Professional Documents
Culture Documents
Trilliant Inc.
1100 Island Drive
Redwood City, California 94065
NOTICE: The contents of this document are proprietary and confidential and the property of Trilliant Holdings, Inc., its subsidiaries, affiliats, and/or licensors.
This document is provided subject to the confidentiality obligations set forth in the agreement between your company and Trilliant. The contents may not be
used or disclosed without the express written consent of Trilliant.
Trilliant
Proprietary Notice
Copyright © Trilliant Holdings Inc. 2004 – 2015. All rights reserved.
This document describes products, software and services (“Products”) of Trilliant Holdings Inc.,
its parents, subsidiaries, affiliates and/or its licensors. This document is licensed, not sold.
Except as set out in the License or other written agreement between Trilliant and your company:
(1) the purchase or use of a Product from Trilliant does not convey a license under any patent
rights, copyrights, trademark rights, or any other of the intellectual property rights of Trilliant or
third parties; (2) Trilliant does not assume any responsibility or liability arising out of the use of
this document or any Product it describes; and (3) no part of the document may be disclosed in
any form to any third party.
Trilliant reserves the right to make changes to this document or to any Products it describes at any
time with or without notice.
Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-
14 (g) (2) (6/87) and FAR 52.227-19 (6/87), or DFAR 252.227-7015 (b) (6/95) and DFAR
227.7202-3 (a).
Trilliant®, SecureMesh®, and UnitySuite® are registered trademarks of Trilliant. Any third-party
name or mark mentioned in this document may be a trademark of its owners.
August 3, 2015
i
Trilliant
ii
Trilliant
iii
Trilliant
Table of Contents
Chapter 1 - About this Guide.......................................................................................................................................1
Audience and Purpose .............................................................................................................................................2
How This Guide Is Organized .................................................................................................................................3
Conventions Used in This Guide .............................................................................................................................4
Text Conventions ..............................................................................................................................................4
Syntax Conventions ..........................................................................................................................................4
Modulation Thresholds..........................................................................................................................149
Create New Modulation Thresholds .................................................................................................150
Edit Existing Modulation Thresholds ...............................................................................................153
Delete an existing Modulation Threshold .........................................................................................155
Modulation and RSSI Thresholds .........................................................................................................156
Create a new Modulation and RSSI Threshold.................................................................................156
Edit an existing Modulation Rate and RSSI Threshold ....................................................................159
Delete a Modulation and RSSI Threshold ........................................................................................161
RSSI Thresholds....................................................................................................................................163
Create a new RSSI Threshold ...........................................................................................................163
Edit an existing RSSI Threshold .......................................................................................................166
Delete an RSSI Threshold.................................................................................................................168
NAN Threshold Monitoring ..................................................................................................................169
Create a new NAN Threshold ...........................................................................................................170
Edit an existing NAN Threshold.......................................................................................................172
Delete a NAN Threshold...................................................................................................................174
Event Monitoring..........................................................................................................................................176
Trap Parsers ...........................................................................................................................................176
Display Trap Parsers .........................................................................................................................176
Create a new Trap Parser ..................................................................................................................178
Edit an existing Trap Parser ..............................................................................................................183
Delete a Trap Parser ..........................................................................................................................187
Northbound Trap Receivers ..................................................................................................................190
Display Northbound Trap Receivers.................................................................................................191
Create a new Northbound Trap Receiver..........................................................................................192
Edit an existing Northbound Trap Receiver......................................................................................195
Delete a Northbound Trap Receiver .................................................................................................196
Email Notification of Alarms ................................................................................................................198
Configure the mail server..................................................................................................................198
Create a new Alarm Mail Notification..............................................................................................200
Edit an existing Alarm Mail Notification..........................................................................................202
Delete an Alarm Mail Notification ...................................................................................................204
Fault-Based Alarms .............................................................................................................................................207
NAN SNMP Traps........................................................................................................................................207
WAN SNMP Traps .......................................................................................................................................212
NEMS-Generated Alarms.............................................................................................................................214
This document contains procedures and guidelines to enable you to deploy a basic network.
Topics discussed include installing the server operating system, installing NEMS, and adding
devices to the network.
This chapter explains what's in this guide and how it's organized.
• “Audience and Purpose” on page 2
• “How This Guide Is Organized” on page 3
• “Conventions Used in This Guide” on page 4
Text Conventions
This guide uses the following text conventions:
• Italic is used to introduce new terms.
• Bold is used to indicate what you click in a graphical user interface or type on your key-
board (for example, command names). In examples showing user interaction with the
command-line interface, bold is used to indicate user input. In examples of command out-
put, bold indicates relevant content.
• A monospace font is used for code elements (variable names, data values, function
names, and so forth), command lines, scripts, and source code listings. It is also used to
indicate text to enter in a graphical user interface.
• Italic-monospace is used for replaceable elements and placeholders within code
listings.
Syntax Conventions
This guide uses the following conventions when showing syntax:
• Angle brackets, “<” and “>”, enclose mandatory elements. You must enter these elements.
For example:
ping <IP-address>
• Square brackets, “[” and “]”, enclose optional elements. You can omit these elements. For
example:
show filter [filter-table-number]
Square brackets are also used to show the current value of parameters in the output of
some commands.
• A vertical bar, “|”, separates choices. For example:
show bridge [cache | port]
To begin working with NEMS, you must ensure that you have the proper installation environment
available. This chapter discusses gathering and preparing the hardware and software you need for
a basic NEMS deployment:
• “Required Hardware and Software” on page 6
• “Design Your Simple Network” on page 8
• “Installing CentOS” on page 10
• “Installing NEMS” on page 21
Note: Neither the 32-bit versions nor the 64-bit 6.x (and above) versions of CentOS and
RedHat Enterprise are supported.
• One Gateway (+1 POE power supply and 2 RJ45 Ethernet cables)
• One Extender Bridge (+1 POE power supply and 1 RJ45 Ethernet cable)
• One Connector (+1 POE power supply and 2 RJ45 Ethernet cables)
• One RJ45-DB9 (Ethernet to serial) adapter and 1 RJ45 Ethernet cable to connect the
communications terminal to a Gateway or Extender Bridge device
Gather the following software components:
• CentOS or RedHat Enterprise disc images (ISO images) burned to CD or DVD. See
http://wiki.centos.org/Download for links to the CentOS installation files. Visit http://
www.redhat.com for links to RedHat installation files.
Note: There are different installation files for 32-bit and 64-bit processors. Be sure to
download the 64-bit version.
• NEMS Installation files. You can obtain the NEMS installation files from Trilliant Sup-
port:
• NEMS10_Installer.bin
• NEMS10_DBSetup.bin
Note: The NEMS10_DBSetup.bin file is used to create remote databases.
• License.dat
Note: Trilliant NEMS will not install unless the License.dat file is customized for the MAC
address of the computer on which you are installing NEMS. Contact Trilliant Support
for help getting the appropriate files for your installation.
• (Optional) Secure File Transfer Protocol (SFTP) software. NEMS makes use of secure
FTP through SSH during the installation process.
The range of available DHCP addresses must be sufficient to cover the number of devices that
will require a DHCP-assigned IP address. In the above case, the DHCP range covers 172.16.1.3 to
172.16.1.10.
Installing CentOS
While NEMS can also run on RedHat Enterprise, these instructions cover installing NEMS on
CentOS (the following screenshots are from version 5.9). If you choose to use another version of
CentOS, or use RedHat Enterprise, the installation procedures for supported versions of CentOS
and RHEL may vary slightly.
Note: The computer you use as the server for NEMS must run on a 64-bit version of CentOS
or RedHat Enterprise (v 5.5 - v5.11). Refer to “Required Hardware and Software” on
page 6 for the complete list of requirements.
The following instructions assume that you know how to boot from a disc and do not already have
a version of Linux installed. If a version of Linux is already installed, these steps will erase and
reinstall the OS, and all customizations and packages will be lost.
To install CentOS:
Note: Trilliant recommends that you install NEMS on a dedicated computer with a fresh OS
install. Following these instructions will permanently erase any existing data from the
machine’s drive.
1. Download and burn ISOs for the 64-bit version of CentOS to either CDs or DVDs. See
http://wiki.centos.org/Download for links to the appropriate ISO files.
2. Insert the first disc into the system, and boot from the disc.
4. Press the right arrow to highlight Skip, and then press [ENTER]. (See Figure 2.3.)
Note: If your installation media has never been used before, it's a good idea to test it. To test,
highlight OK and press [ENTER]. Once the test is complete, continue to the next step.
5. CentOS displays the installer screen. Click Next to continue. (See Figure 2.4.)
6. On the next screen, select the language to use during installation. Click Next.
7. Select the keyboard language you are using, then click Next.
8. Select Remove all partitions on selected drives and create default layout. Click Next.
(See Figure 2.5.)
Note: Selecting this option will wipe all data off of the drive. Any existing data will be
permanently erased.
9. CentOS displays a warning that proceeding will remove all existing partitions on the
drive. Click Yes. (See Figure 2.6.)
10. In Network Devices, ensure that Active on Boot for eth0 is checked, then click Edit.
(See Figure 2.7.)
11. Select an addressing format (IPv4 support is mandatory, and that IPv6 is optional):
• (Mandatory) Enable IPv4 support: Uses IPv4 addressing format. Select Manual
configuration and enter the IP Address for the computer (which you chose earlier in
“Design Your Simple Network” on page 8), and set the Prefix (Netmask) to
255.255.255.0. (See Figure 2.8.)
Note: You can use a prefix other than 255.255.255.0, as appropriate for your network.
• (Optional) Enable IPv6 support: Uses IPv6 addressing format. Select Manual
configuration and enter the IP Address for the computer, and set the Prefix
(Netmask).
12. Click OK. CentOS returns you to the previous screen.
13. For Hostname, click manually and enter a domain name (for example,
nems.domain.com) in the field. (See Figure 2.9.)
14. Leave the Miscellaneous Settings fields blank, and click Next.
15. NEMS displays warning screens about the Gateway and Primary DNS fields being
unspecified. Click Continue to dismiss these warnings.
16. Select the time zone you are in and click Next.
Note: You can leave the “System clock uses UTC” setting as is.
17. Enter a password in the Root Password and Confirm fields, then click Next. (See
Figure 2.10.)
Note: Make sure you note your password, because it is required to install NEMS.
18. Select a desktop version and click Next. (See Figure 2.11.)
Note: Trilliant recommends selecting Gnome, as this is the version shown during NEMS
installation.
The installer will display several screens while the installation proceeds. When it is fin-
ished, it displays a success screen. (See Figure 2.13.)
21. After CentOS reboots, it displays a Welcome message. Click Forward to proceed.
CentOS’s default firewall settings will interfere with NEMS operation. Trilliant recom-
mends that you disable the firewall (see Step 22).
Note: To configure the firewall to allow NEMS traffic, see “Advanced Firewall Settings” on
page 324.
22. On the Firewall page, select Disabled and then click Forward (Figure 2.14). Click Yes to
confirm that you want the firewall disabled (Figure 2.15).
23. On the SELinux page, confirm the default selection of Enforcing, and click Forward.
(See Figure 2.16.)
24. On the Date and Time page, set the current date and time, then click Forward. (See
Figure 2.17.)
25. On the Create User page, you can add an additional user to your system. If you choose to
add a user, be sure to note their username and password. Click Forward. (See
Figure 2.18.)
Note: To install NEMS you will need to log in as root, so this user account is for only post-
NEMS installation use.
26. If your system has a sound card, the Sound Card menu will prompt you to configure the
sound card.
27. On the Additional CDs screen, click Finish. (See Figure 2.19.)
CentOS is now installed and ready to use. The next step is Installing NEMS (see page 21).
Installing NEMS
Note: NEMS will install MySQL and Java, and if there are any conflicting packages (i.e.
Apache) already installed, they will be removed during NEMS installation.
To install NEMS:
1. Obtain license files that are customized for your installation environment.
Note: Trilliant NEMS will not install unless the license files are customized for the MAC
address of the computer on which you are installing NEMS. Contact Trilliant Support
for help getting the appropriate files for your installation.
2. Ensure that you are logged into the server as root.
3. Copy the NEMS installation files into the root home directory ( /root ):
• NEMS10_Installer.bin
• NEMS10_DBSetup.bin
Note: The NEMS10_DBSetup.bin file is used to create remote databases. Refer to supporting
documentation concerning remote databases for more information and procedures.
• License.dat
Note: Filenames are case-sensitive.
4. From the root directory, open a terminal:
• File > Open In Terminal or
• Applications > Accessories > Terminal
5. Type the following command, and press [ENTER]:
sh ./NEMS10_Installer.bin
The NEMS Installer launches.
NEMS presents you with choices about the kind of installation to perform, including the
types of devices NEMS will support, whether or not to use SSL security when accessing
the NEMS interface, and where to install the NEMS database.
11. Press B to support both WAN and NAN devices in NEMS, and then press [ENTER].
12. Press Y to use SSL security in the NEMS web interface, and then press [ENTER].
13. Press L to install the NEMS database locally, and then press [ENTER].
16. To specify the location of the NEMS license files, type /root then press [ENTER].
Figure 2.25 Specifying location of NEMS license files in root home ( /root )
17. Specify that NEMS is not behind NAT. Press N then press [ENTER].
18. Specify that you want to use SFTP to facilitate WAN firmware upgrades. Press Y and then
[ENTER].
Note: For some versions of NEMS and device firmware, SFTP is required. To avoid issues
with WAN firmware upgrades, Trilliant recommends using SFTP. If you selected not to
use SFTP, skip to step 20.
19. Specify an SFTP username and password. Trilliant recommends that you accept the
default username (trilliantsftp) and password (public).
20. Press Y to have the system’s DHCP configuration files updated now, then press
[ENTER].
21. Press [ENTER] to accept the default of eth0 for the interface name.
NEMS begins installing on the server. When it is finished, it displays the following:
Figure 2.29 Starting NEMS using Firefox for the first time
24. Firefox displays the Add Security Exception screen. Ensure that the check-box next to
Permanently Store Exception is filled, and click Confirm Security Exception.
Note: To prevent this security exception from appearing, work with your Network
Administrator to obtain and install a signed certificate on your NEMS server. There are
several vendors that can provide signed certificates.
25. The browser displays the NEMS login screen. Enter the username and password supplied
during installation (Figure 2.28), and click Sign In.
The default administrator credentials are:
• Username: admin
• Password: admin123!
Note: After logging into NEMS for the first time, you should change the default password. See
“Changing your NEMS Password” on page 83 for more information.
26. The first time you log in, NEMS asks which view you want to be the default. Select WAN
View and click Save (Figure 2.32).
The NEMS installation process is now complete. Proceed to Chapter 3 “Getting Started
with NEMS” on page 35 to begin configuring NEMS and creating your simple network.
Note: If you have any issues starting NEMS, see “Cannot access the NEMS” on page 306.
Once NEMS is installed, you’ll need to configure NEMS and add devices. This chapter covers
those tasks:
• “Example SecureMesh WAN Network Layout” on page 36
• “Configuring DHCP” on page 37
• “Adding a Gateway” on page 43
• “Creating Node Profiles” on page 57
• “Adding an Extender Bridge” on page 64
• “Adding a Connector” on page 71
• “Adding a Collector” on page 75
Figure 3.1 The physical setup of a SecureMesh WAN network including NEMS
The physical space in which you set up your network must be big enough to contain two
computers, at least three physical devices, and all of the cables and POE power supplies necessary
to power the devices. Figure 3.1 illustrates the devices and the cables necessary to connect them
to their power supplies and each other.
Configuring DHCP
Most NEMS deployments use DHCP (Dynamic Host Configuration Protocol) to assign IP
addresses to devices on the network. This section describes how to enable and configure DHCP
from within NEMS.
2. (Optional) From the tool bar at the top of the DHCP Tree View window, click
Add DHCP Subnet (second icon from the left).
Note: NEMS automatically creates a subnet entry for the subnet where the NEMS is located.
Subnets only needed to be added for devices outside of this NEMS subnet.
NEMS opens the Add Subnet window (Figure 3.4).
7. Click Add .
8. Enter the NEMS IP address and click Save (Figure 3.6).
Optional: If you want to use dynamic assigned IP address for non-Gateway devices, con-
tinue to Step 12, otherwise skip to Step 16. Assigning a DHCP Dynamic Range configures
a “pool” of IP addresses which can be dynamically assigned to devices on an as-needed
basis.
NEMS returns you to the Add Subnet window.
12. Next to Dynamic Range, click .
NEMS opens the DHCP Dynamic Range window (Figure 3.9).
16. The VPN button enables you to specify the IP address of the VPN router(s). If your net-
work is using VPN, before completing this procedure, refer to “Adding VPN to Your
Network” on page 231.
17. In Routers, enter the NEMS IP address (or the default router, if your SecureMesh WAN
installation is part of a larger network).
Note: In most deployment scenarios there will most likely be routing equipment between the
WAN equipment and the NEMS. In such a scenario you would specify the IP address of
the appropriate router for the subnet (also commonly called the “default gateway”)
rather than the NEMS IP address.
18. Click Save .
19. Click Close .
Adding a Gateway
Gateway and Extender device types, including the Extender Bridge, require a GPS signal in order
to function. When possible, for best GPS reception, you should place the devices in a location
where they will have an unobstructed view of the sky. In a lab setting, you can use Derived
Timing to operate without GPS, but Trilliant recommends using GPS whenever possible. See
“Device GPS Bypass” on page 321 for more information.
Before you add your first device, if any of the following is true, STOP:
• You are using US devices but plan to use a different frequency region than FCC High
• You are using non-US devices (for example, a US part number could be 710-06030-08R,
where a non-US part number could be 710-06730-08R).
• Your devices are using something other than the standard 20 MHz channel width
• You plan to use VPN or VLAN in your network
You must address the applicable above issues before continuing:
• To add VLAN to your network, see “Virtual Local Area Networks (VLANs)” on
page 218.
• To add VPN to your network, see “Adding VPN to Your Network” on page 231.
• To change the frequency region and country code of your devices, see “Changing the Fre-
quency Region and Country Code” on page 316. This step is REQUIRED for non-US
devices.
• To change the channel width of your devices, see “Changing the Channel Width” on
page 318.
The next step after configuring DHCP is to add a Gateway Node Profile and then provision the
first Gateway device.
1. From the WAN Provisioning menu, select Node Profile (Figure 3.12).
2. Click Add .
NEMS opens a window that enables you to create a new Node Profile record
(Figure 3.14).
Figure 3.14 Generic Node Profile window- Creating a new entry for a Gateway
Note: Any field not specifically called out in the instructions below can be left in its default
setting.
3. In the Name field, enter a name for the Node Profile.
Note: No spaces are allowed in this field. Use an underscore ( _ ) in place of spaces.
4. From the NodeType drop-down list, select SM Gateway.
5. In the Domain field, select Create New.
NEMS opens the Domain window (Figure 3.15).
Figure 3.15 Add Domain window to create a new domain for a Gateway
Domains allow you to partition your network into independent sub-networks. Devices
configured for a specific domain will only form links with other devices configured for the
same domain. Non-Gateway devices can be configured for domain “All,” and will be able
to join any domain. A typical network configuration will use a single domain for all
devices.
6. In Domain Name, enter a name.
Note: No spaces are allowed in this field. Use an underscore ( _ ) in place of spaces.
7. In the Domain# field, enter a number for the domain. This value can be between 1 and
10000.
8. Click Save.
NEMS returns you to the Node Profile window.
9. Set the Frequency Region to FCC High Band.
Note: For users outside of the US, you must use the CLI to configure the country code,
frequency region, and channel width on each Gateway before the devices will be
operable. Devices will not form links until you configure the these items. See “Changing
the Frequency Region and Country Code” on page 316 before continuing.
10. Set the Primary Frequency that the Gateway and all devices that will join through this
Gateway will use.
11. In the Primary Software field, select a software package for the Gateway.
Note: You must select a software package that supports the hardware version of your
Gateway.
12. Select the appropriate Time Zone.
13. Set the Power Mode to Low.
Note: Low power mode will reduce transmit power of the devices, and is appropriate for lab
settings, especially in unshielded environments. If you are in a shielded environment or
the Gateway and other devices will be located outside, you can leave the Power Mode
at Full. The default setting is Full. You can change this setting at any time.
18. From the WAN Provisioning menu, select Node Maintenance (Figure 3.18).
20. In the MAC Address field, enter the new Gateway’s MAC address.
Note: When entering the MAC address, do not enter any colons, For example, if the MAC
Address is listed as 00:0A:DB:xx:xx:xx, enter 000ADBxxxxxx.
The MAC address is printed on the asset tag on the bottom of the Gateway.
Note: If you cannot read or do not have easy access to the asset tag, you can connect to the
Gateway via the serial console, and determine the device’s MAC address via the “show
version” CLI command (see “Connecting Using the Serial Port” on page 283 for
more information). However, this will require you to power on the Gateway early, which
may change your Gateway provisioning experience.
21. From the Node Type drop-down list, select SM Gateway.
22. From the Node Profile drop-down list, select the Node Profile you just created.
23. Select the appropriate DHCP IP Assignment mode for this device:
• Fixed: The device will use specific IP address in the DHCP subnet range.
• Dynamic: The device will use any available IP address in the subnet range.
Note: This option is not available for Gateway devices. Gateway devices using DHCP must
use a fixed IP address.
• Non-DHCP: The device will not use DHCP, and instead will use a statically assigned
address configured through the CLI.
Note: To avoid IP conflicts, the statically assigned IP address should not be within the
dynamic range selected for the subnet (if any).
24. In the IP Address column, enter the IP address for the Gateway (if you are using Dynamic
IP assignment, you can leave this field blank).
Note: When specifying an IP address, if you are using Dynamic IP assignment and if you
leave the IP address blank, NEMS will select an IP address from the defined dynamic
range. Otherwise, you must enter an IP address.
Note: Leave the Tunnel (inner) IP address empty unless your network is using VPN. Refer to
“Adding VPN to Your Network” on page 231 for instructions on how to provision VPN
inner IP tunnel addresses.
In this below example, the Gateway IP address is: 10.18.71.100 (Figure 3.21).
Within five minutes, the new Gateway device should have a green icon and a status of
“Up” (Figure 3.23).
Note: The Alarm Severity will be orange, rather than green, which indicates that the GW was
restarted during the provisioning process. Clear the alarm before you continue.
At any point after turning the Gateway on and letting it start provisioning, you can config-
ure the data collection intervals to a shorter period so that you get status, statistics, and
node information sooner.
If the Gateway fails to acquire a green icon and a status of Up, see “Gateway Trouble-
shooting” on page 55.
29. From the WAN Provisioning menu, select Node Profile (Figure 3.24).
37. OPTIONAL: When the Gateway is green, you can set the netkey that all devices will use
to connect to the Gateway. Devices will not be able to provision without a netkey that
matches the Gateway’s netkey. For instructions on setting the netkey, see “Configuring a
Custom Netkey” on page 323.
If you do NOT set a new netkey, skip netkey steps for other devices.
While lab environments may use the default netkey, all live environments should use a
unique netkey to increase security.
Note: If you are using advanced options like VLAN, VPN, frequency region, and channel
width, you must set additional parameters. For VLAN, refer to “Virtual Local Area
Networks (VLANs)” on page 218. For VPN, refer to “Adding VPN to Your Network” on
page 231. For channel width, refer to “Changing the Channel Width” on page 318.
If you are using the VLAN feature, you must provision a management VLAN on the
Gateway (all other devices inherit the management VLAN from the Gateway). Data and
Collector VLAN types are provisioned entirely on the NEMS and do not require any CLI
interaction. See “Virtual Local Area Networks (VLANs)” on page 218 for more
information.
Gateway Troubleshooting
If you have followed the above instructions and your Gateway appears in the tree view but its icon
is not green, try the following:
• The operating system firewall will prevent a Gateway from provisioning. Trilliant recom-
mends that you disable the OS Firewall entirely.
• Ensure that the Firewall on the NEMS server is either disabled or configured to allow
NEMS traffic. See Step 22 (see page 17) of the OS installation instructions for firewall
configuration settings.
• Right-click on the Gateway and select Poll Now (see Figure 3.29). Then click
Refresh .
Figure 3.29 Gateway’s right-click contextual menu with Poll Now command highlighted
• Right-click on the Gateway and select Node Details (see Figure 3.30). Verify that the
MAC address for the Gateway is correct (see Figure 3.31). Check the Last Config
Received Time field to ensure that the device is receiving configuration data.
Figure 3.30 Gateway’s right-click contextual menu with Node Details command highlighted
Figure 3.31 Node Details screen for a Gateway with the MAC Address and Last Config Received time fields
highlighted
• Check to make sure DHCP is being obtained and that the Gateway is receiving a configu-
ration file from NEMS. See “show dhcp” on page 296, “debug on” on page 300, and “set
log prov 2” on page 303. Depending on the error message you receive, you may have to
take additional action. Contact your Trilliant representative for assistance.
• Check to see if the Gateway has a GPS lock.
• In the CLI, if the command prompt indicates “waiting for GPS” it is still waiting to
receive GPS coordinates and will not form any links until GPS is locked.
• Confirm that the Gateway’s GPS mode is Enabled and GPS is locked (see “show gps”
on page 297).
• Confirm that the Gateway is in Auto mode (see “show prov node” on page 295).
NEMS opens the Provisioning - Node Profile window. Note the presence of a Gateway
Profile (Figure 3.33).
2. Click Add .
NEMS opens a new Node Profile window.
3. In the Name field, enter a name.
Note: No spaces are allowed in this field. Use an underscore ( _ ) in place of spaces.
4. In the NodeType field, select SM Extender Bridge.
5. In the Domain field, select a domain.
6. In the Frequency Region field, select FCC High Band.
Note: If you are not in the United States, select a frequency region appropriate for your
location. If this frequency region does not match the Gateway’s frequency region, your
Extender Bridge will not provision successfully.
7. In the Frequency field, select the same frequency that the Gateway is using.
8. In the Primary Software field, select a software package for the Extender Bridge.
Note: You must select a software package that supports the hardware version of your Extender
Bridge.
9. In the Time Zone field, select the appropriate Time Zone.
10. Set the Config Lease Time to 60.
Note: This field determines how often, in minutes, the Extender Bridge will check for updates
to the device configuration. If you set this value to 0, the Extender Bridge will only
check for configuration updates at bootup time. You can manually reload the Extender
Bridge to apply configuration changes at any time by right-clicking on the Extender
Bridge and selecting Reload from the context menu.
11. Click Save .
12. NEMS prompts you to configure the Profile Attributes. Either select Yes to configure pro-
file attributes (such as Data Collection Intervals), or No to close the window.
Your Extender Bridge node profile should now look similar to Figure 3.34.
13. If your network is using VLAN, you need to add the data and Collector VLANs to the
node profile as well. For instructions, see “Virtual Local Area Networks (VLANs)” on
page 218.
14. (Optional) If your deployment includes Extender devices, repeat this procedure to create
the Extender device Node Profile, being sure to select the appropriate firmware.
2. Click Add .
NEMS opens a new Node Profile window.
3. In the Name field, enter a name.
Note: No spaces are allowed in this field. Use an underscore ( _ ) in place of spaces.
13. If your network is using VLAN, you need to add the data VLAN to the node profile as
well. For instructions, see “Virtual Local Area Networks (VLANs)” on page 218.
7. Click Save .
8. NEMS asks if you want to reload associated devices now. Click No, as the changes made
do not require a reload.
9. Click to close the Node Profile Attributes window.
10. Repeat from Step 2 for all other node profiles.
Figure 3.45 Extender Bridge’s right-click contextual menu with Provision Node command highlighted
NEMS opens the Node window, which enables you to set provisioning parameters for the
Extender Bridge.
Note: If your network is using VPN, refer to “Adding VPN to Your Network” on page 231 for
more information. If your network is NOT using VPN, leave the inner IP address blank.
14. Click Save and then Close .
After closing, NEMS displays the Provision Collector window (Figure 3.47).
15. From DHCP IP Assignment, select Fixed. Fixed IP assignment is required for non-VPN
deployments.
16. In the IP Address field, enter or select the device’s outer IP address.
17. Leave the Tunnel IP field blank.
Note: If you are using VPN in your network, you can instead select Dynamic for DHCP IP
Assignment, and then specify a Tunnel IP. See “Adding VPN to Your Network” on
page 231 for more information on inner and outer IP addresses.
18. From Shared Network, select the same network as the Extender Bridge.
19. From DHCP Subnet, select the same subnet as the Extender Bridge.
20. Click Provision Collector.
Within about five minutes, the new Extender Bridge device should have a green icon and a
status of “Up.” It should have a Polled IP address within the DHCP range you created, and
be a child node to the Gateway device (Figure 3.48).
A device with a PSU has a PSU tab available in the Attributes window (Figure 3.50). This tab
provides details about the PSU itself, including its serial number, MAC address, battery status,
and more.
Devices that do not have a PSU have a disabled PSU tab in the Attributes window (Figure 3.51).
Adding a Connector
After successfully adding an Extender Bridge, the next device to add is a Connector.
1. Power on the Connector.
Note: For the Connector to successfully connect to the Gateway, it must have the same
Country Code, be in the same Frequency Region, have the same netkey, be on the same
domain (or be configured for all domains), and use the same Channel Width. You can
verify the frequency region with the “show freq” CLI command (see “show freq” on
page 289), can change the frequency region with the “set prov freq” CLI command (see
“Changing the Frequency Region and Country Code” on page 316), and set the
Country Code with the “set prov chanwidth” CLI command (“Changing the Channel
Width” on page 318).
2. If you changed the netkey on the Gateway to something other than the default, continue to
the next step, otherwise, skip to Step 8.
3. In the CLI for the Connector, type set netkey and press [ENTER].
4. Enter the same netkey that you configured on the Gateway, and press [ENTER].
5. Enter the netkey again, and press [ENTER].
6. Type show netkey and press [ENTER].
7. Compare the netkey code to the Gateway’s netkey code. They should be the same. If they
are not, repeat from step 2.
8. Allow the Connector to attempt to link to the Gateway.
Note: This may take up to an hour. If the Connector’s primary frequency is set beforehand to
match the frequency used by the Gateway, the Connector will link much faster.
Note: If you are using VPN, the Connector must also have the correct VPN shared secret in
order to establish a VPN tunnel. Refer to “Adding VPN to Your Network” on page 231
for more information. Not having the correct VPN shared secret will not affect the
device discovery process, but will affect the provisioning process and the ability for the
device to form an active link.
In NEMS, the Connector will appear in the WAN View tree under “Discovered” (See
Figure 3.52).
Figure 3.52 WAN View - Discovered devices in the tree view, with a Connector selected
10. Ensure that the appropriate profile is already selected in Node Profile.
11. Ensure that Frequency Region is set to FCC High Band, and that the Frequency listed
matches the Gateway’s frequency (in our example, 5790).
Note: For users outside of the US, you must use the CLI to configure the country code on each
device before the device will be operable. Devices will not form links until you configure
the country code. See “Changing the Frequency Region and Country Code” on
page 316 before continuing.
12. Leave the Connector’s Tunnel IP entry blank if your network does not use VPN. If it does
use VPN, refer to “Adding VPN to Your Network” on page 231 for more information.
13. Click Save .
Within five minutes, the new Connector device should have a green icon and a status of
“Up.” It should have a Polled IP address within the DHCP range you created, and be a
child node to either the Gateway device or the Extender Bridge (Figure 3.54).
Adding a Collector
When you provision an Extender Bridge, you will provision its associated Collector at the same
time, and do not need to add the Collector again (see Step 14 of “Adding an Extender Bridge” on
page 64 for instructions). However, if you have a standalone Collector (without an associated
Extender Bridge), you will still have to provision the Collector using either the manual method or
automatic discovery.
There are two methods to add Collectors to NEMS. The first is a manual method that requires you
to know the Collector’s IP address. The second method sets up automatic discovery based on an
IP range.
Trilliant recommends enabling an automatic discovery range for all installations to simplify the
Collector provisioning process.
Figure 3.55 NAN View - Context menu from Global in the NAN Tree with Add Collector highlighted
Figure 3.57 NAN Provisioning menu with the Discovery IP Range option highlighted
3. Click New .
NEMS creates opens the Add - Network Details window (Figure 3.59).
The NEMS interface contains many different views and buttons. This chapter defines those major
items that you will see and use in NEMS:
• “Using the Trilliant NEMS Interface” on page 80
• “Logging into NEMS” on page 80
• “Changing your NEMS Password” on page 83
• “User Management: Changing Another User’s Password” on page 85
• “Setting your View Preference” on page 91
• “Using the Display Pane” on page 92
• “Searching in NEMS” on page 94
• “Opening a new tab in NEMS” on page 96
• “Monitoring Your SecureMesh Devices” on page 98
• “Unified View Toolbar Buttons” on page 100
• “Monitoring Your SecureMesh WAN Devices” on page 105
• “WAN Tree View” on page 106
• “WAN Flat View” on page 107
• “WAN Node Icons in the Display Pane” on page 107
• “WAN View Toolbar Buttons” on page 110
• “Monitoring your NAN Devices” on page 111
• “NAN Tree View” on page 112
• “NAN Node Icons in the Display Pane” on page 124
• “NAN View Toolbar Buttons” on page 126
Compatible Browsers
Trilliant NEMS supports the following browsers and versions:
• Linux:
• Mozilla Firefox 31.5.x (Included with RHEL/CentOS 5.11)
• Windows:
• Mozilla Firefox 35-39
• Mozilla Firefox ESR 31.x
• Google Chrome, 39-44
• Windows Internet Explorer 11*
* Earlier versions of Internet Explorer were not tested with this release and results may
vary.
Note: Trilliant NEMS should work with newer versions of Mozilla Firefox and Google
Chrome as they become available.
Note: Do NOT use the browser’s Back button to return to a previous screen. Use the NEMS
navigation options instead.
Note: After 30 minutes of inactivity, NEMS logs you out of the server.
5. (Optional) Check the Change Password on Re-Login box to require the user to change
the password again when the next login occurs. This effectively marks the password as
expired and therefore requires the user to change the password again when logging in.
6. Click Apply.
From this window, you can select a user and change their password, or force them to change their
password on their next login.
Figure 4.9 Administration menu with Access Management > User Management highlighted
2. Select the user whose password you want to change, then click Edit .
NEMS opens the Edit User window (Figure 4.11).
Figure 4.13 Administration menu with Access Management > User Management highlighted
2. Select the user whose password you want to change, then click Edit .
NEMS opens the Edit User window (Figure 4.15).
3. In the Personal Information section, check the Password Change on Re-Login box.
4. Click Save.
• Row sorting using column headings. Click on a column to sort rows by that column’s
contents.
Figure 4.21 Sorting rows by column (NAN view) - Number of Hops example, descending order
• Row filtering using specific search filters (available only in flat views). Select a cate-
gory from the Filter By list (number 1 in image below), an operator from the operator list
(number 2 below; equals, contains, etc.), and enter a value in the text box (number 3
below), then press Enter (Figure 4.22). Only those rows that match your search filter will
display. (To clear the filter, click Reset Filter, number 4 below.)
Searching in NEMS
In addition to the display pane’s search filter (see “Using the Display Pane” on page 92), you can
perform two types of searches in NEMS:
• Local: A local search presents results that are limited to just the current screen and view
you are on in NEMS. However, the results you receive depend on what screen and view of
NEMS you are on when you perform the search. So, if you search from the WAN View,
you will not see results from NAN View content, even if there are possible matches.
• Global: A global search opens a new window that searches throughout all of NEMS (not
just the content in your current screen/view).
Note: Searches are case-insensitive. For example, NEMS treats AB123 the same as ab123.
NEMS searches through the following records: node maintenance, node profile, and customer
maintenance (see Table 4.1). Global Search also searches NAN devices by MAC address, Device
ID, and AP Title.
Table 4.1 Record types and search criteria
Record type Search criteria
node maintenance MAC address, host name, IP address,
Tunnel IP address, and node (device) type
node profile Node profile name, node type
customer All customer maintenance fields
maintenance
However, if you perform the search locally instead (by pressing Enter, see number 1 in
Figure 4.25), NEMS searches only the items in that view for matches. Any matches, if found, are
highlighted in the current view (number 2 in Figure 4.25).
2. Press Enter.
Figure 4.28 Collector devices in the WAN section of the Unified View
Additionally, for NAN devices, the Unified View also displays the following:
• Number of Nodes (using the Downstream Mod / RSSI Column)
• Number of Alive Nodes / Number of Power Down Nodes (using the Upstream Mod /
RSSI Column)
• Number of Not Reporting Nodes (using the Slot Utilization % Column)
• Number of Unconfirmed Power Down Nodes (using the Throughput Down / Up Column)
In the NAN section of this view, NAN devices are grouped by their device type.
The Unified View is comprised of the following components, as labeled in Figure 4.30.
1. Menu Bar—Contains menus of commands that allow you to set global network configu-
ration items, as well as manage the windows in the display pane.
2. Tool Bar—Contains context-sensitive buttons used to view and manage your Trilliant net-
work; for details, see “Unified View Toolbar Buttons” on page 100. The tool bar buttons
are enabled only when they’re applicable to the display pane’s active window.
3. Display Title—Indicates the display pane’s current contents.
WAN Opens the WAN Network Inventory Graph. For more information about
Network this window and its contents, see “WAN Network Inventory Graph” on
Inventory page 102.
Graph
Global Searches for any text value amongst all devices, profiles, and addresses
Search present in NEMS (case-insensitive). For more information, see
“Searching in NEMS” on page 94.
About Provides version and copyright information about Trilliant NEMS.
Node Color Opens a window that enables you to set the color of a node in the Tabular
Configuration view.
Link Color Opens a window that enables you to set the color of link health types in
Configuration the Show All Paths view.
Export Opens a dialogue that enables you to export data from the current
window.
Edit Opens an editable node attributes window.
Attributes
Alarm Details Opens the Alarm Details window.
Assign Opens a window that enables you to assign resolution responsibility for
Owner one or more alarms to a user.
Column Opens a window that enables you to show/hide and freeze/unfreeze
Properties certain columns in the current display.
Alarm Opens the Trap window, which enables you to configure traps and email,
Forwarding and forward alarms.
Clear Clears the currently selected alarm(s).
Devices in Network: How many of each of the different types of devices are currently in the
network. Hover over a segment of a graph to see statistics for that particular device type
(Figure 4.32).
Device Status in Network: The number of devices that correlate to each status. Hover over a
segment of a graph to see statistics for that particular device type (Figure 4.33).
Frequency Usage: The number of devices communicating using a particular frequency. Hover
over a segment of a graph to see statistics for that particular frequency (Figure 4.34).
Firmware Usage: The number of devices using a particular firmware version. Hover over a
segment of a graph to see statistics for that particular firmware version (Figure 4.35).
1. Menu Bar—Contains menus of commands that allow you to set global network configu-
ration items, as well as manage the windows in the display pane.
2. Tool Bar—Contains context-sensitive buttons used to view and manage your Trilliant net-
work; for details, see “WAN View Toolbar Buttons” on page 110. The tool bar buttons are
enabled only when they’re applicable to the display pane’s active window.
3. Display Title—Indicates the display pane’s current contents.
4. Display Pane—Shows the selected view of your Trilliant network.
5. Device Alarm Severity—Color-coded indication of the alarm severity for a particular
device. To see alarm details, click the alarm’s color.
6. Search Controls—A text field that enables you to search for specific devices in NEMS.
See “Searching in NEMS” on page 94.
7. Global Alarm Summary—Shows the number of active alarms for four alarm types: crit-
ical, major, minor, and warning.
8. View List—Switches between the Unified, WAN, and NAN views.
9. About and Logout Buttons—The About button displays version/copyright information,
while the Logout button ends your NEMS session and returns you to the login screen.
There are two views within the WAN View: The WAN Tree View (see page 106) and the WAN
Flat View (see page 107). The WAN View defaults to showing the WAN Tree View. Both the tree
and flat views display information about the WAN devices within your network.
Table 4.3, “WAN Node Icons,” on page 109, defines all icons shown in WAN View.
SecureMesh Extender
SecureMesh Connector
SecureMesh PSU
Shown with Extender and Extender Bridge devices that also have a PSU. For example, the
following is an Extender Bridge with a PSU:
Manual Mode
This icon will appear next to any device that is currently in manual mode. Devices without this
icon are currently in auto mode.
Table 4.4 WAN Device Node Icon Colors
Color Status Example Description
green Up Node is managed, reachable, and responding. For PSUs,
the battery is connected.
orange Agent Down Node is managed and reachable, but not responding to
SNMP requests (the SNMP agent is down)
red Down Node is managed but unreachable. For PSUs, the battery is
disconnected.
blue Discovered Node is discovered (via the SecureMesh Gateway), but not
managed. The device may be active (provisioned and
communicating with the Gateway, but not managed by
NEMS) or inactive (device is up but not provisioned).
purple Status Node is managed, reachable, and responding, however,
Awaited or Status Awaited is a transitory state (such as when polling
Status is enabled after being disabled).
Unknown
For a node that is non-managed, non-reachable, or non-
responsive devices, the state is Status Unknown.
gray Polling Device polling has been disabled through NEMS.
Disabled
Note: Icon color is separate from Alarm color/severity.a
a.There are two exceptions to this rule. The Down and Agent Down node icon colors will always match the
severity of the Alarms to which they are bound. By default, they are configured to be Critical (red) and Ma-
jor (orange), respectively. If you change Agent Down’s SNMP alarm severity to be Minor (yellow), the icon
color will also be yellow. Likewise, if you change the Down status’ ICMP alarm severity to be Warning
(blue), its icon color will also be blue.
WAN Opens the WAN Network Inventory Graph. For more information about
Network this window and its contents, see “WAN Network Inventory Graph” on
Inventory page 102.
Graph
Global Searches for any text value amongst all devices, profiles, and addresses
Search present in NEMS (case-insensitive). For more information, see
“Searching in NEMS” on page 94.
About Provides version and copyright information about Trilliant NEMS.
1. Menu Bar—Contains menus of commands that allow you to set global network configu-
ration items, as well as manage the windows in the display pane.
2. Tool Bar—Contains context-sensitive buttons used to view and manage your Trilliant net-
work; for details, see “NAN View Toolbar Buttons” on page 126. The tool bar buttons are
enabled only when they’re applicable to the display pane’s active window.
3. Display Title—Indicates the display pane’s current contents.
4. Display Pane—Shows the selected view of your Trilliant network. This pane lists all the
NAN devices in your network, organized by IP subnet.
5. Device Alarm Severity—Color-coded indication of the alarm severity for a particular
device. To see alarm details, click the alarm’s color.
6. Global Alarm Summary—Shows the number of active alarms for four alarm types: crit-
ical, major, minor, and warning.
7. View List—Switches between the Unified, WAN, and NAN views.
8. About and Logout Buttons—The About button displays version/copyright information,
while the Logout button ends your NEMS session and returns you to the login screen.
9. Search Controls—A text field that enables you to search for specific devices in NEMS.
See “Searching in NEMS” on page 94.
In the NAN View, you can filter, sort, and analyze your NAN network with regards to subnet
composition and device associations. For instance, you could filter all Collectors in a particular
subnet by their status, number of associated nodes, and so on.
NEMS opens the Global Collector Devices window, which contains all Collectors in
NEMS (Figure 4.43).
1. Tabular View—Lists the provisioned Collectors in the subnet, as well as useful statistics
related to those Collectors, such as Collector Status and # of Nodes (the number of devices
associated with that Collector).
2. Collector Stats—Lists statistics on a per-Collector basis, which can help determine the
health of the Collectors, as well as the NAN on which the Collectors reside
3. WAN IF Stats—Lists statistics about the WAN backhaul on a per-Collector basis
4. Inventory—Lists the number of associated devices per Collector, as well as types of asso-
ciated devices.
Some of the most common ways to use the Subnet-Based Window include:
View the overall health of the subnet in context of the wider WAN.
The WAN IF Stats tab includes statistics that can indicate how healthy the WAN (e.g., cellular
WAN) is. Reports of irregular bytes transferred (high or low), excessive connection attempts, and
so on can indicate cellular service level agreement (SLAs) issues, or even security issues.
1. Collector Details—Lists details about the Collector, including general information (like
its name, MAC address, etc.), topology, location details, and SNMP information.
2. Tabular Node View—Lists the devices associated with the Collector and their status.
This tab provides at-a-glance information about each device, including device status, node
type, and success rate.
3. Node Stats—Lists connectivity statistics about the devices associated with the Collector.
4. Alarm Details—Lists alarms associated with the Collector and associated devices.
Alarms are color-coded and ranked, with the most serious alarms appearing at the top of
the list.
5. Component Details—Lists firmware information about the device (both Collector and
radio firmware versions)
6. Inventory—Lists the number of associated devices, as well as types (meters and repeat-
ers).
7. Statistics—Lists numerical statistics about the Collector, including outage counts, number
of bytes sent and received, failure and success percentages, etc.
Some of the most common ways to use the Collector-Based View include:
Identify which NAN devices associated with a Collector are not performing well.
On the Tabular View, the Status column (see number 1 in Figure 4.46) shows the current status of
each device associated with the selected Collector. If the status is “Not Reporting” then the
Collector cannot communicate with the device, which may need investigation. # of Hops (number
2) indicates how many hops a device has to make before it gets back to a Collector, so an
abnormally high value in this column could indicate problems with one or more of the devices it
normally hops through. Finally, the Last Activity date (number 3), if it doesn’t show a date that
matches the other devices, could indicate a communication issue.
Figure 4.47 NAN Tabular Node View: Selecting Show All Paths for a meter
Figure 4.49 Tabular Node View: Filtered to show only Basic Meters
3. From File Type, select the type of file to save the exported data as: CSV, PDF, XLS,
XLSX, XML, or HTML.
4. From Column Configuration, select an option:
• Visible Column
• All Columns
5. From Export Type, select an option:
• Whole Data
• Selected Data
• Current View
6. (Optional) Fill the Use Current Filter check box to export only data that matches your
current filter.
7. Click Apply to generate the export file in the format you selected. The Download Files
window opens.
8. Click the Download Exported File link. Your browser opens a window that enables you
to open or save the file.
Node Stats: Identify which Collectors and associated devices are experiencing
connectivity issues.
The Node Stats tab displays the count of particular communication events between a Collector
and associated node (for instance, a smart meter). Numbers that are noticeably low or high for a
particular kind of communication event could indicate a problem that may need further
investigation.
Inventory: Determine the identity and configuration of a Collector and the number
of NAN devices associated with the Collector.
The Inventory tab lists the number of devices that are associated with a Collector, a count for each
type of device, and some key configuration and identifiers for the Collector.
Meter*
Thermostat*
In-Home Display
Repeater
As of the release date of this document, NEMS supports the device classes listed in Table 4.7.
Table 4.7 NAN Device Classes
Device Class
SecureMesh Repeater ND06
Basic Electric Meter ND04
Thermostat (RCS) ND08
RAC ND09
DDX Meter w/ Disconnect ND10
Basic Electric Meter w/ Disconnect ND12
DLMS/COSEM Meter ND14
ELONET II Protocol Meter ND16
DataCollector for ANSI Meter Array ND17
Thermostat (Energate) EG01
IHD AZ01
You can quickly determine a node’s state from the icon color, as shown in Table 4.8.
WAN Opens the WAN Network Inventory Graph. For more information about
Network this window and its contents, see “WAN Network Inventory Graph” on
Inventory page 102.
Graph
Global Searches for any text value amongst all devices, profiles, and addresses
Search present in NEMS (case-insensitive). For more information, see
“Searching in NEMS” on page 94.
About Provides version and copyright information about Trilliant NEMS.
Node Color Opens a window that enables you to set the color of a node in the Tabular
Configuration view.
Link Color Opens a window that enables you to set the color of link health types in
Configuration the Show All Paths view.
Export Opens a dialogue that enables you to export data from the current
window.
Alarm Details Opens the Alarm Details window.
Assign Opens a window that enables you to assign resolution responsibility for
Owner one or more alarms to a user.
Column Opens a window that enables you to show/hide and freeze/unfreeze
Properties certain columns in the current display.
Alarm Opens the Trap window, which enables you to configure traps and email,
Forwarding and forward alarms.
Clear Clears the currently selected alarm(s).
Alarms
NEMS generates alarms based on thresholds (described below) and events (described in “Events”
on page 132).
You can configure thresholds to monitor for when a value on a device (that is communicating and
operating normally) meets or exceeds a certain level. For example, if you enable and define a
threshold for WAN device modulation rates, when NEMS detects a value that triggers the
threshold, NEMS creates an event accordingly and updates the UI (Figure 5.1). NEMS
additionally associates this event with an existing alarm (Figure 5.2), or uses it as the basis for a
new alarm. See “Performance Thresholds” on page 149 for more information on creating, editing,
and deleting thresholds. New NEMS installations include default WAN threshold values that must
be enabled before use, and can be customized to meet the needs of your particular deployment.
NAN thresholds must be defined before use.
Figure 5.1 WAN View - Modulation threshold values for a Connector device
Alarm Severity
An alarm can be associated with one or more events and are categorized by severity:
• Info: alarms that are generated by routine operations. These alarms are informational only
and require no further action, and are color-coded gray.
• Cleared: alarms that have been acknowledged (and then cleared) by a NEMS operator.
These alarms require no further action and are color-coded green.
• Indeterminate: alarms that may or may not be an issue, but do not meet enough criteria to
be labeled as a more serious alarm type. These alarms should be investigated if associated
with a particular trouble-shooting exercise, and are color-coded gray.
• Warning: alarms that may indicate an issue that merits investigation, especially if associ-
ated with a particular trouble-shooting exercise. These alarms are color-coded blue.
• Minor: alarms that indicate abnormal or unexpected behavior by the associated device(s),
but which are not preventing the device(s) from successfully communicating with NEMS.
These alarms should be investigated and resolved in a timely manner, and are color-coded
yellow.
• Major: alarms that indicate severely abnormal or unexpected behavior by the associated
device(s), and which may be preventing the device(s) from successfully communicating
with NEMS. These alarms should be investigated and resolved as soon as possible, and
are color-coded orange.
• Critical: alarms that are severe enough to prevent the device(s) from communicating with
NEMS, or which indicate severely abnormal behavior for the device(s). These alarms
should be investigated immediately, and are color-coded red.
To meet the needs of your organization, the severity of most alarms are operator-configurable via
node profile, trap parser, and threshold configuration. For example, while a WAN Gateway outage
may be considered Critical, a Connector used for field surveys (and therefore frequently offline)
may be configured to raise only a Warning alarm for a Down status.
Events
Events are a time-stamped record of when certain defined conditions are met. Events can trigger
from NEMS detecting a condition, or receiving a trap from a device that informs NEMS of a
condition that the device detected. By default, events are organized by the time at which they
occur, with the most recent event listed first.
• SNMP Traps: Unlike polling-based events, SNMP traps are generated by the device
experiencing the event, such as a WarmStart trap, which the device reports when a reboot
(warmstart) event has occurred. When NEMS receives an SNMP trap, depending on the
trap type, it then can create a new alarm for the event, associate the event with an existing
alarm, or simply update the NEMS display. See “Viewing Events” on page 139.
While NEMS includes many preconfigured trap parsers, you can also customize and cre-
ate additional trap parser definitions.
Event Severity
NEMS categorizes events by severity:
• Info: events that are records of routine actions. These events require no further action and
are color-coded gray.
• Cleared: events that have been acknowledged (and then cleared) by a NEMS operator.
These events require no further action and are color-coded green.
• Indeterminate: events that may or may not be an issue, but do not meet enough criteria to
be labeled as a more serious event type. These events should be investigated if associated
with a particular trouble-shooting exercise, and are color-coded gray.
• Warning: events that may indicate an issue that merits investigation, especially if associ-
ated with a particular trouble-shooting exercise. These events are color-coded blue.
• Minor: events that indicate abnormal or unexpected behavior by the associated device,
but which are not preventing the device from successfully communicating with NEMS.
These events should be investigated and resolved in a timely manner, and are color-coded
yellow.
• Major: events that indicate severely abnormal or unexpected behavior by the associated
device, and which may be preventing the device from successfully communicating with
NEMS. These events should be investigated and resolved as soon as possible, and are
color-coded orange.
• Critical: events that are severe enough to prevent the device from communicating with
NEMS, or which indicate severely abnormal behavior for the device. These events should
be investigated immediately, and are color-coded red.
Viewing Alarms
Alarms are visible in a number of places in the NEMS interface, as shown in the figures below:
• The Global Alarms Summary: (1) in Figure 5.6
• Tree View: (2) in Figure 5.6
Note: The Tree View is available for all major views: Unified View, WAN View, and NAN View.
Refer to Chapter 4 “The NEMS Interface” on page 79 for more information about the
different views available in NEMS.
• The Alarms Window, accessed via the Fault menu: (3) in Figure 5.6
Clicking one of the colors in this bar opens a window showing all alarms of that type (Figure 5.8).
Note: While the Global Alarms Summary in the Unified View tracks all alarms, the Global
Alarms Summary in the WAN View tracks only WAN device alarms. Likewise, the Global
Alarms Summary in the NAN View tracks only NAN device alarms.
Figure 5.9 WAN View: Alarms in the Alarm Severity Column of the Tree View
Double-clicking on a device’s alarm severity flag (number 1 in Figure 5.9) opens the Alarm
Details window. This window shows all alarms associated with that device (denoted by Source IP
address), with the most recent alarm on top (Figure 5.10).
• From the Fault menu, click Alarms > View Alarms (Figure 5.11).
Figure 5.11 Fault menu with Alarms > View Alarms highlighted
Viewing Events
Events often provide illumination into issues affecting device and network performance. This
section discusses the following:
• “Viewing All Events” on page 140
• “Viewing Events Related to an Alarm” on page 141
Figure 5.13 Fault menu with Events > View Events highlighted
The Event Details tab (Figure 5.17) lists all events that are associated with a particular
alarm.
Alarms
Beyond simply viewing alarms, there are two main ways to monitor and interact with alarms in
NEMS:
• “Acknowledging and Clearing Alarms”: You must first acknowledge and then clear an
alarm before you can delete it.
• “Deleting Alarms”: Alarms may be deleted if the Alarm is no longer relevant and the his-
tory of the Alarm is no longer needed.
Acknowledge an alarm
Note: Acknowledging an alarm is permanent and cannot be undone.
1. From the Fault menu, select Alarms > View Alarms (Figure 5.18).
Figure 5.18 Fault menu with Alarms > View Alarms highlighted
2. (Optional) Using the columns on this window, search or filter for the alarm you wish to
acknowledge.
3. Right-click on the alarm and select Acknowledge (Figure 5.20).
In the Ack Status column, NEMS marks the Alarm as acknowledged (Y) (Figure 5.21).
Clear an alarm
Note: You must acknowledge an alarm before you can clear it. An acknowledged alarm is
marked Y in the Ack Status column (see Figure 5.21).
Figure 5.22 Fault menu with Alarms > View Alarms highlighted
2. (Optional) Using the columns on this window, search or filter for the alarm you wish to
clear.
3. Right-click on the alarm (1) and select Clear (2) (Figure 5.24).
In the Severity column, NEMS marks the Alarm as CLEARED, and changes the Severity
color to green (Figure 5.25).
Figure 5.25 Cleared alarm: Alarm severity has changed to Green and Cleared
Deleting Alarms
Note: Deleting an alarm is permanent and cannot be undone.
1. From the Fault menu, select Alarms > View Alarms (Figure 5.26).
Figure 5.26 Fault menu with Alarms > View Alarms highlighted
2. (Optional) Using the columns on this window, search or filter for the alarm you wish to
delete.
3. Click on the alarm to highlight it (1) and select Delete (2) (Figure 5.28).
Performance Thresholds
To manage the health of the network, NEMS collects data from all network devices known to the
NEMS that are communicable and operating normally. While NEMS comes pre-configured to
respond to and monitor for many events, you can also create custom thresholds to notify you
when a monitored information type meets or exceeds a certain value.
New NEMS installations include default WAN threshold values that must be enabled before use,
and can be customized to meet the needs of your particular deployment. NAN thresholds must be
defined before use.
NEMS tracks three types of thresholds applicable to WAN devices (and the WAN portion of the
Extender Bridge):
• “Modulation Thresholds” on page 149
• “Modulation and RSSI Thresholds” on page 156
• “RSSI Thresholds” on page 163
The NAN View tracks thresholds applicable to Collectors, Nodes, and WAN IF. See “NAN
Threshold Monitoring” on page 169.
Modulation Thresholds
If you enable and define a threshold for device modulation rates, when NEMS detects a value that
triggers the threshold, NEMS creates an event accordingly and updates the UI (Figure 5.29).
NEMS additionally associates this event with an existing alarm (Figure 5.30), or uses it as the
basis for a new alarm.
WA
Figure 5.31 Fault menu with Configure WAN Thresholds > Modulation highlighted
2. Click New .
NEMS adds a new line to the window (Figure 5.33).
In the above example, the new threshold is applying to all devices with a modulation rate
less than 9, and will raise an alarm of Indeterminate severity. You should create thresholds
that achieve your objective using the fields described below.
3. In Field Type, select one of the following:
• All: This threshold applies to all devices, regardless of which domain it is on, the node
profile it uses, or its specific node ID.
• Domain: This threshold applies to only devices that are members of the domain speci-
fied in the Field Value column.
• Node Profile: This threshold applies to only devices using the Node Profile specified
in the Field Value column.
• Node: This threshold applies to only the device with the Node ID specified in the Field
Value column.
4. If you selected anything but All in the previous step, specify the Field Value, as appropri-
ate.
5. Select an Operator:
• less than or equal to: <=
• less than: <
6. Select the Modulation Value at which the threshold is triggered.
7. Select the Alarm Severity to associate with this threshold.
8. Click Save .
NEMS saves the new Modulation Threshold entry (Figure 5.34).
9. Repeat from step 2 as necessary for all alarm levels and field types that you want associ-
ated with a modulation rate threshold.
Figure 5.35 Fault menu with Configure WAN Thresholds > Modulation highlighted
Figure 5.39 WAN View - Fault menu with Configure Thresholds and Modulation highlighted
3. Click Delete .
NEMS deletes the modulation threshold entry.
WA
Figure 5.42 Fault menu with Configure WAN Thresholds > Modulation and RSSI highlighted
NEMS opens the Modulation and RSSI Threshold window (Figure 5.43).
2. Click New .
NEMS adds a new line to the window (Figure 5.44).
11. Repeat from step 2 as necessary for all alarm levels and field types that you want associ-
ated with a modulation rate and RSSI threshold (Figure 5.46).
Figure 5.46 A full set of saved Modulation Rate and RSSI thresholds
WA
Figure 5.47 Fault menu with Configure WAN Thresholds > Modulation and RSSI highlighted
NEMS opens the Modulation and RSSI Threshold window (Figure 5.48).
WA
Figure 5.51 Fault menu with Configure WAN Thresholds > Modulation and RSSI highlighted
NEMS opens the Modulation and RSSI Threshold window (Figure 5.52).
3. Click Delete .
NEMS deletes the Modulation and RSSI Threshold entry.
RSSI Thresholds
Figure 5.54 Fault menu with Configure WAN Thresholds > RSSI highlighted
2. Click New .
NEMS adds a new line to the window (Figure 5.56).
9. Repeat from step 2 as necessary for all alarm levels and field types that you want associ-
ated with an RSSI threshold.
Figure 5.58 Fault menu with Configure WAN Thresholds > RSSI highlighted
Figure 5.62 Fault menu with Configure WAN Thresholds > RSSI highlighted
3. Click Delete .
NEMS deletes the RSSI Threshold entry.
2. Click New .
NEMS adds a new line to the window (Figure 5.68).
3. Click Delete .
NEMS deletes the Threshold entry.
Event Monitoring
NEMS provides three methods of event monitoring:
• “Trap Parsers” on page 176
• “Northbound Trap Receivers” on page 190
• “Email Notification of Alarms” on page 198
Trap Parsers
Trap Parsers interpret the SNMP traps sent by devices to NEMS. These traps report occurrences
at the device level, which are the basis for events, and in turn, alarms.
Trap Parsers are available in all views. NEMS comes with trap parsers already configured, so you
should only need to add traps to support non-standard equipment for this version of NEMS.
However, you may wish to edit the default trap parsers to define the alarm severity appropriate for
your needs.
2. Click New .
NEMS opens the Add Trap Parser Details window (Figure 5.81).
3. Select a Version.
4. Enter the OID (object ID) to associate with this trap parser.
5. Select a Generic Type of trap parser.
6. Click Next.
The Add Trap Parser Details window updates (Figure 5.82).
7. Enter a Name.
8. Enter a Source for this trap parser. The default value is $source.
9. Enter the Category for this trap parser.
10. Select a Severity for the alarm associated with this trap parser.
11. Enter the Message to display with this trap parser.
12. If appropriate, enter the Remedy to display for this trap parser.
13. Click Finish.
NEMS displays the new Trap Parser entry (Figure 5.83).
3. Click Delete .
4. NEMS asks you to confirm that you want to delete the selected record (Figure 5.91). Click
Ok.
NEMS displays the Fault - Northbound Trap Receivers window (Figure 5.95).
2. Click New .
NEMS opens the Create New SNMP Listener window.
8. In the Associate Filter list on the right side of the window, select one or more filters to
associate with the trap destination.
9. Click OK.
NEMS displays the Fault - Northbound Trap Receivers window (Figure 5.99).
3. Click New .
NEMS opens the Create New Email Listener window (Figure 5.108).
NEMS displays the Fault - Alarm Mail Notification window (Figure 5.114).
5. NEMS asks you to confirm that you want to delete the selected record (Figure 5.115).
Click Yes.
Fault-Based Alarms
The following sections provide details about alarms generated by SNMP Traps (from devices)
and NEMS.
NEMS-Generated Alarms
Table 5.4 NEMS-Generated Alarms
S. Alarm Status Severity Alarm Message
Num
1 Device not Down Critical Device is not reachable
reachable
2 Device reachable Agent Down Major SNMP Agent is down / SNMP Version
(ping) but SNMP is not supported
connection is not
working
3 Data Collection Agent Down Major Data collection of
(Failure) $DatacollectionStats failed for device
$source due to Request timed out
4 Device reachable Upa Clear Device is reachable
5 Data Collection b Clear Data collection of
(successful) $DatacollectionStats successful for
device $source
NEMS offers many advanced features that require planning and preparation before implementing
in your network. This chapter covers some of those items.
• “Virtual Local Area Networks (VLANs)” on page 218
• “Adding VPN to Your Network” on page 231
• “Determine the Firmware Version associated with a particular Collector” on page 240
• “Changing and Upgrading Firmware on WAN Devices” on page 242
• “Pre-Provisioning Large Numbers of Devices” on page 265
• “Changing WAN Device SFTP Password” on page 270
1. Management VLAN configuration is only configured on the Gateway in order to simplify network management. Because there
can be no communication between devices and the NEMS without a properly configured VLAN, limiting the scope to Gate-
ways means that you only have to (re)configure those devices instead of every WAN device in the deployment.
network. Collector, Data, and Management VLAN configuration are independent, and the use of
one does not mandate the use of any other.
When assigning VLANs, the Management, Collector, and Data VLANs may be configured
independently to any VLAN ID, 1-4094, or Untagged. Within the SecureMesh WAN, Untagged
traffic is handled independently from VLAN tagged traffic, and both can be transported
simultaneously.
Note: Trilliant does not recommend using VLAN ID 1 as the Management, Data, or Collector
VLAN, as most Cisco switches define this VLAN as the “native VLAN” used to carry
untagged traffic. However, be aware that this setting can be changed, such that a
different VLAN ID is used as the native VLAN, although this is uncommon. Networking
equipment from other vendors may have a similar restriction, or restrictions specific to
that vendor’s equipment. Refer to the documentation for your specific switches and
routers for details.
IMPORTANT: When a non-Gateway WAN device is provisioned with a data VLAN, all
Ethernet frames received by the device will be tagged with the Data VLAN ID. Likewise, all
traffic exiting device's Ethernet port will have the VLAN tags removed. As a result, it will no
longer be possible to access the device's Management interfaces (CLI and Web Interface) using
the local Ethernet port, using either the assigned IP address, or the reserved 192.168.0.2 IP
address. Manual management configuration must instead be handled over the air or using serial
port, as appropriate.
By assigning a Data VLAN, the Extender's Ethernet port becomes a VLAN access port. All
frames received by the Extender's Ethernet port are tagged with the configured VLAN ID. All
frames sent by the Extender to Ethernet attached device(s) have the VLAN tag stripped before
sending, and are therefore sent untagged. If VLAN tagged frames are received, only frames with
the Data VLAN id are allowed, frames tagged with other VLAN IDs will be dropped.
The Extender's Data VLAN configuration affects only frames to and from the device's local
Ethernet port. Frames sent or received on behalf of other WAN devices within the mesh are not
modified.
VLANs on the SecureMesh Connector
The SecureMesh Connector's VLAN capabilities are the same as the Extender.
VLANs on the SecureMesh Extender Bridge
The SecureMesh Extender Bridge supports the same capabilities as the Extender, with the
addition of an independent Collector VLAN setting.
The Collector VLAN defines the VLAN ID that will be used for the Collector component of the
Extender Bridge. All frames originating from the Collector will be tagged with this VLAN ID,
and all frames destined for the Collector must also be tagged with this VLAN ID. As with other
settings, the Collector VLAN can be a specific VLAN ID, 1-4094, or Untagged.
Note: If your network includes multiple switches and/or routers between the Gateway and the
NEMS, all of these devices must be configured appropriately to allow VLAN
communication.
• Enable the Management VLAN.
> See “Configuring a Management VLAN” on page 222.
> Verify communication between the NEMS and your WAN devices by issuing a “poll
now” command via the device’s right-click menu.
2. Implement the Data and Collector VLANs.
• Configure network infrastructure (switches and routers).
• Enable the Management VLAN.
> Identify the Node Profile(s) for the device(s) to be configured.
> See “Adding a Data VLAN to a Node Profile” on page 225.
> Reload the device(s).
> Verify Data VLAN configuration via CLI or by operational verification specific to
your Data application.
-> Select VLAN action: quit, enable, disable, modify, p2p <q|e|d|m|p> : e
VLAN setting changed: enable
-> Select VLAN action: quit, enable, disable, modify, p2p <q|e|d|m|p> : q
7. Reboot the Gateway to activate the changes by using the following command: reboot
Upon startup, the Gateway will begin using the configured VLAN ID.
2. Click New .
NEMS opens the Add VLAN window (Figure 6.4).
address. Manual management configuration must instead be handled over the air or using serial
port, as appropriate.
Note: Extender Bridges have two VLAN tabs (Collector VLAN and Data). The Collector
VLAN tab is where you assign the VLAN for the Collector portion of the Extender
Bridge. The Data VLAN tab is used to define the Data VLAN used for the device’s
Ethernet port.
1. From the WAN Provisioning menu, select Node Profile (Figure 6.6).
Figure 6.6 WAN View: Provisioning menu with Node Profile highlighted
Figure 6.9 Node Profile window with VLAN and Data tabs selected
Figure 6.10 Extender Bridge’s Node Profile window with VLAN and Collector VLAN tabs selected
4. For an Extender Bridge device (all other device types, skip to step 5), on the Collector
VLAN tab, select a VLAN for Collector data. On the Data tab, select a VLAN for data.
5. On the Data tab, select a data VLAN option.
6. Click Save .
“Peer-to-Peer” (or P2P). When desired, P2P communication can be allowed by configuration on a
per-Gateway and per-VLAN basis. Thus, when using VLAN to segment network traffic, P2P
switching can be enabled only for the specific application and VLAN ID that requires P2P
communication.
P2P configuration on the Gateway allows the Gateway to switch traffic between connected child
devices, including Ethernet connected devices. Thus, the Gateway only passes traffic to the
network switch if it doesn’t have the requested MAC address in its network. This also allows
devices to communicate with each other, even if the Gateway loses its connection to the larger
WAN. This feature uses a VLAN ID to identify specific traffic for which P2P communications is
enabled.
Note: Peer-to-Peer only needs to be configured on the Gateway.
1. From the WAN Provisioning menu, select Node Profile (Figure 6.11).
Figure 6.13 Peer-to-Peer tab on the VLAN tab of a GW Node Profile Attributes window
VPN Configuration
Some basic configuration is required to support IPsec VPN. Some VPN parameters can be
provided by the DHCP server (facilitating device roaming, and simplifying management), or can
be configured locally using the CLI. Other parameters, such as the VPN shared secret, can only be
configured on the CLI.
The configuration options required to support VPN are:
• A DHCP-provided or locally-configured outer IP address that is used to communicate
with the VPN router.
• A DHCP-provided or locally-configured inner (VPN tunnel) IP address that is used for all
communication to/from the device once the tunnel is established.
• DHCP-provided or locally-configured VPN router IP address(es), including primary and
secondary VPN routers
• A locally configured VPN shared secret that is used for mutual authentication of the VPN
router and client.
Note: While VPN is in use, NEMS will exclusively utilize the inner IP address for device
management.
Devices will continuously monitor the VPN tunnel status, and will automatically re-establish the
tunnel as necessary. In any case where the primary VPN router is unreachable, the WAN device
will attempt to establish a tunnel with the secondary VPN router, if one is configured. The
configured routers are treated as primary and backup (fail-over), rather than load balancing, and
therefore the primary VPN router is always utilized when available.
to track IP address assignment. When provisioning devices, NEMS will suggest the next
available IP address automatically.
The tunnel (inner) IP address will be used for all device communication when the VPN
tunnel is established. As such, this IP address range must be able to communicate with the
NEMS server. See “Configuring a DHCP Tunnel IP range” on page 233.
3. You must decide on a VPN shared secret.
A VPN shared secret is a pass phrase that all devices must share in order to use VPN to
connect, provision, and communicate. The VPN shared secret on the devices MUST match
the VPN shared secret on the VPN router.
The VPN shared secret must be a minimum of 16 characters (maximum of 64), and must
not contain any special characters. Once entered, the shared secret is displayed as a code
that is 12 characters long in the format of letters and numbers. Thus, the operator can ver-
ify that the code is correct, however, the actual shared secret will not be revealed. For
example:
Example VPN shared secret: Trilliant Networks, Inc.
Example vpnss code: a1:1d:78:eb:37:e8
4. You must set the shared secret in the CLI on every device that will be secured by VPN.
To set the VPN shared secret, access the CLI following the instructions in “Connecting to
the Command Line Interface” on page 280. Then use the set prov vpnss command
to define the shared secret (see “WAN equipment VPN provisioning” on page 235).
5. During device provisioning, you must add a Tunnel IP address to every device that will
use VPN.
This is done on the Node Maintenance screen. See “Adding VPN Tunnel IP Addresses to
Devices” on page 236.
Note: You can configure VPN on devices post-provisioning, but you must do so to each device
one-by-one through Node Maintenance.
2. Click New .
NEMS adds a new line to the window (Figure 6.16).
3. In the Tunnel IP field, either enter the inner VPN Tunnel IP Address, or click the button
in the Choose Tunnel IP column and select one from the displayed list.
4. Click Save .
2. This opens the Collector Details window. Select the Components tab to view the firmware
version of the Collector (Figure 6.23).
Figure 6.23 Collector Details window - viewing the Component firmware version
Because NEMS offers to automatically reload associated devices every time you save a node
profile, and devices may request a new configuration file at any time due to link establishment or
the configuration lease timer, it is possible to initiate a firmware upgrade before you are ready. To
avoid doing so, Trilliant recommends that you follow one of two upgrade paths:
1. Use a Software Activation Schedule for each Node Profile to be upgraded. See “Creating a
Software Schedule” on page 248.
2. Set the new firmware image as the Backup Software in the node profile. Once all devices
have downloaded the new firmware image as backup software, use the Swap Software
button to initiate the firmware upgrade. See “Swapping Firmware Images” on page 262.
Figure 6.24 WAN View - Node Profile listing devices and firmware packages
Two columns display the firmware packages to which the device has access: Primary Software
(what the device is currently using), and Backup Software (what the device will use if the
primary software is unavailable).
Figure 6.26 Primary Software and Backup Software columns list a device’s current firmware
The ftp program connects to the server and displays the root directory (Figure 6.28).
3. In the local site portion of the window, navigate to the location of the firmware files.
4. In the remote site portion of the window, navigate to /pub/images.
5. Drag the firmware files from the local site to /pub/images.
6. After the firmware files finish transferring, in NEMS, refresh the Node Profile screen to
ensure that the new firmware files are present.
The firmware files are available in NEMS for use by WAN devices in the Node Profile
Details window (Figure 6.29).
Figure 6.29 Firmware images available to devices on the Node Profile Details window
2. Click New .
NEMS opens the Add Schedule window (Figure 6.32).
5. Select one or more updated node profiles to be sent using this schedule, then click Ok.
6. Select the Schedule Date for the change.
Note: The Software Schedule feature and device firmware do not account for Daylight
Savings Time adjustments. All scheduling should be performed assuming standard time,
for example, in most areas one (1) hour must be subtracted from the selected time.
Device date/time can be verified with the show date CLI command.
7. Select a Status for the change:
• Active: The schedule is active and will be honored during upcoming firmware changes.
• Inactive: The schedule is not active and will be ignored. The device will behave as
though there is no schedule defined.
8. (Optional) Enter a Comment about this schedule.
9. Click Save .
NEMS saves the schedule and updates the Provisioning - Software Schedule window to
show the saved schedule (Figure 6.34).
Now that the software schedule is defined and associated with the profile, you can update
the selected Node Profile(s) to use the new firmware packages, and reload the associated
devices. When using a software schedule, the new firmware package should be assigned
as the Primary Software, and the previous working firmware image should be assigned as
the Backup Software. When devices which are reloaded, they will download any new
firmware packages, but will wait to reboot and activate the new firmware until the targeted
date and time.
You can choose to reload devices when changing the profile (to trigger an immediate
download), or if you utilize a configuration lease timer, you can wait for the timer to
expire for devices to reload automatically. Trilliant recommends using a configuration
lease timer, as this will allow firmware downloads to occur at distributed intervals, rather
than having all devices attempt to download firmware concurrently. However, you must
ensure that the lease timer for all devices will expire prior to the scheduled time for the
software schedule. For example, if your configuration lease timer is 24 hours, you should
schedule your upgrade at least 25 hours in the future.
Primary : SMGateway_2.3.1.bin
Backup : SMGateway_2.3.0.bin
Software schedule : SUN JAN 03 01:00:00 2015
Software schedule valid : true
Note: The Software Schedule feature requires that your devices use the Network Time
Protocol (NTP). Device date and time can be confirmed using the 'show date' CLI
command.
• In this case, the device has the correct Primary Software, and only the Backup Software
image has changed.
• Regardless of software schedule, the device will immediately begin a FTP or SFTP
transfer to download the new Backup Software.
• Upon completion of the transfer, no action will be taken as the device already has the
correct Primary Software
• Upon completion of the process, the Primary Software is Accepted, and the Backup
Software is Trial.
4. Primary Software has changed to the previous Backup Software, and the Backup Software
has changed to a new image.
• In this case, the device has the correct Primary Software already downloaded, but the
Backup Software image has changed.
• If there is a valid software schedule defined, the device will take no action until the
schedule date and time. At the scheduled date and time, the device will continue to the
next step.
• If there is no valid software schedule defined, or the schedule date and time has been
reached, the device will change the active firmware image bank and reboot.
• Upon successful reconnect, the device will begin a FTP or SFTP transfer to download
the new Backup Software. This firmware image will replace the current Backup Soft-
ware (which is the previous Primary Software).
• Upon completion of the transfer, no additional action is taken.
• Upon completion of the process, the Primary Software is Accepted, and the Backup
Software is Trial.
5. Primary Software image has changed to a new image. (Not recommended)
• In this case, the device has the correct Backup Software, but the Primary Software
image has changed.
• Regardless of software schedule, the device will immediately begin a FTP or SFTP
transfer to download the new Primary Software. This firmware image will replace the
previous Backup Software.
• Upon completion of the transfer, if there is a valid software schedule defined, the
device will take no action until the schedule date and time. At the scheduled date and
time, the device will continue to the next step.
• Upon completion of the transfer, if there is no valid software schedule defined, or the
schedule date and time has been reached, the device will change the active firmware
image bank and reboot using the new Primary Software image.
• Upon successful reconnect, the device will begin a FTP or SFTP transfer to download
the new Backup Software. This firmware image will replace the current Backup Soft-
ware (which is the previous Primary Software).
• Upon completion of the transfer, no additional action is taken.
• Upon completion of the process, the Primary Software is Accepted, and the Backup
Software is Trial.
6. Both primary and backup firmware images have changed to new images. (Not recom-
mended)
• In this case, the device does not have either of the firmware images defined in the Pro-
file.
• Regardless of software schedule, the device will immediately begin a FTP or SFTP
transfer to download the new Primary Software. This firmware image will replace the
previous backup firmware.
• Upon completion of the transfer, if there is a valid software schedule defined, the
device will take no action until the schedule date and time. At the scheduled date and
time, the device will continue to the next step.
• Upon completion of the transfer, if there is no valid software schedule defined, or the
schedule date and time has been reached, the device will change the active firmware
image bank and reboot using the new Primary Software image.
• Upon successful reconnect, the device will begin a FTP or SFTP transfer to download
the new Backup Software. This firmware image will replace the current Backup Soft-
ware (which is the previous Primary Software).
• Upon completion of the transfer, no additional action is taken.
• Upon completion of the process, the Primary Software is Accepted, and the Backup
Software is Trial.
Note: Downloading firmware to a device does not necessarily mean that the device will use
the newly downloaded firmware right away. New firmware can be scheduled to take
effect at a specific time (see “Creating a Software Schedule” on page 248), or can also
be set as Backup Software, which must be manually swapped to Primary Software (see
“Swapping Firmware Images” on page 262). For more information about avoiding
issues when applying upgraded firmware to your devices, see “Avoiding Firmware
Upgrade Issues” on page 242.
3. In the Primary Software column, select a firmware image name from the drop-down list
(Figure 6.38).
In a Firmware Upgrade scenario, Trilliant recommends that the primary software be set to
the currently used firmware image (not the upgraded firmware image).
4. If necessary, in the Backup Software column, select a firmware image name from the
drop-down list (Figure 6.39).
In a Firmware Upgrade scenario, Trilliant recommends that the backup software be set to
the upgraded firmware image (you can swap the images later once all images have been
downloaded).
5. Click Save .
6. NEMS offers to automatically reload associated devices.
• To make the devices download and/or apply the new firmware, click Yes.
• To wait for the device’s Config Lease Time to expire, click No. For more details, see
“Waiting for a Device’s Config Lease Time to Expire” on page 259.
Reloading a Device
Every time you save a node profile or a node maintenance entry, NEMS offers to automatically
reload all associated devices (you can accept or decline this offer). However, you can manually
reload a device without making changes to its node profile or node maintenance entry.
Reloading a device causes the device to apply firmware changes immediately. Reloading is not
required if you are using a lease time to trigger the reload, or if you accepted the offer to
automatically reload all associated devices when saving a node profile or node maintenance entry.
To Reload a Device:
1. From the WAN View Tree View, right click on the device whose firmware you want to
upgrade by reloading its node profile (Figure 6.40).
2. Scroll to the right until you see the Config Lease Time column (Figure 6.43).
3. Double-click on a node profile line to open the Node Profile Attributes window.
4. Enter a new Config Lease Time value (Figure 6.44).
5. Click Save .
5. If for any reason it is necessary to revert to the previous firmware release, use the show
version command to see if the load is listed as unbootable. If the load is unbootable,
repeat step 1.
6. Otherwise, return to step 3. Ensure that you follow the same “outside-in” procedure when
switching to an earlier firmware release.
3. In the Software section, check to make sure that Backup Software shows the upgraded
firmware image.
5. Click Save .
6. NEMS offers to automatically reload associated devices.
• To make the devices apply the new primary software, click Yes.
• To wait for the device’s Config Lease Time to expire, click No. For more details, see
“Waiting for a Device’s Config Lease Time to Expire” on page 259.
2. Click Add .
NEMS opens a new Node Maintenance entry window (Figure 6.51).
3. In the MAC Address field, enter the new device’s MAC address.
Note: When entering the MAC address, do not enter any colons, For example, if the MAC
Address is listed as 00:0A:DB:xx:xx:xx, enter 000ADBxxxxxx.
The MAC address is printed on the asset tag on the bottom of the device.
Note: If you cannot read or do not have easy access to the asset tag, you can connect to the
device via the serial console, and determine the device’s MAC address via the “show
version” CLI command (see “Connecting Using the Serial Port” on page 283 for
more information).
4. From the Node Type drop-down list, select the appropriate node type.
5. From the Node Profile drop-down list, select the Node Profile to use.
6. Select the appropriate DHCP IP Assignment mode for this device:
• Fixed: The device will use specific IP address in the DHCP subnet range.
• Dynamic: The device will use any available IP address in the subnet range.
Note: This option is not available for Gateway devices. Gateway devices using DHCP must
use a fixed IP address.
• Non-DHCP: The device will not use DHCP, and instead will use a statically assigned
address configured through the CLI.
Note: To avoid IP conflicts, the statically assigned IP address should not be within the
dynamic range selected for the subnet (if any).
7. In the IP Address column, enter the IP address for the device (if you are using Dynamic
IP assignment, you can leave this field blank).
Note: When specifying an IP address, if you are using Dynamic IP assignment and if you
leave the IP address blank, NEMS will select an IP address from the defined dynamic
range. Otherwise, you must enter an IP address.
Note: Leave the Tunnel (inner) IP address empty unless your network is using VPN. Refer to
“Adding VPN to Your Network” on page 231 for instructions on how to provision VPN
inner IP tunnel addresses.
In the below example of a Gateway Node Maintenance entry, the Gateway’s IP address is:
10.18.71.100 (Figure 6.52).
8. Click Save .
9. NEMS prompts you to configure the device’s Profile Attributes. Either select Yes to con-
figure profile attributes (such as Data Collection Intervals), or No to close the window.
If you change the username and/or password in a Node Maintenance entry such that it no longer
matches what is defined in the device type’s Node Profile, the mismatched username and/or
password will display in bold blue text (see Figure 6.54).
Figure 6.54 Node Maintenance entry with customized usernames and passwords that do not match the Node
Profile
2. Double-click an entry.
NEMS opens the device’s Node Maintenance window (Figure 6.57).
This procedure is for all devices using this Node Profile. To make change for a single WAN
device, see “Changing a single WAN device’s username / password from Node Maintenance” on
page 271.
Figure 6.61 Gateway’s Node Details window with the Provisioning > Node Maintenance > General tab shown
3. Click Save .
6. At the login prompt, enter the device’s password and then press [ENTER]. The default
password is public.
The CLI is now ready for commands. See “Troubleshooting with Basic CLI Commands”
on page 286 for more information.
2. Start a communication session by selecting the COM port you used to physically connect
the computer to the device, using the following serial communication settings:
• 38400 bps
• 8 data bits
• no parity
• one stop bit
• no flow control
Note: How you accomplish this depends on the operating system of the machine you are using
as the communications terminal and the communications software available on that
machine.
3. Enter the device’s password and then press [ENTER]. The default password is public.
The CLI is now ready for commands. See “Troubleshooting with Basic CLI Commands”
on page 286 for more information.
• “Device will not come online, “show link” shows the link in 'auth fail' status” on
page 310
• “Device will not come online, “show link” shows the link in 'prov fail' status” on
page 310
• “Device rebooted unexpectedly” on page 312
Configuring a Device
There are a number of CLI commands that are useful during device configuration. The
configuration mode (auto or manual) and specific provisioning parameters determine how
provisioning will occur. You can also reset a device to its factory defaults in order to reset any
customizations that may have been made (though this isn’t necessary for new devices, as they are
already using factory defaults).
show prov IP
Use this command to display the default IP address of the device, as well as its DHCP state. This
command is useful for ensuring that DHCP is enabled on the device.
Note: To enable or disable DHCP, use the set prov ip (see page 291) command.
Expected Result:
For most networks, the DHCP state of a properly-functioning and provisionable/discoverable
device is Enabled (which is also the default state).
Because all devices except Gateways retain their default IP address, the most pertinent line in
Table 7.3 is the DHCP state. Enabled means that the device is able to receive an IP address from
NEMS.
show freq
Use this command to see which frequency a device is currently using. If a device is taking longer
than you expect to provision, it could be because the device is still cycling through its available
frequencies and is looking for the proper provisioning frequency.
Expected Result:
In response to this command, the device will list the following frequency information:
• Current country code: the country code configured for this device. The configured coun-
try code restricts the available frequency regions.
• Flash frequency region setting: the frequency region it was originally programmed to
use. The frequency region defines the available frequencies, transmit power, and radar
detection mode.
• Current frequency region setting: the frequency region it has been assigned to use. In
most cases, this will match the flash frequency region setting.
• Current valid frequencies: the frequencies that are available within the current frequency
region
• Current frequency: the frequency that it is currently using
• Current allowed frequencies: the frequencies it is allowed to connect on, which is deter-
mined by CLI or NEMS configuration. The factory default is to allow all frequencies, but
once a device obtains configuration from NEMS, only the primary frequency is allowed
(unless the profile attributes have been edited to allow other frequencies).
• Dwell time (minutes): How long it will spend searching the primary frequency before
checking other frequencies for a connection
• Channel width: Channel width determines the amount of bandwidth that is used for oper-
ations. The channel width must match on all WAN devices in order for them to communi-
cate.
show netkey
Use this command to see a device’s netkey code. Netkeys are a shared key used for mutual
authentication of devices. If your network uses netkeys, use this command to verify that the
netkey on your Gateway and other devices match. If the netkeys do not match, devices will not be
able to link. See “set netkey” on page 290 for details on how to set the netkey on a device.
Expected Result:
After submitting this command, the device will display the netkey code it is currently using. This
code should match the netkey code on the Gateway that the device is using to provision.
Table 7.5 show netkey example
000ADB1213E4> show netkey
43:17:30:9f:30:af
The factory default netkey for all SecureMesh WAN devices is “Trilliant Networks, Inc.” which
has a code of 43:17:30:9f:30:af. If a different key is displayed, the netkey has been
changed
set netkey
Use this command to set a device’s netkey to a custom value. Netkeys are a shared key used for
mutual authentication of devices. The netkey should always be set to a non-default value for
production networks.
Expected Result:
After entering the command, the device will ask you to enter a new netkey, and again to confirm it
(Table 7.6). If the two entries match, the new netkey is saved. To see the new netkey code (not the
netkey itself), use the show netkey command (see “show netkey” on page 290).
Table 7.6 set netkey example
000ADB1213E4> set netkey
-> Enter network key: ********
-> Re-enter network key: ********
Successfully set network key.
set prov IP
This command allows granular control of a device’s IP-related provisioning parameters.
Expected Result:
After entering the command, the CLI will ask you to specify the device’s IP-related provisioning
parameters, beginning with whether or not to enable DHCP. How you answer determines
questions that follow.
!!!trilliantfactory!!!
Use this command to reset the device to its factory settings.
Note: If the firmware on the device has already been updated to a newer version, resetting the
device to factory settings will NOT downgrade the firmware.
Expected Result:
At the device’s password prompt, rather than entering the password, enter
!!!trilliantfactory!!! and press [ENTER]. The device will respond asking if you
want to proceed with resetting the device. Press Y and then [ENTER] (Table 7.12). The device
will then reset and restart.
Table 7.12 !!!trilliantfactory!!! example
Welcome to Trilliant, Inc.
Copyright (C) 2010 Trilliant, Inc. All Rights Reserved.
Password: !!!trilliantfactory!!!
-> Resetting to factory defaults. Proceed? yes, no <y | n>: y
Note: This example shows the command, but the CLI obscures all entries into the password
field, and will show on the screen as **********************.
show link
Use this command to see what links, if any, a device has formed during the link establishment
process.
Expected Result:
The three most pertinent results of this command are the MAC address and Node Type of the
node(s) to which the device is linked, and the type of link (state) that has been formed. In Table
7.13, the Extender Bridge is linked to a SecureMesh Gateway, and has currently formed a pre-
authorization link. This means that provisioning is in progress (or is being attempted). The signal
strength, modulation rate, and antenna combination are also shown.
show dhcp
Use this command to display the device’s current DHCP settings. This command is useful for
monitoring provisioning progress.
Expected Result:
A device that has DHCP enabled, but not yet assigned by NEMS will show a result of “No DHCP
lease options” similar to Table 7.17.
Table 7.17 show dhcp example (dhcp enabled but not assigned)
000ADB16E714> show dhcp
No DHCP lease options
A device that has DHCP enabled and assigned will show a result similar to Table 7.18.
Table 7.18 show dhcp example (dhcp enabled and assigned)
000ADB16E714> show dhcp
IP address : 172.16.1.6
Subnet mask : 255.255.255.0
Default gateway : 172.16.1.1
Lease duration : 172800 seconds
Lease rebinding : 64800 sec
Lease remaining : 86386 sec
DHCP server : 172.16.1.1
FTP server : 172.16.1.1, 0.0.0.0
HTTP server : 172.16.1.1, 0.0.0.0
Hostname :
Note: To verify that DHCP is enabled, use the show prov ip command (see page 288).
show gps
Use this command to verify that GPS is enabled and locked on a Gateway. If a Gateway cannot
obtain a GPS lock, it will not be able to provision, or form any wireless links. By default,
Extender and Extender Bridge devices also require a GPS lock in order to form wireless links.
Note: If you are in an environment where the device cannot get a GPS signal, see “Device
GPS Bypass” on page 321.
Expected Result:
The Gateway should show that GPS is both enabled and locked.
Table 7.19 show gps example
000ADB16E714> show gps
GPS timing is enabled. Node will use GPS module for timing
show psu
Use this command to verify the status of an Extender or Extender Bridge’s PSU.
Note: Not all Extender or Extender Bridge devices include a PSU.
Expected Result:
The PSU, if present, should show that the PSU’s ID, serial number, MAC address, battery status,
firmware information, and build information.
PSU Information
---------------
Last acquisition time: THU APR 09 12:47:28 2015
Unique ID: 36570343314E3931D80534FF
Serial Number: NDFC0000278
MAC Address: 00:14:77:07:a2:36
Battery Status: charging
Firmware Information
model: PSU-1024-Generic
version: 1.2.3.13297
Build type
type: release
trace: none
CCS: standard/-/auto test
control options: 27V
show collector
Use this command to verify the status of a Collector device.
Expected Result:
The Collector should show its serial number, MAC address, image version, last response time,
whether or not a PSU is present, and other information.
Collector Information
---------------
Serial no. : NDHA0001501
Ethernet MAC Address : 00:14:77:16:E9:3D
Image Version : 4.251
Last heartbeat response : 21 seconds ago
Rebooted by watchdog : 0 times
Device uptime : 0 days, 3 hours, 51 minutes, 36 seconds
Last reboot reason : Firmware Upgrade Reboot
DHCP state : DHCP
IP Address : 192.1687.150
Inner IP Address : 0.0.0.0
Netmask : 255.255.255.0
Default Gateway : 192.168.7.6
VPN Server Primary : 0.0.0.0
VPN Server Secondary : 0.0.0.0
Lease Duration Remaining : 1 days, 20 hours, 9 minutes
VPN State : Disabled
PSU Information
---------------
PSU is not present.
debug on
This command enables debug logging on the device, and will help you gather information to aid
in troubleshooting issues or behavior. When connected to the CLI via telnet or SSH, you must set
“debug on” in order to see any debug logging using the commands below. When connected to
the CLI via serial, debug mode is always enabled.
2. If any of the services are not running (see Table 7.30), enter the following commands:
• cd /var/log/trilliant
• cat service.log
If your results are similar to Table 7.31, your server’s MAC address may not match the
address in the license files.
Table 7.32 Incorrect license example
[root@softnems ~]# cd /var/log/trilliant/
[root@softnems trilliant]# cat service.log
License Verification Started
Invalid Licensing Information
NEMS Server Shutting down...
3. Obtain the correct MAC address by entering the ifconfig command (Table 7.32). Send
the listed HWaddr to Trilliant Support to obtain updated license files.
collisions:0 txqueuelen:1000
RX bytes:469777294 (448.0 MiB) TX bytes:17382005 (16.5 MiB)
4. When you get the updated license files, transfer the license files to the server’s /root
directory.
5. In a terminal window from the /root directory, enter the following commands:
Table 7.34 Copy updated license files
[root@softnems ~]# cp License.dat /opt/product/TrilliantNetworks/NEMS/server/ems/conf/License.dat
2. If the result is like Table 7.35, try checking to see if any NEMS services are stopped
(“Starting and Stopping NEMS services” on page 304). Otherwise, disable the firewall by
entering the following command: service iptables stop
Table 7.38 Disabling the firewall example
[root@softnems ~]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Note: The command “service iptables stop” will only temporarily shut off the
firewall (it will return after a reboot). If you wish to permanently disable the firewall,
use the command “chkconfig iptables off”.
!!!trilliantfactory!!!
Use this command to reset the device to its factory settings.
Note: If the firmware on the device has already been updated to a newer version, resetting the
device to factory settings will NOT downgrade the firmware.
Expected Result:
At the device’s password prompt, rather than entering the password, enter
!!!trilliantfactory!!! and press [ENTER]. The device will respond asking if you
want to proceed with resetting the device. Press Y and then [ENTER] (Table 7.41). The device
will then reset and restart.
Note: This example shows the command, but the CLI obscures all entries into the password
field, and will show on the screen as **********************.
You can also reset a device to its factory defaults in order to reset any customizations that have
been made (though this isn't necessary for new devices, as they are already using factory
defaults).
Note: Resetting a device to factory defaults does not downgrade firmware.
Note: Resetting a device to the factory default will clear the netkey. If you are using a custom
netkey, you will have to set it again. See “set netkey” on page 290.
Note: For Connector devices, you can reset to factory defaults by pressing the Reset button on
the device.
Device will not come online, “show link” shows the link in 'auth fail' status
This status means that device authorization has failed, typically because the netkeys on the
devices don’t match. A netkey is a shared secret that all devices must share in order to securely
connect, provision, and communicate. All Trilliant SecureMesh WAN devices come with a
default netkey already programmed (see below); if you do not change to a custom netkey, all new
devices will still be able to successfully use the default netkey. However, if you are using a device
that has had its netkey changed, or is not new, try resetting it to the default netkey:
Default Trilliant netkey: Trilliant Networks, Inc.
Default Trilliant netkey code: 43:17:30:9f:30:af
Note: The netkey is case sensitive and must include spaces and punctuation as shown.
• Use the CLI command show netkey (see “show netkey” on page 290) to verify that the
netkeys of the failing device and the Gateway match.
• Use the CLI command set netkey (see “set netkey” on page 290) to change the netkey
on a device.
Device will not come online, “show link” shows the link in 'prov fail' status
Device provisioning has failed. This indicates the device has either failed to obtain an IP address
with DHCP, or failed to successfully obtain a configuration file from the NEMS. Try the
following to determine the cause of the prov fail status:
or
000ADBDA0103> 0x733328 (spProvisionAgent): TS: 00:00:01:38
0x733328 (spProvisionAgent): spHttpSocketConn.cpp:377 (SP_PROVISION_AGENT_COMPONENT_ID#2)
TCP-IP socket connection to (0xc0a8a8b6) failed.
0x733328 (spProvisionAgent): TS: 00:00:01:38
0x733328 (spProvisionAgent): spProvisionAgent.cpp:4491 (SP_PROVISION_AGENT_COMPONENT_ID#1)
Fail to load config file. Sleeping for 4 secs...
• Once you determine the source of the failure, you can fix the issue.
2. Verify DHCP configuration as described in “Configuring DHCP” on page 37.
3. Inspect the device’s node maintenance entry. From the NEMS WAN View, click Provi-
sioning > Node Maintenance. Confirm the following:
• the device’s MAC address is correct
• the device is using the correct node profile
• the DHCP IP Assignment is set to Dynamic
4. Verify that the device’s node profile is correctly configured:
• For Extender Bridges, see “Creating an Extender Bridge Profile” on page 57
• For Connectors, see “Creating a Connector Profile” on page 59
5. If you do not see any log output after enabling set log prov 2, enter the command
show logevents search with the keyword “prov”.
show reboot
Use the show reboot command to determine why a device most recently rebooted.
Expected Result:
After entering this command, the CLI will display the reason and how long the device was “up”
before rebooting.
Table 7.42 show reboot example
000ADBDA0103> show reboot
Reboot reason: CLI Reboot
Previous Up Time: 1 day 20:15:11
show uptime
Use the show uptime command to determine how long a device has been running since its last
reboot.
Expected Result:
After entering this command, the CLI will display how long the device has been “up” since
rebooting.
Optional Settings
This appendix covers optional settings and parameters for setting up a network using NEMS:
• “Changing the Frequency Region and Country Code” on page 316
• “Changing the Channel Width” on page 318
• “Device GPS Bypass” on page 321
• “Configuring a Custom Netkey” on page 323
• “Advanced Firewall Settings” on page 324
• “Advanced GPS Settings” on page 327
• “ftpimage Command Reference” on page 333
Country code required - Use ‘set prov freq’ to configure> set prov freq
-> Select a Frequency action: quit, allow, country code, deny, list, primary,
region <q|a|c|d|l|p|r>: c
-> Enter a number for the frequency region or press Enter to quit: 2
-> Please enter a new primary frequency or press ENTER to quit: 5260
Please make sure to reboot for the new frequency region settings to take effect.
-> Select a Frequency action: quit, allow, country code, deny, list, primary,
region <q|a|c|d|l|p|r>: q
4. Click Save .
NEMS displays a warning that saving your changes will cause the devices to reboot in
order to apply the new value(s).
-> Select user GPS action: quit, coordinates, timing, auto-gps <q|c|t|a>: t
GPS timing is disabled. Node will use Derived Timing (GPS-less mode).
You must reboot for this change to take effect.
-> Select user GPS action: quit, coordinates, timing, auto-gps <q|c|t|a>: q
000ADB010101>
For configuration and indoor demo purposes, Gateway devices can also be configured for
operation without a GPS signal (see Table A.6).
Note: However, network performance and latency may be negatively impacted. For best
performance, Trilliant recommends that Gateway devices should always use GPS
timing.
Table A.6 set prov gps example (gateway)
000ADB010102> set prov gps
-> Select user GPS action: quit, coordinates, timing, auto-gps <q|c|t|a>: t
GPS timing is disabled. Node will use Derived Timing (GPS-less mode).
You must reboot for this change to take effect.
-> Select user GPS action: quit, coordinates, timing, auto-gps <q|c|t|a>: q
000ADB010102>
5. In Port(s), enter 8000. This setting allows devices to obtain configuration files.
6. In Protocol, select tcp.
7. Click OK.
8. Next to the Other Ports window, click Add.
CentOS opens the Add Port window (Figure A.6).
Figure A.7 Sample Map View of devices showing location and RSSI strength between nodes
In Figure A.7, the Map View shows how a variety of devices (B, C, D, and E) connect to the
Collector (A). The green lines show that the links between each of these devices is of good
quality, and also demonstrate how many hops a device has between itself and the Collector.
Devices C and E each have two hops to get back to the Collector (A), while devices D and B have
only one hop.
Without GPS coordinates for the Collector and other devices, the above Map View would not be
possible.
2. Click Browse.
3. Navigate to the location of the file and select it.
Figure A.10 GPS Data Import window with selected data file
4. Click Load.
5. NEMS loads the file and edits the GPS data for the given devices.
Note: Using the import feature to edit the GPS data for a device changes its GPS mode to
Manual. A device in manual GPS mode will no longer automatically change its GPS
data based on new information received from associated devices or from internal GPS
reception.
2. Double-click a device to open the device’s Node Attributes window (Figure A.12).
5. Click Save .
2. In the Location Details section, in the GPS Coordinates field, select Manual.
3. Enter the device’s GPS coordinates into the Latitude (degrees), Longitude (degrees),
and Altitude (meters) fields.
4. Click Save .
5. Prior to performing any ftpimage commands, Trilliant recommends that you enable
debugging so that the FTP/SFTP process can be monitored in real time:
> set log all 1
Log level changed: all at 1
> set log prov 2
Log level changed: prov at 2
6. Use the show version sw command to determine the current active and backup
image:
> show version sw
Active Software Image : B
Image A Name : SMConn.2.2.0.bin
Image A MD5 : 8b:49:9f:99:1c:9f:52:c0:fd:43:59:26:ff:9b:6a:ff
Image A State : Accepted
Image A Counter : 1000
Image B Name : SMConn.2.2.0.bin
Image B MD5 : 8b:49:9f:99:1c:9f:52:c0:fd:43:59:26:ff:9b:6a:ff
Image B State : Accepted
Image B Counter : 1000
7. Use the ftpimage command to initiate the firmware download to the backup (non-
active) partition:
> ftpimage
-> Enter FTP server IP address: 192.168.0.5
-> Enter FTP server login [anonymous]:
-> Enter FTP server password:
-> Enter directory: pub/images/
-> Enter filename: SMConn.2.3.0.bin
-> Enter destination partition <A|B>: a
FTP server IP address: 192.168.0.5
FTP server login: anonymous
Directory: pub/images/
Filename: SMConn.2.3.0.bin
Destination partition: A
-> Are these settings correct? no, yes <n|y>: y
0x883240 (spCliTelnet): spProvisionAgent.cpp:3298 (SP_PROVISION_AGENT_COMPO-
NENT_ID#2)
Initiating FTP download.
0x883240 (spCliTelnet): spProvisionAgent.cpp:3300 (SP_PROVISION_AGENT_COMPO-
NENT_ID#3)
Trying to connect to IP address 192.168.0.5.
0x883240 (spCliTelnet): spProvisionAgent.cpp:3343 (SP_PROVISION_AGENT_COMPO-
NENT_ID#3) Login successful. Downloading file name SMConn.1.2.bin.
0x883240 (spCliTelnet): 4194304
0x883240 (spCliTelnet): spProvisionAgent.cpp:3803 (SP_PROVISION_AGENT_COMPO-
NENT_ID#3)
FTP Successfully completed in 1 Minutes 0 Seconds
FTP successful.
8. Use the show version command to verify the image was successfully downloaded.
Specifically, check for a nonzero MD5:
> show version sw
Active Software Image : B
Image A Name : SMConn.2.3.0.bin
Image A MD5 : 35:9a:b0:9b:8e:95:e5:af:00:66:27:f3:0d:6c:65:1f