Alcatel-Lucent OMNIACCESS SAFEGUARD CONTROLLER Install Guide

OmniAccess SafeGuard
Controller

Installation Guide

PART NUMBER: 005-0031 REV A1

UBLISHED: MARCH 2007

P

A

LCATEL-LUCENT

26801 WEST AGOURA ROAD
CALABASAS, CA 91301 USA
(818) 880-3500

WWW.ALCATEL-LUCENT.COM

Alcatel-Lucent Proprietary

Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole
or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the Alcatel­Lucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their
respective owners.

2

OmniAccess SafeGuard Controller Installation Guide

Contents

Preface

About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Related Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Guide Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 1: Overview of the SafeGuard Controller

About the SafeGuard Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Front-Panel Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

SafeGuard Controller Rear Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Power Supplies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Small Form-Factor Pluggable (SFP) Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

System and Port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Chapter 2: Site Preparation and Installation

Preparing for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Space and Weight Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Rack Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Environmental Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Grounding Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Recommended Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Checking the Package Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Installing the SafeGuard Controller on a Table or Shelf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Installing the SafeGuard Controller in a Rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Four-Post Rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Two-Post Rack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Connecting Power to the SafeGuard Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

AC Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

DC Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

OmniAccess SafeGuard Controller Installation Guide

3

Contents

Installing Small Form-Factor Pluggable (SFP) Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Connecting Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Appendix A: Technical Specifications

Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Connector Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

SFP Module Types and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Appendix B: Safety and Regulatory Compliance

Safety Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

General Safety Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Safety with Electricity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Electromagnetic Interference Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Radio Frequency Interference Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Electrostatic Discharge Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Agency Safety Approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Regulatory Compliance and Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

FCC Part 15 Class A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Japan VCCI Class A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Appendix C: Customer Assistance and Product Support
Index

4

OmniAccess SafeGuard Controller Installation Guide

Figures

Figure 1: Secure LAN Controller (OAG2400 shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Figure 2: OAG2400 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 3: OAG1000 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Figure 4: SafeGuard Controller Rear Panel—Dual AC Power Supplies . . . . . . . . . . . . . . . . . . . . . . . .17

Figure 5: SafeGuard Controller Rear Panel—AC and DC Power Supplies . . . . . . . . . . . . . . . . . . . . .17

Figure 6: Front-Panel LEDs (OAG2400 Shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Figure 7: Attaching the Rack-Mounting Brackets at the Front . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Figure 8: Installing the SafeGuard Controller in a Four-Post Rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Figure 9: Attaching the Rack-Mounting Brackets at the Middle . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Figure 10: Connecting AC Power Cords (Model ACAC Shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Figure 11: Attaching the DC Connector to a Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Figure 12: Connecting the DC Power Cord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Figure 13: Inserting an SFP Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Figure 14: Connecting the Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Figure 15: Connecting the Serial Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Figure 16: DC Input Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

OmniAccess SafeGuard Controller Installation Guide

5

Figures

6

OmniAccess SafeGuard Controller Installation Guide

Tables

Table 1: Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Table 2: Guide Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 3: Extensibility Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Table 4: System and Port Mode LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Table 5: Port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Table 6: Rack Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Table 7: Environmental Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 8: Using Crossover or Straight-through Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Table 9: Troubleshooting Basic Hardware issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Table 10: Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Table 11: Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Table 12: Front-Panel Copper Port Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Table 13: Ethernet Management Port Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Table 14: RS-232 Serial Management Port Pinouts for Male DB-9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 15: DC Input Connector Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 16: SFP Modules and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

OmniAccess SafeGuard Controller Installation Guide

7

Tables

8

OmniAccess SafeGuard Controller Installation Guide

Preface

In this preface:

■ About This Guide

■ Related Publications

■ Guide Organization

Preface

About This Guide

This guide describes the Alcatel-Lucent SafeGuard Controller™. The guide provides
detailed installation instructions and technical specifications for the controller.

Audience

This guide is intended for experienced network administrators and networking or
computer technicians who are responsible for installing the SafeGuard Controller.

Conventions Used in This Guide

Ta b le 1 lists the text conventions used in this guide.

Table 1 Text Conventions

Convention Description

courier Command name or screen text.

courier bold Command text to be entered by the user.

italic Book title, menu item, or new term.

This guide uses the following icons and formats to highlight special messages in the text:

NOTE: This format highlights information that is important or has special
interest.

CAUTION: This format highlights information that will help you prevent
damage to equipment or loss of data.

WARNING: This format highlights safety information that is related to
electric shock or bodily injury.

10

OmniAccess SafeGuard Controller Installation Guide

Related Publications

For information about configuring and managing the SafeGuard Controller, refer to the
following guides:

■

OmniVista SafeGuard Manager Administration Guide

Describes how to manage the OmniAccess SafeGuard Controller using the
OmniVista SafeGuard Manager software.

■

OmniAccess SafeGuard OS Administration Guide

Provides concepts and configuration instructions for the major features of
OmniAccess SafeGuard OS and its supported products, which includes End Point
Validation (EPV) the integral component for using ICS.

■

ICS Dissolvable Agent for SafeGuard Administration Guide

Describes how to configure the Integrity Clientless Security (ICS) module of the
Alcatel-Lucent Network Admission Control (NAC).

Preface

Additional Resources

Alcatel-Lucent publishes documents for customers at: www.alcatel-lucent.com

Guide Organization

Ta b le 2 briefly describes each chapter and appendix in this guide.

Table 2 Guide Organization

Chapter or Appendix Contents

Chapter 1, Overview of the
SafeGuard Controller

Chapter 2, Site Preparation
and Installation

Appendix A, Technical
Specifications

Appendix B, Safety and
Regulatory Compliance

An overview of the SafeGuard Controller and its
major hardware features.

Preparing the installation site, installing the Safe­Guard Controller, and connecting cables.

Technical specifications for the SafeGuard Control­ler.

Safety recommendations and regulatory agency
compliance statements for the SafeGuard Control­ler.

Appendix C, Customer
Assistance and Product
Support

OmniAccess SafeGuard Controller Installation Guide

Technical support, customer service, and return
materials authorization (RMA) procedures.

11

Preface

12

OmniAccess SafeGuard Controller Installation Guide

chapter

Overview of the

1

SafeGuard Controller

In this chapter:

■ About the SafeGuard Controller

■ Hardware Overview

■ Power Supplies

■ Small Form-Factor Pluggable (SFP) Modules

■ System and Port LEDs

Chapter 1: Overview of the SafeGuard Controller

About the SafeGuard Controller

The Alcatel-Lucent SafeGuard Controller is the first secure networking controller that
enables network managers to see all LAN traffic up to Layer 7 and associates the traffic
with users and applications. The SafeGuard Controller enforces access policies and
controls malware infection in real time, achieving performance and capabilities
previously not possible.

The SafeGuard Controller provides the following functionality:

■ Prevents network meltdown by automatically detecting and containing the

spread of malware and worms

■ Leverages existing authentication infrastructure (Windows Active Directory,

RADIUS, and Lightweight Directory Access Protocol)

■ Checks the security posture of the host (network access point, and Trusted

Computing Group)

■ Supports compliance initiatives through user-based auditing

■ Exercises file-level control over information access and transmission

■ Provides enforcement based on user- and application-defined polices

This chapter presents an overview of the SafeGuard Controller hardware, which is
available in two models with two different power options. It shows physical views and
describes the interfaces of the front and rear panels for both models.

Hardware Overview

The SafeGuard Controller is a compact enclosure 1.7 inches (4.4 cm) high that is designed
to be installed in a standard 19-inch equipment rack or on a table or shelf (Figure 1). The
SafeGuard Controller features front-panel ports implemented as small form-factor
pluggable (SFP) modules. The rear panel of the SafeGuard Controller provides
management ports, a compact flash slot, and power connectors. Internal fans draw air
from the front of the SafeGuard Controller and exhaust it at the rear.

The SafeGuard Controller is available in the following models:

■ OAG2400-ACAC with 24 ports and dual redundant AC power supplies

■ OAG2400-ACDC with 24 ports, one AC power supply, and one DC supply input

■ OAG1000-ACAC with 10 ports and dual redundant AC power supplies

14

■ OAG1000-ACDC with 10 ports, one AC power supply, and one DC supply input

OmniAccess SafeGuard Controller Installation Guide

CST_003

CST_001

Core

Edge

214

3

658710912111413161518172019222124

23

Chapter 1: Overview of the SafeGuard Controller

Figure 1 Secure LAN Controller (OAG2400 shown)

Front-Panel Interfaces

The OAG2400 SafeGuard Controller has 24 front-panel ports (Figure 2); the OAG1000
SafeGuard Controller has 10 front-panel ports (Figure 3). Each port has two associated
LEDs. One LED indicates link status. You can program the other LED to indicate activity,
duplex mode, or speed for the port.

Figure 2 OAG2400 Front Panel

OmniAccess SafeGuard Controller Installation Guide

15

Chapter 1: Overview of the SafeGuard Controller

CST_023

Core

Edge

214

3

658710

9

Figure 3 OAG1000 Front Panel

Each SafeGuard Controller model has secured port pairs that act as bridged ports. These
ports can be configured to be synchronized, so that when one port in the pair comes up,
its paired port comes up. Similarly, when one port in the pair goes down, its paired port
goes down. Within each pair, the top port (odd-numbered) is used to connect the
SafeGuard Controller to the upstream core or distribution switch. The bottom port (even­numbered port) is used to connect the SafeGuard Controller to the downstream access
(wire-closet) switches. The OAG2400 has 10 core ports and 10 edge ports. The OAG1000
has four network ports and four host ports.

Both SafeGuard Controller models have extensibility ports that include a reserved high­availability port for connecting a peer SafeGuard Controller of the same type and either
one (OAG1000) or two (OAG2400) ports for monitoring. In addition, the OAG2400 has a
port that is reserved for future use. Tab l e 3 lists the functions of the extensibility ports.

Table 3 Extensibility Ports

OAG2400 OAG1000

Port Label Purpose Port Label Purpose

21 EXT1 Monitoring 9 EXT1 Monitoring
22 EXT2 Monitoring 10 EXT2 High availability
23 EXT3 Future development
24 EXT4 High availability

Each front-panel port can be customized by inserting the proper SFP module. The SFP
modules supported are single-mode and multi-mode fiber and single-speed and triple­speed copper modules. You can mix and match different types in the same unit. For more
information about the SFP modules, see Small Form-Factor Pluggable (SFP) Modules on

page 18.

16

To comply with the IEEE 802.3ab standard, by default, the front-panel 10/100/1000 ports
of the SafeGuard Controller are capable of auto-negotiation for speed and duplex
settings. For example, with auto-negotiation enabled by default, the port detects the
interface settings and auto-configures support for the full-duplex or fastest line speed,

OmniAccess SafeGuard Controller Installation Guide