Firewall cli, asa services module, and the adaptive security virtual appliance (429 pages)
Summary of Contents for Cisco SCE 2000 4/8xFE
Cisco SCE 2000 4/8xFE Quick Start Guide Version 3.0.5 OL-7823-05 Documentation and Resources Prepare for Installation Rack-Mount the SCE 2000 Connect the Power Supply Units Connect the Management Interfaces and Perform Initial System Configuration Cable the Line Ports Completing the Installation...
Documentation and Resources Obtaining Documentation • http://www.cisco.com • http://www-china.cisco.com http://www-europe.cisco.com • • Registered Cisco Direct Customers can order Cisco Product documentation from the networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: •...
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Attn Document Resource Connection Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.
Prepare for Installation This section contains warnings, information about tools and parts, site preparation information, and information for workbench or tabletop installation and rack-mount installation. This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any Warning equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.
Locate and have accessible the Site Log for recording information about this installation. • Tools and Parts Use the following list of tools and parts as a checklist for preparing for installing the SCE 2000 platform: Appropriate cables to connect the SCE 2000 to the network and console terminal •...
Remove the adhesive strips from the four rubber feet and affix the feet onto the four marked locations on the Step 1 bottom panel of the unit. Place the SCE 2000 platform on the tabletop or workbench. Step 2...
Rack-Mount the SCE 2000 This section provides information for rack-mounting the SCE 2000 platform. There are two standard types of equipment racks, and the appropriate brackets for each are provided in the enclosed kit. 19” rack with front rack posts — the mounting kit includes two mounting brackets as illustrated below: •...
Figure 3: Attaching the Mounting Brackets (2-post) To install the rack-mount brackets on the SCE 2000 chassis, complete the following steps: Before installing the SCE 2000 in the rack, you must first install a rack-mount bracket on each side of the front of the SCE 2000.
Attach the Crossrail Supports to the Rack Figure 5: Attaching the Crossrails to the Rack Step 1 Align the crossrail supports with the side of the rack, parallel to the floor. Insert and tighten two screws to the front posts or mounting strips of the rack Step 2 Insert and tighten two screws to the Back posts of the rack.
Step 3 Slide the SCE 2000 into the rack, pushing it back until the brackets (installed at the front of the SCE 2000) meet the mounting strips or posts on both sides of the rack. A rack with both front and back posts will have the crossrail supports installed. Slide the SCE 2000 onto these crossrails and push it all the way back.
Connect the Power Supply Units This section provides information for grounding the SCE 2000 platform and connecting the AC or DC power supply units. Connect the Chassis Ground Figure 8: Grounding the Unit (AC) Figure 9: Grounding the Unit (DC) A Grounding kit is provided with each SCE 2000.
Step 2 Attach the grounding cable (green and yellow colored cable), firmly fastening the (enclosed) hex nuts and spring washers with a #¼” hex wrench (refer to the appropriate figure for an AC- or DC-powered SCE 2000 above). The other side of the grounding cable must be connected to the site equivalent of the AC earth. Connect the Power The following sections describe how to reconnect the AC or DC power: Connect the DC-Input Power Supply Unit...
Step 3 Insert one receptacle screw into the hex or loop connector on one power line input, insert the screw with the connector into the corresponding lead receptacle and tighten the receptacle screw using the number 2 Phillips. Repeat for the remaining power line input lead. Note The color coding of the DC-input power supply leads depends on the color coding of the DC power source at your site.
Step 4 Look at the IN and OK LEDs on the power supply unit and the corresponding Power LED on the front panel. If the AC-input power supply unit is operating properly, these LEDs will be glowing green. Ensure that the power supply is properly aligned and the installation screw is tightened. Step 5...
Connect the Management Interfaces and Perform Initial System Configuration This section explains how to connect the SCE 2000 platform to a local console and perform the initial system configuration via the setup wizard that runs automatically. Additionally, this section contains instructions for cabling the Fast Ethernet Management interface. When installing a cascaded system, it is extremely important to follow the sequence of procedures outlined in the section Note Installing a Cascaded System...
--- System Configuration Dialog --- At any point you may enter a question mark ‘?’ followed by ‘Enter’ for help. Use ctrl-C to abort configuration dialog at any prompt. Use ctrl-Z to jump to the end of the configuration dialog at any prompt. Default settings are in square brackets ‘’.
Parameter Definition root password Root level password. Character string from 4-100 characters beginning with an alpha character. password encryption Enable or disable password encryption? status Time Settings time zone name and Standard time zone abbreviation and minutes offset from UTC. offset local time and date Current local time and date.
Parameter Definition GET community names Community strings to allow GET access and associated ACLs (maximum 20). SET community names Community strings to allow SET access and associated ACLs (maximum 20). trap managers (maximum Trap manager IP address, community string, and SNMP version. Authentication Failure Sets the status of the Authentication Failure traps.
In certain cases, there will be two or more logically related parameters within a menu. In these situations, it is not • permitted to jump to the end of the setup dialog until all related parameters are configured. If you try to jump to the end of the setup dialog, the following message will appear: “...
XAMPLE The following example displays a typical configuration of the IP address (10.1.5.109), subnet mask (255.255.0.0), and default gateway (10.1.1.3). Since the IP address and the subnet mask are related, when the IP address is changed, there is no longer a default value of the subnet mask, and it must be entered explicitly.
Passwords are case sensitive. Note The default password for all levels is “cisco”. Note To change the passwords, complete the following steps: The default User password is displayed. Step 1 To accept the displayed value, press Enter. • To change the value, type the desired string and press Enter. •...
SNTP menu • You must enter the time setting menu in order to configure SNTP settings. You may choose to skip the time settings menu if you wish to accept all default values. Unlike all other settings defined in the system configuration, setting the time is done immediately and not at the end of the Note setup process.
To change the value, type the desired number of seconds (64 through 1024) and press Enter. • Enter time interval in seconds between unicast updates : Step 8 You may enter an IP address for the SNTP unicast server. Type in the hostname or the IP address in the form x.x.x.x, and press Enter Would you like to configure SNTP unicast servers? [no]: y Enter IP address or hostname of SNTP unicast server: 10.1.1.1...
Step 3 Type the default domain name to be used, and press Enter. Note that there is no default domain name. You may accept the default domain name or enter a new one. Enter default domain name : Step 4 Type the IP address of the primary domain name server and press Enter.
Note that there is no default for this parameter. Enter RDR-formatter destination’s TCP port number: XAMPLE Following is a sample RDR-formatter configuration dialog, assigning the IP address and TCP port number. Would you like to enter the RDR-formatter configuration menu? [no]: y Enter RDR-formatter destination’s IP address: 10.1.1.230 Enter RDR-formatter destination’s TCP port number: 33000 Step 7: Configuring Access Control Lists (ACLs)
Table 5-2 IP address/Wildcard bit examples Initial IP address Wildcard bits 10.1.1.0 0.0.0.255 10.1.1.0 0.0.0.63 10.1.1.0 0.0.0.0 Order of Entries The order of the entries in the list is important. The entries in the list are tested sequentially, and the action is determined by the first entry that matches the connecting IP address.
To permit access press Enter. • To deny access type n and press Enter. • Does this entry permit access? [yes]: Type the IP address to be added to this list, and press Enter. Type “any” and press Enter to include any IP address in the ACL. Note that there is no default for this parameter.
Enter Telnet access-class : 2 XAMPLE This example illustrates a common access control scenario. Let us assume the following: • We want to permit every station to access the SCE platform on the management port (e.g. ping, SNMP polling etc.). We want to restrict Telnet access to only a few permitted stations.
To configure SNMP parameters, complete the following steps: Enter the SNMP configuration menu. Step 1 Would you like to enter the SNMP configuration menu? [no]: y Type y and press Enter. The SNMP configuration dialog begins. Step 2 Enable SNMP management. Type y and press Enter.
Would you like to add another SNMP SET community? [no]:y Enter up to 20 SNMP SET communities as described in step 6 and step 7. When all entries have been added, press Enter • Would you like to add another SNMP SET community? [no]: Enter the SNMP trap managers menu.
XAMPLE Following is a sample SNMP configuration, configuring one trap manager, one GET community, and one SET community, and enabling the authentication failure trap, as well as all enterprise traps. Would you like to enter the SNMP configuration menu? [no]: y Enable SNMP management? [no]: y Enter SNMP GET community name: public Enter Access list number allowing access with this community string, use ‘0’...
Link-0 — the link connected to this SCE 2000 is identified as 0. • Link-1 — the link connected to this SCE 2000 is identified as 1. • Priority (cascade topology only) — In a cascade topology, this parameter determines which SCE 2000 is chosen as •...
To specify link-0, press Enter. • To specify link-1, type 1 and press Enter. • Enter Physically connected link: 0- link-0 1- link-1 Enter your choice : Step 5 Specify the SCE 2000 priority. To specify Primary, press Enter. • To specify Secondary, type 2 and press Enter.
XAMPLE Following is a sample topology configuration for a non-redundant inline topology. In this topology, a single SCE 2000 is connected to one or two FE links. When the inline connection mode is specified, the user must specify the on-failure link behavior. Would you like to enter the Topology configuration menu? [no]: y Enter Connection mode: 1- inline...
Step 10: Completing and Saving the Configuration When you have completed the entire configuration, the system checks for errors. If errors are found, a warning message appears. When the configuration is error-free, you may apply and save it. To complete and save the configuration, complete the following steps: The system informs you that data collection is complete.
Enter a full FTP path of the remote destination: Step 6 The system informs you that the configuration is complete. Committing configuration... Configuration completed successfully. Saving configuration... Writing general configuration file to temporary location... Backing-up general configuration file... Copy temporary file to final location... Done! This completes the procedures for initial configuration of the SCE 2000 platform.
XAMPLE Following is an example of a configuration that was applied and saved to the startup configuration as well as to an FTP site. Although not demonstrated in this example, it is recommended that you always view the configuration before applying it. Data collection for the system configuration is completed.
The SCE 2000 has two management ports, labeled Mng1 and Mng 2. Use the Mng 1 port. Plug the Ethernet cable provided (with attached RJ-45 connector) into the Mng 1 port on the front panel of the Step 1 SCE 2000. Connect the other end of the Ethernet cable into your management network.
Cable the Line Ports This section provides instructions for cabling the Fast Ethernet ports for both one and two SCE 2000 topologies, and for configuring Fast Ethernet (FE) interface parameters. In a topology utilizing two SCE 2000s (cascade), this includes the cascade ports as well as the line ports.
Single Link: Inline Topology In the inline topology, the SCE 2000 resides physically on the FE (Fast Ethernet) link between the subscribers, which are usually connected through either a BRAS (in DSL access), a PDSN (in wireless access), a CMTS (in the Cable access), or a switch or router aggregator (in other topologies), and the network, where the SCE 2000 usually connects to a router or layer 3 switch network element.
Figure 15: Cabling Diagram for Single SCE Platform Single Link Receive-only Topology The single link receive-only topology cabling is similar to that for single link inline, in that either the first FE link (FE-1 SUB/NET) of the SCE 2000 or the second FE link (FE-2 SUB/NET) can be used, as illustrated in the diagram above. However, in the receive-only topology, the SCE 2000 is connected to the external switch rather than being directly connected to the FE link.
The following diagram illustrates the connections for dual links, with a single SCE 2000 deployed for both inline and receive-only topologies. For inline topologies, the SCE 2000 is directly connected to the two FE links, using the FE-1 and FE-2 ports as described above.
Inline topologies can both Receive and Transmit to the SCE 2000. Cascade ports always require both Receive and Transmit to be connected. The following diagram illustrates the connections for a dual link, two SCE 2000 inline topology For inline topologies, the SCE 2000 is directly connected to the two FE links, using the FE-1 ports on the two SCE 2000s, while the FE-2 ports on both units are used as the cascade ports, as described above.
Figure 17: Cabling Diagram: Dual Link Inline Topology Two Cascaded SCE Platforms Connect the FE Line Interface Ports Figure 18: Cabling the FE Interface Refer to Cabling Diagrams (on page 39) to find the appropriate cabling diagram for the topology of your system for the specific connections required.
Completing the Installation This section discusses how to verify link connectivity and how to install a Service Control application. Examining the Link LEDs The Link LED must be green in order to verify that an active connection exists. The Active LED (if flashing green) indicates that traffic is being received and/or transmitted by the SCE 2000. In receive-only topologies, the Active LED indicates that packets are being received.
Viewing the User Log Counters View the user log for errors that occurred during the installation process. To display the user log device counters, complete the following steps: At the SCE 2000# prompt, type show logger device User-File-Log counters and press Enter. XAMPLE The following example shows the current User-File-Log device counters.
SCE 2000#show running-config #This is a general configuration file (running-config). #Created on 15:50:56 #cli-type 1 #version 1 clock timezone CET 1 snmp-server community “public” ro snmp-server host 10.1.1.253 traps version 1 “public” interface LineCard 0 connection-mode active no silent no shutdown flow-aging default-timeout UDP 60 interface FastEthernet 0/0 ip address 10.1.5.109 255.255.0.0...
XAMPLE The following example shows the running configuration file. SCE 2000#show running-config #This is a general configuration file (running-config). #Created on 15:50:56 #cli-type 1 #version 1 clock timezone CET 1 snmp-server community “public” ro snmp-server host 10.1.1.253 traps version 1 “public” interface LineCard 0 connection-mode active no silent...
Loading and Activating a Service Control Application The SCE 2000 platform provides the basic functionalities of Service Control analysis and enforcement. A Service Control solution requires that a Service Control application be loaded into the platform, to take advantage of the unique SCE platform capabilities.
This section outlines the installation procedures for a redundant solution with two cascaded SCE 2000s. For more complete information, refer to the Cisco SCE 2000 4/8xFE Installation and Configuration Guide. Refer to the Cisco SCE CLI Command Reference for details of the CLI commands.
CLI Commands for Cascaded Systems This section presents CLI commands relevant to the configuration and monitoring of a redundant system. Use the following commands to configure and monitor a redundant system: • connection-mode • [no] force failure-condition • Show interface linecard 'number' connection-mode •...
SCE 2000 4xGBE — GBE1-GBE2/GBE3-GBE4 • • SCE 2000 4/8xFE — LINK1/LINK2 Use the 'all-links' option to configure the link mode for all links (SCE 2000 platforms only). • It is recommended that both links be configured together. Use the all-links option.
Sniffing can only be configured for all links, therefore, to configure sniffing, the all-links option is required, not just • recommended. The default link mode is forwarding. When other link modes are selected, active service control is not available and •...
Troubleshoot Startup Problems SCE 2000 Operational Status The following table lists the operational states of the SCE 2000. The Status LED on the SCE 2000 Front Panel reflects the current SCE 2000 operational status. The operational status can be displayed using CLI command show system operation-status.
Identifying Startup Problems Startup problems are commonly due to the source power or to a poor cable connection. This section contains a detailed description of the normal startup sequence and describes the steps to take if the system does not perform that sequence as expected. LEDs indicate all system states in the startup sequence. By checking the state of the LEDs, you can determine when and where the system failed in the startup sequence.
ip address: 10.1.6.145 subnet mask: 255.255.0.0 Configured speed: auto, configured duplex: auto AutoNegotiation is On, link is Up, actual speed: 100, actual duplex: half • show ip default-gateway — Displays the IP address of the configured default gateway. Following is a sample output from the show ip default-gateway command. Default gateway: 10.1.1.1 •...
In total octets: 191520 In good unicast packets: 560 In good multicast packets: 0 In good broadcast packets: 0 In packets discarded: 0 In packets with CRC/Alignment error: 0 In undersized packets: 0 In oversized packets: 0 Out total octets: 0 Out unicast packets: 0 Out non unicast packets: 0 Out packets discarded: 0...
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions. To register for Cisco.com (on page 57), go to http://tools.cisco.com/RPF/register/register.do. If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at http://www.cisco.com/tac/caseopen.