. 21

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
For unnumbered configuration the OSPF loopback interface has to be configured
first. For an example how to configure OSPF and loopback interfaces, please refer
to section 3.2.2.4 Remote Management using OSPF (on page 24).
3. Set the administrative state of the ppp-1 interface to up:
- FOXCST “Management” view,
AP: /managementNetwork/tdmInterfaces/ppp-1, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The PPP interface is fully configured.

→ TDM cross connection. Proceed as follows:

1. Configure the cross connection
- “Cross Connections” tab of the FOXCST “TDM Services” view,
Click on the “Connection Wizard” button.
- The Create TDM Connection” dialog opens.
2. Set the connection parameters:
- Set the Layer Rate = P0_nc.
- Directionality = Bidirectional.
- Protected = No.
- Number = 1.
3. Execute “Next ->”.
4. Select the Z-End CTP:
- Select the CTP /managementNetwork/tdmInterfaces/ppp-1.
5. Execute “Next ->”.
6. Select the A-End CTP:
Select the CTP /unit-x/port-y/chan-1 (TS-1).
7. Execute “Create”.
Result: The TDM cross connection is established.
End of instruction

Please note:
For the configuration details of the management routers TDM interfaces please
refer to section 6.12 AP: / managementNetwork / tdmInterfaces (on page 98) and
section 6.13 AP: / managementNetwork / tdmInterfaces / ppp-z (on page 100).

3.2.2.3 Remote Access via an MPLS-TP Port with a DCN Connection

The DCN connection allows a remote connection to the FOX61x network element using an
management communication channel (MCC) of the core unit used as MPLS-TP transport unit.
The MCC (mcc-x) is transported over the generic associated channel (G-ACh) which is associ-
ated with an MPLS-TP physical or logical (VLAN based) section (mplsif-x) or an LSP, carrying
the IPv4 PDUs. The management communication is terminated in the management router
instance of the core unit.
The FOX61x management router offers 10 MCC interfaces.
The DCN method for the remote management of the FOX61x requires the configuration of the
FOX61x’s IP address, router parameters and DCN transport channels via a local management
connection.
Management traffic is routed between the router’s VLAN- (vlanInterface), TDM (ppp)- and MPLS
(mcc) interfaces.

Copyright 2022 Hitachi Energy. All rights reserved. 22

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Remote access via MPLS MCC interfaces

This action list shows step by step how to configure the MPLS MCC parameters used for the
remote management connection.
To connect from a remote location to a FOX61x NE using an MPLS MCC transport channel the
following configuration steps must be performed:
- The FOX61x switch port used for the management connection must be configured and
enabled.
- The Router MCC interface has to be created, configured and enabled.

→ Set up the MPLS-TP interface. Proceed as follows:

1. Configure MPLS-TP interface:
- FOXCST “Tree View”, AP: /ne, Main - Port Type.
- Select the Ethernet Ports,
e.g. /unit-11 (CESM1)/port-5:Ethernet.
- Set Usage = MPLS-TP.
- Apply the changes.
2. Set the administrative state of the Ethernet interface to up:
- FOXCST “Tree View”,
e.g. AP: /unit-11 (CESM1)/port-5:Ethernet, Main - General.
- Select the Interface Status, Admin Status = Up.
- Apply the changes.
Result: The MPLS-TP port is configured.

→ Router MCC interface. Proceed as follows:

1. Create the router MCC interface of the management network:
- FOXCST “Management” view,
AP: /managementNetwork/mplsMccInterfaces, Configuration - MPLS MCC.
- Click “Create Section MCC Interface …”.
To “Create LSP MCC Interface …” it is mandatory to configure first an MPLS-TP tunnel.
For more information please refer to [1KHW028618] User Manual “MPLS-TP Services”.
All other configuration steps for an MCC LSP connection are the same as for an MCC
Section connection.
- The “Create Section MCC Interface” dialog opens.
- Select the MPLS MCC e.g. “mcc-1”.
- Select the MPLS MCC Interface e.g. “mplsif-1”.
- Click “OK”.
2. Configure the router mcc interface:
- FOXCST “Management” view,
AP: /managementNetwork/mplsMccInterfaces/mcc-1, Configuration - IP.
- Select the Addressing Mode = Numbered or Unnumbered,
for “Numbered” configuration set the IP Address and Netmask (same subnet as the
neighbor)
for “Unnumbered” configuration select “Unnumbered From” = lo-1.
- Apply the changes.

Please note:
For both numbered and unnumbered configuration OSPF has to be enabled on the
MCC interfaces to detect the neighbor's IP address. Further on the OSPF protocol
has to be used on other interfaces to distribute the whole network, or static routes
have to be configured for specific routes. In contrast to PPP, the neighbor MCC
interfaces are not seen if OSPF is disabled on an interface. For an example how to
configure OSPF on MCC interfaces, please refer to section 3.2.2.4 Remote Man-

Copyright 2022 Hitachi Energy. All rights reserved. 23

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

agement using OSPF (on page 24). For an example how to configure static routes
please refer to section 3.2.2.5 Remote Management using Static Routes (on
page 26).
3. Set the administrative state of the mcc-1 interface to up:
- FOXCST “Management” view,
AP: /managementNetwork/tdmInterfaces/mcc-1, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The MCC interface is fully configured.
End of instruction

Please note:
For the configuration details of the management routers MCC interfaces please
refer to section 6.7 AP: / managementNetwork / mplsMccInterfaces (on page 73)
and section 6.8 AP: / managementNetwork / mplsMccInterfaces / mcc-m (on
page 75).

3.2.2.4 Remote Management using OSPF

When connecting a FOX61x NE to a routed network, management traffic can be forwarded via
any of the FOX61x router interfaces.

Risk of operating trouble!

If on the CESM1 and CESM2 core units the number of OSPF neighbors is bigger
than 32, this may have a negative impact on the core unit performance.
→ The total number of OSPF neighbors is independent of the number of config-
ured VLAN management interfaces.

Risk of operating trouble!

The CESM3 core unit supports up to 100 OSPF neighbors.
→ Neighbor relationships above this limit will not be established.

Please note:
On the CESM1 and CESM2 core units it is recommended to configure the hello
interval to 10 s or higher.
Before being able to connect from a remote location to a FOX61x NE using the OPSF protocol
the following configuration steps must be performed in addition to the configuration steps in sec-
tion 3.2.2.1 Remote Access via a FOX61x Customer VLAN Bridge Port (on page 18), section
3.2.2.2 Remote Access via a TDM Port with a DCN Connection (on page 21) or section 3.2.2.3
Remote Access via an MPLS-TP Port with a DCN Connection (on page 22):
• The FOX61x router OSPF protocol used for the management connection must be enabled
globally.
• The OSPF protocol must be configured and enabled on the VLAN, PPP and MCC interfaces.
• An OSPF loopback interface has to be configured in case “Unnumbered From” was selected
in the “tdmInterfaces” or “mplsMccInterfaces” IP configuration. Moreover a loopback inter-
face should be used in general if a network element is reachable over different paths, inde-
pendent of any protocol.

OSPF setup
This action list shows step by step how to configure the OSPF protocol used for the remote
management connection.

Copyright 2022 Hitachi Energy. All rights reserved. 24

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

→ Enable OSPF globally. Proceed as follows:

1. Configure the OSPF protocol globally:
- FOXCST “Management” view,
AP: /managementNetwork/router/OSPF.
2. Set the administrative state of the OSPF protocol to up:
- FOXCST “Management” view,
AP: /managementNetwork/router/OSPF, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The OSPF protocol is enabled globally.

→ Enable OSPF on the VLAN interface. Proceed as follows:

1. Configure the VLAN interface:
- FOXCST “Management” view,
AP: /managementNetwork/vlanInterfaces/vlanInterface-v, Configuration - OSPF.
- Enable the OSPF interface.
- Apply the changes.
Result: The OSPF protocol is enabled on the VLAN interface.

→ Enable OSPF on the PPP interface. Proceed as follows:

1. Configure the PPP interface:
- FOXCST “Management” view,
AP: /managementNetwork/tdmInterfaces/ppp-1, Configuration - OSPF.
- Enable the OSPF interface.
- Apply the changes.
Result: The OSPF protocol is enabled on the PPP interface.

→ Enable OSPF on the MCC interface. Proceed as follows:

1. Configure the MCC interface:
- FOXCST “Management” view,
AP: /managementNetwork/mplsMccInterfaces/mcc-1, Configuration - OSPF.
- Enable the OSPF interface.
- Apply the changes.
Result: The OSPF protocol is enabled on the MCC interface.

→ Configure a the loopback interface. Proceed as follows:

1. Configure the loopback interface:
- FOXCST “Management” view,
AP: /managementNetwork/loopbackInterfaces/lo-1, Configuration - IP.
- Set the IP Address and Netmask.
- Select the AP: /managementNetwork/loopbackInterfaces/lo-1, Configuration - OSPF.
- Enable the OSPF interface.
- Apply the changes.
2. Set the administrative state of the Loopback interface to up:
- FOXCST “Management” view,
AP: /managementNetwork/loopbackInterface/lo-1, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
Result: The loopback interface parameters are defined.
End of instruction

Copyright 2022 Hitachi Energy. All rights reserved. 25

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
The loopback interface is a host and not a physical interface with the advantage
that this interface is always reachable (can be pinged). Because of that the loop-
back interface netmask must be a host mask and can not be changed.

Please note:
The default OSPF configuration is fine for the most applications. When changing
the OSPF parameters keep in mind to do the changes in all OSPF routers of the
same area.

Please note:
Keep in mind to configure the default gateway on your PC for a routed network oth-
erwise the remote network elements will not be reachable.

3.2.2.5 Remote Management using Static Routes

Instead of using a routing protocol static routes are commonly used to save resources for a stub
network. Static routes can be configured on the FOX61x via a Gateway (Ethernet interface)
using the next hop IP address, or via a PPP interface representing the exit interface to the final
destination.
Although the MPLS-TP interface is an Ethernet interface the IP packet will not be encapsulated
in an Ethernet frame but in a MPLS section G-Ach. Because of that there is nothing like ARP to
find out the neighbors IP address and therefore OSPF must be enabled on MCC interfaces.
Concerning static routes, the configuration for MCC interfaces is the same as for the VLAN
interface, i.e. it operates via Gateway. Instead of using the exit interface as for PPP interfaces,
the next hop IP address has to be used.

Static routes for MCC interfaces

This action list shows step by step how to configure a static route for MCC interfaces using the
next hop IP address:
• The FOX61x switch ports used for the management connection must be configured and
enabled.
• The router MCC interfaces have to be created, configured and enabled. For the configuration
of the first two steps please refer to section 3.2.2.3 Remote Access via an MPLS-TP Port
with a DCN Connection (on page 22).
• The OSPF protocol has to be configured on the MCC interfaces.
• The static route has to be configured.

→ Configure OSPF on a MCC interface. Proceed as follows:

1. Configure the OSPF protocol globally:
- FOXCST “Management” view,
AP: /managementNetwork/router/OSPF.
2. Set the administrative state of the OSPF protocol to up:
- FOXCST “Management” view,
AP: /managementNetwork/router/OSPF, Main - Admin And Oper Status.
- Select the Administrative Status, State = Up.
- Apply the changes.
3. Configure the MCC interface:
- FOXCST “Management” view,
AP: /managementNetwork/mplsMccInterfaces/mcc-1, Configuration - OSPF.
- Enable OSPF interface.
- Apply the changes.
Result: The OSPF protocol is enabled on a MCC interface.

Copyright 2022 Hitachi Energy. All rights reserved. 26

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

→ Add a static route using the MCC interface. Proceed as follows:

1. Add a static route:
- FOXCST “Management” view,
AP: /managementNetwork/router, Configuration - Add …
- Set the static route IP Address and Netmask (destination network).
- Set Via = Gateway.
- Set the Gateway next hop IP address (MCC neighbor)
- Apply the changes.
Result: The static route using the MCC next hop IP address is configured.
End of instruction

Risk of operating trouble!

When configuring an MCC interface as numbered interface any network mask can
be used except the host address /32. With a host address static routing will not
work!

3.2.2.6 Remote Management Access via an Ethernet stand-alone Service Unit

When connecting a FOX61x NE to a routed network, management traffic can also be forwarded
to a Ethernet stand-alone service unit if the unit has access to the NE internal Gigabit Ethernet
star. These units support Ethernet transport or Ethernet over TDM transport.
The VLAN interface and bridge configuration is the same as for the local management connec-
tion using a FOX61x switch port but has to be done on the CESM1 or CESM2 internal port con-
figuration, or on the CESM3 backplane port configuration. Please refer to [1KHW028566] User
Manual “Ethernet Switching”.

3.2.3 Session Management Control

The following parameters in the AP: /ne, Configuration - Session Management control the
access to the FOX61x using the FOXCST.

3.2.3.1 Encrypted Management Communication

With the two parameters “Unencrypted” and “Encrypted” you can control the allowed manage-
ment access.

Table 4: Encrypted access

FOX61x configuration FOXCST, Connect
to
Management Communication Supported
Unencrypted Encrypted “Encrypted (SSH)”
parameter is …
or

Please note:
At least one of the Management Communication parameters must be set to true.

Please note:
The Management Communication parameters are related to FOXCST and FOX-
MAN-UN only.

Copyright 2022 Hitachi Energy. All rights reserved. 27

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
For backward compatibility and for FOXMAN-UN connections the default configura-
tion allows to connect over the unencrypted channel.
→ In case of security concerns or FOXMAN-UN is not needed the unencrypted
management communication channel can be disabled. For more information
please refer to section 6.18.1.2 AP: / ne, Configuration - Session Management
(on page 128).
→ Encrypted (SSH) should always be enabled when connecting to the FOX61x
since the unencrypted method will be proposed automatically in case the
encrypted method is not enabled. For more information please refer to section
6.1.1 Menu File - Manage Connections … (on page 61).

3.2.3.2 Local Management Port

When the Local Management Port is disabled the FOXCST can access the FOX61x only via a
remote connection to a management router interface.

Table 5: Local or remote access

FOX61x configuration FOXCST, Connect to
Local Management Port, Connection is supported with …
Enabled
<LMP address> 1 or <MRI address> 2
<MRI address>

1. LMP = Local Management Port

2. MRI = Management Router Interface

3.2.3.3 Access Authentication

Local and Remote Authentication can be enabled or disabled for the Local Management Port
(Local Interface) and for the management router ports (Remote Interface).
Local Authentication is performed in the FOX61x network element using the pre-configured
passwords for each user class, see section 5.2.1 Local NE Authentication (on page 52).
Remote Authentication is performed in a remote authentication server (RADIUS) using the pre-
configured passwords for each user, see section 5.2.2 Remote RADIUS Authentication (on
page 53).

Table 6: Access authentication

FOX61x configuration FOXCST, Connect to
Authentication Management Interfaces Connection is sup- Authentication is
Local Interface Remote Interface Local Interface Remote Interface ported with … supported …
Auth Local Auth Local Auth Radius Auth Radius
<LMP address> 1 Local
<MRI address> 2 Local
<LMP address> Remote (RADIUS)
<MRI address> Remote (RADIUS)

1. LMP = Local Management Port

2. MRI = Management Router Interface

Please note:
Any combination of the Authentication Management Interfaces parameters can be
set to true, but at least one of the parameters must be set to true.

Copyright 2022 Hitachi Energy. All rights reserved. 28

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
The remote authentication requires the configuration of the RADIUS client in the
FOX61x and an operational RADIUS server.
→ See section 5.2.2 Remote RADIUS Authentication (on page 53).

3.2.3.4 Local Authentication Fallback

When using local authentication, and the RADIUS client and the RADIUS authentication in the
FOX61x are configured and enabled, the first authentication attempts are always done towards
the RADIUS server.
If any of the configured RADIUS servers is operational the access to the FOX61x is not possible
with local authentication.
If none of the configured RADIUS servers is operational the access to the FOX61x is not possi-
ble except the authentication fallback parameter is set to true.

Table 7: RADIUS Local Authentication Fallback

FOX61x configuration FOXCST, Connect Access to the FOX61x
to parameters
RADIUS Local Authentication Fallback Authentication
Local yes
with NE userclass and password
Local no

Risk of operating trouble!

If none of the configured RADIUS servers is operational the time used for the
remote authentication attempts to a single RADIUS server is calculated from the
RADIUS client parameters as follows:
(1 + Max Retries) x (Server Timeout).
Using the default values the time is (1 + 3) x (5) = 20 s.
The FOX61x has a fixed timeout of 30 s when no TCP frames are received. If the
time used for the remote authentication attempts to the primary and alternate
RADIUS servers is longer than this timeout the local authentication fails.
→ Disable the RADIUS authentication, or
→ disable the RADIUS server, or
→ decrease the Max Retries and/or Server Timeout parameters to not exceed the
timeout limitation.

3.2.3.5 Retry Time Time-Out

The retry time controls the time a userclass is blocked after three unsuccessful connection
attempts.
The retry time is configurable by the session manager between 0 minutes (no lock-out) and
1440 minutes (24 hours lock-out).
A locked out user can be unlocked by the session manager by a password change for the corre-
sponding user class.

Please note:
For a description of the password configuration parameters please refer to section
6.2.1 Menu Tools - Modify Password … (on page 65).

Please note:
For a description of the timeout configuration parameters please refer to section
6.18.1.2 AP: / ne, Configuration - Session Management (on page 128).

Copyright 2022 Hitachi Energy. All rights reserved. 29

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.2.3.6 Login Process Overview

FOXCST
connect

Authentication
Local

N Local authentication Y
enabled

Y RADIUS authentication N
(1 + Max Retries) x and RADIUS client
(Server Timeout) enabled

Y RADIUS server N
reachable

N Local authentication Y
NE userclass and
fallback enabled password

Y Password N
OK

fail login reject

Figure 6: Login process with local authentication

FOXCST
connect

Authentication
Remote (RADIUS)

Y RADIUS authentication N
and RADIUS client
enabled

Y RADIUS server N
RADIUS user name
and password reachable

Y Password N
OK

login reject fail

Figure 7: Login process with remote authentication

Copyright 2022 Hitachi Energy. All rights reserved. 30

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.3 FOXMAN-UN
At the network level, FOX61x NEs can be managed via FOXMAN-UN. FOXMAN-UN provides
the network management functions using the services of an integrated FOXCST. FOX61x NEs
can be managed in a mixed network together with all existing FOX51x NEs.
For details on the FOXMAN-UN refer to the Hitachi Energy customer documentation for the
FOXMAN-UN network management system.

3.4 SNMP
FOX61x NEs offer the standard SNMP interface towards network management systems (NMS)
other than FOXMAN-UN/FOXCST.
The FOX61x supports:
• configuration of SNMP related parameters, i.e. tailoring the SNMP stack to the users specific
needs,
• reading and writing of SNMP objects,
• reading of packet statistics counters,
• sending of SNMP notifications (traps and informs).
SNMP client

FOX61x management
gateway interface
NE
FOX61x SNMP FOX61x
Proxy MO
OID mapping
(Agent) information

request/
upload notification response upload

Unit
FOX61x
Unit OID Internal MOM
mapping Messaging information
information System (tree, ADF)

Figure 8: SNMP system architecture

The SNMP Proxy (Agent)

• implements the SNMP v1, v2c and v3 protocol stacks.
• implements the SNMP related MIBs (SNMP-TARGET-MIB, SNMP-COMMUNITY-MIB, …).
• translates with the support of the Management Gateway the SNMP requests to Hitachi
Energy proprietary protocol requests, and translates the Hitachi Energy proprietary protocol
responses to SNMP responses.
• generates spontaneous SNMP messages from system internal notifications.
Configurations are saved in and restored from the backup file.

Copyright 2022 Hitachi Energy. All rights reserved. 31

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
The example screenshots and description in this section use the “MG-SOFT MIB
Browser, Professional SNMP v3 Edition” as SNMP manager. It is referred to as
“SNMP tool”. “MG-SOFT MIB Browser” is a trademark of MG-SOFT Corporation.

3.4.1 Supported SNMP Functionality

3.4.1.1 Supported MIBs

Please note:
The current FOX61x release supports the standard and private MIBs as listed
below. Some MIBs are partially implemented, as far as requested in order to cover
the FOX61x functionality.
• Agent MIBs
− SNMPv2-MIB, OID = 1.3.6.1.2.1.1 (RFC 3418)
− SNMP-FRAMEWORK-MIB, OID = 1.3.6.1.6.3.10 (RFC 3411)
− SNMP-TARGET-MIB, OID = 1.3.6.1.6.3.12 (RFC 3413)
− SNMP-NOTIFICATION-MIB, OID = 1.3.6.1.6.3.13 (RFC 3413)
− SNMP-VIEW-BASED-ACM-MIB, OID = 1.3.6.1.6.3.16 (RFC 3415)
− SNMP-COMMUNITY-MIB, OID = 1.3.6.1.6.3.18 (RFC 3584)
− SNMP-USER-BASED-SM-MIB, OID = 1.3.6.1.6.3.15 (RFC 3414)
− SNMPv2-TC (RFC 2579)
• Other MIBs
− RMON2-MIB, OID = 1.3.6.1.2.1.16 (RFC 4502)
− RMON-MIB, OID = 1.3.6.1.2.1.16.20.8 (RFC 2819)
− BRIDGE-MIB, OID = 1.3.6.1.2.1.17 (RFC 4188)
− Q-BRIDGE-MIB, OID = 1.3.6.1.2.1.17.7 (RFC 4363)
− IANAifTypeMIB, OID = 1.3.6.1.2.1.30
− IF-MIB, OID = 1.3.6.1.2.1.31 (RFC 2863)
− ENTITY-MIB, OID = 1.3.6.1.2.1.47 (RFC 6933)
− INET-ADDRESS-MIB, OID = 1.3.6.1.2.1.76 (RFC 4001)
− ENTITY-SENSOR-MIB, OID = 1.3.6.1.2.1.99 (RFC 3433)
− ALARM-MIB, OID = 1.3.6.1.2.1.118 (RFC 3877)
− PW-TC-STD-MIB, OID = 1.3.6.1.2.1.188 (RFC 5542)
• Private MIBs
− FOX-SMI, OID = 1.3.6.1.4.1.17268.2818.1.20
− FOX-IF-EXT-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.30
− FOX-IANA-BFD-TC-STD-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.54
− FOX-BFD-STD-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.55
− FOX-MPLS-QOS-EXT-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.60
− FOX-UNI-EVC-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.63
− FOX-ETH-PORT-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.80
− FOX-NE-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.83
− FOX-ALARM-EXT-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.100
− FOX-DIAGNOSTIC-MIB, OID = 1.3.6.1.4.1.17268.2818.1.20.6.101

Please note:
MIB support does not mean fully supported and compliant.

Copyright 2022 Hitachi Energy. All rights reserved. 32

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
SNMP adds significant CPU load, therefore consider system limits adding lots of
monitoring load.
→ The enabled software firewall limits the number of SNMP packets to 50 packets/
s (CESM3) or 25 packets/s (CESM1 and CESM2).

Please note:
Not all service units support SNMP in R15B (i.e. TDM units).

Please note:
The range of MIBs that are actually supported in FOX61x NE depends on the con-
text and installed units. Use the “Scan Agent for MIBs” utility of the SNMP tool
under tag “Tools” to display a list of all actively supported MIBs by a selected FOX-
61x NE.
Example MIB scan with default context from a FOX61x NE:

Please note:
For security reason the Community and the SNMP v3 MIBs are not shown by
default.

3.4.1.2 FOXCST
The FOXCST SNMP configuration has to be done in different user classes.
The user class “Session Manager” has to configure:
• SNMP globally
• SNMP v1/v2 communities (read, write)
• SNMP v3 users
The user class “Manager” has to configure:
• SNMP v1/v2 notification receivers
• SNMP v3 notification receivers

3.4.1.3 The SNMP Managed Object Model

All SNMP management objects are organized in a tree, every node in the tree has its unique
object ID (e.g. snmpV2 OID = 1.3.6.1.6 and mib-2 OID = 1.3.6.1.2.1). Enter the MIB OID in a
MIB browser and execute a “Get Bulk” request to see all the attached parameters.

3.4.1.4 The Community Model for SNMP v1 and SNMP v2c

SNMP v1 and SNMP v2c use the same and simple community-based security scheme. For the
authentication of clients both are using a community string password which is transmitted in

Copyright 2022 Hitachi Energy. All rights reserved. 33

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

clear text to the network element SNMP agent. Because SNMP v1/v2c have well known security
issues SNMP v3 should be the preferred version.

3.4.1.5 The Context Model with SNMP v3

SNMP v3 significantly improves the security threats from the previous versions and also facili-
tates remote configuration of the SNMP entities.
Because of the SNMP v3 complexity the FOXCST configuration is simplified by configuring
SNMP v3 users in a single mask for get and set operations. The notification receivers are bound
to one of the v3 users.

3.4.2 SNMP Configuration

For all configuration examples in this paragraph, the following basic setup is used:
PC with MIB Browser and FOX61x
Trap Ringer Console
LAN

IPv4 address = IPv4 address =

192.168.5.20 192.168.5.2

Figure 9: Basic setup for configuration examples

Please note:
This User Manual contains instructions for the SNMP operation with FOX61x, but it
does not include basic SNMP principals. It is therefore essential for the user to
have good SNMP knowledge.
The FOX61x SNMP implementation includes all versions v1, v2c and v3. The default SNMP
setup is as follows:
• Get/set access with SNMP v1/v2 is not possible.
• Get/set access with SNMP v3 is not possible.
• Notifications can not be received.
• Sensitive information are not accessible by any SNMP user.
Sensitive information can be found in
− community MIB,
− USM objects,
− VACM objects.

3.4.2.1 Enable SNMP globally

SNMP setup
This action describes how the SNMP protocol is enabled globally. Regardless of any other
SNMP agent configuration SNMP will not work until this parameter is set.

→ Enable SNMP globally. Proceed as follows:

1. Connect to the NE as session manager.
- FOXCST “File”, “Connect …”, “Connect to”,
“User Class” = Session Manager.
- “OK”

Copyright 2022 Hitachi Energy. All rights reserved. 34

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

2. Enable the SNMP protocol globally.

- FOXCST “Tree View”,
AP: /ne, Configuration - Session Management.
- Enable SNMP Enabled.
- Apply the change.
Result: The SNMP protocol is enabled globally.
End of instruction

For more details refer to section 6.18.1.2 AP: / ne, Configuration - Session Management (on
page 128).
After enabling SNMP globally the SNMP agent parameters have to be configured.

3.4.2.2 Enable the read/write Access for SNMP v1/v2 Users

Read write setup for SNMP v1/v2 communities

This action describes how an SNMP v2 user gets read/write access.

→ Enable read/write access. Proceed as follows:

1. Connect to the NE as session manager.
- FOXCST “File”, “Connect …”, “Connect to”,
“User Class” = Session Manager.
- “OK”
2. FOXCST “Tree View”,
AP: /ne, Configuration - SNMP Agent, SNMP v1/v2.
- Enable “Read Write”
- Set the community name (e.g. read and write use the same community name = “private”).
- Apply the change.
Result: The SNMP agent is enabled for reading and writing SNMP parameters.
For more information refer to section 6.18.1.8 AP: / ne, Configuration - SNMP Agent - SNMP v1/
v2 (on page 135).

→ Set up the MIB browser. Proceed as follows:

1. Enter the “Remote SNMP agent” IP address (= FOX61x management address).
2. Ping the SNMP agent.
3. Set up the SNMP Agent Profiles v1/v2c (in this example read and write use the same com-
munity name = “private”).
4. Contact the SNMP agent.
- Start “Walk Remote SNMP Agent” (search compiled MIB modules to resolve OID).
- Start “Scan Agent For Implemented MIB Modules”
Result: The MIB browser is configured to contact to the SNMP agent.

Copyright 2022 Hitachi Energy. All rights reserved. 35

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

→ MIB browser read and write OID parameters. Proceed as follows:

1. Execute following steps to get an OID parameter:
- With the MIB Browser contact the SNMP agent.
- Open the “Prompt for OID” dialog to read parameters.
- Enter the Remote SNMP agent IP address.
- Enter the “OID” (e.g. 1.3.6.1.2.1.11.30.0 EnableAuthTraps) and select the “Get”, “Get
Next”, “Get Bulk” buttons for the OID parameter.
2. Execute following steps to set an OID parameter:
- With the MIB Browser contact the SNMP agent.
- Open the “Set Value in Remote SNMP Agent” dialog to write OID parameters.
- Enter the Remote SNMP agent IP address.
- Enter the OID to set (e.g. 1.3.6.1.2.1.11.30.0 EnableAuthTraps).
- Enter the “Value to Set” (1 = enabled, 2 = disabled)
- Select the “Set Value in Remote SNMP Agent” button to set the OID parameter.
Result: The MIB Browser is configured for reading and writing SNMP parameters.
End of instruction

Please note:
Granting full read/write access to SNMP v1/v2c users implies a potential security
risk.
→ Hitachi Energy recommends to use SNMP v3 to encrypt the SNMP communica-
tion.

3.4.2.3 Configure the Notification Receiver for SNMP v1/v2 Users

Copyright 2022 Hitachi Energy. All rights reserved. 36

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Trap notification setup for SNMP v1/v2c

This action describes how an SNMP v2c user gets notification access.

→ Trap notifications receivers. Proceed as follows:

1. Connect to the NE as manager.
- FOXCST “File”, “Connect …”, “Connect to”,
connect as “User Class” = Manager.
- “OK”.
2. FOXCST “Tree View”,
AP:/ne, Configuration - SNMP Agent, SNMP v1/v2.
- Select “Add Snmp v2 Notification Receiver”.
- Enter the “Name” and “Target Address” of the SNMP manager.
- Set the Notification Type = Trap.
- Click “OK”.
- Apply the changes.
Result: The notification receiver is fully configured.

→ MIB Browser trap notification access. Proceed as follows:

1. Execute following steps to get notifications on the SNMP manager:
- With the MIB Browser contact the SNMP agent with SNMP version 2.
- Open the “SNMP Trap Ringer Console” dialog.
- On the FOX61x network element generate any alarms (e.g. select port-1 on the core unit
and change AdminState = up/down.
- The “SNMP Trap Ringer Console” displays the notifications.
Result: The MIB Browser is fully configured.
End of instruction

3.4.2.4 Enable the read/write and Trap Notification Access for SNMP v3 Users

Copyright 2022 Hitachi Energy. All rights reserved. 37

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

Please note:
When opening the “Add Snmp v3 User” dialog the “Engine Id” parameter contains
the NE engine ID by default.
→ Do not change the Engine ID for SNMP operations get, set and trap notifica-
tions.
→ Change the Engine ID for the SNMP operation inform notifications to the
receivers (SNMP manager) host engine ID.

Read write access for SNMP v3 user

This action describes how an SNMP v3 user gets read/write access.

→ Enable read/write access. Proceed as follows:

1. Connect to the NE as session manager.
- FOXCST “File”, “Connect …”, “Connect to”,
“User Class” = Session Manager.
- “OK”.
2. FOXCST “Tree View”, SNMP Agent,
AP: /ne, Configuration - SNMP Agent, SNMP v3.
- Open the “Add Snmp v3 User” dialog and configure name, security model with authenti-
cation and privacy passwords.
Do not change the network element Engine ID which is shown by default.
- Click “OK”.
- Apply the changes.
Result: The SNMP agent is configured for reading and writing SNMP parameters.
For more information refer to section 6.18.1.9 AP: / ne, Configuration - SNMP Agent - SNMP v3
(on page 136).

→ Set up the MIB browser. Proceed as follows:

1. Enter the “Remote SNMP agent” IP address (= FOX61x management address).
2. Ping the SNMP agent.
3. Set up the SNMP Agent Profiles v3.
4. Contact the SNMP agent.
- Start “Walk Remote SNMP Agent” (Search compiled MIB modules to resolve OID).
5. Scan Agent For Implemented MIB Modules
Result: The MIB browser is configured to contact the SNMP agent.

→ MIB browser read and write OID parameters. Proceed as follows:

1. Execute following steps to get an OID parameter:
- With the MIB Browser contact the SNMP agent.
- Open the “Prompt for OID” dialog to read parameters.
- Enter the Remote SNMP agent IP address.
- Enter the “OID” (e.g. 1.3.6.1.2.1.11.30.0 EnableAuthTraps) and select the “Get”, “Get
Next”, “Get Bulk” buttons to read the OID parameter.

Copyright 2022 Hitachi Energy. All rights reserved. 38

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

2. Execute following steps to set an OID parameter:

- With the MIB Browser contact the SNMP agent.
- Open the “Set Value in Remote SNMP Agent” dialog to write OID parameters.
- Enter the Remote SNMP agent IP address.
- Enter the OID to set (e.g. 1.3.6.1.2.1.11.30.0 EnableAuthTraps).
- Enter the “Value to Set” (1 = enabled, 2 = disabled).
- Select the “Set Value in Remote SNMP Agent” button to set the OID parameter.
Result: The MIB browser is configured to get and set SNMP parameters.
End of instruction

Trap notification setup for SNMP v3

This action describes how an SNMP v3 user gets trap notifications. This procedure requires a
configured SNMP v3 user.

→ Trap notification receiver. Proceed as follows:

1. Connect to the NE as manager.
- FOXCST “File”, “Connect …”, “Connect to”,
connect as “User Class” = Manager.
- “OK”.
2. FOXCST “Tree View”,
AP:/ne, Configuration - SNMP Agent, SNMP v3 Users.
- Select “Add Snmp v3 Notification Receiver”.
- Enter the “Name” and “Target Address”,
Set the Notification Type = Trap,
Select a user name in the security parameters selection box.
- Click “OK”.
- Apply the changes.
Result: The trap notification receiver is fully configured.

→ MIB Browser trap notification access. Proceed as follows:

1. Execute following steps to get notifications on the SNMP manager:
- With the MIB Browser contact the SNMP agent with SNMP version 3.
- Open the “SNMP Trap Ringer Console” dialog.
- On the FOX61x network element generate any alarms (e.g. select port-1 on the core unit
and change AdminState = up/down.
- The “SNMP Trap Ringer Console” displays the notifications.
Result: The MIB Browser is fully configured.
End of instruction

Copyright 2022 Hitachi Energy. All rights reserved. 39

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

3.4.2.5 Enable the Inform Notification Access for SNMP v3 Users

Please note:
When opening the “Add Snmp v3 User” dialog the “Engine Id” parameter contains
the NE engine ID by default.
→ Change the Engine ID for the SNMP operation inform notifications to the
receivers (SNMP manager) host engine ID.

Inform notification setup for SNMP v3

This action describes how an SNMP v3 user gets inform notification access.

→ SNMP agent v3 user setup. Proceed as follows:

1. Connect to the NE as session manager.
- FOXCST “File”, “Connect …”, “Connect to”,
“User Class” = Session Manager.
- “OK”.
2. FOXCST “Tree View”, SNMP Agent,
AP: /ne, Configuration - SNMP Agent, SNMP v3.
- Open the “Add Snmp v3 User” dialog and configure a v3 user with authentication and pri-
vacy.
Delete the network element Engine ID which is shown by default, enter the host (MIB
Browser) Engine ID instead.
- Click “OK”.
- Apply the changes.
Result: The SNMP agent v3 user is configured to send inform notifications.

→ Inform notification receiver. Proceed as follows:

1. Connect to the NE as manager.
- FOXCST “File”, “Connect …”, “Connect to”,
connect as “User Class” = Manager.
- “OK”.

Copyright 2022 Hitachi Energy. All rights reserved. 40

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

2. FOXCST “Tree View”,

AP:/ne, Configuration - SNMP Agent, SNMP v3 Users.
- Select “Add Snmp v3 Notification Receiver”.
- Enter the “Name” and “Target Address”,
Set the Notification Type to Inform,
Select a user name in the security parameters selection box.
- Click “OK”.
- Apply the changes.
Result: The inform notification receiver is fully configured.

→ MIB Browser inform notification access. Proceed as follows:

1. Execute following steps to get notification on the SNMP manager:
- With the MIB Browser contact the SNMP agent with SNMP version 3.
- Open “MIB Browser Preferences …,
Select “Trap Ringer” SNMP v3,
Select “Edit User … and configure the “Security user name”.
- Open the “SNMP Trap Ringer Console” dialog.
- On the FOX61x network element generate any alarms (e.g. select port-1 on the core unit
and change AdminState = up/down.
- The “SNMP Trap Ringer Console” displays the notifications.
Result: The inform notification setup is fully configured.
End of instruction

3.5 Syslog
The FOX61x NE supports sending of event messages to external syslog hosts.
Syslog is a de-facto standard for logging system events. However, the protocol component of
this event logging system has not been formally documented. While the protocol has been very
useful and scalable, it has some known security problems which were documented in the infor-
mational RFC5424.

3.5.1 Syslog Sources

FOX61x NE
Syslog source configuration
System - enable/disable Severity mapping table

Alarm - enable/disable Severity mapping table

- severity
Event
- enable/disable

- severity
Configuration
- enable/disable

- severity
Equipment
- enable/disable

- severity
Session
- enable/disable

Figure 10: Syslog sources in FOX61x

The FOX61x supports six facilities in the syslog source list:

• System,
• Alarm logbook,

Copyright 2022 Hitachi Energy. All rights reserved. 41

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

• Event logbook,
• Configuration logbook,
• Equipment logbook,
• Session logbook.
It is not possible to add or delete lines in the source list, but the facilities can be enabled or dis-
abled.
The severity for each source is configurable except for the system and the alarm logbook
sources. The syslog severity of system and alarm events is directly mapped from the alarm
severity as shown in Table 8 and Table 9.

Table 8: System severity mapping table

System Syslog Weight
TR_EMERG Emergency (0) Highest
TR_ALERT Alert (1)
TR_CRITICAL Critical (2)
TR_ERROR Error (3)
TR_WARNING Warning (4)
TR_NOTICE Notice (5)
TR_INFO Informational (6)
TR_DEBUG Debug (7) Lowest

Table 9: Alarm severity mapping table

Alarm Syslog Weight
Critical Alert (1) Highest
Major Critical (2)
Minor Error (3)
Warning Warning (4)
Notification Notice (5)
Cleared Informational (6) Lowest

Please refer to section 6.18.1.6 AP: / ne, Configuration - Syslog Sources (on page 133) for the
configuration of the syslog sources.

3.5.2 Syslog Destinations

FOX61x NE
1 ... 10
Syslog destination configuration
Syslog destination configuration
Syslog destination configuration
- severity threshold - host IP and port
- severity threshold - host IP and port
System - severity threshold - add/remove
- host IP and port facility
- severity threshold - add/remove facility 1 ... 10
- severity threshold - add/remove facility
Alarm - severity threshold
Remote
Remote
syslog
Event Remote
syslog
Management host
syslog
host
Configuration network
host
Equipment

Session

Figure 11: Syslog destinations in FOX61x

Up to ten remote syslog hosts can be configured individually:

Copyright 2022 Hitachi Energy. All rights reserved. 42

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

• Destination 1 … Destination 10.

For each destination the facilities can be added which shall generate syslog messages.
The system and alarm events in addition provide a filter function which allows to send only sys-
log messages with a severity having a minimum weight. E.g. when setting the severity threshold
to “Error”, only minor, major and critical alarm messages will be sent.

Please note:
The clearing message of an alarm has the same syslog severity as the activation
message.
→ Syslog clearing messages are subject to the same filter rules as the activation
messages.
Please refer to section 6.18.1.4 AP: / ne, Configuration - Syslog Destinations - Destination 1 (on
page 132) for the configuration of the syslog destinations.

3.6 Connection Test of Readiness

The element manager must be able to reach all NEs in a network. If a network element is not
reachable after the configuration of the management communication network the administrator
has to start troubleshooting using configuration, alarm, status and maintenance information on
all the involved network elements.

3.6.1 Configuration and Alarms

Management traffic is only working if all involved parts of the FOX61x are configured correctly
and are in fault free state (APs are green, no alarms are active in the Fault Management).
To guarantee fault free operation you should verify:
• Ethernet port “Speed and Duplex” mode have to be equal on both sides,
• The management VLAN must be configured and assigned on the relevant port modes,
• The port modes must be configured correctly on both sides to transport the management
traffic,
• The IP address configured on PPP, VLAN and MCC interfaces have to be in the same sub-
net on a link or in a multi-access broadcast network,
• For a Layer 3 network the OSPF interface parameters have to be equal on both sides, e.g.:
− OSPF enabled,
− OSPF area,
− OSPF interface type,
− OSPF mode active,
− OSPF authentication,
− OSPF timers.
• No management communication related faults are reported in the FOXCST.
Due to the fact that the FOX61x is an Ethernet switch the Ethernet front ports are distributed on
all fully integrated units within the FOX61x subrack. Even backplane ports can be Ethernet ports
when using Ethernet stand-alone units. It is therefore up to the operator to compare the layer 2
and 3 management parameters on both sides of a link or in a multi-access broadcast network.

3.6.2 Status
The status function available for many access points and protocols allows to verify the configu-
ration, negotiation and adjacency between peers.
To guarantee fault free operation you should verify:
• The administrative and operational states have to be up on the

Copyright 2022 Hitachi Energy. All rights reserved. 43

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS

− used ports,
− used management interfaces,
• Router VLAN, PPP, MCC interface status,
• Router OSPF status,
• Router routing table status.

3.6.3 Ping and Traceroute

The “ping” command allows you to check the route to any other IP address in the management
communication network.
The “traceroute” command shows the path to a destination IP address including the intermedi-
ate sections.
To guarantee fault free operation you should verify:
• Ping is working for different frame sizes starting by the first hop up to the last hop in your net-
work and the latency of the response time is as expected,
• Traceroute shows a path and latency through the network which is as expected.

Please note:
Ping and Traceroute can be used to test connectivity up to layer 3. However there
is no guarantee that an application is running over that network. Packets could be
fragmented and dropped on devices in the network.

Copyright 2022 Hitachi Energy. All rights reserved. 44

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

4 Management Access Network

4.1 Management Connection Links

The management access network connecting the management system to the FOX61x network
elements can consist of several link types. The FOX61x supports the following link types:
• VLAN based Ethernet link.
Typically the management system is connected to the first FOX61x network element in the
FOX61x network with a VLAN based Ethernet link.
The same VLAN interface of the FOX61x management router or another VLAN interface can
be used to access the other FOX61x network elements in the VLAN based FOX61x network,
refer to Figure 12. The management VLAN(s) must be forwarded by any network element
inside the VLAN based FOX61x network.
Care must be taken to avoid a broadcast storm by implementing a tree shaped network or by
using e.g. RSTP.
For a description how to set up a VLAN interface of the FOX61x management router see
section 3.2.2.1 Remote Access via a FOX61x Customer VLAN Bridge Port (on page 18).
Management
system Packet network with
VLAN support
IP VLAN VLAN
network
VLAN VLAN

VLAN

Figure 12: Management network VLAN link types

• TDM PPP link.

A PPP link is a point-to-point link using any available TDM channel of the FOX61x. The con-
nected network elements can be neighbors, or there can be a number of intermediate net-
work elements. The TDM channel transporting the management must be cross connected in
all involved network elements in order to interconnect the two PPP link endpoints. Refer to
Figure 13.
In large networks the bandwidth of the PPP link is recommended to be configured to the
maximum value (2048 kbit/s).
For a description how to set up a PPP interface of the FOX61x management router see sec-
tion 3.2.2.2 Remote Access via a TDM Port with a DCN Connection (on page 21).
Management
system TDM network
IP VLAN PPP
network
PPP PPP

PPP

Figure 13: Management network PPP link types

• MPLS-TP MCC link.

A MCC link is a point-to-point link using an MPLS-TP section or an MPLS-TP tunnel (LSP) of
the FOX61x. Refer to Figure 14.

Copyright 2022 Hitachi Energy. All rights reserved. 45

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

− The physical “Section MCC (port)” connects two neighbored network elements. This MCC
type requires less overhead than the “LSP MCC”.
− The logical “Section MCC” is transported via a VLAN based MPLS-TP interface. It con-
nects the two VLAN endpoints.
In the example of Figure 14 the section MCC (VLAN) connects network element A to net-
work element C. The 3rd party equipment are transit network elements for the MCC
VLAN.
− The “LSP MCC” can be transported via a number of transit network elements. The transit
network elements can be FOX61x NEs or any other third party equipment.
In the example of Figure 14 the LSP MCC connects network element A to network ele-
ment C. The network element B and the 3rd party equipment are transit network elements
for the LSP MCC.
Note that only the network element C has a redundant management access.

Please note:
In a network consisting exclusively of FOX61x network elements only the “Section
MCC (port)” should be used.
In large networks the shaping rate of the MCC link is recommended to be configured to the
maximum value (2048 kbit/s).
For a description how to set up a section based MCC interface of the FOX61x management
router see section 3.2.2.3 Remote Access via an MPLS-TP Port with a DCN Connection (on
page 22).
Management
system MPLS-TP network
IP VLAN A Section MCC (port)
network

3rd party
Section equipment Section MCC
MCC (VLAN)

B C

LSP MCC 3rd party

equipment

Figure 14: Management network MCC link types

In a FOX61x network any mixture of management connection links can be used to access the
FOX61x network elements.

Please note:
Each interface of the FOX61x management router must be placed into a different
subnetwork.

4.2 Management Traffic Redundancy

4.2.1 Introduction
Each FOX61x network element should have a redundant management access from the man-
agement system, i.e. it should be accessible via at least two independent management connec-
tions.

Please note:
There is no added value for the parallel use of different redundancy mechanisms.

Copyright 2022 Hitachi Energy. All rights reserved. 46

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

There are different possibilities to have redundant network access:

• OSPF routing protocol. See section 4.2.2 OSPF (on page 47).
• Virtual router redundancy protocol (VRRP). See section 4.2.3 Virtual Router Redundancy (on
page 48).
• Link protection. See section 4.2.4 Link Protection (on page 49).
• RSTP. See section 4.2.5 RSTP (on page 50).
• “Block on Standby” in case redundancy is done on a single node. See section 4.2.6 Block on
Standby (on page 50).

4.2.2 OSPF
When using OSPF the management routers autonomously find the best link to communicate
with their neighbors.
In clearly arranged FOX61x networks it is recommended to disable OSPF and to configure the
required routing paths with static routes. This has the following advantages:
• Decouple the management system network from the FOX61x management network.
• Simplify the OSPF topology.
• Increase the management network stability.
• Avoid interoperability issues in the FOX61x management network.
OSPF is then only used outside the FOX61x management network, i.e. in the management sys-
tem network. The FOX61x network is attached to the management system with static routes.

Risk of operating trouble!

If on the CESM1 and CESM2 core units the number of OSPF neighbors is bigger
than 32, this may have a negative impact on the core unit performance.
→ The total number of OSPF neighbors is independent of the number of config-
ured VLAN management interfaces.

Risk of operating trouble!

The CESM3 core unit supports up to 100 OSPF neighbors.
→ Neighbor relationships above this limit will not be established.

Please note:
On the CESM1 and CESM2 core units it is recommended to configure the hello
interval to 10 s or higher.
Static route:
- Address: a.a.a.0
- Netmask: 255.255.255.0
- Via: Gateway
- Gateway: b.b.b.1
OSPF active
a.a.a.1 OSPF disabled OSPF disabled
OSPF disabled c.c.c.1 c.c.c.2
b.b.b.2
management
VLAN
OSPF active Packet network with
Management b.b.b.1 VLAN support
system
Static route:
- Address: c.c.c.0
- Netmask: 255.255.255.0
- Via: Gateway
- Gateway: b.b.b.2

Figure 15: Usage of OSPF and static routing

Copyright 2022 Hitachi Energy. All rights reserved. 47

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

For more information regarding the usage of OSPF and static routing please see section 3.2.2.4
Remote Management using OSPF (on page 24) and section 3.2.2.5 Remote Management using
Static Routes (on page 26).

4.2.3 Virtual Router Redundancy

The virtual router redundancy protocol allows two physical routers to behave as one virtual (logi-
cal) router. Both routers use the same virtual management address which can be accessed by
the management system (FOXCST or FOXMAN-UN) as a (static) gateway address.

4.2.3.1 VRRP and Uplink Tracking

Critical network components like gateway routers can be built as redundant units. The Virtual
Router Redundancy Protocol (VRRP) and the Uplink Tracking on PPP and MCC uplink ports
provide the switchover from the master router to the backup router in case of a unit failure, or in
case of a link breakdown on the uplink TDM or MCC links.
In the VRRP application the virtual IP address should not be a physical IP address of the master
and backup routers because the VRRP master can change.

FOX61x D FOX61x E

FOX61x C

FOX61x A FOX61x B
Uplink Tracking
(VRRP Backup) and (VRRP Master)

VRRP

VRRP
LAN

FOXCST or FOXCST or
FOXMAN-UN Gateway address = FOXMAN-UN
VRRP Virtual IP
address

Figure 16: Two VRRP routers implement one virtual router

Please note:
For the configuration details of the management router VRRP interfaces on the
VLAN interface please refer to section 6.16 AP: / managementNetwork / vlanInter-
faces / vlanInterface-v / vrrp-w (on page 120).

4.2.3.2 VRRP and IP Probing

The path to and from an IP network may differ when having redundant paths. This is called
asymmetric routing. A link breakdown on the LAN segment in the return path (i.e. through the
FOX61x A VRRP backup router in Figure 17) blocks the packets appointed for the network
manager. The switch in the FOX61x A, located between the FOX61x A router and the LAN pre-
vents the router in FOX61x C to detect the link break down. Thus the IP network is still adver-
tised from the VRRP backup router (FOX61x A) routing protocol (i.e. OSPF).

Copyright 2022 Hitachi Energy. All rights reserved. 48

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

The FOX61x IP Probing feature on the VLAN interface allows to monitor the connectivity to two
hosts (e.g. FOXCST or FOXMAN-UN instances in Figure 17) in the LAN. In case none of the
configured IP destination addresses is reachable the router stops advertising OSPF LSA pack-
ets from the affected router and thus the return path through FOX61x C is rerouted to another
available path (i.e new VRRP master router FOX61x B).

Risk of operating trouble!

As IP Probing Destination never use the remote VRRP instance.

Risk of operating trouble!

When neither of the two destination IP addresses is reachable by the IP Probing
the management traffic destined for the probed subnetwork is no longer forwarded
by the management router.
→ Always configure a redundant (virtual) router when you have IP Probing
enabled.

FOX61x C

FOX61x A FOX61x B
(VRRP Backup) (VRRP Master)
OSPF Network

LAN
IP probing IP probing
Destination 1 Destination 2
FOXCST or FOXCST or
FOXMAN-UN FOXMAN-UN

Figure 17: IP probing on a LAN segment

Please note:
For the configuration details of the IP Probing feature please refer to section 6.15.3
AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration (on
page 112).

4.2.4 Link Protection

A point-to-point TDM or MPLS-TP MCC link can be protected with the inherent protection capa-
bilities of the TDM and MPLS-TP transport functions.
For the TDM link protection features please refer to [1KHW002467] User Manual “TDM Ser-
vices”.
For the MPLS-TP tunnel protection features please refer to [1KHW028618] User Manual
“MPLS-TP Services”.

Copyright 2022 Hitachi Energy. All rights reserved. 49

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT ACCESS NETWORK

4.2.5 RSTP
RSTP is the well-known and preferred protocol allowing to have redundant paths in an Ethernet
network. The protocol discovers the network so it can be used in any network topology (link,
ring, meshed). RSTP reduces the physical topology by blocking ports to an active tree topology
that reaches all segments of the network.
RSTP is a feature of the VLAN Bridge function of the FOX61x Switch. Please refer to
[1KHW028566] User Manual “Ethernet Switching”.
The VLAN connecting the management system (FOXCST or FOXMAN-UN) and the manage-
ment VLAN inside the FOX61x network can be decoupled by using different VLANs.

4.2.6 Block on Standby

For systems with a redundant core unit two ports can be configured for management traffic
access, one on the working and one on the redundant core unit. The “Block on Standby” param-
eter of the physical port allows to have only the port on the active core unit communicating while
the port on the standby unit forwards no traffic. You can connect your element manager to both
core units in parallel without using xSTP.

Risk of operating trouble!

Do not enable RSTP on a port which has enabled “Block on Standby”.

Copyright 2022 Hitachi Energy. All rights reserved. 50

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

5 Management Security

5.1 Security Measures Overview

There is a strong demand for secure management communication, which can be achieved on
various network layers. The FOX61x therefore provides a range of security measures:
• Using a separated network on the physical layer (OSI layer1).
• Network separation on the data link layer (OSI layer 2) by means of a dedicated manage-
ment VLAN.
• Providing management security on the application layer (OSI layer 7). The FOX61x supports
SSH for management communication.
• Using encrypted data transport on the session layer (OSI layer 5) for CLI1 and FOXCST
management.
• Providing management security on the application layer (OSI layer 7). The FOX61x supports
SSH for management communication.
• User authentication with a password via FOXCST or SNMP v3 on the application layer (OSI
layer 7).
• Hardware and software firewall to protect the NE management on the core unit.

5.2 FOX61x User Authentication

FOX61x supports a hierarchy of five user classes, see section 3.1.1 User Classes (on page 13).
Access to the NE is protected by individual passwords for each user class. In the authentication
process the password entered is checked against the stored password before granting access.
Alternatively the FOXMAN-UN can use public/private keys for the user authentication.
The authentication process either runs locally on the NE or on a remote authentication server.
The availability of local and remote authentication is configurable by the session manager.
For an overview of the login process with local and remote authentication see section 3.2.3.6
Login Process Overview (on page 30).

Remote authentication FOX61x NE

Network inter-
server, e.g. RADIUS
face (Ethernet,
Remote login accounts for Management TDM or MPLS) NE local login passwords
FOXCST users, configured network or public keys for FOXCST
by the authentication server users,
administrator configured by the FOXCST
session manager

Encrypted or unencrypted Local management

Ethernet connection port (Ethernet)

Authentication server
administrator FOXCST user FOXCST user

Figure 18: FOX61x user authentication overview

Basic differences between local and remote user authentication:

1. The CLI application is not an officially supported management feature and therefore not documented. It
is only used for support operations, done by Hitachi Energy personnel.

Copyright 2022 Hitachi Energy. All rights reserved. 51

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

Table 10: Local and remote user authentication

Item Local user authentication Remote user authentication
Password location Passwords are stored (salted and hashed Passwords are stored on the remote
with SHA-256) on the FOX61x NE. authentication server
Password encryption - Unencrypted communication: FOXCST <-> NE:
The password is not encrypted. - Unencrypted communication:
- Encrypted communication: No host authentication.
The password is encrypted. - Encrypted communication:
The password is encrypted.
NE <-> authentication server:
- the password is encrypted
Host authentication - Unencrypted communication: FOXCST <-> NE:
No host authentication. - Unencrypted communication:
- Encrypted communication: No host authentication.
Host authentication via fingerprint. - Encrypted communication:
Host authentication via fingerprint.
NE <-> authentication server:
- authentication in RADIUS protocol
Login process descrip- Simple interaction between the NE and The login demand from the FOXCST user is
tion the FOXCST user passed by the NE to the authentication
server.
The authentication server answers with
“AccessAccept” or with “AccessReject”.
The NE passes the received answer to the
FOXCST user.

5.2.1 Local NE Authentication

Individual password sets are stored in each FOX61x NE. A consistent password policy should
thus be established in order to avoid access problems. Although the FOX61x NE allows leaving
the passwords empty, this possibility should not be used, unless for temporary installations or
installations with a low security risk.
FOX61x NE passwords may only be modified by the user class session manager.
The FOXCST client and FOX61x network element exchange messages via a Hitachi Energy
proprietary protocol over the TCP protocol. The NE gets a user class hashed (SHA1) password
from the FOXCST over an unencrypted communication channel which is not really safe.
To transmit the password in a confidential way the messages can be sent over the SSH proto-
col, a secure encrypted channel which lies on top of TCP. This avoids eavesdropping from mali-
cious users. The secure channel is established before the authentication is started. All FOXCST
messages, including the authentication password, are sent over the secure SSH channel. On
the FOX61x a salt is added to the password, a hash function (SHA256) is applied and checked
whether the result matches with the stored hash (password + salt) in the database. SSH gener-
ates a session key which is used to encrypt the communication between the client (FOXCST)
and the server (FOX61x). SSH works without certificates and allows to generate key pairs for
every FOX61x (no single key pair for all systems).

Please note:
As an alternative to the password authentication a user can authenticate himself
with public/private keys. The public keys must be stored on the FOX61x network
element by the user class session manager.
→ See section 6.18.1.1 AP: / ne, Configuration - Key Manager (on page 126).
This feature is restricted to the FOXMAN-UN user.

Copyright 2022 Hitachi Energy. All rights reserved. 52

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

Password generation Password verification

SSH Client Init SSH Server
secure
channel
Password + Salt
Login
Request
Password Password Salt
Close
secure Password Salt ==
channel

Hash

Password + Salt

Figure 19: Encrypted channel

For more information please refer to section 6.18.1.2 AP: / ne, Configuration - Session Manage-
ment (on page 128).

5.2.2 Remote RADIUS Authentication

The FOX61x supports remote authentication via a dedicated authentication server, e.g.
RADIUS. This function drastically simplifies a centralized administration of login passwords.
With remote authentication the session manager does no longer need to install a set of pass-
words in every NE. Instead an appropriate set of passwords for the various users is maintained
in the authentication server which can then be used by all FOX61x NEs from the whole network.
However the password for the session manager must still be installed on the NE, because the
initial configuration of the Session Management and Radius Client parameters can only be done
by the session manager.

Please note:
Changes and preview of RADIUS Server configuration is only possible within the
“Session Manager” user class.
Status of Primary and Alternate RADIUS Server are visible for all user classes.
Though the remote authentication parameters in Table 11: "FreeRADIUS file overview" (on
page 55) are for general use, they are tested with the freeRADIUS server only.

Interface definitions between the authentication server and the FOX61x NE

• Vendor ID:
The IANA registered vendor ID for Hitachi Energy is 17268.
• Vendor specific attributes:
The Hitachi Energy ↔ RADIUS interface uses one attribute, the “ABB_PG-userclass”, with
attribute identifier “1”, of type string. Accepted user classes are:
− “information”,
− “maintenance”,
− “manager”,
− “support”, and
− “sessionmanager”.
For a single user more than one user class can be defined, e.g. manager and sessionman-
ager.
For detailed information about user classes see section 3.1.1 User Classes (on page 13).

Copyright 2022 Hitachi Energy. All rights reserved. 53

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

Authentication server clients: the FOX61x NEs

• IPv4 address [subnet mask]:

The optional parameter <subnet mask> is necessary if an address range rather than a single
host address is specified (e.g. a class C range with mask 255.255.255.0). The authentication
servers client address is the same as the FOX61x NE management address.
Subnet specifications for authentication server clients may be nested. The authentication
server will always select the match with the most precise mask for a client.
• Port:
1812 is the standard port number, where the RADIUS server is listening on. Other authenti-
cation servers use different port numbers.
• Authentication key:
The FOX61x NE authenticates itself towards the authentication server with an MD5 hash of
the authentication key. In the RADIUS context, this is often referred to as “secret”.

Authentication server users: the FOXCST users

• User name and password:

For both user name and password a string with 1 … 64 characters is accepted. A … Z, a …
z, 0 … 9 and the following popular symbols are accepted: *?$%,.-_
Not accepted are space and quote.
• ABB_PG userclass:
The presence of this optional parameter decides on the type of the corresponding user
account:
− With one or more user classes specified, the user class account is fixed. The same
authentication server defined user classes for a specific user are valid for all FOX61x
NEs, see step 12. Enter the desired user accounts with RADIUS one or more defined
user classes (on page 57). All user classes including “sessionmanager” are accepted.
− With the user class not specified, this is a default user class account, i.e. the user class is
specified in the NE configuration (NE - Session Management - RADIUS Default User-
class); see section 6.18.1.2 AP: / ne, Configuration - Session Management (on
page 128). The user class can thus be configured individually per NE in the network. If in
a NE the default user class is set to “None”, a login using the default user class is
rejected by that NE.
See step 13. Enter the desired user accounts with NE defined userclass (on page 57).
All user classes except “sessionmanager” are accepted as NE defined default user class.

Please note:
UNIX users can access FOX61x NEs with their generally known UNIX username
and password via remote authentication (this behavior is yet tested with the fre-
eRADIUS V2.1.7 authentication server only):
→ No account setup action is necessary in the RADIUS server for login with the
default user class. The RADIUS server accepts any UNIX user by default.
→ For login with fixed user classes a modified setup procedure must be used. See
step 12. Enter the desired user accounts with RADIUS one or more defined
user classes (on page 57), example user account 4.

Copyright 2022 Hitachi Energy. All rights reserved. 54

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

RADIUS authentication server FOX61x NE

• Properties for the equipment RADIUS client properties Session management properties
vendors (e.g. the vendor ID) • client enabled/disabled • local I/F & local auth: enabled/disabled
• Properties for the RADIUS “cli- • max. retries & server • rem I/F & local auth: enabled/disabled
ents” (the FOX61x NEs) time outs • local I/F & rem auth: enabled/disabled
• Properties for the “RADIUS • primary and secondary • rem I/F & rem auth: enabled/disabled
users” (the FOXCST users) server IP address, port • RADIUS local authentication fallback
and authentication key • RADIUS default user class

RADIUS admin RADIUS login RADIUS client Managed objects access for FOXCST

SSHv2 server RADIUS proto- RADIUS proto- ABB_PG proprietary ABB_PG proprietary
via TCP/IP col via UDP/IP col via UDP/IP protocol (encrypted or protocol (encrypted or
unencrypted) unencrypted)

Ethernet Local manage-

Network inter- ment port
face, Ethernet,
TDM or MPLS
Management
Encrypted or unencrypted network
Ethernet connection
Local FOXCST user
(encrypted or unencrypted

RADIUS administrator: FOXCST user:

SSHv2 client via TCP/IP ABB_PG proprietary protocol
(encrypted or unencrypted)

Figure 20: RADIUS server authentication

Risk of operating trouble!

In the RADIUS login process the password is transported in plain text (no encryp-
tion) between the FOXCST user and the FOX61x NE. It is thus strongly suggested
to use appropriate security measures for the management network:
→ Physically separated management network, or
→ dedicated management VLAN for bridged networks.

5.2.3 Example RADIUS Server Setup

The following example RADIUS server setup is based on the open source software “Free-
RADIUS” (Version 2.1.7), which is running on a Linux machine (Fedora 11).

Please note:
Only a root user may access the files for the FreeRADIUS server and only a root
user may execute commands regarding the FreeRADIUS server.

Table 11: FreeRADIUS file overview

FreeRADIUS file File parameters and description
/usr/share/freeradius/dictionary This file includes all vendor specific files

Copyright 2022 Hitachi Energy. All rights reserved. 55

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

Table 11: FreeRADIUS file overview (continued)

FreeRADIUS file File parameters and description
/usr/share/freeradius/dictionary.vendor-A Contains the vendor specific parameters. For Hitachi Energy these
… are:
/usr/share/freeradius/dictionary.ABB_PG - Vendor name = ABB_PG
… - Vendor ID = 17268
/usr/share/freeradius/dictionary.vendor-Z - one attribute = “ABB_PG-userclass”, string
/etc/raddb/clients.conf Contains the RADIUS clients, i.e. the FOX61x NEs with the following
parameters:
- IP address and subnet mask
- secret
- short name
/etc/raddb/users Contains the RADIUS user accounts, corresponding to the FOX61x
NE users with the following parameters:
- User name
- User password
- ABB_PG-userclass (optional)

Setup procedure for the FreeRADIUS server on a Linux machine

Proceed as follows:
1. Open the file “/usr/share/freeradius/dictionary”
2. Add the line
“$INCLUDE dictionary.ABB_PG”
in the include list. The list is in alphabetical order.
3. Save and close the file “/usr/share/freeradius/dictionary”
4. Create a new file “/usr/share/freeradius/dictionary.ABB_PG”
5. The file must contain the following four lines:
VENDOR ABB_PG 17268
BEGIN-VENDOR ABB_PG
ATTRIBUTE ABB_PG-Userclass 1 string
END-VENDOR ABB_PG
6. The file may contain additional descriptive text preceded by “#”, e.g.
# ----------------------------------------------------------------------
# the file /usr/share/freeradius/dictionary.ABB_PG describes the interface
# to the FOX61x network elements;
# "17268" is the IANA registered Hitachi Energy vendor ID;
# just one attribute is defined: "ABB_PG-userclass"
# ----------------------------------------------------------------------
7. Save and close the file “dictionary.ABB_PG”
8. Open the file “/etc/raddb/clients.conf”
9. Enter the FOX61x NEs as clients in the file, e.g.
# ----------------------------------------------------------------------
client 172.16.1.0/24 {
secret = mysecretkey
shortname = FOX612
}
# ----------------------------------------------------------------------
client 192.168.3.10 {
secret = mysecretkey
shortname = FOX615AbC
}
# ----------------------------------------------------------------------
client 192.168.3.11 {
secret = mysecretkey
shortname = FOX615ChE
}

Copyright 2022 Hitachi Energy. All rights reserved. 56

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

# ----------------------------------------------------------------------
With “a.b.c.0/24” a whole class C network is specified, including all NEs within this subnet.
Alternatively every NE may be listed separately without a netmask.
“secret = mysecretkey” specifies the common secret, which is used to authenticate every
packet between the RADIUS server and the FOX61x NE. The string for “secret” must match
the string configured in the NE under “Configuration” - “Radius Client” - “Authentication
Key:”.
“shortname = FOX612xx” is an optional NE description with purely informational function.
10.Save and close the file “/etc/raddb/clients.conf”
11.Open the file “/etc/raddb/users”
12.Enter the desired user accounts with RADIUS one or more defined user classes
# ----------------------------------------------------------------------
# user account 1: with two fixed user classes
maint Cleartext-Password:= "123456"
ABB_PG-Userclass = "information",
ABB_PG-Userclass = "maintenance"
# ----------------------------------------------------------------------
# user account 2: with fixed user class
admin Cleartext-Password:= "abcdx"
ABB_PG-Userclass = "manager"
# ----------------------------------------------------------------------
# user account 3: with fixed userclass
session Cleartext-Password:= "foobar"
ABB_PG-Userclass = "sessionmanager"
# ----------------------------------------------------------------------
# user account 4: with fixed userclass and known
# username; this is a known username in the UNIX
# environment - the password must therefore not
# be specified
unix-user_xyz
ABB_PG-Userclass = "sessionmanager"
# ----------------------------------------------------------------------
13.Enter the desired user accounts with NE defined userclass
# ----------------------------------------------------------------------
# user account 5: with default user class
werner Cleartext-Password:= "fubar"
# ----------------------------------------------------------------------
# user account 6: with default user class
christian Cleartext-Password:= "fubar1"
# ----------------------------------------------------------------------
14.Save and close the file “/etc/raddb/users”
15.Run radiusd interactively from a terminal for the first time; use command:
/usr/sbin/radiusd -f -X
16.Configure radiusd as a service, which is started at boot time:
chkconfig radiusd on
17.The configuration of the FreeRADIUS server is now complete and the service is running as a
background task on the Linux machine. The following two steps serve for debugging pur-
poses.
18.For debugging it is convenient to start the FreeRADIUS server in a terminal with “/usr/sbin/
radiusd -f -X”. Every login authentication request and the corresponding answer is now listed
in the terminal.
19.The FreeRADIUS server must be restarted in order to make any file modifications effective.
Restart the FreeRADIUS server with “/etc/init.d/radiusd restart”.
Result: The RADIUS server is fully configured and operational.
End of instruction

Copyright 2022 Hitachi Energy. All rights reserved. 57

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

5.2.4 Password Rules for Local Authentication

Password policies apply to local NE authentication. The FOXCST requires the passwords to
comply with rules defined in the file “passwordrules.xml” if available in the FOXCST installation
folder. The file is installed by default. The default rule corresponds to a password length of at
least 8 characters.The dictionary text files can be stored anywhere on the PC. The file name
should use an absolute path name.
To modify or add password rules, open the file “passwordrules.xml” with administrator permis-
sions. Modify, add or delete rules with <rule> elements. A password needs to match each regu-
lar expression inside a <rule/> element. The rule entries may look as shown in the following
example:
<ruleX>^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$</ruleX>
<rule>[0-9]+</rule>
<rule>[A-Z]+</rule>
<rule>[a-z]+</rule>
<rule>[#?!@$%^&*-\+\]\[]</rule>
<rule>.{8,}</rule>
Dictionary files with expressions that shall be prohibited as passwords can be added to the
“passwordrules.xml” file. After FOXCST installation, there is one sample entry as comment. Any
entries must be added with the <dictionary/> delimiter as shown in the following example; one
entry per line:
<dictionary>realhuman_phill.txt</dictionary>
The dictionary text files can be stored anywhere on the PC. The file name should use an abso-
lute path name. The dictionary file is read as UTF-8 encoded file.

5.3 SNMP v3 User Authentication and Encryption

SNMP v3 supports user authentication and encryption by configuring the User Base Security
Model (USM) and the View Based Access Control (VACM) objects.
The USM model provides:
• Authentication via MD5 or SHA1 hash
− the hash verifies the authenticity of the entire v3 message,
− modified or forged packets will be rejected.
• Encryption via DES and AES.
• Three levels of security: NoAuthNoPriv, AuthNoPriv, AuthPriv.

Please note:
The FOX61x supports two security levels NoAuthNoPriv and AuthPriv.
→ Use the security level AuthPriv in general. The security level noAuthNoPriv
should be used for debugging only.
The USM keys used to authenticate and encrypt messages are generated by:
• a password hashed using the authentication algorithm,
• the resulting hash is then re-hashed after mixing it with the authoritative engine ID.
This means:
• all user keys are different on each host,
• a cracked system key cannot be used to gain access to another system.
For the SNMP v3 configuration refer to section 3.4.2 SNMP Configuration (on page 34).
For possible SNMP security measures please refer to [1KHW028641] Application Note “FOX-
61x Deployment Guidelines”.

Copyright 2022 Hitachi Energy. All rights reserved. 58

FOX61x | MANAGEMENT COMMUNICATION MANAGEMENT SECURITY

5.4 SSHv2 Encrypted Management Channel

Using SSH to encrypt the management communication is the preferred method.

Risk of operating trouble!

It is not recommended to encrypt the management communication using the
encryption unit SENC1. The reason is that the SENC1 encryption unit must be con-
figured via FOXMAN-UN/DIRAC. Modifying the encryption method of the manage-
ment channel using the same management channel will in most cases not work.

5.4.1 FOXCST over an Encrypted Communication Channel

Local and remote communication between the FOXCST and the NE can be encrypted as
described in section 3.2.3.1 Encrypted Management Communication (on page 27).
The configuration is described in section 6.1.2 Menu File - Connect … (on page 62) and section
6.18.1.2 AP: / ne, Configuration - Session Management (on page 128).

5.4.2 CLI over an Encrypted Communication Channel

Although it is possible to connect to the NE via CLI using the unencrypted Telnet protocol, Hita-
chi Energy strongly recommends to connect via the default encrypted SSH protocol.
For more information please refer to section 6.18.1.2 AP: / ne, Configuration - Session Manage-
ment (on page 128).

Please note:
The CLI application is not an officially supported management feature and there-
fore not documented.
→ It is only used for support operations, done by Hitachi Energy personnel.

5.5 FOX61x Firewalls

The HW and SW firewall improve the security of the FOX61x network element. In case of an
overload situation the NE CPU is protected from overwhelming system performance issues.
The SW firewall protects the FOX61x by dropping the UDP packets on the local management
port and by limiting the packet rate on the other core unit Ethernet front ports.
The HW firewall limits the Ethernet overall frame rate in the management VLAN.
Please refer to [1KHW028641] Application Note “FOX61x Deployment Guidelines” for more
information.

Copyright 2022 Hitachi Energy. All rights reserved. 59

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6 User Interface Reference

The following sections give a complete FOXCST reference of the management communication
related managed objects, properties and commands of the FOX61x, as far as these are not yet
covered in the generic description in the document [1KHW002464] User Manual “FOX615 R2/
FOX615/FOX612/FOX611”.
Management communication related functions are handled at different places in the FOXCST:
• FOXCST menu:
The FOXCST “File” menu provides the management of the connection parameter settings
and the commands to connect/disconnect the FOXCST to/from the FOX61x network ele-
ment.
Please refer to section 6.1 FOXCST Menu File (on page 60),
The FOXCST “Tools” menu provides the local user password management.
Please refer to section 6.2 FOXCST Menu Tools (on page 64),
• FOXCST “Management” view:
The FOXCST “Management” view provides the management router related management
functions for the OSPF router, loopback interfaces, TDM interfaces, MPLS MCC interfaces
and the VLAN interfaces with or without VRRP Instances at the AP: /managementNetwork:
Please refer to section 6.3 Introduction to the FOXCST “Management” View (on page 66)
and subsequent sections.
• Configuration and status management functions of the AP: /ne:
The management functions of the AP: /ne, available at the FOXCST “Shelf View” and “Tree
View”, handle the session management, RADIUS client, Syslog and SNMP functions.
Please refer to section 6.17 Introduction to FOXCST “Shelf View” and “Tree View” (on
page 125) and the subsequent section.
For a detailed description of the FOXCST please refer to [1KHW002466] User Manual
“FOXCST”.
For a description of the FOX61x bridging features please refer to [1KHW028566] User Manual
“Ethernet Switching”.
For a description of the FOX61x TDM cross connections management please refer to
[1KHW002467] User Manual “TDM Services”.
For a description of the FOX61x MPLS-TP interfaces please refer to [1KHW028618] User Man-
ual “MPLS-TP Services”.

6.1 FOXCST Menu File

The management communication related commands of the FOXCST “File” menu are:
• Manage Connections …
• Connect …
• Close
• Exit

Copyright 2022 Hitachi Energy. All rights reserved. 60

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.1.1 Menu File - Manage Connections …

In the FOXCST “File” menu click the “Manage Connections …” command. The “Known Network
Element Connections” dialog opens.
FOXCST can only set up a connection with FOX61x NEs that are contained in this list. After the
initial FOXCST installation the table contains one entry for the connection to the local manage-
ment port:
• “Local Connection” with the NE address 192.168.1.1.
Additional target NEs must be manually created by the user.

Table 12: Known Network Element Connections

Operation Parameter Name Range Descriptions / Details
Name
Known Connec- List of all existing connections to connect to a FOX61x
tions NE.
Click the arrow to move the selected entry in the
“Known Connections” table one position upwards.
Click the arrow to move the selected entry in the
“Known Connections” table one position down-
wards.
Connection Name Name of the selected entry in the “Known Connec-
Details tions” table.
Arbitrarily selectable descriptive name of the FOX61x
NE.
Type TCP Connection protocol type of the selected entry in the
“Known Connections” table.
The FOX61x only supports the TCP type.
NE Address <IPv4 address> Host IP address of the selected entry in the “Known
Connections” table.
This address can be any loopback or router interface
address defined on the NE or the local management
port address.
Hitachi Energy recommends using either the first loop-
back address or one of the VLAN interface addresses
as management address.

Copyright 2022 Hitachi Energy. All rights reserved. 61

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 12: Known Network Element Connections (continued)

Operation Parameter Name Range Descriptions / Details
Name
Import Import a list of FOX61x management connections to the
element manager (FOXCST) using the FOXCST file
browser.
For a description of the file browser please refer to
[1KHW002466] User Manual “FOXCST”.
Export Export a list of FOX61x management connections to the
element manager host using the FOXCST file browser.
For a description of the file browser please refer to
[1KHW002466] User Manual “FOXCST”.
Delete Delete the selected entry in the “Known Connec-
tions” table.
New Create a new entry in the “Known Connections”
table. The connection parameter values are taken
from the selected entry in the “Known Connections”
table. The name is extended with “- copy”.
You have to modify the connection parameters
according to your needs.
OK Confirm any modifications in the “Known Connec-
tions” table and close the dialog.
Cancel Cancel any modifications in the “Known Connec-
tions” table and close the dialog.

6.1.2 Menu File - Connect …

In the FOXCST “File” menu click the “Connect …” command. The “Connect to” dialog opens.
FOXCST can only set up a connection with FOX61x NEs that are contained in the “Connection”
list. Please refer to section 6.1.1 Menu File - Manage Connections … (on page 61).
When being connected to an NE the “Connect …” menu item is grayed out. It is not possible to
connect to another NE as long as a connection exists. You first have to close the active connec-
tion with the “Close” or “Exit” command.

Copyright 2022 Hitachi Energy. All rights reserved. 62

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 13: Connect to

Operation Parameter Name Range Descriptions / Details
Name
Connection <connection name> Select a list entry of all existing connections that can
(IPv4 address) be used to connect to a FOX61x NE.
Authentication Local Selection between local (NE internal) and remote
Remote (RADIUS) (RADIUS) authentication.

User Class Information Select the appropriate user class.

Maintenance If the Authentication parameter is set to “Remote
(RADIUS)” the matching user class must be defined
Manager in the authentication server, or no user class must
Support be defined in the authentication server.
For a description of the available user classes please
Session Manager
refer to section 3.1.1 User Classes (on page 13).
User Name <user name> Available only if the Authentication parameter is set
to “Remote (RADIUS)”.
Enter the appropriate user name as configured in
the RADIUS server.
Password <password> Enter the password associated with the selected
user class.
Depending on the selection for “Authentication” the
matching password is either defined in the NE or in
the authentication server.
Encrypted (SSH) The path from the FOXCST to the NE is encrypted for
any communication.
The path from the FOXCST to the NE is not encrypted.
The connection message is sent with a userclass and a
hashed password over TCP/IP.
Open the “Known Network Element Connections”
Connection dialog to create, delete or modify a connection.
Please refer to section 6.1.1 Menu File - Manage Con-
nections … (on page 61).
OK Connect to the selected NE and close the dialog.
Cancel Cancel the connection process and close the dialog.

Please note:
In case the “Remote (RADIUS)” authentication option is selected and the selected
user class is not defined in the RADIUS server, the FOXCST will present a error
message with the available user classes:

→ Select one of the available user classes to connect.

Please note:
In case the “Encrypted (SSH)” option is enabled but the FOX61x does not support
encryption (i.e. a release not supporting encryption or when the core unit is in the
bootloader mode) or encryption is disabled on the NE globally, the FOXCST will try
to connect to the NE unencrypted after the following message is confirmed:

Copyright 2022 Hitachi Energy. All rights reserved. 63

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

→ Select “Yes” to start an unencrypted communication.

6.1.3 Menu File - Close

To close an established connection between the FOXCST and an NE click the “Close” com-
mand in the FOXCST “File” menu. If the configuration is saved, i.e. the “Save to NE” command
has been executed after the last configuration modification, the connection is immediately
closed. FOXCST is not terminated.

Risk of operating trouble!

When you are connected to a FOX61x network element via SSH never terminate
the connection by removing the Ethernet cable.
→ Always terminate a connection with the “Close” command”.
If the configuration is not saved, a warning message is raised, which has to be confirmed:

Table 14: Close

Operation Parameter Name Range Descriptions / Details
Name
Yes Save the configuration to the NE and close the con-
nection.
No Do not save the configuration and close the connec-
tion.
Cancel Cancel the close process. The NE stays connected.

6.1.4 Menu File - Exit

To close an established connection between the FOXCST and an NE and to terminate the
FOXCST click the “Exit” command in the FOXCST “File” menu. If the configuration is saved, i.e.
the “Save to NE” command has been executed after the last configuration modification, the con-
nection is immediately closed and the FOXCST is terminated.
If the configuration is not saved, a warning message is raised, which has to be confirmed.
Please refer to section 6.1.3 Menu File - Close (on page 64).

6.2 FOXCST Menu Tools

The management communication related command of the FOXCST “Tools” menu is:
• Modify Password …

Copyright 2022 Hitachi Energy. All rights reserved. 64

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.2.1 Menu Tools - Modify Password …

Please note:
Only a user of class “Session Manager” may configure the local passwords.

Please note:
Password policies apply. The FOXCST requires the passwords to comply with
rules defined in the file “passwordrules.xml” if available in the FOXCST installation
folder. For more information refer to section 5.2.4 Password Rules for Local
Authentication (on page 58).

Please note:
There is a separate set of passwords for remote RADIUS login, which must be
modified by the RADIUS server administrator.
To modify a password on an NE connect to the NE as Session Manager. Click the “Modify
Password …” command in the FOXCST “Tools” menu. The “Modify Password” dialog opens.
Modified passwords are automatically saved in the NE when confirming the modification with
“OK” or “Apply”.

If a password does not comply with the rules defined in “passwordrules.xml”, a “password verifi-
cation failed” error message is issued.

If a password matches a dictionary file (i.e. prohibited) expression the following error message
is issued:

Copyright 2022 Hitachi Energy. All rights reserved. 65

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 15: Modify Password

Operation Parameter Name Range Descriptions / Details
Name
Modify Password User Class Session Manager Select the user class for which the password shall be
Support modified.
User classes which have been initialized, i.e. which
Manager have a password configured, are marked witha tick
Maintenance mark.
For the user class description please refer to section
Information
3.1.1 User Classes (on page 13).
After the initial connection to a FOX61x NE where the
passwords have not been set, the “Session Manager”
password must be configured first.
The default Session Manager Password is empty, i.e.
no password is set.
Old Password Range depends on The password modification for the user class “Ses-
defined password sion Manager” requires verification of the old pass-
rules. word.
For all other user classes a new password may be
entered without knowing the old password.
UTF-8 encoding is used for the password fields.
New Password Range depends on The default valid range starts from 8 characters.
defined password
rules.
Confirmed New Range depends on Password confirmation.
Password defined password
rules.

6.3 Introduction to the FOXCST “Management” View

The FOXCST “Management” view provides the management router related management func-
tions at the AP: /managementNetwork:
• Loopback Interfaces
• MPLS Interfaces
• Router
• TDM Interfaces
• VLAN Interfaces
Please refer also to section 2.3 FOX61x Management Architecture (on page 10).

Copyright 2022 Hitachi Energy. All rights reserved. 66

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

The Figure 21 shows the FOXCST access point (AP) “Management” view for the FOX61x net-
work element with its managed objects.

Management

<a p>
managementNetwork

1 <a p>
loop backInterface s

8 <a p>
lo-x

1 <a p>
mplsMccIn terfaces

0 ... 10 <a p>

mcc-m

1 <a p>
router

1 <a p>
ospf

8 <a p>
area-y

1 <a p>
tdmInterfaces

0 ... 16 <a p>

ppp-z

1 <a p>
vlanInte rfa ces

0 ... 8* <a p>

vlanInte rfa ce-v
* the CESM1 or CESM2 core unit has
only 2 VLAN interfaces
0 ... 2 <a p>
vrrp-w

Figure 21: MOM (managed objects model) of the FOXCST “Management” view

With these managed objects (MOs) the following functions are covered:

Table 16: FOX61x Managed Objects (MOs)

MO Description of the management functions
managementNetwork Top MO for all FOX61x management router related
items.

Copyright 2022 Hitachi Energy. All rights reserved. 67

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 16: FOX61x Managed Objects (MOs) (continued)

MO Description of the management functions
loopbackInterfaces Parent MO for the management routers loopback
interfaces
lo-x Configuration and status of the loopback interface
of the management router.
Further information can be found in section 6.6 AP: /
managementNetwork / loopbackInterfaces / lo-x (on
page 71).
mplsMccInterfaces Create and delete the MPLS MCC interfaces of the
management router.
Further information can be found in section 6.7 AP: /
managementNetwork / mplsMccInterfaces (on
page 73).
mcc-m Configuration, fault management and status of the
MPLS MCC interface of the management router.
Further information can be found in section 6.8 AP: /
managementNetwork / mplsMccInterfaces / mcc-m (on
page 75).
router Configuration and status of the management
router.
Further information can be found in section 6.9 AP: /
managementNetwork / router (on page 82).
ospf Configuration and status of the ospf router.
Further information can be found in section 6.10 AP: /
managementNetwork / router / ospf (on page 85).
area-y Configuration and status of the ospf routers area.
Further information can be found in section 6.11 AP: /
managementNetwork / router / ospf / area-y (on
page 94).
tdmInterfaces Create and delete the PPP interfaces of the manage-
ment router.
Further information can be found in section 6.12 AP: /
managementNetwork / tdmInterfaces (on page 98).
ppp-z Configuration, performance management, fault
management and status of the PPP interface of the
management router.
Further information can be found in section 6.13 AP: /
managementNetwork / tdmInterfaces / ppp-z (on
page 100).
vlanInterfaces Creation and deletion of the VLAN interfaces of the
management router.
Further information can be found in section 6.14 AP: /
managementNetwork / vlanInterfaces (on page 110).
vlanInterface-v Configuration, performance management, fault
management and status of the VLAN interface of
the management router. Create and delete the VRRP
instances of the VLAN interface.
Further information can be found in section 6.15 AP: /
managementNetwork / vlanInterfaces / vlanInterface-v
(on page 111).
vrrp-w Configuration and status of the vrrp instance.
Further information can be found in section 6.16 AP: /
managementNetwork / vlanInterfaces / vlanInterface-v /
vrrp-w (on page 120)

This reference section comprises the management functions:

• Overview,

Copyright 2022 Hitachi Energy. All rights reserved. 68

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

• Main,
• Configuration,
• Fault Management,
• Performance Management, and
• Status.
Most of the APs only offer a part of the management functions listed above.
The order of appearance of the management function descriptions is in accordance with the
APs in the FOXCST AP tree and the availability of the management functions of each AP.
In the tables of the sections below, the parameter default values for properties are underlined.

Please note:
For better legibility of numbers in this User Manual, inverted commas are used
when the number’s size exceeds three digits (e.g. 40’000). In parameter entry
fields of the FOXCST, these inverted commas must not be entered. Instead, the
numbers are entered without these inverted commas (e.g. 40000).

Please note:
Screenshots presented in this reference are examples and show configurations or
data that may not correspond to the view you see when managing your FOX61x
equipment.

6.4 AP: / managementNetwork

6.4.1 AP: / managementNetwork, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.
For a description of the
− “Overview - Cross Connections”
management function, please refer to [1KHW002467] User Manual “TDM Services”.

6.4.2 AP: / managementNetwork, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.4.3 AP: / managementNetwork, Configuration

6.4.3.1 AP: / managementNetwork, Configuration - Source IP Address

IP-based applications like e.g. RADIUS might use the clients source IP address for the unique
client identification. The source IP address is determined by the client system and is usually the
IP address of the outgoing interface in the routing table.
The management router of the FOX61x has multiple routing interfaces (vlanInterface, mcc, ppp)
and outgoing packets can be sent potentially via different paths at different times. This results in
different source IP addresses, which creates a client identification problem on the server site.

Copyright 2022 Hitachi Energy. All rights reserved. 69

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

The source IP address configuration feature allows the selection of a logical interface of the
management router (VLAN interface or loopback interface), whose IP address is then used as
the source IP address for all outgoing traffic generated by a specified application.

Please note:
An interface must have an IP address configured and be in the administrative up
state to be selectable as an IP source address interface.

Table 17: AP: / managementNetwork, Configuration - Source IP Address

Operation Name Parameter Name Range Description / Details
Management From Interface default For the management application, i.e. notifica-
Application Source tions towards the element manager, use the
IP Address 1 IP address of the outgoing interface in the
routing table.
lo-1 … Select one of the loopback interfaces as
lo-8 source IP address.
vlanInterface-1 … Select one of the created management VLAN
vlanInterface-n interfaces as source IP address.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
SNTP Source IP From Interface default For the SNTP application use the IP address
Address of the outgoing interface in the routing table.
lo-1 … Select one of the loopback interfaces as
lo-8 source IP address.
vlanInterface-1 … Select one of the created management VLAN
vlanInterface-n interfaces as source IP address.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
SNMP Trap Source From Interface default For the SNMP trap application use the IP
IP Address address of the outgoing interface in the rout-
ing table.
lo-1 … Select one of the loopback interfaces as
lo-8 source IP address.
vlanInterface-1 … Select one of the created management VLAN
vlanInterface-n interfaces as source IP address.
n = 2 for CESM1 and CESM2
n = 8 for CESM3

Copyright 2022 Hitachi Energy. All rights reserved. 70

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 17: AP: / managementNetwork, Configuration - Source IP Address (continued)

Operation Name Parameter Name Range Description / Details
RADIUS Source IP From Interface default For the RADIUS application use the IP address
Address of the outgoing interface in the routing table.
lo-1 … Select one of the loopback interfaces as
lo-8 source IP address.
vlanInterface-1 … Select one of the created management VLAN
vlanInterface-n interfaces as source IP address.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
Syslog Source IP From Interface default For the Syslog application use the IP address
Address of the outgoing interface in the routing table.
lo-1 … Select one of the loopback interfaces as
lo-8 source IP address.
vlanInterface-1 … Select one of the created management VLAN
vlanInterface-n interfaces as source IP address.
n = 2 for CESM1 and CESM2
n = 8 for CESM3

1. The Management Application Source IP Address is configurable in the “Basic Settings” dialog, available at the FOXCST
menu “NE > Basic Settings …”.

6.5 AP: / managementNetwork / loopbackInterfaces

6.5.1 AP: / managementNetwork / loopbackInterfaces, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.6 AP: / managementNetwork / loopbackInterfaces / lo-x

6.6.1 AP: / managementNetwork / loopbackInterfaces / lo-x, Main

6.6.1.1 AP: / managementNetwork / loopbackInterfaces / lo-x, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.6.1.2 AP: / managementNetwork / loopbackInterfaces / lo-x, Main - Admin And Oper Status

Copyright 2022 Hitachi Energy. All rights reserved. 71

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 18: AP: / managementNetwork / loopbackInterfaces / lo-x, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down loopback interface.

Operational Status State Up Display of the IETF operational status of the

Down loopback interface.

Testing

6.6.2 AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration

6.6.2.1 AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration - IP

Table 19: AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration - IP

Operation Name Parameter Name Range Description / Details
Address Address <IPv4 address> Any valid IP address/network mask combina-
Netmask <netmask> tion.
The default IP address is empty.
The default netmask is 255.255.255.255.
Typically the loopback addresses are defined
with a host mask 255.255.255.255.

6.6.2.2 AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration - OSPF

Table 20: AP: / managementNetwork / loopbackInterfaces / lo-x, Configuration - OSPF

Operation Name Parameter Name Range Description / Details
OSPF Interface Enabled Hitachi Energy recommends not to enable OSPF
for loopback interfaces. Since the unnumbered
interface that possibly uses this loopback inter-
Area area-0 … area-7 face has its own OSPF configuration. An over-
determination could arise.

6.6.3 AP: / managementNetwork / loopbackInterfaces / lo-x, Status

6.6.3.1 AP: / managementNetwork / loopbackInterfaces / lo-x, Status - IP

Copyright 2022 Hitachi Energy. All rights reserved. 72

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 21: AP: / managementNetwork / loopbackInterfaces / lo-x, Status - IP

Operation Name Parameter Name Range Description / Details
Router If Status IP MTU Size 0 … 65’535 Maximum Transmission Unit, i.e. maximum IP
packet size.
The MTU size is calculated including the IP
headers.

6.6.3.2 AP: / managementNetwork / loopbackInterfaces / lo-x, Status - OSPF

Table 22: AP: / managementNetwork / loopbackInterfaces / lo-x, Status - OSPF

Operation Name Parameter Name Range Description / Details
OSPF Status Status Down Shows the current router state.
Loopback
Waiting
Point To Point
Designated Router
Backup Designated
Router
Other Designated Router
Unknown
Area <IPv4 address> Shows the area address (e.g. 0.0.0.0
for area-0)
Authentication Type None Shows the current authentication type.
Simple
MD5
Hello Interval 0 … 65’535 Hello interval in seconds.
Router Dead Interval 0 … 65’535 Router Dead Interval in seconds.
Transmission Delay 0 … 65’535 Transmission Delay in seconds.
Retransmission Delay 0 … 65’535 Retransmission Delay in seconds.

6.7 AP: / managementNetwork / mplsMccInterfaces

6.7.1 AP: / managementNetwork / mplsMccInterfaces, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611” (user interface reference part).

Copyright 2022 Hitachi Energy. All rights reserved. 73

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.7.2 AP: / managementNetwork / mplsMccInterfaces, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611” (user interface reference part).

6.7.3 AP: / managementNetwork / mplsMccInterfaces, Configuration

6.7.3.1 AP: / managementNetwork / mplsMccInterfaces, Configuration - MPLS MCC

Table 23: AP: / managementNetwork / mplsMccInterfaces, Configuration - MPLS MCC

Operation Parameter Name Range Descriptions / Details
Name
Available MPLS Available MPLS 0 … 10 Up to 10 MPLS MCC interfaces can be created.
MCC MCC Interfaces This parameter shows the remaining number of
interfaces that can be created.
Create Section Open the Create Section MCC Interface dialog to
MCC Interface … create a port based or VLAN based section MCC
interface.
Create Section MCC mcc-1 … mcc-10 Select one of the available 10 MPLS MCC interfaces.
MCC Interface This parameter shows the remaining MPLS MCC
interfaces that can be created.
MPLS Interface mplsif-1 … mplsif- Available not yet configured interfaces can be
10 selected.
The “Port Type Usage” of the port based or VLAN
based MPLS-TP interface on the core unit must be
configured first to “MPLS-TP” before creating MPLS
Section MCC Interfaces.
Create LSP MCC Open the Create LSP MCC Interface dialog.
Interface …

Copyright 2022 Hitachi Energy. All rights reserved. 74

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 23: AP: / managementNetwork / mplsMccInterfaces, Configuration - MPLS MCC (continued)

Operation Parameter Name Range Descriptions / Details
Name
Create LSP MCC MCC mcc-1 … mcc-10 Select one of the available 10 MPLS MCC interfaces.
Interface This parameter shows the remaining MPLS MCC
interfaces that can be created.
LSP none No MPLS-TP tunnels are created.
tunnel-1 Shows the first created MPLS-TP tunnel name.
Open a subset of the MPLS-TP tunnel view. Select
one of the available MPLS-TP tunnels.
Delete MCC Open the Delete MCC Interface dialog.
Interface …
Delete MCC MPLS MCC Inter- All All configured MCC interfaces are deleted.
Interface face mcc-1 … mcc-10 One of the configured mcc-x interfaces can be
selected for deletion.

For the creation of the MPLS-TP tunnels please refer to [1KHW028618] User Manual “MPLS-TP
Services”.

6.8 AP: / managementNetwork / mplsMccInterfaces / mcc-m

6.8.1 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.8.2 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main

6.8.2.1 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.8.2.2 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main - Admin And Oper Status

Table 24: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down MPLS MCC interface.

Copyright 2022 Hitachi Energy. All rights reserved. 75

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 24: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Operational Status State Up Display of the IETF operational status of the
Down MPLS MCC interface.

Testing

6.8.3 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration

6.8.3.1 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - IP

Table 25: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - IP

Operation Parameter Name Range Descriptions / Details
Name
Addressing Mode Numbered An IP interface address is assigned to each end of
the MPLS MCC link.
Unnumbered Unnumbered MPLS MCC links have no interface
address assigned.
The IP address is borrowed from another router
interface that has to be configured with the
“Unnumbered From” parameter below.
Address <IPv4 address> Any valid IP address/network mask combination.
Netmask <netmask> Both address and mask values are subject of correct
IP network design. Whether a certain address/mask
combination is valid for a certain interface is in the
responsibility of the user and cannot be checked by
the core unit or by the FOXCST.
The default IP address is empty.
The default netmask is 255.255.255.255.
Unnumbered From None If the MPLS MCC mode is unnumbered, the MCC IP
lo-1 … lo-8 address is borrowed from the selected router inter-
face.
vlanInterface-1 … n = 2 for CESM1 and CESM2
vlanInterface-n n = 8 for CESM3
Note that “None” is not a valid selection.

Copyright 2022 Hitachi Energy. All rights reserved. 76

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.8.3.2 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - OSPF

Table 26: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Interface Enabled OSPF is activated for the corresponding MPLS MCC
interface, i.e. the IP network is advertised by the
local router.
OSPF is not active on the corresponding MPLS MCC
interface, i.e. the IP network is not advertised.
Area area-0 … area-7 The corresponding MPLS MCC interface belongs to
the selected area.
OSPF Mode Mode Active Hello packets and LSAs are sent over the corre-
sponding MPLS MCC interface and OSPF adjacencies
can be built.
Passive No hello packets and LSAs are sent over the corre-
sponding MPLS MCC interface.

Copyright 2022 Hitachi Energy. All rights reserved. 77

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 26: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - OSPF (contin-

Operation Parameter Name Range Descriptions / Details
Name
OSPF Authenti- Type None No authentication is used in OSPF hello- and LSA-
cation packets.
Simple Authentication with a plain text string is used in
OSPF hello- and LSA-packets.
MD5 Authentication with a MD5 hash is used in OSPF
hello- and LSA-packets.
Key ID 1 … 255 ID of the authentication key.
Key parameter n.a. The configuration of the authentication key for a
(Type = None) certain interface is depending on the selection for
max. 8 characters “Authentication” for the appropriate area. Make sure
(Type = Simple) to configure identical keys for all OSPF interfaces on
a common network segment.
max. 16 characters If more than 8 characters are defined for simple
(Type = MD5) authentication, only the first 8 characters are mean-
ingful for the key.
OSPF Metric Automatic By default, the metric is calculated automatically
from the specified interface bandwidth with the for-
mula: metric = 100’000 / bandwidth in kbit/s. E.g.
the metric for a 512kbit/s link (8TS) is 195.
The OSPF metric is derived from the configured
manual metric value.
Manual Metric 0 … 65’535 The OSPF routing table calculations can be affected
with manual OSPF metrics. This feature should how-
ever be used by OSPF experts only.
OSPF Timers Hello Interval 1 … 10 … 65’535 s Time interval for sending of hello packets on that
interface. All OSPF routers that are attached to the
same network must agree on the same hello interval.
Router Dead Inter- 1 … 40 … 65’535 s The time before a neighboring router is declared
val down after missing the hello packets - always four
times the hello interval.
Transmission Delay 1 … 1 … 65’535 s The time it takes to transmit a link state update
packet over this interface. LSAs contained in the
update packet must have their age incremented by
this amount before transmission.
Retransmission 1 … 5 … 65’535 s Time interval between LSA retransmissions for adja-
Delay cencies belonging to this interface. Also used when
retransmitting database description and link state
request packets.

6.8.3.3 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - Traffic Control

Please note:
The sum of the shaping rates of all MCC interfaces is limited to 4096 kbit/s. This
value can not be modified.
→ Overbooking is allowed.

Copyright 2022 Hitachi Energy. All rights reserved. 78

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 27: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Configuration - Traffic Control

Operation Name Parameter Name Range Description / Details
MCC Shaping Rate 1 … 2048 kbit/s The MCC traffic control is implemented as a
Token Bucket Filter.
The Rate parameter limits the average
throughput of the MCC.
Max. Burst Size 1 … 12 kByte Size of the token bucket in bytes. This is the
maximum amount of bytes for which tokens
can be available immediately.
In general, higher shaping rates require larger
burst sizes.
Queue Buffer Limit 1 … 12 kByte The queue buffer limit is the number of bytes
that can be queued waiting for tokens to
become available.

6.8.4 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Fault

Management
For the description of the general aspects of the
− “Fault Management - Status”, and
− “Fault Management - Configuration”
management functions, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”. The following table lists the fault causes of the current AP.

Table 28: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Fault Management

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
OPSDWN Operational State Communica- Major The alarm is activated if no hello pack-
Down tion Alarm ets from the remote OSPF router are
received.
The detection of a broken link is
defined by the “router dead interval”.
The alarm is only applicable if OSPF is
enabled.

6.8.5 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Performance

Management
For the description of the general aspects of the performance management (PM) functions,
please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/FOX612/FOX611”.
The PM parameters are presented in different groups. The following counter groups are avail-
able for the MCC interfaces:
• “MIB-2 Interface Table” group, see section 6.8.5.1 AP: / managementNetwork / mplsMccIn-
terfaces/ mcc-m, Performance Management - MIB-2 Interface Table (on page 80),
• “OSPF Counters” group, see section 6.8.5.2 AP: / managementNetwork / mplsMccInter-
faces/ mcc-m, Performance Management - OSPF Counters (on page 80).
The following counter intervals are available, depending of the counter group:

Table 29: PM counter interval availability

Counter interval MIB-2 Interface OSPF Counters
Table
User Counter yes yes
History 15min yes yes

Copyright 2022 Hitachi Energy. All rights reserved. 79

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 29: PM counter interval availability (continued)

Counter interval MIB-2 Interface OSPF Counters
Table
History 24h yes yes
Alarm 15min no no
Alarm 24h no no

6.8.5.1 AP: / managementNetwork / mplsMccInterfaces/ mcc-m, Performance Management - MIB-

2 Interface Table

Table 30: PM group: MIB-2 Interface Table

PM parameter Description
In Octets The total number of octets received on the inter-
face, including framing characters
In Packets The number of inbound packets delivered to a
higher-layer protocol.
In Discards The number of inbound packets which were cho-
sen to be discarded even though no errors had
been detected to prevent their being deliverable
to a higher-layer protocol. One possible reason
for discarding such a packet could be to free up
buffer space.
In Errors The number of inbound packets that contained
errors preventing them from being deliverable to
a higher-layer protocol.
Out Octets The total number of octets transmitted out of
the interface, including framing characters.
Out Packets The total number of outbound packets that
higher-level protocols requested to be transmit-
ted, including those that were discarded or not
sent.
Out Discards The number of outbound packets which were
chosen to be discarded even though no errors
had been detected to prevent their being trans-
mitted. One possible reason for discarding such
a packet could be to free up buffer space.
Out Errors The number of outbound packets that could not
be transmitted because of errors.

6.8.5.2 AP: / managementNetwork / mplsMccInterfaces/ mcc-m, Performance Management -

OSPF Counters

Table 31: PM group: OSPF Counters

PM parameter Description
In Hello The number of hello packets received.
In Data Descr Pkt The number of database description packets
received.
In LSA Request The number of LSA received in link state
requests.
In LSA Update The number of LSA updates received.
In LSA Acknowledge The number of LSA acknowledgments received.
Out Hello The number of hello packets sent.
Out Data Descr Pkt The number of database description packets
sent.

Copyright 2022 Hitachi Energy. All rights reserved. 80

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 31: PM group: OSPF Counters

PM parameter Description
Out LSA Request The number of LSA sent in link state requests.
Out LSA Update The number of LSA updates sent.
Out LSA Acknowledge The number of LSA acknowledgments sent.

6.8.6 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status

6.8.6.1 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - IP

Table 32: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - IP

Operation Parameter Name Range Descriptions / Details
Name
Router If Status IP MTU Size 1500 Size of the maximum transmission unit (Rx and Tx)
in bytes.

6.8.6.2 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - OSPF

Table 33: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Status Status Down Shows the current router state.
Loopback Since the OSPF Interface Type is fixed to Point To
Point and can not be configured the Status is very
Waiting limited and will not show the whole range.
Point To Point
Designated Router
Backup Designated
Router
Other Designated
Router
Unknown

Copyright 2022 Hitachi Energy. All rights reserved. 81

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 33: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - OSPF (continued)

Operation Parameter Name Range Descriptions / Details
Name
Area <IPv4 address> Shows the area address (e.g. 0.0.0.0 for area-0)
Authentication None Shows the current authentication type.
Type Simple
MD5
Hello Interval 0 … 65’535 Shows the Hello interval in seconds.
Router Dead Inter- 0 … 65’535 Shows the Router Dead Interval in seconds.
val
Transmission Delay 0 … 3600 Shows the Transmission Delay in seconds.
Retransmission 0 … 3600 Shows the Retransmission Delay in seconds.
Delay

6.8.6.3 AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - MPLS

Table 34: AP: / managementNetwork / mplsMccInterfaces / mcc-m, Status - MPLS

Operation Name Parameter Name Range Description / Details
MPLS MCC Connection Type Section If the generic associated channel (G-ACh) is
associated with an MPLS section, the Generic
Associated Channel Label (GAL) is added to
the message.
LSP If the G-ACh is associated with an LSP, the
GAL is added to the packet and the LSP label
is pushed on top of the GAL.
MPLS Interface mplsif-1 … mplsif-10 Shows the configured MPLS interface for the
“Connection Type = Section”.
Not Available Shows “Not Available” for the “Connection
Type = LSP”.
LSP Not Available Shows “Not Available” for the “Connection
Type = Section”.
tunnel-x.y Shows the configured LSP for the “Connec-
tion Type = LSP”.

6.9 AP: / managementNetwork / router

6.9.1 AP: / managementNetwork / router, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611” (user interface reference part).

Copyright 2022 Hitachi Energy. All rights reserved. 82

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.9.2 AP: / managementNetwork / router, Configuration

6.9.2.1 AP: / managementNetwork / router, Configuration - StaticRoutes

Table 35: AP: / managementNetwork / router, Configuration - StaticRoutes

Operation Name Parameter Name Range Description / Details
Static Route Table Address <IPv4 address> Any valid IP address/network mask combina-
Netmask <netmask> tion.
The destination/mask pair unambiguously
identifies an IP address range, where the cor-
responding static route is pointing to. The
default destination 0.0.0.0/0.0.0.0 contains
the whole IP address range.
Via Gateway “Gateway” must be used if the route destina-
tion is reached over a numbered interface.
ppp-1 … ppp-16 If the route destination is reached over an
unnumbered interface, the corresponding
interface must be selected.
Gateway <IPv4 address> Next hop address in the case of “Via = Gate-
way”.
Metric 1 … 255 Path cost to the external destination that is
used by the local router only.
The redistributed metric value in the type 5
LSA is derived from the OSPF router configu-
ration.
Add … Open the “New Entry” dialog to add a new
item to the Static Route Table.
Remove Delete the selected entry from the Static
Route Table.

Please note:
Static routes with the local management port IP address used as gateway address
will not be applied by the management router.
→ The local management port cannot access the management router.

Copyright 2022 Hitachi Energy. All rights reserved. 83

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.9.3 AP: / managementNetwork / router, Status

6.9.3.1 AP: / managementNetwork / router, Status - Routing

Table 36: AP: / managementNetwork / router, Status - Routing

Operation Name Parameter Name Range Description / Details
Routing table Destination <IPv4 address> The destination address/mask pair unambig-
Address uously identifies an IP address range as desti-
Destination Mask <netmask> nation for the corresponding route.

Gateway Address <IPv4 address> Next hop address in the case of a numbered
interface.
Metric 0 … 65’535 Total path cost to reach the corresponding
destination
Interface vlanInterface-1 … A packet for the corresponding destination is
vlanInterface-n sent over this interface.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
Source Connected The interface is directly connected.
OSPF The route is calculated from the OSPF link
state data base.
Static The route is derived from a user configured
static route.
Ping … Open the “Ping Command” dialog.

Copyright 2022 Hitachi Energy. All rights reserved. 84

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 36: AP: / managementNetwork / router, Status - Routing (continued)

Operation Name Parameter Name Range Description / Details
Ping Command Destination <IPv4 address> Ping target IP address.
Address
Source Address <IPv4 address> Select one of the configured router interface
IP addresses.
When selecting the default IP address 0.0.0.0
the IP address of the port is used over which
the destination is reachable.
Number Of 1 … 10 Number of single ping command requests.
Requests
Packet Size 28 … 100 … 65’535 Ping packet size.
Traceroute … Open the “Trace Route Command” dialog.
Trace Route Com- Destination <IPv4 address> Traceroute target IP address.
mand Address

6.10 AP: / managementNetwork / router / ospf

6.10.1 AP: / managementNetwork / router / ospf, Main

6.10.1.1 AP: / managementNetwork / router / ospf, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.10.1.2 AP: / managementNetwork / router / ospf, Main - Admin And Oper Status

Table 37: AP: / managementNetwork / router / ospf, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down OSPF router.

Operational Status State Up Display of the IETF operational status of the

Down OSPF router.

Testing

Please note:
The OSPF router function has it’s own admin state. This status must be “Up”
before any router interface can be enabled for OSPF.

Copyright 2022 Hitachi Energy. All rights reserved. 85

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.10.2 AP: / managementNetwork / router / ospf, Configuration

6.10.2.1 AP: / managementNetwork / router / ospf, Configuration - OSPF

Add a new virtual link dialog:

Copyright 2022 Hitachi Energy. All rights reserved. 86

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 38: AP: / managementNetwork / router / ospf, Configuration - OSPF

Operation Parameter Name Range Descriptions / Details
Name
Router ID Router ID <IPv4 address> The router ID uniquely identifies the router in the
OSPF AS. If the router ID is not specified, the system
will choose the highest loopback address as router
ID instead.
Redistribute, Connected All directly connected router interfaces are redistrib-
Connected uted as external destinations (LSA type 5), irrespec-
tive of the OSPF activation for the interface. This will
lead to many unnecessary LSAs.
Hitachi Energy strongly recommends not using this fea-
ture. Configuring the interface with OSPF in passive
mode should be the preferred alternative.
Directly connected router interfaces are not distrib-
uted.
Metric 1 … 20 … 65’535 The path cost for this route that is redistributed as
LSA type 5.
Metric Type E1 For external type 1 routes, the internal cost and the
external cost (the metric parameter value) are added
in order to calculate the total cost to the corre-
sponding destination.
E2 For external type 2 routes, only the external cost (the
metric parameter value) is considered for the total
path cost.
Redistribute, Static The user configured static routes are redistributed
Static as external routes (LSA type 5).
The user configured static routes are not redistrib-
uted.
Metric 1 … 20 … 65’535 The metric used in the redistributed LSA type 5.
Metric Type E1 The same metric types as for “Redistribute, Con-
E2 nected” are used, as described above.

Copyright 2022 Hitachi Energy. All rights reserved. 87

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 38: AP: / managementNetwork / router / ospf, Configuration - OSPF (continued)

Operation Parameter Name Range Descriptions / Details
Name
Redistribute, Default A default route (both network address and network
Default Informa- mask = 0.0.0.0) is redistributed as external route
tion Originate (LSA type 5).
No default route is redistributed.
Always A default route is redistributed, even the corre-
sponding gateway interface is operationally down.
A default route is only redistributed, if the corre-
sponding gateway interface is operationally up.
Metric 1 … 20 … 65’535 The metric used in the redistributed LSA type 5.
Metric Type E1 The same metric types as for “Redistribute, Con-
E2 nected” are used, as described above.

Virtual Links Transit Area area-1 … area-7 The ID of the area, where the virtual link passes
through.
Virtual Link Neigh- <IPv4 address> The ID of the router that terminates the virtual link
bor on the other end.
Hello Interval 0 … 65’535 s Time interval in seconds for sending hello packets
on that interface.
As for any OSPF activated router interface, a hello
interval must be defined for the virtual link. Please
be aware of the fact, that a virtual link passes by sev-
eral routers and can thus have a much longer round-
trip delay. The hello interval should be well over the
expected round-trip delay between the two border
routers.
Router Dead Inter- 0 … 65’535 s Four times the hello interval.
val
Transmission Delay 0 … 65’535 s The time it takes to transmit a link state update
packet over this interface. LSAs contained in the
update packet must have their age incremented by
this amount before transmission.
Retransmission 0 … 65’535 s Time interval in seconds between LSA retransmis-
Delay sions for adjacencies belonging to this interface.
Also used when retransmitting database description
and link state request packets.
Authentication None No authentication is used in OSPF hello and LSA
Type packets.
Simple Authentication with a plain text string is used in
OSPF hello and LSA packets.
MD5 Authentication with a MD5 hash is used in OSPF
hello and LSA packets.
Authentication Key 1 … 255 ID of the authentication key.
ID
Authentication Key parameter n.a. The configuration of the authentication key for a
(Type = None) certain interface depends on the selection of
max. 8 characters “Authentication Type” for the corresponding inter-
(Type = Simple) face.
Make sure to configure identical authentication
max. 16 characters types and keys for all OSPF interfaces on a common
(Type = MD5) network segment.
Add … Open the “New Entry” dialog to add a new item to
the Virtual Links list.
Remove Deletes the selected entry from the Virtual Links list.

Copyright 2022 Hitachi Energy. All rights reserved. 88

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Risk of operating trouble!

To prevent network outage in case of the OPSF reloading process it is always rec-
ommended to configure a loopback interface address.
→ To get virtual links over DCN unnumbered interfaces running, the router ID must
be one of the interface IP address in the router. The loopback address is always
up and running and thus the OSPF process is stable.

6.10.3 AP: / managementNetwork / router / ospf, Status

6.10.3.1 AP: / managementNetwork / router / ospf, Status - General

Table 39: AP: / managementNetwork / router / ospf, Status - General

Operation Parameter Name Range Descriptions / Details
Name
General Router ID <IPv4 address> The local routers OSPF ID.
ABR The local router is an Area Border Router.
The local router is not an Area Border Router.
ASBR The local router is an Autonomous System Border
Router, i.e. it advertises one or more external routes.
The local router is not an Autonomous System Bor-
der Router, i.e. it advertises no external routes.
Restart OSPF The OSPF process in software is restarted if the
warning is acknowledged.

Risk of operating trouble!

Restarting OSPF will interrupt the connection to the neighbors.
→ The connection is re-established automatically.

6.10.3.2 AP: / managementNetwork / router / ospf, Status - Link State

Copyright 2022 Hitachi Energy. All rights reserved. 89

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 40: AP: / managementNetwork / router / ospf, Status - Link State

Operation Parameter Name Range Descriptions / Details
Name
Link State Area ID <IPv4 address> Area, where the originating router is located.
Type Router Link Each OSPF router in the local area plus all backbone
routers are listed here.
(type 1)
Network Link Each broadcast network in the local area and in the
backbone area is listed here, as advertised by their
corresponding designated router.
(type 2)
Summary Link They describe inter-area routes, and enable the con-
densation of routing information at area borders.
(type 3 and 4)
AS External Link They describe routes to destinations external to the
OSPF AS.
(type 5)
Link ID <IPv4 address> Router ID of the advertising router.
(type 1)
Interface address of the network's designated
router.
(type 2)
Address of the destination network.
(type 3)
Router ID of the advertising boundary router.
(type 4)
Address of the destination network.
(type 5)
Router ID <IPv4 address> OSPF ID of the router that advertises this LSA.
Sequence 10 characters Used to detect old and duplicate LSAs - 0x80000001
is the smallest and thus oldest sequence number.
Age 0 … 65’535 Age of the LSA in seconds; since LSAs are re-flooded
every 30 minutes, the age should never rise above
1800.
Checksum 10 characters Checksum of the complete content of the LSA,
except the LS age field.

6.10.3.3 AP: / managementNetwork / router / ospf, Status - External Link State

Copyright 2022 Hitachi Energy. All rights reserved. 90

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 41: AP: / managementNetwork / router / ospf, Status - External Link State
Operation Parameter Name Range Descriptions / Details
Name
External link Link ID <IPv4 address> Router ID of the advertising router.
state (type 1)
Interface address of the network's designated router.
(type 2)
Address of the destination network.
(type 3)
Router ID of the advertising boundary router.
(type 4)
Address of the destination network.
(type 5)
Router ID <IPv4 address> OSPF ID of the router that advertises this LSA.
Sequence 10 characters Used to detect old and duplicate LSAs - 0x80000001 is
the smallest and thus oldest sequence number.
Age 0 … 65’535 Age of the LSA in seconds; since LSAs are re-flooded
every 30 minutes, the age should never rise above
1800.
Checksum 10 characters Checksum of the complete content of the LSA, except
the LS age field.

6.10.3.4 AP: / managementNetwork / router / ospf, Status - Neighbor Table

Table 42: AP: / managementNetwork / router / ospf, Status - Neighbor Table

Operation Parameter Name Range Descriptions / Details
Name
Neighbor Table Neighbor ID <IPv4 address> Router ID of the neighbor router.
Priority 0 … 255 Priority of the neighbor router that is used for the
designated router selection on broadcast networks.
State Two Way In this state, bidirectional communication between
the two routers is established.
Full The OSPF adjacency is fully established, i.e. LSAs are
flooded over this adjacency.
Please note that only the two most important states are included in this
list. Refer to RFC2328 for a full state description.
Source <IPv4 address> Connecting interface address

6.10.3.5 AP: / managementNetwork / router / ospf, Status - Routing Table

The OSPF routing table is the result from the OSPF shortest path calculation process according
to the Dijkstra algorithm. It should not be mixed up with the routers routing table - see section
6.9.3.1 AP: / managementNetwork / router, Status - Routing (on page 84).

Copyright 2022 Hitachi Energy. All rights reserved. 91

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

The OSPF routing table is the main source for building the router’s routing table, along with pos-
sible static routes configured in the local router.

Table 43: AP: / managementNetwork / router / ospf, Status - Routing Table

Operation Parameter Name Range Descriptions / Details
Name
OSPF Routing Destination <IPv4 address> The destination address/mask pair unambiguously
Table Address identifies an IP address range as destination for the
Destination Mask <netmask> corresponding route.

Next Hop Address <IPv4 address> The next hop on the route from the local router to
the corresponding destination.
Interface vlanInterface-1 … Local interface that connects to the next hop.
vlanInterface-n n = 2 for CESM1 and CESM2
n = 8 for CESM3
Metric 0 … 65’535 Total path cost from the local router to the corre-
sponding destination.
Route Type Intra Area A route within an area, i.e. the corresponding desti-
nation is located in the same area as the local router.
Inter Area A route to a destination in a different area than the
local router.
Type 1 External A route to a destination outside the OSPF AS with
metric type = 1.
For a metric type description see section 6.10.2.1 AP: /
managementNetwork / router / ospf, Configuration -
OSPF (on page 86).
Type 2 External A route to a destination outside the OSPF AS with
metric type = 2.
Area <IPv4 address> For intra area- and inter area routes, this is the area,
where the corresponding destination is located.
For external routes this is always 0.0.0.0

6.10.3.6 AP: / managementNetwork / router / ospf, Status - Border Routers

Copyright 2022 Hitachi Energy. All rights reserved. 92

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 44: AP: / managementNetwork / router / ospf, Status - Border Routers

Operation Parameter Name Range Descriptions / Details
Name
Border Router Destination <IPv4 address> Router ID of the corresponding border router.
Table TOS 0 … 65’535 The Type Of Service can be included in the OSPF
route calculation procedure.
This is not supported by the CESM3 or CESM2 or
CESM1.
Type ABR An Area Border Router is a router that connects one
or more areas to the backbone.
ASBR An Autonomous System Boundary Router is a router
that is connected to a network outside the OSPF AS.
Unknown The type is unknown.
Next Hop <IPv4 address> The next hop on the route from the local router to
the router of the corresponding destination.
Metric 0 … 65’535 Path cost to the router of the corresponding desti-
nation.
Route Type Intra Area The router of the corresponding destination is in the
same area as the connecting interface of the local
router.
Inter Area The router of the corresponding destination is in a
different area as the connecting interface of the
local router.
Area <IPv4 address> Area where the connecting interface of the destina-
tion router is located.

6.10.3.7 AP: / managementNetwork / router / ospf, Status - Virtual Links

Copyright 2022 Hitachi Energy. All rights reserved. 93

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 45: AP: / managementNetwork / router / ospf, Status - Virtual Links

Operation Parameter Range Descriptions / Details
Name Name
Virtual Link Table Interface State Point To Point This is the operational interface state.
Down
Transit Area <IPv4 address> The ID of the area, where the virtual link passes
through.
Neighbor <IPv4 address> The ID of the router that terminates the virtual link on
the other end.
Hello Interval 0 … 65’535 Time interval in seconds for sending of hello packets on
that interface.
Router Dead Inter- 0 … 65’535 Four times the hello interval.
val Time in seconds.
Transmission 0 … 65’535 The time in seconds it takes to transmit a link state
Delay update packet over this interface. LSAs contained in
the update packet must have their age incremented by
this amount before transmission.
Retransmission 0 … 65’535 Time interval in seconds between LSA retransmissions
Delay for adjacencies belonging to this interface. Also used
when retransmitting database description and link
state request packets.
Authentication None No authentication is used in OSPF hello- and LSA-pack-
Type ets.
Simple Authentication with a plain text string is used in OSPF
hello and LSA-packets.
MD5 Authentication with a MD5 hash is used in OSPF hello-
and LSA-packets.

6.11 AP: / managementNetwork / router / ospf / area-y

6.11.1 AP: / managementNetwork / router / ospf / area-y, Main

6.11.1.1 AP: / managementNetwork / router / ospf / area-y, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.11.1.2 AP: / managementNetwork / router / ospf / area-y, Main - Admin And Oper Status

Table 46: AP: / managementNetwork / router / ospf / area-y, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down router area.

Copyright 2022 Hitachi Energy. All rights reserved. 94

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 46: AP: / managementNetwork / router / ospf / area-y, Main - Admin And Oper Status (contin-
Operation Name Parameter Name Range Description / Details
Operational Status State Up Display of the IETF operational status of the
Down router area.

Testing

Please note:
The OSPF area-0 (Backbone) can not be disabled.

6.11.2 AP: / managementNetwork / router / ospf / area-y, Configuration

6.11.2.1 AP: / managementNetwork / router / ospf / area-y, Configuration - OSPF

Copyright 2022 Hitachi Energy. All rights reserved. 95

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 47: AP: / managementNetwork / router / ospf / area-y, Configuration - OSPF

Operation Parameter Name Range Descriptions / Details
Name
Area ID Area ID 0.0.0.0 For area-0 (backbone) no other ID is accepted
<IPv4 address> For area-1 … area-7 any IP address value is accepted.
It is a standard practice to use an address that fits in
the configured area address range, e.g. the network
address of the first address range.
Area Type Area Type Standard The standard OSPF area type without restrictions.
Stub OSPF AS external routes are not distributed to stub
areas; these destinations can be reached upon a
default route via an area border router. Stub areas
must therefore not contain AS external routes.
If in doubt about the exact behavior of a stub area
please don’t use this feature and use the default
area type instead.
NSSA As for stub areas, AS external destinations can only
be reached using a summary route via an area bor-
der router. But unlike stub areas, NSSA areas may
contain AS external routes.
If in doubt about the exact behavior of a the NSSA
please don’t use this feature and use the default
area type instead.
Please note: All OSPF routers in the same area must agree on the same area type
Area Summary Stub or NSSA allow Type-3/4 LSAs entering into the
area.
This parameter has no effect for the Area Type Stan-
dard.
Stub or NSSA restrict Type-3/4 LSAs from entering
into the area. These configurations are also called
totally stubby area and totally NSSA.
This field has no effect for the Area Type Standard.
Area Stub Cost Area Stub Cost 1 … 65’535 If the stub area has more than one area border
router, the route calculation of all routers in the stub
areas can be guided with the advertised stub cost.
Meaningful for border routers only.
Area Ranges Address <IPv4 address> The address/mask pair unambiguously identifies an
Netmask <netmask> IP address range. The specified address ranges must
not overlap.
Advertise The corresponding address range is advertised
throughout the AS.
The corresponding address range is not advertised,
it is therefore a hidden address range.
Add … Open the “New Entry” dialog to add a new item to
the Area Ranges table.
Remove Deletes the selected entry from the Area Ranges
table.

Copyright 2022 Hitachi Energy. All rights reserved. 96

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 47: AP: / managementNetwork / router / ospf / area-y, Configuration - OSPF (continued)
Operation Parameter Name Range Descriptions / Details
Name
External Sum- Address <IPv4 address> The address/mask pair unambiguously identifies an
mary Address Netmask <netmask> IP address range. The specified address ranges must
not overlap.
Effect Advertise Aggregated Type-5 LSAs are generated, if the asso-
ciated area ID is 0.0.0.0.
Otherwise aggregated Type-7 LSA is generated.
Not Advertise Aggregated Type-7 LSAs are generated in all
attached NSSA, if the associated area ID is 0.0.0.0.
Otherwise, aggregated Type-7 LSA are not gener-
ated in the NSSA for the specified range.
Allow All Both aggregated Type-5 and Type-7 LSAs are gener-
ated for the range.
Deny All Neither Type-5 LSA nor Type-7 LSAs are generated
for the specified range.
LSA 7/5 translation The NSSA ABR translates Type-7 LSA into a Type-5
LSA. If there are multiple NSSA ABRs, the one with
highest router ID will translate.
The NSSA ABR do not translate this LSA into Type-5.
This happens when NSSA ASBR is also an NSSA ABR.
Add … Open the “New Entry” dialog to add a new item to
the External Summary Address table.
Remove Deletes the selected entry from the External Sum-
mary Address table.

6.11.3 AP: / managementNetwork / router / ospf / area-y, Status

6.11.3.1 AP: / managementNetwork / router / ospf / area-y, Status - Area Ranges

Please note:
The area ranges of all areas are shown in the status dialog.

Table 48: AP: / managementNetwork / router / ospf / area-y, Status - Area Ranges
Operation Parameter Name Range Descriptions / Details
Name
Area Range Table Network <IPv4 address> Configured IP address range of the area.
Mask <netmask>
LSA Type Summary
Area <IPv4 address> Configured area ID.
Advertise Configured Advertise parameter of the area range.

Tag 0 … 232-1 Tag of the OSPF route. The tag is not used by the
management router.

Copyright 2022 Hitachi Energy. All rights reserved. 97

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.11.3.2 AP: / managementNetwork / router / ospf / area-y, Status - External Summary Addresses

Please note:
The external summary addresses of all areas are shown in the status dialog.

Table 49: AP: / managementNetwork / router / ospf / area-y, Status - External Summary Addresses
Operation Parameter Name Range Descriptions / Details
Name
External Sum- Area <IPv4 address> Configured area ID.
mary Address Network <IPv4 address> Configured IP address range of the external sum-
Table mary address.
Mask <netmask>
Effect Advertise Configured Effect parameter of the external sum-
Not Advertise mary address.

Allow All
Deny All
Translation Configured LSA 7/5 Translation parameter of the
external summary address.

6.12 AP: / managementNetwork / tdmInterfaces

6.12.1 AP: / managementNetwork / tdmInterfaces, Overview

Please note:
The Overview management functions are only available if a TDM interface has
been created.
For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.
For a description of the
− “Overview - Cross Connections”
management function, please refer to [1KHW002467] User Manual “TDM Services”.

6.12.2 AP: / managementNetwork / tdmInterfaces, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

Copyright 2022 Hitachi Energy. All rights reserved. 98

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.12.3 AP: / managementNetwork / tdmInterfaces, Configuration

6.12.3.1 AP: / managementNetwork / tdmInterfaces, Configuration - TDM

Table 50: AP: / managementNetwork / tdmInterfaces, Configuration - TDM

Operation Parameter Name Range Descriptions / Details
Name
Available TDM Available TDM 0 … 16 Up to 16 TDM interfaces can be created.
Interfaces This parameter shows the remaining number of
interfaces that can be created.
Largest Available n=1 … n=32 The maximum available bandwidth per TDM inter-
Bandwidth No Bandwidth left face is 2048 kbit/s, corresponding to 32 timeslots of
a structured P12 signal.
Total Free Band- 0 … 16’384 kbit/s The maximum available bandwidth for management
width router interfaces is 8 x 2’048 = 16’384 kbit/s.
This parameter shows the free bandwidth that can
be used for additional TDM interfaces.
Create PPP Inter- Open the Create PPP Interface dialog.
face …
Create PPP Inter- Bandwidth P12 (Clockmaster) Transparent data, clock locked to PETS. Unstruc-
face tured P12 signal with a bandwidth of 2’048 kbit/s.
This parameter is only available for the CESM1 and
CESM2 core units.
P12 (Transparent) Transparent and unstructured P12 signal with a
bandwidth of 2’048 kbit/s.
This parameter is only available for the CESM1 and
CESM2 core units.
n=1 (64 kbit/s) … n timeslots in a structured P12 signal with a band-
n=32 (2048 kbit/s) width of nx64 kbit/s.
PPP Interface ppp-1 … ppp-16 Not yet configured interfaces can be selected.
Delete PPP Inter- Open the Delete PPP Interface dialog.
face …
Delete PPP Inter- PPP Interface All All configured TDM interfaces are deleted.
face ppp-1 … ppp-16 One of the configured interfaces can be selected for
deletion.

Copyright 2022 Hitachi Energy. All rights reserved. 99

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.13 AP: / managementNetwork / tdmInterfaces / ppp-z

6.13.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.
For a description of the
− “Overview - Cross Connections”, and
− “Overview - CTP”
management functions, please refer to [1KHW002467] User Manual “TDM Services”.

6.13.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Main

6.13.2.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.13.2.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Main - Admin And Oper Status

Table 51: AP: / managementNetwork / tdmInterfaces / ppp-z, Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the TDM
Status Down interface.

Operational Status State Up Display of the IETF operational status of the

Down TDM interface.

Testing

Copyright 2022 Hitachi Energy. All rights reserved. 100

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.13.3 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration

6.13.3.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - IP

Table 52: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - IP

Operation Parameter Name Range Descriptions / Details
Name
Addressing Mode Numbered An IP interface address is assigned to each end of
the PPP link.
Numbered Peer Same as numbered, but the peer address must be
manually configured for cases, where the peer
address cannot be retrieved from the PPP protocol,
e.g. on links with the FOX51x LEMU6 units.
Refer to the parameter “Peer Address” below.
Unnumbered Unnumbered PPP links have no interface address
assigned.
The IP address is borrowed from another router
interface that has to be configured with the
“Unnumbered From” parameter below.
Address <IPv4 address> Any valid IP address/network mask combination.
Netmask <netmask> Both address and mask values are subject of correct
IP network design. Whether a certain address/mask
combination is valid for a certain interface is in the
responsibility of the user and cannot be checked by
the core unit or by the FOXCST.
The default IP address is empty.
The default netmask is 255.255.255.0.
Peer Address <IPv4 address> The IP interface address on the other end of the link.
Unnumbered From None If the PPP link is unnumbered, its IP address is bor-
lo-1 … lo-8 rowed from the selected router interface.
n = 2 for CESM1 and CESM2
vlanInterface-1 … n = 8 for CESM3
vlanInterface-n
MTU Size 128 … 1500 … 1536 The MTU size in octets is user configurable for the
PPP interface. MTU sizes on both ends of a PPP link
must exactly match for proper operation.
See also the notes below the table.

Copyright 2022 Hitachi Energy. All rights reserved. 101

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.13.3.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - OSPF

Table 53: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Interface Enabled OSPF is activated for the corresponding TDM inter-
face, i.e. the IP network is advertised by the local
router.
OSPF is not active on the corresponding TDM inter-
face, i.e. the IP network is not advertised.
Area area-0 … area-7 The corresponding TDM interface belongs to the
selected area.
OSPF Interface Interface Type Broadcast The TDM interface should be configured as “Point To
Type Point To Point Point” interface.

OSPF Mode Mode Active Hello packets and LSAs are sent over the corre-
sponding TDM interface and OSPF adjacencies can
be built.
Passive No hello packets and LSAs are sent over the corre-
sponding TDM interface.
OSPF Priority Priority 0 … 1 … 255 The OSPF priority is not relevant for Point To Point
interfaces.

Copyright 2022 Hitachi Energy. All rights reserved. 102

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 53: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - OSPF (continued)

Operation Parameter Name Range Descriptions / Details
Name
OSPF Authenti- Type None No authentication is used in OSPF hello- and LSA-
cation packets.
Simple Authentication with a plain text string is used in
OSPF hello- and LSA-packets.
MD5 Authentication with a MD5 hash is used in OSPF
hello- and LSA-packets.
Key ID 1 … 255 ID of the authentication key.
Key parameter n.a. The configuration of the authentication key for a
(Type = None) certain interface is depending on the selection for
max. 8 characters “Authentication” for the appropriate area. Make sure
(Type = Simple) to configure identical keys for all OSPF interfaces on
a common network segment.
max. 16 characters If more than 8 characters are defined for simple
(Type = MD5) authentication, only the first 8 characters are mean-
ingful for the key.
OSPF Metric Automatic By default, the metric is calculated automatically
from the specified interface bandwidth with the for-
mula: metric = 100’000 / bandwidth in kbit/s. E.g.
the metric for a 512kbit/s link (8TS) is 195.
The OSPF metric is derived from the configured
manual metric value.
Manual Metric 0 … 65’535 The OSPF routing table calculations can be affected
with manual OSPF metrics. This feature should how-
ever be used by OSPF experts only.
OSPF Timers Hello Interval 1 … 10 … 65’535 s Time interval for sending of hello packets on that
interface. All OSPF routers that are attached to the
same network must agree on the same hello interval.
Router Dead Inter- 1 … 40 … 65’535 s The time before a neighboring router is declared
val down after missing the hello packets - always four
times the hello interval.
Transmission Delay 1 … 65’535 s The time it takes to transmit a link state update
packet over this interface. LSAs contained in the
update packet must have their age incremented by
this amount before transmission.
Retransmission 1 … 5 … 65’535 s Time interval between LSA retransmissions for adja-
Delay cencies belonging to this interface. Also used when
retransmitting database description and link state
request packets.

6.13.3.3 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - TDM

Copyright 2022 Hitachi Energy. All rights reserved. 103

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 54: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - TDM

Operation Parameter Name Range Descriptions / Details
Name
Bandwidth Bandwidth 64 … 2048 kbit/s Shows the configured bandwidth.
This parameter is read-only. The bandwidth can only
be selected upon configuration of a new PPP link.

6.13.3.4 AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - CTP

Please note:
All layer rate, number of time slots and time slot allocation parameters are read
only.
→ To change a parameter the TDM interface has to be deleted and newly created
with the modified parameters.

Table 55: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - CTP

Operation Name Parameter Name Range Description / Details
CTP Configuration Layer Rate P0_nc Layer rate of the connection termination
P12 point is P0_nc, i.e. n x 64 kbit/s or P12, i.e
2048 kbit/s.
n 0 … 2 characters Number of timeslots in case of P0_nc. The
possible range is from 1 to 32.
Timeslot(s) 0 … 64 characters The timeslot(s) property of a TDM interface is
empty.
Connected to Remote CTP <MO address> Address string of a connections remote end.
CTPs Without a connection the parameter is empty
Connection Index 0 … 65’535 Index of a connection assigned to the TDM
interface. Without a connection the parame-
ter is empty.
Directionality Bidirectional Directionality of the connection.
Unidirectional

Copyright 2022 Hitachi Energy. All rights reserved. 104

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 55: AP: / managementNetwork / tdmInterfaces / ppp-z, Configuration - CTP (continued)

Operation Name Parameter Name Range Description / Details
Local Role z-End The TDM interface is the ending point of a
connection.
Please refer to [1KHW002467] User Manual
“TDM Services”.
a-End Working The TDM interface is the working starting
point of a protected or unprotected connec-
tion.
a-End Protecting The TDM interface is the protecting starting
point of a protected connection.
Remote Role z-End The CTP at the connections remote end is the
ending point of a connection.
Please refer to [1KHW002467] User Manual
“TDM Services”
a-End Working The CTP at the connections remote end is the
working starting point of a protected or
unprotected connection.
a-End Protecting The CTP at the connections remote end is the
protecting starting point of a protected con-
nection.
z-End Configura- Revertive Protec- Enable revertive protection switching.
tion tion Switching The z-End will preferably select the working a-
End.
Non-revertive protection switching is only
available for ports with the number of
timeslots n=1.
Non-revertive protection switching for n>1
will be available in a future release,
CAS AIS Supervi- Use CAS AIS of the P12 transport signal as
sion protection switching criterion.
This parameter is only available for P0_nc
interfaces.
Switch-Over Log- Enable the logging of the protection switch-
ging over events.

Please note:
The z-End of a protected connection shows two entries in the “Connected to CTPs”
table, one for the working and one for the protecting path.

6.13.4 AP: / managementNetwork / tdmInterfaces / ppp-z, Fault Management

For the description of the general aspects of the
− “Fault Management - Status”, and
− “Fault Management - Configuration”
management functions, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”. The following table lists the fault causes of the current AP.

Table 56: AP: / managementNetwork / tdmInterfaces / ppp-z, Fault Management

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
LOS Loss Of Signal Communica- Major Loss of the incoming PPP signal.
tion Alarm

Copyright 2022 Hitachi Energy. All rights reserved. 105

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 56: AP: / managementNetwork / tdmInterfaces / ppp-z, Fault Management (continued)

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
RTSF Redundant Trail Sig- Communica- Minor Trail signal fail (TSF) from the P12
nal Failure tion Alarm transport unit is active, or
CAS AIS active (only available if CAS is
enabled in the P12 transport signal).
In a protected connection the work-
ing OR the protecting path has failed.
In an unprotected connection this
fault cause is not applicable.
TSF Trail Signal Failure Communica- Major Trail signal fail (TSF) from the P12
tion Alarm transport unit is active, or
CAS AIS active (only available if CAS is
enabled in the P12 transport signal).
In a protected connection the work-
ing AND the protecting path have
failed.

Please note:
The monitoring of the TSF and RTSF alarms is disabled by default.

6.13.5 AP: / managementNetwork / tdmInterfaces / ppp-z, Performance

Management
For the description of the general aspects of the performance management (PM) functions,
please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/FOX612/FOX611”.
The PM parameters are presented in different groups. The following counter groups are avail-
able for the TDM interfaces:
• “MIB-2 Interface Table” group, see section 6.13.5.1 AP: / managementNetwork / tdmInter-
faces / ppp-z, Performance Management - MIB-2 Interface Table (on page 106),
• “OSPF Counters” group, see section 6.13.5.2 AP: / managementNetwork / tdmInterfaces /
ppp-z, Performance Management - OSPF Counters (on page 107),
• “Protection” group, see section 6.13.5.3 AP: / managementNetwork / tdmInterfaces / ppp-z,
Performance Management - Protection (on page 107).
The following counter intervals are available, depending of the counter group:

Table 57: PM counter interval availability

Counter interval MIB-2 Interface OSPF Counters Protection
Table
User Counter yes yes yes
History 15min yes yes yes
History 24h yes yes yes
Alarm 15min no no no
Alarm 24h no no no

6.13.5.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Performance Management - MIB-2

Interface Table

Table 58: PM group: MIB-2 Interface Table

PM parameter Description
In Octets The total number of octets received on the inter-
face, including framing characters.

Copyright 2022 Hitachi Energy. All rights reserved. 106

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 58: PM group: MIB-2 Interface Table (continued)

PM parameter Description
In Packets The number of inbound packets delivered to a
higher-layer protocol.
In Discards The number of inbound packets which were cho-
sen to be discarded even though no errors had
been detected to prevent their being deliverable
to a higher-layer protocol. One possible reason
for discarding such a packet could be to free up
buffer space.
In Errors The number of inbound packets that contained
errors preventing them from being deliverable to
a higher-layer protocol.
Out Octets The total number of octets transmitted out of
the interface, including framing characters.
Out Packets The total number of outbound packets that
higher-level protocols requested to be transmit-
ted, including those that were discarded or not
sent.
Out Discards The number of outbound packets which were
chosen to be discarded even though no errors
had been detected to prevent their being trans-
mitted. One possible reason for discarding such
a packet could be to free up buffer space.
Out Errors The number of outbound packets that could not
be transmitted because of errors.

6.13.5.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Performance Management - OSPF

Counters

Table 59: PM group: OSPF Counters

PM parameter Description
In Hello The number of hello packets received.
In Data Descr Pkt The number of database description packets
received.
In LSA Request The number of LSA received in link state
requests.
In LSA Update The number of LSA updates received.
In LSA Acknowledge The number of LSA acknowledgments received.
Out Hello The number of hello packets sent.
Out Data Descr Pkt The number of database description packets
sent.
Out LSA Request The number of LSA sent in link state requests.
Out LSA Update The number of LSA updates sent.
Out LSA Acknowledge The number of LSA acknowledgments sent.

6.13.5.3 AP: / managementNetwork / tdmInterfaces / ppp-z, Performance Management - Protection

Table 60: PM group: Protection

PM parameter Description
Switch-Over The protection switch-over count gives informa-
tion about the number and distribution of pro-
tection switching events.

Copyright 2022 Hitachi Energy. All rights reserved. 107

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.13.6 AP: / managementNetwork / tdmInterfaces / ppp-z, Status

6.13.6.1 AP: / managementNetwork / tdmInterfaces / ppp-z, Status - IP

Table 61: AP: / managementNetwork / tdmInterfaces / ppp-z, Status - IP

Operation Parameter Name Range Descriptions / Details
Name
Router If Status IP MTU Size 128 … 1536 Size of the configured maximum transmission unit
(Rx and TX) in bytes for the corresponding TDM
interface.

6.13.6.2 AP: / managementNetwork / tdmInterfaces / ppp-z, Status - OSPF

Table 62: AP: / managementNetwork / tdmInterfaces / ppp-z, Status - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Status Status Down Shows the current router state.
Loopback
Waiting
Point To Point
Designated Router
Backup Designated
Router
Other Designated
Router
Unknown

Copyright 2022 Hitachi Energy. All rights reserved. 108

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 62: AP: / managementNetwork / tdmInterfaces / ppp-z, Status - OSPF (continued)

Operation Parameter Name Range Descriptions / Details
Name
Area <IPv4 address> Shows the area address (e.g. 0.0.0.0 for area-0)
Designated Router <IPv4 address> Shows the IP address of the designated router.
Backup Desig- <IPv4 address> Shows the IP address of the backup designated
nated Router router.
Priority 0 … 255 Shows the OSPF priority.
Authentication None Shows the current authentication type.
Type Simple
MD5
Hello Interval 0 … 65’535 Shows the Hello interval in seconds.
Router Dead Inter- 0 … 65’535 Shows the Router Dead Interval in seconds.
val
Transmission Delay 0 … 65’535 Shows the Transmission Delay in seconds.
Retransmission 0 … 65’535 Shows the Retransmission Delay in seconds.
Delay

6.13.6.3 AP: / managementNetwork / tdmInterfaces / ppp-z, Status - CTP

Table 63: AP: / managementNetwork / tdmInterfaces / ppp-z, Status - CTP

Operation Name Parameter Name Range Description / Details
Trail Status Working Trail, <MO Address> Managed object address of the CTP (connec-
Remote CTP tion termination point) where the P12 or P0-
nc signal is connected to, e.g. /unit-21/port-
1/dcc.
Working Trail, Sta- OK No failure on the received signal at the
tus remote CTP.
SF Signal Fail status on the received signal at the
remote CTP.
CAS AIS CAS AIS status in the received signal at the
remote CTP, i.e. an all ‘1’ signal in time slot 16.
SD Signal Degraded status on the received signal
at the remote CTP.
Not Available The status of the received signal is not avail-
able at the remote CTP, e.g. when the local
CTPs role is a-end in a unidirectional connec-
tion.

Copyright 2022 Hitachi Energy. All rights reserved. 109

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 63: AP: / managementNetwork / tdmInterfaces / ppp-z, Status - CTP (continued)

Operation Name Parameter Name Range Description / Details
Protecting Trail, <MO Address> Managed object address of the CTP (connec-
Remote CTP tion termination point) where the P12 or P0-
nc signal is connected to, e.g. /unit-21/port-
2/dcc.
Protecting Trail, OK No failure on the received signal at the
Status remote CTP.
SF Signal Fail status on the received signal at the
remote CTP.
CAS AIS CAS AIS status in the received signal at the
remote CTP, i.e. an all ‘1’ signal in time slot 16.
SD Signal Degraded status on the received signal
at the remote CTP.
Not Available The status of the received signal is not avail-
able at the remote CTP, e.g. when the local
CTPs role is a-end in a unidirectional connec-
tion.
Active Trail Working The trail from the a-end working remote CTP
has been selected.
Protecting The trail from the a-end protecting remote
CTP has been selected.
Not Available There is no active trail.
External Request Request Release Automatic trail selection.
Force Working Force the selector to use the trail from the a-
end working remote CTP.
Force Protecting Force the selector to use the trail from the a-
end protecting remote CTP.
Manual Working Prefer the trail from the a-end working
remote CTP. Use this trail only if the fault sta-
tus is not worse than the fault status of the
protecting trail.
Manual Protecting Prefer the trail from the a-end protecting
remote CTP. Use this trail only if the fault sta-
tus is not worse than the fault status of the
working trail.

6.14 AP: / managementNetwork / vlanInterfaces

6.14.1 AP: / managementNetwork / vlanInterfaces, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.14.2 AP: / managementNetwork / vlanInterfaces, Main

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

Copyright 2022 Hitachi Energy. All rights reserved. 110

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.14.3 AP: / managementNetwork / vlanInterfaces, Configuration

6.14.3.1 AP: / managementNetwork / vlanInterfaces, Configuration - MgmtVlan

Table 64: AP: / managementNetwork / vlanInterfaces, Configuration - MgmtVlan

Operation Parameter Name Range Descriptions / Details
Name
Create Manage- Open the GUI dialog to create a management router
ment VLAN Inter- VLAN interface.
face … Up to 8 VLAN interfaces can be created.
Management Interface vlanInterface-1 … Select the management VLAN interface identifier to
VLAN Interface vlanInterface-n be created.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
VLAN ID 1 … 4089 Enter the VLAN ID of the management interface.
Default is the next free VLAN ID smaller than 4090.
Delete Manage- Open the GUI dialog to delete all or a selected man-
ment VLAN Inter- agement router VLAN interface.
face …
Management Interface vlanInterface-1 … Select the management VLAN interface identifier to
VLAN Interface vlanInterface-n be deleted.
n = 2 for CESM1 and CESM2
n = 8 for CESM3
All Delete all VLAN management interfaces.

Please note:
The management VLAN ID must not be used as PTP VLAN ID. Select a manage-
ment VLAN ID that is not used by a PTP VLAN.
→ Please refer to [1KHW029105] User Manual “Synchronization”

6.15 AP: / managementNetwork / vlanInterfaces /

vlanInterface-v

6.15.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

Copyright 2022 Hitachi Energy. All rights reserved. 111

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.15.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Main

6.15.2.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.15.2.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Main - Admin And Oper

Status

Table 65: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Main - Admin And Oper
Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down VLAN interface.

Operational Status State Up Display of the IETF operational status of the

Down VLAN interface.

Testing

6.15.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration

6.15.3.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - IP

Copyright 2022 Hitachi Energy. All rights reserved. 112

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 66: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - IP

Operation Parameter Name Range Descriptions / Details
Name
Address Address <IPv4 address> Any valid IP address/network mask combination.
Netmask <netmask> Both address and mask values are subject of correct
IP network design. Whether a certain address/mask
combination is valid for a certain interface is in the
responsibility of the user and cannot be checked by
the core unit or by the FOXCST.
The default IP address of the first VLAN interface is
192.168.0.1.
The default IP address of the other VLAN interfaces
is empty.
The default netmask is 255.255.255.0.
MTU Size 128 … 1500 … 1536 The MTU size in octets for the VLAN interface.
The maximum transmission unit applies for IP pack-
ets in receive and transmit direction.
See also the notes below the table.
IP Probing Enabled IP probing is activated on the VLAN interface.
The accessibility of one or two Destination IP
addresses is checked on the VLAN interface.
The network on the VLAN interface is not redistrib-
uted by the OSPF protocol via the DCN interface
(e.g. PPP interface) when no destination IP address
is reachable. As a consequence management traffic
destined for the probed subnetwork is no longer for-
warded.
IP probing is not active on the VLAN interface.
The accessibility of the Destination IP addresses is
not checked on VLAN interface.
The network on the VLAN interface is redistributed
by the OSPF protocol via the DCN interface.
Interval 3 … 40 … 300 s Time interval for sending of IP packets on that inter-
face.
Destination 1/2 <IPv4 address> IP address of a device, that needs to be checked. The
IP address must be in same subnet as the VLAN
interface address.

Risk of operating trouble!

As IP Probing Destination never use the remote VRRP instance.

Risk of operating trouble!

Modifying the MTU Size parameter interrupts the management connection.
→ Reconnect the FOXCST when the management connection is operational
again.

Risk of operating trouble!

With MTU Sizes < 400 octets problems can occur on specific protocols using the
management network.
→ Hitachi Energy recommends to use only MTU Sizes of ≥ 400 octets.

Copyright 2022 Hitachi Energy. All rights reserved. 113

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Risk of operating trouble!

Linux operating systems have per default a minimum IP packet size of 552 octets.
If the element manager FOXCST is running on a Linux machine the Linux kernel
must be modified to accept also IP packets < 552 octets.
→ Add a file (e.g. “pmtu_size.conf”) in the folder /etc/sysctl.d with the following
content (to accept IP packets with a size of 400 octets):
net.ipv4.route.min_pmtu='400'

6.15.3.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - VLAN

Table 67: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - VLAN

Operation Parameter Name Range Descriptions / Details
Name
Management VLAN ID 1 … 4089 This is the reserved management VLAN in case of
VLAN remote management using the FOX61x Switch.
Management VLAN CoS0 … CoS4 … The class of service tag that is assigned to the man-
CoS CoS7 agement traffic frames originated by the local NE.

Please note:
The management VLAN ID must not be used as PTP VLAN ID. Select a manage-
ment VLAN ID that is not used by a PTP VLAN.
→ Please refer to [1KHW029105] User Manual “Synchronization”

Copyright 2022 Hitachi Energy. All rights reserved. 114

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.15.3.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - OSPF

Table 68: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Interface Enabled OSPF is activated for the VLAN interface, i.e. the IP
network is advertised by the local router.
OSPF is not active on the VLAN interface, i.e. the IP
network is not advertised.
Area area-0 … area-7 The corresponding TDM interface belongs to the
selected area.
OSPF Interface Interface Type Broadcast The VLAN interface connects to an Ethernet switch
Type Point To Point and must thus be configured as “Broadcast” net-
work.
OSPF Mode Mode Active Hello packets and LSAs are sent over the VLAN inter-
face and OSPF adjacencies can be built.
Passive No hello packets and LSAs are sent over the VLAN
interface.
OSPF Priority Priority 0 … 1 … 255 The priority value is used in the negotiations process
in order to select the designated router and the
backup designated router.
With a priority value of “0”, the router is ineligible to
ever become designated router on the network that
is attached to the VLAN interface.
A value of “255” corresponds to the highest priority.

Copyright 2022 Hitachi Energy. All rights reserved. 115

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 68: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - OSPF (con-

Operation Parameter Name Range Descriptions / Details
Name
OSPF Authenti- Type None No authentication is used in OSPF hello- and LSA-
cation packets.
Simple Authentication with a plain text string is used in
OSPF hello- and LSA-packets.
MD5 Authentication with a MD5 hash is used in OSPF
hello- and LSA-packets.
Key ID 1 … 255 ID of the authentication key.
Key parameter n.a. The configuration of the authentication key for a
(Type = None) certain interface is depending on the selection for
max. 8 characters “Authentication” for the appropriate area. Make sure
(Type = Simple) to configure identical keys for all OSPF interfaces on
a common network segment.
max. 16 characters If more than 8 characters are defined for simple
(Type = MD5) authentication, only the first 8 characters are mean-
ingful for the key.
OSPF Metric Automatic By default, the metric is calculated automatically
from the specified interface bandwidth with the for-
mula: metric = 100’000 / bandwidth in kbit/s.
The VLAN interface is specified with 100 Mbit/s, the
metric is thus “1”.
The OSPF metric is derived from the configured
manual metric value.
Manual Metric 0 … 65’535 The OSPF routing table calculations can be affected
with manual OSPF metrics. This feature should how-
ever be used by OSPF experts only.
OSPF Timers Hello Interval 1 … 10 … 65’535 s Time interval for sending of hello packets on that
interface. All OSPF routers that are attached to the
same network must agree on the same hello interval.
Router Dead Inter- 1 … 40 … 65’535 s The time before a neighboring router is declared
val down after missing the hello packets - always four
times the hello interval.
Transmission Delay 1 … 65’535 s The time it takes to transmit a link state update
packet over this interface. LSAs contained in the
update packet must have their age incremented by
this amount before transmission.
Retransmission 1 … 5 … 65’535 s Time interval between LSA retransmissions for adja-
Delay cencies belonging to this interface. Also used when
retransmitting database description and link state
request packets.

6.15.3.4 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - VRRP

Copyright 2022 Hitachi Energy. All rights reserved. 116

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 69: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Configuration - VRRP

Operation Parameter Name Range Descriptions / Details
Name
Create VRRP Open the Create VRRP Instance dialog.
Instance …
VRRP vrrp-1 … vrrp-2 Not yet configured interfaces can be selected.
Delete VRRP Open the Delete VRRP Instance dialog.
Instance …
VRRP All All configured VRRP Instances are deleted.
vrrp-1 … vrrp-2 One of the configured interfaces can be selected for
deletion.

6.15.4 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Fault

Management
For the description of the general aspects of the
− “Fault Management - Status”, and
− “Fault Management - Configuration”
management functions, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”. The following table lists the fault causes of the current AP.

Table 70: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Fault Management

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
IPDU IP Destinations Communica- Minor None of the configured Destination IP
Unreachable tion Alarm addresses are reachable.

6.15.5 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Performance

Management
For the description of the general aspects of the performance management (PM) functions,
please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/FOX612/FOX611”.
The PM parameters are presented in different groups. The following counter groups are avail-
able for the TDM interfaces:
• “MIB-2 Interface Table” group, see section 6.15.5.1 AP: / managementNetwork / vlanInter-
faces / vlanInterface-v, Performance Management - MIB-2 Interface Table (on page 118),
• “OSPF Counters” group, see section 6.15.5.2 AP: / managementNetwork / vlanInterfaces /
vlanInterface-v, Performance Management - OSPF Counters (on page 118).
The following counter intervals are available, depending of the counter group:

Table 71: PM counter interval availability

Counter interval MIB-2 Interface OSPF Counters
Table
User Counter yes yes
History 15min yes yes
History 24h yes yes
Alarm 15min no no
Alarm 24h no no

Copyright 2022 Hitachi Energy. All rights reserved. 117

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.15.5.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Performance Management -

MIB-2 Interface Table

Table 72: PM group: MIB-2 Interface Table

PM parameter Description
In Octets The total number of octets received on the inter-
face, including framing characters
In Packets The number of inbound packets delivered to a
higher-layer protocol.
In Discards The number of inbound packets which were cho-
sen to be discarded even though no errors had
been detected to prevent their being deliverable
to a higher-layer protocol. One possible reason
for discarding such a packet could be to free up
buffer space.
In Errors The number of inbound packets that contained
errors preventing them from being deliverable to
a higher-layer protocol.
Out Octets The total number of octets transmitted out of
the interface, including framing characters.
Out Packets The total number of outbound packets that
higher-level protocols requested to be transmit-
ted, including those that were discarded or not
sent.
Out Discards The number of outbound packets which were
chosen to be discarded even though no errors
had been detected to prevent their being trans-
mitted. One possible reason for discarding such
a packet could be to free up buffer space.
Out Errors The number of outbound packets that could not
be transmitted because of errors.

6.15.5.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Performance Management -

OSPF Counters

Table 73: PM group: OSPF Counters

PM parameter Description
In Hello The number of hello packets received.
In Data Descr Pkt The number of database description packets
received.
In LSA Request The number of LSA received in link state
requests.
In LSA Update The number of LSA updates received.
In LSA Acknowledge The number of LSA acknowledgments received.
Out Hello The number of hello packets sent.
Out Data Descr Pkt The number of database description packets
sent.
Out LSA Request The number of LSA sent in link state requests.
Out LSA Update The number of LSA updates sent.
Out LSA Acknowledge The number of LSA acknowledgments sent.

Copyright 2022 Hitachi Energy. All rights reserved. 118

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.15.6 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status

6.15.6.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - IP

Table 74: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - IP

Operation Parameter Name Range Descriptions / Details
Name
Router If Status IP MTU Size 128 … 1536 Size of the configured maximum transmission unit
(Rx and TX) in bytes for the VLAN interface.
IP Probing Destination <IPv4 address> Shows the IP address of the probed destination.
State Reachable IP Probing is enabled and the destination IP address
is reachable.
Not Reachable IP Probing is enabled but the destination IP address
is not reachable.

6.15.6.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - OSPF

Copyright 2022 Hitachi Energy. All rights reserved. 119

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 75: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - OSPF

Operation Parameter Name Range Descriptions / Details
Name
OSPF Status Status Down Shows the current router state.
Loopback
Waiting
Point To Point
Designated Router
Backup Designated
Router
Other Designated
Router
Unknown
Area <IPv4 address> Shows the area address (e.g. 0.0.0.0 for area-0)
Designated Router <IPv4 address> Shows the IP address of the designated router.
Backup Desig- <IPv4 address> Shows the IP address of the backup designated
nated Router router.
Priority 0 … 255 Shows the OSPF priority.
Authentication None Shows the current authentication type.
Type Simple
MD5
Hello Interval 0 … 65’535 Shows the Hello interval in seconds.
Router Dead Inter- 0 … 65’535 Shows the Router Dead Interval in seconds.
val
Transmission Delay 0 … 65’535 Shows the Transmission Delay in seconds.
Retransmission 0 … 65’535 Shows the Retransmission Delay in seconds.
Delay

6.15.6.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - Interface

Table 76: AP: / managementNetwork / vlanInterfaces / vlanInterface-v, Status - Interface

Operation Parameter Name Range Descriptions / Details
Name
MAC Address MAC Address 00:00:00:00:00:00 Shows the physical (MAC) address of the manage-
… ff:ff:ff:ff:ff:ff ment port.

6.16 AP: / managementNetwork / vlanInterfaces /

vlanInterface-v / vrrp-w

6.16.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Main

6.16.1.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Main - General

For a description of the
− “Main - General”

Copyright 2022 Hitachi Energy. All rights reserved. 120

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/

FOX612/FOX611” (user interface reference part).

6.16.1.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Main - Admin And

Oper Status

Table 77: AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Main - Admin

And Oper Status
Operation Name Parameter Name Range Description / Details
Administrative State Up Set the IETF administrative status of the
Status Down VRRP interface.

Operational Status State Up Display of the IETF operational status of the

Down VRRP interface.

Testing

Copyright 2022 Hitachi Energy. All rights reserved. 121

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.16.2 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w,

Configuration

6.16.2.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Configuration -

VRRP

Copyright 2022 Hitachi Energy. All rights reserved. 122

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 78: AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Configuration -

VRRP
Operation Parameter Name Range Descriptions / Details
Name
VRRP Virtual IP Address Any valid IP address The virtual IP address of the virtual router entity. All
in the range of the router members in the same virtual router entity
corresponding (same virtual router ID) must use the same virtual
interface router IP address.
When configuring the Virtual IP Address to the same
as the (physical) VLAN Interface IP address (called
VRRP Owner) the priority must be set to 255.
Virtual Router ID 1 … 255 Since several virtual routers can be active on the
same LAN, each virtual router entity is identified
with the virtual router ID. The virtual router ID must
be unique on a given network segment.
Priority Base 1 … 100 … 255 The router with the highest priority is selected as
master router from all active members of a virtual
router entity. When configuring the Priority Base to
255 (reserved for the VRRP Owner) the Virtual IP
address must be the same as the physical VLAN IP
address.
Advertise Interval 1 … 255 s The time interval each virtual router member sends
advertisements. A virtual router member is consid-
ered as down after 3 missing advertisements.
Preemption Preemptive A higher priority backup router may preempt this
router as master.
Once elected as master, this router keeps running as
master, even if a higher priority backup router is up
and running again. Only a virtual router address
owner may still overrun disabled preemption.
Delay 0 … 1000 s When the master router fails and preemption is
enabled the backup router will wait the delay time
before becoming the master.
Uplink Tracking Interface ppp-1 … ppp-16 All the available PPP links can be tracked.
mcc-1 … mcc-10 All the available MCC links can be tracked.
Priority 0 … 254 The Effective Priority can be reduced or increased by
the Priority value, depending of the PPP or MCC link
state.
The starting Effective Priority value is the Priority
Base.
Effect Reduce Reduce the Effective Priority value in case the PPP or
MCC link is down or not available.
In case the Effective Priority falls below the Priority
Base value a switch-over between Master and
Backup routers takes place.
Increment Increase the Effective Priority value in case the PPP
or MCC link is up.
In case the Effective Priority exceeds the Priority
Base value a switch-over between Master and
Backup routers takes place.
Add… Open the Add Uplink Tracking dialog.
Remove Remove the selected PPP or MCC link in the Uplink
Tracking table.
Only one PPP link can be removed at a time.

Copyright 2022 Hitachi Energy. All rights reserved. 123

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Please note:
Hitachi Energy does not recommend to use the VRRP Owner configuration since
the Virtual Router IP address uses a physical address.
→ Configuring a Virtual Router IP address different than the VLAN Interface IP
address allows to switch between Master and Backup Routers without changing
the gateway router address on hosts connected on the LAN segment.

Please note:
In the VRRP Owner configuration Uplink Tracking is not supported since the Prior-
ity must be 255 (reserved for the VRRP Owner).

6.16.3 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w,

Status

6.16.3.1 AP: / managementNetwork / vlanInterfaces / vlanInterface-v / vrrp-w, Status - VRRP

Table 79: AP: / managementNetwork / vlanInterfaces / vlanInterface / vrrp-w, Status - VRRP

Operation Parameter Name Range Descriptions / Details
Name
VRRP Virtual Router ID 1 … 255 Configured Virtual Router ID of the VRRP instance.
Protocol Status Master The router is in the Master state. The router enters
this state after the Initialize or Backup state.
The Master router is the forwarding router for the IP
address(es) associated with the virtual router.
Backup The router is in the Backup state. The router enters
this state after the Initialize or Master state.
The Backup router monitors the availability and
state of the Master router.
Initialize In this state the router waits for a startup event.
After receiving the startup event the router changes
to the Master or Backup state.
Virtual IP Address <IPv4 address> Shows the IP address of the virtual router which acts
as a default router for hosts on a shared LAN.
Effective Priority 1 … 254 Calculated Priority value of the VRRP router.
The Effective Priority is calculated from the Priority
Base value plus or minus the Priority values of all
configured Uplink Tracking PPP or MCC links.
The values 0 and 255 are reserved. Values out of the
range are not allowed.
Master IP Address <IPv4 address> Shows the IP address of the Master VRRP router.
Master Priority 0 … 255 Shows the (Effective) Priority of the Master VRRP
router.

Copyright 2022 Hitachi Energy. All rights reserved. 124

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.17 Introduction to FOXCST “Shelf View” and “Tree View”

The FOXCST “Shelf View” and “Tree View” provide the access to the following management
communication related functions at the AP: /ne:
• Session management
• RADIUS client
• Syslog sources and destinations
• SNMP
The FOXCST “Shelf View” and “Tree View” provide the access to the following management
communication related functions at the AP: /unit-11/…/Local Management and AP: /unit-13/…/
Local Management:
• Local management port

Please note:
The Access Point (AP) named “ne” in the AP tree of the FOXCST shows the addi-
tional information “FOX615 R2”, “FOX615”, “FOX612” or “FOX611”. For reasons of
simplicity and clarity, this additional information is not shown in the following sec-
tions since it is not used while navigating in the FOXCST.

Please note:
In the FOXCST dialog windows the “ne” AP is identified with a forward slash “/”. In
the following sections the identifier “/” is used instead of the identifier “ne”.

Please note:
Only the management functions of the “ne” AP which are related to the manage-
ment communication functions are handled in the following sections.
→ For a description of the other management functions please refer to
[1KHW002464] User Manual “FOX615 R2/FOX615/FOX612/FOX611”.
This reference section comprises the management functions:
• Configuration,
• Fault Management, and
• Status.
In the tables of the sections below, the parameter default values for properties are underlined.

Please note:
For better legibility of numbers in this User Manual, inverted commas are used
when the number’s size exceeds three digits (e.g. 40’000). In parameter entry
fields of the FOXCST, these inverted commas must not be entered. Instead, the
numbers are entered without these inverted commas (e.g. 40000).

Please note:
Screenshots presented in this reference are examples and show configurations or
data that may not correspond to the view you see when managing your FOX61x
equipment.

Copyright 2022 Hitachi Energy. All rights reserved. 125

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.18 AP: / ne

6.18.1 AP: / ne, Configuration

6.18.1.1 AP: / ne, Configuration - Key Manager

In order to establish a trusted communication between FOXMAN-UN and the FOX61x network
element the FOXMAN-UN can authenticate itself using a public/private key pair. The public keys
must be stored in advance in the FOX61x network element:
• Login to the FOX61x as “Session Manager”. Before having stored a public key for the “Ses-
sion Manager” user class, use an authentication method other than “SSH Public Key”.
• Navigate to the AP: /ne, Configuration - Key Manager.
• Import the public keys from FOXMAN-UN with the “Import from NMS” command.
For further information regarding the public / private key authentication with FOXMAN-UN
please refer to the Hitachi Energy technical customer documentation for the FOXMAN-UN net-
work management system.

Please note:
Only a user of class “Session Manager” may see and configure the key manager
parameters.

Please note:
As a prerequisite for the public/private key authentication the “Encrypted” manage-
ment communication parameter must be activated at the AP: /ne, Configuration -
Session Management.

“Add…” and “Copy…” dialog:

Copyright 2022 Hitachi Energy. All rights reserved. 126

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 80: AP: / ne, Configuration - Key Manager

Operation Parameter Range Descriptions / Details
Name Name
Show full public Show the full public keys in the “Authorized Keys”
keys table.
Show the public key fingerprints in the “Authorized
Keys” table.
Authorized Keys Description <0 … 255 charac- Name to identify the public key.
ters>
User Class Information User class with which the FOXMAN-UN accesses the
Maintenance FOX61x network element.

Manager
Support
Session Manager
Key Value <0 … 1024 charac- The Key Value is displayed if the “Show full public key”
ters> parameter is enabled.
The Key Value is Base64 encoded.
Fingerprint <0 … 1024 charac- The Fingerprint is displayed if the “Show full public
ters> key” parameter is disabled.
The Fingerprint is Base64 encoded.
Add… Open the “New Entry” GUI dialog to enter the required
“Key Name”, “Userclass” and “Key Value” parameters.
Up to 30 entries can be added to the “Authorized
Keys” table.
Remove Remove the selected key table entries.
Copy… Open the “New Entry” GUI dialog to enter the required
“Key Name” and “Userclass” parameters.
The “Key Value” parameter is copied from the
selected key table entry.
Up to 30 entries can be added to the “Authorized
Keys” table.
Load… Open an explorer window to select an OpenSSH file
containing the public key(s).
The file extension must be .pub.
Import from NMS This command imports the public key from FOXMAN-UN
and creates key table entries for all defined user classes.
The same public key is used for all table entries.
Note: This command is not available for a stand-alone
FOXCST. It is only available for an FOXCST which is
integrated in FOXMAN-UN.
Import… Open an explorer window to import a previously
exported key table.
The file extension must be .xml.
Export… Open an explorer window to export a key table.
The file extension must be .xml.

The “Authorized Keys” table shows all available public keys with their key name and assigned
userclass. All parameters in this table are read-only.
• Filter the “Authorized Keys” table entries for a text string:

All public keys where the entered text string is contained in one of the table columns are dis-
played in the “Authorized Keys” table.
With an empty text string all public keys are displayed.
• Clear the text string:

Copyright 2022 Hitachi Energy. All rights reserved. 127

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

The text string filter is removed.

6.18.1.2 AP: / ne, Configuration - Session Management

Please note:
Only a user of class “Session Manager” may configure the session management
parameters.
See section 3.2.3 Session Management Control (on page 27) for a description of the session
management parameter applicability.

Copyright 2022 Hitachi Energy. All rights reserved. 128

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 81: AP: / ne, Configuration - Session Management

Operation Parameter Range Descriptions / Details
Name Name
Management Unencrypted Unencrypted communication is accepted by the NE.
Communication The parameter is related to FOXCST and FOXMAN-UN
only.
Unencrypted communication is not accepted by the
NE.
Encrypted Encrypted communication is accepted by the NE.
The parameter is related to FOXCST and FOXMAN-UN
only.
Encrypted communication is not accepted by the NE.
Telnet Enabled Telnet sessions are accepted by the NE.
Please consider the fact, that Telnet is an open and
insecure protocol and therefore suitable for inher-
ently secured network only. See also section 5.1 Security
Measures Overview (on page 51).
Telnet sessions are not accepted by the NE.
SSH Enabled SSH sessions are accepted by the NE.
SSH sessions are not accepted by the NE.
SNMP Enabled SNMP sessions are accepted by the NE.
SNMP sessions are not accepted by the NE.
Local Manage- Enabled Management sessions on the local management port
ment Port are accepted or refused. Please consider the fact, that
the local management port is the simplest access to
the NE. The configuration has to be considered in the
security planning of your network.
Retry Time Time-Out 0 … 5 … 1440 min Time before a new login is accepted after three
unsuccessful attempts.
Sessionmanager Time-Out 2 … 5 … 300 min If the user is of type “Session Manager” the session is
Session Timeout terminated after the specified time with no action.
There is no timeout for the other user types.
Authentication Local Interface The local authentication (NE based) via the local man-
Management Authentication agement port is enabled or disabled.
Interfaces Local
Remote Interface The local authentication (NE based) via a routed man-
Authentication agement interface is enabled or disabled.
Local
Local Interface The remote authentication (RADIUS server based) via
Authentication the local management port is enabled or disabled.
Radius
Remote Interface The remote authentication (RADIUS server based) via
Authentication a routed management interface is enabled or dis-
Radius abled.
RADIUS Local Local Authentica- When using local authentication and if the RADIUS cli-
Authentication tion Fallback ent is enabled and none of the configured RADIUS
Fallback servers is available, the local authentication is
attempted.
When using local authentication and if the RADIUS cli-
ent is enabled and none of the configured RADIUS
servers is available, the local authentication is not
attempted.

Copyright 2022 Hitachi Energy. All rights reserved. 129

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 81: AP: / ne, Configuration - Session Management (continued)

Operation Parameter Range Descriptions / Details
Name Name
RADIUS Default Default Userclass None The RADIUS server uses this user class definition for
Userclass Information all user accounts without a fix user class (accounts
with NE defined user class).
Maintenance With “None” the user accounts without a fix user class
Manager cannot be used.
For information on user classes see section 3.1.1 User
Support
Classes (on page 13).
For an example RADIUS server setup see section 5.2.3
Example RADIUS Server Setup (on page 55).
Reset SSH server Reset the SSH server fingerprint in case a private key
fingerprint has been compromised.

Please note:
The parameters
• Management Communication, Encrypted
• Management Communication, Unencrypted
• Sessionmanager Session Timeout, Time-Out
are only applicable for the FOX61x management access using FOXCST.

Please note:
The parameters
• Telnet, Enabled
• SSH, Enabled
• SNMP, Enabled
are only applicable for the FOX61x management access using CLI or SNMP.

6.18.1.3 AP: / ne, Configuration - Radius Client

Please note:
Only a user of class “Session Manager” may configure the RADIUS client parame-
ters.
The following screen dump represents the view for user class “Session Manager”. All other user
classes can only see the parameter group “Radius Common Parameters” (in view only mode).

Copyright 2022 Hitachi Energy. All rights reserved. 130

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 82: AP: / ne, Configuration – Radius Client (for user class “Session Manager” only)
Operation Parameter Range Descriptions / Details
Name Name
Radius Common Client Enabled The remote RADIUS authentication function is
Parameters enabled for the corresponding FOX61x NE.
The remote RADIUS authentication function is dis-
abled for the corresponding FOX61x NE, i.e. only login
with local authentication is possible.
Max Retries 1 … 3 … 10 Maximum number of retries to contact the primary
RADIUS server, before switching to the alternate
RADIUS server (if enabled and configured).
Server Timeout 1 … 5 … 300 sec Number of seconds to wait for a reply of a RADIUS
login request.
Primary Radius Enabled The primary RADIUS server function for this NE is
Server enabled or disabled.

IP Address <IPv4 address> The primary RADIUS server’s IP address.

Port 1 … 1812 … 65’535 Port number for the primary RADIUS server to receive
messages from the NE. The default value is the offi-
cially assigned UDP port by IANA.
Authentication 0 … 64 characters The FOX61x NE authenticates itself towards the RADIUS
Key server with an MD5 hash of this string. In the RADIUS
context sometimes referred to as “secret”.
Alternate Radius Enabled The alternate RADIUS server function for this NE is
Server enabled or disabled.

IP Address <IPv4 address> The alternate RADIUS server’s IP address

Port 1 … 1812 … 65’535 Port number for the alternate RADIUS server to
receive messages from the NE.The default value is the
officially assigned UDP port by IANA.
Authentication 0 … 64 characters The FOX61x NE authenticates itself towards the RADIUS
Key server with an MD5 hash of this string. In the RADIUS
context sometimes referred to as “secret”.

Copyright 2022 Hitachi Energy. All rights reserved. 131

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.18.1.4 AP: / ne, Configuration - Syslog Destinations - Destination 1

Add a syslog destination facility dialog:

Table 83: AP: / ne, Configuration – Syslog Destinations

Operation Parameter Range Descriptions / Details
Name Name
Destination 1 to The FOX61x offers 10 syslog destinations which
10 are individually configurable.
Destination Con- Host IP Address <IPv4 address> Host address where the syslog daemon is run-
figuration ning on.
UDP Port 1 … 514 … 65’535 Syslog daemons listen on port 514 by default.
Syslog Destina- Event Logbook NE location where the event message is gener-
tions, Facility Configuration Logbook ated.
Per default no facility is added to the Syslog
Equipment Logbook Destinations table.
Session Logbook Each facility requires its own entry in the table.
Alarm Logbook
System

Copyright 2022 Hitachi Energy. All rights reserved. 132

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 83: AP: / ne, Configuration – Syslog Destinations (continued)

Operation Parameter Range Descriptions / Details
Name Name
Syslog Destina- Debug Set the severity threshold for the System and
tions, Severity Informational the Alarm Logbook facility, used as a filter. The
Threshold syslog destination will receive System and Alarm
Notice Logbook messages of the configured severity
Warning and all higher severities.
Debug has the lowest severity.
Error
Emergency has the highest severity.
Critical All other facilities (Event, Configuration, Equip-
Alert ment, Session Logbook) have no severity filter-
ing.
Emergency
For the mapping of alarm and system severities
to syslog severities section 3.5 Syslog (on
page 41).
Syslog Destina- Open the “New Entry” dialog to add a new facil-
tion, Add … ity to the Syslog Destinations table.
Note that duplicate facility entries are deleted
automatically.
Source, Remove Remove the selected entry from the Syslog Des-
tination table.

6.18.1.5 AP: / ne, Configuration - Syslog Destinations - Destination 2 … 10

Refer to section 6.18.1.4 AP: / ne, Configuration - Syslog Destinations - Destination 1 (on
page 132).

6.18.1.6 AP: / ne, Configuration - Syslog Sources

Table 84: Syslog sources configuration

Operation Parameter Range Descriptions / Details
Name Name
Syslog Source Source Name Debug Tracing “Source Name” is a descriptive name for the
List Alarm Log event message source.
This parameter is read-only.
Event Log
Config Log
Equipment Log
Session Log

Copyright 2022 Hitachi Energy. All rights reserved. 133

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 84: Syslog sources configuration (continued)

Operation Parameter Range Descriptions / Details
Name Name
Facility System “Facility” describes the NE location, where the
Alarm Logbook event message is generated.
This parameter is read-only.
Event Logbook The mapping between “Source Name” and
Configuration Logbook “Facility” is fix.
Equipment Logbook
Session Logbook
Enabled The syslog source is active and will send event
messages.
Default values are shown in the screenshot.
The syslog source is disabled and will not send
any event message.
Severity Debug The syslog source will send syslog messages of
Informational the configured severity.
Debug has the lowest severity.
Notice Emergency has the highest severity.
Warning Default values are shown in the screenshot.
For the System and the Alarm Logbook facilities
Error
the syslog severity is mapped from the debug
Critical tracing or alarm severity. See section 3.5 Syslog
Alert (on page 41).
Emergency

6.18.1.7 AP: / ne, Configuration - Firewall

Table 85: AP: / ne / configuration / firewall

Operation Parameter Range Descriptions / Details
Name Name
Software Firewall Enabled Protect the (NE) CPU to overload and to forward
unsolicited packets.
The SW firewall is not enabled (not recommended).

Please note:
Keep in mind the risk when disabling the SW firewall.
→ For security reasons the SW firewall should never be disabled. See also section
5.5 FOX61x Firewalls (on page 59).

Copyright 2022 Hitachi Energy. All rights reserved. 134

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.18.1.8 AP: / ne, Configuration - SNMP Agent - SNMP v1/v2

Please note:
Only a user of class “Session Manager” may configure the SNMP v1/v2 community
parameters.
→ The parameters are not available for a user of a class other than “Session Man-
ager”.

Table 86: AP: / ne, Configuration - SNMP Agent - SNMP v1/v2, part 1
Operation Parameter Name Range Descriptions / Details
Name
Available Com- Read Only SNMP parameters are not readable by SNMP v1/v2
munities users with the configured read community name.
SNMP parameters can be read with the configured
read community name by SNMP v1/v2 users.
The read community name has to match the read
community name of the MIB browser.
public Set the read community name.
Read Write SNMP parameters are neither readable nor writable
by SNMP v1/v2 users with the configured read/write
community name.
SNMP parameters can be read and written by SNMP
v1/v2 users with the configured read/write commu-
nity name.
The read/write community name has to match the
read community name and the set community name
of the MIB browser.
private Set the read/write community name.

Please note:
Only a user of class “Manager” may configure the following SNMP v1/v2 agent
parameters.

Add Notification Parameters dialog:

Copyright 2022 Hitachi Energy. All rights reserved. 135

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 87: AP: / ne, Configuration - SNMP Agent - SNMP v1/v2, part 2
Operation Parameter Name Range Descriptions / Details
Name
SNMP v1/v2 Name 1 … 32 characters Shows the notification receiver “Name” configured
Notification in the “Add Snmp v2 Notification Receiver” dialog.
Receivers Target Address <IPv4 address> Shows the SNMP IP address and receiver port con-
(<port>) figured in the “Add Snmp v2 Notification Receiver”
dialog.
Notify Type Trap Shows the “Notify Type” configured in the “Add
Inform Snmp v2 Notification Receiver” dialog.

Security Model v2c Shows the SNMP version of the “Security Model”.
Active Notifications are sent from the SNMP agent to the
SNMP receiver.
Notifications are not sent.
Add Snmp v2 Open the “Add Snmp v2 Notification Receiver” dia-
Notification log.
Receiver
Notifications Name 1 … 32 characters Enter a name for the notification receiver.
Parameters Target Address <IPv4 address> SNMP notification receiver IP address.
Target Port 1 … 162 …65’335 SNMP notification receiver port.
Notification Type Trap Asynchronous notification from the SNMP agent to
the SNMP manager.
Inform Acknowledged notification from the SNMP agent to
the SNMP manager.
Delete Receiver Delete the selected notification receivers.
Several notification receivers can be removed at a
time.

6.18.1.9 AP: / ne, Configuration - SNMP Agent - SNMP v3

Please note:
Only a user of class “Session Manager” may configure the following SNMP v3
agent parameters.

Add SNMP v3 User dialog:

Copyright 2022 Hitachi Energy. All rights reserved. 136

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 88: AP: / ne, Configuration - SNMP Agent - SNMP v3, part 1
Operation Parameter Name Range Descriptions / Details
Name
v3 Users User Name 1 … 32 characters Shows the v3 “Name” configured in the “Add Snmp
v3 User” dialog.
Auth Protocol HMAC-SHA Shows the v3 “Auth Protocol” configured in the “Add
HMAC-MD5 Snmp v3 User” dialog.

NoAuth
Priv Protocol CBC-DES Shows the v3 “Priv Protocol” configured in the “Add
AES128 Snmp v3 User” dialog.

NoPriv
Engine ID 5 … 32 characters Shows the SNMP engine identifier in hexadecimal
format created in the “Add Snmp v3 User” dialog.
Add Snmp v3 Open the “Add Snmp v3 User” dialog.
User

Copyright 2022 Hitachi Energy. All rights reserved. 137

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 88: AP: / ne, Configuration - SNMP Agent - SNMP v3, part 1 (continued)
Operation Parameter Name Range Descriptions / Details
Name
User Data Name 1 … 32 characters Enter an SNMP v3 user name.
Engine ID 5 … 32 characters Shows a unique SNMP engine identifier in hexadeci-
mal format.
For get/set/trap: Enter the FOX61x NE Engine ID. This
is the default parameter value.
For inform: Enter the host (e.g. MIB Browser) Engine
ID.
Security Model MD5-DES The corresponding method supports MD5 for
authentication and DES for data encryption.
SHA-DES The corresponding method supports SHA for
authentication and DES for data encryption.
unsecure The corresponding method uses no authentication
and no data encryption. This method can be useful
for debugging but should not be used for any other
means.
MD5-AES128 The corresponding method supports MD5 for
authentication and AES128 for data encryption.
SHA-AES128 The corresponding method supports SHA for
authentication and AES128 for data encryption.
Auth Protocol HMAC-SHA According to the configured “Security Model” this
HMAC-MD5 field shows the used authentication protocol.

NoAuth
Auth Password 8 … 128 characters Enter the v3 user authentication password. The
password must be at least 8 characters long.
Priv Protocol CBC-DES According the configured “Security Model” this field
AES shows the used privacy protocol.

NoPriv
Priv Password 8 … 128 characters Enter the v3 user authentication password. The
password must be at least 8 characters long.
Delete User Delete the selected v3 users. Several v3 users can be
removed at a time.
In case a v3 notification receiver is configured bound
to the user to be deleted the following message
occurs: “User will not be deleted”.

Please note:
Only a user of class “Manager” may configure the following SNMP v3 agent param-
eters.

Copyright 2022 Hitachi Energy. All rights reserved. 138

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 89: AP: / ne, Configuration - SNMP Agent - SNMP v3, part 2
Operation Parameter Name Range Descriptions / Details
Name
SNMP v3 Notifi- Name 1 … 32 characters SNMP v3 notification receiver name.
cation Receivers Target Address <IPv4 address> SNMP IP address and port receiver.
(port)
Target Port <port> SNMP IP address and port receiver.
Notify Type Trap Shows the “Notify Type” configured in the “Add
Inform Snmp V3 Notification Receiver” dialog.

Security Model v3 Shows the SNMP version of the “Security Model”.

User Name 1 … 32 characters Shows the selected v3 user name configured in the
“Add Snmp V3 Notification Receiver” dialog.
Security Level AuthPriv The Security Model of the SNMP v3 user has been
configured to any of the security models except
“unsecure”.
NoAuthNoPriv The Security Model of the SNMP v3 user has been
configured to “unsecure”.
Active Notifications are sent from the SNMP agent to the
SNMP receiver.
Notifications are not sent.
Add Snmp v3 Open the “Add SNMP v3 Notification Receiver” dia-
Notification log.
Receiver

Copyright 2022 Hitachi Energy. All rights reserved. 139

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 89: AP: / ne, Configuration - SNMP Agent - SNMP v3, part 2 (continued)
Operation Parameter Name Range Descriptions / Details
Name
Notification Name 1 … 32 characters Configure an SNMP v3 notification receiver name.
Parameters Target Address <IPv4 address> Configure the SNMP notification receiver IP address.
Target Port 1 … 162 …65’335 Configure the SNMP notification receiver port.
Notification Type Trap Set “Trap” for asynchronous notifications sent from
the SNMP agent to the SNMP manager.
Inform Set “Inform” for acknowledged notifications sent
from the SNMP agent to the SNMP manager.
Security Parame- User Name <range of config- Select a v3 “User Name” configured as session man-
ters ured v3 users> ager.
Security Level AuthPriv The Security Model of the SNMP v3 user has been
configured to any of the security models except
“unsecure”.
NoAuthNoPriv The Security Model of the SNMP v3 user has been
configured to “unsecure”.
Delete Receiver Delete the selected notification receivers.
Several notification receivers can be removed at a
time.

6.18.1.10 AP: / ne, Configuration - SNMP Agent - Common Properties

Table 90: AP: / ne, Configuration - SNMP Agent -Common Properties

Operation Parameter Name Range Descriptions / Details
Name
Agent Properties Enable Authentica- Authentication failure traps are sent if the v1/v2 or
tion Traps v3 notification receiver is “Active”.
No authentication failure traps are sent.

Copyright 2022 Hitachi Energy. All rights reserved. 140

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.18.2 AP: / ne, Fault Management

Table 91: AP: / ne, Fault Management, management communication related

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
RSF RADIUS Server Failed Communica- Major The communication to all configured
tion Alarm RADIUS servers has failed.
The alarm status is updated with
every login process using the RADIUS
server. See section 3.2.3.6 Login Pro-
cess Overview (on page 30).

6.18.3 AP: / ne, Status

6.18.3.1 AP: / ne, Status - Session Management

Please note:
The informational part of the tab “Session Management” is available to all user
classes, but the command “Close Session” is reserved to the user class “Session
Manager”.

Table 92: AP: / ne, Status – Session Management

Operation Parameter Name Range Descriptions / Details
Name
Session Session ID 1 … 16 Remote session via a routed management interface
17 Local session via the local management port
User Class Manager For information on user classes see section 3.1.1 User
Support Classes (on page 13).

Session Manager
Information
Maintenance
User ID Session with local The user ID corresponds to the Windows® user ID.
authentication
Session with The user ID is defined in the corresponding RADIUS
remote authentica- user account.
tion
Source TCP/IP sessions The managing agents IP address plus the current
TCP port number
Close Session The selected session is immediately closed.

Copyright 2022 Hitachi Energy. All rights reserved. 141

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.18.3.2 AP: / ne, Status - Initialized User Classes

Please note:
This management function is only available for the user class “Session Manager”.

Table 93: AP: / ne, Status – Initialized User Classes

Operation Parameter Name Range Descriptions / Details
Name
Initialized User User Class Information List of all user classes which have been initialized, i.e.
Classes Maintenance which have a password defined.
For information on user classes see section 3.1.1 User
Manager Classes (on page 13).
Support
Session Manager

6.18.3.3 AP: / ne, Status - Notification

Table 94: AP: / ne, Status - Notification

Operation Name Parameter Name Range Descriptions / Details
Notification Destination <IPv4 address> Shows all element managers that are regis-
Address tered for notifications with their IP address
Destination Port 0 … 232-1 and the used UDP port.
A registration must be renewed within 24
hours.

6.18.3.4 AP: / ne, Status - Radius Client

This dialog is visible to all user classes.

Copyright 2022 Hitachi Energy. All rights reserved. 142

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 95: AP: / ne, Status – Radius Client

Operation Parameter Range Descriptions / Details
Name Name
Primary Radius IP Address <IPv4 address> Primary RADIUS server’s IP address
Server Status Port 1 … 65’335 Port number for the primary RADIUS server to receive
messages from the NE.
Last Known Up The primary RADIUS server is up and responding
Server Status Down The primary RADIUS server is not responding
Disabled The primary RADIUS server is administratively down
Unknown The primary RADIUS server has not yet been contacted
(this state is very unlikely to occur).
Alternate Radius IP Address <IPv4 address> Alternate RADIUS server’s IP address
Server Status Port 1 … 65’335 Port number for the alternate RADIUS server to receive
messages from the NE.
The port numbers for primary and alternate server may
be different.
Last Known Up The alternate RADIUS server is up and responding
Server Status Down The alternate RADIUS server is not responding
Disabled The alternate RADIUS server is administratively down
Unknown The alternate RADIUS server has not yet been contacted
(this is the usual state as long the primary server is
responding).

6.18.3.5 AP: / ne, Status - SNMP Agent - Agent Properties

Copyright 2022 Hitachi Energy. All rights reserved. 143

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 96: AP: / ne, Status - SNMP Agent - Agent Properties

Operation Parameter Range Descriptions / Details
Name Name
Agent Properties Engine ID 5 … 32 characters Shows the unique SNMP agent engine identifier in hexa-
decimal format.
Enable Authen Enabled Shows the status of the “Enable Authentication Traps”
Traps Disabled configuration.
See section 6.18.1.10 AP: / ne, Configuration - SNMP
Agent - Common Properties (on page 140).

6.18.3.6 AP: / ne, Status - SNMP Agent - Statistics

Table 97: AP: / ne, Status - SNMP Agent - Statistics

Operation Name Parameter Name Range Descriptions / Details
32
Target Context Unavailable Con- 0 … 2 -1 Contexts The total number of packets received by the SNMP
Counters texts engine which were dropped because the context
contained in the message was unavailable.
Unknown Contexts 0 … 232-1 Contexts The total number of packets received by the SNMP
engine that were dropped because the context con-
tained in the message was unknown.
Packet Statistics In Packets 0 … 232-1 Packets Shows the number of packets received by the SNMP
agent.
Out Packets 0 … 232-1 Packets Shows the number of packets sent by the SNMP
agent.

Copyright 2022 Hitachi Energy. All rights reserved. 144

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 97: AP: / ne, Status - SNMP Agent - Statistics (continued)

Operation Name Parameter Name Range Descriptions / Details
In Failure Statis- In Bad Versions 0 … 232-1 Errors Shows the number of SNMP messages received that
tics are formatted in a bad or incompatible version of
SNMP.
In Bad Community 0 … 232-1 Errors Shows the number of SNMP messages received with
Names a community name that does not match one of the
configured community names.
In Bad Community 0 … 232-1 Errors Shows the number of SNMP messages received with
Uses a community that is valid, but not for the operation
attempted.
In ASN Parse Errs 0 … 232-1 Errors Shows the number of detected errors when decod-
ing SNMP messages received by the SNMP agent.
In Too Bigs 0 … 232-1 Errors In operation produced a value too large to fit in a
single SNMP message.
In No Such Names 0 … 232-1 Errors In operation specified an object that does not exist
in the MIB database.
In Bad Values 0 … 232-1 Errors In value specified is of an unknown data type, or the
operation syntax was wrong.
In Gen Errs 0 … 232-1 Errors In SNMP failed to complete the operation for a rea-
son that does not fit into any of the other catego-
ries.
In General Statis- In Read Onlys 0 … 232-1 The total number valid SNMP PDUs which were deliv-
tics ered to the SNMP protocol entity and for which the
value of the error-status field was “read only”. It
should be noted that it is a protocol error to gener-
ate an SNMP PDU which contains the value “read
only” in the error-status field, as such this object is
provided as a means of detecting incorrect imple-
mentations of SNMP.
In Total Req Vars 0 … 232-1 Shows the total number of MIB objects which have
been retrieved successfully by the SNMP protocol
entity as the result of receiving valid Get-Request
and Get-Next PDUs.
(OID 1.3.6.1.2.1.11.13)
In Total Set Vars 0 … 232-1 Shows the total number of MIB objects which have
been altered successfully by the SNMP protocol
entity as the result of receiving valid Set-Request.
(OID 1.3.6.1.2.1.11.14)
In Get Requests 0 … 232-1 Requests Shows the number of “Get Requests” received by the
SNMP agent.
In Get Next 0 … 232-1 The total number of SNMP “Get-Next” PDUs which
have been accepted and processed by the SNMP
protocol entity.
In Set Requests 0 … 232-1 Requests Shows the number of “Set Requests” received by the
SNMP agent.
In Get Responses 0 … 232-1 Requests Shows the number of “Get Responses” received by
the SNMP agent.
In Traps 0 … 232-1 Traps Shows the number of “Traps” received by the SNMP
agent.

Copyright 2022 Hitachi Energy. All rights reserved. 145

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 97: AP: / ne, Status - SNMP Agent - Statistics (continued)

Operation Name Parameter Name Range Descriptions / Details
Out Failure Statis- Out Too Bigs 0 … 232-1 Errors Out operation produced a value too large to fit in a
tics single SNMP message.
Out No Such 0 … 232-1 Errors Out operation specified an object that does not
Names exist in the MIB database.
Out Bad Values 0 … 232-1 Errors Out value specified is of an unknown data type, or
the operation syntax was wrong.
Out Gen Errs 0 … 232-1 Errors Out SNMP failed to complete the operation for a
reason that does not fit into any of the other cate-
gories.
Out General Statis- Out Get Requests 0 … 232-1 Requests Shows the number of “Get Requests” sent by the
tics SNMP agent.
Out Get Next 0 … 4’294’967295 The total number of SNMP “Get-Next” PDUs which
have been generated by the SNMP protocol entity.
Out Set Requests 0 … 232-1 Requests Shows the number of “Set Requests” sent by the
SNMP agent.
Out Get 0 … 232-1 Shows the number of “Get Responses” sent by the
Responses Responses SNMP agent.
Out Traps 0 … 232-1 Traps Shows the number of “Traps” sent by the SNMP
agent.
SNMP Drops Silent Drops 0 … 232-1 Drops Shows the number of Get and Set PDUs received and
dropped silently. The SNMP agent drops the PDUs
because the size of a reply containing an alternate
Response PDU with an empty variable bindings field
was greater than either a local constraint or the
maximum message size associated with the origina-
tor of the request.
Proxy Drops 0 … 232-1 Drops Shows the number of Get and Set PDUs received and
dropped silently. The SNMP agent drops the PDUs
because the transmission of the (possibly trans-
lated) packet to a proxy target failed in a manner
(other than time-out) such that the SNMP agent
could not return a Response PSDU.
Security Statistics Unsupported Sec 0 … 232-1 The total number of packets received and dropped
Levels because they requested a security level that the
SNMP agent did not recognize or the security level
was unavailable.
Not in Time Win- 0 … 232-1 The total number of packets received and dropped
dows because they were not delivered within the SNMP
agents acceptable delivery delay time frame.
Unknown User 0 … 232-1 The total number of received packets received and
Names dropped because they referenced a user that the
SNMP agent did not recognize.
Unknown Engine 0 … 232-1 The total number of packets received and dropped
IDs because they referenced an Engine ID that was not
known to the SNMP agent.
Wrong Digests 0 … 232-1 The total number of received packets dropped
because they did not contain the expected digest
value.
Decryption Errors 0 … 232-1 Errors The total number of received packets dropped
because it could not decrypt the packets.

Copyright 2022 Hitachi Energy. All rights reserved. 146

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

6.19 AP: / unit-x / … / Local Management

Please note:
The access point of the local management port is different for the CESM3 and
CESM1 or CESM2 core units:
→ CESM3: AP: / unit-x / port-6: Ethernet (Local Management)
→ CESM1 or CESM2: AP: / unit-x / neController / localManagementPort: Ethernet
In the following the AP of the CESM3 core unit will be used.
The management functions in this section cover exclusively the local management port located
on the core unit.
A working core unit is plugged in slot-11, a redundant core unit is plugged in slot-13. The identi-
fier unit-x stands therefore for unit-11 or unit-13.
For a description of the other CESM3 management functions please refer to [1KHW028774]
User Manual “CESM3”.
For a description of the other CESM2 management functions please refer to [1KHW028642]
User Manual “CESM2, CESM2-F”.
For a description of the other CESM1 management functions please refer to [1KHW002469]
User Manual “CESM1, CESM1-F”.

6.19.1 AP: / unit-x / port-6 (Local Management), Overview

For a description of the
− “Overview - Alarms”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.19.2 AP: / unit-x / port-6 (Local Management), Main

6.19.2.1 AP: / unit-x / port-6 (Local Management), Main - General

For a description of the
− “Main - General”
management function, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”.

6.19.2.2 AP: / unit-x / port-6 (Local Management), Main - Admin And Oper Status

Please note:
The administrative state of the local management port on the active core unit is
controlled by the “NE Session Management” configuration parameter “Local Man-
agement Port Enabled”.
The administrative state of the local management port on the standby core unit is
down.
→ Please refer to section 6.18.1.2 AP: / ne, Configuration - Session Management
(on page 128).

Copyright 2022 Hitachi Energy. All rights reserved. 147

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Please note:
The administrative state of the local management port on a core unit running in the
NE bootloader is up, irrespective of the “NE Session Management” configuration
parameter “Local Management Port Enabled”.

Table 98: AP: / unit-x / port-6 (Local Management), Main - Admin And Oper Status
Operation Name Parameter Name Range Description / Details
Operational Status State Up Display of the IETF operational status of the
Down port.
The operational state of a port is up when
Testing - the administrative state is up, and
- a valid signal is connected to the port.

6.19.3 AP: / unit-x / port-6 (Local Management), Configuration

6.19.3.1 AP: / unit-x / port-6 (Local Management), Configuration - IP

Table 99: AP: / unit-x / port-6 (Local Management), Configuration - IP

Operation Parameter Range Descriptions / Details
Name Name
Address Address <IPv4 address> Default value on the working core unit (slot-11):
192.168.1.1
Default value on the redundant core unit (slot-13):
192.168.1.2
Both address and mask values are subject of correct
IP network design. Whether a certain address/mask
combination is valid for a certain interface is in the
responsibility of the user and cannot be checked by
the core unit or by the FOXCST.
Netmask <netmask> Default value: 255.255.255.0

Please note:
When the previously configured IP address is used by the current user session the
new configured IP address/netmask is only applied upon termination of this user
session.

Please note:
With an “Initialize” command from the “NE Configuration Management” manage-
ment function the IP address and network mask of the local management port is
reset to the default value. If you are connected to the NE via the local management
port the default value will only be applied upon termination of the session. This
allows you to revert to the previously configured IP address:
→ Make sure that the core unit in slot-11 is the active unit. If the core unit in slot-13
is the active unit, an “Initialize” command reboots this unit, preventing any fur-
ther reconfiguration.
→ Reconfigure the IP address to the previously configured value.
→ Save the configuration to the NE database before terminating the session.

Copyright 2022 Hitachi Energy. All rights reserved. 148

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Risk of operating trouble!

Avoid to configure the same IP address for the local management ports on the
working and redundant core units. When both units are running in the bootloader
both local management ports are active.
→ This can lead to undefined behavior.

Risk of operating trouble!

Avoid to configure the IP addresses for the local management ports on the working
and redundant core units to different subnets. No checks are performed for the
redundant core unit if the configured IP address conflicts with the management
router configuration.
→ This can lead to undefined behavior.

Please note:
Keep a backup of the configured IP address of the local management port in a safe
place. If you loose connection to your FOX61x and do not remember the IP
address you have to completely reset the NE configuration.
→ Please contact Hitachi Energy for further support.

6.19.4 AP: / unit-x / port-6 (Local Management), Fault Management

For the description of the general aspects of the
− “Fault Management - Status”, and
− “Fault Management - Configuration”
management functions, please refer to [1KHW002464] User Manual “FOX615 R2/FOX615/
FOX612/FOX611”. The following table lists the fault causes of the current AP.

Table 100: AP: / unit-x / port-6 (Local Management)

ID Fault Cause Event Type Traffic Default Description
Affecting Severity
LOS Loss Of Signal Communica- Major The signal has been lost on the local
tion Alarm management port.
Make sure the connector is plugged
on the front port and the remote
equipment is transmitting a signal.

Please note:
The monitoring of the LOS alarm is disabled by default.

6.19.5 AP: / unit-x / port-6 (Local Management), Status

6.19.5.1 AP: / unit-x / port-6 (Local Management), Status - IP

Copyright 2022 Hitachi Energy. All rights reserved. 149

FOX61x | MANAGEMENT COMMUNICATION USER INTERFACE REFERENCE

Table 101: AP: / unit-x / port-6 (Local Management), Status – IP

Operation Parameter Name Range Descriptions / Details
Name
Address Address <IPv4 address> Shows the currently active IP address and netmask.
Netmask <netmask> This is not necessarily the same as the configured IP
address/netmask since a new configuration is only
applied upon termination of the user session using
this IP address.

6.19.5.2 AP: / unit-x / port-6 (Local Management), Status - Interface

Table 102: AP: / unit-x / port-6 (Local Management), Status – Interface

Operation Parameter Name Range Descriptions / Details
Name
MAC Address MAC Address 00:00:00:00:00:00 Shows the physical (MAC) address of the manage-
… ff:ff:ff:ff:ff:ff ment port.

Copyright 2022 Hitachi Energy. All rights reserved. 150

FOX61x | MANAGEMENT COMMUNICATION ANNEX

7 Annex

7.1 Associated FOX61x Documents

[1KHW028777] Release Note “FOX61x System Release R15B”

[1KHW002460] System Description “FOX61x R15B”

[1KHW002497] Operating Instruction “Precautions and safety”

[1KHW002464] User Manual “FOX615 R2/FOX615/FOX612/FOX611”

[1KHW002467] User Manual “TDM Services”

[1KHW029105] User Manual “Synchronization”

[1KHW002466] User Manual “FOXCST”

[1KHW028566] User Manual “Ethernet Switching”

[1KHW028618] User Manual “MPLS-TP Services”

[1KHW002469] User Manual “CESM1, CESM1-F”

[1KHW028642] User Manual “CESM2, CESM2-F”

[1KHW028774] User Manual “CESM3”

[1KHW028641] Application Note “FOX61x Deployment Guidelines”

Copyright 2022 Hitachi Energy. All rights reserved. 151

Hitachi Energy Switzerland Ltd
Bruggerstrasse 72
5400 Baden - Switzerland

Phone: please refer to https://www.hitachienergy.com/contact-us/Customer-Connect-Center

(Customer Connect Center)
Email: [email protected]

www.hitachienergy.com/communication-networks

Document ID: 1KHW028522

Copyright 2022 Hitachi Energy. All rights reserved.

Specifications subject to change without notice.