background image

XSR-1850

Getting Started Guide

Version 7.5

                   

 X-Pedition™ Security Router 

9033838-07

Summary of Contents for X-Pedition XSR-1850

Page 1: ...XSR 1850 Getting Started Guide Version 7 5 X Pedition Security Router 9033838 07 ...

Page 2: ......

Page 3: ...Class A of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operation NOTE The XSR has been tested and found to comply with the limits for a class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide rea...

Page 4: ...x appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada Equipment Attachments Limitations NOTICE The Industry Canada label identifies certified equipment This certification means that the equipment meets telecommunications network protective operational and safety requirements as prescribed in the appr...

Page 5: ... zur Klasse A Industriebereich In Wohnbereichen kann es hierdurch zu Funkstörungen kommen daher sollten angemessene Vorkehrungen zum Schutz getroffen werden Product Safety This product complies with the following UL 60950 CSA C22 2 No 60950 73 23 EEC EN 60950 EN 60825 IEC 60950 Use the XSR with the Advanced Power Solutions APS61ES 30 power supply included with the branch router Enterasys Networks ...

Page 6: ...onment and human health as a result of the presence of hazardous substances in electrical and electronic equipment 4 It is the users responsibility to utilize the available collection system to ensure WEEE is properly treated For information about the available collection system please go to http www enterasys com support or contact Enterasys Customer Support at 353 61 705586 Ireland VCCI Notice T...

Page 7: ...rical storm WARNING Do not connect phone line until the interface has been configured through local management The service provider may shut off service if an un configured interface is connected to the phone lines WARNING The NIM BRI ST cannot be connected directly to outside lines An approved channel service unit CSU must be used for connection to the ISDN network In some areas this CSU is suppl...

Page 8: ...PNC testing program is an important source for certification of conformance to IPSec standards With rigorous interoperability testing the VPNC logo program provides IPSec users even more assurance that the XSR will interoperate in typical business environments VPNC is the only major IPSec testing organization that shows both proof of interoperability as well as the steps taken so that you can repr...

Page 9: ...ovided in this package subject to the terms and conditions of this Agreement 2 RESTRICTIONS Except as otherwise authorized in writing by Enterasys You may not nor may You permit any third party to i Reverse engineer decompile disassemble or modify the Program in whole or in part including for reasons of error correction or interoperability except to the extent expressly permitted by applicable law...

Page 10: ...ES FOR LOSS OF BUSINESS PROFITS BUSINESS INTERRUPTION LOSS OF BUSINESS INFORMATION SPECIAL INCIDENTAL CONSEQUENTIAL OR RELIANCE DAMAGES OR OTHER LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM EVEN IF ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES THIS FOREGOING LIMITATION SHALL APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT THE CUMULATIVE LIABILI...

Page 11: ...ny subsequent breach of such term or condition Enterasys failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion 13 SEVERABILITY In the event any provision of this Agreement is found to be invalid illegal or unenforceable the validity legality and enforceability of any of the remaining provisions shall n...

Page 12: ...x ...

Page 13: ...on Demand DoD BoD 1 10 Installation Overview 1 10 Chapter 2 Hardware Installation Introduction 2 1 Verifying Your Shipment 2 1 Installation Site Suggestions 2 1 Installing NIM Cards and Rack Mounting 2 2 Connecting XSR Cables 2 7 Installing a CompactFlash Memory Card 2 10 CompactFlash Card Installation 2 11 Formatting the CompactFlash Card 2 12 Installing the Redundant Power System 2 12 Chapter 3 ...

Page 14: ...ame Relay Port 3 24 Apply QoS 3 25 Configure OSPF Routing 3 25 Configure More Access Lists 3 26 Configure DHCP BOOTP Relay 3 26 Configure the Dial Backup Connection 3 26 Configure SNMP 3 27 VPN Site to Site Sample Configuration 3 27 Generate Master Encryption Key 3 28 Configure Access Control Lists 3 28 Set Up IKE Phase I Security 3 28 Configure IKE Policy for Remote Peer 3 28 Create a Transform S...

Page 15: ...er optic Ethernet NIMs A 7 2 4 Port Serial NIM Card Port A 8 T1 E1 ISDN PRI NIM Card Ports A 13 Balun for E1 or PRI NIM Cards A 14 Grounding Shunt for E1 NIM Cards A 15 Installing Shunt Terminal Strip A 15 T3 E3 NIM Card A 16 1 2 Port ISDN BRI S T NIM Card Ports A 17 Termination Shunt for the ISDN BRI S T NIM Card A 18 Installing Shunt Terminal Strip A 18 1 2 Port BRI U NIM Card Ports A 19 1 Port ...

Page 16: ...xiv ...

Page 17: ... describes how to initiate and quickly configure the XSR It also details how to add an interface and subnet mask set passwords SNMP DNS and SYSLOG server values set up Remote Auto Install configure the firewall feature set upgrade system image and Boot PROM software consult system statistics and save configuration changes Appendix A Specifications outlines hardware specifications including informa...

Page 18: ...jemplo a setup Las configuraciones default pueden también aparecer en en negrilla Italics It áli ca Text in italics indicates a variable important new term or the title of a manual El texto en itálica indica un valor variable un importante nuevo término o el título de un manual SMALL CAPS MAYUSCULAS Small caps specify the keys to press on the keyboard a plus sign between keys indicates that you mu...

Page 19: ...the problem The XSR s history i e have you returned the device before is this a recurring problem etc Any previous Return Material Authorization RMA numbers World Wide Web http www enterasys com Phone 978 684 1000 1 800 872 8440 toll free in U S and Canada For the Enterasys Networks Support toll free number in your country http www enterasys com support gtac all html Internet mail support enterasy...

Page 20: ...xviii ...

Page 21: ... v1 v2c v3 with standard MIB II and proprietary MIB support The XSR also provides Web access to display device information A typical deployment of the XSR might be in two branch offices connected to a regional office as illustrated in Figure 1 1 In this example one XSR with its associated sub network has an E1 T1 or high speed serial WAN connection as its primary link to the Public Service Telepho...

Page 22: ...terface PRI ports RJ 48C 1 port T3 E3 channelized unchannelized WAN NIM with BNC ports This NIM is also available with up to 16 T1 E1 tributaries and system synchronizaton of two NIMs High speed serial port for up to 230 Kbps asynchronous and 8 Mbps synchronous WAN NIM for leased and dial lines 68 pin serial with universal connector supporting X 21 V 35 RS422 and EIA530 1 or 2 port serial Basic Ra...

Page 23: ...R provides the following software features Industry common CLI Configuration performance status statistics and fault traps events management Multiple administrators can log into the XSR simultaneously through terminal or remote Telnet SSHv2 access Maximum of five simultaneous Telnet SSHv2 sessions CLI script downloads for bulk configuration Alarm event view and retrieval Diagnostic debug reports a...

Page 24: ...static routes DNS Proxy forwarding proxy server Virtual Local Area Networks VLAN IEEE 802 1Q VLAN Routing including priority support Policy Based Routing Border Gateway Protocol Version 4 BGP 4 BGP configurable timers and filter tags Protocol Independent Multicast Sparse Mode PIM SM Multicast Forwarding over GRE Equal Cost Multi Path Protocol ECMP SNMP and Statistics Gathering Gathering XSR statis...

Page 25: ...rewall configuration Onboard URL filtering PPP Sync and asynchronous communications modes accepted Authentication of peer entities via Password Authentication Protocol PAP Challenge Handshake Authentication Protocol CHAP Microsoft Challenge Handshake Authentication Protocol MS CHAP IP Address can be assigned from remote device and the device will support IP address assignment to a remote device Po...

Page 26: ...n Agreement FRF 12 Data Communications Equipment DCE support Frame Relay over ISDN Remote Auto Install over Frame Relay Dynamic Host Configuration Protocol DHCP Temporary or permanent network IP address allocation to clients Network configuration parameter assignment to clients Persistent storage database of network values for network clients Bindings Database Persistent storage of network client ...

Page 27: ...edence and DiffServ Code Point DSCP bits and multiple field L3 L4 and other headers inspection Match any and match all options also define a class map Priority Queuing or Class based Weight Fair Queueing CBWFQ to specify the policy map Random and Weighted Early Detection RED WRED and Tail Drop congestion avoidance QoS over VPN QoS on Input Virtual Private Network VPN Site to Site application 200 t...

Page 28: ... Transport mode Diffie Hellman Groups 1 2 Mode Config for IP address assignment NAT Traversal via UDP encapsulation Public Key Infrastructure PKI Microsoft Verisign Certificate Authority CA support Simple Certificate Enrollment Protocol SCEP Chained CA support CRL checking Hypertext Transfer Protocol HTTP Lightweight Directory Access Protocol LDAP Network Address Translation NAT Static NAT on the ...

Page 29: ... class ATM Adaption Layers 0 5 PDU encapsulation types PPP over ATM PPPoA routed IP over ATM routed PPP over Ethernet over ATM PPPoE routed Responds to inverse ARP requests Maintenance of SNMP Interface and Interface Stack tables Remote Auto Install over ADSL Dial Service Asynchronous serial support through an external modem Synchronous serial Outbound calling Unnumbered Interface Addressing PPP e...

Page 30: ...1 for part numbers and contact your Enterasys Networks sales representative 2 Install any optional memory component 3 Install NIM cards 4 Mount the XSR in a standard 19 rack 5 Connect Ethernet cable s to the FastEthernet LAN port s 6 Do one or more of the following Connect a NIM cable attaching one end to the RJ xx port on the XSR and the other to a network connector hub Connect the serial cable t...

Page 31: ...er supply and country specific power cable optional One console cable Rack mount assembly Quick Start Guide Installation Site Suggestions When determining an installation site for the XSR chassis follow the guidelines outlined below For proper cooling maintain a minimum clearance of 15 2 centimeters 6 inches behind the chassis and 5 08 centimeters 2 inches of clearance on either side of the chassi...

Page 32: ... temperature at the installation site must be maintained between 0 and 40 C 41 to 104 F Temperature changes must be maintained within 10 C 18 F per hour Installing NIM Cards and Rack Mounting The XSR motherboard provides two NIM card slots with rear panel access Each NIM slot opens to a 64 pin connector on the motherboard Perform the following steps to install optional NIM card s and rack mount th...

Page 33: ... Cards and Rack Mounting XSR Getting Started Guide 2 3 4 Unfasten the screws securing the NIM blank grounding plates and remove them as shown in Figure 2 2 Figure 2 2 Removing Blank Grounding Plates NIM 1 NIM 2 NIM 3 ...

Page 34: ...Installing NIM Cards and Rack Mounting 2 4 Hardware Installation 5 Fasten the NIM to the NIM brace and screws supplied in the shipping box as shown in Figure 2 3 Figure 2 3 Installing NIM Brace ...

Page 35: ...y on the chassis and gently press into place Fasten the back end of the NIM brace to the chassis with the screws supplied as shown in Figure 2 4 Figure 2 4 Installing NIM Card 7 Reattach the bottom access cover to the chassis 8 Attach the rack brackets to the chassis with the screws supplied as shown in Figure 2 5 NIM 1 NIM 2 NIM 3 ...

Page 36: ...shown in Figure 2 6 Figure 2 6 Attaching XSR to the Rack SE CU RITY RO UT ER S XSR 1850 ET HE RN ET PO RT 1 ET HE RN ET PO RT 2 SY S VP N CO NS OLE NI M 1 NI M 2 10 100 BT 10 100 BT AC T AC T PO WER SE CU RI TY RO UT ER S XSR 185 0 ET HE RN ET PO RT 1 ET HE RN ET PO RT 2 SY S VP N CO NS OL E NIM 1 NIM 2 10 10 0B T 10 10 0B T AC T AC T PO WE R ...

Page 37: ...ng box to your PC connector as shown in Figure 2 7 Figure 2 7 Connecting Serial Console Cable 2 Connect your WAN cables to the T1 PRI or BRI port s to your WAN connectors as shown in Figure 2 8 Or connect WAN cabling to your High Speed Serial connector as shown in Figure 2 9 Figure 2 8 Attaching T1 PRI or BRI Port Connector WER SUPPLY REQUIREMENTS SN ETH2 ETH1 COM NIM 1 NIM 2 NIM 3 ...

Page 38: ...nnect WAN cables to a T3 E3 NIM as shown in Figure 2 10 or an ADSL NIM as shown in Figure 2 11 or a T1 Drop Insert NIM as shown in Figure 2 12 Figure 2 10 Attaching T3 E3 BNC Connectors Figure 2 11 Connecting ADSL RJ 11 Connector NIM 1 NIM 2 NIM 3 NIM 1 NIM 2 NIM 3 AL AR M LO S EN AB LE LO F Tx Rx id NIM 1 NIM 2 NIM 3 Tx ...

Page 39: ...ure 2 13 Attaching FastEthernet Connectors 5 Attach the power supply cord to the power connector at the rear of the router as shown in Figure 2 14 and plug in the country sprecific power cord to a wall socket Optionally you can attach the external power supply and cord to the external power source connector as a redundant power source NIM 1 NIM 2 NIM 3 Tx WER SUPPLY REQUIREMENTS SN ETH2 ETH1 COM ...

Page 40: ...allowing data to be written to and read from the CF s flash memory module The XSR 1805 supports Type I and II CompactFlash card types Refer to Figure 2 17 for a generic illustration of the card The CF s memory is large enough to store image files You can do so simply by using the Bootrom Monitor mode copy command For example to copy a file from the Onboard flash directory to the cflash directory w...

Page 41: ... formatted first remove the cover plate as shown in Figure 2 16 If it is not formatted jump to Formatting the CompactFlash Card on page 2 12 Figure 2 16 Removing CompactFlash Coverplate 2 Seat the card in the PCMCIA interface as shown in Figure 2 17 SECURITY ROUTE RS XSR 1850 ETH ERNET PORT 1 ETH ERNET PORT 2 SYS VPN CONSOLE NIM 1 NIM 2 10 100 BT 10 100 BT ACT ACT POWER ...

Page 42: ...ill appear Enter ffc and the router will complete the formatting Install the CF in a PCMCIA card and enter the Windows format command For further instructions refer to Windows documentation After completing CF formating via Bootrom Monitor Mode use the bc command to restart the XSR in normal mode Installing the Redundant Power System The XSR 1850 provides an optional external power supply as illus...

Page 43: ...hassis as well as a standard 2 meter shielded power cord for the chassis to wall outlet connection Power systems are hot swappable and are equipped with a built in fan which extends the units lifespans but are not essential for normal functionality Figure 2 19 Passive Power Chassis Fully Loaded To install the Redundant Power System in the Passive Power Chassis perform the following steps 1 On a cl...

Page 44: ... 2 22 SE CU RIT Y RO UT ER S XS R 18 50 ET HE RN ET PO RT 1 ET HE RN ET PO RT 2 SY S VP N CO NS OL E NIM 1 NIM 2 10 100 BT 10 100 BT AC T AC T PO WE R SE CU RIT Y RO UT ER S XS R 18 50 ET HE RN ET PO RT 1 ET HE RN ET PO RT 2 SY S VP N CO NS OL E NIM 1 NIM 2 10 100 BT 10 100 BT AC T AC T PO WE R SE CU RIT Y RO UT ER S XS R 18 50 ET HE RN ET PO RT 1 ET HE RN ET PO RT 2 SY S VP N CO NS OL E NIM 1 NIM...

Page 45: ...Figure 2 22 Connecting DC Cable Harness 4 When connecting cable harnesses be careful to attach them with a minimum of stretching as shown in Figure 2 23 DEFAULT AC INLET SWITCH INPUT POWER 5V DC 5 0A 12V DC 1 5A 12V DC 0 5A REFER TO MANUAL FOR POWER EXTERNAL POWER SOURCE ...

Page 46: ...PP LY RE QU IRE ME NT S SN CO M ET H2 ET H1 NIM 1 NIM 2 NIM 3 DE FA UL T EX TE RN AL PO WER SO UR CE AC INLE T S WITC H INP UT PO WE R 5V DC 5 0 A 12V DC 1 5 A 12 V DC 0 5 A RE FE R TO MA NU AL FO R PO WE R SU PP LY RE QU IRE ME NT S SN CO M ET H2 ET H1 NIM 1 NIM 2 NIM 3 DE FA UL T EX TE RN AL PO WER SO UR CE AC INLE T S WITC H INP UT PO WE R 5V DC 5 0 A 12V DC 1 5 A 12 V DC 0 5 A RE FE R TO MA NU...

Page 47: ... Configure WAN ports for dialer and backup dialer service Configure the Firewall feature set Configure IP routing RIP or OSPF Configure Frame Relay networks Set up a backup line Create an SNMP community string and traps Configure message logging and severity level View your configuration Connect via SSH Telent or the Web LAN PPP Services Sample Configuration Frame Relay WAN Link and PPP Backup Sam...

Page 48: ...stics test the following hardware blocks RAM size is detected On board Flash size is detected FastEthernet is checked Ethernet on motherboard is checked NIM cards 1 and 2 is checked Real Time Clock are checked Front panel LEDs are set to reflect current status Diagnostics test results are saved for later use by system software The software image in Flash memory is verified by checksum If no valid ...

Page 49: ...le port as a serial interface in a dial backup capacity Refer to Setting Up the Backup Line on page 3 16 4 Another option is to run from a factory default node the Remote Auto Install RAI program which permits you to automatically retrieve a centrally managed configuration specifically created for the node s operation in your network Refer to the following section for quick configuration of RAI Fo...

Page 50: ...1 0 1 frame relay interface dlci 18 ip 133 133 1 3 bootp XSR config if S1 0 1 no shutdown XSR config if S1 0 1 exit XSR config exit XSR copy running config startup config RAI displays the following phased output on the remote node Refer to the accompanying notes for additional explanation of phases REMOTE AUTO INSTALL STARTING RAI is starting up REMOTE AUTO INSTALL ATTEMPTING FOREVER Persistent or...

Page 51: ... 4 255 255 255 0 XSR config if G2 ip dhcp server XSR config if G2 no shutdown Now configure the following DHCP Client parameters XSR config ip dhcp pool dhcp XSR config dhcp pool lease 0 0 10 This command sets a lease interval of 10 minutes XSR config dhcp pool hardware address 0001 f412 2334 This command sets the MAC address of the client XSR config dhcp pool host 200 1 0 66 255 255 255 0 This co...

Page 52: ...l Template1 ip unnumbered loop 0 mtu 1492 peer default ip address pool pool1 ppp authentication pap ip helper address 192 168 72 118 This is the address of the TFTP server ip directed broadcast This command configures the virtual template interface ip local pool pool1 192 168 0 1 192 168 0 100 username 0000019876543210 password 0 0000019876543210 Enter the remote XSR s serial number aaa new model ...

Page 53: ...nner Remember to save your configuration after all edits Setting User Name Privilege and Password The value name is the user s designation for sake of clarity often set as the name of the facility or site the XSR connects to The value privilege level 0 15 prioritizes this user in terms of configuration rights with 15 as the highest and 0 the lowest default When you create a new user you can decide...

Page 54: ... port 3 Enter no shutdown to keep the interface enabled 4 Enter show ip interface fastethernet 1 2 to verify LAN settings Remember to save your configuration after all edits Configuring the WAN Ports For ISDN PRI configuration continue below or see BRI Configuration on page 3 9 or ADSL Configuration on page 3 11 PRI Configuration 1 Enter controller t1 e1 slot card port of the first installed T1 E1...

Page 55: ... address and y is the subnet mask of the serial port 12 Enter backup interface dialer number to allow the serial interface to set the specified dialer interface as a dialed backup 13 Enter no shutdown to keep the interface enabled 14 Enter show controller T1 E1 slot card port to verify NIM settings 15 Enter show interface serial slot card channel to verify serial port settings 16 Enter show ppp in...

Page 56: ...ort 2 Enter isdn switch type basic 5ess basic dms100 basic net3 basic ni1 basic ntt to select the Central Office switch type for the ISDN port 3 Enter isdn spid1 SPID LDR for the SPID ISDN service and LDR local directory telephone numbers 4 Enter isdn spid2 SPID LDR for a second SPID as needed 5 Enter no shutdown to keep the BRI interface enabled 6 Enter dialer pool member 1 255 priority 0 255 to ...

Page 57: ...nd GRE headers 6 20 20 and 24 bytes respectively and the PPP Protocol ID should avoid that problem XSR config interface ATM 0 XSR config if ATM0 0 no shutdown XSR config if ATM0 0 interface ATM 0 1 XSR config if ATM0 0 1 no shutdown XSR config if ATM0 0 1 encapsulation mux pppoe XSR config if ATM0 0 1 ip address negotiated XSR config if ATM0 0 1 ip mtu 1492 XSR config if ATM0 0 1 ip tcp adjust mss...

Page 58: ... XSR config if ATM0 0 no shutdown XSR config if ATM0 0 interface ATM 0 1 XSR config if ATM0 0 1 encapsulation snap ipoa XSR config if ATM0 0 1 ip address 192 168 1 1 255 255 255 0 XSR config if ATM0 0 1 ip mtu 1492 XSR config if ATM0 0 1 exit XSR config ip route 0 0 0 0 0 0 0 0 30 0 0 10 XSR config ip route 30 0 0 10 255 255 255 255 ATM 0 1 Firewall Sample Configuration In this scenario the XSR ac...

Page 59: ... allow XSR config ip firewall policy a2 dmz private HTTP allow XSR config ip firewall policy a3 private dmz HTTP allow XSR config ip firewall policy a4 dmz private HTTP allow Set the policies between the dmz and external networks XSR config ip firewall policy a5 ANY_EXTERNAL dmz SMTP allow XSR config ip firewall policy a6 dmz ANY_EXTERNAL SMTP allow XSR config ip firewall policy a7 ANY_EXTERNAL dm...

Page 60: ...et and Serial interface to support RIP with additional functionality as an option 1 Enter interface fastethernet 1 2 to acquire Interface mode and select the first or second FastEthernet port 2 Enter ip address xxx xxx xxx xxx yyy yyy yyy yyy where x is the IP address and y is the subnet mask of this FastEthernet port 3 Enter no shutdown to keep the interface enabled 4 Enter interface serial slot ...

Page 61: ... is the subnet mask of the serial port 6 Enter no shutdown to keep the interface enabled 7 Enter encapsulation ppp to set the correct encapsulation type 8 Enter ip ospf cost 1 65535 to set the cost of receiving a packet on this interface 9 Enter router ospf to acquire Router configuration mode and enable OSPF routing 10 Enter network xxx xxx xxx xxx area area id of the network to be advertised Rep...

Page 62: ... Repeat the previous steps on the Branch XSR Remember to save your configuration after all edits Refer to the XSR User s Guide for more information Setting Up the Backup Line 1 Enter interface dialer number where number is the same number you entered earlier issuing the backup interface dialer command 2 Enter dialer pool number to add a pool the dial interface will use 3 Enter dialer string phone ...

Page 63: ...ut entering any SNMP configuration command except snmp server disable will enable the SNMP server You can choose either Read Only or Read Write privileges and can create read only or read write community strings Also community based write access is available for the ct download MIB only For write access to other MIBs use SNMPv3 Also a RW community is unnecessary for SNMPv3 2 Enter snmp server host...

Page 64: ... details Typically only HIGH severity alarms are logged to red flag critical events and those requiring operator intervention Also the DEBUG alarm level is meant for maintenance personnel only The XSR may discard LOW and DEBUG level alarms if the system is too occupied to deliver them The number of discarded messages is displayed by the following line in show logging command output Discards high 0...

Page 65: ...ter ip http server enable to access the XSR over the Web 3 Point your terminal s Web browser at the XSR s IP address Enter http XSR IP address The initial Web access window appears as shown in Figure 3 2 Figure 3 2 Initial Web Access Window X Pedition Security Router XSR 2004 Enterasys Networks All rights STATUS Product Version X Pedition Products ...

Page 66: ...y Enterasys Networks Inc Hardware Processor board ID 9002854 02 REV0A Serial Number not displayed Processor IBM PowerPC 405GP Rev D at 250MHz RAM installed 64MB Flash installed 8MB on processor board CompactFlash not present Real Time Clock FastEthernet 1 FastEthernet 2 Rev 0 H W Encryption Accelerator Rev 1 Empty NIM slot 1 T1E1 has 4 channelized ports in NIM 2 slot Empty internal NIM slot 3 X pe...

Page 67: ... 192 168 1 100 255 255 255 0 Enables IP address for FastEthernet interface XSR config if F1 no shutdown Enables the interface XSR config controller t1 0 1 0 Sets up main link connection T1 NIM in slot 1 port 0 and acquires Controller mode XSR config controller T1 1 0 clock source line Sets external clocking of T1 NIM XSR config controller T1 1 0 no channel group 0 Deletes default channel setup XSR...

Page 68: ...rd network RIP will advertise its routes to XSR config interface dialer 5 Adds backup interface and acquires Interface mode XSR config if D5 dialer pool 3 Adds a dialer pool on interface XSR config if D5 dialer string 18005555555 Sets backup phone XSR config if D5 encapsulation ppp Enables PPP encapsulation on port XSR config if D5 ppp authentication chap Sets CHAP on port XSR config if D5 ip addr...

Page 69: ...ter allowing any source address and destination address to port 20 XSR config access list 132 permit tcp any any eq 21 Adds a TCP filter allowing any source and destination address to port 21 XSR config access list 133 permit tcp any any eq 80 Adds a TCP filter allowing any source and destination address to port 80 XSR config class map rtp class Adds a class map and acquires Class Map mode XSR con...

Page 70: ... type and traffic shaping enabled Any QoS values set will be applied to the DLCIs do not apply QoS to the port it is not recommended on Frame Relay connections XSR config interface serial 1 0 Configures Frame Relay interface Serial card in slot 1 port 0 and acquires Interface mode XSR config if S1 0 media type v35 Selects type for Frame Relay XSR config if S1 0 no shutdown Enables the interface XS...

Page 71: ...5000 bits XSR config map class CLASS SI frame relay be out 3000 Sets this map class excess burst size to 3000 bits XSR config map class CLASS SI frame relay adaptive shaping Enables BECN traffic shaping for this map class Router config map class CLASS SI service policy HighOutput Attaches this policy to the map class XSR config map class frame relay CLASS DLCI Adds another Frame Relay map class an...

Page 72: ...g interface ser 1 0 Adds serial port 1 acquires Interface mode XSR config if S1 0 encapsulation ppp Enables PPP encapsulation XSR config if S1 0 ip address 192 31 27 80 255 255 255 0 Sets the IP address on the interface XSR config if S1 0 backup int dialer 1 Adds a backup dialer interface XSR config if S1 0 backup delay 2 2 Sets the interval that elapses after the primary interfaces fails and come...

Page 73: ... be transmitted XSR config snmp server contact support enterasys com Specifies contact information for the management server XSR config snmp location HQ 2nd floor Specifies the server locationr XSR config snmp server host 192 168 2 101 traps trapCommunity Specifies management station to send traps to XSR config snmp server host 192 168 2 102 traps trapCommunity Specifies another management station...

Page 74: ... sets pre shared authentication and MD5 hashing XSR config crypto isakmp proposal acme XSR config isakmp authentication pre share XSR config isakmp hash md5 Configure IKE Policy for Remote Peer The following proposal specifies the XSR s remote peer IP address as any peer matching its IKE policy sets NAT to automatically detect routers performing NAT between tunnel endpoints and directs the XSR to ...

Page 75: ...244 5 XSR config crypto map acme 91 XSR config crypto m set transform set esp 3des sha XSR config crypto m match address 191 XSR config crypto m set peer 112 16 244 7 XSR config crypto map acme 90 XSR config crypto m set transform set esp 3des sha XSR config crypto m match address 190 XSR config crypto m set peer 112 16 244 9 Configuring VPN at Interface Mode and Setting Up RIP The following comma...

Page 76: ...the remote gatewayIP address XSR config ip local pool AUTH 192 168 2 0 255 255 255 0 XSR config aaa user 112 16 244 9 XSR aaa user password dribble XSR aaa user group DEFAULT XSR aaa group pptp encrypt mppe auto XSR aaa group ip pool AUTH XSR aaa group policy vpn VPN Sample Configuration with Network Extension Mode The following sample topology is ideal for testing a VPN NEM tunnel connection on a...

Page 77: ...R config access list 111 deny ip any any XSR config interface fastethernet 2 XSR config if F2 ip access group 110 in XSR config if F2 ip access group 111 out Enable Network Address Translation XSR config if F2 ip nat source assigned overload Create the VPN virtual subnet XSR config ip local pool virtual_subnet 10 10 10 0 255 255 255 248 Caution The master encryption key is stored in hardware not F...

Page 78: ...ssword welcome Check to make sure the transforms and proposals were created properly Router show crypto ipsec transform set Name PFS ESP ESP AH AH IPCOMP ez esp 3des sha pfs Modp768 3DES HMAC SHA None None ez esp 3des sha no pfs Disabled 3DES HMAC SHA None None ez esp 3des md5 pfs Modp768 3DES HMAC MD5 None None ez esp 3des md5 no pfs Disabled 3DES HMAC MD5 None None ez esp aes sha pfs Modp768 AES...

Page 79: ...ion 2 XSR config ip rip receive version 2 XSR config ip multicast redirect tunnel endpoint Enable RIP routing on all networks except the public interface XSR config router rip XSR config router network 172 16 10 0 XSR config router network 10 0 0 0 XSR config router passive interface fastethernet2 XSR config router no receive interface fastethernet2 XSR config router distribute list 1 out vpn1 Fin...

Page 80: ...ted PASSED Checking Presence of Flash Bank 1 4 Meg Intel Flash Detected PASSED Checking Presence of Flash Bank 2 2 Meg Intel Flash Detected PASSED Checking Presence of Flash Bank 3 2 Meg Intel Flash Detected PASSED Testing VPN PASSED Testing PCI Elan Port PASSED Testing 405 Elan Port PASSED Testing RTC PASSED Testing T1E1 NIM in Slot 1 PASSED Testing T1E1 NIM in Slot 2 Not Installed Testing T1E1 N...

Page 81: ...ing uncompressed chksum Starting at 0x10000 Attached TCP IP interface to Eth unit 1 Attaching interface lo0 done Restoring startup configuration files please wait Startup configuration files have been restored login Reboot Triggers Although there are two types of reboots of the XSR warm or cold reboots can be triggered in up to eight different ways Refer to the table below Table 1 Reboot Triggers ...

Page 82: ...than three warm boots are detected within one minute a cold boot will be initiated System Crash When system exceptions occur causing the XSR to fail fault information is captured in a report and a warm boot is initiated But if more than three warm boots are detected within one minute a cold boot will be initiated Restart with Default Configuration Interrupt When you press the Default button on the...

Page 83: ...nges the Bootrom password The default password is blank You are prompted to enter a password by the following script XSR 1800 bp Enter current password Enter new password Re enter new password Password has changed If the Bootrom password is lost you can restore it by pressing the Default button Be aware that when pressed the Default button erases all configuration files and the master encryption k...

Page 84: ...20 0x7a58 bytes at address 0xfffc0000 Programming high branch instruction at address 0xfffffffc Verifying Bootrom flash sectors Locking 8 Bootrom flash sectors Bootrom update completed Using default Bootrom password The system is not secure Use bp to change password XSR 1800 bU This command updates the bootrom through a network transfer to a local file Be sure to enter the U in uppercase After you...

Page 85: ...r dat 572 SEP 17 2002 15 27 46 cert dat 0 SEP 17 2002 15 26 54 leases cfg 64 SEP 17 2002 15 27 46 dhcpd cfg 2328576 0x238800 bytes free on flash ds This command sets the system date with the syntax yyyy mm dd w 1 Sunday For example XSR 1800 ds 2002 12 31 3 dt This command sets the system time using the syntax hh mm ss E g XSR 1800 ds 11 59 59 ff This command formats the Flash file system We recomm...

Page 86: ...lt Quickboot action of delaying five seconds at startup for you to optionally enter CTRL C and acquire Bootrom mode is negated You can still acquire Bootrom mode but you must immediately press CTRL C upon seeing the X Pedition Security Router Bootrom header The default hostname local target name XSR 1800 cannot be changed In the absence of a user supplied hostname via the hostname CLI command this...

Page 87: ...ult report Sample output is shown as follows XSR 1800 sf No fault report at 0x1feef00 si This command displays system inventory Sample output is shown as follows XSR 1800 si IBM PowerPC 405GP Rev D Processor speed 200 MHz PLB speed 100 MHz OPB speed 33 MHz Ext Bus speed 25 MHz PCI Bus speed 33 MHz Sync Internal PCI arbiter enabled RAM installed 32MB Flash installed 8MB on processor board CompactFl...

Page 88: ...target name robo1 Autoboot enabled Quick boot no Current FastEthernet 0 MAC address is 00 01 f4 01 01 01 Current FastEthernet 1 MAC address is 00 01 f4 01 01 02 sv This command shows the bootrom version with sample output below XSR 1800 sv X Pedition Security Router Bootrom Copyright 2002 Enterasys Networks Inc HW Version 9002854 02 REV0A Serial Number 0001F4000102 CPU IBM PowerPC 405GP Rev D VxWo...

Page 89: ...ype SafeNet 1140 30 Mbps for 3DES encryption Message Digest MD 5 SHA 1 and public key acceleration System Memory RAM 100 pin SDRAM DIMM connector for 64 Mbytes default of 100 MHz memory modules Non Volatile 8 Mbytes of Onboard Flash Up to 1 Gbyte optional plug in CompactFlash card Type I and II CF cards supported Chassis Form Factor Rack mountable Dimensions 19 1 5U 2 5 high by 14 wide by 10 625 d...

Page 90: ...232 Console serial port with DB 9 connector NIM WAN Slots Dual or Quad synch asynch Serial ports with DB type connector also supporting X 21 V 35 EIA 449 EIA 232 530 combined V 35 EIA 232 530 DTE interfaces with adapter Single dual or quad T1 E1 RJ 48C port s with integral CSU DSU Full channel fractional or unchannelized Single port T3 E3 un channelized NIM with BNC connectors Dual or quad port BR...

Page 91: ...B 04 6 DB 37 EIA 449 DTE twisted pair cable NIM 449 CAB 04 6 DB V 35 DTE twisted pair cable NIM V35 CAB 04 Combined V 35 EIA 232 530 DTE twisted pair cable NIM DBU1 CAB 04 Single unchannelized T1 E1 card Dual unchannelized T1 E1 card Quad unchannelized T1 E1 card RJ48C RJ48C RJ48C NIM T1 E1 01 NIM T1 E1 02 NIM T1 E1 04 T1 E1 NIM card Single channelized T1 E1 ISDN PRI card Dual channelized T1 E1 IS...

Page 92: ...te DIMM memory card upgrade 100 pin female DIMM XSR 128mb MEM Greater tunnel support Rack mount kit Chassis screws XSR 1850 RKMT Mounts chassis on rack Base firmware XSR RS Controls XSR 1850 Firewall and VPN firmware XSR FW UPG Firewall upgrade to VPN code VPN and Firewall firmware XSR VPN UPG VPN upgrade to firewall code Table A 2 XSR Cabling Accessory Guide continued Part Description Connector P...

Page 93: ...ssion to communicate with the router If you use HyperTerminal set the connection properties as follows Connect using Direct to COMx where x is an unused COM port Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control none Refer to Figure A 1 for pinout assignments Figure A 1 Console Port Pinouts Note The XSR default login is Admin with no password Pin Signal 1 Carrier Detect CD 2 Re...

Page 94: ...EE 802 3 standards with 8 pin modular RJ 45 connectors A cross over cable is used to connect the XSR directly to a PC or uplink port while a straight through cable is used to attach the router to a hub or switch Refer to Figure A 2 for pinout assignments Figure A 2 Ethernet Port Pinouts Pin Signal 1 Transmit 2 Transmit 3 Receive 4 Not used 5 Not used 6 Receive 7 Not used 8 Not used Ethernet 1 2 Pi...

Page 95: ...ber optic Ethernet NIM has an MT RJ multi mode interface Both NIMs conform to IEEE 802 3 and PCI 2 2 standards Figure A 3 Copper Ethernet NIM Figure A 4 Fiber optic Ethernet NIM Refer to Figure A 5 for Copper Ethernet NIM pinout assignments Figure A 5 Copper Ethernet NIM Port Pinouts Regulatory Safety Compliance The Copper and Fiber optic Ethernet NIMs comply with these requirements IEE 802 3 UL 1...

Page 96: ...pe male connector Indicates Twisted Pair Notes 1 2 Shield GND is braid on braided cable 3 Shield GND is drain wire on foil shield cable 4 Braid or foil must enter and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused 4 11 2 9 3 10 5 12 6 13 8 1 Receive1 Receive1 Transmt1 Transmit1 Control1 Control1 Indication1 Indication1 Timing1 Timing1 Signal GND...

Page 97: ...DB 25 type male connector Indicates Twisted Pair Notes 1 2 Shield GND is braid on braided cable 3 Shield GND is drain wire on foil shield cab 4 Braid or foil must enter and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused 6 22 DSR1 DSR1 6 22 DSR2 DSR2 Port 1 Port 2 17 18 19 27 21 26 20 23 22 24 28 29 31 32 25 30 3 16 2 14 4 19 5 13 15 12 17 9 7 20...

Page 98: ...r and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused SC0 6 24 4 22 7 25 9 27 5 23 8 26 37 12 30 1 RD1 RD1 SD1 SD1 RS1 RS1 CS1 CS1 ST1 ST1 RT1 RT1 SG1 Shield GND RC1 TR1 TR1 20 19 SC1 6 24 4 22 7 RD2 RD2 SD2 SD2 RS2 11 29 ON1 ON1 11 29 ON2 ON2 Port 1 Port 2 17 18 19 27 21 26 20 23 22 24 28 29 31 32 25 30 51 52 53 61 55 60 54 57 56 58 62 63 65 66 ...

Page 99: ...SCT2 SCT2 SCR2 SCR2 Signal GND Shield GND Signal GND J3 DTR2 PORT 2 V 35 PORT 3 EIA 232 530 Shield GND 17 18 19 27 21 26 20 23 22 24 28 29 31 32 25 30 3 16 2 14 4 19 5 13 15 12 17 9 7 20 23 1 RxD1 RxD1 TxD1 TxD1 RTS1 RTS1 CTS1 CTS1 TxC1 TxC1 RxC1 RxC1 Signal GND Signal GND DTR1 DTR1 J4 6 22 DSR1 DSR1 51 53 61 55 60 54 65 56 66 62 63 59 64 E R T P S C D Y AA V X B H A DSR0 RD0 RD0 SD0 SD0 RTS0 CTS0...

Page 100: ...Braid or foil must enter and make contact inside metal connector hood 5 All connectors must be metal 6 Pins not shown are unused RD1 RD1 SD1 SD1 RTS1 CTS1 SCT1 SCT1 SCR1 SCR1 Signal GND Shield GND Signal GND RD2 RD2 SD2 SD2 RTS2 DTR1 DTR0 R T P S C D Y AA V X B H A R T P S E DSR1 E DSR2 Port 1 Port 2 J1 68 pin male SCSI II type connector J2 J5 V 35 type male connector 17 19 27 21 26 20 22 28 29 31...

Page 101: ... T1 E1 NIM Port Pinouts Regulatory Safety Compliance The T1 E1 ISDN PRI NIM complies with these regulatory requirements PCI Local Bus Specification Rev 2 1 IEEE P1386 Draft 2 4 IEEE P1386 1 Draft 2 4 ANSI T1 403 ITU T G 703 G 704 G 706 G 736 G 775 G 823 I 431 Q 703 AT T TR62411 and TR54016 ETSI ETS 300233 and IEEE 1149 1 The NIM also complies with the following safety requirements CS03 FCC Class B...

Page 102: ...un and its connectors are illustrated in Figure A 14 The grounding shunt is also required to ground unused pins of the RJ 48C connector To install the balun attach the 75 ohm coaxial cables to the BNC connectors and a 120 ohm E1 PRI cable to the RJ 48C port see below for details Figure A 14 Balun for E1 or PRI Connection R X I n T X O u t G 7 0 3 B a l u n M o d e l 4 6 0 M C N I M E 1 C O A X B L...

Page 103: ...ding Shunt Refer to Hardware Installation on page 2 1 to access the E1 card on the XSR Installing Shunt Terminal Strip To install the shunt or terminal strip attach two dual pin units vertically to each four pin jumper P2 P3 P4 or P5 corresponding to the RJ 48C port using a balun as shown in Figure A 16 Any other RJ 48C ports on the NIM card connected to 120 ohm lines do not require shunts Figure ...

Page 104: ...oad Various sub rates are available to provide compatibility with major DSU equipment suppliers Scrambling may also be enabled as required for DSU compatibility Larscom zero suppression is supported Clear channel mode presents the board merely as the line driver for a link carrying HDLC packets where even framing bits are used for data transfer The T3 E3 framer operates in bypass mode and renders ...

Page 105: ... T line as shown in Figure A 18 The Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic See Figure A 19 for pinout assignments Figure A 18 ISDN BRI S T NIM Card RJ 45 ports shown Figure A 19 ISDN BRI S T NIM Pinouts Port 0 Activation LED Port 1 Activation LED Pin Signal 1 Unused 2 Unused 3 Transmit 4 Receive 5 Receive 6 Transmit 7 Unused 8 Unused BRI S T Pin 8 Pin 1 ...

Page 106: ...ations and the orientation of the receive and transmit pairs Refer to Chapter 2 in this manual for directions on accessing the BRI card on the XSR Installing Shunt Terminal Strip To install the shunt or terminal strip attach two dual pin units vertically to P1 and P2 four pin jumpers corresponding to the RJ 45 port using a balun as shown in Figure A 20 Any other RJ 45 ports on the NIM card connect...

Page 107: ...Figure A 22 for pinout assignments Figure A 22 ISDN BRI U NIM Pinouts Regulatory Safety Compliance The ISDN BRI U NIM complies with the following regulatory requirements PCI Local Bus Specification Rev 2 2 IEEE P1386 Draft Rev 2 4 IEEE P1386 1 Draft Rev 2 4 ANSI T1 601 1999 and IEEE 1149 1 The NIM also complies with the following safety requirements FCC Part 68 CS03 FCC Class B UL 1950 IEC 950 and...

Page 108: ... with the remote DSLAM device and is operational when Flashing the line is in training mode LED 2 Data When flashing traffic is active Refer to Figure A 23 for pinout assignments Figure A 24 ADSL NIM Pinouts Regulatory Safety Compliance The ADSL NIM complies with the following regulatory requirements EN 55022 EN 55024 FCC Part 68 CS03 TIA EIA IS 968 T1 413 ITU G 992 1 ITU G 992 2 ITU G 991 2 ITU G...

Page 109: ...ed service even if a power failure occurs or the NIM enters an abnormal state In such an event the two ports are connected bypassing the NIM thus allowing uninterrupted bidirectional voice transmission To ensure service remember to configure voice timeslots on both sides of the connection in the same manner That is if timeslots 3 5 are configued for voice on the NIM the same DS0s should be configu...

Page 110: ...ut Passive current sharing proveds 50 plus or minus 30 of the system load required for 12 and 12 volt outputs It also features over voltage over current and short circuit protection including a 250 volt minimum fuse Figure A 27 XSR 1850 Redundant Power System Up to four power supplies can be installed in the 1U Passive Power Chassis as shown in Figure A 28 which can be rack mounted Two foot long D...

Page 111: ... female contacts each The PCMCIA male interface supports both Type I and Type II CF cards Note that the CF release mechanism pops out when you install the card For instructions on installing the CompactFlash card refer to the Hardware Installation chapter in this manual Figure A 30 CompactFlash Memory Card LED Behavior The ten LEDs located on the XSR front panel display system and port status as d...

Page 112: ... ISDN or HSSI link up OFF NIM slot empty or link not functioning BRI NIM Port 0 1 Cnctd to switch BRI link is activated and ready for traffic This LED is located on the NIM card ADSL NIM 1 Blinking Line is in training mode syncing with DSLAM ON OFF Training mode complete line is operational line down ADSL NIM 2 Blinking Traffic activity in sync with data traffic T3 E3 NIM LOS Loss of Signal LOF Lo...

Page 113: ...board Flash size 1 3 A 1 P pin assignments BRI S T A 17 BRI U A 19 console serial port A 5 Ethernet A 6 Ethernet WAN A 13 A 16 Pinouts 232 530 pinouts A 9 449 pinouts A 10 BRI S T assignments A 17 BRI U assignments A 19 A 20 A 21 console port A 8 Ethernet port A 6 T1 E1 pinouts A 13 V 35 pinouts A 12 X 21 pinouts A 8 power connecting the internal power supply cord 2 9 specifications A 2 powering o...

Page 114: ...lation overview 1 10 LED initialization sequence 3 1 Onboard RAM size A 1 opening a Console session 3 3 processor specs A 1 rebooting characteristics 3 33 sample configuration 3 21 SDRAM size A 1 software configuration overview 3 1 software features 1 3 system memory A 1 T1 E1 pinouts A 13 V 35 pinouts A 12 verifying your shipment 2 1 X 21 pinouts A 8 XSR how to set WAN ports 3 8 XSR 1850 Expediti...

Reviews: