Version
X-Pedition Security Router
XSR-3020 Getting Started Guide
Page
Enterasys Networks, Inc 50 Minuteman Road Andover, MA
Federal Communications Commission FCC Notice
Regulatory Compliance Information
Clase A. Aviso de ITE
Industry Canada Notices
R & TTE Directive Declaration
Class A ITE Notice
Electromagnetic Compatibility EMC
Product Safety
Seguridad del Producto
Produktsicherheit
Supplement to Product Instructions
Manufacturer’s Name Enterasys Networks, Inc
VCCI Notice
BSMI EMC Statement - Taiwan
Declaration of Conformity
VPN Consortium Interoperability
Australian Telecom
Federal Information Processing Standard FIPS Certification
Independent Communications Authority of South Africa
You and Enterasys agree as follows
Enterasys Networks, Inc. Firmware License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT
CAREFULLY READ THIS LICENSE AGREEMENT
5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement
About This Guide
Contents
Chapter 2 Hardware Installation
Chapter 3 Software Configuration
Configuring the WAN Ports
Index
Appendix A Specifications
Page
Contents of the Guide
About This Guide
Conventions Used in This Guide
Italics/It áli ca
Bold/En negrilla
Getting Help
Page
System Description
Overview
Figure 1-1 Typical XSR-3020 Topology
Hardware Features
Figure 1-2 XSR-3020
IP Protocol
Software Features
Operating System
Industry-common CLI
SNMP and Statistics Gathering
IP Routing
Frame Relay
Security
Integrated Services Digital Network ISDN - BRI/PRI
Dynamic Host Configuration Protocol DHCP
Virtual Private Network VPN
Quality of Service QoS
GRE over IPSec
Dial-on-Demand/Bandwidth-on-Demand DoD/BoD
Dial Service
Dial Backup
Asynchronous Digital Subscriber Line ADSL
Installation Overview
1-12 Overview
Installation Overview
Verifying Your Shipment
Hardware Installation
Installation Site Suggestions
Introduction
Figure 2-1 Removing XSR Cover
Installing NIM Cards and Rack Mounting
Figure 2-3 Attaching NIM card to Motherboard
Figure 2-2 Removing NIM Slot Cover
3020
Figure 2-4 Fastening Rack Brackets
Figure 2-5 Attaching XSR to Rack
3020
Figure 2-7 Removing CompactFlash Cover Plate
Installing a CompactFlash Memory Card
CompactFlash Card Installation
Figure 2-6 Typical CompactFlash Card
CompactFlash Card for the ADSL NIM
Formatting the CompactFlash Card
Figure 2-8 Installing CompactFlash Card
Connecting Cables
Figure 2-9 Connecting Serial COM Console Cable
Figure 2-10 Attaching T1/PRI or BRI Port Connector
ENABLE
Figure 2-11 Connecting High Speed Serial Connector
Figure 2-12 Attaching T3/E3 BNC Connectors
ALARM
NIM1
Figure 2-13 Connecting ADSL Connector
Figure 2-14 Attaching T1 Drop & Insert Connector
3020
ETH3
Figure 2-15 Attaching Ethernet Connector
Figure 2-16 Inserting Mini-GBIC Module
Link TX G
3020
Figure 2-17 Attaching Ethernet LAN NIM Connector
Figure 2-18 Attaching Ethernet Fiber LAN NIM Connector
3020
200~240V~0.25A
Figure 2-19 Connecting Power Supply Cord
100~125V~1
LINE
Initializing XSR Software
Software Configuration
ETHERNET Activity LEDs blink when frames pass on the LAN
Characteristics” on page
Optional Configuring Remote Auto Install
Configuring RAI for Frame Relay
Opening a COM Console Session
XSRconfig-ifS1/0.1#exit XSRconfigexit
Configuring RAI over ADSL
Configuring RAI for DHCP over LAN
Page
3. Enter hostname your XSR designation
Configuring the XSR Name and User Information
Setting the Clock
Setting User Name, Privilege and Password
Configuring the LAN Ports
Configuring the WAN Ports
PRI Configuration
BRI Configuration
BRI Leased Line
BRI Leased Frame Relay
BRI Switched Line
ADSL Configuration
PPPoE
PPPoA
IPoA
Firewall Sample Configuration
Figure 3-1 XSR with Firewall Topology
Setting Up RIP Routing
Setting Up RIP Routing
3-14 Software Configuration
Configuring Frame Relay Point to Point Networks
Configure OSPF Routing
Setting Up an SNMP Community String, Traps and V3 Values
Configuring Message Logging and Severity Level
Viewing Your Configuration
7. Optional. For SNMPv3, enter snmp-server user username group name
X-Pedition Products
Connecting Remotely via the Web
Figure 3-2 Initial Web Access Window
Product Version
Figure 3-3 Web Product Version Window
LAN-PPP Services Sample Configuration
Figure 3-4 Sample LAN-PPP Services Configuration
Backup Site Hostname branch2
Frame Relay WAN Link with PPP Backup Sample Configuration
Configure Users and Passwords
Configure LAN Interface
Configure Quality of Service
Configure WAN/Frame Relay Port
Configure OSPF Routing
Configure More Access Lists
Apply QoS
Configure the Dial Backup Connection
Configure DHCP/BOOTP Relay
Branch Sites
VPN Site-to-Site Sample Configuration
Configure SNMP
Central Site
Generate Master Encryption Key
Configure Access Control Lists
Set Up IKE Phase I Security
Configure IKE Policy for Remote Peer
Configure Crypto Maps
Configuring VPN at Interface Mode and Setting Up RIP
Create a Transform Set
Configuring Authentication AAA
VPN Sample Configuration with Network Extension Mode
Gigabitethernet 2 26.26.26.10/24
Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Access
GigabitEthernet 1 172.16.10/24
eth0 10.11.11.1/24
Create the ISAKMP IKE global peer
Initialization Output
XSR Rebooting Characteristics
Cause
Reboot Triggers
Table 1 Reboot Triggers
Boot Type
Reload Command from the CLI
Power-up Error Conditions
Table 1 Reboot Triggers continued
Power-Up Reboot
Bootrom Monitor Mode Commands
Page
copy
Page
rename
remove
This command shows network values with the following sample output
This command shows the bootrom version with sample output below
3-42 Software Configuration
Bootrom Monitor Mode Commands
Category
Specifications
System Specifications
Table A-1 XSR Hardware Specifications
Connector
Cable, CompactFlash and Accessory Specifications
Table A-1 XSR Hardware Specifications continued
Table A-2 XSR Cabling/Accessory Guide
Part Description
Table A-2 XSR Cabling/Accessory Guide continued
Connector
Cable, CompactFlash and Accessory Specifications
COM Console Port
Signal
Figure A-1 COM Port Pinouts
Figure A-2 GigaBitEthernet Port Pinouts Eth
GigabitEthernet Ports
Mini-GBIC Fiber, Copper Port
Signal
Figure A-3 Copper Ethernet NIM
Regulatory/Safety Compliance
Copper/Fiber-optic Ethernet NIMs
Signal
Figure A-6 High Speed Serial NIM Port
2/4-Port Serial NIM Card Port
J1 68-pin male SCSI II type connector
J2 - J5 DB-15 type male connector
EIA-232/530 DTE Pin Assignments
J1 68-pin male SCSI II type connector
J2 - J5 DB-25 type male RxD2+connector
Figure A-8
EIA-449 DTE Pin Assignments
J2 - J5 DB-37 type male connector
J1 68-pin male SCSI RD2+II type connector
Figure A-9
Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments
J1 68-pin male SCSI III-type connector
J3, J5 V.35-type male connector
J2. J4 DB-25-type male connector Pins not shown are unused
V.35 DTE Pin Assignments
J1 68-pin male SCSI II type connector
J2 - J5 V.35 type male connector
Figure A-11
Figure A-12 4-Port T1/E1/ISDN PRI NIM Card RJ-48C ports shown
T1/E1/ISDN PRI NIM Card Ports
Regulatory/Safety Compliance
Signal
Figure A-15 Sample Grounding Shunt
Balun for E1 or PRI NIM Cards
Grounding Shunt for E1 NIM Cards
Figure A-14 Balun for E1 or PRI Connection
Figure A-16 Installing a Grounding Shunt on the E1 NIM Card
Installing Shunt/Terminal Strip
T3/E3 NIM Card
Regulatory/Safety Compliance
Figure A-17 1-Port T3/E3 NIM Card
Figure A-19 ISDN BRI-S/T -NIM Pinouts
1/2-Port BRI-S/T NIM Card Ports
Signal
Figure A-18 ISDN BRI-S/T NIM Card RJ-45 ports shown
Receive Pair Termination
Termination Shunt for the ISDN BRI-S/T NIM Card
Installing Shunt/Terminal Strip
Figure A-20 Installing a Termination Shunt on BRI-S/T NIM Card
Figure A-21 ISDN BRI-U NIM Card RJ-49C ports shown
1/2-Port BRI-U NIM Card Ports
Regulatory/Safety Compliance
Signal
Figure A-23 ADSL NIM Card
1-Port ADSL NIM Card Port
Regulatory/Safety Compliance
Signal
Figure A-25 T1/E1 D&I NIM Card
T1/E1 Drop & Insert D&I NIM
Regulatory/Safety Compliance
Signal
Figure A-28 XSR LEDs
CompactFlash Memory Card
LED Behavior
Figure A-27 CompactFlash Memory Card
Table A-3 LED Description continued
State
Function
Index
how to attach the Ethernet serial cable