NETVANTA 2000 SERIES
System Manual
1200362L1 NetVanta 2050 System
1200361L1 NetVanta 2100 System
1200366L1 NetVanta 2300 System
1200367L1 NetVanta 2400 System
61200361L1-1E May 2002
Trademarks
Any brand names and product names included in this manual are trademarks, registered trademarks, or trade names of their respective holders.
To the Holder of the Manual
The contents of this manual are current as of the date of publication. ADTRAN reserves the right to change the contents without prior notice.
In no event will ADTRAN be liable for any special, incidental, or consequential damages or for commercial losses even if ADTRAN has been advised thereof as a result of issue of this publication.
901 Explorer Boulevard
P.O. Box 140000
Huntsville, AL 35814-4000
Phone: (256) 963-8000
©2001 ADTRAN, Inc.
All Rights Reserved.
Printed in U.S.A.
NetVanta 2000 Series System Manual |
© 2001 ADTRAN, Inc. |
About this Manual
This manual provides a complete description of the NetVanta 2000 series system and system software. The purpose of this manual is to provide the technician, system administrator, and manager with general and specific information related to the planning, installation, operation, and maintenance of the NetVanta 2000 series. This manual is arranged so that needed information can be quickly and easily found. The following is an overview of the contents.
Section 1 System Description
Provides managers with an overview of the NetVanta 2000 series system.
Section 2 Engineering Guidelines
Provides information to assist network designers with incorporating the NetVanta 2000 series system into their networks.
Section 3 Network Turnup Procedure
Provides step-by-step instructions on how to install the NetVanta 2000 series unit, determine the parameters for the system, install the network and option modules, and power up the system.
Section 4 User Interface Guide
A reference guide listing all menu options contained in the NetVanta 2000 series.
Section 5 Detail Level Procedures
Provides the Provides the Detail Level Procedures to perform various unit functions (upgrading firmware, telnet, etc). Level Procedures called out in Section 3.
Glossary and Acronyms
Gives definitions of terms and acronyms used in the manual.
Revision History
This is the 4th issue of this manual. Revisions include:
•NetVanta 2050 and 2400 additions
© 2001 ADTRAN, Inc. |
NetVanta 2000 Series System Manual |
Notes provide additional useful information.
Cautions signify information that could prevent service interruption.
Warnings provide information that could prevent damage to the equipment or endangerment to human life.
Safety Instructions
When using your telephone equipment, please follow these basic safety precautions to reduce the risk of fire, electrical shock, or personal injury:
1.Do not use this product near water, such as a bathtub, wash bowl, kitchen sink, laundry tub, in a wet basement, or near a swimming pool.
2.Avoid using a telephone (other than a cordless-type) during an electrical storm. There is a remote risk of shock from lightning.
3.Do not use the telephone to report a gas leak in the vicinity of the leak.
4.Use only the power cord, power supply, and/or batteries indicated in the manual. Do not dispose of batteries in a fire. They may explode. Check with local codes for special disposal instructions.
Save These Important Safety Instructions
NetVanta 2000 Series System Manual |
© 2001 ADTRAN, Inc. |
Federal Communications Commission Radio Frequency Interference Statement
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio frequencies. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
Shielded cables must be used with this unit to ensure compliance with Class A FCC limits.
Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.
Canadian Emissions Requirements
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of Communications.
Cet appareil numérique respecte les limites de bruits radioelectriques applicables aux appareils numériques de Class A prescrites dans la norme sur le materiel brouilleur: “Appareils Numériques,” NMB-003 edictee par le ministre des Communications.
© 2001 ADTRAN, Inc. |
NetVanta 2000 Series System Manual |
Canadian Equipment Limitations
Notice: The Canadian Industry and Science Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational, and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In some cases, the company’s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly (telephone extension cord). The customer should be aware that compliance with the above limitations may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.
Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.
Users should not attempt to make such connections themselves, but should contract the appropriate electric inspection authority, or an electrician, as appropriate.
The Load Number (LN) assigned to each terminal device denotes the percentage of the total load to be connected to a telephone loop which is used by the device, to prevent overloading. The termination on a loop may consist of any combination of devices subject only to the requirement that the total of the Load Numbers of all devices does not exceed 100.
NetVanta 2000 Series System Manual |
© 2001 ADTRAN, Inc. |
Warranty and Customer Service
ADTRAN will repair and return this product within five years from the date of shipment if it does not meet its published specifications or fails while in service. For detailed warranty, repair, and return information refer to the ADTRAN Equipment Warranty and Repair and Return Policy Procedure.
Return Material Authorization (RMA) is required prior to returning equipment to ADTRAN.
For service, RMA requests, or further information, contact one of the numbers listed at the end of this section.
LIMITED PRODUCT WARRANTY
ADTRAN warrants that for five years from the date of shipment to Customer, all products manufactured by ADTRAN will be free from defects in materials and workmanship. ADTRAN also warrants that products will conform to the applicable specifications and drawings for such products, as contained in the Product Manual or in ADTRAN's internal specifications and drawings for such products (which may or may not be reflected in the Product Manual). This warranty only applies if Customer gives ADTRAN written notice of defects during the warranty period. Upon such notice, ADTRAN will, at its option, either repair or replace the defective item. If ADTRAN is unable, in a reasonable time, to repair or replace any equipment to a condition as warranted, Customer is entitled to a full refund of the purchase price upon return of the equipment to ADTRAN. This warranty applies only to the original purchaser and is not transferable without ADTRAN's express written permission. This warranty becomes null and void if Customer modifies or alters the equipment in any way, other than as specifically authorized by ADTRAN.
EXCEPT FOR THE LIMITED WARRANTY DESCRIBED ABOVE, THE FOREGOING CONSTITUTES THE SOLE AND EXCLUSIVE REMEDY OF THE CUSTOMER AND THE EXCLUSIVE LIABILITY OF ADTRAN AND IS IN LIEU OF ANY AND ALL OTHER WARRANTIES (EXPRESSED OR IMPLIED). ADTRAN SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, INCLUDING (WITHOUT LIMITATION), ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THIS EXCLUSION MAY NOT APPLY TO CUSTOMER.
In no event will ADTRAN or its suppliers be liable to the Customer for any incidental, special, punitive, exemplary or consequential damages experienced by either the Customer or a third party (including, but not limited to, loss of data or information, loss of profits, or loss of use). ADTRAN is not liable for damages for any cause whatsoever (whether based in contract, tort, or otherwise) in excess of the amount paid for the item. Some states do not allow the limitation or exclusion of liability for incidental or consequential damages, so the above limitation or exclusion may not apply to the Customer.
© 2001 ADTRAN, Inc. |
NetVanta 2000 Series System Manual |
Customer Service, Product Support Information, and Training
ADTRAN will repair and return this product if within five years from the date of shipment the product does not meet its published specification or the product fails while in service.
A return material authorization (RMA) is required prior to returning equipment to ADTRAN. For service, RMA requests, training, or more information, use the contact information given below.
Repair and Return
If you determine that a repair is needed, please contact our Customer and Product Service (CAPS) department to have an RMA number issued. CAPS should also be contacted to obtain information regarding equipment currently in house or possible fees associated with repair.
CAPS Department |
(256) 963-8722 |
Identify the RMA number clearly on the package (below address), and return to the following address:
ADTRAN Customer and Product Service
901 Explorer Blvd. (East Tower)
Huntsville, Alabama 35806
RMA # _____________
Pre-Sales Inquiries and Applications Support
Your reseller should serve as the first point of contact for support. If additional pre-sales support is needed, the ADTRAN Support web site provides a variety of support services such as a searchable knowledge base, latest product documentation, application briefs, case studies, and a link to submit a question to an Applications Engineer. All of this, and more, is available at:
http://support.adtran.com
When needed, further pre-sales assistance is available by calling our Applications Engineering Department.
Applications Engineering (800) 615-1176
NetVanta 2000 Series System Manual |
© 2001 ADTRAN, Inc. |
Post-Sale Support
Your reseller should serve as the first point of contact for support. If additional support is needed, the ADTRAN Support web site provides a variety of support services such as a searchable knowledge base, updated firmware releases, latest product documentation, service request ticket generation and trouble-shooting tools. All of this, and more, is available at:
http://support.adtran.com
When needed, further post-sales assistance is available by calling our Technical Support Center. Please have your unit serial number available when you call.
Technical Support |
(888) 4ADTRAN |
Installation and Maintenance Support
The ADTRAN Custom Extended Services (ACES) program offers multiple types and levels of installation and maintenance services which allow you to choose the kind of assistance you need. This support is available at:
http://www.adtran.com/aces
For questions, call the ACES Help Desk.
ACES Help Desk |
(888) 874-ACES (2237) |
Training
The Enterprise Network (EN) Technical Training Department offers training on our most popular products. These courses include overviews on product features and functions while covering applications of ADTRAN's product lines. ADTRAN provides a variety of training options, including customized training and courses taught at our facilities or at your site. For more information about training, please contact your Territory Manager or the Enterprise Training Coordinator.
Training Phone |
(800) |
615-1176, ext. 7500 |
Training Fax |
(256) |
963-6700 |
Training Email |
training@adtran.com |
|
© 2001 ADTRAN, Inc. |
NetVanta 2000 Series System Manual |
NetVanta 2000 Series System Manual |
© 2001 ADTRAN, Inc. |
SYSTEM DESCRIPTION
CONTENTS
System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IPSec Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
PPPoE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
61200361L1-1E |
© 2002 ADTRAN, Inc. |
11 |
Section 1, System Description |
NetVanta 2000 Series System Manual |
|
|
1.SYSTEM OVERVIEW
The NetVanta 2000 series of VPN products include small to mid-range IPSec compliant gateways providing all the necessary components required to secure an integrated VPN solution. Used primarily for remote access and site-to-multisite connectivity, the NetVanta 2050 and NetVanta 2100 targets the corporate branch office, the small office/home office (SOHO), as well as business-to-business applications. As a branch office or mid-size host security gateway, the NetVanta 2300 provides the same features as the NetVanta 2100 with an added DMZ port for public server access. For networks supporting a large VPN network, the NetVanta 2400 is available to provide all necessary host site gateway functionality. The NetVanta 2000 series provides several key security and data management features such as IPSec VPN tunneling, stateful inspection firewall (providing cyber assault protection), authenticated remote user access, and Network Address Translation. Adhering to IPSec standards (established and maintained by the IETF) enables the NetVanta 2000 series to be interoperable with many other IPSec compliant gateways, allowing for a multi-vendor VPN solution.
On a public infrastructure like the Internet, security is of the utmost importance. The NetVanta 2000 series protect the corporate network against attacks with a built in firewall and provides data security through encryption, authentication and key exchange. The NetVanta 2000 series employ a stateful inspection firewall that protects an organization's network from common cyber attacks including TCP syn-flooding, IP spoofing, ICMP redirect, land attacks, ping-of-death, and IP reassembly problems.
For encryption, the NetVanta 2000 series encrypt the data being sent out onto the network, using either the Data Encryption Standard (DES) or 3DES encryption algorithms. Data integrity is ensured using MD5 or SHA1 as it is transported across the public infrastructure. In addition, Internet Key Exchange (IKE) can be used for user authentication supporting public and private keys or digital certificates, assuring that the proper VPN tunnel is established and that the tunnel has not been redirected or compromised.
NetVanta 2000 series are Internet Protocol Security (IPSec) compliant devices that supports both ESP and AH protocols and provides secure communication over potentially unsecure network components. Acting as a security gateway, the NetVanta 2050 and 2100 can provide up to 10 private encryption communication tunnels through the Internet with remote locations while the larger scale NetVanta 2300 offers support for up to 100 private encryption tunnels. For networks requiring more than 100 tunnels, the NetVanta 2400 provides 1000 private encryption tunnels. The NetVanta 2000 series can also hide IP addresses from the external world by performing Network Address Translation (NAT). The internal router allows multiple users to share a VPN connection and can also direct incoming IP traffic.
A remote NetVanta 2000 series can easily be configured and managed using a standard web browser. NetVanta 2000 series also have built-in alert and logging mechanisms for messaging and mail services. This enables the unit to warn administrators about activities that are going on in the network by logging them into a Syslog server or sending an email to the administrator.
Unlike a software implemented VPN solution, which depends on local CPU and memory performance to implement encryption, the NetVanta 2000 series are standalone, hardware platforms that off-load the CPU intensive encryption process. 3DES encryption significantly impacts CPU performance, possibly slowing all the local processes on the computer. Since the NetVanta 2000 series offers dedicated processing platforms to drive the encryption process, local computer performance is unaffected.
12 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 1, System Description |
|
|
2.FEATURES AND BENEFITS
The NetVanta 2000 series provide granular control over network access that includes maximum security, data authenticity and privacy, and significant ease of use. The major features of the NetVanta 2000 series are described below.
Physical Interfaces
•WAN: RJ-45 10/100 Auto-sensing ethernet interface
•LAN: RJ-45 10/100 Auto-sensing ethernet interface
•Serial Port: RS-232 for off-net configuration (NetVanta 2300 Only)
•DMZ: RJ-45 10/100 Auto-sensing ethernet interface
Firewall Features
•Stateful inspection firewall
•Application content filtering
•Cyber assault protection
•HTTP relay
Address Translation
•Basic NAT (1:1)
•NAPT (Many:1)
•Reverse NAT (translation of an inbound session’s destination IP address)
IPSec Tunnel
•Encapsulating Security Payload (ESP)
•Authentication Header (AH)
•Manual key management or automatic key management using Internet Key Exchange (IKE)
•X.509 certificate support
•MD5-HMAC 128-bit authentication algorithm
•SHA1-HMAC 160-bit authentication algorithm
•DES-CBC 56-bit encryption
•3DES-CBC 168-bit encryption
Administration
•Web-based management
•Syslog logging in WELF format
•E-mail alerts (SMTP)
•User and group access control policies based on time-of-day
•User accounting policy statistics
61200361L1-1E |
© 2002 ADTRAN, Inc. |
13 |
Section 1, System Description |
NetVanta 2000 Series System Manual |
|
|
DHCP
•Server (to manage IP addresses on local network)
•Client (to acquire the WAN-side IP address from service provider)
PPPoE
•Client (to acquire the WAN-side IP address from service provider)
Routing
•TCP/IP
•Static routes
•RIP (V1 and V2)
•RIP with Authentication
14 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
ENGINEERING GUIDELINES
CONTENTS
Equipment Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Reviewing the front Panel Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Reviewing the Rear Panel Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
LAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
WAN Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
DMZ Connection (NetVanta 2300 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
COM1 Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Power Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
At-A-Glance Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
FIGURES
Figure 1. NetVanta 2000 series Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Figure 2. NetVanta 2300 Front Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Figure 3. NetVanta 2000 series Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Figure 4. NetVanta 2300 Rear Panel Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
TABLES
Table 1. NetVanta 2000 series Front Panel Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Table 2. NetVanta 2000 series LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Table 3. LAN Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Table 5. DMZ Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Table 4. WAN Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Table 6. DB-9 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Table 7. Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
61200361L1-1E |
© 2002 ADTRAN, Inc. |
15 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|
|
1.EQUIPMENT DIMENSIONS
NetVanta 2050 and 2100
The NetVanta 2050 and 2100 units are 9.0” W, 6.375” D, and 1.625” H and come equipped for table top and wallmount use. An optional rackmount shelf is available from ADTRAN.
NetVanta 2300 and 2400
The NetVanta 2300 units are17.25" W, 7.75" D, and 1.26" H and come equipped for rackmount use.
2.POWER REQUIREMENTS
NetVanta 2050 and 2100
The NetVanta 2000 series has a maximum power consumption of 9W and a maximum current draw of 800mA.
NetVanta 2300 and 2400
The NetVanta 2300 has a maximum power consumption of 11W and a maximum current draw of 0.2A.
3.REVIEWING THE FRONT PANEL DESIGN
NetVanta 2050
The NetVanta 2100 front panel monitors operation by providing status LEDs for both the LAN and WAN interfaces, as well as VPN tunnels and traffic. The front panel is shown in Figure 1.
NetVanta 2050
|
VPN |
|
WAN |
|
LAN |
|
PWR |
STAT TD |
RD |
TD |
RD |
TD |
RD |
|
Figure 1. NetVanta 2050 Front Panel Layout
16 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 2, Engineering Guidelines |
|
|
NetVanta 2100
The NetVanta 2100 front panel monitors operation by providing status LEDs for both the LAN and WAN interfaces, as well as VPN tunnels and traffic. The front panel is shown in Figure 2.
NetVanta 2100
|
VPN |
|
WAN |
|
LAN |
|
PWR |
STAT TD |
RD |
TD |
RD |
TD |
RD |
|
Figure 2. NetVanta 2100 Front Panel Layout
NetVanta 2300
The NetVanta 2300 front panel monitors operation by providing status LEDs for the LAN, WAN, and DMZ interfaces, as well as VPN tunnels and traffic. The front panel is shown in Figure 3.
|
VPN |
WAN |
LAN |
DMZ |
|
|
TD |
TD |
TD |
TD |
|
STATUS |
RD |
RD |
RD |
RD |
|
POWER |
ACT |
LNK |
LNK |
LNK |
NetVanta23002300 |
|
|
|
|
|
Figure 3. NetVanta 2300 Front Panel Layout
NetVanta 2400
The NetVanta 2300 front panel monitors operation by providing status LEDs for the LAN, WAN, and DMZ interfaces, as well as VPN tunnels and traffic. Additionally, a LCD display provides quick-glance access to the LAN IP parameters (IP address and subnet mask). The front panel is shown in Figure 4.
|
ENTER |
VPN |
WAN |
LAN |
DMZ |
|
STATUS |
CANCEL |
TD |
TD |
TD |
TD |
|
POWER |
RD |
RD |
RD |
RD |
||
|
||||||
|
|
ACT |
LNK |
LNK |
NetVanta 2400 |
|
|
|
LNK |
Figure 4. NetVanta 2400 Front Panel Layout
61200361L1-1E |
© 2002 ADTRAN, Inc. |
17 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|
|
Front Panel LEDs
With the NetVanta 2000 series powered-up, the front panel LEDs provide visual information about the status of the system. Table 1 provides a brief description of the front panel features, and Table 2 provides detailed information about the LEDs.
Table 1. NetVanta 2000 series Front Panel Description |
|
|
|
Feature |
Description |
|
|
|
|
PWR |
Indicates whether the unit has power. |
|
|
VPN (2050/2100 only) |
Indicates status of VPN negotiations. |
|
|
VPN TD |
Indicates VPN traffic transmitted by the NetVanta. |
|
|
VPN RD |
Indicates VPN traffic received by the NetVanta. |
|
|
VPN ACT (2300/2400 only) |
Indicates status of VPN Negotiations. |
|
|
LAN TD |
Indicates LAN traffic transmitted by the NetVanta. |
|
|
LAN RD |
Indicates LAN traffic received by the NetVanta. |
|
|
LAN LNK (2300/2400 Only) |
Indicates active physical link on the LAN port. |
|
|
WAN TD |
Indicates WAN traffic transmitted by the NetVanta. |
|
|
WAN RD |
Indicates WAN traffic received by the NetVanta. |
|
|
WAN LNK (2300/2400 Only) |
Indicates active physical link on the WAN port. |
|
|
Table 2. NetVanta 2000 series LEDs
For these LEDs... |
This color light... |
Indicates that... |
||
|
|
|
||
|
|
|
||
PWR |
Red (solid) |
The unit has power and is in the boot process. |
||
|
|
|
||
|
Green (solid) |
Unit has power and has successfully completed the |
||
|
|
boot process. |
||
|
|
|
||
VPN |
Amber (slow blink) |
Initial Phase 1 IKE negotiation in progress. |
||
(2050/2100 only) |
|
|
|
|
Green (slow blink) |
Initial Phase 1 IKE negotiation completed successfully. |
|||
|
||||
VPN ACT |
|
|
|
|
Red (slow blink) |
Phase 1 |
IKE negotiation failed. |
||
(2300/2400 Only) |
|
|
|
|
Amber (fast blink) |
Phase 2 |
IKE negotiation in progress. |
||
|
||||
|
|
|
|
|
|
Green (solid) |
Phase 2 |
IKE negotiation completed successfully. |
|
|
|
|
|
|
|
Red (fast blink) |
Phase 2 |
IKE negotiation failed. |
|
|
|
|
||
|
Amber and Green |
There is an active tunnel and an additional IKE Phase |
||
|
(alternating slow blink) |
1 negotiation in progress. |
||
|
|
|
|
|
18 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 2, Engineering Guidelines |
|
|
Table 2. NetVanta 2000 series LEDs (Continued)
For these LEDs... |
This color light... |
Indicates that... |
|
|
|
|
|
|
VPN TD |
Green (blink) |
Flashes with VPN data transmitted by the NetVanta |
|
|
2000 series. |
|
|
|
VPN RD |
Green (blink) |
Flashes with VPN data received by the NetVanta 2000 |
|
|
series. |
|
|
|
LAN TD |
Green (blink) |
Flashes with data transmitted on the LAN interface. |
|
|
|
LAN RD |
Green (blink) |
Flashes with data received on the LAN interface. |
|
|
|
LAN LNK |
Green (solid) |
Unit has active physical connection on the LAN |
(2300/2400 Only) |
|
interface. |
|
|
|
WAN TD |
Green (blink) |
Flashes with data transmitted on the WAN interface. |
|
|
|
WAN RD |
Green (blink) |
Flashes with data received on the WAN interface. |
|
|
|
WAN LNK |
Green (solid) |
Unit has active physical connection on the WAN |
(2300/2400 Only) |
|
interface. |
|
|
|
4.REVIEWING THE REAR PANEL DESIGN
NetVanta 2050 and 2100
The NetVanta 2050 and 2100 rear panel contains 2 Ethernet ports, a DB-9 serial connection, and a power connection (see Figure 5).
WAN |
LAN |
|
COM 1 |
POWER
Figure 5. NetVanta 2050 Rear Panel Layout
61200361L1-1E |
© 2002 ADTRAN, Inc. |
19 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|
|
NetVanta 2300
The NetVanta 2300 rear panel contains 3 Ethernet ports, a DB-9 serial connection, and a power connection (see Figure 6).
100-250VAC
WAN |
LAN |
DMZ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 6. NetVanta 2300 Rear Panel Layout
NetVanta 2400
The NetVanta 2300 rear panel contains 3 Ethernet ports, a DB-9 serial connection, a power connection and ventilation openings (see Figure 7).
WAN LAN DMZ
SERIAL
Figure 7. NetVanta 2400 Rear Panel Layout
LAN Interface
The NetVanta 2000 series provides a standard 10/100BaseT Ethernet interface for connection to the local corporate network. Connect the LAN interface to a hub located on your local corporate network. A DHCP Server is enabled on the LAN interface by default. References to the LAN interface include LAN, CORP, and Eth0
The LAN connection follows, and Table 3 shows the pinout.
Connector Type |
RJ-48C |
|
||
|
|
|
|
Table 3. LAN Pinout |
|
|
|
|
|
|
Pin |
|
Name |
Description |
|
|
|
|
|
|
1 |
|
TX1 |
Transmit Positive |
|
|
|
|
|
|
2 |
|
TX2 |
Transmit Negative |
|
|
|
|
|
|
3 |
|
RX1 |
Receive Positive |
|
|
|
|
|
|
4, 5 |
|
UNUSED |
— |
|
|
|
|
|
|
6 |
|
RX2 |
Receive Negative |
|
|
|
|
|
|
7, 8 |
|
UNUSED |
— |
|
|
|
|
|
20 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 2, Engineering Guidelines |
|
|
WAN Connection
The NetVanta 2000 series provides a standard 10/100BaseT Ethernet interface for connection to the wide area network. Connect the WAN interface to a hub connected to the router interfacing with the non-secure Internet or the modem (cable or DSL) used for Internet access. A DHCP Client is enabled on the WAN interface by default. References to the WAN interface include Internet, WAN, and Eth1.
Connector Type (USOC) |
RJ-48C |
||
|
|
|
Table 4. WAN Pinout |
|
|
|
|
|
Pin |
Name |
Description |
|
|
|
|
|
1 |
TX1 |
Transmit Positive |
|
|
|
|
|
2 |
TX2 |
Transmit Negative |
|
|
|
|
|
3 |
RX1 |
Receive Positive |
|
|
|
|
|
4, 5 |
UNUSED |
— |
|
|
|
|
|
6 |
RX2 |
Receive Negative |
|
|
|
|
|
7, 8 |
UNUSED |
— |
|
|
|
|
DMZ Connection (NetVanta 2300 and 2400 Only)
The NetVanta 2300 and 2400 provide a standard 10/100BaseT Ethernet interface for providing public server access. Table 5 shows the pinout for the DMZ port.
Connector Type (USOC) |
RJ-48C |
||
|
|
|
Table 5. DMZ Pinout |
|
|
|
|
|
Pin |
Name |
Description |
|
|
|
|
|
1 |
TX1 |
Transmit Positive |
|
|
|
|
|
2 |
TX2 |
Transmit Negative |
|
|
|
|
|
3 |
RX1 |
Receive Positive |
|
|
|
|
|
4, 5 |
UNUSED |
— |
|
|
|
|
|
6 |
RX2 |
Receive Negative |
|
|
|
|
|
7, 8 |
UNUSED |
— |
|
|
|
|
61200361L1-1E |
© 2002 ADTRAN, Inc. |
21 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|
|
COM1 Interface
The NetVanta 2000 series provides a DB-9 serial communication port for future command line. Table 6 shows the pinout for the DB-9 connector.
Connector Type |
DB-9 |
|
|
|
Table 6. DB-9 Connector Pinout |
||
|
|
|
|
|
Pin |
Name |
Description |
|
|
|
|
|
|
|
|
|
1 |
DCD |
Data Carrier Detect |
|
|
|
|
|
2 |
RD |
Receive Data |
|
|
|
|
|
3 |
TD |
Transmit Data |
|
|
|
|
|
4 |
DTR |
Data Transmit Ready |
|
|
|
|
|
5 |
SG |
Signal Ground |
|
|
|
|
|
6 |
DSR |
Data Set Ready |
|
|
|
|
|
7 |
RTS |
Request to Send |
|
|
|
|
|
8 |
CTS |
Clear to Send |
|
|
|
|
|
9 |
RI |
Ring Indicator |
|
|
|
|
Power Connection
NetVanta 2050 and 2100
The NetVanta 2000 series includes a 12 VDC power supply. Connect the power supply to a standard 120VAC, 60-Hz electrical outlet for proper operation.
NetVanta 2300 and 2400
The NetVanta 2300 and 2400 include an auto sensing 100-250 VAC, 50/60 Hz power supply with a three prong removable cable. Connect the power supply to a standard 120 VAC, 60 Hz or 220 VAC, 50 Hz electrical outlet for proper operation.
22 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 2, Engineering Guidelines |
|
|
5.AT-A-GLANCE SPECIFICATIONS
Table 7 lists the specifications for the NetVanta 2000 series system.
Table 7. Specifications
Application |
Feature |
Specification |
|
|
|
|
|
|
Firewall |
|
|
|
|
|
|
Stateful Inspection Firewall |
Provides support against the following |
|
|
attacks: IP Spoofing, Land Attack, Ping of |
|
|
Death, and Reassembly Attack |
|
|
Provides checks for the following attacks: |
|
|
ICMP Redirect, Syn Flooding, Winnuke, and |
|
|
Source Routing |
|
|
|
IPSEC Tunnel |
|
|
|
|
|
|
Encryption |
Encapsulating Security Payload (ESP) |
|
|
DES-CBC 56-bit encryption |
|
|
3DES-CBC 168-bit encryption |
|
|
|
|
Authentication |
Authentication Header (AH) |
|
|
MD5-HMAC 128-bit authentication algorithm |
|
|
SHA1-HMAC 160-bit authentication algorithm |
|
|
|
|
Certificate Support |
X.509 certificate support |
|
|
|
|
IKE |
Manual key management for automatic key |
|
|
management |
|
|
|
61200361L1-1E |
© 2002 ADTRAN, Inc. |
23 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|||
|
|
|
|
|
|
|
Table 7. Specifications |
(Continued) |
|
|
|
|
|
|
|
Application |
Feature |
Specification |
|
|
|
|
|
|
|
|
|
|
|
|
DHCP |
|
|
|
|
|
|
|
|
|
|
Server |
Supports three IP address ranges on local |
|
|
|
|
network |
|
|
|
|
User defined lease duration |
|
|
|
|
Real time status of active leases |
|
|
|
|
|
|
|
|
Client |
Ability to acquire the WAN-side IP address |
|
|
|
|
from Service Provider DHCP Server |
|
|
|
|
|
|
|
Routing |
|
|
|
|
|
|
|
|
|
|
RIP |
Supports RIP v1, RIP v2 and a combination of |
|
|
|
|
both |
|
|
|
|
Separate RIP Configuration for the LAN and |
|
|
|
|
WAN side |
|
|
|
|
Supports RIP using Authentication Keys |
|
|
|
|
|
|
|
Address Translation |
|
|
|
|
|
|
|
|
|
|
NAT |
Supports one-to-one NAT (Static NAT) |
|
|
|
|
|
|
|
|
NAPT |
Supports many-to-one (Dynamic NAT) |
|
|
|
|
|
|
|
|
Reverse NAT |
Translates an inbound session destination IP |
|
|
|
|
address |
|
|
|
|
|
|
24 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 2, Engineering Guidelines |
|||
|
|
|
|
|
|
|
Table 7. Specifications |
(Continued) |
|
|
|
|
|
|
|
Application |
Feature |
Specification |
|
|
|
|
|
|
|
|
|
|
|
|
Administration |
|
|
|
|
|
|
|
|
|
|
Web Management |
Provides a GUI (graphical user interface) for |
|
|
|
|
configuring the NetVanta 2000 series |
|
|
|
|
|
|
|
|
SYSLOG |
Provides levels for logging events to an active |
|
|
|
|
SYSLOG server on the network |
|
|
|
|
|
|
|
|
E-Mail Alerts |
Capability to e-mail an alert message when |
|
|
|
|
programmed thresholds are reached |
|
|
|
|
|
|
|
|
Statistics |
User monitoring, policy, and access statistics |
|
|
|
|
available |
|
|
|
|
|
|
61200361L1-1E |
© 2002 ADTRAN, Inc. |
25 |
Section 2, Engineering Guidelines |
NetVanta 2000 Series System Manual |
|
|
26 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NETWORK TURNUP PROCEDURE
CONTENTS
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Tools Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Unpack and Inspect the SYSTEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Contents of ADTRAN Shipments - NetVanta 2100. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Contents of ADTRAN Shipments - NetVanta 2300 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Supplying Power to the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
NetVanta 2100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 NetVanta 2300 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installing NetVanta 2000 series Management Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Browsing Hosts Running Microsoft Windows NT, Windows 2000, or Windows 98/95 . . . . . . . . 28 Browsing Hosts Running POSIX-Compliant UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
61200361L1-1E |
© 2002 ADTRAN, Inc. |
27 |
Section 3, Network Turnup Procedure |
NetVanta 2000 Series System Manual |
|
|
1.INTRODUCTION
This section discusses the installation process of the NetVanta 2000 series systems.
2.TOOLS REQUIRED
The tools required for installation of the NetVanta 2000 series systems are:
•CATV-UTP Ethernet cable to connect the unit to the existing network
•An Internet browser for configuring the unit
To prevent electrical shock, do not install equipment in a wet location or during a lightning storm.
3.UNPACK AND INSPECT THE SYSTEM
Each NetVanta 2000 series unit is shipped in its own cardboard shipping carton. Open each carton carefully and avoid deep penetration into the carton with sharp objects.
After unpacking the unit, inspect it for possible shipping damage. If the equipment has been damaged in transit, immediately file a claim with the carrier, then contact ADTRAN Customer Service (see Customer Service, Product Support Information, and Training in the front of this manual).
Contents of ADTRAN Shipments - NetVanta 2050 and 2100
Your ADTRAN shipment includes the following items:
•The NetVanta 2050 or 2100 Unit
•The NetVanta 2000 series User Manual CD (ADTRAN P/N 3253041)
•AC Power supply - (ADTRAN P/N 336012 VUR01)
•Crossover Ethernet cable for connecting the NetVanta 2100 directly to a PC (ADTRAN P/N 8125M012)
Contents of ADTRAN Shipments - NetVanta 2300 and 2400
Your ADTRAN shipment includes the following items:
•The NetVanta 2300 or 2400 Unit
•The NetVanta 2000 series User Manual CD (ADTRAN P/N 3253041)
•AC Power cable (ADTRAN P/N 3127009)
•(2) Brackets for installing the unit in a rackmount configuration (ADTRAN P/N 3265479)
28 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
NetVanta 2000 Series System Manual |
Section 3, Network Turnup Procedure |
|
|
4.SUPPLYING POWER TO THE UNIT
NetVanta 2050 and 2100
The AC powered NetVanta 2050 and 2100 come equipped with a detachable 12 VDC at 800 mA wallmount power supply for connecting to a grounded power receptacle. As shipped, the NetVanta 2050 and 2100 are set to factory default conditions. After installing the unit, the NetVanta 2050 and 2100 are ready for power-up. To power-up the unit, connect the unit to an appropriate power source.
•This unit shall be installed in accordance with Article 400 and 364.8 of the NEC NFPA 70 when installed outside of a Restricted Access Location (i.e., central office, behind a locked door, service personnel only area).
•Power to the NetVanta 2050/2100 AC system must be from a grounded 90-130 VAC, 50/60 Hz source.
•The power receptacle uses double-pole, neutral fusing.
•Maximum recommended ambient operating temperature is 45 oC.
NetVanta 2300 and 2400
The AC powered NetVanta 2300 adn 2400 come equipped with an auto-sensing 100-240 VAC, 50-60 Hz power supply for connecting to a grounded power receptacle. A grounded three plug detachable cable is included with the shipment. As shipped, the NetVanta 2300 and 2400 are set to factory default conditions. After installing the unit, the NetVanta 2300 and 2400 are ready for power-up. To power-up the unit, connect the unit to an appropriate power source.
•This unit shall be installed in accordance with Article 400 and 364.8 of the NEC NFPA 70 when installed outside of a Restricted Access Location (i.e., central office, behind a locked door, service personnel only area).
•Power to the NetVanta 2300/2400 AC system must be from a grounded 100-240 VAC, 50/60 Hz source.
•The power receptacle uses double-pole, neutral fusing.
•Maximum recommended ambient operating temperature is 45 oC.
5.INSTALLING NETVANTA 2000 SERIES MANAGEMENT COMPONENTS
Configuring the NetVanta 2000 series unit through the web interface requires a host computer with an Ethernet interface and a web browser. ADTRAN recommends using Internet Explorer 5.0 or greater for optimal viewing of configuration web pages.
The NetVanta 2000 series of products contains a default IP address of 10.10.10.1 and a netmask of 255.255.255.0. Select an IP address in the same range as the NetVanta unit and assign it to the host computer running the web browser. An example IP address is 10.10.10.10 with a subnet mask of 255.255.255.0. This section contains detailed procedures for assigning the selected IP address to a host computer for each of the popular operating systems.
61200361L1-1E |
© 2002 ADTRAN, Inc. |
29 |
Section 3, Network Turnup Procedure |
NetVanta 2000 Series System Manual |
|
|
If you have a PC with DHCP client capabilities enabled, connect the NetVanta 2000 series unit directly to your computer using the supplied ethernet crossover cable and follow the procedure in DLP-1, Connecting to the Netvanta 2000 Series to connect for the first time.
The NetVanta 2000 series products have a DHCP Server capabilities enabled by default. Connecting the unit to a network with a functioning DHCP server can cause IP address assignment conflicts.
For any operating system not discussed in this section, refer to the system’s user documentation for instructions on assigning IP addresses.
Browsing Hosts Running Microsoft Windows NT, Windows 2000, or Windows 98/95
1.Follow the menu path START>SETTINGS>CONTROL PANEL.
2.After the CONTROL PANEL appears, double-click the NETWORK icon to display the existing network configuration.
3.Select TCP/IP from the list of installed network components. If there are multiple sessions, select the one for the Ethernet card in the host computer.
4.Click PROPERTIES, which shows the existing properties of the TCP/IP protocol running on the host computer in a multi-paned window.
5.Select the IP ADDRESS pane by clicking on it.
6.Check the SPECIFY AN IP ADDRESS radio button.
7.Enter the IP ADDRESS as: 10.10.10.50 and SUBNET MASK as: 255.255.255.0.
8.Click OK to close the properties window.
9.Click OK on the network configuration window, which will ask you to reboot the browser computer.
10.Click YES to reboot your computer.
Browsing Hosts Running POSIX-Compliant UNIX
1.Log in as root, or change to superuser.
2.Run the ifconfig command -a option to list the configured network interfaces in the system. This will show the Ethernet interface name as well. For example:
#ifconfig -a
lo0: flags=863<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 192.103.55.186 netmask ffffff00 broadcast 192.103.255.255
30 |
© 2002 ADTRAN, Inc. |
61200361L1-1E |
Loading...