AC-400 Hardware Guide R3.pdf

NetEnforcer AC-400 Series

Policy Based Bandwidth Management Hardware Guide

P/N D360001 R3

AC-400 Series Hardware Guide iv

Important Notic e Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise. SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT. Please read the End User License Agreement and Warranty Certificate provided with this product before using the product. Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate. WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright Copyright 1997-2008 Allot Communications. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission and specific authorization from Allot Communications Ltd.

Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe. Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the equipment.

AC-400 Series Hardware Guide v

P rinting His tory

First Edition: July, 2006

Second Edition: May, 2007

Third Edition: April, 2008

AC-400 Series Hardware Guide iii

Important Notice ........................................................................................................................... iv Printing History .............................................................................................................................. v

CHAPTER 1: AC-400 SERIES HARDWARE ........................................................... 1-1 AC-400 Series Packing List ....................................................................................................... 1-2 AC-400 Series Front Panel ........................................................................................................ 1-3

AC-402 Front Panel .................................................................................................................. 1-3 AC-404 Front Panel .................................................................................................................. 1-5 AC-400 Series LCD Panel ........................................................................................................ 1-7 Management Port ...................................................................................................................... 1-7 AC-404 Interfaces..................................................................................................................... 1-7

AC-400 Series Rear Panel.......................................................................................................... 1-8 Rack Mounting the Unit ............................................................................................................ 1-9

Connection to Supply Circuit ................................................................................................... 1-9 Ambient Temperature ............................................................................................................... 1-9 Airflow ..................................................................................................................................... 1-9 Reliable Grounding................................................................................................................... 1-9 Preparing the NetEnforcer for Rack Installation .................................................................... 1-10 Rack Mechanical Loading ...................................................................................................... 1-10

AC-400 Series Powering Up .................................................................................................... 1-11 Connection to AC Power ........................................................................................................ 1-11 Powering Up Via LCD Panel ................................................................................................. 1-11

CHAPTER 2: NETWORK PLACEMENT ................................................................. 2-1 Connecting the NetEnforcer to the Network ............................................................................ 2-1

CHAPTER 3: SETTING UP THE NETENFORCER ................................................ 3-1 Configuring Via a Terminal or Telnet ...................................................................................... 3-1 Configuring Via the LCD Panel ............................................................................................. 3-12

CHAPTER 4: REDUNDANCY .................................................................................... 4-1 Enabling Redundancy ................................................................................................................ 4-1 Parallel Redundancy .................................................................................................................. 4-9

AC-400 Series Hardware Guide iv

Status Indicators in Parallel Redundancy Mode ..................................................................... 4-11 Secondary NetEnforcer Activation ......................................................................................... 4-12 Parallel Redundancy Connection ............................................................................................ 4-13

Active Redundancy ................................................................................................................... 4-18 Failover ................................................................................................................................... 4-18 Policy Configuration ............................................................................................................... 4-18 Connecting the NetEnforcer in Active Redundancy ............................................................... 4-19

CHAPTER 5: HARDWARE SPECIFICATIONS ..................................................... 5-1 Standards, Compliance and Certifications ................................................................................ 5-2

CHAPTER 6: FIREWALL PORT REFERENCE ..................................................... 6-1 Basic Management ...................................................................................................................... 6-1 NetXplorer ................................................................................................................................... 6-2

CHAPTER 7: QUIPEMENT DE SRIE AC-400 ................................................... 7-1 Mises en garde dordre gnral ................................................................................................. 7-1 Remarques dordre gnral ....................................................................................................... 7-3 Spcifications matrielles ........................................................................................................... 7-4

Dimensions ............................................................................................................................... 7-4 Spcifications requises ................................................................................................................ 7-4

Alimentation ............................................................................................................................. 7-4 Conditions ambiantes ................................................................................................................ 7-4 Consommation dnergie .......................................................................................................... 7-5 Dissipation de chaleur ............................................................................................................... 7-5

AC-400 Series Hardware Guide v

TABLE OF FIGURES

Figure 1-1 NetEnforcer Front Panel: AC-402 ........................................................................... 1-3

Figure 1-2 NetEnforcer Front Panel: AC-404 ........................................................................... 1-5

Figure 1-3 NetEnforcer LCD Panel: AC-400 Series ................................................................. 1-7

Figure 1-4 NetEnforcer Rear Panel: AC-400 Series ................................................................. 1-8

Figure 2-1 LAN and WAN Placement of NetEnforcer ............................................................. 2-1

Figure 3-1 NetEnforcer Setup Menu ......................................................................................... 3-2

Figure 3-2 Current Configuration (1) ........................................................................................ 3-4

Figure 3-3 Current Configuration (2) ........................................................................................ 3-5

Figure 3-4 Network Configuration ............................................................................................ 3-6

Figure 3-5 Password .................................................................................................................. 3-9

Figure 3-6 Time Setup............................................................................................................. 3-10

Figure 4-1 NIC Tab AC4802 NetXplorer Configuration ....................................................... 4-3

Figure 4-2 Networking Tab AC-402 NetXplorer Configuration ........................................... 4-4

Figure 4-3 NIC Tab AC-404 NetXplorer Configuration ........................................................ 4-7

Figure 4-4 Networking Tab AC-404 NetXplorer Configuration ........................................... 4-8

Figure 4-5 Connecting Two NetEnforcers in Parallel Redundancy ........................................ 4-10

Figure 4-6 - DIP Switch Location: AC-400 Series .................................................................... 4-14

Figure 4-7 DIP Switch Configuration for Parallel Redundancy ............................................. 4-17

Figure 4-8 Active Redundancy AC-404 ............................................................................... 4-19

AC-400 Series Hardware Guide 1-1

C hapter 1: AC -400 S eries Hardware

The Allot NetEnforcer AC-400 Series enables the definition and classification of traffic by users, applications and resources. Several NetEnforcer AC-400 models are available to support large and small sites and different data network speeds. The AC-400 Series platform is 1.75" high (one rack unit).

Several NetEnforcer AC-400 models are available to support large and small sites and different data network speeds.

Each model type has a different number of ports to accommodate different requirements:

AC-402: Two Ports, 1 Line AC-404: Four Ports, 2 Lines

All NetEnforcer AC-400 series units support

96,000 connections (192,000 flows) 1,024 Pipes 4,096 Virtual Channels

Allot basic management software is included with all AC-402 devices while AC-404 devices are shipped with NetXplorer Centralized Management Software. AC-402 units can be upgraded to NetXplorer Centralized Management software, replacing the basic management.

The NetEnforcer AC-402 is a general-purpose device with one line (two port) connectivity for small enterprises. The device is available with AC power supplies and copper interfaces. The AC-402 may be ordered with an upgradable throughput of 2 Mbps, 10 Mbps, 45 Mbps or 100 Mbps.

Chapter 1: AC-400 Series Hardware


The NetEnforcer AC-404 is intended to be used in medium sized enterprise networks that require the ability to handle dual network segments. The AC-404 has two line (four port) connectivity. The device is available with AC power supplies and with copper interfaces. The AC-404 may be ordered with an upgradable throughput of 2 Mbps, 10 Mbps, 45 Mbps or 100 Mbps.

The NetEnforcer AC-400 Series offers redundant critical components for fail-safe operation. Redundant hardware components on the AC-400 Series include redundant fans and dual hot-swappable power supplies.

A C -400 S eries P ac king L is t Verify that the following items are included with the NetEnforcer:

NetEnforcer (hardware with pre-installed software) NetEnforcer Documentation 1 Power Cable 1 Cross Ethernet Cables 1 Serial Console Cable 2 19" Side Mounting Brackets

All NetEnforcer models contain a lithium battery on the main board.

C AUT ION Danger of explos ion if battery is inc orrec tly replac ed. R eplac e only with the s ame or equivalent type recommended by the manufacturer. Dis pos e of us ed batteries ac c ording to the manufac turers ins tructions .

NOT E The maximum Ethernet cable length is generally up to 50 meters.



A C -400 S eries F ront P anel The NetEnforcer AC-400 Series connects to your network via connectors located on the front panel. The LCD panel, connectors and LED indicators on the front panel for each model, are shown following.

AC -402 F ront P anel

Figure 1-1 NetEnforcer Front Panel: AC-402

The front panel of the AC-402 contains nine LEDs. Two LEDs are positioned on each of the External, Internal and Management network connectors. The remaining three LEDs are the Standby, Active and Power indicators.

The modes of operation of the External, Internal and Management indicators are described in the table below.

Indicator Status NetEnforcer Status

Green On A valid link is detected (either 10 or 100Mbps).

Off No valid link.

Orange On Blinks when traffic (activity) is detected on the interface.

Off No traffic (activity) is detected on the interface. Table 1-1 External/Internal/Management LED Conditions: AC-402



The modes of operation of the Standby, Active and Power indicators are described in the table below.


Standby On Two NetEnforcers are connected in Redundancy mode and this NetEnforcer is the secondary system.

Off If you have one NetEnforcer, this should be the normal state of the LED. If you have two NetEnforcers configured in Redundancy mode, this NetEnforcer is not in standby.

Active On NetEnforcer is in Active mode. Off NetEnforcer is in Bypass mode. Traffic passes through

NetEnforcer with no Quality of Service or traffic shaping. If you have two NetEnforcers configured in Redundancy mode, this is the secondary NetEnforcer in a Parallel Redundancy configuration and it is not active (In the other NetEnforcer this LED should be on).

Power On NetEnforcer is powered up. Off NetEnforcer is shut down.

Table 1-2 Standby/Active/Power LED Conditions: AC-402



AC -404 F ront P anel

Figure 1-2 NetEnforcer Front Panel: AC-404

The front panel of the AC-404 contains thirteen LEDs. Two LEDs are positioned on each of the External, Internal and Management network connectors. The remaining three LEDs are the Standby, Active and Power indicators.

The modes of operation of the External, Internal and Management indicators are described in the table below.


Green On A valid link is detected (either 10 or 100Mbps).

Off No valid link.

Management Port

LCD Panel Line 1 Internal/External Ports

Line 2 Internal/External Ports

Console Port




Orange On Line 1: Blinks when traffic (activity) is transmitted on the interface.

Line 2: Blinks when traffic (activity) is transmitted or received on the interface.

Off No traffic (activity) is detected on the interface. External/Internal/Management LED Conditions: AC-404

The modes of operation of the Standby, Active and Power indicators are described in the table below.


Standby On Two NetEnforcers are connected in Parallel Redundancy mode and this NetEnforcer is the secondary system.

Off If you have one NetEnforcer, this should be the normal state of the LED. If you have two NetEnforcers configured in Parallel Redundancy mode, this NetEnforcer is not in standby.

Active On NetEnforcer is in Active mode. Off NetEnforcer is in Bypass mode. Traffic passes through

NetEnforcer with no Quality of Service or traffic shaping. If you have two NetEnforcers configured in Parallel Redundancy mode, this is the secondary NetEnforcer in the configuration and it is not active (In the other NetEnforcer this LED should be on).

Power On NetEnforcer is powered up. Off NetEnforcer is shut down.

Standby/Active/Power LED Conditions: AC-404



AC -400 S eries L C D P anel The LCD panel provides an indication of traffic usage and enables the system to be configured directly without connecting a terminal.

Standby Indicator

On/Off Select Enter

Display Area

Active Indicator

Power Indicator

Up Arrow

Right Arrow

Down Arrow

Left Arrow

Standby Indicator

On/Off Select Enter

Display Area

Active Indicator

Power Indicator

Up Arrow

Right Arrow

Down Arrow

Left Arrow Figure 1-3 NetEnforcer LCD Panel: AC-400 Series

Management P ort The dedicated Management port on all NetEnforcer models enables out-of-band management of the device. Operating through the Management port increases security by denying access to the device via the Internal or External ports. Moreover, when there is a problem in the regular network it is still possible to manage and monitor the NetEnforcer.

AC -404 Interfaces All interfaces function as terminal interfaces (DTE) and as such need to be connected to DCE with a straight cable. The following should be noted.

When connecting the AC-404 to devices that function as DCE (e.g. switch port, hub etc.) via 10BaseT or 100BaseT, a straight CAT-5 cable should be used.

When connecting the AC-404 to devices that function as DTE (e.g. router) via 10BaseT or 100BaseT, a crossed CAT-5 cable should be used.



A C -400 S eries R ear P anel The rear panel of the NetEnforcer AC-400 Series contains the following:

Power Switch Power Cable Connector Backup (37-pin D-type) Connector Ground Connector Serial Port (for future use)

Figure 1-4 NetEnforcer Rear Panel: AC-400 Series

C AUT ION T he power s upply unit inc ludes an internal fus e. O nly Allot S ervic e pers onnel are authorized to replac e it.

NOT E The power supply automatically adapts to voltages between 100V and 240V.

Power Switch

Power Cable Connector and

Fuse

Serial Connector

Backup Connector

Grounding Screw



R ac k Mounting the Unit The NetEnforcer may be mounted in an open or closed standard 19-inch (48.26 mm) rack using the rack-mount bracket kit. This appendix describes how to prepare the device and rack for installation and how to mount the device in the rack.

C onnection to S upply C ircuit The electrical power cords are intended to serve to disconnect the device. The user can power down the device only by removing the two electrical power cords form the power source or the device itself.

C AUT ION Make s ure the wall s oc ket outlet is ins talled near the equipment and that the s oc ket is eas y to ac c es s . It is rec ommended that the wall power outlet be c onnec ted to the building ins tallation protec tion. When connec ting a NetE nforc er to 120 V AC s upply, plug into 15 A s ervice receptac les , type N5/15 or NE MA 5-15R .

Ambient T emperature The device has a maximum operation ambient of 104 F (40 C). The ambient temperatures around the rack should not exceed this temperature.

Airflow To ensure proper cooling, airflow should be unrestricted within or around the rack. Keep the area four to six inches behind the enclosure unobstructed. Make sure that there is proper airflow around all of the NetEnforcer's vent openings.

R eliable G rounding



Make sure that each installation site has a suitable ground connection. Please connect ground to all the metal racks, enclosures, boxes and raceways. The NetEnforcer equipment should be reliably grounded through the power supply cord.

P reparing the NetE nforcer for R ack Ins tallation Attach the mounting brackets of the device included in the NetEnforcer accessory kit to both sides of the device using all eight Phillips pan-head screws included in the NetEnforcer accessory kit. Insert the screws into the holes on both sides of the device.

R ac k Mechanical L oading When mounting the device in the rack, ensure that a hazardous condition does not result due to uneven mechanical loading.



A C -400 S eries P owering Up

C onnection to AC P ower The power supply cord is intended to serve as the disconnect device. The user can power down the device only by removing the power cord from the power source or the device itself.

Make sure the wall socket outlet is installed near the equipment and that the socket is easy to access. It is recommended that the wall socket outlet be connected to the building installation protection.

When connecting NetEnforcer to 120 / 240 VAC supply, plug into 10 A service receptacles, type N5/10 or NEMA 5-10R. Ensure that each site has a suitable ground. Ground all metal racks, enclosures, boxes and raceways. The NetEnforcer equipment should be reliably grounded through the power supply cord.

P owering Up V ia L C D P anel Connect the NetEnforcer to an AC power source and put the Power switch (located on the rear panel) to On. The Power indicator on the LCD panel is lit. The display area of the LCD panel indicates the following: Power On. After a few seconds, the display area of the LCD panel indicates the following: System Loading *. Once the system has completed loading, the following occurs:

The Active LED on the LCD panel is lit, meaning that NetEnforcer is now connected to the network and it is ready.

The display area of the LCD panel indicates the default view - the current bandwidth consumption. For example: Inbound: XXX.X Outbound: YYY.Y



You can now proceed to configure the NetEnforcer, as required.


C hapter 2: Network P lacement

The NetEnforcer is normally placed on the internal side of your access router. The Internal port of the NetEnforcer interfaces with your Local Area Network (LAN) and the External port of the NetEnforcer interfaces with your access router. Refer to Figure 2-1 to see the NetEnforcers placement in a network.

C onnecting the NetE nforcer to the Network When connecting the NetEnforcer to the network, use the proper cable.

Figure 2-1 LAN and WAN Placement of NetEnforcer

Chapter 2: Network Placement


NetEnforcer is capable of operating parallel to another NetEnforcer to provide Parallel Redundancy.

To connect the NetE nforcer to your network:

1. Connect the LAN side of your network to the Internal connector on the front panel of NetEnforcer.

2. Connect the Ethernet cable connected to the WAN side of your network to the External connector on the front panel of NetEnforcer.

3. Connect the power cable and power up NetEnforcer. When connecting two NetEnforcers in Redundancy mode, use the special 37-pin cable supplied.

NOT E After you connect the cables (and the Active LED is on), the Internal and External Link LEDs on the front panel are on. When traffic is passing through the interface, the Activity LEDs blink.


C hapter 3: S etting Up the NetE nforcer

In order to manage and configure NetEnforcer policies remotely from your Web browser, several basic parameters must be configured on NetEnforcer. You can configure these basic parameters using a terminal connected to NetEnforcer or by using the LCD panel.

C onfiguring Via a T erminal or T elnet You can use a standard terminal /PC running terminal emulation software connected to the Console port, or Telnet via the internet to configure a NetEnforcer. If you choose to connect via the Console port, most standard windows-based PC systems have a terminal emulation program called HyperTerminal that can be used for this purpose. Configure the terminal to run VT100 terminal emulation with the following parameters:

Baud rate 19200 8 bits Stop bits 1 No flow control No parity

Chapter 3: Setting Up the NetEnforcer


To connect a terminal to the NetE nforc er:

1. Use the supplied serial cable to connect the terminal to the Console Connector on the front panel of the NetEnforcer.

2. Connect the power cable and power up NetEnforcer, as described in Powering Up, page 1-9.

3. At the terminal, select Start > Programs > Accessories and double-click on the HyperTerminal icon. Enter a name for the session and then to set the com port and the parameters (see above). The system boots up and you are prompted for a login and a password.

4. Enter admin for the login and allot for the password. (To change the password, see page 3-9.)

5. Press . The NetEnforcer Setup Menu is displayed:

Figure 3-1 NetEnforcer Setup Menu



To connect to a NetE nforc er via Telnet:

1. Open a Microsoft DOS window on a PC and at the C:\ prompt, enter Telnet (IP address of NetEnforcer). Press . The system boots up and you are prompted for a login and a password.

2. Enter admin for the login and allot for the password. (To change the password, see page 3-9.)

Press . The NetEnforcer Setup Menu is displayed:

NetE nforc er S tart Menu

From this menu, you can perform the following tasks:

Display the current configuration, page 3-4. Configure network parameters, page 3-6. Change the login password, page 3-9. Modify the date and time settings, page 3-10.

When all necessary parameters are set, NetEnforcer prompts you to reboot. After rebooting is completed, NetEnforcer is ready to be connected and to add Quality of Service in your network.



Dis playing the C urrent C onfiguration You can display and view the currently set network configuration parameters at any time.

To dis play the current configuration:

1. In the NetEnforcer Setup Menu, enter 1 (List current configuration) and press . The current network configuration parameters are displayed. A sample screen is shown below:

Figure 3-2 Current Configuration (1)



2. Press to show the second screen of parameters:

Figure 3-3 Current Configuration (2)

3. Press to return to the NetEnforcer Setup Menu.



C onfiguring Network P arameters You can define network parameters manually.

To define network parameters manually:

1. In the NetEnforcer Setup Menu, enter 2 (Network configuration) and press . The Network Configuration menu is displayed:

Figure 3-4 Network Configuration

2. Enter 2 (Manual configuration) and press .



3. Enter values for the following IP parameters:

Device IP Address The IP address for your NetEnforcer, for example, 10.1.18.7.

Network mask The network mask for your NetEnforcer, for example, 255.0.0.0.

Device Hostname The host name for your NetEnforcer, for example, Jonny2.

Domain name A domain name for your NetEnforcer, for example, allot.com. Do not provide a leading ..

Default gateway IP address The IP address of your default gateway, for example, 10.0.02. If you do not have a default gateway, enter NONE.

Default gateway interface If you entered a default gateway in the previous step, the NetEnforcer interface to which it is connected, either 0 for Internal or 1 for External.

Primary name server IP address

If you have a Domain Name Server (DNS), its IP address. If you do not have a DNS, enter none.

Secondary name server IP address

If you have a second DNS, its IP address. If you do not have a second DNS, enter none.

Enable VLAN Environment.

Enables/disables the VLAN environment.



The Ethernet Adapter Settings screen is displayed.

4. Enter the following parameters to set up the NetEnforcer Ethernet adapters: The duplex type for the Internal interface. Enter full for full duplex, half for half

duplex or auto for AutoSensing. If you selected full or half duplex, enter the link speed of the Internal interface,

10M or 100M. Use M for Mbps. The duplex type for the External interface. Enter full for full duplex, half for half

duplex or auto for AutoSensing. If you selected full or half duplex, enter the link speed of the External interface,

10M or 100M. Use M for Mbps.

5. Enter the following parameters to set up the Management Port: The duplex type for the Internal interface. Enter full for full duplex, half for half

duplex or auto for AutoSensing. If you selected full or half duplex, enter the link speed of the Internal interface,

10M or 100M. Use M for Mbps. The duplex type for the External interface. Enter full for full duplex, half for half

duplex or auto for AutoSensing. If you selected full or half duplex, enter the link speed of the External interface,

10M or 100M. Use M for Mbps.

NOT E If the NetE nforc er unit is being managed via NetXplorer, only the Management P ort can be configured on the E thernet Adapter S ettings s creen.

6. Press to finish and return to the Network Configuration menu.

7. To save your configuration, enter 3 (Save latest settings as current configuration) from the Network Configuration menu. A message is displayed, asking whether you wish to make your changes effective immediately. Enter y or n.



C hanging the P as s words You can change the login password for either the Admin user or the Monitor user. The Admin user has access to all NetEnforcer functions, while the Monitor user has read-only access. It is strongly recommended to change the default password (allot). NetEnforcer might enable access from anywhere on the Internet, and should therefore be protected with a unique password.

To change the us ers pas s word:

1. In the NetEnforcer Setup Menu, enter 3 (Change password) and press . The Password screen is displayed:

Figure 3-5 Password

2. Enter 1 or 2 to specify the type of user whose password you want to change and press .

3. Enter a new password and press . The password must be between 5 and 8 characters. You can use a combination of upper and lower case letters and numbers.

4. Re-enter the password and press . If NetEnforcer detects a simple password, a warning is displayed on the screen.

NOT E The new user name and password will be used in the NetEnforcer Log In window when accessing NetEnforcer through a browser.



Modifying Date and T ime S ettings

You can modify date and time settings as required. You can set the system time manually, or you can set up NetEnforcer to receive time checks from an NTP (Network Time Protocol) server, if you have one on your network.

To modify the date and time s ettings :

1. In the NetEnforcer Setup Menu, enter 4 (Set time) and press . The Time Setup screen is displayed:

Figure 3-6 Time Setup

The current day, date, system time and time zone are displayed at the top of the screen.



2. To change the time zone, perform the following steps: Enter 1 and press . Enter y and press . NetEnforcer displays a list of time zones. Enter the required time zone and press .

3. To change the system time, perform the following steps: Enter 2 and press . Enter the new date and time in the format DD-MM-YYY -HH-mm. For example,

12-05-2001-11-20 for 12th May 2001, 11:20 am. Press to set the time.

C hanging the R oot Us er P as s word

You can change the root password that provides access to super-user rights.

To change the root pas s word:

1. Use the supplied serial cable to connect the terminal to the Console Connector on the front panel of NetEnforcer.

2. Set the NetEnforcer power switch, located near the NetEnforcer power cable, to the ON position. The system boots up and on the terminal you are prompted for a login and a password.

3. At the terminal, press . The system boots up and you are prompted for a login and a password.

4. Enter root for the login and bagabu for the password, and then press .

5. Enter passwd and then press .



6. Enter a new password and press . The password must be between 5 and 8 characters. You can use a combination of upper and lower case letters and numbers.

7. Re-enter the new password and press .

When all necessary parameters are set, NetEnforcer prompts you to reboot. After rebooting is completed, NetEnforcer is ready to be connected and to add Quality of Service in your network.

T IP Y ou can further protec t ac c es s to the NetE nforc er by limiting the hos ts that are allowed to manage the unit.

C onfiguring Via the L C D P anel All NetEnforcer models provide an LCD panel from which you can configure basic NetEnforcer parameters without connecting a terminal. This enables quick and easy setting of basic parameters such as the IP address of NetEnforcer and NIC settings.

When not being used to configure the NetEnforcer, the display area in the LCD panel displays its default view, which is the current inbound and outbound bandwidth usage. The units are in Kbps or Mbps with one digit after the point and the display is refreshed every five seconds.

NOT E When you are configuring NetE nforc er and there is no ac tivity for more than 30 s ec onds , the dis play area returns to the default view and any modific ations to parameters that were not s aved are los t.

T he Main Menu

The LCD panel provides one main menu from where you can perform the following operations:



Configure NIC settings, page 3-13. Set the NetEnforcer IP address, page 3-14. Activate Bypass, page 3-16. Reboot, shutdown or exit NetEnforcer, page 3-17.

G etting S tarted on NetE nforc er

In order to start working with NetEnforcer, press the Power button to turn on NetEnforcer. Once the system has completed loading, the display area of the LCD indicates its default view, the current bandwidth consumption of NetEnforcer. For example: Inbound: XX.XM Outbound: YYY.YM You can now proceed to configure NetEnforcer, as required.

NOT E If QoS functionality is not inc luded in your NetE nforc er (not enabled by your ac tivation key), the default view indic ates the following: Inbound:- Outbound:-.

C onfiguring NIC S ettings

Configuring NIC settings enables you to configure the internal and external Ethernet adapters to either automatically sense the direction and speed of network traffic, or use a predetermined duplex type and speed.

NOT E If the NetE nforc er unit is being managed via NetXplorer, only the Management P ort c an be c onfigured via the L C D.

To configure NIC s ettings :

1. With the display area displaying the default view, press the Select button. The main menu is displayed as follows: Main menu: 1. NIC Settings



2. Press the Select button. If the Management port is enabled, the display area indicates the following: 1-1.[M]anagement [In]/[Ex]ternal

NOT E If the Management port is dis abled, the dis play area indic ates the following: 1-1.Interface [In]/[Ex]ternal.

3. Use the arrow buttons to select the required interface and press the Enter button.

The display area indicates the following: Mode: [A]uto or [F]ull/[H]alf du

4. Use the arrow buttons to select the duplex type for the selected interface and press the Enter button. The display area indicates the following: Speed: [A]uto or [100]/[10] Mbps

5. Use the arrow buttons to select the link speed of the selected interface and press the Enter button. The display area indicates the following: [S]ave/[C]ancel

6. Use the arrow buttons to select whether to save the settings or cancel and press the Enter button. The new NIC settings are applied and after a few moments, the display area displays its default view, the current bandwidth consumption.

S etting the NetE nforc er IP Addres s

Setting the NetEnforcer IP address enables you to specify the IP address, netmask and default gateway for NetEnforcer.



To configure the IP addres s :

1. With the display area displaying the default view, press the Select button. The Main menu is displayed.

2. Press the down arrow once to display the following: Main menu: 2. Setup IP

3. Press the Select button. The display area indicates the following: 2-1.Set IP: xxx.xxx.xxx.xxx (the current IP address definitions are displayed)

4. Specify the IP address of NetEnforcer. Use the up and down arrow buttons to select the required number and the left and right arrow buttons to move between the digits.

5. Press the Enter button. The display area indicates the following: 2-2.Set mask: xxx.xxx.xxx.xxx (the current netmask definitions are displayed)

6. Specify the netmask of NetEnforcer. Use the up and down arrow buttons to select the required number and the left and right arrow buttons to move between the digits.

7. Press the Enter button. The display area indicates the following: 2-3 Gateway exists [Yes/No] Select whether you have a gateway defined in your network. If you select N then you will exit to the next step, skipping step 2-4. If you have a gateway select Y and proceed: 2-4.Gateway: xxx.xxx.xxx.xxx (the current gateway definitions are displayed)

8. Specify the IP address of the default gateway. Use the up and down arrow buttons to select the required number and the left and right arrow buttons to move between the digits.

9. Press the Enter button. The display area indicates the following: [S]ave/[C]ancel



10. Use the arrow buttons to select whether to save the settings or cancel and press the Enter button. The new IP and gateway settings are applied and after a few moments, the display area displays its default view, the current bandwidth consumption.

The following cases of failure may be indicated:

Failure Display

Register NIC Settings Fail: NE IP save Chk NE IP config

Netmask Save Fail: MASK save Chk NE IP config

Management NIC Save Fail: Mgmt save Chk NE IP config

Gateway Save Fail: GW save Chk NE IP config

Ac tivating B ypas s

To s end the NetE nforcer into B ypas s :


2. Press the down arrow three times to display the following: Main menu: 4. Bypass

3. Press the Select button. If the system is not in Bypass mode, the display area indicates the following: Go into Bypass? [Y]es/[N]o

4. Use the arrow buttons to select whether to enter Bypass mode and press the Enter button. NetEnforcer switches to Bypass mode and after a few moments, the display area displays its default view, the current bandwidth consumption.

NOT E When the system is already in Bypass mode, you are prompted to select whether to exit Bypass mode. Use the arrow buttons to select whether to exit Bypass mode and press the Enter button.



R ebooting, S hutting Down and E xiting the NetE nforc er

You can reboot or shut down the NetEnforcer and exit from LCD configuration as required.

To reboot the NetE nforc er:


2. Press the down arrow four times to display the following: Main menu: 5. Reboot

3. Press the Select button. The display area indicates the following: Reboot? [Y]es/[N]o

4. Use the arrow buttons to select whether to reboot NetEnforcer and press the Enter button. NetEnforcer reboots and the display area indicates the following: System Rebooting * (blinking asterisk)

NOT E This message is also displayed in the display area when NetEnforcer is rebooted using a terminal.

To s hutdown the NetE nforc er:


2. Press the down arrow five times to display the following: Main menu: 6. Shutdown

3. Press the Select button. The display area indicates the following: Shutdown? [Y]es/[N]o



4. Use the arrow buttons to select whether to reboot NetEnforcer and press the Enter button. NetEnforcer reboots and the display area indicates the following: System Shutting down * (blinking asterisk) After a few seconds, the display area indicates that NetEnforcer may be powered off.

NOT E This message is also displayed in the display area when NetEnforcer is shutdown using a terminal.

To return to L C D default view:


2. Press the down arrow six times to display the following: Main menu: 7. Exit

3. Press the Enter or the Select button. The display area displays its default view, the current bandwidth consumption.


C hapter 4: R edundancy

E nabling R edundanc y In order to implement redundancy, it is necessary to configure the network interfaces and enable redundancy in each NetEnforcer involved.

C onfiguring the AC -402 via the NetE nforc er NOT E The AC-402 cannot support Active Redundancy.

1. Configure the Management Port interface via the LCD on the front panel of the NetEnforcer.

2. Log into the NetEnforcer via the Management Port or Telnet (see page Error! Bookmark not defined.).

3. Open a console connection to the NetEnforcer and use the following CLI commands:

To s et the interfaces :

go config nic

Options are:

o internal1 MODE:SPEED

o external1 MODE:SPEED

For example: go config nic internal1 full:100

Chapter 4: Redundancy


To s et redundancy mode:

go config network -redund_mode

Options are:

o parallel

o serial

For example: go config network redund_mode parallel

To toggle redundancy:

go config network bypass_unit

Options are:

o enable

o disable

For example: go config network bypass_unit enable



C onfiguring the AC -402 via NetXplorer

1. Log into NetXplorer

2. Select the NetEnforcer you wish to configure in the Navigation Pane

3. Right-click the NetEnforcer and select Configuration from the drop down menu. OR Click the Configuration button in the Toolbar.

4. Open the NIC tab and in the Action on Failure field, set INTERNAL1 and EXTERNAL1 to fail paired port.

Figure 4-1 NIC Tab AC4802 NetXplorer Configuration



5. Open the Networking tab and set the Redundancy Mode as required to Parallel or Serial.

6. Select the Enable Bypass Unit checkbox.

Figure 4-2 Networking Tab AC-402 NetXplorer Configuration

7. Click Save. The system will reboot

After rebooting, you can view the changes from the Configuration tab.

For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide.



C onfiguring the AC -404 via the NetE nforc er 1. Configure the Management Port interface via the LCD on the front panel of

the NetEnforcer.

2. Log into the NetEnforcer via the Management Port or Telnet (see page 3-1).

3. Open a console connection to the NetEnforcer and use the following CLI commands:

To s et the interfaces :

go config nic

Options are:





For example: go config nic internal1 full:100

To s et redundancy mode:

go config network -redund_mode

Options are:

o parallel

o active

o serial



For example: go config network redund_mode parallel

To toggle redundancy:

go config network bypass_unit

Options are:

o enable

o disable

For example: go config network bypass_unit enable

C onfiguring the AC -404 via NetXplorer

1. Log into NetXplorer

2. Select the NetEnforcer you wish to configure in the Navigation Pane

3. Right-click the NetEnforcer and select Configuration from the drop down menu. OR Click the Configuration button in the Toolbar.

4. Open the NIC tab and in the Action on Failure field, set INTERNAL1 and EXTERNAL1 to fail paired port.



Figure 4-3 NIC Tab AC-404 NetXplorer Configuration

5. Set INTERNAL2 and EXTERNAL2 to No Action in the Action on Failure field.

6. Open the Networking tab and set the Redundancy Mode as required to Parallel, Serial or Active.

7. Select the Enable Bypass Unit checkbox.



Figure 4-4 Networking Tab AC-404 NetXplorer Configuration

8. Click Save. The system will reboot

After rebooting, you can view the changes from the Configuration tab.

For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide.



P arallel R edundanc y Failure of a network device can be catastrophic, causing network downtime and lost business. The key to designing any mission-critical network is to recognize that these failures can occur, and to design a network that can handle failures and still allow the network to function. In order to do this, it is important to use the most reliable equipment, with redundancy built in to all mission-critical equipment.

NetEnforcer can operate in parallel to provide Parallel Redundancy. Parallel Redundancy requires two NetEnforcer systems and, where an external Bypass module is used, a single Bypass module.

The Primary NetEnforcer handles the traffic and the Secondary NetEnforcer is designed to be in Standby mode as long as the Primary NetEnforcer is active. Only if, for any reason, the Primary NetEnforcer is not able to function properly does the Secondary NetEnforcer become active.

Both NetEnforcers receive traffic from the internal network, but only the Primary NetEnforcer is passing the traffic to the external network.

While the Primary NetEnforcer receives and handles traffic coming from the external network, the Secondary External interface is disabled, since the system is in Standby mode. If the Primary NetEnforcer should fail, the Secondary NetEnforcer automatically takes control of the traffic, and enables its External interface.

In Parallel Redundancy mode, the Bypass mode is activated in the event that both the Primary and Secondary NetEnforcers fail.



The following diagram shows how to connect two NetEnforcers in Parallel Redundancy:

Figure 4-5 Connecting Two NetEnforcers in Parallel Redundancy



S tatus Indicators in P arallel R edundancy Mode When operating in Parallel Redundancy mode, two NetEnforcer units are connected. During operation, the LED indicators on NetEnforcer give various readings. The LEDs relevant to operations in Parallel Redundancy mode are the Standby, Active and Power LEDs on the NetEnforcer LCD panel.

The modes of operation of the indicators are described in the following tables:

Standby LED

Active LED

Power LED

Analysis

Primary Unit

OFF ON ON Primary NetEnforcer is in Active mode.

Secondary Unit

ON OFF ON Secondary NetEnforcer is in Standby mode, ready to take over.

Primary Unit

OFF OFF ON Primary NetEnforcer fails or is now booting.

Secondary Unit

OFF ON ON Secondary NetEnforcer took over and it is in Active mode.

Primary Unit

OFF OFF OFF Primary NetEnforcer is powered OFF.

Secondary Unit

OFF ON ON Secondary NetEnforcer took over and it is in Active mode.

Primary Unit

OFF ON ON Primary NetEnforcer is in Active mode.

Secondary Unit

OFF OFF OFF Secondary NetEnforcer is powered OFF. The only Fail-safe mode available now is Bypass.



Standby LED

Active LED

Power LED

Analysis

Primary Unit

OFF OFF ON Primary NetEnforcer failed or not completed booting.

Secondary Unit

OFF OFF ON Secondary NetEnforcer failed or not completed booting. Bypass is activated (in the primary unit and all traffic is going through Bypass.

Table 4-1 LED Conditions: AC-400 Series, Parallel Redundancy Mode

S econdary NetE nforcer Ac tivation When two NetEnforcers are connected in Parallel Redundancy mode, the Secondary NetEnforcer will take control and become the active unit under the following conditions:

Upon a Primary subsystem failure. During booting of the Primary NetEnforcer platform. When booting is

completed, the Primary unit automatically takes control again. Upon any Primary NetEnforcer power feed failure and power OFF condition. Upon the Primary NetEnforcer Ethernet cable disconnecting from either the

Internal or External ports. After reconnecting the cable and rebooting, the Primary NetEnforcer takes control again.

When the Bypass module is not connected properly to the NetEnforcer Backup connector, even with all other connectors fully plugged.

NOT E The NetEnforcer's Ethernet Adapter can detect Ethernet cable disconnection. NetEnforcers in redundant configuration react to such events by having the Primary NetEnforcer lose control until the next machine reboot, and the Secondary NetEnforcer becoming the active unit. If a cable is disconnected, it is recommended to reboot the Primary NetEnforcer after reconnecting the cable.



P arallel R edundancy C onnection Before using NetEnforcers in Parallel Redundancy mode, make sure that the configuration of both NetEnforcers is identical except for their DIP switch settings and IP addresses, which must be unique for each unit. You can use the Save & Distribute option to distribute the same QoS policy to both NetEnforcers.

C AUT ION P leas e note that only a c ertified Allot C ommunic ations S ervic e E ngineer is authorized to remove the NetE nforcer c over and change the internal DIP s witc hes . If a non-authorized pers on removes the cover from the NetE nforc er, its warranty bec omes void.

NOT E You can distribute policy to other NetEnforcer s, only if they are of the same model as the one from which you are distributing.

S etting Dip S witches

In order to access internal components of the NetEnforcer units, including the DIP switches, the main cover must be removed.

C AUT ION Only a c ertified Allot C ommunications S ervic e E ngineer is authorized to remove the NetE nforc er c over and c hange the internal DIP s witches . If a non-authorized pers on removes the cover from the NetE nforc er, its warranty bec omes void.

In circumstances where you to need to remove the main cover, carefully follow the instructions below.

To remove the main c over:

1. Remove the fourteen screws (five on each side of the main cover and four at the back) using a small Philips screwdriver.

2. Stand in a position where you are facing the back of the unit. With both hands, pull the cover towards you, until approximately a third of the unit is exposed.



3. Remove the cover by lifting it from the overhanging rear section and then pull the cover away from the main unit. This will expose the inside components of the NetEnforcer.

Below is a schematic diagram of an opened Enhanced Platform unit, with an enlargement of the DIP switches.

Figure 4-6 - DIP Switch Location: AC-400 Series



DIP S witc hes

The service panel contains eight DIP switches. Their functions are described below:

Switch No. Function

8 ON = Forced Active (Factory Default = OFF)

7 For future use (Factory Default = OFF)

6 ON = Peer Bypass control (Factory Default = OFF) For more information see Appendix B, Fail-Safe Operation, Figure B-3

5 ON = Bypass connected, OFF = Bypass float (Factory Default = ON)





Table 4-1 DIP Switch Functions: Enhanced Platform

The unit is shipped with the factory defaults indicated above. This setup ensures the normal operation of the Bypass switch (meaning that it is activated upon a failure), and that the Active status is not forced. For normal device behavior, it is strongly recommended not to change DIP switch factory settings.

After ensuring identical configuration, test each NetEnforcer (while connected to the network as a single device) and verify that they are operating identically to one another.

1. Set the DIP Switches to Parallel Redundancy mode. See Figure 4-7. 2. Designate one of your NetEnforcers to be the default Primary, and connect the end

of the Backup cable marked Primary to the backup connector of the unit. Connect the other end of the backup cable to the backup connector of the Secondary NetEnforcer.



3. After booting ensure that the Active LED is ON and the Standby LED is OFF. On the Secondary NetEnforcer, the Active LED is OFF and the Standby LED is ON.

C AUT ION When two NetE nforc ers are c onnec ted in R edundanc y mode with a s witch on each interfac e, if the P rimary NetE nforc er fails and the S econdary s ys tem takes c ontrol of traffic , the redundant unit may take s ome time to ac tivate. T his is normal s witc h behavior. T he s witch will continue to redirec t pac kets to the P rimary NetE nforc er, ins tead of to the S ec ondary NetE nforc er.

NetEnforcer AC-400 Series models have the option of working in Parallel Redundancy, where one system is in Float mode and the other is not. This enables one system to cancel the other systems Bypass mode. When this feature is activated (DIP switch 6 is set to ON), the active system cancels the Bypass mode of the other system, if it exists.

If the Primary NetEnforcer fails, the Secondary NetEnforcer becomes active and cancels the Primary Bypass. If the Secondary NetEnforcer also fails, it releases its control over of the primary NetEnforcer that will move to Bypass mode.

The recommended configuration as shown in Figure 4-7, is to set the Primary NetEnforcer to Bypass mode (switches 1 to 5 are set to ON) and the Secondary NetEnforcer to Float mode (switches 1 to 5 are set to OFF, and switch 6, Control Over, is set to ON).



Primary Secondary87654321ON

87654321ON

BYPASS FLOAT

CONTROL OVER

Figure 4-7 DIP Switch Configuration for Parallel Redundancy

If there is a problem with the Primary NetEnforcer, the box should be disconnected from the network and the DIP switches on the Secondary NetEnforcer should be set to standalone configuration.

C AUT ION P leas e note that only a c ertified Allot C ommunic ations S ervic e E ngineer is authorized to remove the NetE nforcer c over and change the internal DIP s witc hes . If a non-authorized pers on removes the cover from the NetE nforc er, its warranty bec omes void.

C AUT ION In s tandalone mode, NetE nforc er DIP s witc hes s hould remain in the factory default s ettings . T o have the NetE nforcer in s tandalone mode, s witc hes 1 to 5 are s et to ON and s witc hes 6 to 8 are s et to OF F .



A c tive R edundanc y In the Active Redundancy configuration, each NetEnforcer AC-404 manages a single link while duplicating the links traffic to the other NetEnforcer. Both NetEnforcers are active. Each unit shapes the traffic of one link only, but the shaping algorithm considers traffic of both links. Such configuration is recommended for network topologies where both links are active in load-balancing mode.

NOT E Active Redundancy is not available on AC-402 models.

F ailover In the event that one of the links fails due to router, switch or line malfunction, the network redundancy mechanism (for example, spanning tree) will ensure that traffic is routed or switched via the other link and managed by the second NetEnforcer. Since both NetEnforcers maintain a constant view of the two links, there will be no loss of flow's state and other information required for correct shaping and application classification. Note that the bypass function is not used in such configurations.

P olicy C onfiguration In the Active Redundancy configuration, the two NetEnforcers should share the same policy configuration.



C onnecting the NetE nforcer in Active R edundancy Line 1 is used to pass actual traffic these interfaces will be used to connect the AC-404s to the corresponding switches or routers.

Figure 4-8 Active Redundancy AC-404

Line 2 is used to duplicate traffic and pass it to the second NetEnforcer. Traffic that is passed between NetEnforcers is not sent to adjacent network devices it is only used for monitoring and classification purposes.


C hapter 5: Hardware S pecifications

This chapter lists the hardware specifications for all NetEnforcer AC-400 Series models.

Dimens ions

Standard 1U by 19-inch, rack mountable

Height 1.73 in (44 mm)

Width 17.32 in (440 mm)

Depth 11.73 in (298 mm)

Weight 12 lbs (5.5 kg)

P ower R equirements

Input Voltage 100 - 240 V

Frequency 47 - 63 Hz

Current 2 A

Power consumption 70 W

Operating E nvironment

Temperature 32 F to 104 F (0 to 40 C)

Humidity 5% to 95% (non condensing)

Heat Dissipation 240 BTU/Hour

EMI Residential, commercial and light industry.

Chapter 5: Hardware Specifications


S tandards , C ompliance and C ertifications All AC-400 models hold certificates for and comply with the standards listed below.

E MC

EMC Directive 89/336/EEC, article 7(1)

EN 55022:1998+A1(00) class A

EN 61000-3-2:1995_A1(98)+A2(98)

EN 61000-3-3:1995

EN 55024:1998+A1(01)

FCC 47 CFR part 15, subpart B, class A

ICES-003:1997, class A

VCCI:2002, class B

NEBS: GR-1089-Core*

S afety

IEC 60950:1999 with Japanese deviations

EN 60950:2000

NEBS: GR-1089-Core*

UL

1950 NetEnforcer UL File number: E206586

CAN/CSA C22.2 No.60950-00 * UL 60950, third edition

Chapter 5: Hardware Specifications


E nvironmental

ETS 300 019-2-2 T 2.1

ETS 300 019-2-3 T 3.1

NEBS: GR-63-Core*

* NetEnforcer is designed to meet these standards.


C hapter 6: F irewall P ort R eference

B as ic Management If your NetEnforcer using Basic Management is working behind a firewall, the following ports must be opened on the firewall to enable access to the NetEnforcer management functions:

Firewall Port Gives Access To

TCP Port: 23 Telnet

TCP Port: 80 Web Server/GUI

TCP Port: 56000 Internal Accounting GUI Access

TCP Port: 51000 Policy Editor GUI Access

TCP Port: 52000 Monitoring GUI Access

TCP Port: 53000 Alerts GUI Access

TCP Port: 53306 MySQL Access

TCP Port: 56000 External Accounting Data Transfer Access

Chapter 6: Firewall Port Reference


NetXplorer In some networks, the NetEnforcer can be separated from the NetXplorer server by a firewall for security reasons.

To enable the communication between the NetXplorer and NetEnforcers the following ports in the Firewall should be opened:

TCP/80 HTTP UDP/161 SNMP UDP/162 SNMP Trap UDP/123 NTP TCP/123 NTP


C hapter 7: quipement de s rie AC -400

Le NetEnforcer est une passerelle dapprentissage transparente certifie conforme la norme IEEE 802.1, qui inclut un mcanisme interne de drivation en vue dassurer la continuit du dbit de donnes en cas de problme matriel ou logiciel .

Les mises en garde et remarques suivantes doivent faire lobjet dune attention toute particulire :

Mis es en garde dordre gnral ALIMENTATION Avant de retirer le couvercle, dconnecter le produit de

lalimentation secteur. Toute opration de rglage et dentretien ralise au niveau du dispositif doit uniquement tre effectue par un personnel qualifie, avec lappareil dconnect de sa source dalimentation.

ALIMENTATION Lunit dalimentation comprend un fusible interne .Son remplacement doit uniquement tre effectu par un personnel qualifi.

ALIMENTATION Assurer vous quune sortie dalimentation secteur se trouve proximit de lappareil et quelle soit facile daccs. Il est recommand que la source dalimentation soit connecte une installation de protection base dans le btiment.Afin de connecter un NetEnforcer une alimentation de 120 VAC, connecter les rceptacles de service de 15 A , puis composer N5/15 ou NEMA 5-15R.

Chapter 7: quipement de srie AC-400


Redondance Dans le cas dune connexion en mode redondant de deux dispositifs NetEnforcers un commutateur sur chaque interface, lunit redondante pourrait mettre un certain temps reprendre le contrle du trafic si le dispositif primaire venait prsenter une dfaillance et que le dispositif secondaire prenait le contrle du trafic. Il sagit-l dun comportement tout fait normal de la part du commutateur, qui continuera rediriger les paquets de donnes vers le distributeur primaire, plutt que vers le dispositif NetEnforcer secondaire.

Batterie Il y a danger dexplosion, si la batterie est remplace incorrectement. Remplacer la uniquement par un mme type ou dun quivalent, recommand par lindustrielle. Disposer de vos batteries uses en vous rapportant aux instructions de lindustrielle.



R emarques dordre gnral Paramtrage Il est dconseill de modifier les paramtres par dfaut du NetEnforcer ;

la modification des paramtres NIC seffectue uniquement par le biais du panneau ACL.

Alimentation Lalimentation c.a. sadapte automatiquement des tensions comprises entre 100 et 240 V, une frquence de 50/60 Hz. Lalimentation c.c. quant elle, sadapte automatiquement des tensions de 48 ou 60 V c.c.

Cet quipement est destin une utilisation dans un espace accs limit et par un personnel dment qualifi. Pour viter tout choc lectrique, ne raliser aucune opration autre que celles dcrites dans le feuillet dinstructions de dballage.

Cbles

Ethernet en cuivre

laide des cbles Ethernet droits UTP CAT-6 fournis, raccorder les connexions de lien portant les tiquettes Internal (Interne) et External (Externe). La longueur maximale de ces cbles est gnralement de 50 mtres.

Commutateur DIP Seul, un personnel qualifi du service dingnierie dAllot Communications est autoris retirer le couvercle du NetEnforcer afin de changer les commutateurs internes DIP. Si une personne non autorise retire le couvercle du NetEnforcer, sa garantie est alors annule.

Circulation de lair Afin dassurer un refroidissement convenable, la circulation de lair ne doit pas tre restreinte lintrieur ou autour du rack. Prserver un espace dgag, allant de 1 m 1.5 m entre le rack et lenclos. Assurez vous quil y a une bonne circulation de lair, autour des ouvertures de ventilations du NetEnforcer.

Mise la masse Assurez vous que chaque site dinstallation possde une mise la masse conforme. Veuillez connecter la masse tous rack mtallique, enclos et boites. Le dispositif NetEnforcer devrait tre mis la masse, en tant reli par le cordon dalimentation secteur.

Installation

Rack

Attacher les oreillettes montables fournis dans le kit daccessoires du NetEnforcer, aux deux extrmits du dispositif en utilisant les huit vis, galement fournis dans le kit daccessoires.



S pc ific ations matrielles

Dimens ions Conception 2U standard de 19 pouces, montable en rack

Hauteur 1.73 in (44 mm)

Largeur 17.32 in (440 mm)

Profondeur 11.73 in (298 mm)

Poids 12 lbs (5.5 kg)

REMARQUE Lunit de drivation en cuivre pse 1,75 kg (3.86 lbs) ; celle en fibre optique pse 1,94 kg (4.28 lbs).

S pc ific ations requis es

Alimentation Tension c.a. en entre 100 - 240 V

Frquence 50/60 Hz

Intensit 2 A rated/ 5A Fused

C onditions ambiantes Temprature 0 40 C (32 104 F)

Humidit 5 95 % (sans condensation)



C ons ommation dnergie AC-402 70 W

Dis s ipation de chaleur AC-402 240 BTU/Heure

NetEnforcer AC-400 SeriesPolicy Based Bandwidth ManagementHardware GuideP/N D360001 R3Important NoticeCopyrightTrademarks

AC-400 Series HardwareAC-400 Series Packing ListAC-400 Series Front PanelAC-402 Front PanelAC-404 Front PanelAC-400 Series LCD PanelManagement PortAC-404 Interfaces

AC-400 Series Rear PanelRack Mounting the UnitConnection to Supply CircuitAmbient TemperatureAirflowReliable GroundingPreparing the NetEnforcer for Rack InstallationRack Mechanical Loading

AC-400 Series Powering UpConnection to AC PowerPowering Up Via LCD Panel

Network PlacementConnecting the NetEnforcer to the Network

Setting Up the NetEnforcerConfiguring Via a Terminal or TelnetNetEnforcer Start MenuDisplaying the Current ConfigurationConfiguring Network ParametersChanging the PasswordsModifying Date and Time Settings

Configuring Via the LCD PanelThe Main MenuGetting Started on NetEnforcerConfiguring NIC SettingsSetting the NetEnforcer IP AddressActivating BypassRebooting, Shutting Down and Exiting the NetEnforcer

RedundancyEnabling RedundancyConfiguring the AC-402 via the NetEnforcerConfiguring the AC-402 via NetXplorerConfiguring the AC-404 via the NetEnforcerConfiguring the AC-404 via NetXplorer

Parallel RedundancyStatus Indicators in Parallel Redundancy ModeSecondary NetEnforcer ActivationParallel Redundancy ConnectionSetting Dip SwitchesDIP Switches

Active RedundancyIn the Active Redundancy configuration, each NetEnforcer AC-404 manages a single link while duplicating the links traffic to the other NetEnforcer. Both NetEnforcers are active. Each unit shapes the traffic of one link only, but the shaping algorithm...FailoverPolicy ConfigurationConnecting the NetEnforcer in Active Redundancy

Hardware SpecificationsDimensionsPower RequirementsOperating EnvironmentStandards, Compliance and CertificationsEMCSafetyULEnvironmental

Firewall Port ReferenceBasic ManagementNetXplorer

quipement de srie AC-400Mises en garde dordre gnralRemarques dordre gnralSpcifications matriellesDimensions

Spcifications requisesAlimentationConditions ambiantesConsommation dnergieDissipation de chaleur

Documents

AC-400 Hardware Guide R3.pdf