1. Manuals
  2. Brands
  3. Allot Manuals
  4. Network Hardware
  5. NetEnforcer AC-6000 Series
  6. Hardware manual

Allot NetEnforcer AC-6000 Series Hardware Manual

Traffic management device
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NetEnforcer AC-6000 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Allot NetEnforcer AC-6000 Series

  • Page 3 NetEnforcer AC-6000 Series Hardware Guide P/N D360016 R1...
  • Page 5 Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise.
  • Page 6 Document updates are released in electronic form from time to time and the most up to date version of this document will always be found on Allot’s online Knowledge Base. To check for more recent versions, login to the support area www.allot.com/support.html...

  • Page 7: Table Of Contents

    TABLE OF CONTENTS Important Notice ........................... v Version History ..........................vi TABLE OF CONTENTS ......................vii CHAPTER 1: NETENFORCER HARDWARE ..........1-1 Packing List..........................1-1 Front Panel ..........................1-2 Front Panel LEDS Description ....................1-2 Front Panel Connectors ......................1-3 Rear Panel ...........................
  • Page 8 CHAPTER 6: COMMAND LINE INTERFACE ..........6-1 Chassis CLI ..........................6-1 CHAPTER 7: SAFETY INFORMATION ............7-1 General ............................7-1 Chassis Safety ..........................7-2 Unpacking ..........................7-2 Installation ..........................7-3 Rack mounting information ...................... 7-3 Power Connection Information ....................7-3 Airflow information ........................
  • Page 9 TABLE OF FIGURES Figure 1-1 – AC-6000 Fiber ......................1-1 Figure 1-2 – NetEnforcer Front Panel: AC-6000 Fiber Series ............. 1-2 Figure 1-3 – Internal/External Links .................... 1-3 Figure 1-4 – NetEnforcer AC Power Feed ................... 1-4 Figure 1-5 – NetEnforcer DC Power Feed ................... 1-4 Figure 1-6 –...

  • Page 11: Chapter 1: Netenforcer Hardware

    NetEnforcer Hardware Chapter 1: The Allot NetEnforcer AC-6000 Series is designed to manage Internet traffic on multiple Ethernet links at speeds of up to 16Gbps, utilizing 8 x 10G/1G interfaces and an additional 8 x1G interfaces. Providing real-time monitoring, policy enforcement and traffic steering, these flexible devices help operators control bandwidth utilization and costs while ensuring quality of experience (QoE) for all network users.

  • Page 12: Front Panel

    Chapter 1: NetEnforcer Hardware All NetEnforcer models contain a lithium battery on the main board. The recommended battery type is RENATA CR1220. Front Panel BYPASS CONSOLE PORT 10G/1G NETWORK/STEERING SYSTEM, PS1 LINKS & PS2 LEDs RESET 1G NETWORK/STEERING LINKS MGMNT PORT Figure 1-2 –...

  • Page 13: Front Panel Connectors

    BYPASS (D-Type connector) should only be used to connect the NetEnforcer to the Bypass unit. CAUTION The Bypass connector should ONLY be connected to the Allot Multiport Bypass Unit. The Bypass connector should always be connected to the bypass unit. When not in use, the Bypass connector should be kept covered.

  • Page 14: Rear Panel

    Chapter 1: NetEnforcer Hardware Resetting the NetEnforcer The reset button is located in a small recessed hole set on the NetEnforcer faceplate. Pressing the reset button will restart the system in the event of shutdown, indicated by both PS1 and PS2 LEDs BLINKING GREEN. Rear Panel The rear panel of the NetEnforcer contains the following: ...

  • Page 15: Interfaces

    Chapter 1: NetEnforcer Hardware Interfaces Modules Supported 10G module types The AC-6000 supports the following 10G module types: MODULE MEDIA TYPE RANGE 10G-BASE-SR Multi mode 400m Single mode 10km 10G-BASE-LR 10G-BASE-ER Single mode 40km 10G modules fit SFP+ ports Supported 1G module types The AC-6000 supports the following 1G module types: MODULE MEDIA TYPE...

  • Page 16: Cabling

    Chapter 1: NetEnforcer Hardware Cabling 1G Ethernet Copper Interface NOTE Ethernet Cables for connecting the NetEnforcer to Network may be Straight or Cross, the Copper interface will automatically match your network connection. Shielded CAT 5 or higher cables must be used in order to insure compliance.
  • Page 17 Chapter 1: NetEnforcer Hardware CONNECTOR CONNECTIONS CABLE TYPE TYPE Between Bypass Unit Standard 62.5/125 or 50/125 Dual LC Internal/External to MM fiber optic cross cable Network Single Mode Fiber Interface CONNECTOR CONNECTIONS CABLE TYPE TYPE Ethernet (CAT 6) Management Port RJ-45 (Included, P/N C411011) Serial...

  • Page 18: Bypass Units

    Chapter 1: NetEnforcer Hardware Connectors NetEnforcer Multi-Port Bypass Units using Multi Mode fiber (MM) or Single Mode fiber (SM) utilize dual LC Connectors. Figure 1-6 – Dual LC Connector NOTE Color and appearance of actual connectors may vary. Bypass Units The NetEnforcer operates with an external Bypass Unit.

  • Page 19: Figure 1-7 - Multi-Port Copper Bypass Unit

    100 meters, despite the inclusion of the NetEnforcer. CAUTION The Bypass connector should ONLY be connected to the Allot Multiport Bypass Unit. The Bypass connector should always be connected to the bypass unit. When not in use, the Bypass connector should be kept covered.

  • Page 21: Chapter 2: Connecting The Netenforcer

    Connecting the NetEnforcer Chapter 2: Sample Configurations The 16 ports (8 1G and 8 1G/10G) of the AC-6000 may be connected in different combinations of network ports and steering ports, as well as different combinations of 1G and 10G connections, depending on your requirements. The table below outlines several typical configurations which are described in more depth below.
  • Page 22 Chapter 2: Connecting the NetEnforcer Example 1: 1GE Network Ports This configuration is designed for a small network that currently utilizes 1G links only. The eight 1G ports along the bottom row are being used for network traffic only. This configuration allows for a great deal of expansion via the available 1G/10G interfaces on the top row which can be used for either network or steering purposes.
  • Page 23 Chapter 2: Connecting the NetEnforcer Example 3: 10GE Network with 1GE Steering Ports This configuration is designed for a larger network that requires a 10G link. Two 10G interfaces are being used for network traffic while four 1G interfaces are being used for steering.

  • Page 24: Connecting The Bypass Units

    Chapter 2: Connecting the NetEnforcer Connecting the Bypass Units The NetEnforcer operates with external Bypass Units. The Bypass Unit is a mission- critical subsystem designed to ensure network connectivity at all times. The Bypass mechanism provides ‘connectivity insurance’ in the event of a NetEnforcer subsystems failure.
  • Page 25 Chapter 2: Connecting the NetEnforcer Connecting one External Bypass Units CAUTION The bypass cable should only be connected/disconnected when the system is powered down. Connect Network links to the external bypass unit(s); Verify (ping) that traffic runs via bypass unit Connect fiber ports on the NE to a Bypass unit.

  • Page 26: Figure 2-4 - Dual Head Cable

    Chapter 2: Connecting the NetEnforcer Figure 2-4 – Dual Head Cable NOTE If one branch of the Dual-Head cable is disconnected from the bypass or the connection fails, the system will go into Bypass. Log into the AC-6000 and enter the following CLI command to enable use of the Dual Head cable: go config bypass -unit 1:update:external:1:2 Connect Network links to two external bypass units;...

  • Page 27: Power Connections

    Chapter 2: Connecting the NetEnforcer Power Connections Connection to AC Power Make sure the wall socket outlet is installed near the equipment and that the socket is easy to access. The wall socket outlet must be connected to the building installation protection.

  • Page 28: Grounding

    Verify that power is off to the DC-input circuit. Wire the DC-input power supply to the terminal block, ensuring that all wire connections are secure. Suggested minimum DC-input wires are 14-AWG. Two power cables are supplied by Allot in the accessory kit. Use Copper UL recognized conductors: ...
  • Page 29 Chapter 2: Connecting the NetEnforcer This equipment shall be located in the same immediate area such as adjacent cabinets or any other equipment that has a connection between the grounded conductor of the same DC supply circuit and the grounding conductor, and also the point of grounding of the DC system.

  • Page 30: Powering The Netenforcer Up And Down

    Chapter 2: Connecting the NetEnforcer Powering the NetEnforcer Up and Down To power up the NetEnforcer: NOTE It is recommended to connect the two power line feeds to separate power sources to have full power redundancy. Connect Power Supply 1 and Power Supply 2 to a power source. The PS1 and PS2 LEDs on the front panel of the NetEnforcer appears STEADY GREEN indicating that both power cables are in place and providing power.

  • Page 31: Chapter 3: Configuring The Netenforcer

    Chapter 3: Configuring the NetEnforcer In order to manage and configure NetEnforcer policies remotely from your Web browser, several basic parameters must be configured on NetEnforcer. You can configure these basic parameters using a terminal connected to NetEnforcer. Configuring Via a Terminal or Telnet You can use a standard terminal /PC running terminal emulation software connected to the Console port, or Telnet via the internet to configure a NetEnforcer.
  • Page 32 Chapter 3: Configuring the NetEnforcer To connect a terminal to the NetEnforcer: Use the supplied serial cable to connect the terminal to the Console Connector on the front panel of the NetEnforcer. Connect the power cables and power up the NetEnforcer. At the terminal, select Start >...

  • Page 33: Changing The Passwords

    -ts <NTP IP ADDRESS> Changing the Passwords Allot provides end-users with CLI access to the system via a user privilege called “sysadmin”. The sysadmin user can access all of the CLI commands outlined in Chapter 6 below. The default password for the sysadmin user is sysadmin.
  • Page 34 Chapter 3: Configuring the NetEnforcer Re-enter the new password and press <Enter>. You can further protect access to the NetEnforcer by limiting the hosts that are allowed to manage the unit. For more information see the NetXplorer Operation Guide. To change the admin password: Use the supplied serial cable to connect the terminal to the Console Connector on the front panel of the NetEnforcer.

  • Page 35: Chapter 4: Redundancy

    Redundancy Chapter 4: Active Redundancy Active redundancy is recommended for network topologies where at least two network links are active in load-balancing mode. It requires two NetEnforcers and typically, no bypass units. In the Active Redundancy configuration, each NetEnforcer manages a single link while duplicating the link’s traffic to the other NetEnforcer.

  • Page 36: Connections

    Chapter 4: Redundancy Connections L1/L2, L5/L6, L9/L10 & L13/L14 are used to pass actual traffic – these interfaces will be used to connect the NetEnforcers to the corresponding switches or routers. L3/L4, L7/L8, L11/L12 & L15/L16 are used to duplicate traffic and pass it to the second NetEnforcer.
  • Page 37 Chapter 4: Redundancy Connection Matrix The Connection Matrix Tables below are designed to simplify the procedure of connecting the NetEnforcer in Active Redundancy mode. NetEnforcer A: Network Network NetEnforcer NetEnforcer Network Network NetEnforcer NetEnforcer Link 1 Link 1 B L3 B L4 Link 2 Link 2...

  • Page 38: Configuration

    Chapter 4: Redundancy Figure 4-1 – Connecting the NetEnforcer for Active Redundancy Configuration Active redundancy can be configured on the AC-6000 either via the NetXplorer GUI or via NetEnforcer CLI. Via NetXplorer GUI To configure Active Redundancy: Log into NetXplorer Select the NetEnforcer you wish to configure in the Navigation Pane.
  • Page 39 Chapter 4: Redundancy Confirm that the Enable Bypass Unit checkbox is not selected. Click Save. The system will reboot. After rebooting, you can view the changes from the Configuration tab. For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide.
  • Page 40 Chapter 4: Redundancy go config nic L5:auto:auto:fail_pair go config nic L6:auto:auto:fail_pair go config nic L7:auto:auto:none go config nic L8:auto:auto:none go config nic L9:auto:auto:fail_pair go config nic L10:auto:auto:fail_pair go config nic L11:auto:auto:none go config nic L12:auto:auto:none go config nic L13:auto:auto:fail_pair go config nic L14:auto:auto:fail_pair go config nic L15:auto:auto:none go config nic L16:auto:auto:none To view redundancy mode:...

  • Page 41: Chapter 5: Asymmetric Traffic

    Asymmetric Traffic Chapter 5: In some network topologies the traffic flows of a single connection can take different paths in the upstream and the downstream directions. This can lead to a situation where one NetEnforcer on the network sees one flow of the connection while another NetEnforcer that is located remotely sees the complementary flow of the same connection.

  • Page 42: Asymmetric Configuration

    Chapter 5: Asymmetric Traffic Asymmetric Configuration NOTE The physical port that may be used for Asymmetry is the Service1 port on the front of the device. Asymmetric traffic is configured from the NetXplorer User Interface. To define an Asymmetric Device Group (ADG). Right click on the Network in the Navigation pane and select Asymmetry Configuration.

  • Page 43: Figure 5-3: Asymmetry Group - New Dialog

    Chapter 5: Asymmetric Traffic Figure 5-3: Asymmetry Group - New dialog Enter a Group Name and Description in the appropriate fields. Select the Enable Health Check checkbox if you wish NetXplorer to automatically confirm the health of all devices in the ADG. To assign devices to the ADG: Assign up to eight devices to the ADG.

  • Page 44: Figure 5-4: Vlans Settings Dialog

    Chapter 5: Asymmetric Traffic Figure 5-4: VLans Settings dialog A VLAN must be set for each connection between any two devices in the group. Each direction must have a VLAN to be used for Asymmetric control messages (however the same number can be used for both directions) Double click in a field to enter a new VLAN number.

  • Page 45: Figure 5-5: Port Properties Dialog

    Chapter 5: Asymmetric Traffic Open the Configuration screen for the selected NetEnforcer and click on the NIC tab. Select the appropriate NIC from the available Ports and click Edit to open the Port Properties dialog for the selected link. Select Asymmetry in the Port Usage field. Figure 5-5: Port Properties dialog Click Apply to save your changes.

  • Page 47: Chapter 6: Command Line Interface

    Command Line Interface Chapter 6: Chassis CLI The following CLI (Command Line Interface) commands can be used to troubleshoot the AOS based NetEnforcer. To access the CLI commands, enable SSH and open an SSH session to the NetEnforcer and login using: user: sysadmin password: sysadmin. Each of the commands in the table below has several possible options.
  • Page 48 <none> View software version boxkey <none> View the box key. The box key should be sent to Allot in order to purchase a system activation key. dsAdmin <NONE> View total number of hosts –v View all hosts (Host ID, service group, IP).
  • Page 49 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO service_entry Add a Service Catalog entry on the system. service_gr_entry Add a Service Group Catalog entry on the system. time_entry Add a Time Catalog entry on the system. tos_entry Add a ToS Catalog entry on the system.
  • Page 50 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO qos_entry Delete a QoS Catalog entry from the system. dos_entry Delete a DoS Catalog entry from the system. host_entry Delete a Host Catalog entry from the system. host_gr_entry Delete a Host Group Catalog entry from the system.
  • Page 51 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO vlan_entry Change a VLAN Catalog entry on the system. go rename line Rename a line on the system. pipe Rename a Pipe on the system. Rename a VC on the system. service_entry Rename a Service Catalog entry on the system.
  • Page 52 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO vlan_entry List the entries in the VLAN Catalog, service_entry List the entries in the Service Catalog. time_entry List the entries in the Time Catalog. tos_entry List the entries in the ToS Catalog. qos_entry List the entries in the QoS Catalog.
  • Page 53 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO view Display all information concerning the configuration. view asymmetry Displays if asymmetric traffic is enabled. view Displays the remote device configured asymmetry_remote_device for asymmetric traffic. view web_update Displays the current Protocol Pack. security Configure the security parameters.
  • Page 54 Chapter 6: Command Line Interface COMMAND FLAG ENABLES YOU TO cer –value -action Drop sessions over a specified CER  value = number of “frames per second”. The default is maximum.  Action = Bypass or Drop. The default is bypass hairpin enable Enables support for hanging routers in devices shipped in 2011 or after.
  • Page 55 Chapter 6: Command Line Interface COMMAND OUTPUT acstat –if –m 20 sysadmin@AC5k:/opt/allot/logs$ acstat -if -m 20 --------------------------------------------------------------------------------------------- Displays an extended ---------------------------------------------- view of all connections, but limits Protocol Client Server State AppId ConFl DpiInf AuthSt the number of displayed lines to the --------------------------------------------------------------------------------------------- first 20.
  • Page 56 Chapter 6: Command Line Interface COMMAND OUTPUT DPIC:~# acstat -ifx ConFl(=Connection Flags): [flags:flags2] acstat –ifx - The x --------------------------------------------------------------------------------------------- shows ----------------------------- internal/external NP Service Internal External State Vlanb Cl-IF ConFl instead of --------------------------------------------------------------------------------------------- client/server ----------------------------- Other UD:IP:17 1.57.71.0:208 170.4.56.100:184 Other UDP_Fallback WIRE4EVER 7d0 205 raw AC:~# acstat -ifx...

  • Page 57: Chapter 7: Safety Information

    Safety Information Chapter 7: General NOTE Before installing or using the NetEnforcer, please read all Safety Information carefully. Product intended only for installation in a Restricted Access Area. CAUTION Indicate potential damage to hardware and tells you how to avoid the problem.

  • Page 58: Chassis Safety

    Remove all items from the box. If any items listed on the purchase order are missing, notify Allot customer service immediately.  Inspect the product for damage. If there is damage, notify Allot customer service immediately.  Save the box and packing material for possible future shipment.

  • Page 59: Installation

    Chapter 7: Safety Information Installation This unit is intended for stationary rack mounting. IMPORTANT Before installing the Rack Mount Kit, ensure there will be adequate vertical space to install the Shelf in addition to other equipment installed.  Keep tools and chassis components off the floor and away from foot traffic. ...
  • Page 60 Chapter 7: Safety Information  The Unit must be properly grounded via the Ground Terminal. The unit provides a Shelf Ground Terminal at the right rear view. WARNING Protective ground must be connected to the unit before connecting any external power. DANGER! —HIGH VOLTAGE HAZARD if not connected WARNING...

  • Page 61: Airflow Information

    Chapter 7: Safety Information WARNING Ensure that each power domain supply (feeding) circuit breaker is switched OFF while completing the power connection procedure. Failure to comply can result in personal injury. NOTE In a typical telecommunications environment, the VRTN path of the -48 VDC supply is grounded to protective earth (PE) of the building.

  • Page 62: Laser Safety Requirements

    As long as the Equipment is operated in accordance with the applicable safety instructions, the Hazard Level in Equipment access locations is inherently Class 1. Allot provides product and installation information in order that the products may be installed and serviced safely.
  • Page 63 Chapter 7: Safety Information Warning: Invisible laser radiation may be emitted from the aperture of optical ports when no fiber cable is connected. Avoid exposure and do not stare into open apertures. Advarsel: Der kan forekomme usynlige laserstråler fra de optiske portes åbninger, når der ikke er tilsluttet et lyslederkabel.

  • Page 65: Chapter 8: Technical Specifications

    Technical Specifications Chapter 8: AC-6000 Series CAPACITY Number of Connections/Flows 5,000,000 Throughput 16 Gbps (8 Gbps, Full Duplex) Lines/Pipes/Virtual Channels 512 / 125,000 / 250,000 No. of Subscribers 400,000 INTERFACES AND CONNECTIONS Management Interface 10/100/1000BASE-T Network Interfaces (Internal / 8 x 1GE ports External) 8 x 10GE / 1GE ports (dual mode) 10GBase-SR/LR/ER or 1000BASE-SX/LX/ZX or...
  • Page 66 Chapter 8: Technical Specifications POWER Input (AC) 100 - 240 VAC, 50/60Hz, 4A max Input (DC) -48V DC, 7.5A max Power Supply Units 2 (Load Sharing) Redundancy for PSUs 1 + 1 Power Consumption 300W Heat Dissipation 1,025 BTU/hour SAFETY AND CERTIFICATIONS Emissions: Conducted &...

Table of Contents