Version
X-Pedition Security Router
XSR-3020 Getting Started Guide
Page
Enterasys Networks, Inc 50 Minuteman Road Andover, MA
Regulatory Compliance Information
Federal Communications Commission FCC Notice
Class A ITE Notice
Industry Canada Notices
R & TTE Directive Declaration
Clase A. Aviso de ITE
Produktsicherheit
Product Safety
Seguridad del Producto
Electromagnetic Compatibility EMC
Supplement to Product Instructions
Declaration of Conformity
VCCI Notice
BSMI EMC Statement - Taiwan
Manufacturer’s Name Enterasys Networks, Inc
Independent Communications Authority of South Africa
Australian Telecom
Federal Information Processing Standard FIPS Certification
VPN Consortium Interoperability
CAREFULLY READ THIS LICENSE AGREEMENT
Enterasys Networks, Inc. Firmware License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT
You and Enterasys agree as follows
5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement
Chapter 3 Software Configuration
Contents
Chapter 2 Hardware Installation
About This Guide
Configuring the WAN Ports
Appendix A Specifications
Index
Page
Contents of the Guide
About This Guide
Conventions Used in This Guide
Bold/En negrilla
Italics/It áli ca
Getting Help
Page
Overview
System Description
Hardware Features
Figure 1-1 Typical XSR-3020 Topology
Figure 1-2 XSR-3020
Industry-common CLI
Software Features
Operating System
IP Protocol
IP Routing
SNMP and Statistics Gathering
Security
Frame Relay
Dynamic Host Configuration Protocol DHCP
Integrated Services Digital Network ISDN - BRI/PRI
Quality of Service QoS
Virtual Private Network VPN
GRE over IPSec
Asynchronous Digital Subscriber Line ADSL
Dial Service
Dial Backup
Dial-on-Demand/Bandwidth-on-Demand DoD/BoD
Installation Overview
Installation Overview
1-12 Overview
Introduction
Hardware Installation
Installation Site Suggestions
Verifying Your Shipment
Installing NIM Cards and Rack Mounting
Figure 2-1 Removing XSR Cover
Figure 2-2 Removing NIM Slot Cover
Figure 2-3 Attaching NIM card to Motherboard
3020
Figure 2-4 Fastening Rack Brackets
Figure 2-5 Attaching XSR to Rack
3020
Figure 2-6 Typical CompactFlash Card
Installing a CompactFlash Memory Card
CompactFlash Card Installation
Figure 2-7 Removing CompactFlash Cover Plate
CompactFlash Card for the ADSL NIM
Formatting the CompactFlash Card
Figure 2-8 Installing CompactFlash Card
Connecting Cables
Figure 2-9 Connecting Serial COM Console Cable
Figure 2-10 Attaching T1/PRI or BRI Port Connector
ALARM
Figure 2-11 Connecting High Speed Serial Connector
Figure 2-12 Attaching T3/E3 BNC Connectors
ENABLE
3020
Figure 2-13 Connecting ADSL Connector
Figure 2-14 Attaching T1 Drop & Insert Connector
NIM1
Link TX G
Figure 2-15 Attaching Ethernet Connector
Figure 2-16 Inserting Mini-GBIC Module
ETH3
3020
Figure 2-17 Attaching Ethernet LAN NIM Connector
Figure 2-18 Attaching Ethernet Fiber LAN NIM Connector
3020
LINE
Figure 2-19 Connecting Power Supply Cord
100~125V~1
200~240V~0.25A
Software Configuration
Initializing XSR Software
ETHERNET Activity LEDs blink when frames pass on the LAN
Opening a COM Console Session
Optional Configuring Remote Auto Install
Configuring RAI for Frame Relay
Characteristics” on page
XSRconfig-ifS1/0.1#exit XSRconfigexit
Configuring RAI for DHCP over LAN
Configuring RAI over ADSL
Page
Setting User Name, Privilege and Password
Configuring the XSR Name and User Information
Setting the Clock
3. Enter hostname your XSR designation
Configuring the LAN Ports
Configuring the WAN Ports
PRI Configuration
BRI Configuration
BRI Leased Line
BRI Leased Frame Relay
BRI Switched Line
ADSL Configuration
PPPoE
PPPoA
Firewall Sample Configuration
IPoA
Figure 3-1 XSR with Firewall Topology
Setting Up RIP Routing
Setting Up RIP Routing
3-14 Software Configuration
Configure OSPF Routing
Configuring Frame Relay Point to Point Networks
Setting Up an SNMP Community String, Traps and V3 Values
Configuring Message Logging and Severity Level
Viewing Your Configuration
7. Optional. For SNMPv3, enter snmp-server user username group name
Product Version
Connecting Remotely via the Web
Figure 3-2 Initial Web Access Window
X-Pedition Products
Figure 3-3 Web Product Version Window
LAN-PPP Services Sample Configuration
Figure 3-4 Sample LAN-PPP Services Configuration
Backup Site Hostname branch2
Frame Relay WAN Link with PPP Backup Sample Configuration
Configure Users and Passwords
Configure LAN Interface
Configure Quality of Service
Configure WAN/Frame Relay Port
Configure OSPF Routing
Configure More Access Lists
Apply QoS
Configure DHCP/BOOTP Relay
Configure the Dial Backup Connection
Central Site
VPN Site-to-Site Sample Configuration
Configure SNMP
Branch Sites
Configure IKE Policy for Remote Peer
Configure Access Control Lists
Set Up IKE Phase I Security
Generate Master Encryption Key
Configure Crypto Maps
Configuring VPN at Interface Mode and Setting Up RIP
Create a Transform Set
VPN Sample Configuration with Network Extension Mode
Configuring Authentication AAA
eth0 10.11.11.1/24
Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Access
GigabitEthernet 1 172.16.10/24
Gigabitethernet 2 26.26.26.10/24
Create the ISAKMP IKE global peer
XSR Rebooting Characteristics
Initialization Output
Boot Type
Reboot Triggers
Table 1 Reboot Triggers
Cause
Power-Up Reboot
Power-up Error Conditions
Table 1 Reboot Triggers continued
Reload Command from the CLI
Bootrom Monitor Mode Commands
Page
copy
Page
remove
rename
This command shows network values with the following sample output
This command shows the bootrom version with sample output below
Bootrom Monitor Mode Commands
3-42 Software Configuration
Table A-1 XSR Hardware Specifications
Specifications
System Specifications
Category
Table A-2 XSR Cabling/Accessory Guide
Cable, CompactFlash and Accessory Specifications
Table A-1 XSR Hardware Specifications continued
Connector
Cable, CompactFlash and Accessory Specifications
Table A-2 XSR Cabling/Accessory Guide continued
Connector
Part Description
COM Console Port
Signal
Figure A-1 COM Port Pinouts
Signal
GigabitEthernet Ports
Mini-GBIC Fiber, Copper Port
Figure A-2 GigaBitEthernet Port Pinouts Eth
Signal
Regulatory/Safety Compliance
Copper/Fiber-optic Ethernet NIMs
Figure A-3 Copper Ethernet NIM
J2 - J5 DB-15 type male connector
2/4-Port Serial NIM Card Port
J1 68-pin male SCSI II type connector
Figure A-6 High Speed Serial NIM Port
Figure A-8
J1 68-pin male SCSI II type connector
J2 - J5 DB-25 type male RxD2+connector
EIA-232/530 DTE Pin Assignments
Figure A-9
J2 - J5 DB-37 type male connector
J1 68-pin male SCSI RD2+II type connector
EIA-449 DTE Pin Assignments
J2. J4 DB-25-type male connector Pins not shown are unused
J1 68-pin male SCSI III-type connector
J3, J5 V.35-type male connector
Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments
Figure A-11
J1 68-pin male SCSI II type connector
J2 - J5 V.35 type male connector
V.35 DTE Pin Assignments
Signal
T1/E1/ISDN PRI NIM Card Ports
Regulatory/Safety Compliance
Figure A-12 4-Port T1/E1/ISDN PRI NIM Card RJ-48C ports shown
Figure A-14 Balun for E1 or PRI Connection
Balun for E1 or PRI NIM Cards
Grounding Shunt for E1 NIM Cards
Figure A-15 Sample Grounding Shunt
Installing Shunt/Terminal Strip
Figure A-16 Installing a Grounding Shunt on the E1 NIM Card
T3/E3 NIM Card
Regulatory/Safety Compliance
Figure A-17 1-Port T3/E3 NIM Card
Figure A-18 ISDN BRI-S/T NIM Card RJ-45 ports shown
1/2-Port BRI-S/T NIM Card Ports
Signal
Figure A-19 ISDN BRI-S/T -NIM Pinouts
Figure A-20 Installing a Termination Shunt on BRI-S/T NIM Card
Termination Shunt for the ISDN BRI-S/T NIM Card
Installing Shunt/Terminal Strip
Receive Pair Termination
Signal
1/2-Port BRI-U NIM Card Ports
Regulatory/Safety Compliance
Figure A-21 ISDN BRI-U NIM Card RJ-49C ports shown
Signal
1-Port ADSL NIM Card Port
Regulatory/Safety Compliance
Figure A-23 ADSL NIM Card
Signal
T1/E1 Drop & Insert D&I NIM
Regulatory/Safety Compliance
Figure A-25 T1/E1 D&I NIM Card
Figure A-27 CompactFlash Memory Card
CompactFlash Memory Card
LED Behavior
Figure A-28 XSR LEDs
Table A-3 LED Description continued
State
Function
Index
how to attach the Ethernet serial cable