3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the
part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not
limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may
make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product
as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT.
If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the
following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial
Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided
with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only
as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any
portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com, SuperStack, and Transcend are registered trademarks of 3Com Corporation. The 3Com logo and CoreBuilder are trademarks of
3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of
Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and
other countries, licensed exclusively through X/Open Company, Ltd.
Netscape Navigator is a registered trademark of Netscape Communications.
JavaScript is a trademark of Sun Microsystems
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the
recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable,
and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.
Page 3
Contents
About this Guide
Intended Audience ........................................................................................ v
Conventions................................................................................................... v
Related Documentation ............................................................................... vi
Customer Support........................................................................................ vi
1Introduction
System Components .................................................................................. 1-1
3COM Security Switch 6200 Hardware and Software Users Guide
Page 6
3COM Security Switch 6200 Hardware and Software Users Guide
Page 7
About this Guide
This guide describes how to install and configure the 3COM Security Switch
6200 hardware and system software. The Security Switch 6200 is based on the
3COM system software and may be referred to as the system.
Intended
Audience
This guide is intended for system integrators and other qualified service
personnel responsible for installing, configuring, and managing the
system.
ConventionsThe following conventions are used throughout this guide to
emphasize certain information, such as, user input, screen options and
output, and menu selections.
italics− Indicates book titles and user input variables.
Courier − Indicates user input and program output.
Courier italics − Indicates variables in commands.
Menu => − Indicates to select an Option from the menu pull-down.
Warnings, Cautions, and Notes indicate the following:
NOTES − Provide helpful suggestions or reference to materials not contained
in this
manual.
!
WARNING:
Warnings notify you to proceed carefully in order to avoid
personal harm.
!
CAUTION:
Cautions notify you to proceed carefully in order to avoid damaging
equipment or losing data.
3COM Security Switch 6200 Hardware and Software Users Guidev
Page 8
About this Guide
Related
Documentation
Customer
Support
The following guides provide additional installation and configuration
information for the system.
Security Switch 6200 Product Release Notes
Install Server Installation and Configuration Guide
Security Switch 6200 Applications Guide
To obtain technical tips or support, refer to the Technical Support
chapter of this guide.
vi3COM Security Switch 6200 Hardware and Software Users Guide
Page 9
Introduction
The Security Switch 6200 is a high performance, turnkey security services
switch that integrates best-in-class firewall, virtual private networks,
intrusion detection, and content security engines. The system offers high port
density, high availability, and simplicity of management in a compact,
expandable form factor.
System
Components
The system is a Network Processor-based security platform that provide
exceptional performance while maintaining flexibility for security application
support. The system’s unique flow management and acceleration technology
enables simultaneous processing of traffic by multiple services.
The system is used by medium to large enterprises to consolidate the
functions of multiple appliances at a fraction of the cost.
This chapter describes the system components.
The system has a compact, expandable form factor and is either rack or tabletop mountable. The system provides the following features:
• Fixed 16-10/100 Ethernet and 2-fiber or copper Gigabit Ethernet (GE)
interfaces.
• Network Interface Module (NIM) powered by the Network Processor.
• Dual-processor motherboard (Application Module) with high-speed
Pentium III processors.
• High-speed Ethernet backplane connecting the network and
application processing modules.
• 40 GB hard drive.
• Two out-of-band 10/100 Ethernet management ports.
• Two USB ports (may be used for modem support).
3COM Security Switch 6200 Hardware and Software Users Guide1-1
Page 10
Introduction
ly
• One serial console port.
• Two redundant, hot-swappable power supplies.
• Five expansion slots for optional VPN or other security
acceleration cards.
ChassisThe chassis is front rack mountable, in a standard 19 inch rack.
Figure 1-1 displays the 6200 system’s major components.
2468
1357
10/100
10121416
9111315
17
FIBER
PACKET
LINK
10/100/1000
18
FIBER
PACKET
LINK
CONSOLE
PWR
(max) 9800,8,N,1
MGMT1
MGMT2
SYS
HDD
Figure 1-1 6200 Front View
Figure 1-2 displays the rear panel components.
NOTE: This figure is shown for reference only. The console connections
should be made from the 6200 front panel, with the management connections
taking place in the rear of the chassis.
PCI Slots
PCI Slots
Primary
Power Supply
Secondary
Power Supp
Video
RJ45 Serial Port
Connector
Managemet
Port 2
Managemet
Port 1
PS/2 Mouse/Keyboard
Connector
Figure 1-2 Rear Panel Component Layout
1-23COM Security Switch 6200 Hardware and Software Users Guide
Page 11
Introduction
Management
Options
The system provides two system management options:
• First time startup interview
• Configuration Tool
First Time Startup Interview
The system uses a built in, easy to configure, interview tool (cos_interview)
that allows you to quickly configure your system for basic operations. For
further information on the startup interview, refer to the Interface Connections and First Time Start-Up chapter of this guide.
Configuration Tool
The system uses a menu driven configuration interface (cos_config) for
configuration purposes. This tool supports adding, modifying, or deleting
any of the system configuration parameters. For further information on this
tool, refer to the Configuring the System chapter of this guide.
3COM Security Switch 6200 Hardware and Software Users Guide1-3
Page 12
Introduction
1-43COM Security Switch 6200 Hardware and Software Users Guide
Page 13
Installation
This chapter describes the system installation, covering the following topics:
• Pre-installation considerations
• Chassis installation
• Interface connections
Before You
Start
!
WARNING:
To ensure power connectivity, if you are using more than one
power supply, be sure to use separate power sources.
Before installing your system, be sure that the site’s environmental and space
requirements allow optimal chassis access and operation. In addition, you
need to verify that you have the equipment and the tools necessary to
complete this installation.
3COM Security Switch 6200 Hardware and Software Users Guide2-1
Page 14
Installation
Site
Requirements
The system installation site should meet the following requirements:
RequirementDescription
Operating Temperature 0 to 40 degrees C
Relative Humidity10% - 90%, non-condensing
Minimum Ventilation 6 inches (15.2 cm) to the front, back, and sides of
the chassis
Service Clearance 30 inches (76.2 cm) at the front of the chassis
Power Sources100 to 240 VAC outlets, with grounding and power
surge protection
RackStandard 19-inch rack with grounding
Shipment CheckUsing the packing slip as a reference, inspect package contents for missing or
damaged items. If parts are missing or damaged, call your 3COM Systems
Support Representative (Refer to Chapter 5, for contact information.). The
following items, as a minimum, are included with your system:
• Chassis
• Mounting screws
• Rubber feet
• Two power cables
• One serial console port cable
• CDs containing the system software, product documentation, and
applications
• Warranty card
Figure 2-1 shows the standard shipping contents:
2-23COM Security Switch 6200 Hardware and Software Users Guide
NOTE: 3COM recommends that you save the shipping containers in the event
you need to send back one or more components.
3COM Security Switch 6200 Hardware and Software Users Guide2-3
Page 16
Installation
Additional
Equipment
Required
Equipment
• PC running RedHat Linux 6.2 or greater software. This software is
used to support the Security Switch 6200 Graphical User Interface
(GUI) and for hosting the Check Point™ FireWall-1
Server.
• PC running WinNT4/Win2K software. This software is used for
launching the Check Point FireWall-1 GUI and the system’s embedded
WEB GUI.
• Security applications licenses to activate installed software on
the system.
To install the chassis in a standard rack you need certain hand tools,
appropriate cabling, and additional hardware not included in the
chassis shipment.
®
Management
Tools
To install the chassis into a standard rack you need, as a minimum, a
Phillips screwdriver (9” minimum, #2).
Cables
Cabling requirements are installation-specific. Prior to installation you
should know:
• The kind and number of cables required for each type of interface.
• The distance limitations for each signal type. Table 2-1: provides the
approximate cable distance limitations.
Table 2-1: Cable Distance Limitations
Cable DescriptionDistance Limitation
Craft port: RS-232 DB9 directly
from the system
Management Link port: 10/100Cat 5 cable, 100 meters (328 feet)
Copper Ethernet Link Port: 10/100/
1000
Fiber Ethernet Link Port: Gigabit62.5 micro-fiber - 275 meters
Table 2-2: shows the cables that ship with chassis.
Table 2-2: System Cables
CableDescription
Power Cabling Standard AC power cable.
Console PortSerial shielded straight-through 9-pin D-sub female to 9-
2-43COM Security Switch 6200 Hardware and Software Users Guide
Page 17
Installation
Terminal or PC
A VT-100 terminal or a Personal Computer (PC) is required during
installation. The terminal or PC is connected to the chassis’s craft port,
allowing you to monitor start-up diagnostics and to configure the unit for
remote management access.
Chassis Rack
Installation
Front Rack
Mounting
The chassis can be installed in the front or center of a standard 19” rack.
To install the chassis in the front of your rack:
1.Remove the center brackets (one on each side) from the system.
2.Position the chassis in the rack by aligning the holes on its integrated
front mounting brackets with the holes in the rack.
3.Insert the appropriate screws through the brackets and tighten. If
the rack holes are not threaded, use cage-nuts over them. Figure 2-2
shows a chassis installation example.
2
46
8
10/100
1
10
3
12 14
5
7
16
9
11 13
15
17
FIBER
10/100/1000
PACKET
LINK
18
FIBER
PACKET
LINK
PWR
CONSOLE
MGMT1
(max) 9800,8,N,1
MGMT2
SYS
HDD
Rear
Mounting
Bracket
Front
Mounting
Bracket
Figure 2-2 Front Rack Mounting the Chassis
3COM Security Switch 6200 Hardware and Software Users Guide2-5
Page 18
Installation
Tabletop
Mounting
The system can be mounted on any desk or table top. To do this you first need
to attach the four rubber feet, supplied with the system, to the bottom of the
box. To do this, complete the following:
1.Turn the system over onto its top with the bottom facing up.
2.Locate the indented feet locators, as shown in the following figure.
Place rubber feet here.
3.Peel backing off of the rubber feet and press them down firmly on
the indents.
Once the rubber feet are installed you can mount the system on a solid
flat surface.
2-63COM Security Switch 6200 Hardware and Software Users Guide
Page 19
Interface Connections and
First Time Start-Up
This chapter describes the procedure for powering up the system for the first
time. Specifically covered are the following:
• Connecting to the Management Console
• Powering Up the System
Making
Connections
Management
Serial Port
Connections
• First time configuration
This section describes connections to the chassis interfaces, including:
• Management serial port
• Ethernet port
• Power connections
The system provides you with multiple ways to access the Management
Console. You can connect to the console by either connecting a terminal or a
PC to the system’s serial (craft) connector or by Telneting into the system
Management Console remotely.
For the initial configuration you can connect to the system through the craft
port. Alternatively, you can connect to the system through telnet if you have
the DHCP service in your network. By default, DHCP is enabled on your
system, after your intital configuration you can disble the DHCP service.
3COM Security Switch 6200 Hardware and Software Users Guide3-1
Page 20
Interface Connections and First Time Start-Up
To connect to the serial connector use the DB9 serial connector located on the
front panel of the system.
NOTE: If you are connecting to the system Management Console using a
terminal or PC, the serial port on the terminal or PC must be configured for
9600 baud, 8 data bits, 1 stop bit, no parity, and no flow control.
Connecting a Terminal or PC to the System Front Serial Craft
Port
To connect a terminal or PC to the system front serial craft port:
1.Connect one end of a DB9-to-DB9 cable into the terminal or PC.
2.Connect the other end into the system serial craft port. Figure 3-1
shows the system connected to a laptop computer.
2468
1357
10/100
10 12 14 16
9111315
10/100/1000
17
FIBER
PACKET
LINK
18
FIBER
PACKET
LINK
CONSOLE
PWR
(max) 9800,8,N,1
Personal Computer
Figure 3-1Connecting a Laptop Computer to the system Front Serial
Craft Port
3.Set to VT-100 terminal emulation mode.
MGMT1
MGMT2
SYS
HDD
3-23COM Security Switch 6200 Hardware and Software Users Guide
Page 21
Interface Connections and First Time Start-Up
Connecting Remotely
To access the system remotely:
1.Connect one end of an RJ45-to-RJ45 cable into a remote access device.
2.Connect the other end into the Management port. Figure 3-2 shows the
Management port module connected to a hub.
Figure 3-2 Connecting to the System Remotely
3.Telnet to configure IP.
Hub
Power
Connections
CAUTION: To ensure power connectivity, if you are using more than one
power supply, be sure to use separate power sources.
To connect power cabling:
1.Place the female end of the power cable into the power supply
connector located on the back of the chassis. Refer to Figure 3-3 for
the exact location.
Power Supply Audible
Alarm Reset Button
Primary Power
Supply Connection
Figure 3-3 System Rear View Power Connections
NOTE: Before applying power to the system, be sure you have
connected a terminal or PC to the craft port. This allows you enter
commands needed at startup.
Secondary Power
Supply Connection
3COM Security Switch 6200 Hardware and Software Users Guide3-3
Page 22
Interface Connections and First Time Start-Up
2.Attach the male end of the power cable into an AC power source. The
system is powered up when power is applied to the power supplies.
NOTE: If the system is powered up with one power supply or if one of the
power supplies experiences a loss of power, an audible alarm sounds. To
silence this sound, press the red button located on the left side of the primary
power supply.
Startup and
Normal
Operation
During power up and normal operation, you can observe start-up activity
by checking LED activity on the system front panel.
Table 3-1 describes the various front panel LEDs and their function.
LED Displays
Table 3-1 Front Panel LED Descriptions
LEDColor/LabelStateDescription
10/100 Fast Ethernet GreenOnEthernet connectivity present.
YellowFlashingTraffic is present.
10/100/100 Fast
Ethernet/Gigabit
Ethernet
Power/Sleep(PWR)GreenOn Power on.
MGMT1/MGMT2GreenRandom FlashNIC activity present.
System Status (SYS)GreenOnRunning with normal operation.
Disk Activity (HDD)GreenRandom FlashDisk activity present.
Fiber/GreenOnFiber connectivity present.
Activity/Green FlashingTraffic is present.
Link/GreenOnEthernet connectivity present.
Flashing
1
In sleep state.
OffOffPower is off.
Flashing
2
Degraded.
AmberOnCritical or non-recoverable condition.
Flashing
2
Non-critical condition.
OffOffPost/system stop.
OffOff
3
No hard disk activity detected.
1.The PWR LED sleep indication is maintained on standby by the system. If the
system is powered down without going through BIOS, the LED state in effect at
the time of power off, is restored when the system is powered on until cleared by
the BIOS. If the system is not powered down normally, the PWR LED may
blink even though the SYS LED may be off due to a failure or configuration
change that prevents the BIOS from running.
2.The Amber status takes precedence over the Green status. When the Amber
LED is on or flashing, the Green LED is off.
3.This LED is also off when the system is powered off or in a sleep state.
3-43COM Security Switch 6200 Hardware and Software Users Guide
Page 23
Interface Connections and First Time Start-Up
POST Error
Beep Codes
The following tables list POST error beep codes. Before system video
initialization, the BIOS and BMC use these beep codes to inform users on
error conditions.
BMC Generated POST Beep Codes
Code Description
1-5-1-1 FRB failure (processor failure)
1-5-2-1Empty Processor
1-5-2-2 No Processor
1-5-4-2 Power fault: DC power unexpectedly lost (power
control failures)
1-5-4-3Chipset control failure
1-5-4-4 Power control failure
BIOS Generated POST Error Beep Codes
Beeps Error message Description
1 Refresh timer failure The memory refresh circuitry on the
motherboard is faulty.
2 Parity error Parity can not be reset.
3 Base memory failure Base memory test failure. See Table 53.
POST Memory Error 3-Beep Codes for
additional error details.
4 System timer System timer is not operational.
5 Processor failure Processor failure detected.
6 Keyboard controller Gate
A20 failure
7 Processor exception
interrupt error
8 Display memory read/write
error
9 ROM checksum error System BIOS ROM checksum error.
The keyboard controller may be bad. The
BIOS cannot switch to protected mode.
The CPU generated an exception
interrupt.
The system video adapter is either
missing or its memory is faulty. This is
not a fatal error.
error detected.
3COM Security Switch 6200 Hardware and Software Users Guide3-5
Page 24
Interface Connections and First Time Start-Up
3-63COM Security Switch 6200 Hardware and Software Users Guide
Page 25
Interface Connections and First Time Start-Up
POST Memory Error 3-Beep Codes
Beep
Code
300hOffOffOffOffNo memory was found in the system
301hOffOffOffGMemory mixed type detected.
302hOffOffGOffEDO is not supported.
303hOffOffGGFirst row memory test failure.
304hOffGOffOffMismatched DIMMs in a row.
305hOffGOffGBase memory test failure.
306hOffGGOffFailure on decompressing post
307h-odhOffGGGGeneric memory error.
30EhGGGOffSMBUS protocol error.
30F-FFhAll other combinations.Generic memory error.
Debug port 80h
error Codes
Daignostic LED Decoder
G=Green, R=Red, A=Amber
HiLow
GOffOffOff
GOffOffG
GOffGOff
GOffGG
GGOffOff
GGOffG
Meanings
module.
3COM Security Switch 6200 Hardware and Software Users Guide3-7
Page 26
Interface Connections and First Time Start-Up
First Time
Startup
The system uses a built in, easy to configure, interview script that allows you
to quickly configure your system for basic operations.
Once you have completed this interview, you can use the system
Configuration Tool to set additional parameters.
The interview script is launched from the UNIX root prompt. To launch the
interview script, complete the following.
NOTE: Within this interview, you can type the initial letter of an option and
the press the Tab key to complete the entire string on supported choices. The
Enter key is used to select default values.
1.Log into your system as root.
NOTE: The password is admin.
2.Change to the bin directory within admin and list the files within this
directory to locate the necessary interview file.
[admin@xxxxx admin]# cd /usr/os/bin
[admin@xxxxx bin]# ls
3.Locate the file cos_interview and execute the following command at the
admin prompt:
[admin@xxxxx bin]# ./cos_interview
Once the interview is launched, you are presented with an interactive
interview. To begin your initial configuration, answer the following questions.
This program is designed to guide you through the
configuration of your system by prompting you with a
series of questions.
======================================================
1.Enter the Hostname.
Hostname
========
Enter the system hostname:
2.Enter the System time.
System Time
===========
The current date and time on this system is Mon Mar 10
13:04:23 EST 2003
Would you like to modify System time <Y or N>[N]: y
3-83COM Security Switch 6200 Hardware and Software Users Guide
Page 27
Interface Connections and First Time Start-Up
Please provide the date in "Mon DD YYYY" format, where
Mon : month in the form Jan, Feb, etc.
DD : day of month (1 - 31),
YYYY: for example 2002
Enter the Date :
3.Define the Time Zone.
Select a time zone based on the location of your system.
The current Time Zone is “present-time-zone”
Would you like to Modify the Time Zone <Y or N> [N]: y
Select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) Other (Enter GMT offset)
Enter choice <1 - 11>:
Select a country.
1)Antigua & Barbuda18)Ecuador35)Panama
2)Anguilla19)Grenada36)Peru
3)Netherlands Antilles 20)French Guiana37)St Pierre & Miquelon
4)Argentina21)Greenland38)Puerto Rico
5)Aruba22)Guadeloupe39)Paraguay
6)Barbados23)Guatemala40)Suriname
7)Bolivia24)Guyana41)El Salvador
8)Brazil25)Honduras42)Turks & Caicos Is
9)Bahamas26)Haiti43)Trinidad & Tobago
10)Belize27)Jamaica44)United States
11)Canada28)St Kitts & Nevis 45)Uruguay
12)Chile29)Cayman Islands46)St Vincent
13)Colombia30)St Lucia47)Venezuela
14)Costa Rica31)Martinique48)Virgin Islands (UK)
15)Cuba32)Montserrat49)Virgin Islands (US)
16)Dominica 33)Mexico
17)Dominican Republic34)Nicaragua
Enter choice <1 - 49>:
3COM Security Switch 6200 Hardware and Software Users Guide3-9
Page 28
Interface Connections and First Time Start-Up
4.Select a region.
1) Eastern Time
2) Eastern Time - Michigan - most locations
3) Eastern Time - Kentucky - Louisville area
4) Eastern Time - Kentucky - Wayne County
5) Eastern Standard Time - Indiana - most locations
6) Eastern Standard Time - Indiana - Crawford County
7) Eastern Standard Time - Indiana - Starke County
8) Eastern Standard Time - Indiana - Switzerland County
9) Central Time
10) Central Time - Michigan - Wisconsin border
11) Central Time - North Dakota - Oliver County
12) Mountain Time
13) Mountain Time - south Idaho & east Oregon
14) Mountain Time - Navajo
15) Mountain Standard Time - Arizona
16) Pacific Time
17) Alaska Time
18) Alaska Time - Alaska panhandle
19) Alaska Time - Alaska panhandle neck
20) Alaska Time - west Alaska
21) Aleutian Islands
Enter choice <1 - 21>:
5.Define the Management Services.
Management Services
===================
Several methods are available for managing your system
through the 10/100 Ethernet interface on the host.
Select the desired management services.
Enable Telnet Server <disabled, enabled>[enabled]:
Enable FTP Server <disabled, enabled>[enabled]:
Add DNS Lookups <Y or N>[N]:
DNS Server IP Address [0.0.0.0]:
6.Configure the SNMP parameters.
Configure SNMP Network Management <Y or N>[N]:
Enabling SNMP ...
Enable SNMP Network Management <disabled, enabled>
[disabled]:
Enter SNMP Contact []:
Enter SNMP Location []:
The SNMP community string is the access string to
permit access to the SNMP protocol. A read-only "ro" or
read-write "rw" access may be specified. By default,
SNMP community string permits read-only access.
3-103COM Security Switch 6200 Hardware and Software Users Guide
Page 29
Interface Connections and First Time Start-Up
SNMP Communities
================
Community Address Netmask Access
middle 10.1.1.22 255.255.255.255 read-write
Add the SNMP Communities <Y or N>[N]:
7.Configure the individual user accounts.
Accounts Configuration
=======================
This section allows you to change your “root” password.
Additionally, you can set up accounts for users to log
into once the Interview is complete.
Set 'root' Password <Y or N>[Y]:
Additional user accounts can be defined, each with its
own username and password.
Add or Modify User Accounts <Y or N>[Y]:
Enter User Name []:
Enter password:
Verify password:
Enable Login Access <disabled, enabled>[disabled]:
Enter Access Level <Guest, Network Operator, Service
Operator, Administrator>[Guest]:
The following is an example display showing configured users.
User Accounts
=============
User NameLogin AccessAccess Level
admin enabledAdministrator
foobar enabledGuest
Add or Modify User Accounts <Y or N>[Y]: n
8.Configure the host interfaces.
Host Interfaces
===============
This section will help you configure interfaces on the
Host. The system has two management ports, two GigaBit
Ethernet ports, and 16 10/100 ports.
NOTE: At least one management port must be configured
on the system.
3COM Security Switch 6200 Hardware and Software Users Guide3-11
Page 30
Interface Connections and First Time Start-Up
Enter choice.
1) fastethernet 112) fastethernet 12
2) fastethernet 213) fastethernet 13
3) fastethernet 314) fastethernet 14
4) fastethernet 415) fastethernet 15
5) fastethernet 516) fastethernet 16
6) fastethernet 6 17) gigabitethernet 17
7) fastethernet 718) gigabitethernet 18
8) fastethernet 819) management 1
9) fastethernet 920) management 2
10) fastethernet 10 X) Exit
11) fastethernet 11
Enter choice <1 - 20, X>[X]:
Enter IP Address [0.0.0.0/0]:
9.Configure all additional interfaces.
Continue configuring interfaces <Y or N>[N]:
Enter choice.
1) fastethernet 1
2) fastethernet 2
3) fastethernet 3
.
.
.
19) management 1
20) management 2
21) None
Enter choice <1 - 21>[1]:
Enter IP address and mask :
Continue configuring interfaces <Y or N>[N]:
Continue this step until all interfaces are configured.
10.Configure your default gateway.
Default gateway
================
This section allows you to configure a default gateway
for the system. Please provide an IP address, in dotted
decimal format.
Default gateway [0.0.0.0]:
3-123COM Security Switch 6200 Hardware and Software Users Guide
Page 31
Interface Connections and First Time Start-Up
11.Configure NTP to achieve time synchronization.
Synchronizing the system’s clock with an accurate
source is important for proper correlation of security
events. The system uses the Network Time Protocol (NTP)
to achieve time sychronization. The IP address of an
NTP server must be specified.
NTP Server
==========
Add NTP Server <Y or N>[Y]:
Enter NTP Server IP Address [0.0.0.0]:
To activate your interview settings, you MUST reboot
the system using the following command at the prompt:
# reboot
Exiting the Interview...
======================================================
3COM Security Switch 6200 Hardware and Software Users Guide3-13
Page 32
Interface Connections and First Time Start-Up
3-143COM Security Switch 6200 Hardware and Software Users Guide
Page 33
Configuring the
Security Switch 6200
System
The system uses a menu driven configuration interface (cos_config) for
configuration purposes. This tool supports adding, modifying, or deleting any
of the system configuration parameters.
This configuration interface is launched from the UNIX admin prompt. To
launch this tool, complete the following:
1.Log into your system as admin.
username: admin
password: admin
2.Change to the bin directory within admin and list the files within this
directory to locate the necessary interview file.
[admin@xxxxx admin]# cd /usr/os/bin
[admin@xxxxx bin]# ls
3.Execute the file cos_config and execute the following command at the
admin prompt:
[admin@xxxxx bin]# ./cos_config
Once the configuration tool is launched, you are presented with an interactive
main menu.
3COM Security Switch 6200 Hardware and Software Users Guide4-1
To begin your configuration, select the desired option from the main menu.
NOTE: Within this configuration tool, you can type the initial letter of an
option and the press the Tab key to complete the entire string on supported
choices. The Enter key is used to select default values.
Configuring
System
Parameters
This section describes how to change your system settings. Specifically,
how to:
• Change the system host name and domain name
• Change system information
• Change time information
• Enable external access ability
To configure system parameters:
1.Select Option 1 from the main menu.
The present System Configuration is displayed. For example:
System
======
Host Name helios
Domain Name
Date and Time Mon Apr 07 15:28:27 EDT 2003
Time Zone
Telnet Server enabled
FTP Server enabled
WEB Timeout 20
Default Gateway 192.168.10.1
Would You Like to Modify the System Parameters <Y or
N>[N]:
4-23COM Security Switch 6200 Hardware and Software Users Guide
Page 35
Configuring the Security Switch 6200 System
2.To change any of the system parameters enter y, or press the Return
key to leave system parameters unchanged.
Enter the System Host Name [hostname]:
Enter the System Domain Name []:
Enter the Time [15:28:40]:
Enter the Date [Apr 07 2003]:
Would You Like to Modify the Time Zone <Y or N>[N]:
3.To change the time zone enter y or press the Return key to leave system
parameters unchanged.
Select a time zone based on the location of your system.
Select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) Other (Enter GMT offset)
Enter choice <1 - 11>:
Select a country.
1)Antigua & Barbuda18)Ecuador35)Panama
2)Anguilla19)Grenada36)Peru
3)Netherlands Antilles 20)French Guiana37)St Pierre & Miquelon
4)Argentina21)Greenland38)Puerto Rico
5)Aruba22)Guadeloupe39)Paraguay
6)Barbados23)Guatemala40)Suriname
7)Bolivia24)Guyana41)El Salvador
8)Brazil25)Honduras42)Turks & Caicos Is
9)Bahamas26)Haiti43)Trinidad & Tobago
10)Belize27)Jamaica44)United States
11)Canada28)St Kitts & Nevis 45)Uruguay
12)Chile29)Cayman Islands46)St Vincent
13)Colombia30)St Lucia47)Venezuela
14)Costa Rica31)Martinique48)Virgin Islands (UK)
15)Cuba32)Montserrat49)Virgin Islands (US)
16)Dominica 33)Mexico
17)Dominican Republic34)Nicaragua
Enter choice <1 - 49>:
3COM Security Switch 6200 Hardware and Software Users Guide4-3
Page 36
Configuring the Security Switch 6200 System
4.Select a region.
1) Eastern Time
2) Eastern Time - Michigan - most locations
3) Eastern Time - Kentucky - Louisville area
4) Eastern Time - Kentucky - Wayne County
5) Eastern Standard Time - Indiana - most locations
6) Eastern Standard Time - Indiana - Crawford County
7) Eastern Standard Time - Indiana - Starke County
8) Eastern Standard Time - Indiana - Switzerland County
9) Central Time
10) Central Time - Michigan - Wisconsin border
11) Central Time - North Dakota - Oliver County
12) Mountain Time
13) Mountain Time - south Idaho & east Oregon
14) Mountain Time - Navajo
15) Mountain Standard Time - Arizona
16) Pacific Time
17) Alaska Time
18) Alaska Time - Alaska panhandle
19) Alaska Time - Alaska panhandle neck
20) Alaska Time - west Alaska
21) Aleutian Islands
Enter choice <1 - 21>:
5.Define the Management Services.
Enable Telnet Server <disabled, enabled>[enabled]:
Enable FTP Server <disabled, enabled>[enabled]:
Enter WEB Timeout [20]:
Enter Default Gateway [0.0.0.0]:
6.Select option 1 from the main menu to display your changed system
parameters. For example:
Enter choice <1 - 12, X>[X]: 1
System
======
Host Name helios
Domain Name 3com.com
Date and Time Mon Apr 07 15:29:03 EDT 2003
Time Zone America/New_York
Telnet Server enabled
FTP Server enabled
WEB Timeout 20
Default Gateway 192.168.10.1
Would You Like to Modify the System Parameters <Y or
N>[N]:
7.Enter y to make further changes or press the Enter key to return to the
main menu.
4-43COM Security Switch 6200 Hardware and Software Users Guide
Page 37
Configuring the Security Switch 6200 System
Configuring
User
Accounts
Each system user is defined by the user’s name, password, and access level.
Collectively, these properties define each user’s profile. Login access allows
you to login into the unix shell, setting this to disabled allows you to only have
WEB access. To configure individual user accounts:
1.Select Option 2 from the main menu.
Accounts Configuration
======================
Additional user accounts can be defined, each with
there own username and password.
User Accounts
=============
User NameLogin AccessAccess Level
admin enabledAdministrator
Modify the User Accounts <Add, Delete, Modify or
eXit>[eXit]:
2.Enter the desired option and make changes as necessary or enter X
to return to the main menu. The following is an example of a user
being added:
Modify the User Accounts <Add, Delete, Modify or
eXit>[eXit]: a
Enter User Name []: fred
Enter password:
Verify password:
Enable Login Access <disabled, enabled>[disabled]:
enabled
Enter Access Level <Guest, Network Operator, Service
Operator, Administrator>[Guest]: administrator
User Accounts
=============
User NameLogin AccessAccess Level
admin enabledAdministrator
fredenabledAdministrator
3.Enter the desired option and make more changes or enter X to return to
the main menu.
Modify the User Accounts <Add, Delete, Modify or
eXit>[eXit]:
3COM Security Switch 6200 Hardware and Software Users Guide4-5
Page 38
Configuring the Security Switch 6200 System
Configuring
the Network
Time Protocol
(NTP)
Configuring
Domain Name
Resolution
The Network Time Protocol (NTP) is used to synchronize the time of a
computer client or server to another server or reference time source, such as a
radio or satellite receiver or modem. It provides accuracies typically within a
millisecond on LANs and up to a few tens of milliseconds on WANs relative to
Coordinated Universal Time (UTC) through a Global Positioning Service
(GPS) receiver, for example. Typical NTP configurations utilize multiple
redundant servers and diverse network paths in order to achieve high
accuracy and reliability.
To configure NTP:
1.Select Option 3 from the main menu.
NTP Servers
===========
xxx.xxx.xx.x
Modify the NTP Servers <Add, Delete or eXit>[eXit]:
2.Enter the desired option and add or delete an NTP server or enter
X to return to the main menu.
Domain name resolution allows you translate and search domain names. The
Domain Name System (DNS) is a global network of servers that translate host
names like www.mycompany.com into numerical IP (Internet Protocol)
addresses, for example 24.62.13.19.
To configure domain name resolution:
1.Select Option 4 from the main menu.
Domain Name Resolution Configuration
====================================
1) DNS Servers
2) DNS Search Domains
X) Exit
Enter choice <1 - 2, X>[X]: 1
2.Enter the desired option. For example:
Enter choice <1 - 2, X>[X]: 1
DNS Servers
===========
Modify the DNS Server List <Add, Delete or eXit>[eXit]: a
DNS Server's IP Address [0.0.0.0]: 10.1.1.50
DNS Servers
===========
10.1.1.50
Modify the DNS Server List <Add, Delete or eXit>[eXit]:
Domain Name Resolution Configuration
====================================
1) DNS Servers
4-63COM Security Switch 6200 Hardware and Software Users Guide
Page 39
Configuring the Security Switch 6200 System
2) DNS Search Domains
X) Exit
Enter choice <1 - 2, X>[X]: 2
DNS Search Domains
==================
Modify the DNS Domain Search List <Add, Delete or
eXit>[eXit]: a
Enter DNS Search Domain []: 3com.com
DNS Search Domains
==================
3com.com
Modify the DNS Domain Search List <Add, Delete or
eXit>[eXit]:
Domain Name Resolution Configuration
====================================
1) DNS Servers
2) DNS Search Domains
X) Exit
Configuring
the Simple
Network
Management
Protocol
(SNMP)
Enter choice <1 - 2, X>[X]:
3.Enter the desired option or enter X to return to the main menu.
3COM Security Switch 6200 Hardware and Software Users Guide4-7
Page 40
Configuring the Security Switch 6200 System
etc/snmp/snmp.local.conf)]: srhen@crossbeamsys.com
Enter SNMP Location [Unknown (edit /etc/snmp/
snmpd.conf)]: Lab
SNMP configuration
==================
1) SNMP Server
2) Communities
3) Trap Destinations
X) Exit
Enter choice <1 - 3, X>[X]: 1
SNMP Server
===========
Enabled enabled
Contact lab@3com.com
Location The Lab
Would You Like to Modify the SNMP Configuration <y or
n>[n]:
3.Enter y to modify the SNMP configuration or n to return to the SNMP
Configuration menu.
SNMP configuration
==================
1) SNMP Server
2) Communities
3) Trap Destinations
X) Exit
4.Configure SNMP Communities. For example:
Enter choice <1 - 3, X>[X]: 2
SNMP Communities
================
CommunityAddressNetmaskAccess
Change the SNMP Communities <Add, Delete or
eXit>[eXit]: a
Enter Community Name []: foobar
Enter IP Source Addresses [0.0.0.0/32]: 10.2.1.48/32
Enter Access Mode <read-only, read-write>[read-only]:
read-write
4-83COM Security Switch 6200 Hardware and Software Users Guide
Page 41
Configuring the Security Switch 6200 System
SNMP Communities
================
CommunityAddressNetmaskAccess
foobar10.2.1.48255.255.255.255read-write
Change the SNMP Communities <Add, Delete or
eXit>[eXit]: a
Enter Community Name []: public
Enter IP Source Addresses [0.0.0.0/32]: 10.0.0.0/8
Enter Access Mode <read-only, read-write>[read-only]:
SNMP Communities
================
CommunityAddressNetmaskAccess
foobar10.2.1.48255.255.255.255read-write
public10.0.0.0255.0.0.0read-only
Change the SNMP Communities <Add, Delete or
eXit>[eXit]:
5.Enter the desired option or enter X to return to SNMP
Configuration Menu.
SNMP configuration
==================
1) SNMP Server
2) Communities
3) Trap Destinations
X) Exit
6.Configure SNMP Trap Destinations. For example:
Enter choice <1 - 3, X>[X]: 3
SNMP Traps
==========
DestinationPortTypeVersionCommunity
Change the SNMP Trap Destinations <Add, Delete, Modify
or eXit>[eXit]: a
Enter Trap Destination [0.0.0.0]: 10.2.1.48
Enter Port Number [162]:
Enter Trap Type <trap, inform>[trap]:
Enter SNMP Version <SNMPv1, SNMPv2c, SNMPv3>[SNMPv1]:
Enter Community []: foobar
3COM Security Switch 6200 Hardware and Software Users Guide4-9
Page 42
Configuring the Security Switch 6200 System
SNMP Traps
==========
DestinationPortTypeVersionCommunity
10.2.1.48162trapSNMPv1foobar
Change the SNMP Trap Destinations <Add, Delete, Modify
or eXit>[eXit]:
7.Enter the desired option or enter X to return to SNMP
Configuration Menu.
SNMP configuration
==================
1) SNMP Server
2) Communities
3) Trap Destinations
X) Exit
8.Enter the desired option or enter X to return to the main menu.
Configuring
Physical
Interfaces
There are three types of physical interfaces on the system: management,
gigabitethernet, and fastethernet. The management interfaces allow you to
manage the configured interfaces.
To configure the physical interfaces:
1.Select Option 6 from the main menu.
Physical Interfaces
===================
MAC Address
Interface
management 1 00:03:47:f1:aa:52 (N) onhalf10
management 2 00:03:47:f1:aa:53 (N) onhalf10
fastethernet 1(N) onhalf10
fastethernet 2 (N) onhalf10
fastethernet 3(N) onhalf10
fastethernet 4(N) onhalf10
fastethernet 5(N) onhalf10
fastethernet 6(N) onhalf10
fastethernet 7 (N) onhalf10
fastethernet 8 (N) onhalf10
fastethernet 9 (N) onhalf10
fastethernet 10(N) onhalf10
fastethernet 11 (N) onhalf10
fastethernet 12 (N) onhalf10
fastethernet 13(N) onhalf10
(Configured)
Auto
neg
Duplex Speed
4-103COM Security Switch 6200 Hardware and Software Users Guide
Page 43
Configuring the Security Switch 6200 System
Interface
fastethernet 14(N) onhalf10
fastethernet 15(N) onhalf10
fastethernet 16(N) onhalf10
gigabitethernet 17(N) onhalf10
gigabitethernet 18(N) onhalf10
Modify Physical Interface Parameters <y or n>[n]:
2.Enter y to modify a physical interface or n to return to the main menu.
For example:
Modify Physical Interface Parameters <y or n>[n]: y
Enter the Interface Name [fastethernet 1]:
MAC Address []: 00:00:a2:00:00:01
Auto Negotiate <off, on>[on]: off
Duplex <half, full>[half]: full
Speed <10, 100, 1000, unknown>[10]:
Physical Interfaces
===================
MAC Address
(Configured)Auto
neg
Duplex Speed
MAC Address
Interface
management 1 00:03:47:f1:aa:52 (N) onhalf10
management 2 00:03:47:f1:aa:53 (N) onhalf10
fastethernet 100:00:a2:00:00:01 (Y) offfull10
fastethernet 2 (N) onhalf10
fastethernet 3(N) onhalf10
fastethernet 4(N) onhalf10
fastethernet 5(N) onhalf10
fastethernet 6(N) onhalf10
fastethernet 7 (N) onhalf10
fastethernet 8 (N) onhalf10
fastethernet 9 (N) onhalf10
fastethernet 10(N) onhalf10
fastethernet 11 (N) onhalf10
fastethernet 12 (N) onhalf10
fastethernet 13(N) onhalf10
fastethernet 14(N) onhalf10
fastethernet 15(N) onhalf10
fastethernet 16(N) onhalf10
gigabitethernet 17(N) onhalf10
(Configured)
Auto
neg
Duplex Speed
3COM Security Switch 6200 Hardware and Software Users Guide4-11
Page 44
Configuring the Security Switch 6200 System
Interface
gigabitethernet 18(N) onhalf10
Modify Physical Interface Parameters <Y or N>[N]:
3.Enter y to modify additional physical interfaces or n to return to the
main menu.
MAC Address
(Configured)Auto
neg
Duplex Speed
Configuring
Tap Interfaces
Tap interfaces are used to copy the input and output packets from a
physical interface prior to the processing by the firewall acceleration
process. These taps can be used by intrusion detection software to sniff the
interface. Tap interfaces can be given any device name of up to 15
characters, and a single tap can capture the traffic for multiple physical
interfaces. To configure Tap Interfaces:
1.Select Option 7 from the main menu.
Tap Interfaces
=============
Name Physical Interfaces
Modify the Tap Interfaces <Add, Delete, Modify or
eXit>[eXit]: a
2.Enter the desired option to add, delete, or modify a tap interface or
enter x to return to the main menu. For example:
Tap Name []: tap1
Physical Interfaces []: fastethernet 1, fastethernet 2,
gigabitethernet 17
Tap Interfaces
=============
Name Physical Interfaces
tap1 fastethernet 1, fastethernet 2, gigabitethernet 17
Modify the Tap Interfaces <Add, Delete, Modify or
eXit>[eXit]:
3.Enter the desired option to add, delete, or modify additional tap
interfaces or enter x to return to the main menu. For example:
Tap Name []: tap2
Physical Interfaces []: fastethernet 3
Tap Interfaces
=============
Name Physical Interfaces
tap1 fastethernet 1, fastethernet 2, gigabitethernet 17
tap2 fastethernet 3
4-123COM Security Switch 6200 Hardware and Software Users Guide
Page 45
Configuring the Security Switch 6200 System
Configuring
Network
Interfaces
A network interface associates an IP address with a physical connection and
optionally a VLAN id. To configure network interfaces:
1.Select Option 8 from the main menu.
IP Interfaces
=============
EnabledAddressNetmaskBroadcastMTU
management 1
enabled
2.To add a network interface, select add from the main menu.
For example:
Modify the IP Interfaces <Add, Delete, Modify or
eXit>[eXit]: a
Physical Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]:
Interface State <disabled, enabled>[enabled]:
Enter the IP Address [0.0.0.0/0]: 128.205.1.23/24
Broadcast Address [128.205.1.255]:
MTU [1500]:
IP Interfaces
=============
192.168.10.6 255.255.255.0 192.168.10.255 1500
Enabled Address Netmask BroadcastMTU
management 1
enabled
fastethernet 1
enabled
3.Enter the desired option to add, delete, or modify additional network
interfaces or enter x to return to the main menu. For example:
Modify the IP Interfaces <Add, Delete, Modify or
eXit>[eXit]: a
Physical Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]: y Enter VLAN ID <1 - 4095>:
100
Interface State <disabled, enabled>[enabled]:
Enter the IP Address [0.0.0.0/0]: 128.205.2.23/24
Broadcast Address [128.205.2.255]:
MTU [1500]:
192.168.10.6 255.255.255.0 192.168.10.255 1500
128.205.1.23 255.255.255.0 128.205.1.255 1500
3COM Security Switch 6200 Hardware and Software Users Guide4-13
Page 46
Configuring the Security Switch 6200 System
IP Interfaces
=============
Enabled Address Netmask Broadcast MTU
management 1
enabled
fastethernet
1 enabled
fastethernet
1 enabled
Modify the IP Interfaces <Add, Delete, Modify or
eXit>[eXit]:
4.Enter the desired option to add, delete, or modify additional network
interfaces or enter x to return to the main menu.
192.168.10.6 255.255.255.0 192.168.10.255 1500
128.205.1.23 255.255.255.0 128.205.1.255 1500
vlan 100
128.205.2.23
255.255.255.0 128.205.2.255 1500
Configuring
IP Aliases
IP aliases are additional network addresses that are assigned to a network
interface. To configure IP Aliases:
1.Select Option 9 from the main menu.
IP Aliases
==========
InterfaceIP AddressNetmaskBroadcast
Modify the IP Aliases <Add, Delete, Modify or
eXit>[eXit]: a
2.Enter the desired option to add, delete, or modify an IP alias or enter x
to return to the main menu. For example:
Enter Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]:
Enter IP Address [0.0.0.0]: 128.205.1.24
Enter Network Mask [255.255.0.0]: 255.255.0.0
Enter Broadcast Address [128.205.255.255]:
Modify the IP Aliases <Add, Delete, Modify or
eXit>[eXit]: m
Enter Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]:
Enter IP Address [0.0.0.0]: 128.205.1.24
Enter Network Mask [255.255.0.0]: 255.255.255.0
Enter Broadcast Address [128.205.1.255]:
4-143COM Security Switch 6200 Hardware and Software Users Guide
Modify the IP Aliases <Add, Delete, Modify or
eXit>[eXit]: a
Enter Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]: y
Enter VLAN ID <1 - 4095>: 100
Enter IP Address [0.0.0.0]: 128.205.2.24
Enter Network Mask [255.255.0.0]: 255.255.255.0
Enter Broadcast Address [128.205.2.255]:
Modify the IP Aliases <Add, Delete, Modify or
eXit>[eXit]:
128.205.2.24255.255.0.0128.205.2.255
3.Enter the desired option to add, delete, or modify additional IP aliases
or enter x to return to the main menu.
3COM Security Switch 6200 Hardware and Software Users Guide4-15
Page 48
Configuring the Security Switch 6200 System
Configuring
Static Routes
Static IP routes are user-defined routes that cause packets moving between a
source and a destination to take a specific path.
To configure Static Routes:
1.Select Option 10 from the main menu.
Static Routes
=============
DestinationNetmaskGatewayMetric
2.Enter the desired option to add, delete, or modify a static route or enter
x to return to the main menu. For example:
Modify the Static Routes <Add, Delete, Modify or
eXit>[eXit]: a
Enter Destination [0.0.0.0/0]: 10.0.0.0
Enter Network Mask in dot notation [0.0.0.0]: 255.0.0.0
Enter the Next Hop Gateway [0.0.0.0]: 192.168.10.1
Enter the Metric [1]:
Static Routes
=============
DestinationNetmaskGatewayMetric
10.0.0.0255.0.0.0192.168.10.11
Modify the Static Routes <Add, Delete, Modify or
eXit>[eXit]: a
Enter Destination [0.0.0.0/0]: 192.168.20.0/24
Enter the Next Hop Gateway [0.0.0.0]: 192.168.10.1
Enter the Metric [1]: 2
Static Routes
=============
DestinationNetmaskGatewayMetric
10.0.0.0255.0.0.0192.168.10.11
192.168.20.0 255.255.255.0 192.168.10.12
Modify the Static Routes <Add, Delete, Modify or
eXit>[eXit]:
3.Enter the desired option to add, delete, or modify additional static
routes or enter x to return to the main menu.
4-163COM Security Switch 6200 Hardware and Software Users Guide
Page 49
Configuring the Security Switch 6200 System
Configuring
Static ARP
Entries
You define static Address Resolution Protocol (ARP) entries by relating an IP
address to a MAC address.
To configure static ARP entries:
1.Select Option 11 from the main menu.
Static ARP Entries
==================
IP Address MAC Address
2.Enter the desired option to add, delete, or modify a static ARP entry or
enter x to return to the main menu. For example:
Modify the Static Hosts <Add, Delete, Modify or
eXit>[eXit]: a
Enter Host IP Address [0.0.0.0]: 128.205.1.30
Enter MAC Address []: 00:00:a2:00:00:02
Static ARP Entries
==================
IP Address MAC Address
128.205.1.30 00:00:a2:00:00:02
Modify the Static Hosts <Add, Delete, Modify or
eXit>[eXit]: a
Enter Host IP Address [0.0.0.0]: 128.205.1.31
Enter MAC Address []: 00:00:a2:00:00:03
Static ARP Entries
==================
IP Address MAC Address
128.205.1.30 00:00:a2:00:00:02
128.205.1.31 00:00:a2:00:00:03
Modify the Static Hosts <Add, Delete, Modify or
eXit>[eXit]:
3.Enter the desired option to add, delete, or modify additional static ARP
entries or enter x to return to the main menu.
3COM Security Switch 6200 Hardware and Software Users Guide4-17
Page 50
Configuring the Security Switch 6200 System
Configuring
the Virtual
Router
Redundancy
Protocol
(VRRP)
The Virtual Router Redundancy Protocol (VRRP) dynamically assigns
responsibility for one or more virtual routers to the VRRP routers on a LAN,
allowing several routers on a multiaccess link to utilize the same virtual IP
address. The system can be configured to run the VRRP protocol in
conjunction with one or more other systems attached to a LAN.
VRRP which manages automatic switchover from one VPN Concentrator to
another in a redundant installation. Automatic switchover provides user
access to the VPN even if one VPN is out of service for some reason, for
example a system crash, power failure, hardware failure, physical interface
failure, system shutdown or reboot.
These functions apply only to installations where two or more VPNs are in
parallel, with the Public interfaces of all systems on a common LAN and with
the Private and/or External interfaces of all systems on different common
LANs. One VPN is the Master system, and the others are Backup systems. A
Backup system acts as a virtual Master system when a switchover occurs.
VRRP works only on LAN (Ethernet) interfaces, not on WAN interfaces.
To configure VRRP:
1.Select Option 12 from the main menu.
VRRP Configuration
==================
Virtual Router Redundancy Protocol can be defined, each
with its own identifier.
4-183COM Security Switch 6200 Hardware and Software Users Guide
Page 51
Configuring the Security Switch 6200 System
VRRP Configurations
===================
VRRP ID: 1
Enabled: disabled
VRRP Interface: fastethernet 1
Enable VRRP MAC: disabled
Preemption: disabled
Priority: 100
Advertisement Interval (seconds): 1
Group ID: 1
IP Addresses: 30.0.0.10
2.Enter the desired option to add, delete, or modify a VRRP entry or enter
x to return to the main menu. For example:
Modify the VRRP Configuration <Add, Delete, Modify or
eXit>[eXit]: m
Enter VRRP ID [0]: 1
Enable <disabled, enabled>[disabled]: enabled
Enter Interface [fastethernet 1]:
VLAN Interface <Y or N>[N]:
Enable VRRP MAC <disabled, enabled>[disabled]:
Enable Preemption <disabled, enabled>[disabled]:
Enter Priority [100]:
Enter Advertisement Interval (seconds) [1]:
Enter Group ID [1]:
Enter IP Addresses Separated by Comma [30.0.0.10]:
VRRP Configurations
===================
VRRP ID: 1
Enabled: enabled
VRRP Interface: fastethernet 1
Enable VRRP MAC: disabled
Preemption: disabled
Priority: 100
Advertisement Interval (seconds): 1
Group ID: 1
IP Addresses: 30.0.0.10
Modify the VRRP Configuration <Add, Delete, Modify or
eXit>[eXit]: a
3COM Security Switch 6200 Hardware and Software Users Guide4-19
Page 52
Configuring the Security Switch 6200 System
Enter VRRP ID [0]: 2
Enable <disabled, enabled>[disabled]:
Enter Interface [management 0]: fastethernet 1
VLAN Interface <Y or N>[N]: y
Enter VLAN ID <1 - 4095>: 100
Enable VRRP MAC <disabled, enabled>[disabled]: enabled
Enable Preemption <disabled, enabled>[disabled]:
Enter Priority [0]: 100
Enter Advertisement Interval (seconds) [1]:
Enter Group ID [0]: 1
Enter IP Addresses Separated by Comma []: 30.0.0.10
VRRP Configurations
===================
VRRP ID: 1
Enabled: enabled
VRRP Interface: fastethernet 1
Enable VRRP MAC: disabled
Preemption: disabled
Priority: 100
Advertisement Interval (seconds): 1
Group ID: 1
IP Addresses: 30.0.0.10
VRRP ID: 2
Enabled: disabled
VRRP Interface: fastethernet 1
vlan 100
Enable VRRP MAC: enabled
Preemption: disabled
Priority: 100
Advertisement Interval (seconds): 1
Group ID: 1
IP Addresses: 30.0.0.10
4-203COM Security Switch 6200 Hardware and Software Users Guide
Page 53
Configuring the Security Switch 6200 System
Exiting from
the
Configuration
Tool
Saving Your
System
Configuration
Restoring
Your System
Configuration
To exit from the system Configure Tool, select Option X from the main menu.
Enter choice <1 - 12, X>[X]: X
To save your configuration, at the admin prompt, use the following command:
Where the directory specifies the directory where the file is located, and
the filename is the actual configuration file. The following is an example of
this command:
[admin@helios bin]$ ./cos_show_system -f /tmp/foo
To restore your configuration to its previous configuration, at the admin
prompt, use the following command:
Where the directory specifies the directory where the file is located, and
the filename is the actual configuration file. The following is an example of
this command:
[admin@helios bin]$ ./cos_set_system -f /tmp/foo
Displaying
Your System
Configuration
To display a configuration, at the admin prompt, use the following command:
4-243COM Security Switch 6200 Hardware and Software Users Guide
Page 57
Configuring the Security Switch 6200 System
></data>
</vrrp>
Restoring the
system to
Factory
Default
Settings
Getting Help
Within the
Configuration
Tool
To delete the current configuration and return the system to its factory
defaults, use the following command at the admin prompt.
NOTE: The IP address of interface Management 1, telnet, and the default
gateway are left in tact. This done in the event you telneted into the box.
[admin@xxxxx bin]$ ./cos_reset_system
To receive help from within the system Configuration Tool, use the following
command at the admin prompt.
[admin@xxxxx bin]$ ./cos_show_system --help
The following options can be used within this Help system:
cos_show_system [OPTION...]
-v, --version - displays the current configuration tool
version number.
-h, --help - displays the configuration tool’s help
system.
-f, --file=STRING - displays the configuration output
file. The default value is stdout.
-d, --default - tells the Help system to include
default values.
3COM Security Switch 6200 Hardware and Software Users Guide4-25
Page 58
Configuring the Security Switch 6200 System
4-263COM Security Switch 6200 Hardware and Software Users Guide
Page 59
Upgrading the System
Software
This chapter describes how to update your 3COM Security Switch 6200
system software.
Upgrading the
System
Software
If you are upgrading your system from a previously configured release, you do
not need to use the full system software. Instead, you can use the software
upgrade patch.
NOTE: "upgradepack-ocode-A*-1.0.0-11-2.1.4-17.shar.gz" is the upgrade pack
that will enable you to upgrade from 2.1.x to 2.1.4 (x = 0,1,2). To do this,
complete the following:
1.Login to your system Console port as Root.
2.Change to the root directory, using the following command:
cd /root
3.Create a directory, using the following command:
mkdir upgradepack-X.X.X-X
Where X.X.X-X, is the current software version. For this release X
sequence is 2.1.4-17
4.FTP or copy the file called cos-upgradepack-ocode-AZZZ-Y.Y.Y-Y-X.X.X-X.shar.gz from your system Software CDROM or software
package to the /root/upgradepack-X.X.X-X.
5.Change the directory to upgradepack-X.X.X-X, using the
following command:
3COM Security Switch 6200 Hardware and Software Users Guide5-1
Page 60
Upgrading the System Software
7.Once the above command completes, enter the following command at
8.Once the above command completes, enter the following command at
NOTE: Once this action completes successfully, your system software is
upgraded.
You may notice "Exec'ed Program Error" being displayed on your screen
during the upgrade process if upgrading from a release prior to 2.1.3. Please
ignore these error messages. Your system will still be upgraded properly
5-23COM Security Switch 6200 Hardware and Software Users Guide
Page 61
Upgrading the System
Software Using
the Safe Upgrade and
Rollback Features
Your system ships with two disk partitions, one partition is used for the
current runtime (RP) version of software and the other partition is for the
upgraded (UP) version of software. Each partition provides 20 Gigabytes of
disk space.
This chapter describes how to update your system software, and how to utilize
these partitions.
Using Multiple
Versions of
Software
(Safe
Upgrade)
Upgrading
from Version
2.0
Using two partitions, your system allows you to upgrade your system software
while maintaining a previous version of your configuration. The following
sections describe how to accomplish this.
To upgrade your system from Version 2.0 to a newer release, while saving
your current configuration, complete the following:
1.Connect to Console port as described in the previous section.
2.Partition your disk for dual boot. Note that this only has to be
accomplished once. To do this, from root prompt, enter the
following command:
fdisk /dev/ataraid/d0
3.Within the fdisk command, display a print(p) disk layout by entering
the letter “p”. A display similar to the following displays:
/dev/ataraid/d0p1 * 1 13 104422 83 Linux
# /boot
3COM Security Switch 6200 Hardware and Software Users Guide6-1
Page 62
Upgrading the System Software Using the Safe Upgrade
and Rollback Features
/dev/ataraid/d0p2 14 79 530145 82 Linux swap
/dev/ataraid/d0p5 80 882 6450097 83 Linux # /
/dev/ataraid/d0p6 883 2070 9542609+ 83 Linux
# /opt
/dev/ataraid/d0p7 2071 2435 2931862 83 Linux
# /var
4.Duplicate the above table for the dual boot by entering the letter “n”
five times. This adds the following partitions:
Add(n) the following logical(l) partitions in cylinders
partitioncylinderspartition
8+12/boot
9+65swap
10+802/
11+1187/opt
12+*/var
5.Toggle(t) the swap partition identification from 9 to 82 by entering the
letter “t”.
6.Save(w) the partition table by entering the letter “w”.
7.Reboot your system.
You can also perform the software upgrade when you reboot your system
using the Install Server. To do this, complete the following:
1.Check to make sure you have the right version of install-cos. To do this:
6-23COM Security Switch 6200 Hardware and Software Users Guide
Page 63
Upgrading the System Software Using the Safe Upgrade
and Rollback Features
Upgrading
from Version
2.1 and
Greater
Newer versions of Version 2.1 and greater allow you to do a full copy of the
Running Partition (RP) to an Upgrade Partition (UP) before actually
upgrading your system software.
To do this:
1.Make sure you are connected to the console.
2.Reboot your system into single user mode. To do this, at the root
prompt, enter:
init 1
3.Once the system boots into single user prompt, enter the following:
/usr/os/sbin/cos-copy-dist -p 2
This copies your entire RP disk contents into the UP. This is a total
disk copy and everything on the RP is copied to UP, including the
application configurations.
4.Once the copy is complete, enter the following:
/usr/os/bin/cos_toggle other
5.Reboot your system. Your system is booted into the UP.
6.Upgrade your system software or applications, as needed.
7.Reboot if necessary.
If all upgrades are working normally, you are now on the UP (partition set 2).
If, however, your upgrades fail, your system fails to boot up, or crashes, then
you must reboot and when you get the bootup choices for the kernel under
Grub, select the Chains option. Alternatively, if you are able to get to the root
prompt but still do not want to upgrade, enter the following:
/usr/os/bin/cos_toggle other
NOTE: To view the current partition, enter the following:
/usr/os/bin/cos_toggle
The default value is “/vmlinuz-2.4.18-5” and indicates your original RP.
To list possible selections, enter the following:
/usr/os/bin/cos_toggle -l
The “other” value indicates the second part of the disk, which is your UP.
Then reboot system.
To go back to the original partition (RP) that was working properly, reboot
the system.
3COM Security Switch 6200 Hardware and Software Users Guide6-3
Page 64
Upgrading the System Software Using the Safe Upgrade
and Rollback Features
Upgrading
from Software
to a UP While
an RP is
Operational
(Rollback)
Newer versions than 2.1 and greater allow you to install the system software
to a UP while an RP is operational. This is done using /usr/os/sbin/install-cos.
Install-cos can install to either part 1 or 2 of the disk. You can run install-cos
while the system is booted from the install server or the system is running off
the disk.
!
CAUTION:
Caution: Reboot into the UP first, making sure the UP is working, then
upgrade within the UP, leaving the good RP alone.
To install to the UP of your system while the system is running with the RP:
1.Enter the following command:
/usr/os/sbin/install-cos -p 2 <release directory>
2.Manually configure the UP identically to the RP (System configuration
and applications).
3.Switch to the RP and upgrade the RP.
4.If upgrades work correctly you are done. If, however, the upgrades fail,
reboot the system. By default the system boots with the functional UP.
6-43COM Security Switch 6200 Hardware and Software Users Guide
Page 65
Technical Support
3Com provides easy access to technical support information through a
variety of services. This chapter describes these services.
Information contained in this chapter is correct at time of publication. For
the most recent information, 3Com recommends that you access the 3Com
Corporation World Wide Web site.
Online
Technical
Services
World Wide Web Site
3Com offers worldwide product support 24 hours a day, 7days a week,
through the following online systems:
• World Wide Web site
• 3Com Knowledgebase Web Services
• 3Com FTP site
To access the latest networking information on the 3Com Corporation
World Wide Web site, enter this URL into your Internet browser:
http://www.3com.com/
This service provides access to online support information such as technical
documentation and software library, as well as support options that range
from technical education to maintenance and professional services.
3COM Security Switch 6200 Hardware and Software Users Guide7-1
Page 66
Technical Support
3Com Knowledgebase Web Services
The 3Com Knowledgebase is a database of technical information to help
you install, upgrade, configure, or support 3Com products. The
Knowledgebase is updated daily with technical information discovered by
3Com technical support engineers. This complimentary service, which is
available 24 hours a day, 7 days a week to 3Com customers and partners, is
located on the 3Com Corporation World Wide Web site at:
http://www.knowledgebase_3com.com/
3Com FTP Site
Download drivers, patches, software, and MIBs across the Internet from
the 3Com public FTP site. This service is available 24 hours a day, 7 days a
week.
To connect to the 3Com FTP site, enter the following information into your
FTP client:
Hostname: ftp.3com.com
Username: anonymous
Support from
Your Network
Supplier
Password: <your Internet e-mail address>
Note: You do not need a user name and password with Web browser
software such as Netscape Navigator and Internet Explorer.
If you require additional assistance, contact your network supplier. Many
suppliers are authorized 3Com service partners who are qualified to
provide a variety of services, including network planning, installation,
hardware maintenance, application training, and support services.
When you contact your network supplier for assistance, have the following
information ready:
• Product model name, part number, and serial number
• A list of system hardware and software, including revision levels
• Diagnostic error messages
• Details about recent configuration changes, if applicable
If you are unable to contact your network supplier, see the following section
on how to contact 3Com.
7-23COM Security Switch 6200 Hardware and Software Users Guide
Page 67
Technical Support
Support from
3Com
Email Support
If you are unable to obtain assistance from the 3Com online technical
resources or from your network supplier, 3Com offers email and telephone
technical support services. To find out more about your support options,
email or call the 3Com technical support services at the location nearest
you.
Some 3Com regions offer an email support service. To access this service for
your region, use the appropriate URL or email address from the list below.
Asia, Pacific Rim
From this region, email: apr_technical_support@3com.com
Europe, Middle East and Africa
Enter the URL: http://emea.3com.com/support/email.html
Latin America
Spanish speakers, enter the URL: http://lat.3com.com/lat/support/
form.html
Portuguese speakers, enter the URL: http://lat.3com.com/br/support/
form.html
English speakers, email: lat_support_anc@3com.com
Telephone Support
When you contact 3Com for assistance, have the following information
ready:
The following table provides a list of worldwide technical telephone support
numbers. These numbers are correct at the time of publication. Refer to the
3Com Web site for updated information.
• Product model name, part number, and serial number
• A list of system hardware and software, including revision levels
• Diagnostic error messages
• Details about recent configuration changes, if applicable
3COM Security Switch 6200 Hardware and Software Users Guide7-3
Page 68
Technical Support
Telephone Support Numbers
CountryTelephone NumberCountryTelephone Number
Asia, Pacific Rim
Australia
India
Indonesia
Malaysia
New Zealand
Pakistan
Philippines
Austria
Belgium (Flemish)
Belgium (French)
Denmark
Finland
France
Germany
Hungary
Ireland
Israel
Italy
Luxembourg
Netherlands
Norway
Poland
Portugal
South Africa
Spain
Sweden
Switzerland
U.K.
7-43COM Security Switch 6200 Hardware and Software Users Guide
Page 69
Technical Support
CountryTelephone NumberCountryTelephone Number
Latin America
North America1 800 876 3266
From the Caribbean,
Central and South
America, call:
Antigua
Argentina
Aruba
Bahamas
Barbados
Belize
Bermuda
Bonaire
Brazil
Cayman
Chile
Colombia
Costa Rica
Curacao
Ecuador
Dominican Republic
Guatemala
Haiti
Honduras
Jamiaca
Martinique
Mexico
Nicaragua
Panama
Paraguay
Peru
Puerto Rico
Salvador
Trinidad and Tobago
Uruguay
Venezuela
Virgin Islands
3COM Security Switch 6200 Hardware and Software Users Guide7-5
Page 70
Technical Support
Returning
Products for
Repair
Before you send a product directly to 3Com for repair, you must first obtain
an authorization number. Products sent to 3Com without authorization
numbers will be returned to the sender unopened, at the sender's expense.
You can obtain an authorization number (called an RMA) by entering the
following URL into your Internet browser:
http://www.3com.com/support/en_US/repair
Alternatively, you can obtain an RMA by calling or faxing one of the
numbers in the following table:
Fax Numbers for return authorization numbers
CountryTelephone NumberFax Number
Asia, Pacific Rim+65 543 6500+65 543 6348
Europe, Middle East and
Africa
Austria
Belgium (Flemish)
Belgium (French)
Denmark
Finland
France
Germany
Hungary
Ireland
Israel
Italy
Luxembourg
Netherlands
Norway
Poland
Portugal
South Africa
Spain
Sweden
Switzerland
U.K.
USA and Canada1 800 876 32661 508 323 6061 (not toll free)
7-63COM Security Switch 6200 Hardware and Software Users Guide
Page 71
Technical Support
CountryTelephone NumberFax Number
Latin America
Antigua
Argentina
Aruba
Bahamas
Barbados
Belize
Bermuda
Bonaire
Brazil
Cayman
Chile
Colombia
Costa Rica
Curacao
Ecuador
Dominican Republic
Guatemala
Haiti
Honduras
Jamiaca
Martinique
Mexico
Nicaragua
Panama
Paraguay
Peru
Puerto Rico
Salvador
Trinidad and Tobago
Uruguay
Venezuela
Virgin Islands
3COM Security Switch 6200 Hardware and Software Users Guide7-7
Page 72
Technical Support
7-83COM Security Switch 6200 Hardware and Software Users Guide
Page 73
Technical Specifications
This appendix lists the physical, environmental, and power characteristics of
the 3COM Security Switch 6200.
Physical Characteristics
A
Size (Inches): 3.5 H x 17.5 W x 25.5 D
Weight: approximately 32 lbs
Environmental Characteristics
Operating Temperature: 0 to +40 degrees C
Storage Temperature: -20 to +65 degrees C
Relative Humidity: 10 to 95 percent, non-conducting
Operating Altitude: 0 to 10,000 feet above sea level
Power Characteristics
Power: 100 to 240 VAC, 350W
3COM Security Switch 6200 Hardware and Software Users GuideA-1
Page 74
Technical Specifications
A-23COM Security Switch 6200 Hardware and Software Users Guide
Page 75
Connector Pin Assignments
This appendix describes the craft port pin assignments:
The Craft port, located on the front of the system, uses a DB- 9 connector
with the following pin identifications and associated signals.
DB-9 ConnectorPin NumberSignal
B
1No Connection
2TDX
3RXD
4DSR
5GND
6DTR
7CTS
8RTS
9No Connection
3COM Security Switch 6200 Hardware and Software Users GuideB-1
Page 76
Connector Pin Assignments
B-23COM Security Switch 6200 Hardware and Software Users Guide
Page 77
Regulatory Information
This appendix provides the following compliance statements:
• Regulatory Standards Compliance
• Radio Frequency Interference
• VCCI Statement
C
Regulatory Standards Compliance
The following regulatory agencies have approved the 3COM Security Switch
6200 and have found it to be fully compliant with their environmental, safety,
and emissions standards.
CE marking for the EEA (European Economic Area)
• Low Voltage Directive 73/23/EEC
• EMC Directive 89/336/EEC
Safety
• IEC 60950
• UL 60950
• CSA C22.2 No. 60950
Factory Approvals
• UL/CSA
3COM Security Switch 6200 Hardware and Software Users GuideC-1
Page 78
Regulatory Information
EMI Compliance
Radio Frequency Interference
In accordance with FCC Part 15 Subpart B requirements, changes or
modifications made to this equipment not expressly approved by 3COM
Corporation could void the user’s authority to operate this equipment.
The 3COM Security Switch 6200 is designed for Class A use only. Do not
attempt to use this equipment in a domestic environment, which requires
Class B distinction. The system may cause interference with domestic
products.
This equipment produces electromagnetic energy at radio frequencies and,
if not installed and operated in accordance with 3COM instructions, as
contained in this document, could cause interference to radio
communications and/or interfere with the operation of other RF devices.
This equipment has been tested and found to comply with the limits for a
Class A Computing Device pursuant to Subpart B of Part 15 of the FCC
Rules, which are designed to provide reasonable protection against such
interference when the equipment is operated in a commercial environment.
Operation of this equipment in a residential area may cause interference.
Should this occur, the user may be required to discontinue operation of the
equipment, or take other such measures as may be adequate to rectify the
condition at the user’s expense.
NOTE
VCCI Statement V-3/2000.04
This is a Class A product based on the standards of the Voluntary Control
Council for Interference by Information Technology Equipment (VCCI). If
this equipment is used in a domestic environment, radio disturbance may
arise. When such trouble occurs, the user may be required to take
corrective actions.
Other EMI Approvals
• EN 55022
• AS/NZS 3548:95
• BSMI CNS 13438 Class A
Immunity Compliance
The system meets all EN 55024 immunity testing.
C-23COM Security Switch 6200 Hardware and Software Users Guide
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.