Page 3
04DU9.BN, 04DU9.DN, 6.0N NIM-DIRELAY-xx, NIM-TE1-xx, 04DU9.1KN, 04DU9.1SN NIM-CTE1-PRI-xx NIM-BRI-U-xx 02IS5 6.0N NIM-ADSL-AC-xx 02LS2 7.0Y If the XSR harms the telephone network, the telephone company will notify you in advance that it may need to temporarily discontinue service. But if advance notice is not practical, the telephone company will notify you as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary. The telephone company may make changes in its facilities, equipment, operations, or procedures that could affect the operation of the XSR. If this happens, the telephone company will provide advance notice for you to make necessary modifications and maintain uninterrupted service. If you experience trouble with the XSR, for repair or warranty information, please contact Enterasys Networks, Inc., at 978‐684‐ 1000. If the XSR is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is solved. The XSR is not intended to be repaired by the customer. Industry Canada Notices This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada. Equipment Attachments Limitations “NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets telecommunications network protective, operational and safety requirements as prescribed in the appropriate Terminal Equipment Technical Requirements document(s). The department does not guarantee the equipment will operate to the userʹs satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.
Seguridad del Producto El producto de Enterasys cumple con lo siguiente: UL 60950, CSA C22.2 No. 60950, 73/23/EEC, EN 60950, EN 60825, IEC 60950. Produktsicherheit Dieses Produkt entspricht den folgenden Richtlinien: UL 60950, CSA C22.2 No. 60950, 73/23/EEC, EN 60950, EN 60825, IEC 60950. Electromagnetic Compatibility (EMC) This product complies with the following: 47 CFR Parts 2 and 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, and VCCI V‐3. Compatibilidad Electromágnetica (EMC) Este producto de Enterasys cumple con lo siguiente: 47 CFR Partes 2 y 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3. Elektro- magnetische Kompatibilität ( EMC ) Dieses Produkt entspricht den folgenden Richtlinien: 47 CFR Parts 2 and 15, CSA C108.8, 89/336/EEC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3. ...
Page 5
European Waste Electrical and Electronic Equipment (WEEE) Notice In accordance with Directive 2002/96/EC of the European Parliament on waste electrical and electronic equipment (WEEE): The symbol above indicates that separate collection of electrical and electronic equipment is required and that this product was placed on the European market after August 13, 2005, the date of enforcement for Directive 2002/96/EC. When this product has reached the end of its serviceable life, it cannot be disposed of as unsorted municipal waste. It must be collected and treated separately. It has been determined by the European Parliament that there are potential negative effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment. It is the users’ responsibility to utilize the available collection system to ensure WEEE is properly treated. For information about the available collection system, please go to http://www.enterasys.com/support/ or contact Enterasys Customer Support at 353 61 705586 (Ireland). VCCI Notice This is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI) V‐3. If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. BSMI EMC Statement — Taiwan This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.
Declaration of Conformity Application of Council Directive(s): 89/336/EEC 73/23/EEC Manufacturer’s Name: Enterasys Networks, Inc. Manufacturer’s Address: 50 Minuteman Road Andover, MA 01810 European Representative Address: Enterasys Networks, Ltd. Nexus House, Newbury Business Park London Road, Newbury Berkshire RG14 2PZ, England Conformance to Directive(s)/Product Standards: EC Directive 89/336/EEC EN 55022 EN 55024 EC Directive 73/23/EEC EN 60950 EN 60825 Equipment Type/Environment: Networking Equipment, for use in a Commercial or Light Industrial Environment. Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives. Australian Telecom N826 WARNING: Do not install phone line connections during an electrical storm. WARNING: Do not connect phone line until the interface has been configured through local management. The service provider may shut off service if an un‐configured interface is connected to the phone lines. WARNING: The NIM‐BRI‐ST cannot be connected directly to outside lines. An approved channel service unit (CSU) must be used for connection to the ISDN network. In some areas this CSU is supplied by the network provider and in others it must be ...
Page 7
Independent Communications Authority of South Africa This product complies with the terms of the provisions of section 54(1) of the Telecommunications Act (Act 103 of 1996) and the Telecommunications Regulation prescribed under the Post Office Act (Act 44 of 1958). TE-2002/195 TE-2002/190 APPROVED APPROVED TE-2003/112 TE-2003/113 APPROVED APPROVED SS/366.01 APPROVED VPN Consortium Interoperability The VPN Consortium’s (VPNC) testing program is an important source for certification of conformance to IPSec standards. With rigorous interoperability testing, the VPNC logo program provides IPSec users even more assurance that the XSR will interoperate in typical business environments. VPNC is the only major IPSec testing organization that shows both proof of interoperability as well as the steps taken so that you can reproduce the tests.
Page 8
Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware installed on the Enterasys product (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. This Agreement constitutes the entire understanding between the parties, and supersedes all prior discussions, representations, understandings or agreements, whether oral or in writing, between the parties with respect to the subject matter of this Agreement. The Program may be contained in firmware, chips or other media. BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT, ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL DEPARTMENT AT (978) 684‐1000. You and Enterasys agree as follows: LICENSE. You have the non‐exclusive and non‐transferable right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this Agreement. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third party to: (i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error ...
Page 9
UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY Enterasys, Enterasys DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON‐ INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY (30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT. THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY YOU FOR THE RIGHTS GRANTED HEREIN. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records, accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your business. In the event such audit discovers non‐compliance with this Agreement, ...
Page 10
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock or assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement. 12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion. 13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality or unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other jurisdiction. 14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.
Contents Preface Contents of the Guide ............................xv Conventions Used in This Guide ........................xv Getting Help ..............................xvii Chapter 1: Overview System Description ............................1-1 Hardware Features ..........................1-2 Software Features ............................ 1-3 Industry-common CLI ......................... 1-3 IP Protocol ............................1-3 IP Routing............................
This guide provides a general overview of the XSR-1805 hardware and software features and describes how to quickly install and configure the XSR. Refer to the XSR-1805 CLI Reference Guide and XSR-1805 User’s Guide for information not contained in this document.
Page 16
Electrical Hazard: Warns against an action that could result in personal injury or death due to an electrical hazard. Riesgo Electrico: Advierte contra una acción que pudiera resultar en lesión corporal o la muerte debido a un riesgo eléctrico. Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes. Personal vorgenommen werden.
Getting Help For additional support related to the XSR, contact Enterasys Networks by one of these methods: World Wide Web http://www.enterasys.com Phone (978) 684-1000 1-800-872-8440 (toll-free in U.S. and Canada) For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/gtac-all.html...
Overview This chapter introduces key features of the XSR-1805 and briefly describes hardware installation. System Description The XSR is a networking device designed for enterprise branch offices that provides IP routing over FastEthernet LAN and T1/E1, Serial (RS232, X.21, V.35, RS422/530, RS449), Dial Services via POTS, ISDN (BRI, PRI), or Frame Relay WAN connections.
• Compact chassis (2.5” high by 14“wide by 10.625“deep with feet attached) that you can stack five high and optionally mount in a standard 19” rack or custom Enterasys rack-mount kit • 90 - 265 VAC external power supply with country-specific line cords •...
System Description • Console interface including modem control signals for remote debugging, out-of-band configuration or dial backup. • 32 MBytes of SDRAM/DIMM memory upgradable to 64 MBytes, 8 MBytes of Onboard Flash, and 8, 16, 32, or 64 Mbyte optional, plug-in CompactFlash card. •...
System Description • Internet Group Management Protocol (IGMP) • Remote Auto Install over Ethernet • Simple Network Time Protocol (SNTP) server • OS fallback IP Routing • Static and multiple routes to the same destination • Redistribution of routes from RIP, OSPF, BGP, connected, or static into RIP, OSPF, and BGP •...
System Description Security • Stateful inspection firewall engine • FTP, H.323, and RPC (SUN and Microsoft) ALG support • Application commands for FTP, SMTP, & HTTP • Firewall logging and authentication • Firewall interaction with NAT & VPN • Standard and Extended Access Control Lists •...
System Description • Periodic Keep-Alive messages to learn of connection problems • Multi-protocol interconnect over Frame Relay - RFC-2427 • RFC-2390 Frame Relay Inverse ARP to discover IP address of remote peer when used in multi- point mode and responds to incoming Inverse ARP requests independent of P2P or MP2P •...
System Description Asynchronous Digital Subscriber Line (ADSL) • POTS and ISDN circuit support • ATM Frame UNI (FUNI) data framing format • OAM cells: AIS, RDI, CC, Loopback over F4 and F5 flows • Up to 30 ATM Permanent Virtual Circuits (PVCs) •...
Enterasys Networks sales representative. Install any optional memory component. Install NIM cards. Optional. Mount the XSR in a rack or the custom Enterasys rack-mount kit (refer to the XSR- 1805 Rack-Mount Kit Manual for details). Connect Ethernet cable(s) to the FastEthernet LAN port(s).
Hardware Installation Introduction This chapter provides a checklist to verify your shipment and describes how to install the following XSR hardware: • NIM cards • Optional - CompactFlash card • Optional - DIMM upgrade • Optional - Rack-mounted XSR • Connecting cables Note: For instructions on installing a balun and grounding shunt/terminal strip on E1 NIM cards only, refer to Appendix A: Specifications on...
Installing the NIM Cards • Each XSR AC power supply requires a three-pronged power receptacle capable of delivering the current and voltage specified in Appendix A. An AC outlet on a separately fused circuit is required for each XSR to provide power redundancy, and must be located within 182 centimeters (6 feet) from the site.
Page 31
Installing the NIM Cards Unfasten the four screws holding the rear access cover to the chassis and remove it as shown Figure 2-2. Figure 2-2 Removing Rear Access Cover Unfasten the two screws securing the NIM brace/grounding plates and remove them as shown in Figure 2-3.
Page 32
Installing the NIM Cards Reorient the NIM brace and fasten it to the NIM as shown in Figure 2-4. Figure 2-4 Installing NIM Brace Press the NIM gently into the pin holding assembly in the open card slot (NIM 2) and fasten to the chassis with the screws provided as shown in Figure 2-5.
Installing the CompactFlash Memory Card Installing the CompactFlash Memory Card The CompactFlash (CF) memory card provides additional non-volatile storage capabilities in various increments. The CF’s controller interfaces with a host system allowing data to be written to and read from the CF’s flash memory module. Refer to Figure 2-6.
DIMM Upgrade for ADSL Operation DIMM Upgrade for ADSL Operation If you install the ADSL NIM, we recommend that you upgrade the Dual In-line Memory Module (DIMM) card in the XSR to 64 MBytes. The standard DIMM of 32 MBytes can easily be upgraded simply by disassembling the chassis, removing the existing DIMM, and installing a new DIMM.
Page 35
DIMM Upgrade for ADSL Operation Detach the chassis cover from the chassis base by unfastening the four screws attaching the parts, as shown in Figure 2-8. Figure 2-8 Removing the Chassis Cover DIMM card On the motherboard, gently pull the two beige handle clasps down, as shown Figure 2-9, to release the 32 MByte DIMM card from its connector and remove.
Rack Mounting the XSR Insert the 64 MByte DIMM card in the 100-pin female DIMM connector, making sure that its notched lip lines up correctly with the connector. As you gently press the DIMM down into the connector, as shown in Figure 2-10, the handle clasps will partially close.
2-12. Figure 2-12 Cabling Console Port Connect the NIM port(s) to your High Speed Serial WAN connectors with cabling provided separately by Enterasys or a third-party source, as shown in Figure 2-13. Figure 2-13 Cabling WAN Connections (High Speed Serial NIM Shown...
Page 38
Connecting Cables Optionally, you can connect WAN cables to a T3/E3 NIM, as shown in Figure 2-14, or an ADSL NIM, as shown in Figure 2-15, or a T1 Drop & Insert NIM, as shown in Figure 2-16. Figure 2-14 Attaching T3/E3 BNC Connectors Figure 2-15 Connecting ADSL RJ-11 Connector...
Page 39
Connecting Cables Figure 2-16 Connecting T1 Drop & Insert Connector Cable the FastEthernet port(s) to your LAN drop or a Hub, as shown in Figure 2-17. Figure 2-17 Cabling FastEthernet (LAN) Connection Attach the power supply cord to the power connector at the rear of the XSR, as shown in Figure 2-18, and plug in the country-appropriate power cord to a wall socket.
Software Configuration This chapter describes how to initialize, quickly set up and verify your configuration for the XSR. Refer to the XSR CLI Reference Guide for a more thorough explanation of commands and parameter options. The chapter also includes sample configuration scripts, detailed XSR rebooting characteristics and Bootrom Monitor mode instructions.
Page 42
Powering On and Initializing XSR Software • ETH 10/100 LEDs turn ON and OFF a few times during initialization as the XSR proceeds from bootrom to power up diagnostics to software image, then they remain ON or OFF depending on the LAN type. •...
Opening a Console Session first error will be reported, along with a count of the sum of errors incurred. In the case of a single error, only the error line will be reported. Error messages will be logged as well. Because the result of continuing to process a flawed startup-config is not predictable, the nature and position of the syntax error may cause the erroneous configuration of the XSR.
Page 44
Optional: Configuring Remote Auto Install to IP addresses 133.133.1.2 and 133.133.1.3. If the DLCI will connect to a remote XSR running RAI, then add the bootp parameter after the static IP address. This configuration supports two remote XSRs connected on DLCIs 16 and 18. Make sure with your Frame Relay provider that these DLCIs terminate at the location of the remote XSRs.
Optional: Configuring Remote Auto Install Phase 6 - getting hostname xsrnode-confg from tftp server into flash: startup- config rDNS has responded with the hostname which will be used in the TFTP transfer. RAI will try several file names xsrnode if this file is not available from the server. Phase 7 - preparing node to execute startup-config TFTP transfer succeeded in copying the hostname file to the file.
Page 46
Optional: Configuring Remote Auto Install The following is a CISCO configuration at the central site: vpdn enable Enables a virtual private dial-up network configuration on the router. vpdn-group 1 Creates a VPDN session group and links it to a virtual template. accept-dialin protocol pppoe virtual-template 1...
Configuring the XSR Name and User Information Phase 2 - ADSL - searching for pvc's...vpi/vci (0/0) The XSR looks for PVC 0/0 and higher. Phase 2 - ADSL - searching for pvc's...vpi/vci (0/38) The XSR looks for PVC 0/38 and higher. Phase 3 - ADSL - trying to connect on 0/35 with snap PPPoE PVC 0/35 is found, SNAP PPPoE encapsulation is applied and authentication tried if required.
Setting the Clock Setting the Clock XSR 1800 and 3000 Series routers have an on-board Real Time Clock (RTC) chip with which to keep accurate time across the network. As an alternative to accessing a public time server, you can utilize the RTC as a time reference and propagate it by configuring XSRs as Simple Network Time Protocol (SNTP) servers or clients.
Configuring the WAN Ports Enter channel-group <number> timeslot <number> <speed> <number> to create a channel group. This command allows multiple logical WAN interfaces to be created on a single channelized T1/E1/ISDN-PRI port, ranging from 0 - 23 for T1 lines, and 0 - 31 for E1 lines. Also, from 1 - 24 T1 and 1 - 31 E1 timeslots can be set.
Configuring the WAN Ports Enter to set an IP address for the BRI interface. ip address <xxx.xxx.xxx.xxx>/24 Enter to select PPP encoding. encapsulation ppp Enter to keep the BRI interface enabled. no shutdown BRI Leased Frame Relay Enter to acquire BRI Interface mode and select the BRI interface bri 0:<1 | 2>.<1-30>...
Configuring the WAN Ports Remember to save your configuration after all edits. ADSL Configuration ADSL can be configured using three different types of encapsulation: PPPoA, PPPoE, and IPoA. Continue configuration with the ADSL type of your choice. PPPoE The following commands configure a sample PPPoE topology. The first set configures the LAN interface with directed broadcasts prohibited.
Firewall Sample Configuration XSR(config-if<F1>)#no ip directed-broadcast XSR(config-if<F1>)#no shutdown The commands below configure the ATM interface and sub-interface with a negotiated IP address, CHAP username and password, and bans keepalives. XSR(config)#interface ATM 0 XSR(config-if<ATM0/0>)#no shutdown XSR(config-if<ATM0/0.1>)#interface ATM 0.1 XSR(config-if<ATM0/0.1>)#no shutdown XSR(config-if<ATM0/0.1>)#encapsulation snap pppoa XSR(config-if<ATM0/0.1>)#ip address negotiated XSR(config-if<ATM0/0.1>)#ip mtu 1492 XSR(config-if<ATM0/0.1>)#ip tcp adjust-mss 1400...
Page 53
Firewall Sample Configuration Figure 3-1 XSR with Firewall Topology 220.150.2.32/28 XSR-1805 Frame Relay 220.150.2.35 206.12.44.16/28 220.150.2.37 Internet 220.150.2.17 Internal 220.150.2.36 220.150.2.16/28 Web server Mail server (HTTP) (SMTP) 220.150.2.19 220.150.2.18 In this configuration, the firewall provides protected access from the private to dmz networks. That is, access is restricted to Web and mail traffic only.
Configure OSPF Routing 12. Enter network <xxx.xxx.xxx.xxx> (IP address) of the network to be advertised. Repeat the command to configure additional networks. 13. Enter passive-interface type num if you want to prevent RIP transmissions on the interface. 14. Enter no receive-interface if you want to disable reception of RIP updates on the interface. Remember to save your configuration after all edits.
Setting Up the Backup Line Enter map-class frame-relay <name> to designate this map-class and acquire Map-Class mode. Enter frame-relay cir out <bits> to set the outgoing CIR (the default is 56000 bps). Refer to the XSR User’s Guide for more details. Enter frame-relay bc out <bits>...
Setting Up SNMP Community Strings, Traps and V3 Values 10. To set up the Console port as a serial port, perform the following: • Enter interface serial 0 to decouple the port from the CLI and acquire Interface mode. • Enter no shutdown to keep the interface enabled. •...
Configuring Message Logging and Severity Level Remember to save your configuration after all edits. Refer to the XSR User’s Guide for information about other SNMP commands. Note: To restart the XSR using NetSight or SNMP management programs, you must enter the snmp-server system-shutdown command.
Page 60
Figure 3-3. Figure 3-3 Web Product Version Window Product Version Copyright 2004 by Enterasys Networks, Inc. Hardware: Processor board ID: 9002854-02 REV0A Serial Number: (not displayed) Processor: IBM PowerPC 405GP Rev. D at 200MHz RAM installed: 64MB...
Sample LAN-PPP Services Configuration Hostname: branch1 Hostname: mainsite Username: mainsite Username: branch1 Password: Toronto Password: Toronto 192.168.1.100/24 Central Site XSR-1805 154.168.1.47/24 PSTN Leased line Leased line or E1/T1 fractional E1/T1 XSR-1805 serial V.35/X.21 Server SSR-8600 Backup via serial (RS-232 dial) 1-800-555-1111 Backup Site...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-controller<T1-1/0>)#no shutdown Enables T1 controller XSR(config)#interface serial 1/0:0 Configures Serial interface 1, port 1 using channel group 0 and acquires Interface mode XSR(config-if<S1/0:0>)#encapsulation ppp Enables PPP encapsulation XSR(config-if<S1/0:0>)#ppp authentication chap Configures CHAP authentication on the interface XSR(config-if<S1/0:0>)#ip address 154.68.1.47 255.255.255.0 Enables IP address for serial interface 1/0 XSR(config-if<S1/0:0>)#backup interface dialer 5...
Frame Relay WAN Link with PPP Backup Sample Configuration Configure Users and Passwords XSR>enable Acquires Privileged EXEC mode XSR#configure Acquires Global configuration mode XSR(config)#username bob password cleartext bobspassword Adds a user and unencrypted password Configure LAN Interface XSR(config)#interface fastethernet 1 Configures the local LAN port and acquires Interface mode XSR(config-if<F1>)#ip address 192.168.1.100 255.255.255.0 Enables the IP address for the FastEthernet port...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-pmap-c<priority-policy>)#set ip dscp ef Configures IP precedence to match packets with Expedited Forwarding XSR(config-pmap<priority-policy>)#class priority-server Adds another queue for this policy map and enters Class sub-mode XSR(config-pmap-c<priority-server>)#priority medium 20 6400 Gives medium priority queue a peak 20% of bandwidth, burst size of 6400 bits per second XSR(config)#policy-map data_policy Adds a policy map and acquires Policy Map mode XSR(config-pmap<data_policy>)#class data_class...
Frame Relay WAN Link with PPP Backup Sample Configuration XSR(config-if<S1/0.2-16>)#ip address 154.68.2.1 255.255.255.0 Configures the IP address of DLCI 16 XSR(config-if<S1/0.2-16>)#no shutdown Enables DLCI 16 interface Apply QoS XSR(config)#map-class frame-relay CLASS-FRP Adds an FR map class and acquires FR Map Class mode XSR(config-map-class<CLASS-FRP>)#frame-relay cir out 48000 Sets this map class’...
Frame Relay WAN Link with PPP Backup Sample Configuration Configure More Access Lists The following ACLs deny any packets to or from network 192.168.1.15 as they enter or leave FastEthernet 1 interface, and permit traffic to or from subnet 192.168.2.xx while denying any other traffic.
Adds another SNMP community with read-write privileges attached to ACL 26 XSR(config)#snmp-server enable traps Enables traps to be transmitted XSR(config)#snmp-server contact support@enterasys.com Specifies contact information for the management server XSR(config)#snmp-server location “HQ 2nd floor” Specifies the location of the management server XSR(config)#snmp-server host 192.168.2.101 traps trapCommunity...
VPN Site-to-Site Sample Configuration Generate Master Encryption Key If you have not already generated a master encryption key, you must do so now to configure the VPN. A master key need only be generated once. Caution: The master encryption key is stored in hardware, not Flash, and you cannot read the key - only overwrite the old key by writing a new one.
VPN Site-to-Site Sample Configuration Create a Transform Set The following transform-set specifies the specified encryption/data integrity choices, 768-bit Diffie-Hellman, and an SA lifetime expressed in kilobytes. The SA seconds lifetime value is disabled. Some commands are abbreviated. XSR(config)#crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac XSR(cfg-crypto-tran)#set pfs group1 XSR(cfg-crypto-tran)#set security-association lifetime lifetime kilobytes 100000 XSR(cfg-crypto-tran)#no set security-association lifetime lifetime seconds...
Page 71
VPN Sample Configuration with NEM, EZ-IPSec & Internet Access Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Access eth0: 10.11.11.1/24 FastEthernet 1: 172.16.10/24 eth1: 26.26.26.11/24 FastEthernet 2: 26.26.26.10/24 Virtual IP Pool: 172.16.10.0/24 26.26.26.0/24 eth0: 10.12.12.1/24 eth1: 26.26.26.12/24 172.16.10.0 If you have not already generated a master encryption key, you must do so now to configure the VPN.
Page 72
VPN Sample Configuration with NEM, EZ-IPSec & Internet Access XSR(config)#ip local pool virtual_subnet 10.10.10.0 255.255.255.248 Configure AAA authentication by assigning a virtual subnet to the DEFAULT AAA group, associate it with DNS and WINs servers, and add two AAA users with passwords. When a remote XSR tunnels into the local XSR, it will be assigned these DNS, WINS and PPTP values and be assigned dynamically to the IP pool virtual_subnet.
CLI describes router initialization. Initialization Output The XSR displays the following output when it initializes (cold reboot): X-Pedition Security Router Bootrom Copyright 2004 Enterasys Networks Inc. HW Version: 9002854-02 REV0A Serial Number: 0001F4000102 CPU: IBM PowerPC 405GP Rev. D VxWorks version: 5.4 Bootrom version: 1.20...
Page 74
Testing ISDN PMC in Slot [2] .......<Not Installed> Testing ISDN PMC in Slot [3] .......<Not Installed> Exiting Diagnostics..X-Pedition Security Router Bootrom Copyright 2001 Enterasys Networks Inc. HW Version: 9002854-02 REV0A Serial Number: 0001F4000102 CPU: IBM PowerPC 405GP Rev. D VxWorks version: 5.4 Bootrom version: 1.20...
XSR Rebooting Characteristics Verifying uncompressed chksum ... Starting at 0x10000... Attached TCP/IP interface to Eth unit 1 Attaching interface lo0...done cflash:/ - Volume is OK Restoring startup configuration files, please wait Startup configuration files have been restored. login: Reboot Triggers Although there are two types of reboots of the XSR - warm or cold - reboots can be triggered in up to eight different ways.
Bootrom Monitor Mode Commands Watchdog Timer Expiration When the internal watchdog timer expires, causing the XSR to fail, fault information is captured in a report and a warm boot is initiated. But if more than three warm boots are detected within one minute, a cold boot will be initiated.
Page 77
Bootrom Monitor Mode Commands • Display or change date and time on real-time clock • Commands for development use only This command initiates a cold reboot. This command initiates a warm reboot. This command changes the Bootrom password. The default password is blank. You are prompted to enter a password by the following script: XSR-1800:bp Enter current password:...
Bootrom Monitor Mode Commands Locking 8 Bootrom flash sectors ***** Bootrom update completed. ***** Using default Bootrom password. The system is not secure!!! Use “bp” to change password XSR-1800: This command updates the bootrom file through a network transfer to a local file. Be sure to enter in uppercase.
Bootrom Monitor Mode Commands This command modifies network parameters. You are prompted to enter data by the following script. While most of the options are self-explanatory, three require further description. • When set to no, the Autoboot option places the prompt in Bootrom mode when you boot or power up the XSR.
Page 81
Bootrom Monitor Mode Commands This command shows a fault report. Sample output is shown as follows: XSR-1800: sf No fault report at 0x1feef00 This command displays system inventory. Sample output is shown as follows: XSR-1800: si IBM PowerPC 405GP Rev. D Processor speed = 200 MHz PLB speed...
Page 82
Bootrom Monitor Mode Commands This command shows the bootrom version with sample output below: XSR-1800: sv X-Pedition Security Router Bootrom Copyright 2002 Enterasys Networks Inc. HW Version: 9002854-02 REV0A Serial Number: 0001F4000102 CPU: IBM PowerPC 405GP Rev. D VxWorks version: 5.4 Bootrom version: 1.20...
Display port and system status, warn of Flash upgrade. Cable, CompactFlash and Accessory Specifications Refer to the following table for specifications of cables, CompactFlash and accessories for the XSR. This equipment can all be obtained separately from Enterasys Networks or through any computer supply retailer. Table A-2 XSR Cabling/Accessory Guide Part Description Connector Part # Function 6’ DB-9 null modem cable DB-9, male N/A from Enterasys Console link to serial line...
Page 85
Table A-2 XSR Cabling/Accessory Guide (continued) Part Description Connector Part # Function .58 - 10 meter 10/100BaseT straight-through or RJ-45 N/A from Enterasys Ethernet link to hub/switch or cross-over cables PC/uplink port 100 or 120-ohm, straight-through, twisted-pair T1/E1 Port N/A from Enterasys...
Cable, CompactFlash and Accessory Specifications Console Port The XSR comes equipped with a serial port useful for initial configuration. Using a serial (null modem) cable, you can attach the router’s DB‐9 Console port to a data terminal port and directly configure the XSR over the asynchronous connection.Then, open a communications or Telnet session to communicate with the router. If you use a communications program, set the connection properties as follows: • Connect using: Direct to COMx (where x is an unused COM port) • Bits per second: 9600 • Data bits: 8 • Parity: None • Stop bits: 1 •...
Cable, CompactFlash and Accessory Specifications Ethernet Ports The XSR comes equipped with two Ethernet (LAN) ports that support full‐duplex 10 or 100 Mbps transmission. Both ports conform to IEEE 802.3 standards with 8‐pin modular RJ‐45 connectors. A cross‐over cable is used to connect the XSR directly to a PC or uplink port while a straight‐through cable is used to attach the router to a hub or switch. Refer to Figure A‐2 for pinout assignments. Figure A-2 Ethernet Port Pinouts Pin Signal Transmit + Ethernet 1 & 2 Transmit - Pin 8 Pin 1 Receive + Not used Not used Receive - Not used Not used Copper/Fiber-optic Ethernet NIMs The single‐port Copper or Fiber‐optic Ethernet NIMs, shown in Figure A‐3 and Figure...
Cable, CompactFlash and Accessory Specifications Regulatory/Safety Compliance The Copper and Fiber‐optic Ethernet NIMs comply with these regulatory and safety requirements: IEE 802.3, UL 1950, CSA No. 950, EN 60950, and IEC 950 (CB Scheme Report). 2/4-Port Serial NIM Card Port The High Speed Serial NIM card, as shown in Figure A‐6, provides a WAN connection to four different types of DTEs: DB‐15, 25, 37, and V.35. This interface can support dual and quad traffic up to 8 Mbps. Figure A-6 High Speed Serial NIM Port 68-pin Serial Pin 1 Pin 68 Refer to Figure A‐7 through Figure A‐11 for all Serial NIM pinout assignments. Figure A-7 X.21 DTE Pin Assignments X.21 DTE Receive2+ Receive0+...
Page 89
Cable, CompactFlash and Accessory Specifications Figure A-8 EIA-232/530 DTE Pin Assignments DSR2+ DSR0+ - 68-pin male SCSI III type con ne cto DSR2- DSR0- J2...J5 - DB-25 type male connector RxD2+ RxD0+ RxD2- RxD0- TxD2 + TxD0+ TxD2- TxD0- RTS2+ RTS0+ Port 1 RTS0-...
Page 90
Cable, CompactFlash and Accessory Specifications Figure A-9 EIA-449 DTE Pin Assignments ON2+ ON0+ - 68-pin male SCSI III type con ne ctor ON2- ON0- J2...J5 - DB-37 type ma le con nector RD2+ RD0+ RD2- RD0- SD2+ SD0+ SD2- SD0- RS2+ RS0+ RS2-...
Page 92
Cable, CompactFlash and Accessory Specifications Figure A-11 V.35 DTE Pin Assignments V.35 D TE DSR2 DSR0 - 68 -p in male SCSI III type conne cto RD2+ RD0+ J2...J5 - V.35 type ma le conne ctor RD2 - RD0 - SD2+ SD0+ SD2-...
Cable, CompactFlash and Accessory Specifications T1/E1/ISDN PRI NIM Card Ports The T1/E1/ISDN PRI NIM, as shown in Figure A‐12, comes equipped with either 1, 2 or 4 Ethernet (WAN) ports that support fractional T1/E1 transmission in full‐channel, fractional or unchannelized format with 8‐pin modular RJ‐48C connectors and include a built‐in DSU/CS. Cables required for these ports must be 100‐ohm, straight‐through, twisted‐pair for T1 lines and a 120‐ohm version for E1 lines. Refer to Figure A‐13 for pinout assignments. Note: If you are using the TI/EI/ISDN PRI NIM in Singapore or Australia, the cables required for these ports must not employ individual shields for each pair. Figure A-12 .4-Port T1/E1/ISDN PRI NIM Card (RJ-48C ports shown) Figure A-13...
Cable, CompactFlash and Accessory Specifications Balun for E1 or PRI NIM Cards Some overseas electrical systems require that you use a balun and grounding shunt when utilizing an E1 or PRI NIM card on the XSR. A balun is an adapter employed to connect a 75‐ohm coaxial cable pair (2 BNC connectors) to a 120‐ohm twisted pair cable (RJ‐48C connector). The balun and its connectors are illustrated in Figure A-15. The grounding shunt is also required to ground unused pins of the RJ‐48C connector. To install the balun, attach the 75‐ohm coaxial cables to the BNC connectors and a 120‐ohm E1/PRI cable to the RJ‐48C port (see below for details). Figure A-14 Balun for E1 ISDN PRI Connection J12 Transmit BNC male connector 75-ohm connection to your network J2 Receive BNC male connector 75-ohm connection to your network...
Cable, CompactFlash and Accessory Specifications Installing Shunt/Terminal Strip To install the shunt or terminal strip, attach two dual‐pin units vertically to each four‐pin jumper (P2, P3, P4, or P5) corresponding to the RJ‐48C port using a balun, as shown in Figure A‐16. Any other RJ‐48C5 ports on the NIM card connected to 120‐ohm lines do not require shunts. Figure A-16 Installing a Grounding Shunt on the E1 NIM Card XSR Getting Started Guide A-13...
Cable, CompactFlash and Accessory Specifications T3/E3 NIM Card The T3/E3 full and sub‐rate NIM, as shown in Figure A‐17, is equipped with 1 Ethernet (WAN) port that supports fractional T3/E3 transmission in un‐channelized or clear channel mode with BNC connectors. User data are encapsulated in HDLC packets before being sent to the line. Figure A-17 1-Port T3/E3 NIM Card ALARM LOS ENABLE LOF Cables required for this NIM must be 75‐ohm, DS3 Type 734 or 735 coaxial. DS3 cables support a length up to 450 in length. E3 cabling supports a cable length up to 900 feet. Un‐channelized mode consists of the entire T3/E3 payload in one data path, but with T3/E3 framing bits still in place. Only one HDLC channel is used. Throughput of the un‐channelized link can be limited by using only a portion of the entire payload. Various sub‐rates are available to provide compatibility with major DSU equipment suppliers. Scrambling may also be enabled as required for DSU compatibility. Larscom zero suppression is supported. Clear channel mode presents the board merely as the line driver for a link carrying HDLC packets where even framing bits are used for data transfer. The T3/E3 framer operates in bypass mode and renders the NIM a line driver. Both sides of the link must have the same setting to operate correctly in this mode. For more details on software configuration, refer to the XSR User’s Guide. Regulatory/Safety Compliance The T3/E3 NIM complies with the following regulatory requirements. E3: FCC Class B, ITU‐T G.703, G.704, G823 and TBR24 for world wide approval, National Standards testing as required, and BABT Compliance United Kingdom directive 607114. T3: FCC Class B, GR‐499‐CORE is the Bellcore test procedure that can be used for design validation, JATE Green Book for Japan.
Cable, CompactFlash and Accessory Specifications 1/2-Port ISDN BRI-S/T NIM Card Ports The XSR offers a serial NIM card for 1 or 2 WAN interfaces over an ISDN BRI‐ S/T line, as shown in Figure A‐18. The Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic. See Figure A‐19 for pinout assignments. Figure A-18 ISDN BRI-S/T NIM Card (RJ-45 ports shown) Port 0 Activation LED Port 1 Activation LED Figure A-19 ISDN BRI-S/T NIM Pinouts Pin Signal BRI-S/T Unused Pin 1...
Cable, CompactFlash and Accessory Specifications Termination Shunt for the ISDN BRI-S/T NIM Card ISDN BRI‐S/T terminal equipment devices may be connected at random points of the cable in point‐to‐point or point‐to‐multipoint configurations. Line termination resistors must be provided at both ends of the transmit/receive lines only. The XSR’s BRI NIM card provides an option to terminate receive as well as transmit lines using 100 Ohm resistors. Shunts are required to shorten the appropriate contacts of the terminal headers (P1, P2). Refer to “Installing Shunt/Terminal Strip” on page ‐16 for directions. Figure A‐20 shows per port respective termination header locations and the orientation of the receive and transmit pairs. Caution: The cable connecting the BRI NIM to the balun requires two additional wires to extend the chassis ground to the balun. Cables of this type are often provided by your supplier who can customize them for your needs.
Cable, CompactFlash and Accessory Specifications 1/2-Port ISDN BRI-U NIM Card Ports The XSR offers a serial NIM card for 1 or 2 WAN interfaces over an ISDN Basic Rate Interface (BRI)‐U line, as shown in Figure A‐21. Port 0 and 1 LEDs shine when the lines are active and ready to receive traffic. Figure A-21 ISDN BRI-U NIM Card (RJ-49C ports shown) Port 0 Activation LED Port 1 Activation LED Refer to Figure A‐22 for pinout assignments. Figure A-22 ISDN BRI-U NIM Pinouts. Pin Signal BRI-U Unused...
Cable, CompactFlash and Accessory Specifications 1-Port ADSL NIM Card Port The XSR’s Asymmetric Digital Subscriber Line (ADSL) NIM card, as shown in Figure A‐23, provides 1 WAN port on an ADSL over POTS (Annex A/C) or ISDN (Annex B) line with a 6‐pin RJ‐11 connector. The ADSL NIM supports both G.dmt and G.lite standards. ADSL NIMs are shipped with a CompactFlash card containing DSP firmware. This driver software copies the Flash file into host memory where it provides on‐demand use by the DSP. Figure A-23 ADSL NIM Card LED 2 LED 1 Note: The XSR supports only one ADSL card type at a time, so multiply-installed card types must be similar.
Cable, CompactFlash and Accessory Specifications T1/E1 Drop & Insert (D&I) NIM The XSR’s 2‐port T1/E1 D&I NIM card, as shown in Figure A‐25, is designed as an intermediary between the Central Office T1/E1 line and a PBX. It de‐couples Channel Associated Signaling (CAS) and Voice DS0 timeslots and redirects them to a PBX, and conversely, reintegrates Voice DS0 timeslots from the PBX with the T1/E1 data stream. The ports are functionally equivalent. Figure A-25 T1/E1 D&I NIM Card The T1/E1 D&I NIM provides long‐ and short‐haul capabilities and Drop and Insert functionality via a fully configurable Time Division Multiplexed (TDM) switch. It can be configured for data only, or voice/data applications. In Data‐Only mode, both ports pass data, whereas in Voice/Data mode, one port passes a voice/data stream, while the other passes only voice. The T1/E1 D&I NIM maintains high reliability of voice traffic by using a bypass relay to ensure continued service even if a power failure occurs or the NIM enters an abnormal state. In such an event, the two ports are connected, bypassing the NIM, thus allowing uninterrupted bidirectional voice transmission. To ensure service, remember to configure voice timeslots on both sides of the connection in the same manner. That is, if timeslots 3‐5 are configured for voice on the NIM, the same DS0s should be configured for voice at the Central Office. Refer to the XSR User’s Guide for instructions. Refer to Figure A‐26 for pinout assignments. Figure A-26 T1/E1 D&I NIM Pinouts Pin Signal Unused T1/E1 D&I...
Cable, CompactFlash and Accessory Specifications CompactFlash Memory Card The optional plug‐in CompactFlash (CF) memory card, shown in Figure A‐27, comprises a single chip controller and flash memory modules in a matchbook‐sized package with a 50‐pin, PCMCIA connector consisting of two rows of 25 female contacts each. The PCMCIA male interface supports both Type I and Type II CF cards. Note that the CF release mechanism pops out when you install the card. For installation instructions, refer to the Hardware Installation chapter. Figure A-27 CompactFlash Memory Card Pin 1 Pin 50 LED Behavior The ten LEDs located on the XSR front panel display system and port status as described in the Table A‐3 and illustrated in Figure A‐28. Figure A-28 XSR LEDs 10/100BT 10/100BT ACT POWER ETHERNET ETHERNET CONSOLE NIM1 NIM2 PORT 1...
Page 103
Cable, CompactFlash and Accessory Specifications Table A-3 LED Description (continued) State Function BRI NIM Port 0,1 Switch ISDN BRI-S/T link is activated and ready for traffic. This LED is connected located on the NIM card. ADSL NIM 1 Blinking Line is in training mode (syncing with DSLAM) ADSL NIM 1 ON/OFF Training mode complete, line is operational/down...
Page 104
Cable, CompactFlash and Accessory Specifications A-22...
Ethernet (WAN) A-14 environmental specifications port Pinouts Ethernet how to configure the XSR-1805 449 pinouts cabling name and user data BRI-U assignments A-17, A-19 port description how to enable Web access 3-19...
Page 106
software configuration overview software features system memory verifying your shipment X.21 pinouts how to set WAN ports Index-2...