X-Pedition Security Router
Version
XSR-3020 Getting Started Guide
Page
Enterasys Networks, Inc 50 Minuteman Road Andover, MA
Federal Communications Commission FCC Notice
Regulatory Compliance Information
R & TTE Directive Declaration
Industry Canada Notices
Class A ITE Notice
Clase A. Aviso de ITE
Seguridad del Producto
Product Safety
Produktsicherheit
Electromagnetic Compatibility EMC
Supplement to Product Instructions
BSMI EMC Statement - Taiwan
VCCI Notice
Declaration of Conformity
Manufacturer’s Name Enterasys Networks, Inc
Federal Information Processing Standard FIPS Certification
Australian Telecom
Independent Communications Authority of South Africa
VPN Consortium Interoperability
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT
Enterasys Networks, Inc. Firmware License Agreement
CAREFULLY READ THIS LICENSE AGREEMENT
You and Enterasys agree as follows
5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement
Chapter 2 Hardware Installation
Contents
Chapter 3 Software Configuration
About This Guide
Configuring the WAN Ports
Index
Appendix A Specifications
Page
About This Guide
Contents of the Guide
Conventions Used in This Guide
Italics/It áli ca
Bold/En negrilla
Getting Help
Page
System Description
Overview
Figure 1-1 Typical XSR-3020 Topology
Hardware Features
Figure 1-2 XSR-3020
Operating System
Software Features
Industry-common CLI
IP Protocol
SNMP and Statistics Gathering
IP Routing
Frame Relay
Security
Integrated Services Digital Network ISDN - BRI/PRI
Dynamic Host Configuration Protocol DHCP
Virtual Private Network VPN
Quality of Service QoS
GRE over IPSec
Dial Backup
Dial Service
Asynchronous Digital Subscriber Line ADSL
Dial-on-Demand/Bandwidth-on-Demand DoD/BoD
Installation Overview
1-12 Overview
Installation Overview
Installation Site Suggestions
Hardware Installation
Introduction
Verifying Your Shipment
Figure 2-1 Removing XSR Cover
Installing NIM Cards and Rack Mounting
Figure 2-3 Attaching NIM card to Motherboard
Figure 2-2 Removing NIM Slot Cover
Figure 2-5 Attaching XSR to Rack
Figure 2-4 Fastening Rack Brackets
3020
3020
CompactFlash Card Installation
Installing a CompactFlash Memory Card
Figure 2-6 Typical CompactFlash Card
Figure 2-7 Removing CompactFlash Cover Plate
Formatting the CompactFlash Card
CompactFlash Card for the ADSL NIM
Figure 2-8 Installing CompactFlash Card
Figure 2-9 Connecting Serial COM Console Cable
Connecting Cables
Figure 2-10 Attaching T1/PRI or BRI Port Connector
Figure 2-12 Attaching T3/E3 BNC Connectors
Figure 2-11 Connecting High Speed Serial Connector
ALARM
ENABLE
Figure 2-14 Attaching T1 Drop & Insert Connector
Figure 2-13 Connecting ADSL Connector
3020
NIM1
Figure 2-16 Inserting Mini-GBIC Module
Figure 2-15 Attaching Ethernet Connector
Link TX G
ETH3
Figure 2-18 Attaching Ethernet Fiber LAN NIM Connector
Figure 2-17 Attaching Ethernet LAN NIM Connector
3020
3020
100~125V~1
Figure 2-19 Connecting Power Supply Cord
LINE
200~240V~0.25A
Initializing XSR Software
Software Configuration
ETHERNET Activity LEDs blink when frames pass on the LAN
Configuring RAI for Frame Relay
Optional Configuring Remote Auto Install
Opening a COM Console Session
Characteristics” on page
XSRconfig-ifS1/0.1#exit XSRconfigexit
Configuring RAI over ADSL
Configuring RAI for DHCP over LAN
Page
Setting the Clock
Configuring the XSR Name and User Information
Setting User Name, Privilege and Password
3. Enter hostname your XSR designation
Configuring the WAN Ports
Configuring the LAN Ports
PRI Configuration
BRI Leased Line
BRI Configuration
BRI Leased Frame Relay
BRI Switched Line
PPPoE
ADSL Configuration
PPPoA
IPoA
Firewall Sample Configuration
Figure 3-1 XSR with Firewall Topology
Setting Up RIP Routing
Setting Up RIP Routing
3-14 Software Configuration
Configuring Frame Relay Point to Point Networks
Configure OSPF Routing
Setting Up an SNMP Community String, Traps and V3 Values
Viewing Your Configuration
Configuring Message Logging and Severity Level
7. Optional. For SNMPv3, enter snmp-server user username group name
Figure 3-2 Initial Web Access Window
Connecting Remotely via the Web
Product Version
X-Pedition Products
Figure 3-3 Web Product Version Window
Figure 3-4 Sample LAN-PPP Services Configuration
LAN-PPP Services Sample Configuration
Backup Site Hostname branch2
Frame Relay WAN Link with PPP Backup Sample Configuration
Configure LAN Interface
Configure Users and Passwords
Configure Quality of Service
Configure WAN/Frame Relay Port
Configure More Access Lists
Configure OSPF Routing
Apply QoS
Configure the Dial Backup Connection
Configure DHCP/BOOTP Relay
Configure SNMP
VPN Site-to-Site Sample Configuration
Central Site
Branch Sites
Set Up IKE Phase I Security
Configure Access Control Lists
Configure IKE Policy for Remote Peer
Generate Master Encryption Key
Configuring VPN at Interface Mode and Setting Up RIP
Configure Crypto Maps
Create a Transform Set
Configuring Authentication AAA
VPN Sample Configuration with Network Extension Mode
GigabitEthernet 1 172.16.10/24
Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Access
eth0 10.11.11.1/24
Gigabitethernet 2 26.26.26.10/24
Create the ISAKMP IKE global peer
Initialization Output
XSR Rebooting Characteristics
Table 1 Reboot Triggers
Reboot Triggers
Boot Type
Cause
Table 1 Reboot Triggers continued
Power-up Error Conditions
Power-Up Reboot
Reload Command from the CLI
Bootrom Monitor Mode Commands
Page
copy
Page
rename
remove
This command shows network values with the following sample output
This command shows the bootrom version with sample output below
3-42 Software Configuration
Bootrom Monitor Mode Commands
System Specifications
Specifications
Table A-1 XSR Hardware Specifications
Category
Table A-1 XSR Hardware Specifications continued
Cable, CompactFlash and Accessory Specifications
Table A-2 XSR Cabling/Accessory Guide
Connector
Connector
Table A-2 XSR Cabling/Accessory Guide continued
Cable, CompactFlash and Accessory Specifications
Part Description
Signal
COM Console Port
Figure A-1 COM Port Pinouts
Mini-GBIC Fiber, Copper Port
GigabitEthernet Ports
Signal
Figure A-2 GigaBitEthernet Port Pinouts Eth
Copper/Fiber-optic Ethernet NIMs
Regulatory/Safety Compliance
Signal
Figure A-3 Copper Ethernet NIM
J1 68-pin male SCSI II type connector
2/4-Port Serial NIM Card Port
J2 - J5 DB-15 type male connector
Figure A-6 High Speed Serial NIM Port
J2 - J5 DB-25 type male RxD2+connector
J1 68-pin male SCSI II type connector
Figure A-8
EIA-232/530 DTE Pin Assignments
J1 68-pin male SCSI RD2+II type connector
J2 - J5 DB-37 type male connector
Figure A-9
EIA-449 DTE Pin Assignments
J3, J5 V.35-type male connector
J1 68-pin male SCSI III-type connector
J2. J4 DB-25-type male connector Pins not shown are unused
Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments
J2 - J5 V.35 type male connector
J1 68-pin male SCSI II type connector
Figure A-11
V.35 DTE Pin Assignments
Regulatory/Safety Compliance
T1/E1/ISDN PRI NIM Card Ports
Signal
Figure A-12 4-Port T1/E1/ISDN PRI NIM Card RJ-48C ports shown
Grounding Shunt for E1 NIM Cards
Balun for E1 or PRI NIM Cards
Figure A-14 Balun for E1 or PRI Connection
Figure A-15 Sample Grounding Shunt
Figure A-16 Installing a Grounding Shunt on the E1 NIM Card
Installing Shunt/Terminal Strip
Regulatory/Safety Compliance
T3/E3 NIM Card
Figure A-17 1-Port T3/E3 NIM Card
Signal
1/2-Port BRI-S/T NIM Card Ports
Figure A-18 ISDN BRI-S/T NIM Card RJ-45 ports shown
Figure A-19 ISDN BRI-S/T -NIM Pinouts
Installing Shunt/Terminal Strip
Termination Shunt for the ISDN BRI-S/T NIM Card
Figure A-20 Installing a Termination Shunt on BRI-S/T NIM Card
Receive Pair Termination
Regulatory/Safety Compliance
1/2-Port BRI-U NIM Card Ports
Signal
Figure A-21 ISDN BRI-U NIM Card RJ-49C ports shown
Regulatory/Safety Compliance
1-Port ADSL NIM Card Port
Signal
Figure A-23 ADSL NIM Card
Regulatory/Safety Compliance
T1/E1 Drop & Insert D&I NIM
Signal
Figure A-25 T1/E1 D&I NIM Card
LED Behavior
CompactFlash Memory Card
Figure A-27 CompactFlash Memory Card
Figure A-28 XSR LEDs
State
Table A-3 LED Description continued
Function
Index
how to attach the Ethernet serial cable