Page 3
04DU9.BN, 04DU9.DN, 6.0N NIM-DIRELAY-xx, NIM-TE1-xx, 04DU9.1KN, 04DU9.1SN NIM-CTE1-PRI-xx NIM-BRI-U-xx 02IS5 6.0N NIM-ADSL-AC-xx 02LS2 7.0Y If the XSR harms the telephone network, the telephone company will notify you in advance that it may need to temporarily discontinue service. But if advance notice is not practical, the telephone company will notify you as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary. The telephone company may make changes in its facilities, equipment, operations, or procedures that could affect the operation of the XSR. If this happens, the telephone company will provide advance notice for you to make necessary modifications and maintain uninterrupted service. If you experience trouble with the XSR, for repair or warranty information, please contact Enterasys Networks, Inc., at 978‐684‐ 1000. If the XSR is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is solved. The XSR is not intended to be repaired by the customer. Industry Canada Notices This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada. Equipment Attachments Limitations “NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets telecommunications network protective, operational and safety requirements as prescribed in the appropriate Terminal Equipment Technical Requirements document(s). The department does not guarantee the equipment will operate to the userʹs satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.
Seguridad del Producto El producto de Enterasys cumple con lo siguiente: UL 60950, CSA C22.2 No. 60950, 73/23/EEC, EN 60950, EN 60825, IEC 60950. Produktsicherheit Dieses Produkt entspricht den folgenden Richtlinien: UL 60950, CSA C22.2 No. 60950, 73/23/EEC, EN 60950, EN 60825, IEC 60950. Electromagnetic Compatibility (EMC) This product complies with the following: 47 CFR Parts 2 and 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, and VCCI V‐3. Compatibilidad Electromágnetica (EMC) Este producto de Enterasys cumple con lo siguiente: 47 CFR Partes 2 y 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3. Elektro- magnetische Kompatibilität ( EMC ) Dieses Produkt entspricht den folgenden Richtlinien: 47 CFR Parts 2 and 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3. ...
Page 5
European Waste Electrical and Electronic Equipment (WEEE) Notice In accordance with Directive 2002/96/EC of the European Parliament on waste electrical and electronic equipment (WEEE): The symbol above indicates that separate collection of electrical and electronic equipment is required and that this product was placed on the European market after August 13, 2005, the date of enforcement for Directive 2002/96/EC. When this product has reached the end of its serviceable life, it cannot be disposed of as unsorted municipal waste. It must be collected and treated separately. It has been determined by the European Parliament that there are potential negative effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment. It is the users’ responsibility to utilize the available collection system to ensure WEEE is properly treated. For information about the available collection system, please go to http://www.enterasys.com/support/ or contact Enterasys Customer Support at 353 61 705586 (Ireland). VCCI Notice This is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI) V‐3. If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. BSMI EMC Statement — Taiwan This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.
Declaration of Conformity Application of Council Directive(s): 89/336/EEC 73/23/EEC Manufacturer’s Name: Enterasys Networks, Inc. Manufacturer’s Address: 50 Minuteman Road Andover, MA 01810 European Representative Address: Enterasys Networks, Ltd. Nexus House, Newbury Business Park London Road, Newbury Berkshire RG14 2PZ, England Conformance to Directive(s)/Product Standards: EC Directive 89/336/EEC EN 55022 EN 55024 EC Directive 73/23/EEC EN 60950 EN 60825 Equipment Type/Environment: Networking Equipment, for use in a Commercial or Light Industrial Environment. Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives. Australian Telecom N826 WARNING: Do not install phone line connections during an electrical storm. WARNING: Do not connect phone line until the interface has been configured through local management. The service provider may shut off service if an un‐configured interface is connected to the phone lines. WARNING: The NIM‐BRI‐ST cannot be connected directly to outside lines. An approved channel service unit (CSU) must be used for connection to the ISDN network. In some areas this CSU is supplied by the network provider and in others it must be ...
Page 7
Federal Information Processing Standard (FIPS) Certification The XSR has been submitted to the National Institute of Standards and Technology (NIST) for FIPS 140‐2 certification and is now officially listed on the NIST pre‐validation list. For more information about the FIPS validation program, go to http:// csrc.nist.gov/cryptval/preval.htm. For the FIPS 140‐1 and 140‐2 Pre‐Validation List, click on the [PDF] link at the top of the page. Independent Communications Authority of South Africa This product complies with the terms of the provisions of section 54(1) of the Telecommunications Act (Act 103 of 1996) and the Telecommunications Regulation prescribed under the Post Office Act (Act 44 of 1958). TE-2002/195 TE-2002/190 APPROVED APPROVED TE-2003/112 TE-2003/113 APPROVED APPROVED SS/366.01 APPROVED VPN Consortium Interoperability The VPN Consortium’s (VPNC) testing program is an important source for certification of conformance to IPSec standards. With rigorous interoperability testing, the VPNC logo program provides IPSec users even more assurance that the XSR will interoperate in typical business environments. VPNC is the only major IPSec testing organization that shows both proof of interoperability as well as the steps taken so that you can reproduce the tests.
Page 8
Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware installed on the Enterasys product (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. This Agreement constitutes the entire understanding between the parties, and supersedes all prior discussions, representations, understandings or agreements, whether oral or in writing, between the parties with respect to the subject matter of this Agreement. The Program may be contained in firmware, chips or other media. BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT, ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL DEPARTMENT AT (978) 684‐1000. You and Enterasys agree as follows: LICENSE. You have the non‐exclusive and non‐transferable right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this Agreement. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third party to: (i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error ...
Page 9
EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party. If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes. If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY Enterasys, Enterasys DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON‐ INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY (30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION ...
Page 10
10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at law. 11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock or assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement. 12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion. 13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality or unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other jurisdiction. 14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.
Contents Preface Contents of the Guide ............................xv Conventions Used in This Guide ........................xv Getting Help ..............................xvii Chapter 1: Overview System Description ............................1-1 Hardware Features ..........................1-2 Software Features ............................ 1-4 Operating System ..........................1-4 Industry-common CLI ......................... 1-4 IP Protocol ............................
Page 12
Setting the Clock ............................3-8 Configuring the LAN Ports ..........................3-8 Configuring the WAN Ports ..........................3-8 PRI Configuration ............................. 3-8 BRI Configuration ............................. 3-9 BRI Leased Line ..........................3-9 BRI Leased Frame Relay ......................... 3-10 BRI Switched Line ..........................3-10 ADSL Configuration ..........................
Page 13
Bootrom Monitor Mode Commands ......................3-36 bc ................................3-37 bw ................................3-37 bp ................................3-37 bu ................................3-37 bU ................................3-38 cd ................................3-38 da ................................3-38 df ................................3-38 del ................................3-38 dir ................................3-38 ds ................................3-39 dt ................................3-39 ff ................................
Preface This guide provides a general overview of the XSR‐3150 hardware and software features and describes how to quickly install and configure the XSR. Refer to the XSR CLI Reference Guide and XSR User’s Guide for information not contained in this document. This guide is written for administrators who want to configure the X‐Pedition Security Router or experienced users who are knowledgeable of basic networking principles. This chapter details the following: • Contents of the Guide • Conventions Used in This Guide • Getting Help Contents of the Guide Information in this guide is arranged as follows: • Chapter 1, Overview, introduces key features of the XSR and briefly describes hardware installation. • Chapter 2, Hardware Installation, provides a checklist to verify your shipment and describes how to install XSR hardware including NIM and optional CompactFlash cards, and rack‐ mounting brackets. • Chapter 3, Software Configuration, describes how to initiate and quickly configure the XSR. It also details how to add an interface and subnet mask; set passwords, SNMP, DNS and SYSLOG server values; configure the firewall feature set, upgrade system image and Boot PROM software; consult system statistics, and save configuration changes. • Appendix A, Specifications, outlines hardware specifications including information about: the processor, interfaces, system memory, chassis, power supply, interfaces, required cabling and other accessories, pinout assignments for WAN and LAN interfaces, and LED behavior. Conventions Used in This Guide The following conventions are used in this guide: Note: Calls the reader’s attention to any item of information that may be of special importance.
Page 16
Electrical Hazard: Warns against an action that could result in personal injury or death due to an electrical hazard. Riesgo Electrico: Advierte contra una acción que pudiera resultar en lesión corporal o la muerte debido a un riesgo eléctrico. Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes. Personal vorgenommen werden.
World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 1-800-872-8440 (toll-free in U.S. and Canada) For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/gtac-all.html Internet mail support@enterasys.com To expedite your message, please type [xsr] in the subject line. ftp://ftp.enterasys.com...
Overview This chapter introduces the key features of the XSR-3150 and briefly describes hardware installation. System Description The XSR is a networking device designed for enterprise regional offices that provides IP routing over GigabitEthernet LAN and T1/E1, Serial (RS232, X.21, V.35, RS422/530, RS449), Dial Services via POTS, ISDN (BRI/PRI) or Frame Relay WAN connections.
System Description Figure 1-1 Typical XSR-3150 Topology XSR-3150 Hardware Features The semi-modular XSR, shown in Figure 1-2, comes equipped with the following features: Standard 1U chassis (1 11/16” high by 17“ wide by 21“ deep) mountable in a standard 19”...
Page 21
System Description Figure 1-2 XSR-3150 Two Network Interface Module (NIM) card slots for these NIMs: – 1, 2, or 4 full, fractional and channelized T1/E1 WAN NIM with integral CSU/DSU or Primary Rate Interface (PRI) ports (RJ-48C). – 1-port T3/E3 channelized/unchannelized WAN NIM with BNC ports. This NIM is also available with up to 16 T1/E1 tributaries and system synchronizaton of two MIMs.
System Description 14 diagnostic LEDs to display port and system status as well as indicate a Flash upgrade in progress. Five system fans with failure detection capability and three in-board fans dedicated to power supply cooling. Software Features The XSR provides the following software features: Operating System Multi-threaded OS to fully utilize the XSR’s dual processors Industry-common CLI...
System Description • Simple Network Time Protocol (SNTP) server • OS fallback IP Routing • Static and multiple routes to the same destination • Redistribution of routes from RIP, OSPF, BGP, connected, or static into RIP, OSPF, and BGP • RIP-1 &...
System Description Security • Stateful inspection firewall engine • FTP, H.323, and RPC (SUN and Microsoft) ALG support • Application commands for FTP, SMTP, & HTTP • Firewall logging and authentication • Firewall interaction with NAT & VPN • Standard and Extended Access Control Lists •...
System Description • Periodic Keep-Alive messages to learn of connection problems • Multi-protocol interconnect over Frame Relay - RFC-2427 • RFC-2390 Frame Relay Inverse ARP to discover IP address of remote peer when used in multi- point mode and responds to incoming Inverse ARP requests independent of P2P or MP2P •...
System Description Certificates (embedded/smart cards) – Microsoft only • Encryption • Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Data Encryption Standard (DES) • 3DES/DES acceleration • Data Integrity • MD5 & SHA-1 algorithms • Internet Protocol Security (IPsec) •...
System Description Asynchronous Digital Subscriber Line (ADSL) • POTS and ISDN circuit support • ATM Frame UNI (FUNI) data framing format • OAM cells: AIS, RDI, CC, Loopback over F4 and F5 flows • Up to 30 ATM Permanent Virtual Circuits (PVCs) •...
Items included in the shipping box are shown in Chapter 2 of this manual. If you are missing any of these items, contact your authorized Enterasys Networks reseller or Enterasys Networks Customer Support as described in the XSR Quick Start Guide.
Hardware Installation Introduction This chapter provides a checklist to verify your shipment, suggestions for the installation site, and describes how to install the following XSR hardware: • NIM cards • Optional - CompactFlash card • Connecting cables Note: For instructions on installing a balun and grounding shunt/terminal strip on E1 NIM cards only, refer to Appendix A: Specifications on page A-1.
Remove the XSR cover from the chassis, as shown in Figure 2-1, by first removing screws from the side and top. Figure 2-1 Removing XSR Cover SECURITY ROUTERS NIM1 NIM2 XSR-3150 10/100/1000 10/100/1000 NIM 1 NIM 2 1000 Link GBIC ETH3...
Page 33
Carefully attach the NIM card(s) to the connector on the motherboard and secure with four screws, as shown in Figure 2-3. Figure 2-3 Attaching NIM card to Motherboard SECURITY ROUTERS XSR-3150 NIM1 NIM2 10/100/1000 10/100/1000 NIM 1 NIM 2 1000...
Page 34
Installing NIM Cards and Rack Mounting Attach the rack brackets to the chassis with the screws supplied, as shown in Figure 2-4. Figure 2-4 Fastening Rack Brackets Mount the bracketed XSR to your rack, as shown in Figure 2-5. Figure 2-5 Attaching XSR to Rack 2-4 Hardware Installation...
Installing a CompactFlash Memory Card Installing a CompactFlash Memory Card An optional CompactFlash (CF) memory card provides additional non-volatile storage capabilities in 8, 16, 32, or 64 Mbyte increments. The CF’s controller interfaces with a host system allowing data to be written to and read from the CF’s flash memory module. The XSR supports Type I and II CompactFlash card types.
Installing a CompactFlash Memory Card Gently insert the CF into the slot, taking care that the CF’s wider grooved edge fits into the wider track of the PCMCIA interface. If the card does not seat easily but stops halfway into the slot, do not force it in - the card was inserted incorrectly.
Connecting Cables Connecting Cables Perform any of the following steps to connect your cabling to optional WAN or LAN NIMs, GigabitEthernet ports, and power supplies: Connect the serial COM cable provided in the packing box to your PC connector, as shown in Figure 2-9.
Page 38
Connecting Cables Figure 2-11 Connecting High Speed Serial Connector Figure 2-12 Attaching T3/E3 BNC Connectors 2-8 Hardware Installation...
Page 39
Connecting Cables Figure 2-13 Connecting ADSL Connector A CompactFlash card is provided with the XSR ADSL NIM. It is loaded with the Digital Signal Processing (DSP) firmware ( ) required to communicate with your DSLAM. When adsl.fls inserted into the Compact Flash slot - upon first configuring an ATM interface - the XSR’s ADSL driver will copy into host memory where it will remain available for use on demand.
Page 40
Connecting Cables Connect the Ethernet port(s) to your LAN connectors with a cable, as shown in Figure 2-15. Figure 2-15 Attaching GigabitEthernet Connector Insert the Mini-GBIC module in the GBIC slot then connect the optical cable, as shown in Figure 2-16.
Page 41
Connecting Cables Attach either the Ethernet or Fiber Ethernet LAN NIM, as shown in Figure 2-17 Figure 2-18, respectively. Figure 2-17 Attaching Ethernet LAN NIM Connector Figure 2-18 Attaching Ethernet Fiber LAN NIM Connector XSR Getting Started Guide 2-11...
Page 42
Connecting Cables Attach the dual power supply cords to the connectors at the rear of the XSR, as shown in Figure 2-19, and plug in the country-specific power cords to a wall socket. The XSR will power Figure 2-19 Connecting Dual Internal Power Supply Cords You are now ready to configure the software and initialize the XSR.
Software Configuration This chapter describes how to initialize, quickly set up and verify your configuration for the XSR. Refer to the XSR CLI Reference Guide for a more thorough explanation of commands and parameter options. The chapter also includes sample configuration scripts, detailed XSR rebooting characteristics and Bootrom Monitor mode instructions.
Page 44
Initializing XSR Software • ETH 10/100/1000 LEDs turn ON and OFF a few times during initialization as the XSR proceeds from bootrom to power up diagnostics to software image, then they remain ON or OFF depending on the LAN type. •...
Opening a COM (Console) Session only the first error will be reported, along with a count of the sum of errors incurred. In the case of a single error, only the error line will be reported. Error messages will be logged as well.
Page 46
Optional: Configuring Remote Auto Install to IP addresses 133.133.1.2 and 133.133.1.3. If the DLCI will onnect to a remote XSR running RAI, then add the bootp parameter after the static IP address. This configuration supports two remote XSRs connected on DLCIs 16 and 18. Make sure with your Frame Relay provider that these DLCIs terminate at the location of the remote XSRs.
Optional: Configuring Remote Auto Install Phase 6 - getting hostname xsrnode-confg from tftp server into flash: startup- config rDNS has responded with the hostname which will be used in the TFTP transfer. RAI will try several file names xsrnode if this file is not available from the server. Phase 7 - preparing node to execute startup-config TFTP transfer succeeded in copying the hostname file to the file.
Page 48
Optional: Configuring Remote Auto Install address. A DNS server is not required with this method because RAI over ADSL uses the serial number of the XSR for the name. startup-config The following is a CISCO configuration at the the central site: vpdn enable Enables a virtual private dial-up network configuration on the router.
Configuring the XSR Name and User Information Phase 2 - ADSL - searching for pvc's ... Training is successful, discovery of VPI/VPCs begins. Phase 2 - ADSL - searching for pvc's ...vpi/vci (0/0) The XSR looks for PVC 0/0 and higher. Phase 2 - ADSL - searching for pvc's ...vpi/vci (0/38) The XSR looks for PVC 0/38 and higher.
Setting the Clock Setting the Clock XSR 1800 and 3000 Series routers have an on-board Real Time Clock (RTC) chip with which to keep accurate time across the network. As an alternative to accessing a public time server, you can utilize the RTC as a time reference and propagate it by configuring XSRs as Simple Network Time Protocol (SNTP) servers or clients.
Configuring the WAN Ports Enter channel-group <number> timeslot <number> <speed> <number> to create a channel group. This command allows multiple logical WAN interfaces to be created on a single channelized T1/E1/ISDN-PRI port, ranging from 0 - 23 for T1 lines, and 0 - 31 for E1 lines. Also, from 1 - 24 T1 and 1 - 31 E1 timeslots can be set.
Configuring the WAN Ports Enter to set an IP address for the BRI interface. ip address <xxx.xxx.xxx.xxx>/24 Enter to select PPP encoding. encapsulation ppp Enter to keep the BRI interface enabled. no shutdown BRI Leased Frame Relay Enter to acquire BRI Interface mode and select the BRI interface bri 0:<1 | 2>.<1-30>...
Configuring the WAN Ports Remember to save your configuration after all edits. ADSL Configuration ADSL can be configured using three different types of encapsulation: PPPoA, PPPoE, and IPoA. Continue configuration with the ADSL type of your choice. PPPoE The following commands configure a sample PPPoE topology. The first set configures the LAN interface with directed broadcasts prohibited.
Firewall Sample Configuration XSR(config-if<F1>)#no ip directed-broadcast XSR(config-if<F1>)#no shutdown The commands below configure the ATM interface and sub-interface with a negotiated IP address, CHAP username and password, and bans keepalives. XSR(config)#interface ATM 0 XSR(config-if<ATM0/0>)#no shutdown XSR(config-if<ATM0/0.1>)#interface ATM 0.1 XSR(config-if<ATM0/0.1>)#no shutdown XSR(config-if<ATM0/0.1>)#encapsulation snap pppoa XSR(config-if<ATM0/0.1>)#ip address negotiated XSR(config-if<ATM0/0.1>)#ip mtu 1492 XSR(config-if<ATM0/0.1>)#ip tcp adjust-mss 1400...
Page 55
Firewall Sample Configuration Figure 3-1 XSR with Firewall Topology 220.150.2.32/28 Frame Relay 220.150.2.35 206.12.44.16/28 Y RO Internet 220.150.2.37 220.150.2.17 Internal 220.150.2.36 220.150.2.16/28 Mail server Web server (SMTP) (HTTP) 220.150.2.19 220.150.2.18 In this configuration, the firewall provides protected access from the private to dmz networks. That is, access is restricted to Web and mail traffic only.
Configure OSPF Routing 10. Enter ip rip receive version <1 | 2> to allow a RIP version of updated transmissions. Accept both RIP V1 and V2 is the default value. 11. Enter router rip to acquire Router configuration mode and enable RIP routing. 12.
Setting Up the Backup Line Enter media-type V35 to match the correct cabling interface. The default media type for Frame Relay is RS-232. Enter frame-relay traffic-shaping to enable congestion control. Enter map-class frame-relay <name> to designate this map-class and acquire Map-Class mode.
Setting Up an SNMP Community String, Traps and V3 Values Optionally, you can set up the COM port as a WAN interface for dial backup purposes (refer to the Caution below) Caution: Be aware that when you enable the COM port, you can no longer directly connect to the XSR because it is in data communication mode.
Configuring Message Logging and Severity Level Views offer users selective access to the family tree or Object IDs. Optional. For SNMPv3, enter <username> <group name> snmp-server user [encrypted][auth {md5 | sha} [priv des56 priv-password]]} to add a user. auth-password Users can have different levels of encryption and passwords. Remember to save your configuration after all edits.
Page 62
Figure 3-3. Figure 3-3 Web Product Version Window Product Version Copyright 2004 by Enterasys Networks, Inc. Hardware: Processor board ID: 9002854-02 REV0A Serial Number: (not displayed) Processor: IBM PowerPC 405GP Rev. D at 250MHz RAM installed: 64MB...
Hostname: branch1 Hostname: mainsite Username: mainsite Username: branch1 Password: Toronto Password: Toronto 192.168.1.100/24 154.168.1.47/24 Central Site XSR-3150 PSTN Leased line Leased line XSR-3150 or E1/T1 fractional E1/T1 serial V.35/X.21 SSR-8600 Server Backup via serial (RS-232 dial) 1-800-555-1111 Username: branch2 Backup Site PSTN 154.168.1.1/24...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-controller<T1-1/0>)#no shutdown Enables T1 controller XSR(config)#interface serial 1/0:0 Configures Serial interface 1, port 1 using channel group 0 and acquires Interface mode XSR(config-if<S1/0:0>)#encapsulation ppp Enables PPP encapsulation XSR(config-if<S1/0:0>)#ppp authentication chap Configures CHAP authentication on the interface XSR(config-if<S1/0:0>)#ip address 154.68.1.47 255.255.255.0 Enables IP address for serial interface 1/0 XSR(config-if<S1/0:0>)#backup interface dialer 5...
Frame Relay WAN Link with PPP Backup Sample Configuration Configure Users and Passwords XSR>enable Acquires Privileged EXEC mode XSR#configure Acquires Global configuration mode XSR(config)#username bob password cleartext bobspassword Adds a user and unencrypted password Configure LAN Interface XSR(config)#interface gigabitethernet 1 Configures the local LAN port and acquires Interface mode XSR(config-if<G1>)#ip address 192.168.1.100 255.255.255.0 Enables the IP address for the GigabitEthernet port...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-pmap-c<priority-policy>)#set ip dscp ef Configures IP precedence to match packets with Expedited Forwarding XSR(config-pmap<priority-policy>)#class priority-server Adds another queue for this policy map and enters Class sub-mode XSR(config-pmap-c<priority-server>)#priority medium 20 6400 Gives medium priority queue peak 20% of bandwidth and burst size of 6400 bits per second XSR(config)#policy-map data_policy Adds a policy map and acquires Policy Map mode XSR(config-pmap<data_policy>)#class data_class...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-if<S1/0.2-16>)#ip address 154.68.2.1 255.255.255.0 Configures the IP address of DLCI 16 XSR(config-if<S1/0.2-16>)#no shutdown Enables DLCI 16 interface Apply QoS XSR(config)#map-class frame-relay CLASS-FRP Adds a FR map class and acquires FR Map Class mode XSR(config-map-class<CLASS-FRP>)#frame-relay cir out 48000 Sets this map class’...
Frame Relay WAN Link with PPP Backup Sample Configuration Configure More Access Lists The following ACLs deny any packets to or from network 192.168.1.15 as they enter or leave FastEthernet 1 interface, and permit traffic to or from subnet 192.168.2.xx while denying any other traffic.
XSR(config)#snmp-server community toConfigure1 rw 26 Adds another SNMP community with read-write privileges attached to ACL 26 XSR(config)#snmp-server enable traps Enables traps to be transmitted XSR(config)#snmp-server contact support@enterasys.com Specifies contact information for the management server XSR(config)#snmp location “HQ 2nd floor” Specifies the server locationr XSR(config)#snmp-server host 192.168.2.101 traps trapCommunity...
VPN Site-to-Site Sample Configuration Generate Master Encryption Key If you have not already generated a master encryption key, you must do so now to configure th6e VPN. A master key need only be generated once. Caution: The master encryption key is stored in hardware, not Flash, and you cannot read the key - only overwrite the old key by writing a new one.
VPN Site-to-Site Sample Configuration Create a Transform Set The following transform-set specifies the specified encryption/data integrity choices, 768-bit Diffie-Hellman, and an SA lifetime expressed in kilobytes. The SA seconds lifetime value is disabled. Some commands are abbreviated. XSR(config)#crypto ipsec tra esp-3des-sha esp-3des esp-sha-hmac XSR(cfg-crypto-tran)#set pfs group1 XSR(cfg-crypto-tran)#set sec lifetime kilobytes 100000 XSR(cfg-crypto-tran)#no set sec lifetime seconds...
Page 73
VPN Sample Configuration with Network Extension Mode Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Access eth0: 10.11.11.1/24 GigabitEthernet 1: 172.16.10/24 eth1: 26.26.26.11/24 GigabitEthernet 2: 26.26.26.10/24 Virtual IP Pool: 172.16.10.0/24 URIT Y ROU TERS 10/10 10/10 ETHE ETHE SOLE Y RO 26.26.26.0/24 eth0: 10.12.12.1/24...
Page 74
VPN Sample Configuration with Network Extension Mode Create the VPN virtual subnet: XSR(config)#ip local pool virtual_subnet 10.10.10.0 255.255.255.248 Configure AAA authentication by assigning a virtual subnet to the DEFAULT AAA group, associate it with DNS and WINs servers, and add two AAA users with passwords. When a remote XSR tunnels into the local XSR, it will be assigned these DNS, WINS and PPTP values and be assigned dynamically to the IP pool virtual_subnet.
XSR Rebooting Characteristics Create the ACL for trusted subnet of the XSR and virtual subnet of XSR: XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255 XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255 XSR(config)#access-list 103 permit ip any 10.10.10.0 0.0.0.255 Create crypto map statements for each ACL entry with the more protective tunnel mode set by default.
XSR Rebooting Characteristics Reboot Triggers Although there are two types of reboots of the XSR - warm or cold - reboots can be triggered in up to eight different ways. Refer to the table below. Table 1 Reboot Triggers Cause Boot Type Power-up Cold...
Bootrom Monitor Mode Commands Restart with Default Configuration Interrupt When you press the Default button on the back panel, the XSR restarts using factory default parameters, ignoring the file. startup-config Power-up Error Conditions After power-up, the XSR comes up automatically if: The minimum hardware is functional: Processor, RAM and FLASH memory, and other components.
Page 79
. Be sure not to interrupt the process or power down the XSR or it may be affected adversely. After you have updated this file, you can delete it from Flash to conserve space for other files. XSR-3150: bu btXSR3000_1_2.fls Verifying btXSR3000_1_2.fls file ... bootFirst size=28992 sum=0xc2e5 compressed_size=28992 entry=0x80020000 bootrom size=842656 sum=0xfa65 compressed_size=347728 entry=0x81e00000 Proceed with erasing current Bootrom in flash and replace with btXSR3000_1_2.fls?
This command removes a file from memory. flash: cflash: This command lists the contents of the current directory in long format. The command displays the following sample output: XSR-3150: dir Listing Directory flash:: -rwxrwxrwx 4678118 May 5 23:06 xsr3000.fls -rwxrwxrwx...
XSR-3020: ds 2003 6 1 3 This command sets the system time using the syntax . E.g.: hh mm ss XSR-3150: ds 11 59 59 This command formats the Flash file system. We recommend that you first save any .dat, , and your...
CLI command, this name will be used as the CLI hostname prompt and SNMP hostname in MIB-II. XSR-3150: np Enter ‘.’ = clear a field; ‘-’ = go to previous field; ^C = quit Local IP address (192.168.1.1) Gateway IP address () Remote Host IP address (192.168.1.10) :...
Page 83
This command displays XSR 3000 Series inventory with this sample output: XSR-3150: si Hardware: Motherboard Information: XSR-3150 ID: 9002914-04 REV0A CPLD Rev 3 Serial Number: 2914024201123206 Processor: Broadcom BCM1250 Rev 2 at 600MHz PowerSupply1, PowerSupply2 Fans 1 2 3 4 5 7 8 10...
Page 84
Current GigabitEthernet 1 MAC address is: 00:01:f4:2b:3e:1d This command shows the bootrom version with sample output below: XSR-3150: sv X-Pedition Security Router Bootrom Copyright 2003 Enterasys Networks Inc. HW Version: 9002914-04 REV0A Serial Number: 3646031700233215 CPU: Broadcom BCM1250 Rev 2 VxWorks version: VxWorks5.4.2...
Specifications System Specifications This appendix details XSR data about hardware functionality including: • Processor, system memory, chassis, power supply, interfaces • Required cabling, CompactFlash and other accessories • Pinout assignments for WAN and LAN interfaces • LED behavior Refer to tables throughout this appendix for specific information. Table A-1 XSR Hardware Specifications Category...
Page 86
System Specifications Table A-1 XSR Hardware Specifications (continued) Category Parameters Power Typical values: Motherboard: 75 watts (maximum) Consumption Serial NIM card: 4 watts T1/E1/ISDN-PRI NIM card: 3 watts ISDN BRI-S/T NIM card: 1 watt Internal Power Type Dual universal (110/220 VAC) load-sharing, redundant units Supplies (2) Input AC Voltage 100 - 240 VAC (50-60 Hz)
Cable, CompactFlash and Accessory Specifications Refer to the following table for specifications of cables, CompactFlash and accessories for the XSR. This equipment can all be obtained separately from Enterasys Networks or through any computer supply retailer. Table A-2 XSR Cabling/Accessory Guide...
Page 88
Cable, CompactFlash and Accessory Specifications Table A-2 XSR Cabling/Accessory Guide (continued) Part Description Connector Part # Function XSR-31/3250 VPN firmware XSR-3XXX-VPN VPN code XSR-31/3250 Firewall firmware XSR-3XXX-FW Firewall code...
Cable, CompactFlash and Accessory Specifications COM (Console) Port The XSR comes equipped with a COM serial port useful for initial configuration and management. Using a serial (null modem) cable, you can attach the router’s DB-9 COM port to a data terminal port and directly configure the XSR over the asynchronous connection.
Cable, CompactFlash and Accessory Specifications GigabitEthernet Ports The XSR comes equipped with three GigabitEthernet (LAN) ports that support full-duplex 10, 100, or 1000 Mbps transmission. The ports conform to IEEE 802.3 standards with 8-pin modular RJ-45 connectors. Because these ports have internal MDI crossover capabilities which allow them to detect which mode (DTE or DCE) the link partner is operating at, you can use any cable to attach the XSR with a PC or uplink port as long as a fully populated cable (all four pairs) is connected to take advantage of full gigabit bandwidth.
Cable, CompactFlash and Accessory Specifications Copper/Fiber-optic Ethernet NIMs The single-port Copper or Fiber-optic Ethernet NIMs, shown in Figure A-3 Figure A-4, provide interfaces for half and full-duplex 10/100Base-T or fiber-optic 100Base-F transmission over LAN or WAN networks, respectively. The Copper Ethernet NIM incorporates a standard 8- pin modular RJ-45 connector and the Fiber-optic Ethernet NIM has an MT-RJ multi-mode interface.
Cable, CompactFlash and Accessory Specifications 2/4-Port Serial NIM Card Port The High Speed Serial NIM card, as shown in Figure A-6, provides a WAN interface supporting a serial link to four different types of DTEs: DB-15, 25, 37, and V.35. This interface supports dual and quad traffic up to 8 Mbps.
Page 93
Cable, CompactFlash and Accessory Specifications Figure A-8 EIA-232/530 DTE Pin Assignments DSR2+ DSR0+ - 68-pin male SCSI III type con ne cto DSR2- DSR0- J2...J5 - DB-25 type male connector RxD2+ RxD0+ RxD2- RxD0- TxD2 + TxD0+ TxD2- TxD0- RTS2+ RTS0+ Port 1 RTS0-...
Page 94
Cable, CompactFlash and Accessory Specifications Figure A-9 EIA-449 DTE Pin Assignments ON2+ ON0+ - 68-pin male SCSI III type con ne ctor ON2- ON0- J2...J5 - DB-37 type ma le con nector RD2+ RD0+ RD2- RD0- SD2+ SD0+ SD2- SD0- RS2+ RS0+ RS2-...
Cable, CompactFlash and Accessory Specifications T1/E1/ISDN PRI NIM Card Ports The T1/E1/ISDN PRI NIM, as shown in Figure A-12, comes equipped with either 1, 2 or 4 Ethernet (WAN) ports that support fractional T1/E1 transmission in full-channel, fractional or unchannelized format with 8-pin modular RJ-48C connectors and include a built-in DSU/CSU. Cables required for these ports must be 100-ohm, straight-through, twisted-pair for T1 lines and a 120-ohm version for E1 lines.
Cable, CompactFlash and Accessory Specifications Balun for E1 or PRI NIM Cards Some overseas electrical systems require that you use a balun and grounding shunt when utilizing an E1 or PRI NIM card on the XSR. A balun is an adapter employed to connect a 75-ohm coaxial cable pair (2 BNC connectors) to a 120-ohm twisted pair cable (RJ-48C connector).
Cable, CompactFlash and Accessory Specifications Grounding Shunt for E1 NIM Cards If you connect a balun to a 75-ohm line, you will also need to attach a grounding shunt (or terminal strip) to any NIM pins whose RJ-48C connectors utilize the balun. The XSR requires that you use a shunt (shown in Figure A-15), or terminal strip to ground pins 3 and 6 of the RJ-48C...
Cable, CompactFlash and Accessory Specifications T3/E3 NIM Card The T3/E3 full and sub-rate NIM, as shown in Figure A-17, is equipped with 1 Ethernet (WAN) port that supports fractional T3/E3 transmission in un-channelized or clear channel mode with BNC connectors. User data are encapsulated in HDLC packets before being sent to the line. Figure A-17 1-Port T3/E3 NIM Card ALARM LOS...
Cable, CompactFlash and Accessory Specifications 1/2-Port BRI-S/T ISDB NIM Card Ports The XSR provides a serial NIM card for 1 or 2 WAN interfaces over an ISDN-S/T BRI line, as shown in Figure A-18. The Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic.
Cable, CompactFlash and Accessory Specifications Installing Shunt/Terminal Strip To install the shunt or terminal strip, attach two dual-pin units vertically to P1 and P2 four-pin jumpers corresponding to the RJ-45 port using a balun, as shown in Figure A-20. Any other RJ-45 ports on the NIM card connected to 120-ohm lines do not require shunts.
Cable, CompactFlash and Accessory Specifications 1/2-Port BRI-U NIM Card Ports The XSR provides a serial NIM card for 1 or 2 WAN interfaces over an ISDN BRI-U line, as shown Figure A-21. Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic. Figure A-21 ISDN BRI-U NIM Card (RJ-49C ports shown) Port 0 Activation LED...
Cable, CompactFlash and Accessory Specifications 1-Port ADSL NIM Card Port The XSR’s Asymmetric Digital Subscriber Line (ADSL) NIM card, as shown in Figure A-23, provides 1 WAN port on an ADSL over POTS (Annex A/C) or ISDN (Annex B) line with a 6-pin RJ-11 connector.
Cable, CompactFlash and Accessory Specifications T1/E1 Drop & Insert (D&I) NIM The XSR’s 2-port T1/E1 D&I NIM card, as shown in Figure A-25, is designed as an intermediary between the Central Office T1/E1 line and a PBX. It de-couples Channel Associated Signaling (CAS) and Voice DS0 timeslots and redirects them to a PBX, and conversely, reintegrates Voice DS0 timeslots from the PBX with the T1/E1 data stream.
Cable, CompactFlash and Accessory Specifications CompactFlash Memory Card The optional plug-in CompactFlash (CF) memory card, shown in Figure A-27, comprises a single chip controller and flash memory modules in a matchbook-sized package with a 50-pin, PCMCIA connector consisting of two rows of 25 female contacts each. The PCMCIA male interface supports both Type I and Type II CF cards.
Page 107
Cable, CompactFlash and Accessory Specifications Table A-3 LED Description (continued) State Function VPN tunnel is up No VPN tunnel connected COM(munication) Blinking Port is transmitting or receiving data Port is idle Ethernet Port 1, 2, 3 Amber only ON 10Base-T link is auto-detected Green only ON 100Base-T link is auto-detected Both ON...
Page 108
Cable, CompactFlash and Accessory Specifications A-24...
FastEthernet connectors BRI S/T A-17 Balun adapter Frame Relay configuration 3-15 BRI-U A-19 BRI S/T card COM serial port part numbers Enterasys Web site ii-xvii Ethernet (WAN) A-13, A-16 BRI S/Tpin assignments A-17 login ii-xvii GigabitEthernet BRI U card password...
Page 110
Web access 3-19 X-Pedition Security Router how to configure the XSR-1805 name and user data 232/530 pinouts 449 pinouts A-10 COM port pinouts CompactFlash size features GigabitEthernet port pinouts hardware features hardware specifications how to attach the Ethernet serial cable 2-10 how to attach the internal power supply cord...