Alcatel-Lucent 1200 User Manual

Alcatel-Lucent

VPN Firewall Brick

®

Model 1200 Security Appliance

User’sGuide

032360-00 REV A

Issue1

June2008

Alcatel-Lucent - Proprietary

This document contains proprietary information of Alcatel-Lucent and

is not to be disclosed or used except in accordance with applicable agreements.

Copyright © 2008 Alcatel-Lucent

Unpublished and Not for Publication

All Rights Reserved

See notice on first age

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks
are the property of their respective owners.

The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for
inaccuracies contained herein.

Copyright © 2008 Alcatel-Lucent. All Rights Reserved.

Notice

Every effort was made to ensure that this information product was complete and accurate at the time of printing.
However, information is subject to change.

Conformance statements

Federal Communications Commission (FCC) Notification and Repair Information This equipment has been tested and
found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If the equipment is
not installed and used in accordance with the guidelines in this document, the equipment may cause harmful
interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful
interference, in which case the user will be required to correct the interference at the expense of the user.

Alteration or modifications carried out without appropriate authorization may invalidate the user’s right to operate
the equipment.

Security statement

In rare instances, unauthorized individuals make connections to the telecommunications network through the use of
remote access features. In such an event, applicable tariffs require the customer to pay all network charges for
traffic. Lucent Technologies cannot be responsible for such charges and will not make any allowance or give any
credit for charges that result from unauthorized access.

Trademarks

VPN Firewall Brick is a registered trademark of Alcatel-Lucent.

Limited warranty

For terms and conditions of sale, contact your Alcatel-Lucent Account Team.

Ordering Information

The ordering number for this information product is 260-100-041
Thepartnumberforthisinformationproductis032360-00REVA

Technical Support

Alcatel-Lucent Customer Technical Support provides a technical assistance telephone number that is monitored 24
hours. For technical support (continental U.S.) call 1-866-582-3688 and select appropriate prompt. For international
support, please call +1 630-224-4672.

See notice on first age

Contents

Overview ................................................................................................................................................................... 11

Structure of hazard statements

......................................................................................................................... 22

Introduction

.............................................................................................................................................................. 44

To Install a Model 1200 Brick Device

......................................................................................................... 99

To Change the SFP Module for a Model 1200 Brick Device Gigabit Only Port

................... 1212

Illustrations

............................................................................................................................................................. 1515

Specifications

........................................................................................................................................................ 1818

Safety Instructions

............................................................................................................................................... 2121

Laser Safety Guidelines

.................................................................................................................................... 2424

Maintenance

........................................................................................................................................................... 2828

Air Filter

................................................................................................................................................................. 2929

To Perform a Hot Swap of a Power Module

.......................................................................................... 3030

To Replace the Chassis Fan Filter

............................................................................................................... 3232

To Perform a Hot Swap of a Fan Unit

...................................................................................................... 3434

Index

39

...................................................................

iii

List of figures

Rack Mounting Brackets 10
SFP Module (Top, Bottom, Side, and Front Views) 13
Front View of 1200 Brick and 1200 HS Brick Devices 15
Rear View of 1200 Brick Device (AC version) 15
Rear View of 1200 HS Brick Device (AC version) 15
Rear View of 1200 HS Brick Device (DC version) 16
Rear Port View of 1200 Brick Device (AC version) 16
Rear Port View of 1200 HS Brick Device (AC and DC versions) 17
Hot Swap Power Module 31
Fan Filter Replacement 33
Brick Fan Units (Front View) 34
Brick Fan Units (Rear View) 35
Using Fan Filter Cover Hooks to Remove Fan Unit 37
Inserting the Replacement Fan Unit 38

...................................................................

v

Overview

.........................................................................................................................................................................................

Purpose

This document provides a detailed description of the Alcatel-Lucent VPN Firewall Brick

®

Model 1200 Security Appliance, including:

• General information about the Brick device hardware and features

• Instructions on how to install the Brick device

• Illustrations of the Brick device hardware components and interfaces

• Detailed specifications

• Safety instructions

• Maintenance procedures

Contents

Structure of hazard statements 2
Introduction 4
To Install a Model 1200 Brick Device 9
To Change the SFP Module for a Model 1200 Brick Device

Gigabit Only Port

12

Illustrations 15
Specifications 18
Safety Instructions 21
Laser Safety Guidelines 24
Maintenance 28
Air Filter 29
To Perform a Hot Swap of a Power Module 30
To Replace the Chassis Fan Filter 32
To Perform a Hot Swap of a Fan Unit 34

...................................................................

1

Structure of hazard statements

.........................................................................................................................................................................................

Overview

Hazard statements describe the safety risks relevant while performing tasks on
Alcatel-Lucent products during deployment and/or use. Failure to avoid the hazards may
have serious consequences.

General structure

Hazard statements include the following structural elements:

Item Structure element Purpose

1 Personal-injury symbol Indicates the potential for personal injury

(optional)
2 Hazard-type symbol Indicates hazard type (optional)
3 Signal word Indicates the severity of the hazard
4 Hazard type Describes the source of the risk of damage or

injury
5 Damage statement Consequences if protective measures fail
6 Avoidance message Protective measures to take to avoid the hazard
7 Identifier The reference ID of the hazard statement

(optional)

...................................................................

2

Signal words

The signal words identify the hazard severity levels as follows:

Signal word Meaning

DANGER Indicates an imminently hazardous situation (high risk) which, if not

avoided, will result in death or serious injury.

WARNING Indicates a potentially hazardous situation (medium risk) which, if

not avoided, could result in death or serious injury.

CAUTION When used with the personal injury symbol:

Indicates a potentially hazardous situation (low risk) which, if not
avoided, may result in personal injury.

When used without the personal injury symbol:

Indicates a potentially hazardous situation (low risk) which, if not
avoided, may result in property damage, such as service interruption
or damage to equipment or other materials.

Structure of hazard statements

...................................................................

3

Introduction

.........................................................................................................................................................................................

General

A Model 1200 Brick device measures approximately 17″ (W)x19″ (D) x 3.5″(H) and is
intended to be installed on a standard 19-inch rack. It comes with two optional
rack-mounting brackets that can be attached to the sides to secure it to the rack.

There are two basic Brick 1200 models:

• The 1200 Brick (AC version only)

• The 1200 HS Brick (AC and DC versions)

Ports

The following table summarizes the number and type of ports that are supported on each
Brick 1200 model:

Port Type 1200 Brick Device 1200 HS Brick Device

10/100/1000BaseTX 8 14
Gigabit only interfaces

1

26

Notes:

1. The Gigabit only ports operate solely at the 1 Gigabit rate and are not 10/100/1000baseTX
auto-switchable. These ports are activated when the user inserts a Small Form-factor Pluggable
(SFP) module, which is ordered separately.

Power supply

The Model 1200 Brick device utilizes hot swappable mini-redundant power supplies for
both AC and DC versions.

Gigabit only interfaces

The Gigabit only ports on the Model 1200 Brick are configurable for copper/fiber
connections via Small Form-factor Pluggable (SFP) modules, which are sometimes referred
to as “mini-GBICs”.

The SFP module design is based on the GBIC interface, which is a standard for
transceivers that commonly use Gigabit copper Ethernet and fiber channels. The SFP is a
standard, hot swappable electrical interface that supports the full range of physical media,
from copper to optical fiber (multi mode or single mode) through the use of the appropriate
SFP module. These SFP modules can be easily interchanged, which allow networks to have
ports added or changed as the administrator wishes.

...................................................................

4

Hardware encryption

A hardware-based Encryption Accelerator (AES) Card is standard on the DC version and
AC version of the Model 1200 Brick.

Front view

The front of the Model 1200 Brick device has a chassis fan filter replacement panel on the
left side, with light-emitting diode (LED) activity lights, Power, Audible Cut-Off (ACO),
and Unit ID LEDs/buttons, and two USB ports on the right side.

The following table describes the function, label, color and operation of each LED activity
light/button on the front panel.

Function LED/Button Label Color Operation

Power LED/button
(front)

1

Pwr GRN Steady ON=unit is

powered

Power Module Status PS1 GRN Steady ON=module 1 is

operating

PS2 GRN Steady ON=module 2 is

operating
Hard Disk Activity FD Act GRN Flashing=HDD activity
Encrypt Active EA Act GRN Steady ON=encryption

card active.

Flashing=data passing

through encryption card
Failover active FO Act GRN Steady ON=unit is in

failover mode and active

Flashing=unit in standby
Fan Bank Failure Fan1 GRN Steady ON=fan in

bank1 has failed

Fan2 GRN Steady ON=fan in

bank2 has failed
Fault

2

Fault YEL Steady ON=unit is in

the alarm state
ACO Active LED/button

3

ACO Act GRN Steady ON=the ACO

switch has been pressed

during an alarm state.

Steady OFF=no alarm

state is present or the

ACO button has not

been pressed during an

alarm state. The ACO

LED self-clears when

the offending alarm is

removed.

Introduction

...................................................................

5

Function LED/Button Label Color Operation

Unit Indicator
LED/button

Unit ID BLU Steady ON=highlights a

particular unit in a rack
of equipment. LED
Indicator is on front
(button) and rear of
unit.

Notes:

1. The Power LED/button works like a momentary switch. To power up the Brick device, press the
button in and a steady green LED light indicates that the Brick is powered up. To power down
the Brick device, press and hold the button in again for at least 3 seconds.

2. If lit, there is an alarm fault in either the power supplies or fans. Observe the Fan1 and Fan2
LEDs to determine if it is a Fan alarm, or the PS1 and PS2 LEDs to determine if it is a power
supply alarm.

3. The Audible Cut Out (ACO) LED/button works like a momentary switch. Press the button in to
turn off an audible alarm and the ACO LED.

4. The Unit ID LED/button works like a momentary switch. Press and hold the button in to activate
the front and rear Unit ID LEDs. When pressed in for about 6 seconds, the Unit ID button starts
on-demand diagnostics (refer to the section “Hardware diagnostics” (p. 6)).

In addition to the activity lights described above, the DC version of the Model 1200 Brick
also has a Fault light, which is amber when power is lost to the A or B power connector.

Hardware diagnostics

When the Model 1200 Brick is powered on and boots up, it performs a Power On Self Test
(POST) diagnostics check of the motherboard, during which its memory, circuitry, and
peripherals are tested and configured. If the boot up of the motherboard is successful, the
motherboard LEDs, which are visible through four holes located in the rear of the chassis
near the bottom center of the Brick, flash green or red and then go out. If the boot up of
the motherboard is unsuccessful, each LED on the motherboard displays a steady green or
red. Should this occur, contact Alcatel-Lucent Customer Technical Support and indicate the
locked color status of each LED on the motherboard, from left to right, which can be used
to help determine the problem encountered during the POST diagnostics check.

The Model 1200 Brick also allows you to perform an on-demand diagnostics check of the
front panel alarms hardware (controlled by the Brick Alarm card installed in the front
chassis of the Brick), or to confirm a fault that might have occurred during normal
operations.

To perform an on-demand diagnostics check, do the following:

1. Confirm that the Brick is connected to an active power source.

2. Press and hold the Unit ID LED/button for five seconds.

...................................................................

6

The Brick’s front alarm card initially performs a program self-check. If this fails, all front
panel LEDs and the audible alarm buzzer cycle together through three blinks/audible alarms
and the on-demand diagnostics is terminated.

If the diagnostics program self-check passes, the Brick turns off all LEDs or audible alarms
that are active, then cycles through each alarm indicator on and off 3 times, one cycle per
second, sequentially.

The alarm indicators are activated in the following sequence:

1. PS1 LED

2. PS2 LED

3. FD Act

4. FO Act LED

5. Fan1 LED

6. Fan2 LED

7. Fault LED

8. ACO LED

9. Unit ID LED

10. Audible alarm (buzzer)

11. Remote Visual Alarm relay

12. Remove Audible Alarm relay
After the on-demand diagnostics run is completed, the front panel alarm indicators return to

their original state.

Rear view

The rear of the Model 1200 Brick device provides access to two hot swappable redundant
power supplies. There is an alarm interface terminal block with dry contact closures for
Visual and Audible alarms that can be connected to a local alarm system. There are two
10/100/1000baseTX interfaces on the motherboard. In addition, there are six
10/100/1000BaseTX interfaces on both versions of the Model 1200 Brick, with 1Gigabit
only ports (two on the Standard version and six on the HS version) where SFP modules
can be inserted. The rear also contains a keyboard port, a monitor port, the console port,
two USB ports, and the Unit ID LED light.

Important! For installation into networks that are subject to surges, a shielded Ethernet
cable and/or serial port cable may be needed for regulatory compliance.

Alcatel-Lucent Security Management Server (SMS) software

The Model 1200 Brick device is supported by a patch release of SMS Release 9.0 (and
later SMS releases). To upgrade SMS R9.0 with a software patch that incorporates the
Model 1200 Brick software, or to obtain the latest software patches for R9.0 in the future,
download the software patches from the VPN Firewall Product Registration and Support
website: (https://www.lucent-ipsec.com). On the VPN Firewall Product Registration and

Introduction

...................................................................

7

Support web page, enter your User Name and Password (which are established during the
product registration process).

If you are a registered customer, the VPN Firewall Registration web page is displayed.
Click on the link on the left side of the page labeled

Downloads to access the Downloads

page. The Downloads page has a series of buttons which allow you to select and download
the required software release/patch. For additional instructions on how to download and
install the required SMS software release/patch, refer to the SMS product Release Notes.

CAUTION:

CAUTION
Electric shock hazard

Risk of shock
Before connecting power on the DC version of the Model 1200 Brick device, the Brick

device chassis must be properly grounded. Two 10-32 threaded studs, spaced 0.625 inches
apart, are provided at the rear of the chassis for grounding purposes.

Alarm outputs

Visual and Audible Alarm outputs are available from the rear of the Model 1200 Brick
device. Each Form C relay provides NO (Normally Open), C (Common), and NC
(Normally Closed) contacts. The designations NO, C, and NC represent the powered
″good″ state of the Brick device.

All contacts are limited to ±60V and 0.75A.

Visual Alarm Output - indicates the Alarm state of the Brick device and remains until the

alarm is gone.

Audible Alarm Output - indicates the Alarm state of the Brick device but can be disabled

with the ACO (Audible Cut Out) and will not reactivate until the existing alarm has been
cleared and a new alarm has been generated.

Handling Brick device components

To prevent damage to components from electrostatic discharge, always follow the proper
guidelines for equipment handling and storage. Adapter cards and semiconductor devices in
general can be easily and permanently damaged due to electrostatic discharge during
installation and removal.

In order to reduce the static potential, the user should be properly grounded through the use
of an approved antistatic wrist strap when installing, removing or handling Brick devices.

...................................................................

8