H3C F5000-A5 User Manual

H3C SecPath F5000-A5 Firewall

Installation Manual

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Manual Version: 5PW101-20090424

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Technical Support

customer_service@h3c.com http://www.h3c.com

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

G, VnG, PSPT,

About This Manual

Organization

H3C SecPath F5000-A5 Firewall Installation Manual is organized as follows:

Chapter Contents

1 Firewall Overview

Briefly introduces the product specifications, as well as the features and applications of the H3C SecPath F5000-A5.

2 Arranging Slots and Numbering Interfaces

3 Preparing for Installation

4 Installing the Firewall

5 Starting and Configuring the Firewall

6 Maintaining Software

7 Maintaining Hardware

8 Troubleshooting

9 Appendix

Introduces the slots and numbering rules of the H3C SecPath F5000-A5.

Describes the requirements on installation site, the safety recommendations before and during installation, and the required tools.

Introduces how to install the F5000-A5, as well as how to connect the power cable, console cable, and Ethernet cable.

Helps you get familiar with the basic knowledge of how to boot and configure the F5000-A5, including device startup, power-on, and initialization of system files, and so on.

Introduces how to maintain the software of the F5000-A5, including upgrading the software and configuration files.

Introduces how to maintain the hardware of the F5000-A5.

Describes some problems that may occur during installation and startup of the firewall and how to solve them.

Provides the details of regulatory compliance information and the safety information in Chinese, comprising general warning, warnings on installation, and safety with electricity.

Conventions

The manual uses the following conventions:

Command conventions

Convention Description

Boldface

italic [ ] Items (keywords or arguments) in square brackets [ ] are optional.

{ x | y | ... }

[ x | y | ... ]

The keywords of a command line are in Boldface. Command arguments are in italic.

Alternative items are grouped in braces and separated by vertical bars. One is selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

Convention Description

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line starting with the # sign is comments.

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.

The argument(s) before the ampersand (&) sign can be entered 1 to n times.

GUI conventions

Convention Description

< > Button names are inside angle brackets. For example, click <OK>.

[ ]

Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.

Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

Symbols

Convention Description

1 Firewall Overview

Introduction

The H3C SecPath F5000-A5 firewall (hereinafter referred to as the F5000-A5) is a high-end core firewall product developed by Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) to deliver extremely high-performance security solutions for large-sized enterprises, carriers and data center networks.

The F5000-A5 delivers the following features based on its powerful multi-core processor and FPGA-based hardware acceleration technologies:

z Adopts dual-power input, passive backplane, switch architecture, and distributed modular

architecture.

z Separates the control plane from the data plane: At the control plane, a powerful multi-core

processor is used for service scheduling and application identification. At the data plane, a dedicated field programmable gate array (FPGA) is used for rapid forwarding of data streams. Moreover, additional service cards can be used to expand the process capability at the data plane.

z In addition to traditional firewall functions, the F5000-A5 supports virtual firewall, attack defense,

and content filtering, thus delivering more effective network protection.

z Uses the application specific packet filter (ASPF) status detection technology to monitor

connection processes, detect illegal operations, and implement dynamic packet filtering with ACLs.

z Supports server load balancing and link load balancing functions. z Supports high-performance virtual private network (VPN) services, such as IPSec VPN, GRE, and

L2TP.

z Provides abundant routing capabilities and supports multiple routing protocols including Routing

Information Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).

z Supports Web-based configuration and management. z Collects and conducts statistics of audit information such as NAT and security events through

H3C’s audit systems (e.g. SecCenter, Xlog, and QuidView).

z Conforms to both international and national standards to ensure interoperability with products of

different manufacturers at every layer.

1-1

Physical Description

Front View

Figure 1-1 Front view of the F5000-A5

(1)

(15)

(14)

(13)

(12)

(11)

(2) (3)

(7) (5)(8)(9)(10)

(6)

(4)

(1) Left mounting bracket (2) Main processing unit (MPU) (3) Right mounting bracket (4) Chassis handle (5) Weight-bearing warning label (50 kg/110.2 lb.) (6) Fan tray

(7) AC power module (PWR1)

(8) Blank panel for PoE PSU (reserved PoE

slot) (9) Blank panel for DC power module (PWR2) (10) ESD socket and silkscreen (11) Blank panel for LPU (Slot 4) (12) Blank panel for LPU (Slot 3) (13) Blank panel for LPU (Slot 2) (14) Blank panel for LPU (Slot 1) (15) Cable management bracket

Currently, the device does not support power over Ethernet (PoE).

1-2

Rear View

Figure 1-2 Rear view of the F5000-A5

(3)

(1)

(2)

(8)(9)

(7)

(4)

(5)

(6)

(1) Warning label (2) Handle on the rear chassis panel (3) Upper slide rail for the air filter (optional) (4) Air filter (optional) (5) Lower slide rail for the air filter (optional) (6) Chassis handle (7) Weight-bearing warning label (50 kg/110.2 lb.) (8) Grounding screw and sign (9) Vents

Do not hold the handle indicated by (2) in Figure 1-2 on the rear chassis panel to move the chassis because it is designed for the convenience of the rear chassis panel removal, but not for bearing the chassis weight.

1-3

System Specifications

MPU–NSQ1MPUA0

Front view

Figure 1-3 Front view of the MPU

(1) Link status LED of the management Ethernet port (LINK)

(3) Link status LED of the HA port (LINK) (5) CF card eject button (CF CARD) (6) CF card slot

(7) CF card LED (CF) (8) Run LED (RUN) (9) Active LED of the MPU (ACT) (10) Alarm LED (ALM) (11) Reset button (RESET) (12) USB interface 1 LED (USB1) (13) USB interface 1 (1) (14) USB interface 0 (0) (15) AUX port (AUX) (16) Console port (CONSOLE)

(17) HA port-10/100/1000BASE-T (HA) (19) Ejector lever (20) Captive screw

(2) Data reception/transmission LED of the management Ethernet port (ACT) (4) Data reception/transmission LED of the HA port (ACT)

(18) Management Ethernet port-10/100/1000BASE-T (MANAGEMENT)

Currently, the device supports only one MPU and the MPU must be inserted in Slot 0.

Technical specifications

Table 1-1 Technical specifications of the MPU

Item Specification

Processor RMI XLR732 1 GHz

Processor cores 8

Flash 4 MB

DDR2 SDRAM

Memory type and size

2 memory slots 2 GB (default) Memory modules must be used in pairs with the same size.

Console port 1 (9600 bps to 115200 bps, 9600 bps by default)

1-4

Item Specification

AUX port 1 (9600 bps to 115200 bps, 9600 bps by default)

Management Ethernet port 1 (10Base-T/100Base-TX/1000Base-T)

HA port 1 (10Base-T/100Base-TX/1000Base-T)

CF card

z 256 MB by default for the built-in CF card z 256 MB, 512 MB, or 1 GB for an optional external CF card

2 (USB 0: operating in the host mode; USB 1: operating in the device

USB interfaces

mode) Reserved for future use

Reset button 1

z The flash is used for storing the boot file—the BootWare program. z The memory is used for storing system data during operation and caching data in data forwarding. z A CF card is used for storing the software system and configuration files of the device.

LEDs

Figure 1-4 LEDs on the MPU

(5)

(6)

(1) (2)

(3) (4)

(1) Link status LED of the management Ethernet port (LINK)

(3) Link status LED of the HA port (LINK)

(9)

(2) Data reception/transmission LED of the management Ethernet port (ACT) (4) Data reception/transmission LED of the HA port (ACT)

(7) (8)

(5) CF card LED (CF) (6) Run LED (RUN) (7) Data reception/transmission LED of the management Ethernet port/HA port (ACT) (8) Alarm LED (ALM) (9) USB interface 1 LED

1) Device status LEDs

1-5

Table 1-2 Description of the device status LEDs

LED Status Description

OFF No power input or the MPU is faulty.

Slow blinking (1 Hz) The MPU is operating normally.

RUN (green)

Fast blinking (8 Hz)

The application software is being loaded (in this state, never power off the device or hot-swap the MPU; otherwise the MPU may be damaged), or the MPU is not working.

Reset

The RUN LED goes off after the system is reset and flashes fast on system startup.

OFF The MPU is in the standby state or there is no power input.

ACT (yellow)

ON The MPU is in the active state.

OFF The system is operating normally with no alarms.

A fault has occurred to the system. In this state, check the system log immediately.

A critical fault has occurred to the system. In this state, handle the fault immediately.

ALM (red)

Fast blinking (8 Hz)

2) Management Ethernet port/HA port LEDs

Table 1-3 Description of the management Ethernet port/HA port LEDs

LED Status Description

OFF No link is present on the port.

LINK (green)

ON A link is present on the port.

ACT (yellow)

OFF No data is being transmitted or received on the port.

ON Data is being transmitted or received on the port.

3) USB interface LED

Table 1-4 Description of the USB interface LED

LED Status Description

OFF No host is connected to the device-mode USB interface.

A host is in connection with the device-mode USB interface. The USB cable can be unplugged in this state.

Data is being transmitted or received through the device-mode USB interface. Do not unplug the USB cable in this state.

USB (green)

Blinking

USB interfaces are reserved for future use.

1-6

4) CF card LED

Table 1-5 Description of the CF card LED

LED Status Description

OFF No CF card is present or the CF card is not recognizable.

CF (green)

Do not remove the CF card when the CF LED is blinking. Otherwise, the files stored on the CF card will be damaged.

LPU–NSQ1GT8C40

Introduction

An NSQ1GT8C40 line processing unit (LPU) provides eight electrical interfaces and four Combo interfaces, delivering high-speed service process capabilities. Note that:

z An NSQ1GT8C40 LPU can be inserted in slot 1, 2, 3, or 4 of the F5000-A5. z An F5000-A5 needs to be equipped with an MPU and at least one LPU to work normally.

ON A CF card is in position and has been detected.

Blinking

The system is accessing the CF card. Do not remove the CF card in this state.

Figure 1-5 Front view of NSQ1GT8C40

(1) GE interface 1 (2) GE interface 3 (3) GE interface 5 (4) GE interface 7 (5) GE interface 9 (6) SFP interface 9 (7) SFP interface 9 LED (SFP9) (8) SFP interface 8 LED (SFP8) (9) GE interface 11 (10) SFP interface 11 (11) SFP interface 11 LED (SFP11) (12) SFP interface 10 LED (SFP10) (13) LPU LED (RUN) (14) SFP interface 10 (15) GE interface 10 (16) SFP interface 8 (17) GE interface 8 (18) GE interface 6 (19) GE interface 4 (20) GE interface 2 (21) GE interface 0 (22) Eject lever (23) Captive screw

1-7

Technical specifications

Table 1-6 Technical specifications of NSQ1GT8C40

Memory type and size

Item Description

DDR2 SDRAM 1 memory slot 512 MB (default), 1 GB (maximum)

Electrical interfaces

10 Mbps, half/full duplex

100 Mbps, half/full duplex

1000 Mbps, full duplex

4 (electrical/optical)

10 Mbps, half/full duplex

Combo interfaces

Electrical interfaces

100 Mbps, half/full duplex

1000 Mbps, full duplex

Optical interfaces 1000 Mbps, full duplex

Power consumption monitoring Supported

z A Combo interface is comprised of an electrical interface and a small form-factor pluggable (SFP)

interface.

z For an optical/electrical Combo interface, the default operating interface is the electrical interface. z For a Combo interface, either the electrical interface or the optical interface can operate at one time.

You can use the combo enable { copper | fiber } command in interface view to switch between the electrical and optical interfaces. For details about the combo enable { copper | fiber } command, refer to H3C SecPath Series Security Products User Manual.

LEDs

Table 1-7 Description of the LEDs on NSQ1GT8C40

LED Status Description

OFF No power input or the LPU is faulty.

Slow blinking (1 Hz) The LPU is operating normally.

RUN (green)

Fast blinking (8 Hz)

The application software is being loaded (in this state, never power off the device or hot-swap the LPU; otherwise the LPU may be damaged), or the LPU is not working.

Reset

The RUN LED goes off after the system is reset and flashes fast on system startup.

1-8

LED Status Description

OFF No link is present on the corresponding interface.

GE0 through GE11

(yellow/green)

SFP8 through SFP11

(yellow/green)

LPU–NSQ1XP20

Introduction

An NSQ1XP20 provides two Ten-gigabit small form-factor pluggable (XFP) interfaces, delivering high-speed service process capabilities. The front panel of the LPU provides one LED for each interface. Currently, this LPU supports only the LAN PHY mode, but not the WAN PHY mode. Note that:

Solid green A 1000 Mbps link is present on the interface.

Blinking green Data is being transmitted or received at 1000 Mbps.

Solid yellow A 10/100 Mbps link is present on the interface.

Blinking yellow Data is being transmitted or received at 10/100 Mbps.

OFF No fiber link is present on the interface.

Solid green A fiber link is present on the interface.

Blinking green Data is being transmitted or received at 1000 Mbps.

Solid yellow The optical module fails to be detected.

z NSQ1XP20 can be inserted in slot 1, 2, 3, or 4 of the F5000-A5. z The F5000-A5 needs to be equipped with an MPU and at least one LPU to work normally.

Figure 1-6 Front view of NSQ1XP20

(1) Captive screw (2) Eject lever (3) XFP interface 0 (4) XFP interface 0 LED (XFP0) (5) XFP interface 1 (6) XFP interface 1 LED (XFP1) (7) LPU LED (RUN)

Technical specifications

Table 1-8 Technical specifications of NSQ1XP20

Item Description

DDR2 SDRAM

Memory type and size

1 memory slot 512 MB (default), 1 GB (maximum)

XFP interfaces

2 10GBASE-R

Power consumption monitoring Supported

1-9

LPU LEDs

Table 1-9 Description of the LEDs on NSQ1XP20

LED Status Description

OFF No power input or the LPU is faulty.

Slow blinking (1 Hz) The LPU is operating normally.

RUN (green)

XFP0 (green)

XFP1 (green)

Fast blinking (8 Hz)

Reset

OFF No link is present on the interface.

ON A link is present on the interface.

Blinking Data is being transmitted or received on the interface.

OFF No link is present on the interface.

ON A link is present on the interface.

Blinking Data is being transmitted or received on the interface.

Dimensions and Weight

Table 1-10 Dimensions and weight of the F5000-A5

The application software is being loaded (in this state, never power off the device or hot-swap the LPU; otherwise the LPU may be damaged), or the LPU is not working.

The RUN LED goes off after the system is reset and flashes fast on system startup.

Item Description

Dimensions without feet and mounting brackets (H × W × D)

Weight (full configuration) 50 kg (110.23 lb.)

Voltage and Current

Table 1-11 Specifications of the voltage and current

Rated voltage range

Maximum input current

Maximum power consumption 650 W

308 × 436 × 476 mm (12.13 × 17.17 × 18.74 in.)

Item Description

AC powered: 100 VAC to 240 VAC; 50/60 Hz DC powered: –48 VDC to –60 VDC

AC powered: 10 A DC powered: 25 A

1-10

Fan Tray

Table 1-12 Technical specifications of the fan tray

Rated voltage 12 VDC

Total fan power consumption 50 W

Dimensions (H × W × D) 227 × 31 × 413.3 mm (8.94 ×1.22 × 16.27 in.)

Table 1-13 Description of the fan tray LEDs

RUN (green) ON The fan tray is working normally.

ALM (red) ON The fan tray is faulty.

Item Specification

LED Status Description

The F5000-A5 supports automatic fan speed adjustment but not hot-swapping of the fan tray.

Operating Environment

Table 1-14 Operating environment specifications

Operating temperature 0°C to 45°C (32°F to 113°F)

Operating humidity 10% to 95%, noncondensing

Altitude –60 m to +4 km (–196.85 ft. to +2.49 miles)

Components

MPU–NSQ1MPUA0

Item Description

Processor

The NSQ1MPUA0 is an MPU that uses an RMI XLR732 1 GHz processor as the route processing engine.

Flash

The flash size is 4 MB, of which 1 MB is used for storing the boot file—BootWare and the remaining space for BootWare backup and storing important system parameters.

1-11

Memory module

The memory module is used for storing data exchanged between the system and the CPU. The default memory size of the MPU is 2 GB, which is the maximum memory size supported by the MPU. The MPU provides two memory slots for memory modules of the same size.

You can use DDR2 SDRAM-1GB for the MPU of the device.

CF card

1) Introduction

A compact flash (CF) card is used for storing logs, host files, and configuration files.

The F5000-A5 is equipped with a 256 MB built-in CF card, which is identified with cfa0. In addition, the device provides an external CF card slot to extend the local storage space. A CF card inserted into the CF card slot is identified with cfb0.

The CF cards supported by the device are available in three sizes:

z 256 MB z 512 MB z 1 GB

Use CF cards provided by H3C only. The device may be incompatible with other CF cards.

2) CF card and slot Figure 1-7 CF card and the LED

(1) (2) (3)

(1) Eject button (CF CARD) (2) CF card slot (3) CF card LED (CF)

3) CF card LED

For the description of the CF card LED, see

Table 1-5.

1-12

The CF card is hot-swappable. When the CF LED is blinking, do not unplug the CF card. Otherwise, the file system on the CF card may be damaged.

Console port

1) Introduction

The F5000-A5 provides an RS232 asynchronous serial console port, which can be connected to a computer for system debugging, configuration, maintenance, management, and host software loading.

2) Technical specifications

Table 1-15 Technical specifications of the console port

Connector type RJ-45

Item Description

Compliant standards RS232

Baud rate 9600 bps to 115200 bps, 9600 bps by default

Maximum transmission distance 15 m (49.21 ft.)

z Connection to an ASCII terminal

Services

z Connection to the serial interface of a local PC to run

the terminal emulation program

z Command line interface (CLI)

3) Console cable

The console cable is an 8-core shielded cable. The RJ-45 connector at one end of the cable is connected to the console port on the device, and the DB-9 female connector at the other end is connected to the serial port of a configuration terminal.

Figure 1-8 illustrates the console cable.

Figure 1-8 Console cable

Table 1-16 Console cable connector pinouts

RJ-45 pin Signal direction DB-9 Signal

8 CTS

6 DSR

2 RXD

1-13

RJ-45 pin Signal direction DB-9 Signal

1 DCD

5 — 5 GND

3 TXD

4 DTR

7 RTS

For the connection of the console cable, refer to the section talking about connecting a console cable in Chapter 4 “Installing the Firewall.”

AUX port

1) Introduction

The AUX port is an RS232 asynchronous serial port used for remote configuration or dialup backup. You need to connect the local modem to the remote modem through the PSTN to reach the remote device for remote system debugging, configuration, maintenance, and management. In case that the console port is faulty, the AUX port can be connected to a terminal as a backup port of the console port. For details, refer to Chapter 8 “Troubleshooting.”

2) Technical specifications

Table 1-17 Technical specifications of the AUX port

Item Description

Connector type RJ-45

Compliant standard RS232

Baud rate 9600 bps to 115200 bps, 9600 bps by default

Service

Connection to the serial interface of a remote PC through a pair of modems to establish a dial-up connection with the remote PC

3) AUX cable

The AUX cable is an 8-core shielded cable. The RJ-45 connector at one end of the cable is connected to the AUX port on the firewall, and the DB-25 male connector or DB-9 male connector at the other end is connected to the serial port on a modem as needed.

1-14

Figure 1-9 AUX cable

Table 1-18 AUX cable connector pinouts

RJ-45 Signal direction DB-25 DB-9 Signal

4 7 RTS

20 4 DTR

2 3 TXD

8 1 DCD

5 — 7 5 GND

3 2 RXD

6 6 DSR

5 8 CTS

For how to connect the AUX cable, refer to the section talking about connecting the AUX Cable to a modem in Chapter 4 “Installing the Firewall.”

Management Ethernet port/HA port

The management Ethernet port is a 10Base-T/100Base-TX/1000Base-T RJ-45 auto-sensing interface. It allows you to upgrade software and manage the device through a network management server, without using any service interface of the device. The management Ethernet port is only for managing the device and has no service processing capabilities such as data forwarding.

The high availability (HA) feature is mainly delivered through stateful failover and VRRP. The HA port is a 10Base-T/100Base-TX/1000Base-T RJ-45 auto-sensing interface, which is used for synchronizing link state packets in a dual-system network.

1-15

Table 1-19 Technical specifications of the management Ethernet port/HA port

Item Description

Connector type RJ-45

Port quantity

1 management Ethernet port 1 HA port

Interface type Automatic MDI/MDIX

Frame formats

Ethernet_II Ethernet_SNAP

10 Mbps, half/full duplex

Interface speed and duplex mode

100 Mbps, half/full duplex 1000 Mbps, full duplex

Maximum transmission distance 100 m (328.08 ft.)

Function Software upgrade and network management

The media dependent interface (MDI) standard is typically used on the Ethernet interface of network adaptors. The media dependent interface crossover (MDI-X) standard is typically used on hubs or LAN switches.

RESET button

The RESET button is used to reset the current MPU. The RUN LED goes off when the MPU is reset, flashes fast (at 8 Hz) when BootWare is running, and flashes slowly (at 1 Hz) after the system is booted and operates normally.

z If you perform no save operation before resetting the device, the current system configuration will

not be saved.

z Never press the RESET button when the device boots up with the RUN LED blinking fast or when

the device is accessing the CF card; otherwise, the file system of the device may be damaged.

Clock

The F5000-A5 is designed with an interface clock module, which provides the system time. You can set the system time through the command line interface.

The clock module continues working even if a power failure occurs to the device, ensuring a correct system time next time the device boots. With the device powered off, the clock module can work for at least 10 years.

Note that:

1-16

z Never replace the clock module battery when the device is powered on. z The system time gets lost once the clock module battery is removed. You need to set the system

time again through the command line interface.

z Use the clock datetime time date command in user view to set the system date and time. z For details about the clock datetime command, refer to H3C SecPath Series Security Products

User Manual.

LPU–NSQ1GT8C40

Ethernet interface introduction

NSQ1GT8C40 provides eight electrical interfaces (10Base-T/100Base-TX/1000Base-T) and four Combo interfaces. A Combo interface consists of an electrical interface and an optical interface. The default operating interface is the electrical interface.

z For the interface speed and duplex mode of electrical interfaces and the Combo interfaces

operating in electrical interface mode, see

Table 1-20.

Table 1-20 Interface speed and duplex mode of electrical interfaces

Interface speed Duplex mode

10 Mbps auto-sensing Half/full duplex

100 Mbps auto-sensing Half/full duplex

1000 Mbps auto-sensing Full duplex

The electrical interface LEDs are above the RJ-45 ports. The LEDs in triangle and inverted triangle indicate the status of the lower and upper electrical Ethernet interfaces respectively. For the description of the electrical interface LEDs, refer to

z The optical interface of a Combo interface supports 1000 Mbps in full duplex mode. It has an

Table 1-7.

interface LED on the right of the optical interface, indicating the status of the SFP optical interface. For the description of the optical interface LEDs, refer to

Table 1-7.

For a Combo interface, either the electrical interface or the optical interface can operate at one time. You can use the combo enable { copper | fiber } command in interface view to switch between the electrical and optical interfaces. For details about the combo enable { copper | fiber } command, refer to H3C SecPath Series Security Products User Manual.

1-17

Technical specifications for Ethernet interfaces

z Technical specifications for electrical Ethernet interfaces

Table 1-21 Technical specifications for electrical Ethernet interfaces

Item Description

Connector type RJ-45

Interface type Automatic MDI/MDIX

Frame formats

Ethernet_II Ethernet_SNAP

10 Mbps, half/full duplex

Interface speed and duplex mode

100 Mbps, half/full duplex

1000 Mbps, full duplex

z When 10/100 Mbps and half/full duplex mode are specified for an electrical Ethernet interface, the

electrical Ethernet interface operates in the forced mode. When 1000 Mbps or the speed and the duplex mode are not simultaneously specified for an electrical Ethernet interface, the electrical Ethernet interface operates in the auto-negotiation mode.

z No matter whether an electrical Ethernet interface operates in the forced or auto-negotiation mode,

it supports automatic MDI/MDIX.

z Technical specifications for optical Ethernet interfaces

Table 1-22 Technical specifications for GE optical interfaces

Item Description

Connector type SFP/LC

Compliant standards

Type

Optical transmit power

802.3, 802.3u, and 802.3ab

Short-haul multimode optical interface module (850 nm)

Medium-haul single-mode optical interface module (1310 nm)

Long-haul optical interface module (1310 nm)

Long-haul optical interface module (1550 nm)

Ultra-long haul optical interface module (1550 nm)

Min –9.5 dBm –9 dBm –2 dBm –4 dBm –4 dBm

Max 0 dBm –3 dBm 5 dBm 1 dBm 2 dBm

Receiving sensitivity

–17 dBm –20 dBm –23 dBm –21 dBm –22 dBm

Central wavelength 850 nm 1310 nm 1310 nm 1550 nm 1550 nm

1-18

Item Description

Fiber type

Maximum transmission distance

62.5/125 μm multimode fiber

0.55 km (0.34 miles)

9/125 μm single-mode fiber

10 km (6.21 miles)

9/125 μm single-mode fiber

40 km (24.86 miles)

9/125 μm single-mode fiber

40 km (24.86 miles)

9/125 μm single-mode fiber

70 km (43.50 miles)

Operating mode 1000 Mbps in full duplex mode

RJ-45 connector

The 10Base–T/100Base–TX/1000Base–T electrical Ethernet interfaces of the F5000-A5 use RJ-45 connectors and support automatic MDI/MDI-X. Category-5 twisted pair cables are used for RJ-45 connectors.

Figure 1-10 illustrates the RJ-45 connector.

Figure 1-10 RJ-45 connector

LC connector

Optical fiber connectors are indispensable passive components in optical fiber communication system. Their application enables the removable connection between optical channels, which makes the optical system debugging and maintenance more convenient and the transit dispatching of the system more flexible.

Some optical fiber connecter types are as follows:

z LC: square optical fiber connector of the push-pull snap-in type z SC: standard optical fiber connector z FC: round optical fiber connector with screw thread z ST: round plug-in optical fiber connector z MT-RJ: square transceiver optical fiber connector

Currently, the optical Ethernet interfaces on NSQ1GT8C40 can only use LC connectors. Figure 1-11 LC connector

1-19

z Before using an optical fiber to connect a network device, verify that the optical fiber connector

matches the optical module.

z Before connecting an optical fiber, make sure the received optical power at the local end does not

exceed the upper threshold of the receiving optical power of the optical module. Otherwise, the optical module may be damaged.

Cable connecting electrical Ethernet interfaces

Usually, you can use a Category-5 twisted pair cable to connect an electrical Ethernet interface. Figure 1-12 shows an Ethernet cable.

Figure 1-12 Ethernet cable

Ethernet cables fall into two categories:

z Standard cable: Also known as straight-through cable. At both ends of a standard cable, wires are

crimped in the RJ-45 connectors in the same sequence. A straight-through cable is used for connecting a terminal (for example, a PC or router) to a hub or LAN switch. The cables delivered with the firewall are straight-through cables.

z Crossover cable: At both ends of a crossover cable, wires are crimped in the RJ-45 connectors in

different sequences. A crossover cable is used for connecting two terminals (for example, PC or router). You can make crossover cables by yourself as needed.

Table 1-23 Straight-through cable connector pinouts

RJ-45 Signal

1 TX+ White (Orange)

2 TX– Orange

3 RX+ White (Green)

Category-5

twisted pair

Signal direction RJ-45 pin

4 — Blue — 4

5 — White (Blue) — 5

6 RX– Green

7 — White (Brown) — 7

8 — Brown — 8

1-20

Table 1-24 Crossover cable connector pinouts

RJ-45 Signal direction

1 TX+ White (Orange)

2 TX– Orange

3 RX+ White (Green)

Category-5

twisted pair

Signal direction RJ-45

4 — Blue — 4

5 — White (Blue) — 5

6 RX– Green

7 — White (Brown) — 7

8 — Brown — 8

z You can refer to the tables above when distinguishing between and preparing these two types of

Ethernet cables.

z When preparing Ethernet cables, follow the chromatogram given in the table to arrange the wires.

Otherwise, communication quality will be affected even if the two devices at both ends can communicate.

z When preparing Ethernet cables, use shielded cables preferentially for electromagnetic

compatibility.

Fiber connecting optical Ethernet interfaces

You can use a single-mode or multimode fiber to connect a 1000 Mbps optical Ethernet interface and select proper fibers for the installed 1000Base–X SFP optical modules (GE SFP transceivers for short). Because the optical interfaces on these SFP transceivers use LC optical connectors, you must use fibers with LC optical connectors. All SFP transceivers are hot-swappable.

z No SFP transceivers are shipped with the F5000-A5. z Use only the SFP transceivers provided by H3C. The device cannot recognize other SFP

transceivers.

z For the connection of electrical Ethernet cables and optical fibers, refer to the section talking about

connecting Ethernet cables in Chapter 4 “Installing the Firewall.”

1-21

LPU–NSQ1XP20

Introduction to 10 GE interfaces

NSQ1XP20 provides two XFP interfaces (10GBASE–R), which operate in the LAN PHY mode rather than the WAN PHY mode. An XFP interface operating in the LAN PHY mode supports a maximum data-rate of 10.3125 Gbps. The LED for an XFP interface is on the right of the interface, indicating the status of the interface. For the description of the XFP interface LEDs, refer to

Technical specifications for 10 GE interfaces

Table 1-25 Technical specifications of the XFP interfaces

Item Description

Connector type XFP/LC

Physical layer 10GBASE–R

Interface speed LAN PHY mode: 10.3125 Gbps

Table 1-9.

Optical transmit power

Receiving sensitivity –7.5 dBm –10.3 dBm –11.3 dBm

Central wavelength 850 nm 850 nm 1310 nm

Maximum transmission distance

Fiber type

Type Short-haul multimode

Min –7.3 dBm –8.2 dBm –1 dBm

Max –1.08 dBm 0.5 dBm 2 dBm

300 m (984.25 ft.) 300 m (984.25 ft.) 10 km (6.21 miles)

62.5/125 μm multimode fiber

Medium-haul single-mode

9/125 μm single-mode fiber

Long-haul single-mode

9/125 μm single-mode fiber

Cable connecting 10 GE interfaces

You can use a single-mode or multimode fiber to connect an XFP interface and select proper fibers for the installed XFP optical modules (XFP transceivers for short). Since the optical interfaces on these XFP transceivers use LC optical connectors, you must use fibers with LC optical connectors. All XFP transceivers are hot-swappable.

Figure 1-11.

see

Figure 1-13 shows an XFP transceiver. For a fiber with LC connectors,

1-22

Figure 1-13 An XFP transceiver

z No XFP transceivers are shipped with the F5000-A5. z Use only the XFP transceivers provided by H3C. The device cannot recognize other XFP

transceivers.

z For how to connect XFP transceivers, refer to the section talking about connecting Ethernet cables

in Chapter 4 “Installing the Firewall.”

Power Supply Module

The F5000-A5 supports both AC and DC power input. You can select an AC power module or a DC power module. However, never install the two types of power PSUs in the same device.

The F5000-A5 needs only one PSU for normal operation of the system. But the device provides two slots for 1+1 redundancy.

The PSUs are hot-swappable.

Online insertion and removal of a PSU refers to first switching off the power module and then removing it from the device or inserting it into the device.

AC power module

Table 1-26 lists the specifications for the AC power module of the device.

1-23

Table 1-26 AC power module specifications

Item Specification

Rated voltage range 100 VAC to 240 VAC; 50/60 Hz

Maximum input current 10 A

Maximum power consumption 650 W

Dimensions (H × W × D) 40.2 × 140 × 353.5 mm (1.58 × 5.51 ×13.92 in.)

Table 1-27 Description of the AC power LED

Status Description

OFF No power input is present.

Solid green The power module is working normally.

Solid red The power module is faulty.

Figure 1-14 AC power module

(5)

(1) (2) (3) (4)

(6)

(1) Captive screw (2) Bail latch (3) Power socket (4) Power switch (5) Power LED (6) PSU handle

DC power module

Table 1-28 lists the specifications for the DC power module of the device.

Table 1-28 DC power module specifications

Item Specification

Rated voltage range –48 VDC to –60 VDC

Maximum input current 25 A

Maximum power consumption 650 W

Dimensions (H × W × D) 40.2 × 140 × 353.5 mm (1.58 × 5.51 ×13.92 in.)

1-24

+ 128 hidden pages