advertisement
61202361L2-34B
February 2004
NetVanta 2000 Series
Internet Security Appliances
Hardware Installation Guide
1202361L2 NetVanta 2100 Unit
1202362L1 NetVanta 2050 Unit, Firewall Only
1202362L2 NetVanta 2050 Unit
1202363L1 NetVanta 2054 Unit, Firewall Only
1202363L2 NetVanta 2054 Unit
1202366L2 NetVanta 2300 Unit
1202367L2 NetVanta 2400 Unit
Trademarks NetVanta 2000 Series Hardware Installation Guide
Trademarks
Any brand names and product names included in this manual are trademarks, registered trademarks, or trade names of their respective holders.
To the Holder of this Manual
The contents of this manual are current as of the date of publication. ADTRAN reserves the right to change the contents without prior notice.
In no event will ADTRAN be liable for any special, incidental, or consequential damages or for commercial losses even if ADTRAN has been advised thereof as a result of issue of this publication.
2
901 Explorer Boulevard
P.O. Box 140000
Huntsville, AL 35814-4000
Phone: (256) 963-8000 www.adtran.com
© 2004 ADTRAN, Inc.
All Rights Reserved.
Printed in U.S.A.
© 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide
Conventions
Notes provide additional useful information.
Conventions
Cautions signify information that could prevent service interruption.
Warnings provide information that could prevent damage to the equipment or endangerment to human life.
Safety Instructions
When using your communications equipment, please follow these basic safety precautions to reduce the risk of fire, electrical shock, or personal injury:
1. Do not use this product near water such as a bathtub, wash bowl, kitchen sink, laundry tub, in a wet basement, or near a swimming pool.
2. Avoid using a telephone (other than a cordless-type) during an electrical storm. There is a remote risk of shock from lightning.
3. Do not use a telephone to report a gas leak in the vicinity of the leak.
4. Use only the power cord, power supply, and/or batteries indicated in the manual.
5. Do not dispose of batteries in a fire. They may explode. Check with local codes for special disposal instructions.
Save These Important Safety Instructions
61202361L2-34B © 2004 ADTRAN, Inc.
3
FCC-Required Information NetVanta 2000 Series Hardware Installation Guide
FCC-Required Information
Federal Communications Commission Radio Frequency Interference Statement for NetVanta 2050,
NetVanta 2054, and NetVanta 2100
Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
.
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.
Canadian Emissions Requirements for NetVanta 2050, NetVanta 2054, and NetVanta 2100
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of
Communications.
Cet appareil numérique respecte les limites de bruits radioelectriques applicables aux appareils numériques de
Class A prescrites dans la norme sur le materiel brouilleur: “Appareils Numériques,” NMB-003 edictee par le ministre des Communications.
Federal Communications Commission Radio Frequency Interference Statement for NetVanta 2300 and NetVanta 2400
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio frequencies. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.
4 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide FCC-Required Information
Canadian Emissions Requirements for NetVanta 2300 and NetVanta 2400
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of
Communications.
Cet appareil numérique respecte les limites de bruits radioelectriques applicables aux appareils numériques de
Class A prescrites dans la norme sur le materiel brouilleur: “Appareils Numériques,” NMB-003 edictee par le ministre des Communications.
61202361L2-34B © 2004 ADTRAN, Inc.
5
Warranty and Customer Service NetVanta 2000 Series Hardware Installation Guide
Warranty and Customer Service
ADTRAN will repair and return this product within the warranty period if it does not meet its published specifications or fails while in service. Warranty information can be found at: http://support.adtran.com
(Click on Warranty and Repair Information, under Support.)
Product Registration
Registering your product helps ensure complete customer satisfaction. Please take time to register your products on line at http://support.adtran.com
. Click on Service/Support and then on Product Registration under Support.
Product Support Information
A return material authorization (RMA) is required prior to returning equipment to ADTRAN. For service,
RMA requests, training, or more information, use the following contact information:
Repair and Return
If you determine that a repair is needed, please contact our Customer and Product Service (CaPS) department to have an RMA number issued. CaPS should also be contacted to obtain information regarding equipment currently in house or possible fees associated with repair.
CaPS Department (256) 963-8722
Identify the RMA number clearly on the package (below address), and return to the following address:
ADTRAN Customer and Product Service
901 Explorer Blvd. (East Tower)
Huntsville, Alabama 35806
RMA # _____________
Pre-Sales Inquiries and Applications Support
Your reseller should serve as the first point of contact for support. If additional pre-sales support is needed, the ADTRAN Support web site provides a variety of support services such as a searchable knowledge base, latest product documentation, application briefs, case studies, and a link to submit a question to an
Applications Engineer. All of this, and more, is available at: http://support.adtran.com
When needed, further pre-sales assistance is available by calling our Applications Engineering
Department.
Applications Engineering (800) 615-1176
6 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Product Support Information
Post-Sale Support
Your reseller should serve as the first point of contact for support. If additional support is needed, the
ADTRAN Support web site provides a variety of support services such as a searchable knowledge base, updated firmware releases, latest product documentation, service request ticket generation and trouble-shooting tools. All of this, and more, is available at: http://support.adtran.com
When needed, further post-sales assistance is available by calling our Technical Support Center. Please have your unit serial number available when you call.
Technical Support (888) 4ADTRAN
Installation and Maintenance Support
The ADTRAN Custom Extended Services (ACES) program offers multiple types and levels of installation and maintenance services which allow you to choose the kind of assistance you need. This support is available at: http://www.adtran.com/aces
For questions, call the ACES Help Desk.
ACES Help Desk (888) 874-ACES (2237)
Training
The Enterprise Network (EN) Technical Training Department offers training on our most popular products.
These courses include overviews on product features and functions while covering applications of
ADTRAN's product lines. ADTRAN provides a variety of training options, including customized training and courses taught at our facilities or at your site. For more information about training, please contact your
Territory Manager or the Enterprise Training Coordinator.
Training Phone (800) 615-1176, ext. 7500
Training Fax (256) 963-6700
Training Email [email protected]
61202361L2-34B © 2004 ADTRAN, Inc.
7
Product Support Information NetVanta 2000 Series Hardware Installation Guide
8 © 2004 ADTRAN, Inc.
61202361L2-34B
Table of Contents
Wallmounting NetVanta 2000 Series Internet Security Appliances . . . . . . . . . . . . . . . . . 26
NetVanta 2050, NetVanta 2054, and NetVanta 2100 . . . . . . . . . . . . . . . . . . . . . . . . 26
Rackmounting NetVanta 2000 Series Internet Security Appliances . . . . . . . . . . . . . . . . 28
or Windows XP ® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
or Windows 98/95 ® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
-Compliant UNIX ® /LINUX ® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
61202361L2-34B © 2004 ADTRAN, Inc.
9
Table of Contents NetVanta 2000 Series Hardware Installation Guide
10 © 2004 ADTRAN, Inc.
61202361L2-34B
List of Figures
NetVanta 2050 and NetVanta 2100 Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . 22
Wallmounting the NetVanta 2050, NetVanta 2054, or NetVanta 2100 . . . . . . . . . . . . . 26
61202361L2-34B © 2004 ADTRAN, Inc.
11
List of Figures NetVanta 2000 Series Hardware Installation Guide
12 © 2004 ADTRAN, Inc.
61202361L2-34B
List of Tables
61202361L2-34B © 2004 ADTRAN, Inc.
13
List of Tables NetVanta 2000 Series Hardware Installation Guide
14 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Introduction
1. INTRODUCTION
This hardware installation guide describes the NetVanta 2000 Seriess, lists unit specifications, details basic functionality, and gives installation instructions. For more information on device configuration for a specific application, refer to the quick start documents provided on your ADTRAN OS Documentation CD.
For details on the command line interface, refer to the AOS Command Reference Guide also included on your CD.
The NetVanta Solution
ADTRAN’s NetVanta 2000 Series of virtual private network (VPN) products includes small to mid-range
IP Security (IPSec) compliant gateways providing all the necessary components required to secure an integrated VPN solution. With their built-in stateful inspection firewalls, these components protect the corporate network against attack and provide data security through encryption, authentication, and key
exchange. Table 1 describes the primary uses of the NetVanta 2000 Series.
Table 1. The NetVanta Solution
NetVanta Unit Primary Use
2050, 2054, 2100 For remote access and site-to-multisite connectivity. Targets the corporate branch office, the small office/home office (SOHO), and business-to-business application.
2300/2400 For branch office or mid-size host security gateway. Provides features similar to the NetVanta 2100, but with more bandwidth and additional Private ports that can be used for securing multiple LANs
In this document, the term “NetVanta 2000 Series” means the NetVanta 2050, NetVanta
2054, NetVanta 2100, NetVanta 2300, and NetVanta 2400. If a statement only applies to one particular device, the text refers to the device individually.
Security
The NetVanta 2000 Series provides key security and data management features such as IPSec VPN tunneling, stateful inspection firewall (providing cyber assault protection), authenticated remote user access, and Network Address Translation (NAT). Adherence to IPSec standards (established and maintained by the IETF) makes the NetVanta 2000 Series interoperable with many other IPSec-compliant gateways, allowing for a multi-vendor VPN solution.
Protection Against Attacks
The NetVanta 2000 Series protects the corporate network against attacks with a built-in firewall and provides data security through encryption, authentication, and key exchange. The NetVanta 2000 Series employs a stateful inspection firewall that protects an organization's network from common cyber attacks including TCP syn-flooding, IP spoofing, ICMP redirect, land attacks, ping-of-death, and IP reassembly problems.
61202361L2-34B © 2004 ADTRAN, Inc.
15
Introduction NetVanta 2000 Series Hardware Installation Guide
Encryption
The NetVanta 2000 Series encrypts data being sent out onto the network, using either the Data Encryption
Standard (DES) or Triple Data Encryption Standard (3DES) encryption algorithms. Data integrity is ensured during transmission across the public infrastructure using Message Digest 5 (MD5) or Secure
Hash Algorithm version 1 (SHA1). In addition, Internet Key Exchange (IKE) can be used for user authentication supporting public and private keys or digital certificates, ensuring that the proper VPN tunnel is established and that the tunnel has not been redirected or compromised.
VPN Tunneling
NetVanta 2000 Series units are IPSec-compliant devices that support both encapsulation security payload
(ESP) and authentication header (AH) protocols and provide secure communication over potentially unsecure network components. Acting as security gateways, the NetVanta 2050 and NetVanta 2054 can provide up to five private encryption communication tunnels through the Internet with remote locations and the NetVanta 2100 can provide up to ten. The larger scale NetVanta 2300 offers support for up to 500 private encryption tunnels. For networks requiring more than 500 tunnels, the NetVanta 2400 provides
1000 private encryption tunnels. A NetVanta 2000 Series unit can also hide IP addresses from the external world by performing NAT. The internal router allows multiple users to share a VPN connection and can also direct incoming IP traffic.
Web-Based Management
A remote NetVanta 2000 Series can easily be configured and managed using a standard web browser or
Telnet using the command line interface (CLI). The NetVanta 2000 Series also has a built-in alert and logging mechanism for messaging and mail services. This enables the units to warn administrators about network activities by logging the activities into a Syslog server or sending an e-mail to the administrator.
Performance
Unlike a software-implemented VPN solution (which depends on local CPU and memory performance to implement encryption), the NetVanta 2000 Series is a standalone hardware platform that off-loads the
CPU-intensive encryption process. (CPU performance is impacted by 3DES encryption, possibly slowing all the local processes on the computer.) Since a NetVanta 2000 Series offers dedicated processing platforms to drive the encryption process, local computer performance is unaffected.
16 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Introduction
Features and Specifications
The NetVanta 2000 Series provides granular control over network access that includes maximum security, data authenticity and privacy, and significant ease of use. The following list highlights the NetVanta 2000
Series’ major features.
Physical Interfaces
• PUBLIC RJ-45 10/100BaseT auto-sensing Ethernet interface
• PRIVATE (2050/2100) RJ-45
• PRIVATE (2054) RJ-45 10/100BaseT auto-sensing Ethernet switch ports
• PRIVATE 1 (2300/2400) RJ-45 10/100BaseT auto-sensing Ethernet interface
• PRIVATE 2 (2300 /2400) RJ-45 10/100BaseT auto-sensing Ethernet interface
• PRIVATE 3 (2400/ 2400) RJ-45 10/100BaseT auto-sensing Ethernet interface
• CONSOLE RS-232 for off-line configuration
Firewall Features
• Stateful inspection firewall
– Provides support against the following attacks: IP Spoofing, Land Attack, Ping of Death, and
Reassembly Attack
– Provides checks for the following attacks: ICMP Redirect, Syn Flooding, Winnuke, and Source
Routing
• Application content filtering
• Cyber assault protection
• HTTP relay
Address Translation
• Basic NAT (1:1)
• NAPT (Many:1)
• Reverse NAT (translation of an inbound session’s destination IP address)
IPSec Tunnel
• ESP
• AH
• Manual key management or automatic key management using IKE
• X.509 certificate support
• MD5-HMAC (Hashed Message Authentication Code)128-bit authentication algorithm
• SHA1-HMAC 160-bit authentication algorithm
• DES-CBC (Cipher Blocking Chaining) 56-bit encryption
• 3DES-CBC 168-bit encryption
61202361L2-34B © 2004 ADTRAN, Inc.
17
Introduction NetVanta 2000 Series Hardware Installation Guide
Administration
• Command Line Interface
• Web-based management - Provides a GUI for configuring the NetVanta 2000 Series
• Syslog logging in WELF format
• E-mail alerts (SMTP) - For when programmed thresholds are reached
DHCP (Dynamic Host Configuration Protocol)
• Server (to manage IP addresses on local networks)
– Supports multiple IP address ranges on local networks
– User-defined lease duration
– Real-time status of active leases
• Client (to acquire the public-side IP address from service provider)
PPPoE (Point-to-Point Protocol over Ethernet)
• Client (to acquire the public-side IP address from service provider)
Routing
• TCP/IP (Transmission Control Protocol/Internet Protocol)
• Static routes
• RIP (Routing Internet Protocol: V1 and V2, and a combination of both)
• Separate RIP configuration for the private and public side
• RIP with authentication
• OSPF (Open Shortest Path First)
Unpack and Inspect the System
Each NetVanta 2000 Series is shipped in its own cardboard shipping carton. Open each carton carefully and avoid deep penetration into the carton with sharp objects. After unpacking the unit, inspect it for possible shipping damage. If the equipment has been damaged in transit, immediately file a claim with the
carrier and contact ADTRAN Customer Service (see Warranty and Customer Service on page 6).
Contents of ADTRAN Shipments
NetVanta 2050, NetVanta 2054, and NetVanta 2100
Shipments of the NetVanta 2050, NetVanta 2054, and NetVanta 2100 include the following items:
• NetVanta unit
• ADTRAN OS Documentation CD
• Warranty Card
• AC adapter (ADTRAN P/N 336012 VUR01)
• Crossover Ethernet cable (ADTRAN P/N 8125M012) for connecting the NetVanta directly to a PC
NetVanta 2300 and NetVanta 2400
Shipments of the NetVanta 2300 and NetVanta 2400 include the following items:
18 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide
• NetVanta unit with brackets attached
• ADTRAN OS Documentation CD
• Warranty Card
• AC power cable (ADTRAN P/N 3127009)
Introduction
61202361L2-34B © 2004 ADTRAN, Inc.
19
Product Overview NetVanta 2000 Series Hardware Installation Guide
Equipment Dimensions
• The NetVanta 2050, NetVanta 2054, and NetVanta 2100 measure 7.5” W x 5.375” D x 1.75” H. These units come equipped for tabletop and wallmount use. An optional rackmount shelf is available from
ADTRAN (P/N 1200412L1).
• The NetVanta 2300 and NetVanta 2400 measure 17.25” W x 7.75” D x 1.75” H. These units come equipped for rackmount or wallmount use.
Power Requirements
• The NetVanta 2050, NetVanta 2054, and NetVanta 2100 have a maximum power consumption of 9 W and a maximum current draw of 800 mA.
• The NetVanta 2300 and NetVanta 2400 have a maximum power consumption of 6 W and a maximum current draw of 0.2 A.
Reviewing the Base Unit Front Panel Designs
traffic.
Figure 1. NetVanta 2050 Front Panel Layout
20
Figure 2. NetVanta 2054 Front Panel Layout
© 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Product Overview
Figure 3. NetVanta 2100 Front Panel Layout
the public ( PUB ) and private ( PRIV 1 , PRIV 2 , and PRIV 3 ) interfaces, as well as VPN tunnels and traffic.
NetVanta 2300
Figure 4. NetVanta 2300 Front Panel Layout
Figure 5. NetVanta 2400 Front Panel Layout
Front Panel LEDs
Table 2 describes the front panel LEDs.
For these LEDs...
Table 2. NetVanta 2000 Series LEDs
This activity...
Indicates that...
PWR
(2050/2054/2100)
STATUS
(2300/2400)
Red (solid)
Green (flashing)
Green (solid) the unit has power, but the boot process failed.
the unit has power and is booting.
the unit has power and has successfully completed the boot process.
61202361L2-34B © 2004 ADTRAN, Inc.
21
Product Overview NetVanta 2000 Series Hardware Installation Guide
For these LEDs...
Table 2. NetVanta 2000 Series LEDs (Continued)
This activity...
Indicates that...
VPN STAT
(2050/2054/2100)
VPN STATUS
(2300/2400)
VPN TD/RD
PUB TD/RD
PUB LNK
(2300/2400)
*PRIV TD/RD
Red (slow flashing)
Red (fast flashing)
Amber (fast flashing)
Amber and Green
(alternating slow flash)
Green (solid)
Green
Green
Green (solid)
Amber (solid)
Green
Phase 1 IKE VPN negotiation has failed.
Phase 2 IKE VPN negotiation has failed.
Phase 2 IKE VPN negotiation is in progress.
there is an active tunnel and an additional
IKE Phase 1 VPN negotiation is in progress.
Phase 2 IKE VPN negotiation has completed successfully.
VPN data is being transmitted/received by the unit.
data is being transmitted/received on the public interface.
the 10BaseT Ethernet link is up.
the 100BaseT Ethernet link is up.
data is being transmitted/received on the private interface.
*PRIV LNK
(2300/2400)
Green (solid)
Amber (solid) the 10BaseT Ethernet link is up.
the 100BaseT Ethernet link is up.
*Note: The NetVanta 2300 and NetVanta 2400 have multiple private ports. These ports are labeled
PRIV 1, PRIV 2, and PRIV 3.
Reviewing the Unit Rear Panel Designs
The NetVanta 2050 and NetVanta 2100 rear panels contain two Ethernet ports, a DB-9 serial connection,
and a power connection (see Figure 6).
22
Figure 6. NetVanta 2050 and NetVanta 2100 Rear Panel Layout
© 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Product Overview
The NetVanta 2054 rear panel contains five Ethernet ports (a public connection and an integral four-port
private Ethernet switch), a DB-9 serial connection, and a power connection (see Figure 7).
ETH 0/2 ETH 0/3 ETH 0/4 ETH 0/5
Figure 7. NetVanta 2054 Rear Panel Layout
The NetVanta 2300 and the Netvanta 2400 rear panels contain four Ethernet ports, a DB-9 serial
connection, and a power connection (see Figure 8).
Figure 8. NetVanta 2300 and Netvanta 2400 Rear Panel Layout
Rear Panel Interfaces and LEDs
PUBLIC Interface
The NetVanta 2000 Series provides a standard 10/100BaseT Ethernet interface for connecting to the wide area network (WAN). Connect the public interface to a hub connected to the router interfacing with the non-secure Internet or the modem (cable or DSL) used for Internet access. A dynamic host configuration protocol (DHCP) client is enabled on the public interface by default. References to the public interface include Internet, WAN, and eth 0/1.
PRIVATE (NetVanta 2050/2054/2100)/PRIVATE 1 (NetVanta 2300 and Netvanta 2400) Interface
The NetVanta 2000 Series provides a standard 10/100BaseT Ethernet interface for connection to the local corporate network. (The 2054 provides an integral four-port Ethernet switch.) Connect the private interface to a hub located on your local corporate network. A DHCP server is enabled on the private interface by default.
References to the private interface include LAN, corporate, and eth 0/2. (The four ports on the 2054
are referenced as eth 0/2, eth 0/3, eth 0/4, and eth 0/5.) Table A-1 in Appendix A shows the
10/100BaseT pinout.
PRIVATE 2 and PRIVATE 3 Interface (NetVanta 2300 and NetVanta 2400)
The NetVanta 2300 and NetVanta 2400 have two additional 10/100BaseT Ethernet interfaces to be configured per user preference.
61202361L2-34B © 2004 ADTRAN, Inc.
23
Product Overview NetVanta 2000 Series Hardware Installation Guide
CONSOLE (Serial Interface)
The NetVanta 2000 Series provides a DB-9 serial communication port ( CONSOLE ) for accessing the
command line interface. Table A-2 in Appendix A. shows the pinout for the DB-9 connector.
Power Connection
NetVanta 2050, NetVanta 2054, and NetVanta 2100
NetVanta 2050, NetVanta 2054, and NetVanta 2100 include an AC adapter (which generates 12 VDC at
800 mA). Connect the AC adapter to a standard 120 VAC, 60 Hz electrical outlet for proper operation.
NetVanta 2300 and NetVanta 2400
NetVanta 2300 and NetVanta 2400 include an auto sensing 100-250 VAC, 50/60 Hz power supply with a three-prong removable cable. Connect the power supply to a standard 120 VAC, 60 Hz, or 220 VAC,
50 Hz electrical outlet for proper operation.
24 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Unit Installation
The instructions and guidelines provided in this section cover hardware installation topics. These instructions are presented as follows:
•
Wallmounting NetVanta 2000 Series Internet Security Appliances on page 26
•
Rackmounting NetVanta 2000 Series Internet Security Appliances on page 28
•
Supplying Power to the Unit on page 29
For information on router configuration for a specific application, refer to the quick start documents provided on your ADTRAN OS Documentation CD. For details on the command line interface, refer to the
AOS Command Reference Guide (also included on your CD).
To prevent electrical shock, do not install equipment in a wet location or during a lightning storm.
Tools Required
The customer-provided tools required for the hardware installation of the NetVanta 2000 Series are as follows:
• UTP Ethernet cable to connect unit to existing network
• Phillips-head screwdriver (rackmounting and wallmounting applications only)
• Internet Browser for configuring the unit using the GUI
To access the command line interface (CLI) of the NetVanta 2000 Series, you will also need a VT100 terminal or PC with terminal emulation software and a console port cable.
Instructions on how to access the CLI are given in the AOS Command Reference Guide
(provided on the ADTRAN OS Documentation CD).
Mounting Options
The NetVanta 2050, NetVanta 2054, and NetVanta 2100 may be installed in a wallmount or tabletop configuration. The NetVanta 2300 and NetVanta 2400 may be installed in a tabletop, wallmount, or
19-inch rackmount configuration. The following sections provide step-by-step instructions for wallmounting and rackmounting.
61202361L2-34B © 2004 ADTRAN, Inc.
25
Unit Installation NetVanta 2000 Series Hardware Installation Guide
Wallmounting NetVanta 2000 Series Internet Security Appliances
NetVanta 2050, NetVanta 2054, and NetVanta 2100
Step
1
2
3
4
5
Instructions for Wallmounting NetVanta 2050, NetVanta 2054, or NetVanta 2100
Action
Decide on a location for the NetVanta. Mount the unit at or below eye-level so that the LEDs are viewable.
Prepare the mounting surface by attaching a board (typically plywood, 3/ 4" to 1" thick) to a wall stud.
Important! Mounting to a stud ensures stability. Using sheetrock anchors may not provide sufficient long-term stability.
Install two #8 (1 1/ 2" or greater in length) wood screws into the mounted board following these
guidelines and referring to Figure 9:
• Screws should be spaced horizontally, approximately 5” apart. Find exact positioning by using the location of the two eyed insets on the bottom of the NetVanta as a guide. You can also use the Mounting Template located on your ADTRAN OS Documentation CD.
• Screws should be horizontally level with each other.
• Leave approximately 1/4” of the screws protruding from the board to allow the heads of the screws to slide into place in the unit’s keyed insets.
Slide the keyed insets on the bottom of the NetVanta chassis securely onto the screws.
Proceed to the steps given in Supplying Power to the Unit on page 29.
26
Figure 9. Wallmounting the NetVanta 2050, NetVanta 2054, or NetVanta 2100
© 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Unit Installation
NetVanta 2300 and NetVanta 2400
Step
1
2
3
4
5
Instructions for Wallmounting NetVanta 2300 or NetVanta 2400
Action
Orient the brackets (mounting ears), one on each side, such that the portion of the bracket with
the mounting holes is flush with the bottom of the chassis (see Figure 10 on page 28). (If the
brackets are already attached in a rackmounting position, you will have to detach them and rotate them 90 degrees to orient them properly, as shown in the figure.)
Decide on a location for the NetVanta 2000 Series. Mount the unit at or below eye-level so that the LEDs are viewable.
Important! Mount the chassis with LEDs facing to the side (not up or down) as shown in Figure
Prepare the mounting surface by attaching a board (typically plywood, 3/ 4" to 1" thick) to a wall stud.
Important! Mounting to a stud ensures stability. Using sheetrock anchors may not provide sufficient long-term stability.
Have someone else hold the unit in position as you install two 3/ 32" to 1/ 8" (1 1/ 2" or greater in length) wood screws through the each of the unit’s brackets and into the mounted board. See
Proceed to the steps given in Supplying Power to the Unit on page 29.
To avoid damaging unit, use only the screws included in shipment when attaching mounting ears to the chassis.
61202361L2-34B © 2004 ADTRAN, Inc.
27
Unit Installation NetVanta 2000 Series Hardware Installation Guide
Figure 10. Wallmounting the NetVanta 2300 or 2400
Rackmounting NetVanta 2000 Series Internet Security Appliances
The NetVanta 2300 and NetVanta 2400 are 1U high, rack mountable units which can be installed into
19-inch equipment racks. Follow these steps to mount the NetVanta 2000 Series into a rack:
Step
1
2
3
Instructions for Rackmounting NetVanta 2300 or NetVanta 2400
Action
Position the NetVanta 2000 Series in a stationary equipment rack. This unit takes up 1 U of space. To allow proper grounding, scrape the paint from the rack around the mounting holes where the NetVanta 2000 Series will be positioned.
Have someone else hold the unit in position as you install two mounting bolts through each of the unit’s brackets and into the equipment rack using a #2 Phillip’s screwdriver. (The brackets
must be oriented with the mounting holes facing forward, as in Figure 11.)
Proceed to the steps given in Supplying Power to the Unit on page 29.
28 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Unit Installation
Be careful not to upset the stability of the equipment mounting rack when installing this product.
To avoid damaging unit, use only the screws included in shipment when attaching mounting ears to the chassis.
Figure 11. Proper Mounting Bracket Orientation for Rackmounting
Supplying Power to the Unit
As shipped, the NetVanta 2000 Series is set to factory default conditions. After installing the unit, the
NetVanta 2000 Series is ready for power-up. To power-up the unit, ensure that the unit is properly connected to an appropriate power source (as outlined in the sections which follow).
NetVanta 2050, NetVanta 2054, and NetVanta 2100
The NetVanta 2050, NetVanta 2054, and NetVanta 2100 are supplied with a detachable AC adapter (which generates 12 VDC at 800 mA) for connecting to a grounded power receptacle.
61202361L2-34B © 2004 ADTRAN, Inc.
29
Unit Installation NetVanta 2000 Series Hardware Installation Guide
• This unit shall be installed in accordance with Articles 300 and 400 of the NEC NFPA
70.
• Power to the Netvanta 2050/2054/2100 system must be from a grounded 120 VAC,
60 Hz source.
• Maximum recommended ambient operating temperature is 45 o C.
NetVanta 2300 and NetVanta 2400
The AC powered NetVanta 2300 and NetVanta 2400 come equipped with an auto-sensing 100-250 VAC,
50-60 Hz power supply for connecting to a grounded power receptacle. A grounded, three-plug, detachable cable is included with the shipment for connecting to an appropriate power source.
• This unit shall be installed in accordance with Articles 300 and 400 of the NEC NFPA
70.
• Power to the NetVanta 2300/2400 AC system must be from a grounded 100-250 VAC,
50/60 Hz source.
• The power receptacle uses double-pole, neutral fusing.
• Maximum recommended ambient operating temperature is 45 o C.
30 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide Installing Management Components
Configuring the NetVanta 2000 Series through the web interface requires a host computer with an Ethernet interface and a web browser. ADTRAN recommends using Internet Explorer 5.5 or greater for optimal viewing of configuration web pages.
The NetVanta 2000 Series is configured with a default IP address of 10.10.10.1 and a subnet mask of
255.255.255.0 on the private interface. Select an IP address in the same range as the NetVanta unit and assign it to the host computer running the web browser. An example IP address is 10.10.10.50 with a subnet mask of 255.255.255.0. This section contains detailed procedures for assigning the selected IP address to a host computer for each of the popular operating systems.
After configuring the IP address of your host, open your installed browser and enter 10.10.10.1 in the URL field. The NetVanta login window appears. Enter admin as the username, enter your admin password, and click the OK button. (The default password is password .) After logging into the NetVanta, the Interfaces page appears. Use the Getting Started page to walk through the setup process.
For security purposes, it is important to set up an admin password immediately. Use the
Passwords page of the Web interface to change this password.
If you have a PC with DHCP client capabilities enabled, connect the NetVanta unit directly to your computer using the supplied Ethernet crossover cable. No other IP address configuration is necessary.
NetVanta units have DHCP server capabilities enabled by default. Connecting the unit to a network with a functioning DHCP server can cause IP address assignment conflicts.
For any operating system not discussed in this section, refer to the system’s user documentation for instructions on assigning IP addresses.
Configuring the Host IP Address
Select from the following options: Microsoft Windows 2000® or Windows XP®; Microsoft Windows
NT® or Windows 98/95®; or POSIX®-Compliant UNIX®/LINUX®.
Depending on the operating system, changing a PC’s TCP/IP setting may require a reboot.
61202361L2-34B © 2004 ADTRAN, Inc.
31
Installing Management Components NetVanta 2000 Series Hardware Installation Guide
Microsoft Windows 2000 ® or Windows XP ®
1. In Windows 2000, follow the menu path S TART >S ETTINGS >C ONTROL P ANEL . In Windows XP, the path may be S TART >C ONTROL P ANEL
, depending on your local settings.
2. After the C ONTROL P ANEL opens, double-click the N ETWORK AND D IALUP C ONNECTIONS ( N ETWORK
C ONNECTIONS in Windows XP) icon to display the existing network connections.
3. After the N ETWORK AND D IALUP C ONNECTIONS (or N ETWORK C ONNECTIONS ) open, double-click on the icon representing the local area connection.
4. After the local area connection S TATUS window opens, click the P ROPERTIES button.
5. After the local area connection P ROPERTIES
window opens, select the I NTERNET P ROTOCOL
(TCP/IP) component, and click the P ROPERTIES button.
6. Continue with one of the following options:
Set the IP Address Yourself
• Wait for the I NTERNET P ROTOCOL (TCP/IP)
P ROPERTIES
window to display.
• Select the U SE THE FOLLOWING IP ADDRESS radio button.
• Enter the IP address as: 10.10.10.50
.
• Enter the Subnet mask as: 255.255.255.0
.
• Enter the Default gateway as: 10.10.10.1
.
OR Use DHCP to Assign an IP Address
• Wait for the I NTERNET P ROTOCOL (TCP/IP)
P ROPERTIES
window to display.
• Select the O BTAIN AN IP A DDRESS
A UTOMATICALLY radio button.
7. Click OK to close the I NTERNET P ROTOCOL (TCP/IP) P ROPERTIES
window.
8. Click OK to close the local area connection P ROPERTIES window.
9. Close the N ETWORK AND D IALUP C ONNECTIONS
(or N ETWORK C ONNECTIONS ) window.
10. Close the C ONTROL P ANEL window.
If your network uses DHCP for dynamic IP addressing, remember to return the TCP/IP properties of your computer back to dynamic IP addressing after completing your installation.
Microsoft Windows NT ® or Windows 98/95 ®
1. In Windows, follow the menu path S TART >S ETTINGS >C ONTROL P ANEL
.
2. After the C ONTROL P ANEL opens, double-click the N ETWORK icon to display the existing network configuration.
3. Select TCP/IP from the list of installed network components. If there are multiple sessions, select the one for the Ethernet card in the host computer.
4. Click P ROPERTIES , which shows, in a multi-paned window, the existing properties of the TCP/IP protocol running on the host computer.
5. Select the IP A DDRESS pane by clicking on it.
32 © 2004 ADTRAN, Inc.
61202361L2-34B
NetVanta 2000 Series Hardware Installation Guide
6. Check the S PECIFY AN IP A DDRESS
radio button.
7. Continue with one of the following options:
Installing Management Components
Set the IP Address Yourself
• Enter the IP A DDRESS
as 10.10.10.50
• Enter the S UBNET M ASK
as 255.255.255.0.
OR Use DHCP to Assign an IP Address
• Enable the O BTAIN AN IP A DDRESS
A UTOMATICALLY
checkbox.
8. Click OK to close the Properties window.
9. Click OK on the Network Configuration window, which will ask you to reboot the browser computer.
10. Click Y ES
to reboot your computer.
If your network uses DHCP for dynamic IP addressing, remember to return the TCP/IP properties of your computer back to dynamic IP addressing after completing your installation.
POSIX ® -Compliant UNIX ® /LINUX ®
1. Log in as root , or change to superuser .
2. Run the ifconfig command -a option to list the configured network interfaces in the system. This will show the Ethernet interface name as well. For example:
#ifconfig -a lo0: flags=863<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000 hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 192.103.55.186 netmask ffffff00 broadcast 192.103.255.255
ether 8:0:20:a8:38:c6
3. Change the IP address of the Ethernet interface to 10.10.10.50 with subnet mask 255.255.255.0 by using the ifconfig command. For example:
# ifconfig eth0 10.10.10.50 netmask 255.255.255.0
4. Run the ifconfig command -a option again to make sure the interface address change is effective.
61202361L2-34B © 2004 ADTRAN, Inc.
33
Installing Management Components NetVanta 2000 Series Hardware Installation Guide
34 © 2004 ADTRAN, Inc.
61202361L2-34B
APPENDIX A.
CONNECTOR PIN DEFINITIONS
Table A-1. 10/100BaseT Pinout
Pin
1
2
3
4, 5
6
7, 8
Name Description
TX1
TX2
Transmit Positive
Transmit Negative
RX1 Receive Positive
Unused —
RX2 Receive Negative
Unused —
Table A-2. DB-9 Connector Pinout
8
9
6
7
4
5
2
3
1
Pin Name Description
DCD Data Carrier Detect
DSR
RTS
CTS
RI
RD
TD
DTR
SG
Receive Data
Transmit Data
Data Transmit Ready
Signal Ground
Data Set Ready
Request to Send
Clear to Send
Ring Indicator
61202361L2-34B © 2004 ADTRAN, Inc.
35
Appendix A. Connector Pin Definitions NetVanta 2000 Series Hardware Installation Guide
36 © 2004 ADTRAN, Inc.
61202361L2-34B
Index
A
AC adapter
address translation
administration
C
CONSOLE interface
contents of shipment
D
DHCP
dimensions
F
features
firewall features
front panel
I
installation of unit
introduction to NetVanta 2000 Series
IP address configuration
IPSec tunnel
L
LEDs
M
management components installing
mounting options rack
wall
N
NetVanta 2000 Series Routers dimensions
features
installation
introduction to
LEDs
power requirements
NetVanta 2050 front panel
power
61202361L2-34B © 2004 ADTRAN, Inc.
rear panel
shipping contents
wallmounting
NetVanta 2054 front panel
power
rear panel
shipping contents
wallmounting
NetVanta 2100
front panel
power
rear panel
shipping contents
wallmounting
NetVanta 2300 front panel
power
rackmounting
rear panel
shipping contents
wallmounting
NetVanta 2400 front panel
power
rackmounting
shipping contents
wallmounting
P
physical interfaces
power
power connection
power requirements
power-up
PPPoE
PRIVATE 2 interface
PRIVATE interface
PRIVATE/PRIVATE 1 interface
Product Registration
PUBLIC interface
R
rackmounting units
rear panel
37
Index routing
S
serial interface
Shipping Contents
T
tools required for installation
NetVanta 2000 Series Hardware Installation Guide
U
unpacking and inspecting the system
W
wallmounting units
web interface
38 © 2004 ADTRAN, Inc.
61202361L2-34B
advertisement
Related manuals
advertisement