ADTRAN 1202362L1, 1202363L2, 1202362L2, 1202363L1, 1202366L2 Hardware Installation Manual

...

Download

Page 1

NetVanta 2000 Series

Internet Security Appliances

Hardware Installation Guide

1202361L2 NetVanta 2100 Unit

1202362L1 NetVanta 2050 Unit, Firewall Only

1202362L2 NetVanta 2050 Unit

1202363L1 NetVanta 2054 Unit, Firewall Only

1202363L2 NetVanta 2054 Unit

1202366L2 NetVanta 2300 Unit

1202367L2 NetVanta 2400 Unit

61202361L2-34D March 2006

Page 2

Trademarks NetVanta 2000 Series Hardware Installation Guide

Trademarks

Any brand names and product names included in this manual are trademarks, registered trademarks, or trade names of their respective holders.

To the Holder of this Manual

The contents of this manual are current as of the date of publication. ADTRAN reserves the right to change the contents without prior notice.

In no event will ADTRAN be liable for any special, incidental, or consequential damages or for commercial losses even if ADTRAN has been advised thereof as a result of issue of this publication.

Software Licensing Agreement

Each ADTRAN product contains a single license for ADTRAN supplied software. Pursuant to the Licensing Agreement, you may: (a) use the software on the purchased ADTRAN device only and (b) keep a copy of the software for backup purposes. This Agreement covers all software installed on the system as well as any software available on the ADTRAN website. In addition, certain ADTRAN systems may contain additional conditions for obtaining software upgrades.

Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

901 Explorer Boulevard

P.O. Box 140000

Huntsville, AL 35814-4000

Phone: (256) 963-8000

www.adtran.com

Printed in U.S.A.

Page 3

NetVanta 2000 Series Hardware Installation Guide Conventions

Conventions

Notes provide additional useful information.

Cautions signify information that could prevent service interruption or damage to the equipment.

Warnings provide information that could prevent endangerment to human life.

Page 4

Safety Instructions NetVanta 2000 Series Hardware Installation Guide

Safety Instructions

When using your communications equipment, please follow these basic safety precautions to reduce the risk of fire, electrical shock, or personal injury:

1. Do not use this product near water such as a bathtub, wash bowl, kitchen sink, laundry tub, in a wet basement, or near a swimming pool.

2. Avoid using a telephone (other than a cordless-type) during an electrical storm. There is a remote risk of shock from lightning.

3. Do not use a telephone to report a gas leak in the vicinity of the leak.

4. Use only the power cord, power supply, and/or batteries indicated in the manual. Do not dispose of batteries in a fire. They may explode. Check with local codes for special disposal instructions.

5. The socket-outlet shall be installed near the equipment and shall be easily accessible.

Save These Important Safety Instructions

Page 5

NetVanta 2000 Series Hardware Installation Guide FCC Radio Frequency Interference Statement

FCC Radio Frequency Interference Statement

FCC Radio Frequency Interference Statement for NetVanta 2300 and NetVanta 2400

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio frequencies. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

FCC Radio Frequency Interference Statement for NetVanta 2050, NetVanta 2054, and NetVanta 2100

Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Page 6

Canadian Emissions Requirements NetVanta 2000 Series Hardware Installation Guide

Canadian Emissions Requirements

Canadian Emissions Requirements for NetVanta 2050, NetVanta 2054, and NetVanta 2100

This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of Communications.

Cet appareil numérique respecte les limites de bruits radioelectriques applicables aux appareils numériques de Class A prescrites dans la norme sur le materiel brouilleur: “Appareils Numériques,” NMB-003 edictee par le ministre des Communications.

Canadian Emissions Requirements for NetVanta 2300 and NetVanta 2400

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of Communications.

Page 7

NetVanta 2000 Series Hardware Installation Guide Warranty

Warranty

ADTRAN will repair and return this product within the warranty period if it does not meet its published specifications or fails while in service. Warranty information can be found in the Support section of the ADTRAN website at http://www.adtran.com

Product Registration

Registering your product helps ensure complete customer satisfaction. Please take time to register your products in the Support section of the ADTRAN website at http://www.adtran.com

Product Support Information

A return material authorization (RMA) is required prior to returning equipment to ADTRAN. For service, RMA requests, training, or more information, use the contact information shown below.

Repair and Return

If you determine that a repair is needed, please contact our Customer and Product Service (CaPS) department to have an RMA number issued. CaPS should also be contacted to obtain information regarding equipment currently in house or possible fees associated with repair.

CaPS Department (256) 963-8722

Identify the RMA number clearly on the package (below the address), and return to the following address:

ADTRAN Customer and Product Service 901 Explorer Blvd. (East Tower) Huntsville, Alabama 35806

RMA # _____________

Pre-Sale Inquiries and Applications Support

Your reseller should serve as the first point of contact for support. If additional pre-sales support is needed, the ADTRAN Support website provides a variety of support services such as a searchable knowledge base, the latest product documentation, application briefs, case studies, and a link to submit a question to an Applications Engineer. All of this, and more, is available in the Support section of the ADTRAN website at

http://www.adtran.com

When needed, further pre-sales assistance is available by calling our Applications Engineering Department.

Applications Engineering (800) 615-1176

Page 8

Product Support Information NetVanta 2000 Series Hardware Installation Guide

Post-Sale Support

Your reseller should serve as the first point of contact for support. If additional support is needed, the ADTRAN website provides a variety of support services such as a searchable knowledge base, updated firmware releases, latest product documentation, service request ticket generation and trouble-shooting tools. All of this, and more, is available in the Support section of the ADTRAN website at

http://www.adtran.com.

When needed, further post-sales assistance is available by calling our Technical Support Center. Please have your unit serial number available when you call.

Technical Support (888) 4ADTRAN

International Technical Support 1-256-963-8716

Installation and Maintenance Support

The ADTRAN Custom Extended Services (ACES) program offers multiple types and levels of installation and maintenance services which allow you to choose the kind of assistance you need. This support is available at:

http://www.adtran.com/aces

For questions, call the ACES Help Desk.

ACES Help Desk (888) 874-ACES (2237)

Training

The Enterprise Network (EN) Technical Training Department offers training on our most popular products. These courses include overviews on product features and functions while covering applications of ADTRAN's product lines. ADTRAN provides a variety of training options, including customized training and courses taught at our facilities or at your site. For more information about training, please contact your Territory Manager or the Enterprise Training Coordinator.

Training Phone (800) 615-1176, ext. 7500

Training Fax (256) 963-6700

Training Email training@adtran.com

Page 9

Table of Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

The NetVanta Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Protection Against Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

VPN Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Web-Based Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Features and Specifications17

Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

IPSec Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Dynamic Host Configuration Protocol ( DHCP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Point-to-Point Protocol over Ethernet (PPPoE). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Unpack and Inspect the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Contents of ADTRAN Shipments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Equipment Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Reviewing the Base Unit Front Panel Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Reviewing the Unit Rear Panel Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Rear Panel Interfaces and LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Unit Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Tools Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Mounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Wall Mounting NetVanta 2000 Series Internet Security Appliances . . . . . . . . . . . . . 26

Rack Mounting NetVanta 2000 Series Internet Security Appliances . . . . . . . . . . . . 28

Supplying Power to the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

NetVanta 2050, NetVanta 2054, and NetVanta 2100 . . . . . . . . . . . . . . . . . . . . . . . . 30

NetVanta 2300 and NetVanta 2400 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Installing Management Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Configuring the Host IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Microsoft Windows 2000

or Windows XP Microsoft Windows NT® or Windows 98/95 POSIX®-Compliant UNIX®/LINUX

® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Connector Pin Definitions35

Index37

Page 10

Table of Contents NetVanta 2000 Series Hardware Installation Guide

Page 11

List of Figures

Figure 1. NetVanta 2050 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Figure 2. NetVanta 2054 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Figure 3. NetVanta 2100 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 4. NetVanta 2300 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 5. NetVanta 2400 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 6. NetVanta 2050 and NetVanta 2100 Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 7. NetVanta 2054 Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 8. NetVanta 2300 and NetVanta 2400 Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 9. Wall Mounting the NetVanta 2050, NetVanta 2054, or NetVanta 2100 . . . . . . . . . . . . . 26

Figure 10. Wall Mounting the NetVanta 2300 or 2400 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Figure 11. Proper Mounting Bracket Orientation for Rack Mounting. . . . . . . . . . . . . . . . . . . . . . . . 29

Page 12

List of Figures NetVanta 2000 Series Hardware Installation Guide

Page 13

List of Tables

Table 1. The NetVanta Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Table 2. NetVanta 2000 Series LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Table A-1. 10/100BaseT Pinouts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Table A-2. CONSOLE (DCE) Port Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Page 14

List of Tables NetVanta 2000 Series Hardware Installation Guide

Page 15

NetVanta 2000 Series Hardware Installation Guide Introduction

1. INTRODUCTION

This hardware installation guide describes the NetVanta 2000 Series, lists unit specifications, details basic functionality, and gives installation instructions. For more information on device configuration for a specific application, refer to the quick start documents provided on your ADTRAN OS System

Documentation CD. For details on the command line interface, refer to the AOS Command Reference Guide also included on your CD.

The NetVanta Solution

ADTRAN’s NetVanta 2000 Series of virtual private network (VPN) products includes small- to mid-range IP Security (IPSec) compliant gateways providing all the necessary components required to secure an integrated VPN solution. With their built-in stateful inspection firewalls, these components protect the corporate network against attack and provide data security through encryption, authentication, and key exchange. Table 1 describes the primary uses of the NetVanta 2000 Series.

Table 1. The NetVanta Solution

NetVanta Unit Primary Use

2050, 2054, 2100 For remote access and site-to-multisite connectivity. Targets the corporate branch

office, the small office/home office (SOHO), and business-to-business application.

2300, 2400 For branch office or mid-sized host security gateway. Provides features similar to

the NetVanta 2100, but with more bandwidth and additional private ports that can be used for securing multiple LANs.

In this document, the term “NetVanta 2000 Series” means the NetVanta 2050, NetVanta 2054, NetVanta 2100, NetVanta 2300, and NetVanta 2400. If a statement only applies to one particular device, the text refers to the device individually.

Security

The NetVanta 2000 Series provides key security and data management features such as IPSec VPN tunneling, stateful inspection firewall (providing cyber assault protection), authenticated remote user access, and Network Address Translation (NAT). Adherence to IPSec standards (established and maintained by the IETF) makes the NetVanta 2000 Series interoperable with many other IPSec-compliant gateways, allowing for a multivendor VPN solution.

Protection Against Attacks

The NetVanta 2000 Series protects the corporate network against attacks with a built-in firewall and provides data security through encryption, authentication, and key exchange. The NetVanta 2000 Series employs a stateful inspection firewall that protects an organization's network from common cyber attacks including TCP syn-flooding, IP spoofing, ICMP redirect, land attacks, ping-of-death, and IP reassembly problems.

Page 16

Introduction NetVanta 2000 Series Hardware Installation Guide

Encryption

The NetVanta 2000 Series encrypts data being sent out onto the network, using either the Data Encryption Standard (DES) or Triple Data Encryption Standard (3DES) encryption algorithms. Data integrity is ensured during transmission across the public infrastructure using Message Digest 5 (MD5) or Secure Hash Algorithm version 1 (SHA1). In addition, Internet Key Exchange (IKE) can be used for user authentication supporting public and private keys or digital certificates, ensuring that the proper VPN tunnel is established and that the tunnel has not been redirected or compromised.

VPN Tunneling

NetVanta 2000 Series units are IPSec-compliant devices that support both encapsulation security payload (ESP) and authentication header (AH) protocols and provide secure communication over potentially unsecure network components. Acting as security gateways, the NetVanta 2050 and NetVanta 2054 can provide up to five private encryption communication tunnels through the Internet with remote locations, and the NetVanta 2100 can provide up to ten. The larger scale NetVanta 2300 offers support for up to 500 private encryption tunnels. For networks requiring more than 500 tunnels, the NetVanta 2400 provides 1000 private encryption tunnels. A NetVanta 2000 Series unit can also hide IP addresses from the external world by performing NAT. The internal router allows multiple users to share a VPN connection and can also direct incoming IP traffic.

Web-Based Management

A remote NetVanta 2000 Series can easily be configured and managed using a standard Web browser or Telnet using the command line interface (CLI). The NetVanta 2000 Series also has a built-in alert and logging mechanism for messaging and mail services. This enables the units to warn administrators about network activities by logging the activities into a syslog server or sending an e-mail to the administrator.

Performance

Unlike a software-implemented VPN solution (which depends on local CPU and memory performance to implement encryption), the NetVanta 2000 Series is a standalone hardware platform that off-loads the CPU-intensive encryption process. (CPU performance is impacted by 3DES encryption, possibly slowing all the local processes on the computer.) Since a NetVanta 2000 Series offers dedicated processing platforms to drive the encryption process, local computer performance is unaffected.

Page 17

NetVanta 2000 Series Hardware Installation Guide Introduction

Features and Specifications

The NetVanta 2000 Series provides granular control over network access that includes maximum security, data authenticity and privacy, and significant ease of use. The following list highlights the NetVanta 2000 Series’ major features.

Physical Interfaces

• PUBLIC RJ-45 10/100BaseT auto-sensing Ethernet interface

• PRIVATE (2050/2100) RJ-45 10/100BaseT auto-sensing Ethernet interface

• PRIVATE (2054) RJ-45 10/100BaseT auto-sensing Ethernet switch ports

• PRIVATE 1

• PRIVATE 2 (2300 /2400) RJ-45 10/100BaseT auto-sensing Ethernet interface

• PRIVATE 3 (2400/ 2400) RJ-45 10/100BaseT auto-sensing Ethernet interface

• CONSOLE RS-232 for off-line configuration

Firewall Features

• Stateful inspection firewall

– Provides support against the following attacks: IP spoofing, land attack, ping of death, and

reassembly attack

– Provides checks for the following attacks: ICMP redirect, syn flooding, winnuke, and source

routing

• Application content filtering

• Cyber assault protection

• HTTP relay

(2300/2400) RJ-45 10/100BaseT auto-sensing Ethernet interface

Address Translation

• Basic NAT (1:1)

• NAPT (many:1)

• Reverse NAT (translation of an inbound session’s destination IP address)

IPSec Tunnel

• ESP

•AH

• Manual key management or automatic key management using IKE

• X.509 certificate support

• MD5-HMAC (Hashed Message Authentication Code)128-bit authentication algorithm

• SHA1-HMAC 160-bit authentication algorithm

• DES-CBC (Cipher Blocking Chaining) 56-bit encryption

• 3DES-CBC 168-bit encryption

Page 18

Introduction NetVanta 2000 Series Hardware Installation Guide

Administration

• Command line interface

• Web-based management - Provides a GUI for configuring the NetVanta 2000 Series

• Syslog logging in WELF format

• E-mail alerts (SMTP) - For when programmed thresholds are reached

Dynamic Host Configuration Protocol ( DHCP)

• Server (to manage IP addresses on local networks)

– Supports multiple IP address ranges on local networks

– User-defined lease duration

– Real time status of active leases

• Client (to acquire the public-side IP address from service provider)

Point-to-Point Protocol over Ethernet (PPPoE)

• Client (to acquire the public-side IP address from service provider)

Routing

• Transmission Control Protocol/Internet Protocol (TCP/IP)

• Static routes

• Routing Internet Protocol (RIP) version 1, version 2, and a combination of both

• Separate RIP configuration for the private and public side

• RIP with authentication

• Open Shortest Path First (OSPF)

Unpack and Inspect the System

Each NetVanta 2000 Series is shipped in its own cardboard shipping carton. Open each carton carefully and avoid deep penetration into the carton with sharp objects. After unpacking the unit, inspect it for possible shipping damage. If the equipment has been damaged in transit, immediately file a claim with the carrier and contact ADTRAN Customer Service (refer to Repair and Return on page 7).

Contents of ADTRAN Shipments

NetVanta 2050, NetVanta 2054, and

Shipments of the NetVanta 2050, NetVanta 2054, and NetVanta 2100 include the following items:

•NetVanta unit

• ADTRAN OS System Documentation CD

• Warranty Card

• AC adapter (ADTRAN P/N 336012 VUR01)

• Crossover Ethernet cable (ADTRAN P/N 8125M012) for connecting the NetVanta directly to a PC

NetVanta 2100

Page 19

NetVanta 2000 Series Hardware Installation Guide Introduction

NetVanta 2300 and NetVanta 2400

Shipments of the NetVanta 2300 and NetVanta 2400 include the following items:

• NetVanta unit with brackets attached

• ADTRAN OS System Documentation CD

• Warranty Card

• AC power cable (ADTRAN P/N 3127009)

Page 20

Product Overview NetVanta 2000 Series Hardware Installation Guide

2. PRODUCT OVERVIEW

Equipment Dimensions

• The NetVanta 2050, NetVanta 2054, and NetVanta 2100 measure 7.5-inch W x 5.38-inch D x 1.75-inch H. These units come equipped for tabletop and wallmount use. An optional rackmount shelf is available from ADTRAN (P/N 1200412L1).

• The NetVanta 2300 and NetVanta 2400 measure 17.25-inch W x 7.75-inch D x 1.75-inch H. These units come equipped for rackmount or wallmount use.

Power Requirements

• The NetVanta 2050, NetVanta 2054, and NetVanta 2100 have a maximum power consumption of 9 W and a maximum current draw of 800 mA.

• The NetVanta 2300 and NetVanta 2400 have a maximum power consumption of 6 W and a maximum current draw of 200 mA.

Reviewing the Base Unit Front Panel Designs

The NetVanta 2050 (see Figure 1), NetVanta 2054 (see Figure 2), and NetVanta 2100 (see Figure 3 on page

21) front panels provide status LEDs for both the private and public interfaces, as well as VPN tunnels and

traffic.

Figure 1. NetVanta 2050 Front Panel Layout

Figure 2. NetVanta 2054 Front Panel Layout

Page 21

NetVanta 2000 Series Hardware Installation Guide Product Overview

Figure 3. NetVanta 2100 Front Panel Layout

The NetVanta 2300 (see Figure 4) and NetVanta 2400 (see Figure 5) front panels provide status LEDs for the public (

PUB) and private (PRIV 1, PRIV 2, and PRIV 3) interfaces, as well as VPN tunnels and traffic.

NetVanta 2300

Figure 4. NetVanta 2300 Front Panel Layout

Figure 5. NetVanta 2400 Front Panel Layout

Page 22

Product Overview NetVanta 2000 Series Hardware Installation Guide

Front Panel LEDs

Table 2 describes the front panel LEDs.

Table 2. NetVanta 2000 Series LEDs

LED Color Indication

PWR

Red (solid) Unit has power, but the boot process failed.

(2050/2054/2100)

Green (flashing) Unit has power and is booting.

STATUS (2300/2400)

VPN STAT

Green (solid) Unit has power and has successfully completed the

boot process.

Red (slow flash) Phase 1 IKE VPN negotiation has failed.

(2050/2054/2100)

Red (fast flash) Phase 2 IKE VPN negotiation has failed.

VPN STATUS

Amber (fast flash) Phase 2 IKE VPN negotiation is in progress.

(2300/2400)

Amber and green (alternating slow flash)

There is an active tunnel and an additional IKE Phase 1 VPN negotiation is in progress.

Green (solid) Phase 2 IKE VPN negotiation has completed

successfully.

VPN TD/RD Green VPN data is being transmitted/received by the unit.

PUB TD/RD Green Data is being transmitted/received on the public

interface.

PUB LNK

Green (solid) 10BaseT Ethernet link is up.

(2300/2400)

Amber (solid) 100BaseT Ethernet link is up.

*PRIV TD/RD Green Data is being transmitted/received on the private

interface.

*PRIV LNK

Green (solid) 10BaseT Ethernet link is up.

(2300/2400)

Amber (solid) 100BaseT Ethernet link is up.

*Note: The NetVanta 2300 and NetVanta 2400 have multiple private ports. These ports are labeled

PRIV 1, PRIV 2, and PRIV 3.

Page 23

NetVanta 2000 Series Hardware Installation Guide Product Overview

Reviewing the Unit Rear Panel Designs

The NetVanta 2050 and NetVanta 2100 rear panels contain two Ethernet ports, a DB-9 serial connection, and a power connection (see Figure 6).

Figure 6. NetVanta 2050 and NetVanta 2100 Rear Panel Layout

The NetVanta 2054 rear panel contains five Ethernet ports (a public connection and an integral four-port private Ethernet switch), a DB-9 serial connection, and a power connection (see Figure 7).

ETH 0/2 ETH 0/3 ETH 0/4 ETH 0/5

Figure 7. NetVanta 2054 Rear Panel Layout

The NetVanta 2300 and the Netvanta 2400 rear panels contain four Ethernet ports, a DB-9 serial connection, and a power connection (see Figure 8).

Figure 8. NetVanta 2300 and NetVanta 2400 Rear Panel Layout

Page 24

Product Overview NetVanta 2000 Series Hardware Installation Guide

Rear Panel Interfaces and LEDs

PUBLIC Interface

The NetVanta 2000 Series provides a standard 10/100BaseT Ethernet interface for connecting to the wide area network (WAN). Connect the public interface to a hub connected to the router interfacing with the non-secure Internet or the modem (cable or DSL) used for Internet access. A dynamic host configuration protocol (DHCP) client is enabled on the public interface by default. References to the public interface include Internet, WAN, and ETH 0/1. Table A-1 on page 35 shows the 10/100BaseT pinouts.

PRIVATE (NetVanta 2050/2054/2100)/PRIVATE 1 (NetVanta 2300 and Netvanta 2400) Interface

The NetVanta 2000 Series provides a standard 10/100BaseT Ethernet interface for connection to the local corporate network. (The 2054 provides an integral four-port Ethernet switch.) Connect the private interface to a hub located on your local corporate network. A DHCP server is enabled on the private interface by default.

References to the private interface include LAN, corporate, and ETH 0/2. (The four ports on the 2054 are referenced as ETH 0/2, ETH 0/3, ETH 0/4, and ETH 0/5.) Table A-1 on page 35 shows the 10/100BaseT pinouts.

PRIVATE 2 and PRIVATE 3 Interface (NetVanta 2300 and NetVanta 2400)

The NetVanta 2300 and NetVanta 2400 have two additional 10/100BaseT Ethernet interfaces to be configured per user preference. Table A-1 on page 35 shows the 10/100BaseT pinouts.

CONSOLE (Serial Interface)

The NetVanta 2000 Series provides a DB-9 serial communication port (CONSOLE) for accessing the command line interface. Table A-2 on page 35 shows the pinouts for the DB-9 connector.

Power Connection

NetVanta 2050, NetVanta 2054, and NetVanta 2100

NetVanta 2050, NetVanta 2054, and NetVanta 2100 include an AC adapter (which generates 12 VDC at 800 mA). Connect the AC adapter to a standard 120 VAC, 60 Hz electrical outlet for proper operation.

NetVanta 2300 and NetVanta 2400

NetVanta 2300 and NetVanta 2400 include an auto sensing 100 to 250 VAC, 50/60 Hz power supply with a three-prong removable cable. Connect the power supply to a standard 120 VAC, 60 Hz, or 220 VAC, 50 Hz electrical outlet for proper operation.

Page 25

NetVanta 2000 Series Hardware Installation Guide Unit Installation

3. UNIT INSTALLATION

The instructions and guidelines provided in this section cover hardware installation topics. These instructions are presented as follows:

• Wall Mounting NetVanta 2000 Series Internet Security Appliances on page 26

• Rack Mounting NetVanta 2000 Series Internet Security Appliances on page 28

• Supplying Power to the Unit on page 29

For information on router configuration for a specific application, refer to the quick start documents provided on your ADTRAN OS System Documentation CD. For details on the command line interface, refer to the AOS Command Reference Guide (also included on your CD).

To prevent electrical shock, do not install equipment in a wet location or during a lightning storm.

Tools Required

The customer-provided tools required for the hardware installation of the NetVanta 2000 Series are as follows:

• UTP Ethernet cable to connect unit to existing network

• Phillips-head screwdriver (rack and wallmount applications only)

• Internet browser for configuring the unit using the GUI

To access the command line interface (CLI) of the NetVanta 2000 Series, you will also need a VT100 terminal or PC with terminal emulation software and a console port cable. Instructions on how to access the CLI are given in the AOS Command Reference Guide (provided on the ADTRAN OS System Documentation CD).

Mounting Options

The NetVanta 2050, NetVanta 2054, and NetVanta 2100 may be installed in a wallmount or tabletop configuration. The NetVanta 2300 and NetVanta 2400 may be installed in a tabletop, wallmount, or 19-inch rackmount configuration. The following sections provide step-by-step instructions for wall mounting and rack mounting.

Page 26

Unit Installation NetVanta 2000 Series Hardware Installation Guide

Wall Mounting NetVanta 2000 Series Internet Security Appliances

NetVanta 2050, NetVanta 2054, and NetVanta 2100

Instructions for Wall Mounting NetVanta 2050, NetVanta 2054, or NetVanta 2100

Step Action

1 Decide on a location for the NetVanta. Mount the unit at or below eye-level so that the LEDs are

viewable.

2 Prepare the mounting surface by attaching a board (typically plywood, 3/ 4- to 1-inches thick) to

a wall stud.

Important! Mounting to a stud ensures stability. Using sheetrock anchors may not provide sufficient long-term stability.

3 Install two #8 (1 1/ 2 inches or greater in length) wood screws into the mounted board following

these guidelines and referring to Figure 9:

• Screws should be spaced horizontally, approximately 5 inches apart. Find exact positioning by using the location of the two keyed insets on the bottom of the NetVanta as a guide. You can also use the Mounting Template located on your ADTRAN OS System Documentation CD.

• Screws should be horizontally level with each other.

• Leave approximately 1/4 inch of the screws protruding from the board to allow the heads of the screws to slide into place in the unit’s keyed insets.

4 Slide the keyed insets on the bottom of the NetVanta chassis securely onto the screws.

5 Proceed to the steps given in Supplying Power to the Unit on page 29.

Figure 9. Wall Mounting the NetVanta 2050, NetVanta 2054, or NetVanta 2100

Page 27

NetVanta 2000 Series Hardware Installation Guide Unit Installation

NetVanta 2300 and NetVanta 2400

Instructions for Wall Mounting NetVanta 2300 or NetVanta 2400

Step Action

1 Orient the brackets (mounting ears), one on each side, such that the portion of the bracket with

the mounting holes is flush with the bottom of the chassis (see Figure 10 on page 28). (If the brackets are already attached in a rackmount position, you will have to detach them and rotate them 90 degrees to orient them properly, as shown in the figure.)

2 Decide on a location for the NetVanta 2000 Series. Mount the unit at or below eye-level so that

the LEDs are viewable.

Important! Mount the chassis with LEDs facing to the side (not up or down) as shown in

Figure 10).

3 Prepare the mounting surface by attaching a board (typically plywood, 3/ 4- to 1-inch thick) to a

wall stud.

Important! Mounting to a stud ensures stability. Using sheetrock anchors may not provide sufficient long-term stability.

4 Have someone else hold the unit in position as you install two 3/ 32- to 1/ 8-inch (1 1/ 2 inches

or greater in length) wood screws through the each of the unit’s brackets and into the mounted board. See Figure 10 on page 28.

5 Proceed to the steps given in Supplying Power to the Unit on page 29.

To avoid damaging unit, use only the screws included in shipment when attaching mounting ears to the chassis.

Page 28

Unit Installation NetVanta 2000 Series Hardware Installation Guide

Figure 10. Wall Mounting the NetVanta 2300 or 2400

Rack Mounting NetVanta 2000 Series Internet Security Appliances

The NetVanta 2300 and NetVanta 2400 are 1U-high, rack-mountable units which can be installed into 19-inch equipment racks. Follow these steps to mount the NetVanta 2000 Series into a rack:

Instructions for Rack Mounting NetVanta 2300 or NetVanta 2400

Step Action

1 Position the NetVanta 2000 Series in a stationary equipment rack. This unit occupies 1U of

space. To allow proper grounding, scrape the paint from the rack around the mounting holes where the NetVanta 2000 Series will be positioned.

2 Have an assistant hold the unit in position as you install two mounting bolts through each of the

unit’s brackets and into the equipment rack using a #2 Phillip’s screwdriver. (The brackets must be oriented with the mounting holes facing forward, as shown in Figure 11.)

3 Proceed to the steps given in Supplying Power to the Unit on page 29.

Page 29

NetVanta 2000 Series Hardware Installation Guide Unit Installation

Be careful not to compromise the stability of the equipment mounting rack when installing this product.

To avoid damaging unit, use only the screws included in shipment when attaching mounting ears to the chassis.

Figure 11. Proper Mounting Bracket Orientation for Rack Mounting

Supplying Power to the Unit

As shipped, the NetVanta 2000 Series is set to factory default conditions. After installing the unit, the NetVanta 2000 Series is ready to be powered up. To power the unit, ensure that the unit is properly connected to an appropriate power source (as outlined in the sections which follow).

Page 30

Unit Installation NetVanta 2000 Series Hardware Installation Guide

NetVanta 2050, NetVanta 2054, and NetVanta 2100

The NetVanta 2050, NetVanta 2054, and NetVanta 2100 are supplied with a detachable AC adapter (which generates 12 VDC at 800 mA) for connecting to a grounded power receptacle.

• This unit shall be installed in accordance with Articles 300 and 400 of NEC NFPA 70.

• Maximum recommended ambient operating temperature is 50

NetVanta 2300 and NetVanta 2400

The AC powered NetVanta 2300 and NetVanta 2400 come equipped with an auto-sensing 100 to 250 VAC, 50/60 Hz power supply for connecting to a grounded power receptacle. A grounded, three-plug, detachable cable is included with the shipment for connecting to an appropriate power source.

• This unit shall be installed in accordance with Articles 300 and 400 of NEC NFPA 70.

• Power to the NetVanta 2300/2400 AC system must be from a grounded 100 to 250 VAC,

50/60 Hz source.

• The power receptacle uses double-pole, neutral fusing.

• Maximum recommended ambient operating temperature is 50

Page 31

NetVanta 2000 Series Hardware Installation Guide Installing Management Components

4. INSTALLING MANAGEMENT COMPONENTS

Configuring the NetVanta 2000 Series through the Web interface requires a host computer with an Ethernet interface and a Web browser. ADTRAN recommends using Internet Explorer 5.5 or greater for optimal viewing of configuration Web pages.

The NetVanta 2000 Series is configured with a default IP address of 10.10.10.1 and a subnet mask of

255.255.255.0 on the private interface. Select an IP address in the same range as the NetVanta unit and assign it to the host computer running the Web browser. An example IP address is 10.10.10.50 with a subnet mask of 255.255.255.0. This section contains detailed procedures for assigning the selected IP address to a host computer for each of the popular operating systems.

After configuring the IP address of your host, open your installed browser and enter 10.10.10.1 in the URL field. The NetVanta login window appears. Enter click the page appears. Use the

OK button. (The default password is password.) After logging into the NetVanta, the Interfaces

Getting Started page to walk through the setup process.

For security purposes, it is important to set up an admin password immediately. Use the Passwords page of the Web interface to change this password.

admin as the username, enter your admin password, and

If you have a PC with DHCP client capabilities enabled, connect the NetVanta unit directly to your computer using the supplied Ethernet crossover cable. No other IP address configuration is necessary.

NetVanta units have DHCP server capabilities enabled by default. Connecting the unit to a network with a functioning DHCP server can cause IP address assignment conflicts.

For any operating system not discussed in this section, refer to the system’s user documentation for instructions on assigning IP addresses.

Configuring the Host IP Address

Select from the following options: Microsoft Windows 2000® or Windows XP®; Microsoft Windows NT® or Windows 98/95

; or POSIX®-Compliant UNIX®/LINUX®.

Depending on the operating system, changing a PC’s TCP/IP setting may require a reboot.

Page 32

Installing Management Components NetVanta 2000 Series Hardware Installation Guide

Microsoft Windows 2000® or Windows XP

1. In Windows 2000, follow the menu path START>SETTINGS>CONTROL PANEL. In Windows XP, the path may be

2. After the

ONNECTIONS in Windows XP) icon to display the existing network connections.

3. After the

START>CONTROL PANEL, depending on your local settings.

CONTROL PANEL opens, double-click the NETWORK AND DIALUP CONNECTIONS (NETWORK

NETWORK AND DIALUP CONNECTIONS (or NETWORK CONNECTIONS) open, double-click on

the icon representing the local area connection.

4. After the local area connection

5. After the local area connection

(TCP/IP)

component, and click the PROPERTIES button.

STATUS window opens, click the PROPERTIES button.

PROPERTIES window opens, select the INTERNET PROTOCOL

6. Continue with one of the following options:

Set the IP Address Yourself OR Use DHCP to Assign an IP Address

• Wait for the INTERNET P ROTOCOL (TCP/IP)

ROPERTIES window to display.

• Select the

USE THE FOLLOWING IP ADDRESS

radio button.

• Enter the IP address as:

• Enter the subnet mask as:

• Enter the default gateway as:

10.10.10.50.

255.255.255.0.

10.10.10.1.

• Wait for the INTERNET PROTOCOL (TCP/IP)

ROPERTIES window to display.

• Select the

UTOMATICALLY radio button.

OBTAIN AN IP ADDRESS

7. Click

8. Click

9. Close the

10. Close the

OK to close the INTERNET PROTOCOL (TCP/IP) PROPERTIES window.

OK to close the local area connection PROPERTIES window.

NETWORK AND DIALUP CONNECTIONS (or NETWORK CONNECTIONS) window.

CONTROL PANEL window.

If your network uses DHCP for dynamic IP addressing, remember to return the TCP/IP properties of your computer back to dynamic IP addressing after completing your installation.

Microsoft Windows NT® or Windows 98/95

1. In Windows, follow the menu path START>SETTINGS>CONTROL PANEL.

2. After the

CONTROL PANEL opens, double-click the NETWORK icon to display the existing network

configuration.

3. Select

TCP/IP from the list of installed network components. If there are multiple sessions, select

the one for the Ethernet card in the host computer.

4. Click

PROPERTIES, which shows in a multi-paned window the existing properties of the TCP/IP

protocol running on the host computer.

5. Select the

IP ADDRESS pane by clicking on it.

Page 33

NetVanta 2000 Series Hardware Installation Guide Installing Management Components

6. Check the SPECIFY AN IP ADDRESS radio button.

7. Continue with one of the following options:

Set the IP Address Yourself OR Use DHCP to Assign an IP Address

•Enter the IP ADDRESS as 10.10.10.50

• Enter the

SUBNET MASK as 255.255.255.0.

•Enable the OBTAIN AN IP ADDRESS

UTOMATICALLY checkbox.

8. Click

9. Click

OK to close the PROPERTIES window.

OK on the NETWORK configuration window, which will ask you to reboot the browser

computer.

10. Click

YES to reboot your computer.

If your network uses DHCP for dynamic IP addressing, remember to return the TCP/IP properties of your computer back to dynamic IP addressing after completing your installation.

POSIX®-Compliant UNIX®/LINUX

1. Log in as root, or change to superuser.

2. Run the

ifconfig command -a option to list the configured network interfaces in the system. This

will show the Ethernet interface name as well. For example:

#ifconfig -a

lo0: flags=863<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000

hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500

inet 192.103.55.186 netmask ffffff00 broadcast 192.103.255.255

ether 8:0:20:a8:38:c6

3. Change the IP address of the Ethernet interface to 10.10.10.50 with subnet mask 255.255.255.0 by using the ifconfig command. For example:

# ifconfig eth0 10.10.10.50 netmask 255.255.255.0

4. Run the ifconfig command -a option again to make sure the interface address change is effective.

Page 34

Installing Management Components NetVanta 2000 Series Hardware Installation Guide

Page 35

APPENDIX A. CONNECTOR PIN DEFINITIONS

Table A-1. 10/100BaseT Pinouts

Pin Name Description

1 TX1 Transmit Positive

2 TX2 Transmit Negative

3 RX1 Receive Positive

4, 5 — Unused

6 RX2 Receive Negative

7, 8 — Unused

Table A-2. CONSOLE (DCE) Port Pinouts

Pin Name Description

1 DCD Data Carrier Detect (output)

2 RD Receive Data (output)

3 TD Transmit Data (input)

4 DTR Data Transmit Ready (input)

5 SG Signal Ground

6 DSR Data Set Ready (output)

7 RTS Request to Send (input)

8 CTS Clear to Send (output)

9 RI Ring Indicate (output)

Page 36

Appendix A. Connector Pin Definitions NetVanta 2000 Series Hardware Installation Guide

Page 37

Index

AC adapter 18, 24, 30 address translation administration

CONSOLE interface 17, 24 contents of shipment customer service

DHCP 18 dimensions

features 17 firewall features front panel

installation of unit 25 introduction to NetVanta 2000 Series IP address configuration IPSec tunnel

LEDs 22

management components

installing

mounting options

rack

wall

NetVanta 2000 Series Routers

dimensions features installation introduction to LEDs

power requirements

NetVanta 2050

front panel

power rear panel shipping contents wall mounting

NetVanta 2054

front panel power rear panel shipping contents wall mounting

NetVanta 2100

front panel power rear panel shipping contents wall mounting

NetVanta 2300

front panel power rack mounting rear panel shipping contents wall mounting

NetVanta 2400

front panel power rack mounting shipping contents wall mounting

physical interfaces 17

power power connection power requirements power-up PPPoE PRIVATE 2 interface PRIVATE interface PRIVATE/PRIVATE 1 interface product registration PUBLIC interface

17, 24

rack mounting units 28

Page 38

Index NetVanta 2000 Series Hardware Installation Guide

rear panel 23 routing

serial interface 17, 24 Shipping Contents

tools required for installation 25

unpacking and inspecting the system 18

wall mounting units 26, 27, 28 Web interface

ADTRAN 1202362L1, 1202363L2, 1202362L2, 1202363L1, 1202366L2 Hardware Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual