3COM 6200 User Manual
Security Switch 6200
Hardware and Software
Users Guides
2468
1357
10/100
10 12 14 16
9111315
10/100/1000
17
FIBER
PACKET
LINK
18
FIBER
PACKET
LINK
CONSOLE
PWR
(max) 9800,8,N,1
MGMT1
MGMT2
SYS
HDD
December 2003
Copyright © 2003, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used
to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the
part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not
limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may
make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product
as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT.
If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the
following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial
Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided
with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only
as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any
portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com, SuperStack, and Transcend are registered trademarks of 3Com Corporation. The 3Com logo and CoreBuilder are trademarks of
3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of
Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and
other countries, licensed exclusively through X/Open Company, Ltd.
Netscape Navigator is a registered trademark of Netscape Communications.
JavaScript is a trademark of Sun Microsystems
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the
recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable,
and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.
Contents
About this Guide
Intended Audience ........................................................................................ v
Conventions................................................................................................... v
Related Documentation ............................................................................... vi
Customer Support........................................................................................ vi
1 Introduction
System Components .................................................................................. 1-1
Chassis ................................................................................................... 1-2
Management Options ............................................................................ 1-3
First Time Startup Interview......................................................... 1-3
Configuration Tool .......................................................................... 1-3
2 Installation
Before You Start ........................................................................................ 2-1
Site Requirements ................................................................................. 2-2
Shipment Check .................................................................................... 2-2
Additional Equipment........................................................................... 2-4
Required Equipment ............................................................................. 2-4
Tools................................................................................................. 2-4
Cables .............................................................................................. 2-4
Terminal or PC................................................................................ 2-5
Chassis Rack Installation ......................................................................... 2-5
Front Rack Mounting ............................................................................ 2-5
Tabletop Mounting ................................................................................ 2-6
3
Interface Connections and First Time Start-Up
Making Connections .................................................................................. 3-1
Management Serial Port Connections ................................................. 3-1
Connecting a Terminal or PC to the System Front Serial
Craft Port ........................................................................................ 3-2
Connecting Remotely ...................................................................... 3-3
Power Connections ................................................................................ 3-3
Startup and Normal Operation LED Displays ........................................ 3-4
POST Error Beep Codes ............................................................................ 3-5
First Time Startup..................................................................................... 3-7
3COM Security Switch 6200 Hardware and Software Users Guide
4 Configuring the Security Switch 6200 System
Configuring System Parameters............................................................... 4-2
Configuring User Accounts ....................................................................... 4-5
Configuring the Network Time Protocol (NTP) ....................................... 4-6
Configuring Domain Name Resolution..................................................... 4-6
Configuring the Simple Network Management Protocol (SNMP) .......... 4-7
Configuring Physical Interfaces.............................................................. 4-10
Configuring Tap Interfaces ..................................................................... 4-12
Configuring Network Interfaces ............................................................. 4-13
Configuring IP Aliases ............................................................................ 4-14
Configuring Static Routes ....................................................................... 4-16
Configuring Static ARP Entries.............................................................. 4-17
Configuring the Virtual Router Redundancy Protocol (VRRP)............. 4-18
Exiting from the Configuration Tool ...................................................... 4-21
Saving Your System Configuration ........................................................ 4-21
Restoring Your System Configuration.................................................... 4-21
Displaying Your System Configuration.................................................. 4-21
Restoring the system to Factory Default Settings ................................. 4-25
Getting Help Within the Configuration Tool ......................................... 4-25
5 Upgrading the System Software
Upgrading the System Software ............................................................... 5-1
6 Upgrading the System Software Using the Safe Upgrade and
Rollback Features
Using Multiple Versions of Software (Safe Upgrade) .............................. 6-1
Upgrading from Version 2.0 ................................................................. 6-1
Upgrading from Version 2.1 and Greater ............................................ 6-3
Upgrading from Software to a UP While an RP is
Operational (Rollback)............................................................................... 6-4
7 Technical Support
Online Technical Services ......................................................................... 7-1
World Wide Web Site ............................................................................ 7-1
3Com Knowledgebase Web Services .................................................... 7-2
3Com FTP Site....................................................................................... 7-2
Support from Your Network Supplier ...................................................... 7-2
Support from 3Com ................................................................................... 7-3
Email Support ....................................................................................... 7-3
Telephone Support ................................................................................ 7-3
Returning Products for Repair.................................................................. 7-6
A Technical Specifications
Physical Characteristics........................................................................... A-1
Environmental Characteristics................................................................ A-1
Power Characteristics .............................................................................. A-1
3COM Security Switch 6200 Hardware and Software Users Guide
B Connector Pin Assignments
C Regulatory Information
Regulatory Standards Compliance .......................................................... C-1
CE marking for the EEA (European Economic Area) ........................ C-1
Safety .................................................................................................... C-1
Factory Approvals ................................................................................ C-1
EMI Compliance ....................................................................................... C-2
Radio Frequency Interference ............................................................. C-2
VCCI Statement V-3/2000.04 .............................................................. C-2
Other EMI Approvals........................................................................... C-2
Immunity Compliance .............................................................................. C-2
3COM Security Switch 6200 Hardware and Software Users Guide
3COM Security Switch 6200 Hardware and Software Users Guide
About this Guide
This guide describes how to install and configure the 3COM Security Switch
6200 hardware and system software. The Security Switch 6200 is based on the
3COM system software and may be referred to as the system.
Intended Audience
This guide is intended for system integrators and other qualified service
personnel responsible for installing, configuring, and managing the
system.
Conventions The following conventions are used throughout this guide to
emphasize certain information, such as, user input, screen options and
output, and menu selections.
italics − Indicates book titles and user input variables.
Courier − Indicates user input and program output.
Courier italics − Indicates variables in commands.
Menu => − Indicates to select an Option from the menu pull-down.
Warnings, Cautions, and Notes indicate the following:
NOTES − Provide helpful suggestions or reference to materials not contained
in this
manual.
!
WARNING:
Warnings notify you to proceed carefully in order to avoid
personal harm.
!
CAUTION:
Cautions notify you to proceed carefully in order to avoid damaging
equipment or losing data.
3COM Security Switch 6200 Hardware and Software Users Guide v
About this Guide
Related Documentation
Customer Support
The following guides provide additional installation and configuration
information for the system.
Security Switch 6200 Product Release Notes
Install Server Installation and Configuration Guide
Security Switch 6200 Applications Guide
To obtain technical tips or support, refer to the Technical Support
chapter of this guide.
vi 3COM Security Switch 6200 Hardware and Software Users Guide
Introduction
The Security Switch 6200 is a high performance, turnkey security services
switch that integrates best-in-class firewall, virtual private networks,
intrusion detection, and content security engines. The system offers high port
density, high availability, and simplicity of management in a compact,
expandable form factor.
System Components
The system is a Network Processor-based security platform that provide
exceptional performance while maintaining flexibility for security application
support. The system’s unique flow management and acceleration technology
enables simultaneous processing of traffic by multiple services.
The system is used by medium to large enterprises to consolidate the
functions of multiple appliances at a fraction of the cost.
This chapter describes the system components.
The system has a compact, expandable form factor and is either rack or tabletop mountable. The system provides the following features:
• Fixed 16-10/100 Ethernet and 2-fiber or copper Gigabit Ethernet (GE)
interfaces.
• Network Interface Module (NIM) powered by the Network Processor.
• Dual-processor motherboard (Application Module) with high-speed
Pentium III processors.
• High-speed Ethernet backplane connecting the network and
application processing modules.
• 40 GB hard drive.
• Two out-of-band 10/100 Ethernet management ports.
• Two USB ports (may be used for modem support).
3COM Security Switch 6200 Hardware and Software Users Guide 1-1
Introduction
ly
• One serial console port.
• Two redundant, hot-swappable power supplies.
• Five expansion slots for optional VPN or other security
acceleration cards.
Chassis The chassis is front rack mountable, in a standard 19 inch rack.
Figure 1-1 displays the 6200 system’s major components.
2468
1357
10/100
10 12 14 16
9111315
17
FIBER
PACKET
LINK
10/100/1000
18
FIBER
PACKET
LINK
CONSOLE
PWR
(max) 9800,8,N,1
MGMT1
MGMT2
SYS
HDD
Figure 1-1 6200 Front View
Figure 1-2 displays the rear panel components.
NOTE: This figure is shown for reference only. The console connections
should be made from the 6200 front panel, with the management connections
taking place in the rear of the chassis.
PCI Slots
PCI Slots
Primary
Power Supply
Secondary
Power Supp
Video
RJ45 Serial Port
Connector
Managemet
Port 2
Managemet
Port 1
PS/2 Mouse/Keyboard
Connector
Figure 1-2 Rear Panel Component Layout
1-2 3COM Security Switch 6200 Hardware and Software Users Guide
Introduction
Management Options
The system provides two system management options:
• First time startup interview
• Configuration Tool
First Time Startup Interview
The system uses a built in, easy to configure, interview tool (cos_interview)
that allows you to quickly configure your system for basic operations. For
further information on the startup interview, refer to the Interface
Connections and First Time Start-Up chapter of this guide.
Configuration Tool
The system uses a menu driven configuration interface (cos_config) for
configuration purposes. This tool supports adding, modifying, or deleting
any of the system configuration parameters. For further information on this
tool, refer to the Configuring the System chapter of this guide.
3COM Security Switch 6200 Hardware and Software Users Guide 1-3
Introduction
1-4 3COM Security Switch 6200 Hardware and Software Users Guide
Installation
This chapter describes the system installation, covering the following topics:
• Pre-installation considerations
• Chassis installation
• Interface connections
Before You Start
!
WARNING:
To ensure power connectivity, if you are using more than one
power supply, be sure to use separate power sources.
Before installing your system, be sure that the site’s environmental and space
requirements allow optimal chassis access and operation. In addition, you
need to verify that you have the equipment and the tools necessary to
complete this installation.
3COM Security Switch 6200 Hardware and Software Users Guide 2-1
Installation
Site Requirements
The system installation site should meet the following requirements:
Requirement Description
Operating Temperature 0 to 40 degrees C
Relative Humidity 10% - 90%, non-condensing
Minimum Ventilation 6 inches (15.2 cm) to the front, back, and sides of
the chassis
Service Clearance 30 inches (76.2 cm) at the front of the chassis
Power Sources 100 to 240 VAC outlets, with grounding and power
surge protection
Rack Standard 19-inch rack with grounding
Shipment Check Using the packing slip as a reference, inspect package contents for missing or
damaged items. If parts are missing or damaged, call your 3COM Systems
Support Representative (Refer to Chapter 5, for contact information.). The
following items, as a minimum, are included with your system:
• Chassis
• Mounting screws
• Rubber feet
• Two power cables
• One serial console port cable
• CDs containing the system software, product documentation, and
applications
• Warranty card
Figure 2-1 shows the standard shipping contents:
2-2 3COM Security Switch 6200 Hardware and Software Users Guide
Installation
2
4
6
10/100
8
10
1
12
14
3
5
7
16
9
11
13
15
10/100/1000
17
FIBER
PACKET
LINK
18
FIBER
PACKET
LINK
PWR
CONSOLE
MGMT1
MGMT2
SYS
(max) 9800,8,N,1
HDD
Figure 2-1 3COM Security Switch 6200 Shipping Contents
NOTE: 3COM recommends that you save the shipping containers in the event
you need to send back one or more components.
3COM Security Switch 6200 Hardware and Software Users Guide 2-3
Installation
Additional Equipment
Required Equipment
• PC running RedHat Linux 6.2 or greater software. This software is
used to support the Security Switch 6200 Graphical User Interface
(GUI) and for hosting the Check Point™ FireWall-1
Server.
• PC running WinNT4/Win2K software. This software is used for
launching the Check Point FireWall-1 GUI and the system’s embedded
WEB GUI.
• Security applications licenses to activate installed software on
the system.
To install the chassis in a standard rack you need certain hand tools,
appropriate cabling, and additional hardware not included in the
chassis shipment.
®
Management
Tools
To install the chassis into a standard rack you need, as a minimum, a
Phillips screwdriver (9” minimum, #2).
Cables
Cabling requirements are installation-specific. Prior to installation you
should know:
• The kind and number of cables required for each type of interface.
• The distance limitations for each signal type. Table 2-1: provides the
approximate cable distance limitations.
Table 2-1: Cable Distance Limitations
Cable Description Distance Limitation
Craft port: RS-232 DB9 directly
from the system
Management Link port: 10/100 Cat 5 cable, 100 meters (328 feet)
Copper Ethernet Link Port: 10/100/
1000
Fiber Ethernet Link Port: Gigabit 62.5 micro-fiber - 275 meters
Table 2-2: shows the cables that ship with chassis.
Table 2-2: System Cables
Cable Description
Power Cabling Standard AC power cable.
Console Port Serial shielded straight-through 9-pin D-sub female to 9-
pin male cable.
15 meters maximum
(50 feet maximum)
Cat 5 cable, 100 meters (328 feet)
(902 feet)
50 micro-fiber - 550 meters
(1805 feet)
2-4 3COM Security Switch 6200 Hardware and Software Users Guide
Installation
Terminal or PC
A VT-100 terminal or a Personal Computer (PC) is required during
installation. The terminal or PC is connected to the chassis’s craft port,
allowing you to monitor start-up diagnostics and to configure the unit for
remote management access.
Chassis Rack Installation
Front Rack Mounting
The chassis can be installed in the front or center of a standard 19” rack.
To install the chassis in the front of your rack:
1. Remove the center brackets (one on each side) from the system.
2. Position the chassis in the rack by aligning the holes on its integrated
front mounting brackets with the holes in the rack.
3. Insert the appropriate screws through the brackets and tighten. If
the rack holes are not threaded, use cage-nuts over them. Figure 2-2
shows a chassis installation example.
2
46
8
10/100
1
10
3
12 14
5
7
16
9
11 13
15
17
FIBER
10/100/1000
PACKET
LINK
18
FIBER
PACKET
LINK
PWR
CONSOLE
MGMT1
(max) 9800,8,N,1
MGMT2
SYS
HDD
Rear
Mounting
Bracket
Front
Mounting
Bracket
Figure 2-2 Front Rack Mounting the Chassis
3COM Security Switch 6200 Hardware and Software Users Guide 2-5
Installation
Tabletop Mounting
The system can be mounted on any desk or table top. To do this you first need
to attach the four rubber feet, supplied with the system, to the bottom of the
box. To do this, complete the following:
1. Turn the system over onto its top with the bottom facing up.
2. Locate the indented feet locators, as shown in the following figure.
Place rubber feet here.
3. Peel backing off of the rubber feet and press them down firmly on
the indents.
Once the rubber feet are installed you can mount the system on a solid
flat surface.
2-6 3COM Security Switch 6200 Hardware and Software Users Guide
Interface Connections and
First Time Start-Up
This chapter describes the procedure for powering up the system for the first
time. Specifically covered are the following:
• Connecting to the Management Console
• Powering Up the System
Making Connections
Management Serial Port Connections
• First time configuration
This section describes connections to the chassis interfaces, including:
• Management serial port
• Ethernet port
• Power connections
The system provides you with multiple ways to access the Management
Console. You can connect to the console by either connecting a terminal or a
PC to the system’s serial (craft) connector or by Telneting into the system
Management Console remotely.
For the initial configuration you can connect to the system through the craft
port. Alternatively, you can connect to the system through telnet if you have
the DHCP service in your network. By default, DHCP is enabled on your
system, after your intital configuration you can disble the DHCP service.
3COM Security Switch 6200 Hardware and Software Users Guide 3-1
Interface Connections and First Time Start-Up
To connect to the serial connector use the DB9 serial connector located on the
front panel of the system.
NOTE: If you are connecting to the system Management Console using a
terminal or PC, the serial port on the terminal or PC must be configured for
9600 baud, 8 data bits, 1 stop bit, no parity, and no flow control.
Connecting a Terminal or PC to the System Front Serial Craft Port
To connect a terminal or PC to the system front serial craft port:
1. Connect one end of a DB9-to-DB9 cable into the terminal or PC.
2. Connect the other end into the system serial craft port. Figure 3-1
shows the system connected to a laptop computer.
2468
1357
10/100
10 12 14 16
9111315
10/100/1000
17
FIBER
PACKET
LINK
18
FIBER
PACKET
LINK
CONSOLE
PWR
(max) 9800,8,N,1
Personal Computer
Figure 3-1 Connecting a Laptop Computer to the system Front Serial
Craft Port
3. Set to VT-100 terminal emulation mode.
MGMT1
MGMT2
SYS
HDD
3-2 3COM Security Switch 6200 Hardware and Software Users Guide
Interface Connections and First Time Start-Up
Connecting Remotely
To access the system remotely:
1. Connect one end of an RJ45-to-RJ45 cable into a remote access device.
2. Connect the other end into the Management port. Figure 3-2 shows the
Management port module connected to a hub.
Figure 3-2 Connecting to the System Remotely
3. Telnet to configure IP.
Hub
Power Connections
CAUTION: To ensure power connectivity, if you are using more than one
power supply, be sure to use separate power sources.
To connect power cabling:
1. Place the female end of the power cable into the power supply
connector located on the back of the chassis. Refer to Figure 3-3 for
the exact location.
Power Supply Audible
Alarm Reset Button
Primary Power
Supply Connection
Figure 3-3 System Rear View Power Connections
NOTE: Before applying power to the system, be sure you have
connected a terminal or PC to the craft port. This allows you enter
commands needed at startup.
Secondary Power
Supply Connection
3COM Security Switch 6200 Hardware and Software Users Guide 3-3
Interface Connections and First Time Start-Up
2. Attach the male end of the power cable into an AC power source. The
system is powered up when power is applied to the power supplies.
NOTE: If the system is powered up with one power supply or if one of the
power supplies experiences a loss of power, an audible alarm sounds. To
silence this sound, press the red button located on the left side of the primary
power supply.
Startup and
Normal
Operation
During power up and normal operation, you can observe start-up activity
by checking LED activity on the system front panel.
Table 3-1 describes the various front panel LEDs and their function.
LED Displays
Table 3-1 Front Panel LED Descriptions
LED Color/Label State Description
10/100 Fast Ethernet Green On Ethernet connectivity present.
Yellow Flashing Traffic is present.
10/100/100 Fast
Ethernet/Gigabit
Ethernet
Power/Sleep(PWR) Green On Power on.
MGMT1/MGMT2 Green Random Flash NIC activity present.
System Status (SYS) Green On Running with normal operation.
Disk Activity (HDD) Green Random Flash Disk activity present.
Fiber/Green On Fiber connectivity present.
Activity/Green Flashing Traffic is present.
Link/Green On Ethernet connectivity present.
Flashing
1
In sleep state.
Off Off Power is off.
Flashing
2
Degraded.
Amber On Critical or non-recoverable condition.
Flashing
2
Non-critical condition.
Off Off Post/system stop.
Off Off
3
No hard disk activity detected.
1. The PWR LED sleep indication is maintained on standby by the system. If the
system is powered down without going through BIOS, the LED state in effect at
the time of power off, is restored when the system is powered on until cleared by
the BIOS. If the system is not powered down normally, the PWR LED may
blink even though the SYS LED may be off due to a failure or configuration
change that prevents the BIOS from running.
2. The Amber status takes precedence over the Green status. When the Amber
LED is on or flashing, the Green LED is off.
3. This LED is also off when the system is powered off or in a sleep state.
3-4 3COM Security Switch 6200 Hardware and Software Users Guide
Interface Connections and First Time Start-Up
POST Error Beep Codes
The following tables list POST error beep codes. Before system video
initialization, the BIOS and BMC use these beep codes to inform users on
error conditions.
BMC Generated POST Beep Codes
Code Description
1-5-1-1 FRB failure (processor failure)
1-5-2-1 Empty Processor
1-5-2-2 No Processor
1-5-4-2 Power fault: DC power unexpectedly lost (power
control failures)
1-5-4-3 Chipset control failure
1-5-4-4 Power control failure
BIOS Generated POST Error Beep Codes
Beeps Error message Description
1 Refresh timer failure The memory refresh circuitry on the
motherboard is faulty.
2 Parity error Parity can not be reset.
3 Base memory failure Base memory test failure. See Table 53.
POST Memory Error 3-Beep Codes for
additional error details.
4 System timer System timer is not operational.
5 Processor failure Processor failure detected.
6 Keyboard controller Gate
A20 failure
7 Processor exception
interrupt error
8 Display memory read/write
error
9 ROM checksum error System BIOS ROM checksum error.
10 Shutdown register error Shutdown CMOS register read/write
11 Invalid BIOS General BIOS ROM error.
The keyboard controller may be bad. The
BIOS cannot switch to protected mode.
The CPU generated an exception
interrupt.
The system video adapter is either
missing or its memory is faulty. This is
not a fatal error.
error detected.
3COM Security Switch 6200 Hardware and Software Users Guide 3-5
Interface Connections and First Time Start-Up
3-6 3COM Security Switch 6200 Hardware and Software Users Guide
Loading...