XSR-1805
Getting Started Guide
Version 7.5
X-Pedition™ Security Router
9033724-09
Page 1: ...XSR 1805 Getting Started Guide Version 7 5 X Pedition Security Router 9033724 09...
Page 2: ...Class A of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that m...
Page 3: ...x appareils num riques de la class A prescrites dans le R glement sur le brouillage radio lectrique dict par le minist re des Communications du Canada Equipment Attachments Limitations NOTICE The Indu...
Page 4: ...ur Klasse A Industriebereich In Wohnbereichen kann es hierdurch zu Funkst rungen kommen daher sollten angemessene Vorkehrungen zum Schutz getroffen werden Product Safety This product complies with the...
Page 5: ...ment and human health as a result of the presence of hazardous substances in electrical and electronic equipment 4 It is the users responsibility to utilize the available collection system to ensure W...
Page 6: ...ical storm WARNING Do not connect phone line until the interface has been configured through local management The service provider may shut off service if an un configured interface is connected to th...
Page 7: ...PNC testing program is an important source for certification of conformance to IPSec standards With rigorous interoperability testing the VPNC logo program provides IPSec users even more assurance tha...
Page 8: ...ovided in this package subject to the terms and conditions of this Agreement 2 RESTRICTIONS Except as otherwise authorized in writing by Enterasys You may not nor may You permit any third party to i R...
Page 9: ...FOR LOSS OF BUSINESS PROFITS BUSINESS INTERRUPTION LOSS OF BUSINESS INFORMATION SPECIAL INCIDENTAL CONSEQUENTIAL OR RELIANCE DAMAGES OR OTHER LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PROGR...
Page 10: ...subsequent breach of such term or condition Enterasys failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occ...
Page 11: ...D BoD 1 9 Installation Overview 1 10 Chapter 2 Hardware Installation Introduction 2 1 Verifying Your Shipment 2 1 Installation Site Suggestions 2 1 Installing the NIM Cards 2 2 Installing the CompactF...
Page 12: ...y QoS 3 25 Configure OSPF Routing 3 25 Configure More Access Lists 3 26 Configure DHCP BOOTP Relay 3 26 Configure the Dial Backup Connection 3 26 Configure SNMP 3 27 VPN Site to Site Sample Configurat...
Page 13: ...Copper Fiber optic Ethernet NIMs A 5 2 4 Port Serial NIM Card Port A 6 T1 E1 ISDN PRI NIM Card Ports A 11 Balun for E1 or PRI NIM Cards A 12 Grounding Shunt for E1 NIM Cards A 12 Installing Shunt Ter...
Page 14: ...xiv...
Page 15: ...he optional rack mounting kit Chapter 3 Software Configuration describes how to initiate and quickly configure the XSR It also details how to add an interface and subnet mask set passwords SNMP DNS an...
Page 16: ...ejemplo a setup Las configuraciones default pueden tambi n aparecer en negrilla Italics It li ca Text in italics indicates a variable important new term or the title of a manual El texto en it lica in...
Page 17: ...he problem The XSR s history i e have you returned the device before is this a recurring problem etc Any previous Return Material Authorization RMA numbers World Wide Web http www enterasys com Phone...
Page 18: ...xviii...
Page 19: ...ored using SNMP v1 v2c v3 with standard MIB II and proprietary MIB support The XSR also provides Web access to display device data A typical XSR deployment might be in two branch offices linked to a r...
Page 20: ...port T3 E3 channelized unchannelized WAN NIM with BNC ports This NIM is also available with up to 16 T1 E1 tributaries and system synchronization of two NIMs High speed serial port for up to 230 Kbps...
Page 21: ...mon CLI Configuration performance status statistics and fault traps events management Multiple administrators can log into the XSR simultaneously through terminal or remote Telnet SSHv2 access Maximum...
Page 22: ...icy Based Routing Border Gateway Protocol Version 4 BGP 4 BGP configurable timers and filter tags Protocol Independent Multicast Sparse Mode PIM SM Multicast Forwarding over GRE Equal Cost Multi Path...
Page 23: ...on Protocol MS CHAP IP Address can be assigned from remote device and the device will support IP address assignment to a remote device Pools can be configured locally or from a separate server DHCP Mu...
Page 24: ...work clients Bindings Database Persistent storage of network client lease states kept across reboot Persistent and user controllable conflict avoidance to prevent duplicate IP address including config...
Page 25: ...ed Early Detection RED WRED and Tail Drop congestion avoidance QoS over VPN QoS on Input Virtual Private Network VPN Site to Site application 200 tunnels with standard 64 Mbyte DIMM IPSec IKE with pre...
Page 26: ...Authority CA support Simple Certificate Enrollment Protocol SCEP Chained CA support CRL checking Hypertext Transfer Protocol HTTP Lightweight Directory Access Protocol LDAP Network Address Translatio...
Page 27: ...ntenance of SNMP Interface and Interface Stack tables Remote Auto Install over ADSL Dial Service Asynchronous serial support through an external modem Synchronous serial Outbound calling Unnumbered In...
Page 28: ...ds 4 Optional Mount the XSR in a rack or the custom Enterasys rack mount kit refer to the XSR 1805 Rack Mount Kit Manual for details 5 Connect Ethernet cable s to the FastEthernet LAN port s 6 Do one...
Page 29: ...ggestions When determining an installation site for the XSR chassis follow the guidelines outlined below For proper cooling maintain a minimum clearance of 15 2 centimeters 6 inches behind the chassis...
Page 30: ...he installation site must be maintained between 0 and 40 C 41 to 104 F Temperature changes must be maintained within 10 C 18 F per hour Installing the NIM Cards The XSR motherboard provides two NIM ca...
Page 31: ...e it as shown in Figure 2 2 Figure 2 2 Removing Rear Access Cover 5 Unfasten the two screws securing the NIM brace grounding plates and remove them as shown in Figure 2 3 Figure 2 3 Removing Brace Gro...
Page 32: ...ntly into the pin holding assembly in the open card slot NIM 2 and fasten to the chassis with the screws provided as shown in Figure 2 5 Figure 2 5 Installing NIM Card 8 Replace the rear panel screws...
Page 33: ...u boot up the XSR press the CTRL C keys and a password prompt will appear Press ENTER factory default if you have not defined a password The Bootrom Monitor mode will appear Enter ffc and the router w...
Page 34: ...tandard DIMM of 32 MBytes can easily be upgraded simply by disassembling the chassis removing the existing DIMM and installing a new DIMM To do so follow the procedure described below 1 Unfasten the f...
Page 35: ...by unfastening the four screws attaching the parts as shown in Figure 2 8 Figure 2 8 Removing the Chassis Cover 3 On the motherboard gently pull the two beige handle clasps down as shown Figure 2 9 to...
Page 36: ...in to firmly seat the card Figure 2 10 Installing 64 MByte DIMM Card 5 Reattach the chassis cover and base and fasten the end caps Rack Mounting the XSR If you want to rack mount your XSR perform the...
Page 37: ...ovided in the packing box to your PC as shown in Figure 2 12 Figure 2 12 Cabling Console Port 2 Connect the NIM port s to your High Speed Serial WAN connectors with cabling provided separately by Ente...
Page 38: ...rted into the CompactFlash slot upon first configuring an ATM interface the XSR s ADSL driver will copy adsl fls into host memory where it will remain available for use on demand Be aware that if all...
Page 39: ...tion 5 Attach the power supply cord to the power connector at the rear of the XSR as shown in Figure 2 18 and plug in the country appropriate power cord to a wall socket Figure 2 18 Attaching Power Co...
Page 40: ...Connecting Cables 2 12 Hardware Installation...
Page 41: ...WAN ports for dialer and backup dialer service Configure the Firewall feature set Configure IP routing RIP or OSPF Configure Frame Relay networks Set up the backup line Create an SNMP community strin...
Page 42: ...test the following hardware blocks RAM size is detected On board Flash size is detected FastEthernet is checked Ethernet on motherboard is checked NIM cards 1 and 2 are checked Real Time Clock is chec...
Page 43: ...port as a serial interface in a dial backup capacity Refer to Setting Up the Backup Line on page 3 16 4 Another option is to run from a factory default node the Remote Auto Install RAI program which p...
Page 44: ...0 1 frame relay interface dlci 18 ip 133 133 1 3 bootp XSR config if S1 0 1 no shutdown XSR config if S1 0 1 exit XSR config exit XSR copy running config startup config RAI displays the following pha...
Page 45: ...4 255 255 255 0 XSR config if G2 ip dhcp server XSR config if G2 no shutdown Now configure the following DHCP Client parameters XSR config ip dhcp pool dhcp XSR config dhcp pool lease 0 0 10 This comm...
Page 46: ...emplate1 ip unnumbered loop 0 mtu 1492 peer default ip address pool pool1 ppp authentication pap ip helper address 192 168 72 118 This is the address of the TFTP server ip directed broadcast This comm...
Page 47: ...ner Remember to save your configuration after all edits Setting User Name Privilege and Password The value name is the user s designation for sake of clarity often set as the name of the facility or s...
Page 48: ...rt 3 Enter no shutdown to keep the interface enabled 4 Enter show ip interface fastethernet 1 2 to verify LAN settings 5 Enter copy running config startup config to save your settings Remember to save...
Page 49: ...on the port 11 Enter ip address xxx xxx xxx xxx yyy yyy yyy yyy where x is the IP address and y is the subnet mask of the serial port 12 Enter backup interface dialer number to allow the serial interf...
Page 50: ...er interface bri 0 to acquire Interface mode and select the BRI port 2 Enter isdn switch type basic 5ess basic dms100 basic net3 basic ni1 basic ntt to select the Central Office switch type for the IS...
Page 51: ...ts MSS setting is too high subtracting for the PPPoE IP TCP and GRE headers 6 20 20 and 24 bytes respectively and the PPP Protocol ID should avoid that problem XSR config interface ATM 0 XSR config if...
Page 52: ...rface ATM 0 XSR config if ATM0 0 no shutdown XSR config if ATM0 0 interface ATM 0 1 XSR config if ATM0 0 1 encapsulation snap ipoa XSR config if ATM0 0 1 ip address 192 168 1 1 255 255 255 0 XSR confi...
Page 53: ...dmz HTTP allow XSR config ip firewall policy a2 dmz private HTTP allow XSR config ip firewall policy a3 private dmz HTTP allow XSR config ip firewall policy a4 dmz private HTTP allow Set the policies...
Page 54: ...and Serial interface to support RIP with additional functionality as an option 1 Enter interface fastethernet 1 2 to acquire Interface mode and select the first or second FastEthernet port 2 Enter ip...
Page 55: ...y is the subnet mask of the serial port 6 Enter no shutdown to keep the interface enabled 7 Enter encapsulation ppp to set the correct encapsulation type 8 Enter ip ospf cost 1 65535 to set the cost...
Page 56: ...at the previous steps on the Branch XSR Remember to save your configuration after all edits Refer to the XSR User s Guide for more information Setting Up the Backup Line 1 Enter interface dialer numbe...
Page 57: ...based write access is available for the ct download MIB only For write access to other MIBs use SNMPv3 Also a RW community is unnecessary for SNMPv3 2 Enter snmp server host IP address traps community...
Page 58: ...tion Also the DEBUG alarm level is meant for maintenance personnel only The XSR may discard LOW and DEBUG level alarms if the system is too occupied to deliver them The number of discarded messages is...
Page 59: ...p server enable to access the XSR over the Web 3 Point your terminal s Web browser at the XSR s IP address Enter http XSR IP address The initial Web access window appears as shown in Figure 3 2 Figure...
Page 60: ...right 2004 by Enterasys Networks Inc Hardware Processor board ID 9002854 02 REV0A Serial Number not displayed Processor IBM PowerPC 405GP Rev D at 200MHz RAM installed 64MB Flash installed 8MB on proc...
Page 61: ...192 168 1 100 255 255 255 0 Enables IP address for FastEthernet interface XSR config if F1 no shutdown Enables the interface XSR config controller t1 0 1 0 Sets up main link connection T1 NIM in slot...
Page 62: ...d network RIP will advertise its routes to XSR config interface dialer 5 Adds backup interface and acquires Interface mode XSR config if D5 dialer pool 3 Adds a dialer pool on interface XSR config if...
Page 63: ...ich matches any source address and destination address to port 20 XSR config access list 132 permit tcp any any eq 21 Adds a TCP filter which matches any source and destination address to port 21 XSR...
Page 64: ...at 128 000 bps with auto LMI type and traffic shaping enabled Any QoS values set will be applied to the DLCIs do not apply QoS to the port it is not recommended on Frame Relay connections Note that s...
Page 65: ...5000 Sets this map class committed burst size to 5000 bits XSR config map class CLASS SI frame relay be out 3000 Sets this map class excess burst size to 3000 bits XSR config map class CLASS SI frame...
Page 66: ...rial 1 0 Adds serial port 1 and acquires Interface mode XSR config if S1 0 encapsulation ppp Enables PPP encapsulation XSR config if S1 0 ip address 192 31 27 80 255 255 255 0 Sets the IP address on t...
Page 67: ...support enterasys com Specifies contact information for the management server XSR config snmp server location HQ 2nd floor Specifies the location of the management server XSR config snmp server host 1...
Page 68: ...pre shared authentication and MD5 hashing XSR config crypto isakmp proposal acme XSR config isakmp authentication pre share XSR config isakmp hash md5 Configure IKE Policy for Remote Peer The followi...
Page 69: ...et peer 112 16 244 5 XSR config crypto map acme 91 XSR config crypto m set transform set esp 3des sha XSR config crypto m match address 191 XSR config crypto m set peer 112 16 244 7 XSR config crypto...
Page 70: ...ateway IP address XSR config ip local pool AUTH 192 168 2 0 255 255 255 0 XSR config aaa user 112 16 244 9 XSR aaa user password dribble XSR aaa user group DEFAULT XSR aaa group pptp encrypt mppe auto...
Page 71: ...6 10 any XSR config access list 111 deny ip any any XSR config interface fastethernet 2 XSR config if F2 ip access group 110 in XSR config if F2 ip access group 111 out Enable Network Address Translat...
Page 72: ...password welcome XSR config aaa user jeffb XSR config password welcome Check to make sure the transforms and proposals were created properly XSR show crypto ipsec transform set Name PFS ESP ESP AH AH...
Page 73: ...0 10 1 255 255 255 0 XSR config ip rip send version 2 XSR config ip rip receive version 2 XSR config ip multicast redirect tunnel endpoint Enable RIP routing on all networks except the public interfac...
Page 74: ...sence of Flash Bank 3 2 Meg Intel Flash Detected PASSED Testing VPN PASSED Testing PCI Elan Port PASSED Testing 405 Elan Port PASSED Testing RTC PASSED Testing T1E1 NIM in Slot 1 PASSED Testing T1E1 N...
Page 75: ...will cold reboot The startup config file stored in Flash becomes the running configuration Reload Command from the CLI You can reboot the XSR firmware by issuing the command reload cold warm You are t...
Page 76: ...up Error Conditions After power up the XSR comes up automatically if The minimum hardware is functional Processor RAM and FLASH memory and other components Bootrom is valid The software image in Flas...
Page 77: ...ootrom in flash statement appears enter y Be sure not to interrupt the process or power down the XSR or it may be affected adversely After you have updated this file you can delete it from Flash to co...
Page 78: ...t directory in the file system to flash or cflash copy This command copies a file using the syntax copy source name destination name You can copy files from flash to cflash and vice versa da This comm...
Page 79: ...g XSR 1800 ds 11 59 59 ff This command formats the Flash file system We recommend that you first save any dat cert cfg and your startup config files to cflash or a PC since any files in flash will be...
Page 80: ...absence of a user supplied hostname via the hostname CLI command this name will be used as the CLI prompt and SNMP hostname in MIB II XSR 1800 np Enter clear a field go to previous field C quit Local...
Page 81: ...essor board CompactFlash SunDisk SDP 5 3 0 6 has 32047104 bytes Real Time Clock FastEthernet 1 FastEthernet 2 Rev 0 H W Encryption Accelerator Rev 1 T1E1 has 4 channelized ports on NIM slot 1 Rev 0 IS...
Page 82: ...bootrom version with sample output below XSR 1800 sv X Pedition Security Router Bootrom Copyright 2002 Enterasys Networks Inc HW Version 9002854 02 REV0A Serial Number 0001F4000102 CPU IBM PowerPC 405...
Page 83: ...ype SafeNet 1140 30 Mbps for 3DES encryption Message Digest MD 5 SHA 1 and public key acceleration System Memory RAM 100 pin SDRAM DIMM connector for 32 Mbytes default of 100 MHz memory modules 64 Mby...
Page 84: ...so supporting X 21 V 35 EIA 449 EIA 232 530 and combined V 35 EIA 232 530 DTE interfaces with required adapter Single dual or quad port T1 E1 NIM with integral CSU DSU and RJ 48C connectors Full chann...
Page 85: ...T3 E3 card 2 female BNCs NIM T3E3 01 Single unchannelized T3 E3 NIM 1 port ISDN BRI S T card 2 port ISDN BRI S T card RJ 45 RJ 45 NIM BRI ST 01 NIM BRI ST 02 ISDN BRI S T NIM card 1 port ISDN BRI U ca...
Page 86: ...h the router If you use a communications program set the connection properties as follows Connect using Direct to COMx where x is an unused COM port Bits per second 9600 Data bits 8 Parity None Stop b...
Page 87: ...and Figure A 4 provide interfaces for half and full duplex 10 100Base T or fiber optic 100Base F transmission over LAN or WAN networks respectively The Copper Ethernet NIM incorporates a standard 8 p...
Page 88: ...39 44 38 41 40 42 49 50 43 48 J1 J2 J3 J4 X 21 DTE J1 68 pin male SCSI III type connector J2 J5 DB 15 type male connector Indicates Twisted Pair Notes 1 2 Shield GND is braid on braided cable 3 Shiel...
Page 89: ...B 25 type male connector Indicates Twisted Pair Notes 1 2 Shield GND is braid on braided cable 3 Shield GND is drain wire on foil shield cab 4 Braid or foil must enter and make contact inside metal co...
Page 90: ...and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused SC0 6 24 4 22 7 25 9 27 5 23 8 26 37 12 30 1 RD1 RD1 SD1 SD1 RS1 RS1 CS1 CS1 ST1 ST1 RT1 RT1 SG...
Page 91: ...T2 SCT2 SCR2 SCR2 Signal GND Shield GND Signal GND J3 DTR2 PORT 2 V 35 PORT 3 EIA 232 530 Shield GND 17 18 19 27 21 26 20 23 22 24 28 29 31 32 25 30 3 16 2 14 4 19 5 13 15 12 17 9 7 20 23 1 RxD1 RxD1...
Page 92: ...b 4 Braid or foil must enter and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused RD1 RD1 SD1 SD1 RTS1 CTS1 SCT1 SCT1 SCR1 SCR1 Signal GND Shield GND...
Page 93: ...ISDN PRI NIM Port Pinouts Regulatory Safety Compliance The T1 E1 ISDN PRI NIM complies with these regulatory requirements PCI Local Bus Specification Rev 2 1 IEEE P1386 Draft 2 4 IEEE P1386 1 Draft 2...
Page 94: ...or E1 NIM Cards If you connect a balun to a 75 ohm line you will also need to attach a grounding shunt or terminal strip to any NIM pins whose RJ 48C connectors utilize the balun You must use a shunt...
Page 95: ...he shunt or terminal strip attach two dual pin units vertically to each four pin jumper P2 P3 P4 or P5 corresponding to the RJ 48C port using a balun as shown in Figure A 16 Any other RJ 48C5 ports on...
Page 96: ...Various sub rates are available to provide compatibility with major DSU equipment suppliers Scrambling may also be enabled as required for DSU compatibility Larscom zero suppression is supported Clea...
Page 97: ...T line as shown in Figure A 18 The Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic See Figure A 19 for pinout assignments Figure A 18 ISDN BRI S T NIM Card RJ 45 ports s...
Page 98: ...locations and the orientation of the receive and transmit pairs Refer to Chapter 2 for directions on accessing the BRI card on the XSR Installing Shunt Terminal Strip To install the shunt or terminal...
Page 99: ...Refer to Figure A 22 for pinout assignments Figure A 22 ISDN BRI U NIM Pinouts Regulatory Safety Compliance The ISDN BRI U NIM complies with the following regulatory requirements PCI Local Bus Specifi...
Page 100: ...with the remote DSLAM device and is operational when Flashing the line is in training mode LED 2 Data When flashing traffic is active Refer to Figure A 24 for pinout assignments Figure A 24 ADSL NIM P...
Page 101: ...service even if a power failure occurs or the NIM enters an abnormal state In such an event the two ports are connected bypassing the NIM thus allowing uninterrupted bidirectional voice transmission...
Page 102: ...ribed in the Table A 3 and illustrated in Figure A 28 Figure A 28 XSR LEDs Pin 50 Pin 1 Table A 3 LED Description LED State Function POWER ON 3 3V power is present SYS tem Status ON OFF XSR is operati...
Page 103: ...sync with data traffic T3 E3 NIM LOS Loss of Signal LOF Loss of Frame Alarm Enable Red ON Red ON Amber ON Green ON XSR cannot latch onto the frequency Both sides of link cannot synchronize frames Erro...
Page 104: ...Cable CompactFlash and Accessory Specifications A 22...
Page 105: ...pin assignments BRI U A 17 console serial port A 4 Ethernet A 5 Ethernet WAN A 14 Pinouts 449 pinouts A 8 BRI U assignments A 17 A 19 console port A 6 Ethernet port A 5 X 21 pinouts A 6 power specifi...
Page 106: ...Index 2 software configuration overview 3 1 software features 1 3 system memory A 1 verifying your shipment 2 1 X 21 pinouts A 6 XSR how to set WAN ports 3 8...
