3Com 5112M-TPLS User Manual

ONline 10BASE-T Security

Module Installation and

Operation Guide

Document Number 17-00392-3

Printed February 1996

Model Number: 5112M-TPLS

3Com Co rporation

118 Turnpike Road

Southborough, MA 01772-1886

U.S.A.

(508) 460-8900

FAX (508) 460-8950

Federal Communications Commission Notice

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case you must correct the interference at your own expense.

Canadian Emissions Requirements

Cet appareil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur la matériel brouilleur: "Appareils Numériques", NMB-003 édictée par le Ministère des Communications.

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled "Digital Apparatus", ICES-003 of the Departm en t of Communications.

VDE Class B Compliance

Hiermit wird bescheinigt, dass der 5112M-TPLS in Üebereinstimmung mit den Bestimmungen der Vfg 243/1991 funkentstöert ist.

Der Deutschen Bundespost wurde das Inverkehrbringen dieses Geraetes angezeigt und die Berechtigung zur Üeberprüefung der Serie auf Einhaltung der Bestimmungen eingeräeumt.

Einhaltung mit betreffenden Bestimmugen kommt darauf an, dass geschirmte Ausfuehrungen gebraucht werden. Fuer die Beschaffung richtiger Ausfuehrungen ist der Betreiber verantwortlich.

This is to certify that the 5112M-TPLS is shielded against radio interference in accordance with the provisions of Vfg 243/1991.

The German Postal Services have been advised that this equipment is being placed on the market and that they have been given the right to inspect the series for compliance with regulations.

Compliance with applicable regulations depends on the use of shielded cables. The user is responsible for procuring the appropriate cables.

EN55022/CISPR22 Compliance

This equipment conforms to the Class A emissions limits for a digital device as defined by EN55022 (CISPR22).

VCCI Class 1 Compliance

This equipment is in the 1st Class category (information equipment to be used in commercial or industrial areas) and conforms to the standards set by the Voluntary Control Council for Interference by Information Technology Equipment aimed at preventing radio interference in commercial or industrial areas.

Consequently, when the equipment is used in a residential area or in an adjacent area, radio interference may be caused to radio and TV receivers, and so on.

Read the instructions for correc t handling .

UK General Approval Statement

The ONcore Switching Hub, ONline System Concentrator, and ONsemble StackSystem Hub are manufactured to the International Safety Standard EN 60950 and are approved in the UK under the General Approval Number NS/G/12345/J/100003 for indirect connection to the public telecomm unication network.

Disclaimer

The information in this document is subject to change without notice and should not be construed as a commitment by 3Com Corporation. 3Com Corporation assumes no responsibility for any errors that may appear in this document.

Copyright State me nt

1996, by 3Com Corporation. Printed in U.S.A. All rights reserved. 3Com is a registered trademark of 3Com Corporation. ONcore is a registered trademark of 3Com Corporation. The information contained herein is the exclusive and confidential property of 3Com Corporation. No part of this manual may be disclosed or reproduced in whole or in part without permission from 3Com Corporation.

Trademarks

Because of the nature of this material, numerous hardware and software products are mentioned by name. In most, if not all cases, these product names are claimed as tradem arks by th e companies that manufacture the products. It is not our intent to claim these names or trademarks as our own.

Artel, Chipcom, Ethermodem, Galactica, ONcore, ORnet, StarBridge, and TriChannel are registered trademarks of 3Com Corporation.

Chipcom OpenHub, G-Man, LANsentry, MultiProbe, ONdemand, ONline, ONsemble, PowerRing, SL2000, SL3000, SL4000, StackJack, StackSystem, and SwitchCentral are trademarks of 3Com Corporation.

ii ONline 10BASE-T Security Module Installation and Operation Guide

The Chipcom Multichannel Architecture Communications System is registered under U.S. Patent Number 5,301,303.

XNS is a trademark and Ethernet is a registered trademark of Xerox Corporation.

DEC, DECnet, the Digital logo, DELNI, POLYCENTER, VAX, VT100, and VT220 are trademarks of Digital Equipment Corporation.

UNIX is a registered trademark in the U.S.A. and other countries licensed exclusively through X/Open Company, Ltd.

IBM is a registered trademark of International Business Machines. 3ComFacts, Ask 3Com, CardFacts, NetFacts, and CardBoard are

service marks of 3Com Corporation. 3Com, LANplex, BoundaryRouting, LanScanner, LinkBuilder,

NETBuilder, NETBuilderII, ParallelTasking, ViewBuilder, EtherDisk, Etherl\Link, EtherLink Plus, EtherLink II, TokenLink, TokenLink Plus, and TokenDisk are registered trademarks of 3Com Corporation.

3ComLaser Library, 3TECH, CacheCard, FDDILink, FMS, NetProbe, SmartAgent, Star-Tek, and Transcend are trademarks of 3Com Corporation.

CompuServe is a registered trademark of CompuServe, Inc. 3Com registered trademarks are registered in the United States,

and may or may not be registered in other countries. Other brand and product names may be registered trademarks or trademarks of their respective holders.

Restricted Rights

Use, duplication, or disclosure b y the G overnm ent is subject to restrictions as set forth in subparagraph (c)(1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Printed on recycle d paper.

ONline 10BASE-T Security Module Installation and Operation Guide iii

iv ONline 10BASE-T Security Module Installation and Operation Guide

Contents

How to Use This Guide

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Structure of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Docume nt Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

3Com Doc uments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii

Reference Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii

Chapter 1 — Introduction

The ONline 10BA SE-T Secu rity Module . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1

Theory of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-2

Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-2

ONline Manageme nt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3

Chapter 2 — Designing and Expanding the Network

Understand ing the General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2

Basic Network Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2

LAN Equivalence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-6

Fibe r Backbone, T wisted P air To-T he-Desk . . . . . . . . . . . . . . . . . . . . . . . . . .2- 7

Fibe r Backbone, T wisted P air To-T he-Desk E xample . . . . . . . . . . . . .2-8

Twisted Pair B ackbone, Twisted Pair To-The-D esk . . . . . . . . . . . . . . . . . . .2-10

Patch Panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-11

Redundant Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12

ONline 10BASE-T Security Module Installation and Operation Guide v

Chapter 3 — Installing and Operating the Module

Precautionary Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2

Quick Installation Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2

Unpacking Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4

Setting the Dip Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5

Inst alling t he Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8

Inst alling t he Cable Tie-Wra p Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3- 8

Inst alling t he Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11

Configuring the Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Port Enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14

Networ k Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14

Port Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14

Link Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15

Modul e Securit y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15

Autopartition Threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-16

Savi ng Module Co nfigur ations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-16

Reverting Module Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-16

Showing Module Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17

Monitoring the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18

LED and Network Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21

Chapter 4 — Configuring Security Features

Quick Reference for Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . .4-2

Configuring Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4

Eavesdropping Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4

Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5

Defining Port Secur ity Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6

Defining Port Action on Intrusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7

Configuring Autole arning Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8

Enabling Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8

Configuring Autole arning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9

Defining a MAC Ad dress Manu ally . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11

Downloading the Autolearning Database . . . . . . . . . . . . . . . . . . . . . .4-12

Configuring Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13

Saving Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-14

Reverting Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-14

Showing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-14

vi ONline 10BASE-T Security Module Installation and Operation Guide

Showing Port Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-15

Showing Security Aut olearn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-17

Showing Security Intruder List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-18

Clearing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-19

Clearing the MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-19

Clearing the Autolearning Database . . . . . . . . . . . . . . . . . . . . . . . . . .4-20

Clearing the Security Intruder List . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-20

Using 3Com MIB Security Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-21

EMM Secu rity SNMP Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-21

Using the Security Module SNMP Variables . . . . . . . . . . . . . . . . . . . . .4-22

Chapter 5 — Troubleshooting

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-1

Troubleshooting Using the Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . .5-2

Troubleshooting Using the Activity LEDs . . . . . . . . . . . . . . . . . . . . . . . .5-4

Technical Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5

Appendix A — Specifications

Elec trical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A- 1

Environment al Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Mechanical Specificatio ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

General Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

50-P in Connec tor and Cab le . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -3

Twisted Pair C onnect ors and Cabl es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -6

Twisted Pair C onnect ors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

Twisted Pair C ables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

ONline 10BASE-T Security Module Installation and Operation Guide vii

Appendix B — Technical Support

On-line Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1

Email Technical Sup por t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-2

World Wide Web Sit e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-2

Support from Your Network Supplier . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-2

Support from 3Com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-3

Returning Products for Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-4

Accessing the 3 Com MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-4

3Com Tec hnica l Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-5

Index

viii O Nline 10BASE-T Security Module Installation and Operation Guide

Figures

Figure 1-1. ONline 10BASE-T Security Module Application . . . . . . . . . .1-3

Figure 2-1. Sample Configuration Distance Calculation . . . . . . . . . . . . .2-9

Figure 2-2. Unshielded Twisted Pair Network . . . . . . . . . . . . . . . . . . .2-11

Figure 2-3. Redundant Twisted Pa ir Configu ration . . . . . . . . . . . . . . .2-12

Figure 3-1. Security Module Dip Switch SW1 Location . . . . . . . . . . . . .3-5

Figure 3-2. Attaching the Tie-Wrap Bracket to the Module . . . . . . . . . .3-9

Figure 3-3. Attaching Cables With 90° Connectors . . . . . . . . . . . . . . .3-10

Figure 3-4. Installing an ONline 10BASE-T Security Module . . . . . . . . .3-11

Figure 3-5. ONline 10BASE-T Security Module Cable Connection . . . .3-12

Figure 3-6. Security Module Faceplate . . . . . . . . . . . . . . . . . . . . . . . .3-19

Figure 4-1. Example of Eavesdropping Security . . . . . . . . . . . . . . . . . . .4-5

Figure 4-2. Example of Intrusion Detection . . . . . . . . . . . . . . . . . . . . . .4-6

Figure A-1. 50-Pin Cable Male and Female Connectors . . . . . . . . . . . . A-4

Figure A-2. RJ-45 Connector Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

ONline 10BASE-T Security Module Installation and Operation Guide ix

x ONline 10BASE-T Security Module I ns tallation and Operat ion Guide

Tables

Table 2-1. Seven Basic Network Rules . . . . . . . . . . . . . . . . . . . . . . . . .2-3

Table 2-2. LAN Product Equiva lent Distances . . . . . . . . . . . . . . . . . . . .2-6

Table 2-3. Maximum Lin k Distance on Twisted Pair . . . . . . . . . . . . . .2-10

Table 3-1. Procedures for Completing Insta llation . . . . . . . . . . . . . . . .3-2

Table 3-2. DIP Switch S W1 N etwork Se lection Settings . . . . . . . . . . . .3-6

Table 3-3. DIP Switch S W1 Security and Link In tegrity Setti ngs. . . . . . .3-7

Table 3-4. Interpretation of the Security Module LEDs . . . . . . . . . . . .3-20

Table 3-5. Network Check Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2 1

Table 4-1. Quick Reference for Configuring the Security

Modul e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2

Table 5-1. Troubleshooting Using the Port Status LEDs. . . . . . . . . . . . .5-2

Table 5-2. Troubleshooting Using the Activity LEDs . . . . . . . . . . . . . . .5-4

Table A-1. 50-Pin Cable Pinouts and Port Assignments . . . . . . . . . . . . A-5

ONline 10BASE-T Security Module Installation and Operation Guide xi

This guide tells you how to install and operate the 3Com ONline™ 10BASE-T Security Module (referred throughout this guide as the Security Module) for the ONline System Concentrator. A configuration section is provided to help you plan your network configuration. This guide also includes information on moni toring the module us ing an ONline network mana gemen t mod ule . An a pp endi x ex pla ins ca blin g gu idel in es a nd op tion s for this module.

Audience

This guide is intended for the following people at your site:

How to Use This Guide

❑ Network manager or administrator ❑ Hard ware installer

ONline 10BASE-T Security Module Installation and Operat ion Guide xiii

Structure of This Guide

This guide contains the following chapters: Chapter 1, Introducti on – Introduces the principal features of the

Security Module. Chapter 2, Designing and Expanding the Network – Explains

examples of possible network configurations using the ONline System Concentrator and the Security Module.

Chapt er 3, I n stall ing and Operating the Mod u le – Provides illustrated procedures for installing the Security Module into the ONline System Concentrator. Also shows front panel LEDs and the DIP switch on the module.

Chapter 4, Configuring Security Features – Describes the security features and provides the management commands to configure these features. Also provided are the commands to show and clear security configurations.

Chapter 5, Troubleshooting – Provides help in isolating and correcting problems that may arise during the installation process and during norma l operation.

Appendi x A, Spec ificat ions – Provides electrical, environmental, and mechanical specifications for the Security Module, plus information on the module's 50-pin Telco connector, RJ-45 connectors, and Twisted Pair cables.

Appendix B, Technical Support – Lists the vario us methods for contacting the 3Com technical support organization and for accessing other product support se rvices.

Index

xiv ONline 10BASE-T Security Module Installation and Operation Guide

Document Conve ntions

The following document conventions are used in this manual:

Convention Indicates Example

Courier text User input In the Agent Information Form,

enter MIS in the New Contact field.

System output After pressing the A pply

button, the sy stem displays the message Transmi tt in g da ta .

Bold command string

Italic text in braces User-substituted

Capitalized text in plain brackets

Italics Text emphasis,

Path names Before you begin, read the

identifiers

Keyboard entry by the user

docu me nt title s

readme.txt file located in /usr/snm/agents.

Use t he following comma nd to show port detail s:

SHOW PORT {

Type your password and press [ENTER].

Ensure that you press the Apply button after you add the new search parameters.

slot

.all} VERBOSE

ONline 10BASE-T Security Module Installation and Operation Guide xv

Convention Indicates Example

Note: A Note. The

Caution: A Caution. A

Warning: A Warning. A

Related Docu me nts

This section provides information on supporting documentation, including:

❑ 3Com Documents

information is important

condition may damage software or hardware

condition may threaten personal safety

Note: Use STP lobe cables for yo ur s yste m.

Caution: Do not put your installation diskettes on a magnetic surface. This may damage the diskettes.

Warning: We ar eye protec tion when performing these maintenance procedures.

❑ Reference Do cuments

xvi ONline 10BASE-T Security Module Installation and Operation Guide

3Com Documents

The following documents provide ad ditional information on 3Com products:

17-Slot ONline System Concentrator Installation and Operation Guide – Explains how to install, operate, and manage the 3Com ONline

17-Slot Syste m Concentra tor (Models 5017C-LS and 5017 C with load sharing).

6-Slot ONline System Concentrator Installation and Operation Guide – Explains how to install, operate, and manage the 3Com ONline

6-Slot System Concentrator. ONline Ethernet Management Module Installation and Operation Guide –

Describes h ow to install the ONline Ethernet Network Management Module in the ONline System Concentrato r and explains the LEDs on the module faceplate. This guide also provides instructions for connecting a terminal to the module and describes the management commands necessary to perform management tasks on the concentrator and on remote devices.

ONline Management Commands Guide – Provides an a lphabetized reference resource describing all ONline ma nagement commands.

For a complete list of 3Com documents, contact your 3Com representative.

Reference Documents

The following documents supply related background information:

Case, J., Fedor, M., Scoffstall, M., and J. Davin, The Simple Network Management Protocol, RFC 1157, University of Tennessee at Knoxville,

Performan ce Systems International and the MIT Laboratory for Computer Science, May 1990.

Rose, M., and K. McCloghrie, Structure and Identification of Management Information for TCP/IP-based Internets, RFC 1155,

Performance Systems International and Hughes LAN Systems, Ma y 1990.

ONline 10BASE-T Security Module Installation and Operation Guide xvii

Introduction

This chapter describes the principle features of the ONline 10BASE-T Security Module.

The ONline 10BASE-T Security Module

The ONline 10BASE-T Security Module is a 12-port IEEE 802.3 repeater module that complies with the 10BASE-T standard. The module is designed for use with the 3Com ONline System Concentrators using unshielded twisted pair wiring. The Security Module provides the following features and benefits:

❑ Provides jamming security for 12 10BASE-T ports ❑ Provides security from unauthorized transmissio ns ❑ Uses the 3Com ONgua rd™ technology to secure the network from

eavesdropping and i ntrusions

❑ Suppo rts up to 150 meter link distances on 22 gauge wire and up to

125 meters on 24 ga uge wire (the meter distance on 26 gauge wire varies by cable type)

❑ Complies fully with the 10BASE-T signaling standard

Introduction 1 - 1

❑ Features 'hot swap' capability so that you can install or remove the

module without having to power d own the conc entrator

In addition, the Security Module allows you to disable Link Integrity, which allows the module to be connected to equipment that does not conform to the 10BASE-T standard.

Before installing the Security Module into the ONline System Concentrator, read the ONline System Concentrator Installation and Operation Guide.

Theory of Operation

The Security Module incorporates repeaters and twisted pair transceivers in its hardware:

– Repeaters restore phase and frequency. Repeated signals

synchronize to the system clock and enter on the ONline concentrator's TriChannel™ backplane. Outgoing signals from the TriChannel backplane are sent directly to transceive rs to be transmitted to twisted pair link segments.

– Transceivers receive and restore amplit ude to incom ing

signals.

Application

Attach the Security Module to a pa tch or punchdown block using bundled 25-pair or 12-leg hydra cables. This provides connections for the 12 twisted pair ports, as shown in Figure 1-1.

1 - 2 ONline 1 0B ASE-T Security Module I ns tallation and Operat ion Guide

Figure 1-1. ONline 10BASE-T Security Module Application

ONline Management

A master ONline Ethernet Management Module (EMM) at Version 4.0 is capable of managing the Security Module, including the Autolearning feature.

A master ONline Token Ring Management Module (TR MM) at Version 3.0 is capable of managing the Security Module with the exception of the Auto learning Feat ure. You must manually add MAC addresses to a port MAC address table in order for a TRMM to manage the security features of the Security Module. Refer to Chapter 4 for a description of the commands to add MAC addresses to a po rt MAC address tab le.

Introduction 1 - 3

Designing and Expanding t he Network

This chapter contains configuration information that will help you to design your netw ork. Install all equ ipment using only approved cables for proper operation. Refer to Appendix A, Twisted Pair Connectors a nd Cables, for information on twisted pair connector and cable requirements.

This chapter includes five sections which describe how to configure your network using the ONline System Concentrator and the ONline 10BASE-T Security Module. These sections include:

❑ Understanding Network Configurations ❑ Fibe r Backbone, Twisted Pair To-T he-Desk ❑ Twisted Pair Backbone, Twisted Pair To-The-Desk ❑ Patch Panels ❑ Redundant Links

Designing and Expanding the Network 2 - 1

Understanding the General Rule s

As part of your network design, it is important to consider your network size. For instance, is the network (end-to-end) 100 meters, 1000 meters, 4000 meters, or more? What are your plans for expansion? Your answers play a role in how you configure your network. For example, once the network expands beyond a certain size, you need to add a bridge or other internetworking device.

This section describes general rules for configuring an Ethernet network using fiber as the backbone medium. It also provides rul es to ensure that your network configuration conforms to distance limitations imposed by Ethernet and networking equipment.

This secti on includ es:

❑ Basic Network Rules ❑ LAN Equivalence

Basic Network Rules

This section outlines the basic network rules and 3Com’s recommendations for these rules. For more hardware-specific information on the 10-Port module, refer to Appendix A.

2 - 2 ONline 1 0B ASE-T Security Module I ns tallation and Operat ion Guide

Table 2-1 outlines the seven basic rules to keep in mind when you construct your network.

Table 2-1. Seven Basic Network Rules

Rule Definition Recommendations/Notes

1 If possible, use

10BASE-FB as the backbone medium.

2 Wire the backbone in

a star topology to isolate faults.

3 The maximum Fib er

Ethernet network diameter is 4200 meters of fiber cable.

Use 62.5 micron cable to conform with the IEEE 10B ASE-F and upcoming ANSI FDDI standards.

Use ST-type connectors. Make sure to l ay extra fiber cables.

The extra cost is small and you will find yo u need th em as your net work grows.

The st ar to po log y conf or ms t o FDD I wiring as well -- just make sure to run at least two fiber strands to every backbon e co nnection.

The 4200 meters is the maximum distance between any two transceivers on the network.

The 4200 meters does not include the transceiver cable (that is, drop or patch cable) that connects a device with an external transceiver. Transceiver cables can extend up to 50 meters. Thus, total network diameter can be as much as 4300 meters (420 0 m + 2 * 50 m) betwee n any two nodes.

Designing and Expanding the Network 2 - 3

Table 2-1. Seven Basic Network Rules (Continued)

Rule Definition Recommendations/Notes

4 Certain LAN devices

on the network shrink the maximum Fiber Ethernet network diameter to less than 4200 meters.

5 Assume that one

meter of co axial or twisted pair is equal to one meter of fib er cable.

Many LAN pro du cts de la y th e si gna l that goes through them. This is known a s equivalent distance. Ev ery microsecond delay reduces the maximum link distance. In fact, every microsecond delay shrinks the network diameter by approximately 200 meters of fiber cable. Table 2-2 lists the Equivalent Distances for other 3Com products.

This is a conservative rule. For example, the actual equivalence is about 1.1 meters of coaxial for every meter of fiber. For simplicity, assume one meter.

2 - 4 ONline 1 0B ASE-T Security Module I ns tallation and Operat ion Guide

Table 2-1. Seven Basic Network Rules (Continued)

Rule Definition Recommendations/Notes

6 The f iber l ink dist ances

must not exceed the limits imposed by the optical power budget.

7 When in doubt, use a

bridge.

In general, on 62.5 micron cable, you can go up to 4000 meters point-to-point using the ONcore or ONline Fiber Mo dules. If you ha ve poor quality cable or cross many patch panels, you may have to sacrifice some distance.

Some older Eth ernet fiber optic products are less powerful than ONcore Fiber Module optic s. So when connecting to these products, remember that the least powerful device determines the maximum point-to-point distan ce.

If you are not certain if you have exceeded allowable network distances, use a bridge to extend the network.

Designing and Expanding the Network 2 - 5

LAN Equivalence

LAN equivalen ce is the sum of both the incoming and outgoing module port signals . Different modules, however, have different equivalent distances. Table 2-2 lists the LAN product equivalent distances..

Table 2-2. LAN Product Equivalent Distances

LAN Produc t

ONline 10BASE-T Security Module (5112M-TPLS) 585 Incoming si gnal to TP port 420 Outgoing signal from TP port 165 ONline Ethernet 10BASE-FB Modules (5104M-FB,

5102M-FBP, 5104M-FBP) Incoming signal to fiber port 140 Outgoing signal from fibe r por t 50 ONline Ethernet FOIRL Module (510 4M-FL) 560 Incoming signal to fiber port 330 Outgoing sign al from fibe r por t 230 ONline Ethernet 10BAS E-T Module (5108M-TP) 585 Incoming si gnal to TP port 420 Outgoing signal from TP port 165

Equivalent Fiber

Distance (meters)

190

ONline Ethernet 50-Pin Module (5112M-TPL, 5112M-TPPL)

Incoming si gnal to TP port 420 Outgoing signal from TP port 165

2 - 6 ONline 1 0B ASE-T Security Module I ns tallation and Operat ion Guide

585

Table 2-2. LAN Product Equivalent Distances (Continued)

LAN Produc t

ONline Ethernet 24-Port Module (5124M-TPCL) 585 Incoming si gnal to TP port 420 Outgoing signal from TP port 165 ONline Ethernet Repeater Module (5102M-AUIF) 800 Incoming si gnal to AUI port 600 Outgoing signal from AUI port 200 ONline Ethernet BNC Module (5106M-BNC) 900 Incoming signal to BNC port 450 Outgoing signal from BNC port 450 ONline Ethernet Transceiver Module

(5103M-AUIM) 3Com 10BASE-FB Star Coupler (9308S-FB) 180 ORnet Star Coupler (9314S) 180

Equivalent Fiber

Distance (meters)

IEEE Repeater 800

Fiber Backbone, Twist ed P air To-T h e-D esk

When you configure a network with unshielded twisted pair cabling to-the-desk and fiber for the backbone, be aware of the following:

Designing and Expanding the Network 2 - 7

❑ You must add a bridge if you exceed four full repeaters. The

four-repeater rule for Ethernet limits the number of 10BASE-T modules between any two transceivers. When traffic goes into a port on any repeater-based module and out the backplane, it counts as a 1/2 repeater. When the traffic goes into the module thro ugh one port and out another port on the same or a different module, it counts as one full repeater. Therefore, you must add a bridge if the path from one transceiver to another exceeds the four-repeater rule.

❑ The equivalent fiber distance fo r the ONline Ethernet Fiber Modules

(se e Rule 4) is: – 140 meters for signals that externally enter a Fiber Module

port

– 50 meters for signals that internally enter a Fiber Module

through the ONline Concentrator backplane

❑ The equivalent fiber distance for the Security Module (see Rule 4) is:

– 420 meters for signals that externally enter a Security

Module

– 165 meters for signals that internally enter a Security

Module through the ONline System Concentrator backplane

For every pair of Security Modules that a signal goes through, deduct a fiber equivalent distance of 585 meters (420 m + 165 m = 585 m) from the overall alllowable network diameter. This is also true if a signal makes a roundtrip through a single Security Module (enters the Security Mo dule through one port and exits another port of the same Security Module). This counts as 585 meters of fiber equivalent distance, and as a full repeater.

Fiber Backbone, Twisted Pair To-The-Desk Example

In the sample configuration shown in Figure 2-1, we determine if the transceivers are within legal Ethernet limits. 22-gauge unshielded twisted pair cable is used to connect 10BASE-T Transceivers to the Security Modules in the concentrators.

2 - 8 ONline 1 0B ASE-T Security Module I ns tallation and Operat ion Guide

+ 78 hidden pages