Enterasys-networks XSR-3020 User Manual

X-Pedition™ Security RouterXSR-3020 Getting Started GuideVersion 3.0P/N 9033866-068.5x11-inch cover with bleed on 4 sides

viiiEnterasys Networks, Inc. Firmware License AgreementBEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,CAREFULLY READ THIS LICENSE AGREEMENT.Thisdoc

Cable, CompactFlash and Accessory SpecificationsA-14 Installing Shunt/Terminal StripTo install the shunt or terminal strip, attach two dual-pin units

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-15T3/E3 NIM CardThe T3/E3 full and sub-rate NIM, as shown in Figure A-17,

Cable, CompactFlash and Accessory SpecificationsA-16 1/2-Port BRI-S/T NIM Card PortsThe XSR offers a serial NIM card for 1 or 2 WAN interfaces over a

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-17Termination Shunt for the ISDN BRI-S/T NIM CardISDN BRI-S/T terminal eq

Cable, CompactFlash and Accessory SpecificationsA-18 1/2-Port BRI-U NIM Card PortsThe XSR provides a serial NIM card for 1 or 2 WAN interfaces over a

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-191-Port ADSL NIM Card PortThe XSR’s Asymmetric Digital Subscriber Line (

Cable, CompactFlash and Accessory SpecificationsA-20 T1/E1 Drop & Insert (D&I) NIMThe XSR’s 2-port T1/E1 D&I NIM card, as shown in Figure

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-21CompactFlash Memory CardThe optional plug-in CompactFlash (CF) memory c

Cable, CompactFlash and Accessory SpecificationsA-22 PWR ON XSR is powered up and Bootrom initializedOFF XSR is powered downVPN ON/OFF VPN tunnel is

Index-1IndexBBalundescription A-13Balun adapter A-3BRI S/T cardpart numbers A-3BRI S/Tpin assignments A-16BRI U cardpart numbers A-3BRI-U pin assignme

ixIftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.ExportAdministrationRegulations,inadditio

Index-2 how to attach the Ethernet serial cable 2-10how to attach the internal power supply cord 2-12how to attach the serial COM (console) cable 2-7

x11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligationsunderthisAgreement,exceptthatYou

xiContentsAbout This GuideContents of the Guide ...

xii Configuring the WAN Ports ...

xiiibu ...

xiv

xvAbout This GuideThis guide provides a general overview of the XSR-3020 hardware and software features and describes how to quickly install and confi

xviElectrical Hazard: Warns against an action that could result in personal injury or death due to an electrical hazard.Riesgo Electrico: Advierte con

xviiGetting HelpForadditionalsupportrelatedtotheXSR,contactEnterasysNetworksusingoneofthefollowingmethods:BeforecontactingEnterasysN

xviii

XSR Getting Started Guide 1-11OverviewThis chapter introduces the key features of the XSR-3020 and briefly describes hardware installation.System Desc

System Description1-2 OverviewFigure 1-1 Typical XSR-3020 TopologyHardware FeaturesThe semi-modular XSR, shown in Figure 1-2, comes equipped with the

System DescriptionXSR Getting Started Guide 1-3Figure 1-2 XSR-3020• Two Network Interface Module (NIM) slots for these optional cards:• 1, 2, or 4 f

System Description1-4 Overview• 14 diagnostic LEDs to display port, and system status as well as indicate a Flash upgrade in progress.• Five system fa

System DescriptionXSR Getting Started Guide 1-5• Simple Network Time Protocol (SNTP) server•OS fallbackIP Routing• Static and multiple routes to the s

System Description1-6 OverviewSecurity• Stateful inspection firewall engine• FTP, H.323, and RPC (SUN and Microsoft) ALG support• Application commands

System DescriptionXSR Getting Started Guide 1-7• Periodic Keep-Alive messages to learn of connection problems• Multi-protocol interconnect over Frame

System Description1-8 Overview• Bandwidth optimization (BoD) & Dial on Demand (DoD)• Bandwidth Allocation Protocol (BAP)• Security: PAP/CHAP• Call

System DescriptionXSR Getting Started Guide 1-9SecurID (third-party plug-in)Certificates (embedded/smart cards) – Microsoft only•Encryption• Advanced

iNoticeEnterasys Networksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentanditswebsitewitho

System Description1-10 OverviewAsynchronous Digital Subscriber Line (ADSL)• POTS and ISDN circuit support• ATM Frame UNI (FUNI) data framing format• O

Installation OverviewXSR Getting Started Guide 1-11• Switched PPP Multilink connections• Backup using ISDN & MLPPP connections• Dialer interface s

Installation Overview1-12 Overview

XSR Getting Started Guide 2-12Hardware InstallationIntroductionThis chapter provides a checklist to verify your shipment, suggestions for the installa

Installing NIM Cards and Rack Mounting2-2 Hardware Installation• Each XSR AC power supply requires a three-pronged power receptacle capable of deliver

Installing NIM Cards and Rack MountingXSR Getting Started Guide 2-34. Remove the NIM slot cover, as shown in Figure 2-2, by grasping the handle and pu

Installing NIM Cards and Rack Mounting2-4 Hardware Installation7. Attach the rack brackets to the chassis with the screws supplied, as shown in Figure

Installing a CompactFlash Memory CardXSR Getting Started Guide 2-5Installing a CompactFlash Memory CardAn optional CompactFlash (CF) memory card provi

Installing a CompactFlash Memory Card2-6 Hardware Installation2. Seat the card in the PCMCIA interface as shown in Figure 2-8.Gently insert the CF int

Connecting CablesXSR Getting Started Guide 2-7Connecting CablesPerform any of the following steps to connect your cabling to optional WAN or LAN NIMs,

iiRegulatory Compliance InformationFederal Communications Commission (FCC) NoticeTheXSRcomplieswithTitle47,Part15,ClassAofFCCrules.Operat

Connecting Cables2-8 Hardware InstallationFigure 2-11 Connecting High Speed Serial ConnectorFigure 2-12 Attaching T3/E3 BNC ConnectorsNIM 1NIM 2SECU

Connecting CablesXSR Getting Started Guide 2-9Figure 2-13 Connecting ADSL ConnectorA CompactFlash card is provided with the XSR ADSL NIM. It is loade

Connecting Cables2-10 Hardware Installation3. Connect the Ethernet port(s) to your LAN connectors with a cable, as shown in Figure 2-15.Figure 2-15 A

Connecting CablesXSR Getting Started Guide 2-115. Attach either the Ethernet or Fiber Ethernet LAN NIM, as shown in Figure 2-17 andFigure 2-18, respec

Connecting Cables2-12 Hardware Installation6. Attach the power supply cord to the connector at the rear of the XSR, as shown in Figure 2-19 and plug i

XSR Getting Started Guide 3-13Software ConfigurationThis chapter describes how to initialize, quickly set up and verify your configuration for the XSR

Initializing XSR Software3-2 Software Configuration• ETH 10/100/1000 LEDs turn ON and OFF a few times during initialization as the XSR proceeds from

Opening a COM (Console) SessionXSR Getting Started Guide 3-3first error will be reported, along with a count of the sum of errors incurred. In the cas

Optional: Configuring Remote Auto Install3-4 Software Configurationsame node - 10.10.1.2 (configuration of DNS and TFTP servers are not shown here). I

Optional: Configuring Remote Auto InstallXSR Getting Started Guide 3-5****************** REMOTE AUTO INSTALL TERMINATING*****************+ The RAI pro

iiiIndustry Canada NoticesThisdigitalapparatusdoesnotexceedtheclassAlimitsforradionoiseemissionsfromdigitalapparatussetoutintheRa

Optional: Configuring Remote Auto Install3-6 Software Configurationvirtual-template 1pppoe limit per-mac 10+ This is an optional command.pppoe limit m

Configuring the XSR Name and User InformationXSR Getting Started Guide 3-7+ The XSR waits one minute for the PPPoE connection to come up.Phase 4 - ADS

Configuring the LAN Ports3-8 Software ConfigurationXSR(config)#sntp-server enableRemember to save your configuration after all edits.Configuring the L

Configuring the WAN PortsXSR Getting Started Guide 3-9The value you set must match the type and format offered by your service provider and must corre

Configuring the WAN Ports3-10 Software Configuration3. Enter no shutdown to keep the BRI interface enabled.4. Enter frame-relay lmi-type <ilmi | an

Configuring the WAN PortsXSR Getting Started Guide 3-11ADSL ConfigurationADSL can be configured using three different types of encapsulation: PPPoA, P

Firewall Sample Configuration3-12 Software ConfigurationThe commands below configure the ATM interface and sub-interface with a negotiated IP address,

Firewall Sample ConfigurationXSR Getting Started Guide 3-13Figure 3-1 XSR with Firewall TopologyIn this configuration, the firewall provides protecte

Setting Up RIP Routing3-14 Software ConfigurationTrial load the completed configuration into the firewall engine, and if successful, load the configur

Configure OSPF RoutingXSR Getting Started Guide 3-1512. Enter network <xxx.xxx.xxx.xxx> (IP address) of the network to be advertised. Repeat the

ivProduct SafetyThisproductcomplieswiththefollowing:UL60950,CSAC22.2No.60950,73/23/EEC,EN60950,EN60825,IEC60950.UsetheXSRwiththe

Setting Up an SNMP Community String, Traps and V3 Values3-16 Software Configuration7. Enter map-class frame-relay <name> to designate this map-c

Configuring Message Logging and Severity LevelXSR Getting Started Guide 3-17Groups offer users authorization choices and read/write privileges.6. Opti

Connecting Remotely via the Web3-18 Software ConfigurationConnecting Remotely via the Web1. Enter configure to acquire Configuration mode.2. Enter ip

Connecting Remotely via the WebXSR Getting Started Guide 3-19Click on Product Version to bring up the Product Version window for a host of hardware, b

LAN-PPP Services Sample Configuration3-20 Software ConfigurationLAN-PPP Services Sample ConfigurationThe sample configuration below, see Figure 3-4, c

Frame Relay WAN Link with PPP Backup Sample ConfigurationXSR Getting Started Guide 3-21XSR(config-controller<T1-1/0>)#no shutdown+ Enables T1 co

Frame Relay WAN Link with PPP Backup Sample Configuration3-22 Software ConfigurationConfigure Users and PasswordsXSR(config)#username bob password cle

Frame Relay WAN Link with PPP Backup Sample ConfigurationXSR Getting Started Guide 3-23XSR(config-pmap-c<priority-server>)#priority medium 20 64

Frame Relay WAN Link with PPP Backup Sample Configuration3-24 Software ConfigurationApply QoSXSR(config)#map-class frame-relay CLASS-FRP+ Adds a FR ma

Frame Relay WAN Link with PPP Backup Sample ConfigurationXSR Getting Started Guide 3-25XSR(config)#access-list 125 deny ip host 192.168.1.15 anyXSR(co

vѻѻક䇈ᯢк䰘ӊSupplement to Product Instructions ᳝↦᳝ᆇ⠽䋼៪ܗ㋴(Hazardous Substance) 䚼ӊৡ⿄(Parts) 䪙3E∲+J䬝&G݁Ӌ䫀&U໮⒈㘨㣃3%%໮⒈Ѡ㣃䝮3%'

VPN Site-to-Site Sample Configuration3-26 Software ConfigurationConfigure SNMPThe previously configured ACL will be applied to all SNMP requests. Stri

VPN Site-to-Site Sample ConfigurationXSR Getting Started Guide 3-27Generate Master Encryption KeyIf you have not already generated a master encryption

VPN Site-to-Site Sample Configuration3-28 Software ConfigurationCreate a Transform SetThe following transform-set specifies the specified encryption/d

VPN Sample Configuration with Network Extension ModeXSR Getting Started Guide 3-29XSR(config)#interface vpn 57 multi-pointXSR(config-int-vpn)#ip addre

VPN Sample Configuration with Network Extension Mode3-30 Software ConfigurationFigure 3-6 VPN Topology with NEM, EZ-IPSec and Internet AccessIf you h

VPN Sample Configuration with Network Extension ModeXSR Getting Started Guide 3-31Configure AAA authentication by assigning a virtual subnet to the DE

XSR Rebooting Characteristics3-32 Software ConfigurationXSR(config)#access-list 103 permit ip any 10.10.10.0 0.0.0.255Create crypto map statements for

XSR Rebooting CharacteristicsXSR Getting Started Guide 3-33CPU: Broadcom BCM1250 Rev 2VxWorks version: VxWorks5.4.2Bootrom version: 1.5Creation date:

XSR Rebooting Characteristics3-34 Software ConfigurationPower-Up RebootIf you power cycle the XSR by flipping the switch on the back panel, the XSR wi

Bootrom Monitor Mode CommandsXSR Getting Started Guide 3-35• Bootrom is valid.• The software image in Flash is valid.Bootrom Monitor Mode CommandsBoot

viVCCI NoticeThisisaclassAproductbasedonthestandardoftheVoluntaryControlCouncilforInterferencebyInformationTechnologyEquipment(VC

Bootrom Monitor Mode Commands3-36 Software ConfigurationXSR-3020:bpEnter current password:Enter new password: ******Re-enter new password: ******Passw

Bootrom Monitor Mode CommandsXSR Getting Started Guide 3-37copyThis command copies a file using the syntax copy <source name> <destination na

Bootrom Monitor Mode Commands3-38 Software ConfigurationffThis command formats the Flash file system. We recommend that you first save any .dat, .cert

Bootrom Monitor Mode CommandsXSR Getting Started Guide 3-39Local target name (robo1) :Autoboot (yes) :Quick boot (no) :Permanently save the network

Bootrom Monitor Mode Commands3-40 Software ConfigurationBadVAddr=08112233PP - Crashed Task Stack (sp=85febb90):0x85feb790 ffffffff 00000000 00000

Bootrom Monitor Mode CommandsXSR Getting Started Guide 3-41Local target name : XSR1Autoboot : enabledQuick boot : noCurrent Gigabit

Bootrom Monitor Mode Commands3-42 Software Configuration

A-1ASpecificationsSystem SpecificationsThis appendix details XSR data about hardware functionality including:• Processor, system memory, chassis, powe

Cable, CompactFlash and Accessory SpecificationsA-2 Cable, CompactFlash and Accessory SpecificationsRefer to the following table for specifications o

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-32-port synch/asynch card4-port synch/asynch card68-pin, male SCSI IIINIM

viiAustralian TelecomWARNING:Donotinstallphonelineconnectionsduringanelectricalstorm.WARNING:Donotconnectphonelineuntiltheinterface

Cable, CompactFlash and Accessory SpecificationsA-4 COM (Console) PortThe XSR comes equipped with a COM serial port useful for initial configuration

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-5GigabitEthernet PortsThe XSR comes equipped with three GigabitEthernet (

Cable, CompactFlash and Accessory SpecificationsA-6 Copper/Fiber-optic Ethernet NIMsThe single-port Copper or Fiber-optic Ethernet NIMs, shown in Fig

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-72/4-Port Serial NIM Card PortThe High Speed Serial NIM card, as shown in

Cable, CompactFlash and Accessory SpecificationsA-8 Figure A-8 EIA-232/530 DTE Pin Assignments171819 3RxD2+RxD21231151047681213151691462231621441951

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-9Figure A-9 EIA-449 DTE Pin Assignments171819272112311510476812131516914

Cable, CompactFlash and Accessory SpecificationsA-10 Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments12311510476812131516914316214419513151

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-11Figure A-11 V.35 DTE Pin Assignments1719272113115104156161213914ERTPSC

Cable, CompactFlash and Accessory SpecificationsA-12 T1/E1/ISDN PRI NIM Card PortsThe T1/E1/ISDN PRI NIM comes equipped with either 1, 2 or 4 Etherne

Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-13Balun for E1 or PRI NIM CardsSome overseas electrical systems require t