Allot NetEnforcer AC-1000 Series Hardware Manual
  1. Manuals
  2. Brands
  3. Allot Manuals
  4. Server
  5. NetEnforcer AC-1000 Series
  6. Hardware manual

Allot NetEnforcer AC-1000 Series Hardware Manual

Carrier-grade traffic management device
Hide thumbs
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NetEnforcer AC-1000 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Allot NetEnforcer AC-1000 Series

Summary of Contents for Allot NetEnforcer AC-1000 Series

  • Page 3 NetEnforcer AC-1000 Series Policy Based Bandwidth Management Hardware Guide P/N D362001 R2...
  • Page 5 Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise.

  • Page 6: Printing History

    Important Notice Printing History First Edition: July, 2006 Second Edition: September, 2007 AC-1000 Series Hardware Guide...

  • Page 7: Table Of Contents

    Table of Contents Important Notice .......................... iii  Printing History ..........................iv  Table of Contents ........................... v  Table of Figures ........................... vii  CHAPTER 1: AC-1000 SERIES HARDWARE ............1-1   AC-1000 Series Packing List ..................... 1-2  NetEnforcer Front Panel ......................1-3  AC-1000 Series Front Panels ....................
  • Page 8 Configuring Via the LCD Panel ....................3-12  CHAPTER 4: REDUNDANCY ..................4-1   Enabling Redundancy ........................ 4-1  Parallel Redundancy ........................ 4-13  Status Indicators in Parallel Redundancy Mode ..............4-14  Secondary NetEnforcer Activation ..................4-15  Active Redundancy ........................4-17  Failover ........................... 4-17  Policy Configuration .......................

  • Page 9: Table Of Figures

    Table of Figures Figure 1-1 – Front Panel: AC-1000 Series ................... 1-3  Figure 1-2 – Front Panel: AC-1010 Copper ................. 1-4  Figure 1-3 – Front Panel: AC-1020 Fiber ..................1-4  Figure 1-4 – Front Panel: AC-1040 Copper ................. 1-5  Figure 1-5 – NetEnforcer LCD Panel ..................1-6  Figure 1-6 –...
  • Page 10 Figure 3-2 – Current Configuration (1) ..................3-4  Figure 3-3 – Current Configuration (2) ..................3-5  Figure 3-4 – Network Configuration .................... 3-6  Figure 3-5 – Password ........................3-9  Figure 3-6 – Time Setup ......................3-10  Figure 4-1 – NIC Tab AC-1010 – NetXplorer Configuration ............4-3  Figure 4-2 –...

  • Page 11: Chapter 1: Ac-1000 Series Hardware

    Several NetEnforcer models are available to support large and small sites and different data network speeds. All NetEnforcer AC-1000 series units support 1M connections (2M flows), 2,000 pipes and 8,000 Virtual Channels. Additional Pipes and Virtual Channels can also be purchased separately per device.

  • Page 12: Ac-1000 Series Packing List

    Chapter 1: AC-1000 Series Hardware The NetEnforcer AC-1010 is a general-purpose carrier grade device with one line (two port) connectivity. The device is available with either AC or DC power supplies and with copper, SX fiber, LX5 fiber, LX20 fiber or ZX fiber interface connectors. The AC- 1010 may be ordered with an upgradable throughput of 155 Mbps, 310 Mbps, 622 Mbps or 1 Gbps.

  • Page 13: Netenforcer Front Panel

    Chapter 1: AC-1000 Series Hardware NetEnforcer Front Panel The AC-1000 series connects to your network via Link Connection connectors. The LCD panel, connectors and LED indicators on the front panel, are shown in the following diagrams. The front panel of each AC-1000 series unit is separated into four areas as shown below: Figure 1-1 –...

  • Page 14: Ac-1000 Series Front Panels

    Chapter 1: AC-1000 Series Hardware AC-1000 Series Front Panels AC-1010 Front Panels Figure 1-2 – Front Panel: AC-1010 Copper AC-1020 Front Panel Figure 1-3 – Front Panel: AC-1020 Fiber NetEnforcer AC-1000 Hardware Guide...

  • Page 15: Figure 1-4 - Front Panel: Ac-1040 Copper

    Chapter 1: AC-1000 Series Hardware AC-1040 Front Panels Figure 1-4 – Front Panel: AC-1040 Copper CAUTION CLASS 1 LASER PRODUCT. DANGER! Invisible laser radiation when opened. AVOID DIRECT EXPOSURE TO BEAM. NetEnforcer AC-1000 Hardware Guide...

  • Page 16: Lcd Panel

    Chapter 1: AC-1000 Series Hardware LCD Panel The NetEnforcer LCD panel provides an indication of traffic usage and enables you to configure NetEnforcer directly without the need to connect a terminal. You can also start, reboot and shutdown NetEnforcer from the front panel. Display Area Display Area Standby Indicator...
  • Page 17 Chapter 1: AC-1000 Series Hardware Unit Status Indicators The modes of operation of the Standby, Active and Power LEDs on the LCD panel are described in the table below. Indicator Status NetEnforcer Status Standby Two NetEnforcers are connected in Parallel Redundancy mode and this NetEnforcer is the secondary system.

  • Page 18: Power Supply Modules

    Chapter 1: AC-1000 Series Hardware Interface Status Indicators The modes of operation of the Link (External and Internal) LEDs are described in the table below. Link Status Indicators – AC-1010/1020 Ext/Int LED NetEnforcer Status A lit green LED indicates that a link is detected. Green Amber A blinking amber LED indicates that traffic is detected on...
  • Page 19 Chapter 1: AC-1000 Series Hardware NOTE The AC power supply automatically adapts to voltages between 100 V and 240 V, 50/60 Hz. The DC power supply automatically adapts to voltages of 48 V or 60 V DC. This equipment is for use in a restricted access area by qualified personnel only.
  • Page 20 Chapter 1: AC-1000 Series Hardware Each power supply has two LEDs located beneath the power supply handles. Model Copper/Fiber options Power inlet options AC 1010 Transceiver SFP Copper AC/DC Transceiver SFP SX Transceiver SFP LX 5 Transceiver SFP LX 20 Transceiver SFP ZX AC 1020 Transceiver SFP Copper...

  • Page 21: Accessories Area

    Chapter 1: AC-1000 Series Hardware Accessories Area Management Port (Out of Band Management) Out-of-band management provides the following: • Offers physical separation between shaped traffic and management traffic. • Enables access to NetEnforcer even if there is a problem in the network (for example, DoS attack).
  • Page 22 Chapter 1: AC-1000 Series Hardware • Provides an infrastructure for improvement of the redundancy capabilities. NOTE The Management port has its own MAC and IP address. Management Port Status Indicators Management Port Status Indicators – AC-1010/1020 The modes of operation of the Management port LEDs are described in the table below. Mgmnt LED NetEnforcer Status Green...
  • Page 23 Chapter 1: AC-1000 Series Hardware Power Cable Connectors The unit power cables (AC or DC) plug in here. The power cables should not be removed while swapping the power modules. CAUTION This equipment has a connection between the earthed conductor of the DC supply circuit and the earthing conductor.

  • Page 24: Cabling

    Chapter 1: AC-1000 Series Hardware Cabling AC-1000 Series Copper NOTE Ethernet Cables may be Straight or Cross, depending upon your network. Shielded cables must be used in order to insure compliance. Connections Cable Type Connector Type To NetEnforcer Ethernet (Cat-6) (Included, RJ-45 Management Port P/N C411011)
  • Page 25 Chapter 1: AC-1000 Series Hardware NetEnforcer AC-1000 Hardware Guide 1-15...

  • Page 26: Ac-1000 Multi Mode (Sx) Fiber

    Chapter 1: AC-1000 Series Hardware AC-1000 Multi Mode (SX) Fiber NOTE Ethernet Cables may be Straight or Cross, depending upon your network. Connections Cable Type Connector Type To NetEnforcer Ethernet (Cat-6) (Included, RJ-45 Management Port P/N C411011) To NetEnforcer Console Ethernet (Cat-6) (Included, RJ-45 Port...

  • Page 27: Ac-1000 Series Single Mode (Lx5, Lx20, Zx) Fiber

    Chapter 1: AC-1000 Series Hardware AC-1000 Series Single Mode (LX5, LX20, ZX) Fiber NOTE Ethernet Cables may be Straight or Cross, depending upon your network. Connections Cable Type Connector Type To NetEnforcer Ethernet (Cat-6) (Included, RJ-45 Management Port P/N C411011) To NetEnforcer Console Ethernet (Cat-6) (Included, RJ-45...

  • Page 28: Connectors

    Chapter 1: AC-1000 Series Hardware Connectors NetEnforcer Bypass Units using Multi Mode fiber (SX) utilize dual SC Connectors. Figure 1-6 – Dual SC Connector (Multi Mode Fiber) NetEnforcer Bypass Units using Single Mode fiber (LX5, LX20 and ZX) utilize dual LC connectors.

  • Page 29: Bypass Units

    Chapter 1: AC-1000 Series Hardware Bypass Units The AC-1000 series operates with an external Bypass Unit. The Bypass Unit is a mission-critical subsystem designed to ensure network connectivity at all times. The Bypass mechanism provides "connectivity insurance" in the event of a NetEnforcer subsystems failure.

  • Page 30: Figure 1-9 - Connecting The Netenforcer Ac-802 Copper To The Single Copper Bypass Unit

    Chapter 1: AC-1000 Series Hardware The Single Copper Bypass Unit includes RJ-45 connectors for Ethernet cables and two D-type 9-pin connectors for primary and redundant unit to backup connection. The following procedure describes how to connect a Single Copper Bypass Unit to NetEnforcer.

  • Page 31: Figure 1-10 -Single Fiber Bypass Unit - Multi Mode

    Chapter 1: AC-1000 Series Hardware Connect the D-type connector from the Primary port on the Bypass Unit, to the Backup port on NetEnforcer. The 9-pin connector is plugged into the bypass unit and the 26 pin connector is plugged into the NetEnforcer.

  • Page 32: Figure 1-12 - Connecting Netenforcer Ac-1010 Fiber To Single Fiber Bypass Unit - Multi Mode

    Chapter 1: AC-1000 Series Hardware NOTE Use 62.5/125μ or 9/125μ fiber optic cables with dual LC connectors (not provided) to connect 1 Gbps ports of the switch and the router. The Single Fiber Bypass Unit includes either two duplex LC connectors and one built in fiber cable (for Multi Mode connections) or two quad LC connectors (for Single Mode connections), along with two D-type 9-pin connectors for primary and redundant unit to backup connection.

  • Page 33: Ac-1020 Bypass Unit

    Chapter 1: AC-1000 Series Hardware 1. Connect the fiber cable labeled External from the Bypass Unit, to the External port on NetEnforcer. 2. Connect the fiber cable labeled Internal from the Bypass Unit, to the Internal port on NetEnforcer. 3. Connect the D-type connector from the Primary port on the Bypass Unit, to the Backup port on NetEnforcer.

  • Page 34: Figure 1-13 - Connecting The Netenforcer Ac-1020 To Double Copper Bypass Unit

    Chapter 1: AC-1000 Series Hardware The following procedure describes how to connect a Double Copper Bypass Unit to NetEnforcer AC-1020. To External To Internal Router Switch Figure 1-13 – Connecting the NetEnforcer AC-1020 to Double Copper Bypass Unit To connect the Double Copper Bypass to the NetEnforcer: NOTE For important information regarding cable and connector types, see Cabling on page 1-14.

  • Page 35: Figure 1-14 - Double Fiber Bypass Unit - Multimode

    Chapter 1: AC-1000 Series Hardware Connect the Internal cable from the Internal port on the Bypass Unit, to a switch connector. Repeats Steps 1 to 4 for Link 2. Connect the D-type High Density connector from the Primary port on the Bypass Unit, to the Backup port on NetEnforcer.

  • Page 36: Figure 1-15 - Double Fiber Bypass Unit - Single Mode

    Chapter 1: AC-1000 Series Hardware Figure 1-15 – Double Fiber Bypass Unit – Single Mode NOTE Use 62.5/125μ or 9/125μ fiber optic cables with dual LC connectors (not provided) to connect 1 Gbps ports of the switch and the router. The Double Fiber Bypass Unit includes connectors for connecting to Link 1 and Link 2 on the AC-1020.

  • Page 37: Figure 1-16 - Connecting The Netenforcer Ac-1020 To Double Fiber Bypass Unit - Single Mode

    Chapter 1: AC-1000 Series Hardware The following procedure describes how to connect a Double Fiber Bypass Unit to NetEnforcer AC-1020. To External To Internal Router Switch Figure 1-16 – Connecting the NetEnforcer AC-1020 to Double Fiber Bypass Unit – Single Mode To connect the Double Fiber Bypass to the NetEnforcer: NOTE For important information regarding cable and connector types, see...

  • Page 38: Ac-1040 Bypass Unit

    Chapter 1: AC-1000 Series Hardware Connect a 62.5/125μ or 9/125μ Internal fiber optic cable from the Internal port on the Bypass Unit to a 1 Gbps switch. Repeats Steps 1 to 4 for Link 2. Connect the D-type High Density connector from the Primary port on the Bypass Unit, to the Backup port on the Primary NetEnforcer.
  • Page 39 Chapter 1: AC-1000 Series Hardware The following procedure describes how to connect the Bypass Unit to NetEnforcer AC-1040. To connect the Bypass Unit to the NetEnforcer AC-1040: NOTE For important information regarding cable and connector types, see Cabling on page 1-14. Connect the External cable from the To NetEnforcer External port (Link 1) on the Bypass Unit to the External port on NetEnforcer (Link 1).

  • Page 40: Powering Up

    Chapter 1: AC-1000 Series Hardware Powering Up Connection to AC Power Power supply cords are intended to serve as the disconnect device. The user can power down the device only by removing the two-power cords from the power source or the device itself.

  • Page 41: Grounding

    Chapter 1: AC-1000 Series Hardware Restore power to the DC circuit by turning the circuit breaker on (|). Do not restore power until you are ready to boot the NetEnforcer system. This unit is intended for RESTRICTED ACCESS LOCATIONS in accordance with NEC (National Electric Code) or the authority having jurisdiction.

  • Page 42: Powering Up Via Lcd Panel

    Chapter 1: AC-1000 Series Hardware Connect to a reliably grounded SELV source. Grounding is achieved through connection of the power entry module grounding terminal to one power port of the terminal block by min. No. 14 AWG green/yellow conductor. This equipment shall be connected directly to the DC supply system grounding electrode conductor or to a bonding jumper from grounding terminal bar or bus to which the DC supply system grounding electrode is connected.
  • Page 43 Chapter 1: AC-1000 Series Hardware The display area of the LCD panel indicates the default view - the current bandwidth consumption. For example: Inbound: XXX.X Outbound: YYY.Y You can now proceed to configure NetEnforcer, as required. NetEnforcer AC-1000 Hardware Guide 1-33...

  • Page 45: Chapter 2: Placement In The Network

    Chapter 2: Placement in the Network The NetEnforcer is normally placed on the internal side of your access router. The Internal port of the NetEnforcer interfaces with your Local Area Network (LAN) and the External port of the NetEnforcer interfaces with your access router. To connect NetEnforcer to your network: Connect the Bypass Unit to NetEnforcer, as described in Bypass Units, page 1-8.

  • Page 47: Chapter 3: Setting Up The Netenforcer

    Chapter 3: Setting Up the NetEnforcer In order to manage and configure NetEnforcer policies remotely from your Web browser or NetXplorer centralized management software, several basic parameters must be configured on NetEnforcer. You can configure these basic parameters using a terminal connected to NetEnforcer or by using the LCD panel.

  • Page 48: Figure 3-1 - Netenforcer Setup Menu

    (see above). The system boots up and you are prompted for a login and a password. 4. Enter admin for the login and allot for the password. (To change the password, see page 3-9.) 5. Press <Enter>. The NetEnforcer Setup Menu is displayed: Figure 3-1 –...
  • Page 49 Telnet (IP address of NetEnforcer). Press <Enter>. The system boots up and you are prompted for a login and a password. 2. Enter admin for the login and allot for the password. (To change the password, see page 3-9.) Press <Enter>. The NetEnforcer Setup Menu is displayed:...

  • Page 50: Figure 3-2 - Current Configuration (1)

    Chapter 3: Setting Up the NetEnforcer Displaying the Current Configuration You can display and view the currently set network configuration parameters at any time. To display the current configuration: In the NetEnforcer Setup Menu, enter 1 (List current configuration) and press <Enter>.

  • Page 51: Figure 3-3 - Current Configuration (2)

    Chapter 3: Setting Up the NetEnforcer Figure 3-3 – Current Configuration (2) Press <Enter> to return to the NetEnforcer Setup Menu. NetEnforcer AC-1000 Hardware Guide...

  • Page 52: Figure 3-4 - Network Configuration

    Chapter 3: Setting Up the NetEnforcer Configuring Network Parameters You can define network parameters manually. To define network parameters manually: In the NetEnforcer Setup Menu, enter 2 (Network configuration) and press <Enter>. The Network Configuration menu is displayed: Figure 3-4 – Network Configuration Enter 2 (Manual configuration) and press <Enter>.
  • Page 53 Jonny2. Domain name A domain name for your NetEnforcer, for example, allot.com. Do not provide a leading ‘.’. Default gateway IP address The IP address of your default gateway, for example, 10.0.0.2. If you do not have a default gateway, enter NONE.
  • Page 54 Chapter 3: Setting Up the NetEnforcer • The duplex type for the External interface. Enter full for full duplex, half for half duplex or auto for AutoSensing. • If you selected full or half duplex, enter the link speed of the External interface, 10M or 100M.

  • Page 55: Figure 3-5 - Password

    You can change the login password for either the Admin user or the Monitor user. The Admin user has access to all NetEnforcer functions, while the Monitor user has read-only access. It is strongly recommended to change the default password (allot). NetEnforcer might enable access from anywhere on the Internet, and should therefore be protected with a unique password.

  • Page 56: Figure 3-6 - Time Setup

    Chapter 3: Setting Up the NetEnforcer Modifying Date and Time Settings You can modify date and time settings as required. You can set the system time manually, or you can set up NetEnforcer to receive time checks from an NTP (Network Time Protocol) server, if you have one on your network.
  • Page 57 Chapter 3: Setting Up the NetEnforcer • Press <Enter> to set the time. Changing the Root User Password You can change the root password that provides access to super-user rights. To change the root password: 1. Use the supplied serial cable to connect the terminal to the Console Connector on the front panel of NetEnforcer.

  • Page 58: Configuring Via The Lcd Panel

    Chapter 3: Setting Up the NetEnforcer Configuring Via the LCD Panel All NetEnforcer models provide an LCD panel from which you can configure basic NetEnforcer parameters without connecting a terminal. This enables quick and easy setting of basic parameters such as the IP address of NetEnforcer and NIC settings. When not being used to configure the NetEnforcer, the display area in the LCD panel displays its default view, which is the current inbound and outbound bandwidth usage.
  • Page 59 Chapter 3: Setting Up the NetEnforcer NOTE If QoS functionality is not included in your NetEnforcer (not enabled by your activation key), the default view indicates the following: Inbound:- Outbound:-. Configuring NIC Settings Configuring NIC settings enables you to configure the internal and external Ethernet adapters to either automatically sense the direction and speed of network traffic, or use a predetermined duplex type and speed.
  • Page 60 Chapter 3: Setting Up the NetEnforcer [100]/[10] Mbps Use the arrow buttons to select the link speed of the selected interface and press the Enter button. The display area indicates the following: [S]ave/[C]ancel Use the arrow buttons to select whether to save the settings or cancel and press the Enter button.
  • Page 61 Chapter 3: Setting Up the NetEnforcer Select whether you have a gateway defined in your network. If you select N then you will exit to the next step, skipping step 2-4. If you have a gateway select Y and proceed: 2-4.Gateway: xxx.xxx.xxx.xxx (the current gateway definitions are displayed) Specify the IP address of the default gateway.
  • Page 62 Chapter 3: Setting Up the NetEnforcer Activating Bypass To send the NetEnforcer into Bypass: With the display area displaying the default view, press the Select button. The Main menu is displayed. Press the down arrow three times to display the following: Main menu: 4.
  • Page 63 Chapter 3: Setting Up the NetEnforcer Use the arrow buttons to select whether to reboot NetEnforcer and press the Enter button. NetEnforcer reboots and the display area indicates the following: System Rebooting * (blinking asterisk) NOTE This message also appears in the display area when the NetEnforcer is rebooted using a terminal.
  • Page 64 Chapter 3: Setting Up the NetEnforcer To return to LCD default view: With the display area displaying the default view, press the Select button. The Main menu is displayed. Press the down arrow six times to display the following: Main menu: 7.

  • Page 65: Chapter 4: Redundancy

    Chapter 4: Redundancy Enabling Redundancy In order to implement redundancy, it is necessary to configure the network interfaces and enable redundancy in each NetEnforcer involved. Configuring the AC-1010 via the NetEnforcer 1. Configure the Management Port interface via the LCD on the front panel of the NetEnforcer.
  • Page 66 Chapter 4: Redundancy To set redundancy mode: go config network -redund_mode • Options are: o parallel o serial For example: go config network –redund_mode parallel To toggle redundancy: go config network –bypass_unit • Options are: o enable o disable For example: go config network –bypass_unit enable NetEnforcer AC-1000 Hardware Guide...

  • Page 67: Figure 4-1 - Nic Tab Ac-1010 - Netxplorer Configuration

    Chapter 4: Redundancy Configuring the AC-1010 via NetXplorer Log into NetXplorer Right click the NetEnforcer you wish to configure in the Navigation Pane Select Configuration from the drop down menu. Open the NIC tab and in the Action on Failure field, set INTERNAL1 and EXTERNAL1 to fail paired port.

  • Page 68: Figure 4-2 - Networking Tab Ac-1010 - Netxplorer Configuration

    Chapter 4: Redundancy Figure 4-2 – Networking Tab AC-1010 – NetXplorer Configuration Click Save. The system will reboot After rebooting, you can view the changes from the Configuration tab. For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide. Configuring the AC-1020 via the NetEnforcer 1.
  • Page 69 Chapter 4: Redundancy 3. Open a console connection to the NetEnforcer and use the following CLI commands: To set the interfaces: go config nic • Options are: o internal1 MODE:SPEED o internal2 MODE:SPEED o external1 MODE:SPEED o external2 MODE:SPEED For example: go config nic –internal1 full:100 To set redundancy mode: go config network -redund_mode •...
  • Page 70 Chapter 4: Redundancy To toggle redundancy: go config network –bypass_unit • Options are: o enable o disable For example: go config network –bypass_unit enable Configuring the AC-1020 via NetXplorer Log into NetXplorer Right click the NetEnforcer you wish to configure in the Navigation Pane Select Configuration from the drop down menu.

  • Page 71: Figure 4-3 - Nic Tab Ac-1020 - Netxplorer Configuration

    Chapter 4: Redundancy Figure 4-3 – NIC Tab AC-1020 – NetXplorer Configuration Set INTERNAL2 and EXTERNAL2 to No Action in the Action on Failure field. Open the Networking tab and set the Redundancy Mode as required to Parallel, Serial or Active. Select the Enable Bypass Unit checkbox.

  • Page 72: Figure 4-4 - Networking Tab Ac-1020 - Netxplorer Configuration

    Chapter 4: Redundancy Figure 4-4 – Networking Tab AC-1020 – NetXplorer Configuration Click Save. The system will reboot After rebooting, you can view the changes from the Configuration tab. For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide. Configuring the AC-1040 via the NetEnforcer Configure the Management Port interface via the LCD on the front panel of the NetEnforcer.
  • Page 73 Chapter 4: Redundancy To set the interfaces: go config nic • Options are: o internal1 MODE:SPEED o internal2 MODE:SPEED o internal3 MODE:SPEED o internal4 MODE:SPEED o external1 MODE:SPEED o external2 MODE:SPEED o external3 MODE:SPEED o external4 MODE:SPEED For example: go config nic –internal1 full:100 To set redundancy mode: go config network -redund_mode •...
  • Page 74 Chapter 4: Redundancy To toggle redundancy: go config network –bypass_unit • Options are: o enable o disable For example: go config network –bypass_unit enable Configuring the AC-1040 via NetXplorer Log into NetXplorer Right click the NetEnforcer you wish to configure in the Navigation Pane. Select Configuration from the drop down menu.

  • Page 75: Figure 4-5 - Nic Tab Ac-1040 - Netxplorer Configuration

    Chapter 4: Redundancy Figure 4-5 – NIC Tab AC-1040 – NetXplorer Configuration Set INTERNAL2, EXTERNAL2, INTERNAL4 and EXTERNAL4 to No Action in the Action on Failure field. Open the Networking tab and set the Redundancy Mode as required, to Parallel, Serial or Active. Select the Enable Bypass Unit checkbox.

  • Page 76: Figure 4-6 - Networking Tab Ac-1040 - Netxplorer Configuration

    Chapter 4: Redundancy Figure 4-6 – Networking Tab AC-1040 – NetXplorer Configuration Click Save. The system will reboot After rebooting, you can view the changes from the Configuration tab. For more information concerning NetEnforcer configuration via NetXplorer, see the NetXplorer Operation Guide. 4-12 NetEnforcer AC-1000 Hardware Guide...

  • Page 77: Parallel Redundancy

    Chapter 4: Redundancy Parallel Redundancy Failure of a network device can be catastrophic, causing network downtime and lost business. The key to designing any mission-critical network is to recognize that these failures can occur, and to design a network that can handle failures and still allow the network to function.

  • Page 78: Status Indicators In Parallel Redundancy Mode

    Chapter 4: Redundancy Status Indicators in Parallel Redundancy Mode When operating in Parallel Redundancy mode, two NetEnforcer units are connected. During operation, the LED indicators on NetEnforcer give various readings. The LEDs relevant to operations in Parallel Redundancy mode are the Standby, Active and Power LEDs on the NetEnforcer LCD panel.

  • Page 79: Secondary Netenforcer Activation

    Chapter 4: Redundancy Standby Active Power Analysis Primary Primary NetEnforcer failed or not Unit completed booting. Secondary Secondary NetEnforcer failed or not Unit completed booting. Bypass is activated (in the primary unit and all traffic is going through Bypass. Table 4-1 – LED Conditions: AC-1000 Series, Parallel Redundancy Mode Secondary NetEnforcer Activation When two NetEnforcers are connected in Parallel Redundancy mode, the Secondary NetEnforcer will take control and become the active unit under the following...
  • Page 80 Chapter 4: Redundancy To connect two AC-1000 Series NetEnforcers in Parallel Redundancy: Before using NetEnforcers in Parallel Redundancy mode, make sure that the configuration of both NetEnforcers is identical; except for their IP addresses, which must be unique for each unit. After ensuring identical configuration, test each NetEnforcer (while connected to the network as a single device) and verify that they are operating identically to one another.

  • Page 81: Active Redundancy

    Chapter 4: Redundancy Active Redundancy NOTE Active Redundancy is only relevant to AC-1020 and AC-1040 units. The AC-1010 does not support Active Redundancy. In an Active Redundancy configuration, each NetEnforcer manages a single link while duplicating the link’s traffic to the other NetEnforcer. Both NetEnforcers are active. Each unit shapes the traffic of one link only, but the shaping algorithm considers traffic of both links.

  • Page 82: Connecting The Netenforcer In Active Redundancy

    Chapter 4: Redundancy Connecting the NetEnforcer in Active Redundancy Line 1 (and 3 in the AC-1040) is used to pass actual traffic – these interfaces will be used to connect the NetEnforcers to the corresponding switches or routers. Line 2 (and 4 in the AC-1040) is used to duplicate traffic and pass it to the second NetEnforcer.

  • Page 83: Serial Redundancy

    Chapter 4: Redundancy Serial Redundancy In Serial Redundancy two bypass units are connected to the network in serial and the two NetEnforcers work in Active/Bypass mode. One probe is in active mode at all times, and the other is in bypass mode. There is no probe is standby mode.

  • Page 84: Netenforcer Failover

    Chapter 4: Redundancy NetEnforcer Failover In case the Primary NetEnforcer fails, the unit will go in to bypass mode forwarding all traffic directly to the network bypassing the failed NetEnforcer. The Secondary NetEnforcer will go in to active mode forwarding all traffic via the secondary unit. NetEnforcer functionality will be maintained.

  • Page 85: Serial Redundancy In Mesh Topologies

    Chapter 4: Redundancy Figure 4-9 – Serial Redundancy – Bypass Scenario Serial Redundancy in Mesh Topologies Serial Redundancy can support mesh topology configurations. In the network diagram described below, each of the NetEnforcer units should be able to handle two links which requires it to have four network interfaces.

  • Page 86: Figure 4-10 - Serial Redundancy - Mesh Scenario

    Chapter 4: Redundancy Figure 4-10 – Serial Redundancy – Mesh Scenario In a network configuration with four network interfaces, each of the NetEnforcer units must have eight network interfaces. The AC-1040 can be used in such a configuration 4-22 NetEnforcer AC-1000 Hardware Guide...

  • Page 87: Chapter 5: Hardware Specifications

    Chapter 5: Hardware Specifications Dimensions Standard 2U by 19-inch, rack mountable Height 3.46 in (88 mm) Width 17.32 in (440 mm) Depth 14.76 in (375 mm) Weight Copper: 24.9 lbs (11.3 kg) Fiber: 25.3 lbs (11.48 kg) NOTE The weight of the Copper Bypass Unit is 3.86 lbs (1.75 kg) and the weight of the Fiber Bypass Unit is 4.28 lbs (1.94 kg).

  • Page 88: Operating Environment

    Chapter 5: Hardware Specifications Operating Environment Temperature 32° F to 104° F (0° to 40° C) Humidity 5% to 95% (non condensing) NetEnforcer AC-1000 Hardware Guide...

  • Page 89: Standards, Compliance And Certifications

    Chapter 5: Hardware Specifications Standards, Compliance and Certifications EMC Directive 89/336/EEC, article 7(1) EN 55022:1998+A1(00) class A EN 61000-3-2:1995_A1(98)+A2(98) EN 61000-3-3:1995 EN 55024:1998+A1(01) FCC 47 CFR part 15, subpart B, class A ICES-003:1997, class A VCCI:2002, class B NEBS: GR-1089-Core* Safety IEC 60950:1999 with Japanese deviations EN 60950:2000...

  • Page 91: Chapter 6: Firewall Port Reference

    Chapter 6: Firewall Port Reference In some networks, the NetEnforcer can be separated from the NetXplorer server by a firewall for security reasons. To enable the communication between the NetXplorer and NetEnforcers the following ports in the Firewall should be opened: •...

  • Page 93: Chapter 7: Équipement De Série Ac-1000

    Chapter 7: Équipement de série AC-1000 Le NetEnforcer est une passerelle d’apprentissage transparente certifiée conforme à la norme IEEE 802.1, fonctionnant parallèlement à une unité de dérivation en vue d’assurer la continuité du débit de données en cas de problème matériel ou logiciel. La dérivation du NetEnforcer redirige l’ensemble du trafic uniquement vers des éléments passifs, permettant ainsi au réseau de fonctionner.

  • Page 94: Mises En Garde D'ordre Général

    Chapter 7: Équipement de série AC-1000 Mises en garde d’ordre général: CONFIGURATION Afin de garantir une continuité de service en cas de panne, l’ensemble des modèles de la série AC-1000 fonctionne uniquement en raccordement avec une unité de dérivation adaptée. LASER PRODUIT LASER DE CLASSE 1.
  • Page 95 Chapter 7: Équipement de série AC-1000 femelle connectée à la masse. Cette mesure de protection ne doit pas être contrecarrée par l’utilisation d’une rallonge non munie d’un conducteur de protection (relié à la masse). Toute interruption du conducteur de protection (relié à la masse) ou toute déconnection de la borne de masse de protection pourrait compromettre la sécurité...

  • Page 96: Remarques D'ordre Général

    Chapter 7: Équipement de série AC-1000 Remarques d’ordre général: LASER Dans le cas d’un produit doté d’un émetteur-récepteur en fibre optique, les émissions dégagées par les produits décrits dans ce guide sont de Catégorie 1, conformément aux normes IEC 60825-1 et FDA 21 CFR 1040.10 / 1040.1. Ces produits ne doivent en aucun cas être installés dans un réseau optique traitant des émissions de classe supérieure à...

  • Page 97: Spécifications Matérielles

    Chapter 7: Équipement de série AC-1000 Spécifications matérielles Dimensions Conception 2U standard de 19 pouces, montable en rack Hauteur 88 mm (3.46 in.) Largeur 440 mm (17.32 in.) Profondeur 375 mm (14.76 in.) Poids Cuivre: 11,3 kg (24.9 lbs) Fibre optique: 11,48 kg (25.3 lbs) REMARQUE L’unité...

This manual is also suitable for:

Netenforcer ac-1020Netenforcer ac-1010Netenforcer ac-1040

Table of Contents