manualshive.com logo in svg

Allot NetEnforcer AC-2500 Series, Hardware Manual

The Allot NetEnforcer AC-2500 Series offers advanced network traffic management solutions. Unlock the full potential of this hardware with the free Hardware Manual available for download from manualshive.com. This manual provides comprehensive instructions, making it easy to configure and optimize your network performance. Download now and take control.

Share
Download
background image

 

Chapter 1: AC-2500 Series Hardware 

 

 

 

 

 

NetEnforcer AC-2500 Hardware Guide 

1-10 

Accessories Area 

Management Port (Out of Band Management) 

Out-of-band management provides the following: 

 

Offers physical separation between shaped traffic and management traffic. 

 

Enables access to NetEnforcer even if there is a problem in the network (for 
example, DoS attack). 

 

Prevents management traffic from interfering with shaped traffic. 

 

Permits NetEnforcer management from a DMZ.  

The NetEnforcer includes a dedicated Management port for out-of-band management of 
the device. The dedicated Management port provides a secure solution for device 
management for enterprise and service providers. It enables you to permit access solely 
to a closed group of network administrators, so that ISP customers cannot "see" the 
Management port and therefore cannot access the NetEnforcer management. Operating 
through the Management port denies management access to the device from Internal or 
External ports. Moreover, when there is a problem in the regular network, for example, 
a DoS (Denial of Service) attack, you can still manage and monitor the NetEnforcer. 

Using a Management port has the following benefits: 

 

Provides a security feature that prevents ISP customers from "seeing" the 
Management port and thus prevents access to NetEnforcer. The Internal and 
External ports are functioning solely to forward traffic, consequently only the 
administrator (the only one who has access to the Management port) has access 
to NetEnforcer.  

 

Enables configuring, installing and upgrading while the unit is in Bypass mode. 
This is particularly important when NetEnforcer is in carrier environments. 

 

Improves NetEnforcer's forwarding performance by separating the management 
traffic from the regular traffic. In addition, if a problem exists in the regular 
network you can still communicate with NetEnforcer in order to repair the 
problem. 

 

Provides an infrastructure for improvement of the redundancy capabilities. 

NOTE  

The Management port has its own MAC and IP address.  

Summary of Contents for NetEnforcer AC-2500 Series

Page 1: ......

Page 2: ......

Page 3: ...NetEnforcer AC 2500 Series Policy Based Bandwidth Management Hardware Guide P N D360002 R2...

Page 4: ......

Page 5: ...OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Copyright Copyright 1997 2007 Allot Communications All rights reserved No part of this document ma...

Page 6: ...Important Notice AC 2500 Series Hardware Guide iv Printing History First Edition October 2006 Second Edition September 2007...

Page 7: ......

Page 8: ......

Page 9: ...Accessories Area 1 10 Cabling 1 12 AC 2500 Series Copper 1 12 AC 2500 Multi Mode SX Fiber 1 13 AC 2500 Series Single Mode LX5 LX20 ZX Fiber 1 14 Connectors 1 15 Bypass Units 1 16 AC 2520 Bypass Unit 1...

Page 10: ...edundancy for the AC 2520 4 14 Active Redundancy for the AC 2540 4 14 Serial Redundancy 4 15 NetEnforcer Failover 4 16 Serial Redundancy in Mesh Topologies 4 17 CHAPTER 5 HARDWARE SPECIFICATIONS 5 1 D...

Page 11: ...orcer AC 2520 to Double Copper Bypass Unit 1 17 Figure 1 9 Double Fiber Bypass Unit MultiMode 1 18 Figure 1 10 Double Fiber Bypass Unit Single Mode 1 19 Figure 1 11 Connecting the NetEnforcer AC 2520...

Page 12: ...3 NIC Tab AC 2540 NetXplorer Configuration 4 7 Figure 4 4 Networking Tab AC 2540 NetXplorer Configuration 4 8 Figure 4 5 Serial Redundancy Normal Scenario 4 15 Figure 4 6 Serial Redundancy Failover S...

Page 13: ...its come with an additional Bypass Unit CAUTION All AC 2500 Series models only function when the appropriate Bypass Unit is connected to it This is to ensure continuous service in the event of failure...

Page 14: ...connectors The AC 2540 has a throughput of 5 Gbps 2 5 Gbps full duplex Unpacking the NetEnforcer Verify that the following items are included with the NetEnforcer NetEnforcer hardware with pre install...

Page 15: ...front panel of each AC 2500 series unit is separated into four areas as shown below Figure 1 1 Front Panel AC 2500 Series The front panel of NetEnforcer is laid out as follows LCD panel described on p...

Page 16: ...Chapter 1 AC 2500 Series Hardware NetEnforcer AC 2500 Hardware Guide 1 4 AC 2500 Series Front Panels AC 2520 Front Panels Figure 1 2 Front Panel AC 2520 Copper Figure 1 3 Front Panel AC 2520 Fiber...

Page 17: ...Series Hardware NetEnforcer AC 2500 Hardware Guide 1 5 AC 2540 Front Panels Figure 1 4 Front Panel AC 2540 Fiber CAUTION CLASS 1 LASER PRODUCT DANGER Invisible laser radiation when opened AVOID DIRECT...

Page 18: ...l On Off Enter Up Arrow Display Area Select Power Indicator Active Indicator Standby Indicator Left Arrow Right Arrow Down Arrow On Off Enter Up Arrow Display Area Select Power Indicator Active Indica...

Page 19: ...nforcer is the primary system If you have one NetEnforcer this should be the normal state of the LED If you have two NetEnforcers configured in Parallel Redundancy mode this NetEnforcer is the primary...

Page 20: ...ed for Redundancy purposes Each line feed is driving one power supply NOTE The AC power supply automatically adapts to voltages between 100 V and 240 V 50 60 Hz The DC power supply automatically adapt...

Page 21: ...iver SFP LX 20 Transceiver SFP ZX AC DC CAUTION The power entry modules AC supply option include two fuses T2A 250 V 5 x 20 mm at each power entry One is a spare fuse for replacement purposes You can...

Page 22: ...management access to the device from Internal or External ports Moreover when there is a problem in the regular network for example a DoS Denial of Service attack you can still manage and monitor the...

Page 23: ...ne Interface CLI Power Cable Connectors The unit power cables AC or DC plug in here The power cables should not be removed while swapping the power modules CAUTION This equipment has a connection betw...

Page 24: ...ctions Cable Type Connector Type To NetEnforcer Management Port Ethernet Cat 6 Included P N C411011 RJ 45 To NetEnforcer Console Port Ethernet Cat 6 Included P N C002005B RJ 45 Primary NetEnforcer Int...

Page 25: ...ype To NetEnforcer Management Port Ethernet Cat 6 Included P N C411011 RJ 45 To NetEnforcer Console Port Ethernet Cat 6 Included P N C002005B RJ 45 Primary NetEnforcer to Bypass Unit Internal External...

Page 26: ...o NetEnforcer Management Port Ethernet Cat 6 Included P N C411011 RJ 45 To NetEnforcer Console Port Ethernet Cat 6 Included P N C002005B RJ 45 Primary NetEnforcer to Bypass Unit Internal External 9 12...

Page 27: ...s Units using Multi Mode fiber SX utilize dual SC Connectors Figure 1 6 Dual SC Connector Multi Mode Fiber NetEnforcer Bypass Units using Single Mode fiber LX5 LX20 and ZX utilize dual LC connectors F...

Page 28: ...erates with a Multi port Fiber Bypass CAUTION A NetEnforcer AC 2500 unit must be connected to the appropriate Bypass Unit This is to ensure continuous service in the event of failure A separate NetEnf...

Page 29: ...nformation regarding cable and connector types see Cabling on p 1 12 1 Connect the External cable from the To NetEnforcer External port Link 1 on the Bypass Unit to the External port on the NetEnforce...

Page 30: ...nnector is plugged into the NetEnforcer NOTES To connect a secondary NetEnforcer for Parallel Redundancy you need two NetEnforcers and one Bypass Unit Internal and external connectors of the redundant...

Page 31: ...itch and the router The Double Fiber Bypass Unit includes connectors for connecting to Link 1 and Link 2 on the AC 2520 The Link Connectors area includes either two duplex LC connectors and one built...

Page 32: ...formation regarding cable and connector types see Cabling on p 1 12 1 Connect the fiber cable labeled To NetEnforcer External Link 1 from the Bypass Unit to the External port on the NetEnforcer Link 1...

Page 33: ...ernal and external connectors of the redundant NetEnforcer should be connected directly to the network There is no need to connect via the Bypass Unit AC 2540 Bypass Unit Multi Port Fiber Bypass Unit...

Page 34: ...2500 Hardware Guide 1 22 Figure 1 13 Connecting the NetEnforcer AC 2540 to Multi Port Fiber Bypass Unit To connect the Bypass Unit to the NetEnforcer AC 2540 NOTE For important information regarding...

Page 35: ...on the Bypass Unit to the Backup port on NetEnforcer The 9 pin connector is plugged into the bypass unit and the 26 pin connector is plugged into the NetEnforcer NOTES To connect a secondary NetEnfor...

Page 36: ...that all wire connections are secure suggested DC input wires are 14 AWG copper UL listed conductors Ground wire to the ground connector you should always connect the ground wire first and disconnect...

Page 37: ...ohibited This equipment has a connection between the earthed conductor of the DC supply circuit and the earthing conductor Grounding All NetEnforcer equipment has a connection between the grounded con...

Page 38: ...o power and no failure condition exists The Power LED on the LCD panel is lit and the Mode LED on the Bypass Unit is off indicating that the power is on and NetEnforcer is bypassed The display area of...

Page 39: ...onnect NetEnforcer to your network 1 Connect the Bypass Unit to NetEnforcer as described in Bypass Units page 1 16 2 Connect the LAN side of your network to the Internal connector of each link on the...

Page 40: ......

Page 41: ...orcer or by using the LCD panel Configuring Via a Terminal or Telnet You can use a standard terminal PC running terminal emulation software connected to the Console port or Telnet via the internet to...

Page 42: ...tEnforcer as described in Powering Up page 1 23 3 At the terminal select Start Programs Accessories and double click on the HyperTerminal icon Enter a name for the session and then to set the com port...

Page 43: ...you are prompted for a login and a password 2 Enter admin for the login and allot for the password To change the password see page 3 8 Press Enter The NetEnforcer Setup Menu is displayed NetEnforcer S...

Page 44: ...y set network configuration parameters at any time To display the current configuration 1 In the NetEnforcer Setup Menu enter 1 List current configuration and press Enter The current network configura...

Page 45: ...up Menu Configuring Network Parameters You can define network parameters manually To define network parameters manually 1 In the NetEnforcer Setup Menu enter 2 Network configuration and press Enter Th...

Page 46: ...NE Primary name server IP address If you have a Domain Name Server DNS its IP address If you do not have a DNS enter none Secondary name server IP address If you have a second DNS its IP address If yo...

Page 47: ...link speed of the Internal interface 10M or 100M Use M for Mbps The duplex type for the External interface Enter full for full duplex half for half duplex or auto for AutoSensing If you selected full...

Page 48: ...the Internet and should therefore be protected with a unique password To change the users password 1 In the NetEnforcer Setup Menu enter 3 Change password and press Enter The Password screen is displa...

Page 49: ...rcer Setup Menu enter 4 Set time and press Enter The Time Setup screen is displayed Figure 3 5 Time Setup The current day date system time and time zone are displayed at the top of the screen 2 To cha...

Page 50: ...nd a password 3 At the terminal press Enter The system boots up and you are prompted for a login and a password 4 Enter root for the login and bagabu for the password and then press Enter 5 Enter pass...

Page 51: ...econds NOTE When you are configuring NetEnforcer and there is no activity for more than 30 seconds the display area returns to the default view and any modifications to parameters that were not saved...

Page 52: ...ort can be configured via the LCD To configure NIC settings 1 With the display area displaying the default view press the Select button The main menu is displayed as follows Main menu 1 NIC Settings 2...

Page 53: ...splay area displaying the default view press the Select button The Main menu is displayed 2 Press the down arrow once to display the following Main menu 2 Setup IP 3 Press the Select button The displa...

Page 54: ...left and right arrow buttons to move between the digits 9 Press the Enter button The display area indicates the following S ave C ancel 10 Use the arrow buttons to select whether to save the settings...

Page 55: ...e arrow buttons to select whether to enter Bypass mode and press the Enter button NetEnforcer switches to Bypass mode and after a few moments the display area displays its default view the current ban...

Page 56: ...isplaying the default view press the Select button The Main menu is displayed 2 Press the down arrow five times to display the following Main menu 6 Shutdown 3 Press the Select button The display area...

Page 57: ...t view 1 With the display area displaying the default view press the Select button The Main menu is displayed 2 Press the down arrow six times to display the following Main menu 7 Exit 3 Press the Ent...

Page 58: ......

Page 59: ...nt redundancy it is essential to enable and configure the desired redundancy mode in each NetEnforcer involved Configuring the AC 2520 via the NetEnforcer 1 Configure the Management Port interface via...

Page 60: ...external2 MODE SPEED For example go config nic internal1 full 100 To set redundancy mode go config network redund_mode Options are o parallel o active o serial For example go config network redund_mo...

Page 61: ...the NetEnforcer you wish to configure in the Navigation Pane 3 Select Configuration from the drop down menu 4 Open the NIC tab and in the Action on Failure field set INTERNAL1 and EXTERNAL1 to fail pa...

Page 62: ...e 4 2 Networking Tab AC 2520 NetXplorer Configuration 8 Click Save The system will reboot After rebooting you can view the changes from the Configuration tab For more information concerning NetEnforce...

Page 63: ...onfiguration 4 Select the NIC tab and configure the remaining network interfaces The interfaces can also be configured by opening a console connection to the NetEnforcer and using the following comman...

Page 64: ...dancy go config network bypass_unit Options are o enable o disable For example go config network bypass_unit enable Configuring the AC 2540 via NetXplorer 1 Log into NetXplorer 2 Right click the NetEn...

Page 65: ...NIC Tab AC 2540 NetXplorer Configuration 5 Set INTERNAL2 EXTERNAL2 INTERNAL4 and EXTERNAL4 to No Action in the Action on Failure field 6 Open the Networking tab and set the Redundancy Mode as required...

Page 66: ...e 4 4 Networking Tab AC 2540 NetXplorer Configuration 8 Click Save The system will reboot After rebooting you can view the changes from the Configuration tab For more information concerning NetEnforce...

Page 67: ...tEnforcer become active During normal operation or after recovering from a failure the Primary probe is be the active probe Both NetEnforcers receive traffic from the internal network but only the Pri...

Page 68: ...ables Standby LED Active LED Power LED Analysis Primary Unit OFF ON ON Primary NetEnforcer is in Active mode Secondary Unit ON OFF ON Secondary NetEnforcer is in Standby mode and is ready to take over...

Page 69: ...take control and become the active unit under the following conditions Upon a Primary subsystem failure During booting of the Primary NetEnforcer platform When booting is completed the Primary unit au...

Page 70: ...he Primary connector of the Bypass Unit 4 Designate the other NetEnforcer to be the Secondary and connect one end of the Backup cable to the Backup connector of the Secondary NetEnforcer 5 Connect the...

Page 71: ...balancing mode Failover In the event that one of the links fails due to router switch or line malfunction the network redundancy mechanism for example spanning tree will ensure that traffic is routed...

Page 72: ...tch port is connected to the Internal port of the first line card s bypass unit The corresponding port is connected to the Internal port of the AC 2520 The External port of the AC 2520 is connected to...

Page 73: ...at all times and the other is in bypass mode There is no NetEnforcer is standby mode When the active unit moves to bypass the passive NetEnforcer switches to active Even if the previously active NetE...

Page 74: ...lity will be maintained In the unlikely situation where the Secondary unit fails it will go in to bypass mode bypassing the failed NetEnforcer Network connectivity will maintain but all NetEnforcer fu...

Page 75: ...rio Serial Redundancy in Mesh Topologies Serial Redundancy can support mesh topology configurations In the network diagram described below each of the NetEnforcer units should be able to handle two li...

Page 76: ...2500 Hardware Guide 4 18 Figure 4 8 Serial Redundancy Mesh Scenario In a network configuration with four network interfaces each of the NetEnforcer units must have eight network interfaces The AC 2540...

Page 77: ...h 17 32 in 440 mm Depth 14 76 in 375 mm Weight Copper 24 9 lbs 11 3 kg Fiber 25 3 lbs 11 48 kg NOTE The weight of the Copper Bypass Unit is 3 86 lbs 1 75 kg and the weight of the Fiber Bypass Unit is...

Page 78: ...Chapter 5 Hardware Specifications NetEnforcer AC 2500 Hardware Guide 5 2 Operating Environment Temperature 32 F to 104 F 0 to 40 C Humidity 5 to 95 non condensing...

Page 79: ...0 3 3 1995 EN 55024 1998 A1 01 FCC 47 CFR part 15 subpart B class A ICES 003 1997 class A VCCI 2002 class B NEBS GR 1089 Core Safety IEC 60950 1999 with Japanese deviations EN 60950 2000 NEBS GR 1089...

Page 80: ......

Page 81: ...rks the NetEnforcer can be separated from the NetXplorer server by a firewall for security reasons To enable the communication between the NetXplorer and NetEnforcers the following ports in the Firewa...

Page 82: ......

Page 83: ...u trafic uniquement vers des l ments passifs permettant ainsi au r seau de fonctionner Le NetEnforcer de s rie AC 2500 associe une conception de classe transporteur une redondance des l ments fondamen...

Page 84: ...n continue contre les incendies toujours remplacer un l ment par un composant du m me type et de m me intensit Avant de retirer le couvercle d connecter le produit de l alimentation secteur Toute op r...

Page 85: ...au conducteur de masse D RIVATION Afin de garantir la continuit du service en cas de panne toute unit NetEnforcer AC 2500 doit tre reli e une unit de d rivation adapt e Redondance Dans le cas d une c...

Page 86: ...60 Hz L alimentation c c quant elle s adapte automatiquement des tensions de 48 ou 60 V c c Cet quipement est destin une utilisation dans un espace acc s limit et par un personnel d ment qualifi Pour...

Page 87: ...ndeur 375 mm 14 76 in Poids Cuivre 11 3 kg 24 9 lbs Fibre optique 11 48 kg 25 3 lbs REMARQUE L unit de d rivation en cuivre p se 1 75 kg 3 86 lbs celle en fibre optique p se 1 94 kg 4 28 lbs Sp cifica...

Reviews:

No comments

Related manuals for NetEnforcer AC-2500 Series

NEC NECCare Platinum Express5800/A1160 Brochure & Specs preview
NECCare Platinum Express5800/A1160
Brand: NEC Pages: 4
NEC NECCare Gold Express5800/320Fd Maintenance And Service Manual preview
NECCare Gold Express5800/320Fd
Brand: NEC Pages: 11
NEC NEC Express5800/R120d-2E Configuration Manual preview
NEC Express5800/R120d-2E
Brand: NEC Pages: 39
NEC UNIVERGE NEAX 2000 IPS Manual preview
UNIVERGE NEAX 2000 IPS
Brand: NEC Pages: 244
NEC UNIVERGE NEAX 2000 IPS General Description Manual preview
UNIVERGE NEAX 2000 IPS
Brand: NEC Pages: 191
NEC UNIVERGE NEAX 2000 IPS Configuration Manual preview
UNIVERGE NEAX 2000 IPS
Brand: NEC Pages: 96
Avaya 2N Helios IP Application Notes preview
2N Helios IP
Brand: Avaya Pages: 19
YOKOGAWA SMARTDAG+ GM10 User Manual preview
SMARTDAG+ GM10
Brand: YOKOGAWA Pages: 22
IBM eServer 380 xSeries User Reference Manual preview
eServer 380 xSeries
Brand: IBM Pages: 112
Supermicro SUPERSERVER 5018A-MHN4 User Manual preview
SUPERSERVER 5018A-MHN4
Brand: Supermicro Pages: 116
ANTAIRA STW-611C Installation Manual preview
STW-611C
Brand: ANTAIRA Pages: 2
AIC FB128-LX User Manual preview
FB128-LX
Brand: AIC Pages: 79
ABB doGATE Installation Instructions Manual preview
doGATE
Brand: ABB Pages: 9
ABB SPA OPC User Manual preview
SPA OPC
Brand: ABB Pages: 68
Cisco UCS C220 M4 Maintaining The Server preview
UCS C220 M4
Brand: Cisco Pages: 72
Cisco UCS C240 M3 User Manual preview
UCS C240 M3
Brand: Cisco Pages: 64
Cisco TelePresence MSE 8710 Installation Manual preview
TelePresence MSE 8710
Brand: Cisco Pages: 12
Cisco Secure Network Server 3600 Series Hardware Installation Manual preview
Secure Network Server 3600 Series
Brand: Cisco Pages: 38

Brands by name

Popular brands

Load more brands