H3C SecPath F5030-6GW, SecPath F5080, SecPath F5000-M, SecPath F5000-A, SecPath F5030-D Installation Manual

...

Download

Page 1

H3C SecPath F5030/F5060/F5080/

F5030-D/F5060-D/F5080-D/F5000-M

New H3C Technologies Co., Ltd. http://www.h3c.com

Document version: 6W102-20190624

F5030-6GW/F5000-A Firewalls

Installation Guide

Page 2

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Trademarks

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

Notice

The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.

Environmental protection

This product has been designed to comply with the environmental protection requirements. The storage, use, and disposal of this product must meet the applicable national laws and regulations.

Page 3

Preface

The installation guide describes preparing for installation, installing the firewall, logging in to the firewall, hardware replacement, hardware management and maintenance, and troubleshooting.

This preface includes the following topics about the documentation:

• Audience

• Conventions

• Documentation feedback

Audience

This documentation is intended for:

• Network planners

• Field technical support and servicing engineers

• Network administrators working with the firewall

Conventions

The following information describes the conventions used in the documentation.

Command conventions

Convention Description

Boldface Bold

Italic [ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line that starts with a pound (#) sign is comments.

text represents commands and keywords that you enter literally as shown.

Italic text represents arguments that you replace with actual values.

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.

The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

GUI conventions

Convention Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For

New User

window appears; click OK.

File

Create

example, the Multi-level menus are separated by angle brackets. For example,

Folder

Page 4

Symbols

Convention Description

WARNING!

An alert that calls attention to important information that if not understood or followed can result in personal injury.

CAUTION:

IMPORTANT:

NOTE:

TIP:

Network topology icons

Convention Description

An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.

An alert that calls attention to essential information. An alert that contains additional or supplementary information.

An alert that provides helpful information.

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access controller engine on a unified wired-WLAN switch.

Represents an access point.



Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals. Represents a security product, such as a firewall, UTM, multiservice security gateway,

or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model, configuration, or software version. It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device.

Page 5

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

Page 6

Contents

Preparing for installation ···································································· 1

Safety recommendations ············································································································· 1

Safety symbols ··················································································································· 1 General safety recommendations ··························································································· 1 Electrical safety ··················································································································· 2 Laser safety ······················································································································· 2 Handling safety ··················································································································· 2

Examining the installation site ······································································································· 3

Weight support ··················································································································· 3 Temperature and humidity ····································································································· 3 Cleanliness ························································································································ 3 Cooling system ··················································································································· 4 ESD prevention ··················································································································· 4 EMI ·································································································································· 5 Lightning protection ············································································································· 6

Power supply ······················································································································ 6 Installation tools ························································································································· 6 Installation accessories ··············································································································· 6 Pre-installation checklist ·············································································································· 7

Installing the firewall ········································································· 9

Installing the firewall in a standard 19-inch rack ·············································································· 10 Grounding the firewall ··············································································································· 12 Installing a power module ·········································································································· 13 Installing a fan tray ··················································································································· 14 Installing FRUs ························································································································ 15

(Optional) Installing an MPU or an interface module ·································································· 15

(Optional) Installing and removing a hard disk ········································································· 16

(Optional) Installing a lightning arrester for a network port ·························································· 17

(Optional) Installing a lightning arrester for an AC power module ················································· 17 Connecting Ethernet cables ······································································································· 18

Connecting a copper Ethernet port ························································································ 18

Connecting a fiber port ······································································································· 18 Connecting the power cord ········································································································ 20

Connecting an AC power cord ······························································································ 20

Connecting a DC power cord ······························································································· 20 Verifying the installation ············································································································· 21

Accessing the firewall for the first time ················································ 22

Setting up the configuration environment ······················································································ 22 Powering on the firewall ············································································································ 22

Checking before power-on ·································································································· 22

Powering on the firewall ······································································································ 22

Checking after power-on ····································································································· 22 Logging in to the firewall ············································································································ 24

Logging in from the console port ··························································································· 24

Logging in from the Web interface ························································································· 25

Logging in through Telnet ···································································································· 25

Hardware replacement ···································································· 26

Replacing a fan tray·················································································································· 26 Replacing a power module ········································································································· 26 Replacing an MPU or an interface module ····················································································· 27 Replacing a transceiver module ·································································································· 28

Hardware management and maintenance ··········································· 30

Displaying detailed information about the firewall ············································································ 30

Page 7

Displaying the software and hardware version information for the firewall ············································· 30 Displaying the electrical label information for the firewall ··································································· 31 Displaying the CPU usage of the firewall ······················································································· 31 Displaying the memory usage of the firewall ·················································································· 32 Displaying the operational status of power modules········································································· 33 Displaying the temperature information of the firewall ······································································ 33 Displaying the operational statistics of the firewall ··········································································· 34 Displaying transceiver module information ····················································································· 35 Rebooting the firewall ··············································································································· 35

Troubleshooting ············································································· 36

Power module failure ················································································································ 36 Configuration terminal display problem ························································································· 36 Password loss ························································································································· 37 Cooling system failure ··············································································································· 37 Software loading failure ············································································································· 37

Appendix A Chassis and FRU views and technical specifications ············· 38

Chassis and FRU views ············································································································ 38

F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A front view ··················································· 38

F5030-D/F5060-D/F5080-D front view ··················································································· 38

Rear view ························································································································ 39

MPU views ······················································································································· 39

Interface module views ······································································································· 40

Power module views ·········································································································· 42 Technical specifications ············································································································· 43

Dimensions and weights ····································································································· 43

Memory and storage media ································································································· 43

Power consumption ··········································································································· 44

Power module specifications ································································································ 44

Port specifications ············································································································· 45

Appendix B LEDs ··········································································· 50

Front panel and rear panel LEDs ································································································· 50 MPU LEDs ····························································································································· 50 Interface module LEDs ·············································································································· 51

Appendix C Cables ········································································· 52

Console cable ························································································································· 52 Ethernet twisted pair cable ········································································································· 52

Introduction ······················································································································ 52

Making an Ethernet twisted pair cable ···················································································· 55 Optical fiber ···························································································································· 56

Page 8

Preparing for installation

Safety recommendations

To avoid any equipment damage or bodily injury, read the following safety recommendations before installation. Note that the recommendations do not cover every possible hazardous condition.

Safety symbols

When reading this document, note the following symbols:

WARNING means an alert that calls attention to important information that if not understood or

followed can result in personal injury.

CAUTION means an alert that calls attention to important information that if not understood or

followed can result in data loss, data corruption, or damage to hardware or software.

General safety recommendations

• Do not place the firewall on an unstable case or desk. The firewall might be severely damaged

in case of a fall.

• Make sure the ground is dry and flat and anti-slip measures are in place.

• Keep the chassis and installation tools away from walk areas.

• Keep the chassis clean and dust-free.

• Do not place the firewall near water or in a damp environment. Prevent water or moisture from

entering the firewall chassis.

• Ensure good ventilation of the equipment room and keep the air inlet and outlet vents of the

firewall free of obstruction.

• Make sure the operating voltage is in the required range.

• Use a screwdriver, rather than your fingers, to fasten screws.

• Stack devices according to the sizes of and packing symbols on the packages.

Table 1 Packing symbols

Symbol Description

Stored with a maximum stack of n units.

Transported and stored with the arrows up.

Transported and stored with care.

Page 9

Symbol Description

Electrical safety

• Carefully examine your work area for possible hazards such as moist floors, ungrounded power

extension cables, and missing safety grounds.

• Locate the emergency power-off switch in the room before installation. Shut the power off at

once in case accident occurs.

• Do not work alone when the firewall has power.

• Always verify that the power has been disconnected.

Laser safety

WARNING!

Disconnected optical fibers or transceiver modules might emit invisible laser light. Do not stare into beams or view directly with optical instruments when the switch is operating.

The firewall is a Class 1 laser device.

• Before you disconnect the fiber connector, execute the

to disable the optical source.

• Install dust caps to disconnected optical fiber connectors and ports on disconnected transceiver

modules to avoid damage caused by built-up dust.

• Insert a dust plug into empty fiber ports.

Transported and stored avoiding humidity, rains and wet floor.

shutdown command in interface view

Handling safety

When you move the firewall, follow these guidelines:

• Move and unpack the firewall carefully to avoid firewall damage.

• Unpack the firewall at least half an hour and power on the firewall at least two hours after you

move it from a place below 0°C (32°F) to the equipment room. This prevents condensation and even damage to the firewall.

• Use a safety hand truck when you move multiple firewalls.

• Before you move the firewall, remove all cables and mounting brackets.

• For long-distance transportation, remove all the field-replaceable units (FRUs), such as power

modules and interface modules, and package them separately, and install the filler panels supplied with the firewall. For short-distance transportation, make sure all the FRUs are securely seated in the slots and the screws are fastened.

• When you move or lift the firewall chassis, support the bottom of the chassis, rather than

holding any FRU.

• Make sure the accessories of the firewall are not lost or damaged during firewall moving.

Page 10

Examining the installation site

The firewall can only be used indoors. To make sure the firewall operates correctly and to prolong its service lifetime, the installation site must meet the following requirements.

Weight support

Make sure the floor can support the total weight of the rack, chassis, modules, and all other components. For more information, see "Dimensions and weights."

Temperature and humidity

Maintain appropriate temperature and humidity in the equipment room.

• Lasting high relative humidity can cause poor insulation, electricity leakage, mechanical

property change of materials, and metal corrosion.

• Lasting low relative humidity can cause washer contraction and ESD and bring problems

including loose captive screws and circuit failure.

• High temperature can accelerate the aging of insulation materials and significantly lower the

reliability and lifespan of the firewall.

For the temperature and humidity requirements of the firewall, see Table 2.

Table 2

Temperature/humidity requirements

Temperature Relative humidity

• Operating:

{ Without hard disks: 0°C to 45°C

(32°F to 113°F)

{ With hard disks: 5°C to 40°C

(41°F to 104°F)

• Storage: –40°C to +70°C (–40°F to +158°F)

Cleanliness

Dust buildup on the chassis might result in electrostatic adsorption, which causes poor contact of metal components and contact points, especially when indoor relative humidity is low. In the worst case, electrostatic adsorption can cause communication failure.

Table 3 Dust concentration limit in the equipment room

Substance Concentration limit (particles/m

Dust particles

• Operating:

{ Without hard disks: 5% RH to 95% RH, noncondensing { With hard disks: 10% RH to 80% RH, noncondensing

• Storage:

{ Without hard disks: 5% RH to 95% RH, noncondensing { With hard disks: 5% RH to 90% RH, noncondensing

≤ 3 × 104

(No visible dust on desk in three days)

)

NOTE:

Dust particle diameter ≥ 5 µm

The equipment room must also meet strict limits on salts, acids, and sulfides to eliminate corrosion and premature aging of components, as shown in Tab l e 4 .

Page 11

Table 4 Harmful gas limits in an equipment room

Gas Max. (mg/m

SO2 0.2

H2S 0.006

NO2 0.04

Cooling system

For heat dissipation, make sure the following requirements are met:

• A minimum clearance of 100 mm (3.94 in) is reserved around the inlet and outlet air vents.

• The installation site has a good cooling system.

The firewall adopts either of the following airflow for heat dissipation by installing different fan trays:

• Rear-to-front airflow—The FAN-20F-2-A fan tray blows air from the power module side to the

port side as shown in Figure 1. The fan tray has a bl

• Front-to-rear airflow—The FAN-20B-2-A fan tray draws air from the port side to the power

module side as shown in Figure 2.

Figure 1 Rear to front airflow provided by the FAN-20F-2-A fan tray

)

0.05

0.01

ue fan tray handle.

The fan tray has a red fan tray handle.

Figure 2 Front-to-rear airflow provided by the FAN-20B-2-A fan tray

ESD prevention

To prevent electrostatic discharge (ESD), note the following guidelines:

• Make sure the firewall and the rack are reliably grounded.

Page 12

• Take dust-proof measures for the equipment room. For more information, see "Cleanliness."

• Maintain the humidity and temperature at an acceptable level. For more information, see

"Temperature and humidity."

• Put the remo

ved interface modules away on an ESD workbench, with the PCB upward, or put

them in ESD bags for future use.

• Always wear ESD clothing, ESD gloves, and an ESD wrist strap when you install or remove a

transceiver module.

No ESD wrist strap is provided with the firewall. Purchase one yourself.

Before you attach an ESD wrist strap, make sure the rack is reliably grounded.

To attach the ESD wrist strap:

1. Wear the wrist strap on your wrist.

2. Lock the wrist strap tight around your wrist to keep good contact with the skin.

3. Secure the wrist strap lock and the alligator clip lock together.

4. Attach the alligator clip to the rack. Figure 3 Attaching an ESD wrist strap

EMI

(1) ESD wrist strap (2) Lock

(3) Alligator clip

All electromagnetic interference (EMI) sources, from outside or inside of the firewall and application system, adversely affect the firewall in the following ways:

• A conduction pattern of capacitance coupling.

• Inductance coupling.

• Electromagnetic wave radiation.

• Common impedance (including the grounding system) coupling.

To prevent EMI, use the following guidelines:

• If AC power is used, use a single-phase three-wire power receptacle with protection earth (PE)

to filter interference from the power grid.

• Keep the firewall far away from radio transmitting stations, radar stations, and high-frequency

devices.

Page 13

• Use electromagnetic shielding, for example, shielded interface cables, when necessary.

• To prevent signal ports from getting damaged by overvoltage or overcurrent caused by lightning

strikes, route interface cables only indoors. If part of the network cable of an Ethernet port must be routed outdoors, connect a lightning arrester to the cable before you plug the cable into the port.

Lightning protection

To protect the firewall from lightning better, do as follows:

• Make sure the grounding cable of the chassis is reliably grounded.

• Make sure the grounding terminal of the AC power receptacle is reliably grounded.

• Install a lightning arrester at the input end of the power module to enhance the lightning

protection capability of the power module.

Power supply

Verify that the power system at the installation site meets the requirements of the power modules, including the input method and rated input voltage. For more information, see "Appendix A Chassis views and technical specifications."

Installation tools

No installation tools are provided with the firewall. Prepare installation tools yourself as required.

Table 5 Installation tools

Flathead screwdriver Phillips screwdriver Needle-nose pliers Marker

Diagonal pliers ESD wrist strap Wire-stripping pliers Crimping tool

Installation accessories

Table 6 Installation accessories

M6 rack screw

(user supplied)

M4 mounting bracket screw Cage nut Grounding cable

Page 14

Cable tie

(user supplied)

Slide rails and chassis rails

Pre-installation checklist

Table 7 Checklist before installation

Item Requirements

• There is a minimum clearance of 100 mm (3.94 in) around the inlet and outlet air vents for heat dissipation of the firewall chassis.

• A ventilation system is available at the installation site.

• Operating:

{ Without hard disks: 0°C to 45°C (32°F to 113°F) { With hard disks: 5°C to 40°C (41°F to 104°F)

• Storage: –40°C to +70°C (–40°F to +158°F)

• Operating:

{ Without hard disks: 5% RH to 95% RH, noncondensing { With hard disks: 10% RH to 80% RH, noncondensing

• Storage:

{ Without hard disks: 5% RH to 95% RH, noncondensing { With hard disks: 5% RH to 90% RH, noncondensing

• Dust concentration ≤ 3 × 104 particles/m3

• No dust on desk within three days

• The firewall and the rack are reliably grounded.

• The equipment room is dust-proof.

• The humidity and temperature are at an acceptable level.

• Always wear ESD clothing, ESD gloves, and an ESD wrist strap

and when you install and remove a transceiver module.

• Put the removed interface modules on an ESD workbench, with the PCB upward, or put them in ESD bags for future use.

• Take effective measures to protect the power system from the power grid system.

• Separate the protection ground of the firewall from the grounding device or lightning protection grounding device as far as possible.

• Keep the firewall far away from radio stations, radar and high-frequency devices working in high current.

• Use electromagnetic shielding when necessary.

• The grounding cable of the chassis is reliably grounded.

• The grounding terminal of the AC power receptacle is reliably

grounded.

• (Optional) A power lightning arrester is installed.

Installation site

Ventilation

Temperature

Relative humidity

Cleanness

ESD prevention

EMI prevention

Lightning protection

Mounting brackets with cable management brackets

Power supply

Verify that the power system at the installation site meets the requirements of the power modules, including the input method and rated input voltage.

Page 15

Item Requirements

Tools and accessories

Reference

• Installation accessories supplied with the firewall

• User supplied tools

• Documents shipped with the firewall

• Online documents

Page 16

Installing the firewall

WARNING!

Keep the tamper-proof seal on a mounting screw on the chassis cover intact, and if you want to open the chassis, contact the local agent of H3C for permission. Otherwise, H3C shall not be liable for any consequence caused thereby.

The installation method is similar for the firewalls. This section uses the F5080 as an example.

Figure 4 Firewall installation flow

Page 17

Installing the firewall in a standard 19-inch rack

WARNING!

To avoid bodily injury and device damage, at least two persons are required to install the firewall.

CAUTION:

• Ensure a clearance of 1 RU (44.45 mm, or 1.75 in) between the firewall and walls or other devices for heat dissipation.

• The mounting brackets and chassis rails are required to support the weight of the chassis.

To mount the firewall in a rack, make sure the rack meets the requirements described in Table 8.

Table 8 Firewall dimensions and rack requirements

Firewall dimensions Rack requirements

• Height—88.1 mm (3.47 in)

• Width—440 mm (17.32 in)

• Total de pth—775.5 mm (30.53 in)

{ 660 mm (25.98 in) for the chassis { 90 mm (3.54 in) for the cable

management bracket at the chassis front

{ 25.5 mm (1.00 in) for the power module

handle at the chassis rear

To install the firewall in a 19-inch rack:

1. Make sure the rack is sturdy and reliably grounded.

2. Wear an ESD wrist strap and unpack the firewall and accessories.

3. Use a mounting bracket and a slide rail to mark the cage nut installation positions on the front

and rear rack posts, respectively. Four cage nuts are required on each front rack post and two are required on each rear rack post.

4. Install cages nuts at the marked positions.

5. Use M6 screws to attach two slide rails to the rear rack posts.

• A minimum of 1 m (3.28 ft) in depth (recommended).

• A minimum of 100 mm (3.94 in) between the front rack posts and the front door.

• A minimum of 760 mm (29.92 in) between the front rack posts to the rear door.

• 518 mm (20.39 in) to 858 mm (33.78 in) from the front rack posts to the rear rack posts.

Page 18

Figure 5 Installing cage nuts and slide rails

6. Use the provided M4 screws to attach the mounting brackets and chassis rails to both sides of

the firewall.

The firewall provides multiple installation positions for chassis rails. Install chassis rails to the appropriate positions and make sure the front ends of the slide rails can reach out of the chassis rails after the firewall is installed in the rack.

Figure 6 Attaching the mounting brackets and chassis rails to the firewall

7. One person supports the bottom of the firewall, align the chassis rails with the slide rails, and

slide the slide rails into the chassis rails until the mounting brackets are flush with the front rack posts.

8. Fasten the M6 rack screws with a Phillips screwdriver to secure the mounting brackets to the

front rack posts.

Page 19

Figure 7 Mounting the firewall to the rack

Grounding the firewall

WARNING!

• Correctly connecting the firewall grounding cable is crucial to lightning protection and EMI protection.

• Do not connect the firewall grounding cable to a fire main or lightning rod.

The firewall provides a primary grounding point at the rear panel and an auxiliary grounding point at the left side. The primary grounding point has a grounding sign and a grounding screw. To use the auxiliary grounding point, attach the grounding cable to the grounding point before you install the device in a rack.

The procedure is the same for connecting a grounding cable to the primary grounding point and the auxiliary grounding point. This section uses the primary grounding point as an example.

To connect the grounding cable:

1. Remove the grounding screw from the primary grounding point at the device rear.

2. Attach the grounding screw to the ring terminal of the grounding cable.

3. Use a screwdriver to fasten the grounding screw into the grounding hole.

4. Connect the other end of the grounding cable to the grounding strip on the rack.

Page 20

Figure 8 Grounding the firewall at the primary grounding point

Installing a power module

CAUTION:

• Make sure the power module is powered off and the device is correctly grounded before installation.

• Install a filler panel over an empty power module slot to prevent dust and ensure good ventilation in the chassis.

• Do not install both AC and DC power modules on the same device.

To install a power module:

1. To install the power module to slot PWR1, remove the filler panel from the slot. To install the

power module to slot PWR2, skip this step.

Figure 9 Removing the filler panel

2. Install the power module in a correct direction (with the power receptacle at right): a. Grasp the handle of the module with one hand and support the module bottom with the

other.

b. Push the power module along the guide rails into the slot until it has firm contact with the

slot.

Page 21

Figure 10 Installing an AC power module

Installing a fan tray

CAUTION:

• Before installation, make sure the airflow direction provided by the fan tray meets the requirements for installation ventilation.

• The device comes with both fan tray slots empty. To ensure good ventilation, you must install two fan trays of the same model before powering on the device.

• If both fan trays fail during operation, replace the failed fan trays one by one within 1 minute.

• If a fan tray fails during operation, replace the fan tray as soon as possible and keep the failed fan

tray in place before replacing it.

• To prevent damage to the fan tray and the connectors on the backplane, insert the fan tray gently. If you encounter any resistance while inserting the fan tray, pull out the fan tray, re-orient it, and then insert it again.

The firewall supports FAN-20B-2-A and FAN-20F-2-A fan trays. The installation procedure for the FAN-20B-2-A and the FAN-20F-2-A is the same. This section uses the FAN-20B-2-A as an example.

To install a fan tray:

1. Wear an ESD wrist strap and make sure it makes good skin contact and is reliably grounded.

2. Orient the fan tray with the "TOP" mark on the top, grasp the fan tray handle with one hand, and

support its bottom with the other hand. Slide the fan tray along the guide rails into the slot until it has a firm contact with the backplane.

Page 22

Figure 11 Installing a fan tray

Installing FRUs

(Optional) Installing an MPU or an interface module

CAUTION:

• Only slots 0/0 and 1/0 on the F5030-D/F5060-D/F5080-D support the NSQM1MPULA MPU.

• If the F5030-D/F5060-D/F5080-D is installed with two MPUs, you can hot swap an MPU. If the

F5030-D/F5060-D/F5080-D is installed with only one MPU, you cannot hot swap the MPU.

• Interface modules are not hot swappable.

• To avoid module damage, do not touch the surface-mounted components on an interface module

directly with your hands.

• Install a filler panel over empty MPU and interface module slots to prevent dust and ensure good ventilation in the chassis.

The installation procedure is the same for MPUs and interface modules. This section uses interface module NSQM1GP8A as an example.

To install an interface module:

1. Wear an ESD wrist strap and make sure it makes good skin contact and is reliably grounded.

2. Remove the screws on the filler panel with a Phillips screwdriver and remove the filler panel.

Keep the filler panel for future use.

3. Open the ejector levers on the module and slide the module steadily into the slot along the

guide rails.

4. Close the ejector levers until they touch the panel tightly and the module seats into the

backplane.

5. Fasten the captive screws on the module with a Phillips screwdriver.

Page 23

Figure 12 Installing the NSQM1GP8A

(Optional) Installing and removing a hard disk

CAUTION:

• Hard disks are not hot swappable.

• Hold a hard disk by its sides. Do not touch hard disk components and do not squeeze, vibrate, o

strike the hard disk.

• Install a filler panel over empty hard disk slots to avoid damage caused by build-up dust.

The device does not come with any hard disks and cannot recognize hard disks from other vendors. Purchase hard disks from H3C as needed.

Installing a hard disk

1. Wear an ESD wrist strap and make sure it makes good skin contact and is reliably grounded.

2. Remove the filler panel over the hard disk slot.

3. Press the red button on the hard disk panel to release the locking lever.

4. Hold the locking lever, slide the hard disk into the slot along the guide rails, and then close the

locking lever.

Figure 13 Installing the hard disk

NOTE:

Before using the hard disk, execute the

fdisk and format commands from the CLI to partition

and format the hard disk.

Page 24

Removing a hard disk

CAUTION:

To avoid storage medium damage, execute the file systems before removing a hard disk.

To remove a hard disk:

1. Wear an ESD wrist strap and make sure it makes good skin contact and is reliably grounded.

2. Press the red button on the hard disk panel to release the locking lever.

3. Hold the locking lever and pull the hard disk out of the slot. Figure 14 Removing a hard disk

umount command from the CLI to unmount all the

(Optional) Installing a lightning arrester for a network port

IMPORTANT:

Read the instructions for the lightning arrester carefully before you install it.

No lightning arrester is provided with the firewall. Purchase one as needed.

If part of the network cable of an Ethernet port must be routed outdoors, connect a lightning arrester to the cable before you plug the cable into the port. If more than one Ethernet ports on the firewall are connected with network cables routed outdoors, connect a lightning arrester to each cable.

(Optional) Installing a lightning arrester for an AC power module

No lightning arrester is provided with the firewall. Purchase one as needed.

If part of the AC power cord is routed outdoors, install a lightning arrester to the power input end to protect the firewall from being damaged by lightning strikes. You can attach the lightning arrester for AC power modules to the rack or a wall of the equipment room.

For more information about how to install and maintain a lightning arrester for AC power modules, see the documents provided with the lightning arrester.

Page 25

Connecting Ethernet cables

Connecting a copper Ethernet port

You can use either a straight-through or a cross-over network cable to connect a copper Ethernet port. For more information about Ethernet twisted pair cables, see "Ethernet twisted pair cable."

To connect a copper Ethernet port:

1. Connect one end of the Ethernet cable to the copper Ethernet port of the firewall, and the other

end to the Ethernet port of the peer device.

2. Examine whether the LEDs of the Ethernet port are normal. For more information about LEDs,

see "Appendix B LEDs."

After conn examine network connectivity. For more information, see the related command reference.

Connecting a fiber port

WARNING!

Disconnected optical fibers or transceiver modules might emit invisible laser light. Do not stare into beams or view directly with optical instruments when the switch is operating.

ecting the firewall to the network, you can use the

ping

tracert

command to

CAUTION:

• Never bend or curve a fiber excessively. The bend radius of a fiber must be not less than 100 mm

(3.94 in).

• Keep the fiber end clean.

• Make sure the fiber connector matches the transceiver module.

• Before connecting a fiber, make sure the optical power at the receiving end does not exceed the

transceiver module's upper threshold of the optical receive power. If the optical power at the receiving end exceeds the threshold, the transceiver module might be damaged.

• Do not install a transceiver module connected with a fiber into a fiber port. To connect an optical

fiber, first install the transceiver module in the fiber port and then connect the fiber.

• Insert a dust plug into any open fiber port.

• Make sure the Tx and Rx ports on a transceiver module are connected to the Rx and Tx ports on

the peer end, respectively.

The firewall supports GE SFP transceiver modules, 10GE SFP+ transceiver modules, and 40GE QSFP+ transceiver modules. For the transceiver module specifications, see "GE fiber Ethernet port", "10 GE fiber Ethernet port" and "40 GE fiber Ethernet port."

No transceiver module is provided with the firewall. As a best practice, use H3C transceiver modules.

Figure 15 GE SFP transceiver module

Page 26

Figure 16 10GE SFP+ transceiver module

Figure 17 40GE QSFP+ transceiver module

To connect a fiber port:

1. Remove the dust plug from the fiber port.

2. Install a transceiver module. Pull the bail latch on the transceiver module upwards to catch the

knob on the top of the transceiver module. Take the transceiver module by its two sides and push the end without the bail latch gently into the port until it snaps into place.

3. Remove the dust cap from the optical fiber connector, and use dust free paper and absolute

alcohol to clean the end face of the fiber connector.

4. Identify the Rx and Tx ports on the transceiver module. Plug one end of the optical fiber into the

transceiver module in the firewall, and plug the other end into the transceiver module in the peer device.

Make sure the Rx port and the Tx port are connected to the Tx port and the Rx port on the peer device, respectively.

Figure 18 Installing and connecting an optical fiber

Page 27

Connecting the power cord

CAUTION:

Make sure the grounding cable of the firewall is correctly connected and the power source is powered off before connecting the power cord.

Connecting an AC power cord

1. Connect one end of the AC power cord to the AC-input power receptacle on the power module.

2. Use a removable cable tie to secure the AC power cord to the power module handle.

3. Connect the other end of the power cord to the AC power source. Figure 19 Connecting an AC power cord

Connecting a DC power cord

1. Correctly orient the DC power cord plug with the power receptacle on the power module, and

insert the plug into the receptacle.

2. Use a removable cable tie to secure the DC power cord to the power module handle.

3. Connect the other end of the power cord to the DC power source.

Page 28

Figure 20 Connecting a DC power cord

Verifying the installation

After installation, verify that:

• There is enough space for heat dissipation around the firewall, and the firewall is steady.

• All screws are fastened.

• The grounding cable and power cord are securely connected.

• The correct power source is used.

Page 29

Accessing the firewall for the first time

Setting up the configuration environment

To access the firewall for the first time, you can log in to the firewall from the console port or Web interface. To set up the configuration environment, see "Logging in from the console port" and "Logging in from the Web interface", re

Powering on the firewall

Checking before power-on

WARNING!

Locate the emergency power-off switch in the room before power-on so you can quickly shut powe off when an electrical accident occurs.

Before powering on the firewall, verify the following information:

• The power cord and grounding cable are correctly connected.

• The correct power source is used.

• The console cable is correctly connected, the terminal or PC used for configuration has started,

and the configuration parameters have been correctly set.

• The interface module (if any) is correctly installed.

spectively.

Powering on the firewall

Switch on the power source of the firewall.

Checking after power-on

After powering on the firewall, verify that:

• The LEDs on the front panel indicate that the device is operating correctly. For more information

about LEDs, see "Appendix B LEDs."

• The fan blad

• The configuration terminal displays the following:

System is starting... Press Ctrl+D to access BASIC-BOOTWARE MENU...

Press Ctrl+T to start heavy memory test....

Booting Normal Extended BootWare

The Extended BootWare is self-decompressing....Done.

**************************************************************************** * * * H3C SecPath BootWare, Version 1.03 * * * ****************************************************************************

es are rotating and air is exhausted from the air outlet vents.

Page 30

Compiled Date : Mar 28 2017 Memory Type : DDR3 SDRAM Memory Size : 32768MB Flash Size : 8MB sda0 Size : 3728MB CPLD Version : 1.0 PCB Version : Ver.B

BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Loading the main image files...

Loading file sda0:/Main-CMW710-SYSTEM-A9606P03.bin.......................

.........Done.

Loading file sda0:/Main-CMW710-BOOT-A9606P03.bin..........Done.

Image file sda0:/Main-CMW710-BOOT-A9606P03.bin is self-decompressing.....

Done. System image is starting... Cryptographic Algorithms Known-Answer Tests are running ... CPU 0 of slot 1: Starting Known-Answer tests in the user space. Known-answer test for SHA1 passed. Known-answer test for SHA224 passed. Known-answer test for SHA256 passed. Known-answer test for SHA384 passed. Known-answer test for SHA512 passed. Known-answer test for HMAC-SHA1 passed. Known-answer test for HMAC-SHA224 passed. Known-answer test for HMAC-SHA256 passed. Known-answer test for HMAC-SHA384 passed. Known-answer test for HMAC-SHA512 passed. Known-answer test for AES passed. Known-answer test for RSA(signature/verification) passed. Known-answer test for RSA(encrypt/decrypt) passed. Known-answer test for DSA(signature/verification) passed. Known-answer test for random number generator passed. Known-Answer tests in the user space passed. Starting Known-Answer tests in the kernel. Known-answer test for AES passed. Known-answer test for HMAC-SHA1 passed. Known-answer test for SHA1 passed. Known-answer test for GCM passed. Known-answer test for GMAC passed. Known-answer test for random number generator passed. Known-Answer tests in the kernel passed.

Page 31

Starting Known-Answer tests in the engine. Known-answer test for SHA1 passed. Known-answer test for HMAC-SHA1 passed. Known-answer test for AES passed. Known-answer test for RSA(signature/verification) passed. Known-answer test for RSA(encrypt/decrypt) passed. Known-answer test for DSA(signature/verification) passed. Known-answer test for random number generator passed. Known-Answer tests in the engine passed. Cryptographic Algorithms Known-Answer Tests passed. Line con0 is available.

Press ENTER to get started... …

Press ENTER to access user view of the firewall.

NOTE:

To access the EXTENDED-BOOTWARE menu, press Ctrl + B within four seconds at the prompt "Press Ctrl+B to access EXTENDED-BOOTWARE MENU." If you do not press Ctrl+B

at the prompt, the system starts to read and decompress program files. To enter the EXTENDED-BOOT menu afterwards, you need to reboot the device.

Logging in to the firewall

For more information about logging in to the device, see the configuration guides and command references for the device.

Logging in from the console port

You can use the console port to access the firewall for the first time. The default console port login information is as follows:

• Authentication method—scheme

• Username—admin

• Password—admin

To access the firewall from the console port:

1. Use a console cable to connect the console port on the firewall to a configuration terminal, for

example, a PC.

2. Run a terminal emulator program, TeraTermPro or PuTTY, on your configuration terminal.

For more information about the terminal emulator programs, see the user guides for these programs.

3. Configure the terminal settings as follows:

{ Bits per second—9,600. { Data bits—8. { Stop bits—1. { Parity—None. { Flow control—None.

Page 32

Logging in from the Web interface

IMPORTANT:

After accessing the Web interface with the default account, modify the password of the default account or create a new administrator account and delete the default account as a best practice.

At the first login from the Web interface, you can use the default account or use an account created from the CLI.

Table 9 provi

des the default Web interface login information.

Table 9 Default Web interface login information

Item Default configurations

Username admin

Password admin

Ethernet management interface

IP address of the Ethernet management interface 192.168.0.1/24

To log in to the firewall from the Web interface by using the default account:

1. Use an Ethernet cable to connect a PC to the Ethernet management interface on the firewall.

2. Configure an IP address in subnet 192.168.0.0/24 for the PC. Make sure the PC and the firewall

are reachable to reach other.

The PC must use a different IP address than the Ethernet management interface.

3. Start a browser, enter 192.168.0.1 in the address bar, and press Enter.

4. Enter the default username admin and password admin and then click Login..

Logging in through Telnet

• F5000-A, F5000-M, F5030, F5060, F5080, F5030-6GW—GE1/0/0

• F5030-D, F5060-D, F5080-D—MGE1/0/0/0

1. Log in to the firewall through the console port, and enable the Telnet function in system view by

using the

telnet server enable command.

2. Enter VTY user line view, and configure the authentication mode, user role, and common

properties.

By default, the authentication mode is scheme, the username is admin, and the password is

admin.

3. Specify an IP address for the network port of the PC. Make sure the PC and the firewall are

reachable to each other.

By default, the IP address of the Ethernet management interface on the firewall is

192.168.0.1/24.

4. Run the Telnet client on the PC and enter the login information.

Page 33

Hardware replacement

CAUTION:

Wear an ESD wrist strap or ESD gloves for hardware maintenance. They are not provided with the firewall. Prepare them yourself.

Replacing a fan tray

WARNING!

• To avoid bodily injury, do not touch an operating fan tray.

• Follow electrical safety instructions when you hot swap a fan tray.

CAUTION:

To prevent an unbalanced fan from causing loud noise, do not touch the fan blades and rotating axis even if they are not rotating.

To replace a fan tray:

1. Holding the fan tray handle with one hand and supporting the fan tray bottom with the other, pull

the fan tray out of the slot along the guide rails.

2. Put the removed fan tray into an antistatic bag.

3. Install a new fan tray. For the installation procedure, see "Installing a fan tray." Figure 21

Removing a fan tray

Replacing a power module

WARNING!

Before removing a power module, turn off the power source and remove the power cord.

To replace a power module:

1. Turn off the power source and then remove the power cord from the power module.

To remove a DC power cord, squeeze the upper and lower sides of the plug and then pull the plug out.

Page 34

Figure 22 Removing a DC power cord

2. Holding the handle on the power module with one hand, press the retaining latch on the power

module to the right with your thumb, and pull the power module part way out of the slot.

3. Supporting the power module bottom with the other hand, slowly pull the power module out of

the slot.

4. Put the removed power module into an antistatic bag.

5. Install a new power module. For the installation procedure, see "Installing a fan tray." Figure 23

Removing the DC power module

Replacing an MPU or an interface module

CAUTION:

• You can hot swap an MPU only when the F5030-D/F5060-D/F5080-D has two MPUs.

• Interface modules are not hot swappable.

The replacement procedure is the same for MPUs and interface modules. This section uses the interface module NSQM1GP8A as an example.

To replace an interface module:

1. Power off the firewall.

2. Use a Phillips screwdriver to loosen the captive screws on the module.

3. Holding the ejector levers of the module with both hands, pull the ejector levers outward, and

pull the module part way out of the slot along the guide rails.

4. Supporting the bottom of the module with one hand, use the other hand to gently pull the

module out of the slot.

5. Put the removed module on an antistatic workbench or into an antistatic bag with the circuit

board facing upward.

Page 35

6. Install a new module. For the installation procedure, see "(Optional) Installing an MPU or an

interface module."

Figure 24 Removing an NSQM1GP8A

(1) Loosen the captive screws (2) Pull the ejector levers outward (3) Pull the module out of the slot

Replacing a transceiver module

WARNING!

Disconnected optical fibers or transceiver modules might emit invisible laser light. Do not stare into beams or view directly with optical instruments when the switch is operating.

When you replace a transceiver module, make sure the two transceiver modules connected by the same optical fiber are the same type. Do not touch the golden finger of the transceiver module.

Figure 25 Transceiver module golden finger

To replace a transceiver module:

1. Use the

shutdown command in interface view at the CLI to shut down the optical source

before you remove the fiber connector.

2. Remove the LC connectors with the optical fiber from the transceiver module, and install dust

caps to the LC connectors.

3. Pivot the clasp of the transceiver module down to the horizontal position, and gently pull the

transceiver module out.

Page 36

Figure 26 Removing the transceiver module

4. Install dust caps to the removed transceiver module, and put it into the package.

5. Install a new transceiver module. For the installation procedure, see "Connecting a fiber port."

Page 37

Hardware management and maintenance

NOTE:

The output depends on your firewall model. For more information about the commands used in this chapter, see the corresponding configuration guides and command references.

Displaying detailed information about the firewall

Use the display device verbose command to display detailed information, including the running status and hardware version, about the firewall and its interface modules.

<Sysname> display device verbose Slot 1 SubSlot 0 info: Status : Normal Type : RPU PCB 1 Ver : VER.B Software Ver : 9606P03 CPU Ver : 1.0 CPLD_A : 1.0 CPLD_B : 1.0 CFCard Num : 0

Displaying the software and hardware version information for the firewall

Use the display version command to display software and hardware version information for the firewall.

<Sysname> display version H3C Comware Software, Version 7.1.064, Alpha 9606P03 Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved. H3C SecPath F5060 uptime is 0 weeks, 0 days, 0 hours, 31 minutes

Boot image: sda0:/Main-CMW710-BOOT-A9606P03.bin Boot image version: 7.1.064, Alpha 9606P03 Compiled Apr 27 2017 16:00:00 System image: sda0:/Main-CMW710-SYSTEM-A9606P03.bin System image version: 7.1.064, Alpha 9606P03 Compiled Apr 27 2017 16:00:00

SLOT 1 CPU type: Multi-core CPU DDR3 SDRAM Memory: 32752M bytes SD0: 3728M bytes NSQ1MPBHA PCB Version: Ver.B NSQ1MPBBHB PCB Version: Ver.A NSQ1MPHDBHA PCB Version: Ver.A

Page 38

NSQ1MPGC4BHA PCB Version: Ver.A NSQ1MPLEDBHA PCB Version: Ver.A CPLD_A Version: 1.0 CPLD_B Version: 1.0 Release Version:SecPath F5060-9606P03 Basic BootWare Version:1.03 Extend BootWare Version:1.03 [SUBCARD 0] NSQ1MPBHA(Hardware)Ver.B, (Driver)1.0, (Cpld)1.0

Displaying the electrical label information for the firewall

Use the display device manuinfo command to display the electrical label information for the firewall.

<Sysname> display device manuinfo Slot 1 CPU 0: DEVICE_NAME : SecPath F5060 DEVICE_SERIAL_NUMBER : 210235A1XYH175000008 MAC_ADDRESS : 1CAB-3497-D7DE MANUFACTURING_DATE : 2017-06-13 VENDOR_NAME : H3C Fan 0: The operation is not supported on the specified fan. Fan 1: The operation is not supported on the specified fan. Fan 2: The operation is not supported on the specified fan. Fan 3: The operation is not supported on the specified fan. Power 0: The operation is not supported on the specified power.

Table 10 Output description

Field Description

DEVICE_NAME Firewall name.

DEVICE_SERIAL_NUMBER Firewall serial number.

MAC_ADDRESS MAC address of the firewall.

MANUFACTURING_DATE Manufacturing date of the firewall.

VENDOR_NAME Vendor name.

Displaying the CPU usage of the firewall

Use the display cpu-usage command to display the CPU usage of the firewall.

<Sysname> display cpu-usage Slot 1 CPU 0 CPU usage:

Page 39

0% in last 5 seconds 0% in last 1 minute 0% in last 5 minutes

Table 11 Output description

Field Description

Slot 1 CPU 0 CPU usage CPU 0 usage information for the interface module in slot 1.

0% in last 5 seconds

0% in last 1 minute

0% in last 5 minutes

Average CPU usage in the last 5 seconds. (After the firewall boots, the firewall calculates and records the average CPU usage at intervals of 5 seconds.)

Average CPU usage in the last minute. (After the firewall boots, the firewall calculates and records the average CPU usage at intervals of 1 minute.)

Average CPU usage in the last 5 minutes. (After the firewall boots, the firewall calculates and records the average CPU usage at intervals of 5 minutes.)

Displaying the memory usage of the firewall

Use the display memory command to display the memory information of the firewall.

<Sysname> display memory Memory statistics are measured in KB: Slot 1: Total Used Free Shared Buffers Cached FreeRatio Mem: 32870736 4244812 28625924 0 2048 200756 87.1%

-/+ Buffers/Cache: 4042008 28828728

Swap: 0 0 0

Table 12 Output description

Field Description

Slot Slot number of the interface module.

Mem Memory usage information.

Total size of the physical memory space that can be allocated.

The memory space is virtually divided into two parts. Part 1 is used for

Total

Used Used physical memory.

Free Free physical memory.

Shared Physical memory shared by processes.

Buffers Physical memory used for buffers.

Cached Physical memory used for caches.

FreeRatio Free memory ratio.

-/+ Buffers/Cache

kernel codes, kernel management, and ISSU functions. Part 2 can be allocated and used for such tasks as running service modules and storing files. The size of part 2 equals the total size minus the size of part

-/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the physical memory used by applications.

-/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the physical memory available for applications.

Page 40

Field Description

Swap Swap memory.

Displaying the operational status of power modules

Use the display power command to display the operational status of power modules.

<Sysname> display power Slot 1 Power 0 Status: Normal Slot 1 Power 1 Status: Absent

Table 13 Output description

Field Description

Power Number of the power module.

Power module state:

Status

• Normal—The power module is operating correctly.

• Absent—The power module is not in position.

• Abnormal—The power module has failed.

Displaying the temperature information of the firewall

Use the display environment command to display the temperature information of the firewall.

<Sysname> display environment System Temperature information (degree centigrade):

--------------------------------------------------------------------------------

---------

Slot Sensor Temperature LowerLimit Warning-UpperLimit Alarm-UpperLimit S hutdown-UpperLimit 1 inflow 1 36 0 60 70 NA 1 inflow 2 34 0 60 70 NA 1 outflow 1 42 0 60 70 NA 1 hotspot 1 62 0 80 92 NA

Table 14 Output description

Field Description

Slot Slot number of the interface module.

Page 41

Field Description

Temperature sensor:

Sensor

Temperature Current temperature.

LowerLimit Low temperature alarm threshold.

Warning-UpperLimit Warning-level high temperature alarm threshold.

Alarm-UpperLimit Alarm-level high temperature alarm threshold.

• inflow—Air inlet vent temperature sensor.

• outflow—Air outlet vent temperature sensor.

• hotspot—Hotspot temperature sensor.

Shutdown-UpperLimit

Shutdown-level high temperature alarm threshold. The firewall automatically powers off when the temperature exceeds this threshold.

Displaying the operational statistics of the firewall

When you perform routine maintenance or the system fails, you might need to view the operational information of each functional module for locating failures. Typically you need to run commands one by one. To collect more information one time, you can execute the

diagnostic-information

command in any view to display or save the operational statistics of

multiple functional modules of the firewall.

• Save the operational statistics of each functional module of the firewall:

<Sysname> display diagnostic-information Save or display diagnostic information (Y=save, N=display)? [Y/N]:y Please input the file name(*.tar.gz)[sda0:/diag.gz]: Diagnostic information is outputting to sda0:/diag.gz. Please wait... Save successfully.

To view the diag.gz file:

a. Execute the

tar extract archive-file diag.tar.gz command in user view to

decompress the file.

b. Execute the c. Execute the

gunzip diag.gz command. more diag command.

d. Press Page Up and Page Do wn.

• Display the operational statistics for each functional module of the firewall:

<Sysname> display diagnostic-information Save or display diagnostic information (Y=save, N=display)? [Y/N]:n =============================================== ===============display clock=============== 17:22:11 UTC Mon 08/21/2017 ================================================= …

display display

Page 42

Displaying transceiver module information

Identifying transceiver modules

To identify transceiver modules, you can use the following command to view the key parameters of the transceiver modules. The key parameters include transceiver module type, connector type, central wavelength of the laser sent, transmission distance, and vendor name.

To display transceiver module information:

Task Command Remarks

Display key parameters of the transceiver module in a specific interface.

Troubleshooting transceiver modules

The system outputs alarm information for you to locate and troubleshoot faults of transceiver modules.

To display the alarming information or fault detection parameters of a transceiver module:

display transceiver interface

interface-type

[

interface-number

]

Available for all transceiver modules.

Task Command Remarks

Display the current alarm information of the transceiver module in a specific interface.

display transceiver alarm interface

interface-type

[

interface-number

Rebooting the firewall

CAUTION:

• If the main system software image file does not exist, do not use the the firewall. Specify the main system software image file first, and then reboot the firewall.

• The precision of the rebooting timer is 1 minute. 1 minute before the rebooting time, the firewall prompts "REBOOT IN ONE MINUTE" and reboots in one minute.

• If you are performing file operations when the firewall is to be rebooted, the system does not execute the reboot command for security.

To reboot a firewall, use one of the following methods:

• Use the

• Enable the scheduled reboot function at the CLI. You can set a time at which the firewall can

automatically reboot, or set a delay so that the firewall can automatically reboot within the delay.

• Power on the firewall after powering it off, which is also called hard reboot or cold start. As a

best practice, do not use this method because it might cause data loss and hardware damages.

reboot command to reboot the firewall immediately.

]

Available for all transceiver modules.

reboot command to reboot

To reboot the firewall immediately:

Task Command Remarks

Reboot the firewall immediately.

reboot

Available in user view.

Page 43

To enable the scheduled reboot function:

Task Command Remarks

Enable the scheduled reboot function and specify a specific reboot time and date

Enable the scheduled reboot function and specify a reboot waiting time

Troubleshooting

Power module failure

Symptom

The firewall cannot be powered on, and the power LED (PWR0/PWR1) on the front panel is off.

Solution

To solve the issue:

1. Power off the firewall.

2. Verify that the power supply is as required by the firewall.

3. Verify that the power cords of the firewall are firmly connected.

4. Verify that the power cords are not damaged.

5. If the issue persists, contact your local sales agent.

scheduler reboot at

scheduler reboot delay

• Use either approach.

• The scheduled reboot

function is disabled by default.

• Available in user view.

Configuration terminal display problem

Symptom

The configuration terminal displays nothing or garbled text when the firewall is powered on.

Solution

To solve the issue:

1. Verify that the power supply system is operating correctly.

2. Verify that the console cable is correctly connected.

3. Verify that the console cable is connected to the serial port that is configured for the

configuration terminal.

4. Verify that the configuration terminal parameters are configured as follows:

{ Baud rate—9600. { Data bits—8. { Parity—None. { Stop bits—1. { Flow control—None. { Terminal emulation—VT100.

5. Verify that the console cable is in good condition.

6. If the issue persists, contact your local sales agent.

Page 44

NOTE:

For information about serial port parameter setting, see "Logging in from the console port."

Password loss

For more information about dealing with the console port password loss, see the release notes for the firewall.

Cooling system failure

Symptom

The temperature of the firewall is higher than the normal operating temperature (45°C or 113°F).

Solution

To solve the issue:

1. Verify that the fans are operating correctly.

2. Verify that the operating environment of the firewall has good ventilation.

3. If the temperature of the firewall exceeds 60°C (140°F), the following alarm information appears

on the configuration terminal:

%Jun 27 11:34:39:949 2017 H3C DRVMSG/3/Temp2High:Temperature Point 0/0 Too High. %Jun 27 11:34:42:557 2017 H3C DEV/4/BOARD TEMP TOOHIGH: Board temperature is too high on Chassis 0 Slot 0, type is RPU.

4. Use the display environment command to examine whether the temperature of the

firewall keeps rising. If the temperature exceeds 90°C (194°F), power off the firewall immediately and contact your local sales agent.

5. If the issue persists, contact your local sales agent.

Software loading failure

Symptom

Software loading fails and the system runs the software of the previous version.

Solution

To solve the issue:

1. Verify that the physical ports are correctly connected.

2. Verify that no parameter is configured incorrectly during the loading process. You can examine

the software loading process displayed on the HyperTerminal for configuration errors. The following errors can lead to software loading failure.

{ When XMODEM is used to load software, a baud rate other than 9600 bps is selected, but

the baud rate for the HyperTerminal is not reset.

{ When TFTP is used to load software, an incorrect IP address, software name, or TFTP

serve path is configured.

{ When FTP is used to load software, an incorrect IP address, software name, username, or

password is entered.

3. If the issue persists, contact the local sales agent.

Page 45

Appendix A Chassis and FRU views and technical specifications

Chassis and FRU views

F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A front view

On the front panel, the F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A firewall provides eight interface module slots and two hard disk slots.

Figure 27 Front view of the F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A

(1) Interface module slots (slots 1 through 8) (2) Hard disk slot HD0

(3) Hard disk slot HD1 (4) LEDs

F5030-D/F5060-D/F5080-D front view

On the front panel, the F5030-D/F5060-D/F5080-D firewall provides two MPU slots, six interface module slots, and two hard disk slots.

Figure 28 Front view of the F5030-D/F5060-D/F5080-D

(1) Interface module slots (slots 2/1 through 2/6) (2) MPU slots (slots 0/0 and 1/0)

(3) Hard disk slot HD0 (4) Hard disk slot HD1

(5) LEDs

Page 46

Rear view

On the rear panel, the firewall provides four 10/100/1000Base-T auto-sensing copper Ethernet ports, four 1000Base-X fiber Ethernet ports, two USB ports, one console port, two fan tray slots, and two power module slots. The copper ports and fiber ports form four combo interfaces.

The rear view is similar for all the firewalls except that the rear panels of the F5000-D, F5030, F5060, and F5080 do not have management port marks. The following figure uses the F5080 as an example. The management port varies by device model:

• F5000-D—On the MPU.

• F5030/F5060/F5080/F5030-6GW/F5000-M/F5000-A—GE1/0/0.

• F5030-D/F5060-D/F5080-D—MGE1/0/0/0.

Figure 29 Rear view (F5080)

(1) 10/100/1000Base-T copper Ethernet port (combo interface)

(2) 1000Base-X fiber Ethernet port (combo interface)

(3) Console port (4) USB port

(5) Fan tray slot (FAN0) (6) Fan tray slot (FAN1)

(7) Power module slot (PWR0) (8) Grounding screw

(9) Power module slot (PWR1)

MPU views

The NSQM1MPULA MPU provides two USB ports, one console port, and one 100/1000Base-TX management Ethernet port. Only slots 0/0 and 1/0 on the F5030-D/F5060-D/F5080-D firewall support the NSQM1MPULA MPU.

Figure 30 Front view

1 2

(1) USB port (2) Console port (CONSOLE)

(3) Management Ethernet port (MANAGEMENT) (4) LEDs

(5) Captive screw (6) Ejector lever

Page 47

Interface module views

Table 15 displays the slots available for interface module installation.

Table 15 Interface module and device slot compatibility

Interface module

NSQM1TG8A

NSQM1QG2A

NSQM1G4XS4

NSQM1GT8A

NSQM1GP8A

NSQM1GT4PFCA

NSQM1TG8A

The NSQM1TG8A interface module provides eight 10GBASE-R fiber Ethernet ports.

Figure 31 NSQM1TG8A front view

F5030/F5060/F5080/F5 030-6GW

Slots 1 through 3 Slots 1 through 3 Slots 2/1 through 2/3

Slots 4 through 8 Slots 4 through 8 Slots 2/4 through 2/6

F5000-M/F5000-A

F5030-D/F5060-D/F50 80-D

(1) LED (2) 10GBASE-R fiber Ethernet ports

(3) Captive screw (4) Ejector lever

NSQM1QG2A

The NSQM1QG2A interface module provides two 40GBASE-R fiber Ethernet ports.

Figure 32 NSQM1QG2A front view

(1) LED (2) 40GBASE-R fiber Ethernet ports

(3) Captive screw (4) Ejector lever

NSQM1G4XS4

The NSQM1G4XS4 interface module provides four 10GBase-R fiber Ethernet ports (10G-SR/LR) and four 1000Base-X fiber Ethernet ports.

Page 48

Figure 33 NSQM1G4XS4 front view

(1) LED (2) 1000Base-X fiber Ethernet ports

(3) 10GBase-R fiber Ethernet ports (4) Captive screw

(5) Ejector lever

NSQM1GT8A

The NSQM1GT8A interface module provides eight 10/100/1000BASE-T copper ports.

Figure 34 NSQM1GT8A front view

(1) LED (2) 10/100/1000BASE-T copper Ethernet ports

(3) Captive screw (4) Ejector lever

NSQM1GP8A

The NSQM1GP8A interface module provides eight 1000BASE-X fiber Ethernet ports.

Figure 35 NSQM1GP8A front view

(1) LED (2) 1000BASE-X fiber Ethernet ports

(3) Captive screw (4) Ejector lever

NSQM1GT4PFCA

The NSQM1GT4PFCA interface module provides four 10/100/1000BASE-T copper Ethernet ports that support the bypass function.

Page 49

Figure 36 NSQM1GT4PFCA front view

(1) LED (2) 10/100/1000BASE-T copper Ethernet ports

(3) Captive screw (4) Ejector lever

Power module views

The firewall comes with power module slot PWR0 installed with a filler panel and power module slot PWR1 empty. You can install two power modules to achieve 1+1 power redundancy or install only one power module.

If two power modules are installed, you can hot swap a power module. If only one power module is installed, power off the firewall before you remove the power module.

AC power module

Figure 37 AC power module front view

(1) Retaining latch (2) Handle

(3) Power receptacle

Page 50

DC power module

Figure 38 DC power module front view

(1) Retaining latch (2) Handle

(3) Power receptacle

Technical specifications

Dimensions and weights

Table 16 Dimensions and weights

Model Dimensions (H × W × D) Weight

Chassis

MPU

NSQM1MPULA 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.6 kg (1.32 lb)

Interface module

NSQM1TG8A 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.55 kg (1.21 lb)

NSQM1QG2A 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.55 kg (1.21 lb)

NSQM1G4XS4 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.54 kg (1.19 lb)

NSQM1GT8A 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.55 kg (1.21 lb)

NSQM1GP8A 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.55 kg (1.21 lb)

NSQM1GT4PFCA 19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in) 0.6 kg (1.32 lb)

88.1 × 440 × 660 mm (3.47 × 17.32 × 25.98 in) (excluding rubber feet and mounting brackets)

Memory and storage media

20.1 kg (44.31 lb)

Table 17 Memory and storage media specifications

Item Specification

Flash

• 8 MB Nor Flash

• 4 GB EMMC Flash

Page 51

Item Specification

Memory

Power consumption

Table 18 Power consumption

Item Specification

Firewall

F5030/F5060/F5080/F5000-M 191 W

F5030-D/F5060-D/F5080-D 250 W

MPU

NSQM1MPULA 7.5 W

• F5030/F5030-D/F5000-M/F5030-6GW/F5000-A: 16 GB DDR3 SDRAM

• F5060/F5060-D: 32 GB DDR3 SDRAM

• F5080/F5080-D: 64 GB DDR3 SDRAM

Interface module

NSQM1TG8A 12.96 W

NSQM1QG2A 6.40 W

NSQM1G4XS4 6.46 W

NSQM1GT8A 3.03 W

NSQM1GP8A 8.15 W

NSQM1GT4PFCA 5.78 W

Power module specifications

Table 19 AC power module specifications

Item Specification

Model PSR650B-12A1

Rated input voltage range 100 VAC to 240 VAC @ 50 Hz or 60 Hz

Maximum input current 5 A to 10 A

Maximum power 650 W

Table 20 DC power module specifications

Item Specification

Model PSR650B-12D1

Rated input voltage range –40 VDC to –60 VDC

Maximum input current 12 A to 22 A

Maximum power 650 W

Page 52

Port specifications

Fixed ports and slots

Table 21 Fixed port and slot specifications

Item Description

Console ports 1

USB ports 2

Ethernet ports

MPU slots

Interface module slots

Hard disk slots 2

Console port

4 × combo interfaces that include the following:

• 4 × 10/100/1000BASE-T copper Ethernet ports

• 4 × 1000BASE-X fiber Ethernet ports

• F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A: 0

• F5030-D/F5060-D/F5080-D: 2

• F5030/F5060/F5080/F5000-M/F5030-6GW/F5000-A: 8

• F5030-D/F5060-D/F5080-D: 6

USB port

Table 22 Console port specifications

Item Specification

Connector RJ-45

Standard compliant RS-232

Baud rate 9600 bps (default) to 115200 bps

Cable type Common asynchronous serial port cable

Transmission distance ≤ 15 m (49.21 ft)

• Connection to an ASCII terminal

Services

• Connection to the serial port of a local PC to run the terminal emulation program

• CLI

NOTE:

For more information about transceiver modules, see H3C Transceiver Modules User Guide.

Table 23 USB port specifications

Item Specification

Mode Host mode

Type A type

Page 53

GE copper port

Table 24 GE copper port specifications

Item Specification

Connector RJ-45

Standard compliance 802.3, 802.3u, and 802.3ab

Interface type MDI/MDI-X autosensing

Cable type Category 5 or higher twisted pair cable

Transmission distance 100 m (328.08 ft)

Interface speed and duplex mode

NOTE:

The media dependent interface (MDI) standard is typically used on the Ethernet port of network adapters. The media dependent interface crossover (MDI-X) standard is typically used on hubs or LAN switches.

10 Mbps, half/full-duplex

100 Mbps, half/full-duplex

1000 Mbps, full-duplex

GE fiber port

Table 25 GE fiber port specifications

Item Specification

Connector type LC

Transceiver module type SFP

Standard compliance 1000Base-X

Interface speed 1000 Mbps

Duplex mode Full duplex

Table 26 1000Base-X SFP transceiver module specifications (1)

Transceiver module

SFP-GE-SX-MM850-A 850 MMF

Central wavelength (nm)

Fiber mode

Fiber diameter (µm)

50/125

62.5/125

Mode bandwidth (MHz*km)

500

400

200

160

SMF 9/125 N/A

SFP-GE-LX-SM1310-A 1310

MMF

SFP-GE-LH40-SM1310 1310 SMF 9/125 N/A

50/125 500/400

62.5/125 500

Page 54

Central

Transceiver module

wavelength

Fiber mode

(nm)

SFP-GE-LH40-SM1550 1550 SMF 9/125 N/A

SFP-GE-LH80-SM1550 1550 SMF 9/125 N/A

SFP-GE-LH100-SM1550 1550 SMF 9/125 N/A

Fiber diameter (µm)

Mode bandwidth (MHz*km)

Table 27 1000Base-X SFP transceiver module specifications (2)

Transceiver module

SFP-GE-SX-MM850-A

Transmission distance

550 m (1804.46 ft)

500 m (1640.42 ft)

275 m (902.23 ft)

220 m (721.78 ft)

10 km (6.21 miles)

Transmitted optical power (dBm)

–9.5 to 0 –17 to –3

Received optical power (dBm)

SFP-GE-LX-SM1310-A

SFP-GE-LH40-SM1310 40 km (24.85 miles) –5 to +5 –22 to –3

SFP-GE-LH40-SM1550 40 km (24.85 miles) –4 to +1 –21 to –3

SFP-GE-LH80-SM1550 80 km (49.71 miles) –4 to +5 –22 to –3

SFP-GE-LH100-SM1550 100 km (62.14 miles) 0 to +5 –30 to –9

10 GE fiber port

Table 28 10 GE fiber port specifications

Item Specification

Connector type LC

Transceiver module type SFP+

550 m (1804.46 ft)

–9.5 to –3 –20 to –3

Standard compliance 10GBASE-R

Interface speed LAN PHY: 10 Gbps

Page 55

Table 29 SFP+ transceiver module specifications (1)

Central

Transceiver module

wavelength (nm)

SFP-XG-SX-MM850-A 850 MMF

SFP-XG-LX220-MM1310 1310 MMF

SFP-XG-LX-SM1310 1310 SMF 9/125 N/A

SFP-XG-LH40-SM1550 1550 SMF 9/125 N/A

Fiber mode

Fiber diameter (µm)

50/125

62.5/125

50/125

62.5/125

Mode bandwidth (MHz*km)

2000

500

400

200

160

1500

500

400

200

160

Table 30 SFP+ transceiver module specifications (2)

Transceiver module

SFP-XG-SX-MM850-A

SFP-XG-LX220-MM131 0

SFP-XG-LX-SM1310 10 km (6.21 miles) 10.31 Gbps –8.2 to +0.5 –14.4 to +0.5

SFP-XG-LH40-SM1550

Transmission distance

300 m (984.25 ft)

82 m (269.03 ft)

66 m (216.54 ft)

33 m (108.27 ft)

26 m (85.30 ft)

8 m (26.25 ft)

220 m (721.78 ft)

100 m (328.08 ft)

220 m (721.78 ft)

40 km (24.85 miles)

Transmission speed

10.31 Gbps –7.3 to –1 –9.9 to +0.5

10.31 Gbps –6.5 to +0.5 –6.5 to +1.5

10.31 Gbps –4.7 to +4 –15.8 to –1

Transmitted optical power (dBm)

Received optical power (dBm)

Page 56

40 GE fiber port

Table 31 40 GE fiber port specifications

Item Specification

Connector type MPO

Transceiver module type QSFP+

Standard compliance 40GBASE-R

Interface speed LAN PHY: 40 Gbps

Table 32 QSFP+ transceiver module specifications (1)

Central

Transceiver module

wavelength

Fiber mode

(nm)

QSFP-40G-SR4-MM850 850 MMF 50/125

Four lanes:

• 1271

QSFP-40G-LR4-WDM1300

QSFP-40G-CSR4-MM850 850 MMF 50/125

• 1291

• 1311

• 1331

SMF 9/125 N/A

Fiber diameter (µm)

Table 33 QSFP+ transceiver module specifications (2)

Transmitted optical power (dBm)

Transceiver module

QSFP-40G-SR4-MM850

Transmission distance

100 m (328.08 ft)

150 m (492.13 ft)

Transmission speed

40 Gbps –7.6 to 0 –9.5 to +2.4

Mode bandwidth (MHz*km)

2000

4700

2000

4700

Received optical power (dBm)

QSFP-40G-LR4-WDM1300 10 km (6.21 miles) 40 Gbps –7 to +2.3 –13.7 to +2.3

QSFP-40G-CSR4-MM850

300 m (984.25 ft)

40 Gbps –7.6 to 0 –9.9 to +2.4

400 m (1312.34 ft)

Page 57

Appendix B LEDs

Front panel and rear panel LEDs

Table 34 Front panel and rear panel LED description

LED Mark Status Description

Flashing green (1 Hz) The firewall is operating correctly.

System status LED SYS

Fan status LED FAN0 and FAN1

Power module LEDs

Hard disk LEDs HD0 and HD1

Ethernet copper port LED (combo interface)

PWR0 and PWR1

10/100/1000BA SE-T

Flashing green (8 Hz)

Off

Steady green The fan tray is operating correctly.

Off The fan tray has failed.

Steady green

Off

Flashing green

Steady green

Off

Flashing green The port is receiving or sending data.

Steady green A link is present.

Off No link is present.

The system is starting or loading software.

The firewall is not powered on or has failed.

The power module is operating correctly.

The power module is not in position or has failed.

Data is being written in or read from the hard disk.

The hard disk has finished the initialization and is operating correctly.

The hard disk is not in position or has failed.

Ethernet fiber port LED (combo interface)

MPU LEDs

Table 35 MPU LED description

LED Mark Status Description

System LED SYS

1000BASE-X

Flashing green

Steady green A 1000 Mbps link is present.

Off No link is present.

Flashing green (0.5 Hz)

Flashing green (4 Hz)

Steady green The system has failed.

The port is receiving or sending data at 1000 Mbps.

The system is operating correctly.

The system is loading software.

Page 58

LED Mark Status Description

Off

The system is not powered on or has failed.

ACT LED ACT

Management port LED MANAGEMENT

Interface module LEDs

Table 36 Interface module LED description

LED Mark Status Description

Ready LED READY

Steady green The MPU is the active MPU.

Off The MPU is the standby MPU.

Flashing yellow

Steady yellow A low-speed link is present.

Flashing green

Steady green A high-speed link is present.

Off No link is present.

Flashing green (1 Hz)

Flashing green (8 Hz) The system is starting.

Off The system has failed.

The port is receiving or sending data at a low speed.

The port is receiving or sending data at a high speed.

The system is operating correctly.

Copper Ethernet port LED

Fiber Ethernet port LED

10/100/1000BASE-T

1000BASE-X

10GBASE-R

40GBASE-R

Flashing green

Steady green A link is present.

Off No link is present.

Flashing green

Steady green A 1000 Mbps link is present.

Off No link is present.

Flashing green

Steady green A 10 Gbps link is present.

Off No link is present.

Flashing green

Steady green A 40 Gbps link is present.

Off No link is present.

The port is receiving or sending data.

The port is receiving or sending data at 1000 Mbps.

The port is receiving or sending data at 10 Gbps.

The port is receiving or sending data at 40 Gbps.

Page 59

Appendix C Cables

Console cable

A console cable is an 8-core shielded cable with a crimped RJ-45 connector at one end and a DB-9 female connector at the other end. The RJ-45 connector is for connecting to the console port of the firewall, and the DB-9 female connector is for connecting to the serial port on the configuration terminal.

Figure 39 Console cable

Table 37 Console cable connection

RJ-45 Signal Direction DB-9

1 RTS ← 7

2 DTR ← 4

3 TXD ← 3

4 CD → 1

5 GND - 5

6 RXD → 2

7 DSR → 6

8 CTS → 8

Ethernet twisted pair cable

Introduction

An Ethernet twisted pair cable consists of four pairs of insulated copper wires twisted together. Every wire uses a different color, and has a diameter of about 1 mm (0.04 in). A pair of twisted copper cables can cancel the electromagnetic radiation of each other, and reduce interference of external sources. An Ethernet twisted pair cable mainly transmits analog signals and is advantageous in transmitting data over shorter distances. It is the commonly used transmission media of the Ethernet. The maximum transmission distance of the Ethernet twisted pair cable is 100 m (328.08 ft). To extend the transmission distance, you can connect two twisted pair cable segments with a repeater. At most four repeaters can be added, which means five segments can be joined together to provide a transmission distance of 500 m (1640.42 ft).

Ethernet twisted pair cables can be classified into category 3, category 4, category 5, category 5e, category 6, and category 7 cables based on performance. In LANs, category 5, category 5e, and category 6 are commonly used.

Page 60

Table 38 Description for commonly used Ethernet twisted pair cables

Type Description

Category 5 Suitable for data transmission at a maximum speed of 100 Mbps

Category 5e Suitable for data transmission at a maximum speed of 1000 Mbps

Category 6 Suitable for data transmission at a speed higher than 1 Gbps

Based on whether a metal shielding is used, Ethernet twisted pair cables can be classified into shielded twisted pair (STP) and unshielded twisted pair (UTP). An STP cable provides a metallic braid between the twisted pairs and the outer jacket. This metallic braid helps reduce radiation, prevent information from being listened, and eliminate external electromagnetic interference (EMI) of external sources. STPs have strict application requirements and are expensive although they provide better EMI prevention performance than UTPs, so in most LANs, UTPs are commonly used.

An Ethernet twisted pair cable connects network devices through the RJ-45 connectors at the two ends. Figure 40 sh

ows the pinouts of an RJ-45 connector.

Figure 40 RJ-45 connector pinout

PIN #8

PIN #1

NOTE:

The RJ-45 Ethernet ports of the firewall use category 5 or higher Ethernet twisted pair cables for connection.

EIA/TIA cabling specifications define two standards, 568A and 568B, for cable pinouts.

• Standard 568A—pin 1: white/green stripe, pin 2: green solid, pin 3: white/orange stripe, pin 4:

blue solid, pin 5: white/blue stripe, pin 6: orange solid, pin 7: white/brown stripe, pin 8: brown solid.

• Standard 568B—pin 1: white/orange stripe, pin 2: orange solid, pin 3: white/green stripe, pin 4:

blue solid, pin 5: white/blue stripe, pin 6: green solid, pin 7: white/brown stripe, pin 8: brown solid.

Ethernet twisted pair cables can be classified into straight-through and crossover cables based on their pinouts.

• Straight-through—The pinouts at both ends are T568B compliant, as shown in Figure 41.

• Cros

sover—The pinouts are T568B compliant at one end and T568A compliant at the other

end, as shown in Figure 42.

Page 61

Figure 41 Straight-through cable

Figure 42 Crossover cable

Select an Ethernet twisted pair cable according to the RJ-45 Ethernet port type on your device. An RJ-45 Ethernet port can be MDI (for routers and PCs) or MDIX (for switches). Table 39 an

d Table 40

show their pinouts.

Table 39 RJ-45 MDI port pinouts

10Base-T/100Base-TX 1000Base-T

Signal Function Signal Function

1 Tx+ Sends data BIDA+ Bi-directional data cable A+

Page 62

10Base-T/100Base-TX 1000Base-T Signal Function Signal Function

2 Tx- Sends data BIDA- Bi-directional data cable A-

3 Rx+ Receives data BIDB+ Bi-directional data cable B+

4 Reserved N/A BIDC+ Bi-directional data cable C+

5 Reserved N/A BIDC- Bi-directional data cable C-

6 Rx- Receives data BIDB- Bi-directional data cable B-

7 Reserved N/A BIDD+ Bi-directional data cable D+

8 Reserved N/A BIDD- Bi-directional data cable D-

Table 40 RJ-45 MDIX port pinouts

10Base-T/100Base-TX 1000Base-T

Signal Function Signal Function

1 Rx+ Receives data BIDB+ Bi-directional data cable B+

2 Rx- Receives data BIDB- Bi-directional data cable B-

3 Tx+ Sends data BIDA+ Bi-directional data cable A+

4 Reserved N/A BIDD+ Bi-directional data cable D+

5 Reserved N/A BIDD- Bi-directional data cable D-

6 Tx- Sends data BIDA- Bi-directional data cable A-

7 Reserved N/A BIDC+ Bi-directional data cable C+

8 Reserved N/A BIDC- Bi-directional data cable C-

To ensure normal communication, the pins for sending data on one port must correspond to the pins for receiving data on the peer port. When both ports on the two devices are MDI or MDIX, use a crossover Ethernet cable; when one port is MDI and the other is MDIX, use a straight-through Ethernet cable. To summarize, straight-through and crossover cables connect the following devices:

• Straight-through cables connect devices of different types—for example, router to PC and

router to switch.

• Crossover cables connect devices of the same type—for example, switch to switch, router to

router, and PC to PC.

If an RJ-45 Ethernet port is enabled with MDI/MDIX autosensing, it can automatically negotiate pin roles.

NOTE:

The RJ-45 Ethernet ports on the firewall support MDI/MDIX autosensing.

Making an Ethernet twisted pair cable

1. Cut the cable to a required length with the crimping tool.

2. Strip off an appropriate length of the cable sheath. The length is typically that of the RJ-45

connector.

3. Untwist the pairs so that they can lay flat, and arrange the colored wires based on the wiring

specifications.

Page 63

4. Cut the top of the wires even with one another and insert the wires into the RJ-45 connector.

Make sure the wires extend to the front of the RJ-45 connector and make good contact with the metal contacts in the RJ-45 connector and in the correct order.

5. Crimp the RJ-45 connector with the crimping tool until you hear a click.

6. Use a cable tester to verify the connectivity of the cable.

Optical fiber

Optical fibers feature low loss and long transmission distance.

Optical fibers can be classified into single mode fibers and multi-mode fibers. A single mode fiber (with yellow jacket) carries only a single ray of light; a multi-mode fiber (with orange jacket) carries multiple modes of lights.

Table 41 Characteristics of single mode and multi-mode optical fibers

Item Single mode fiber Multi-mode fiber

Core Small core (10 micrometers or less)

Larger core than single mode fiber (50 micrometers, 62.5 micrometers or greater)

Dispersion Less dispersion

Light source and transmission distance

Uses lasers as the light source often within campus backbones for distance of several thousand meters

Allows greater dispersion and therefore, signal loss exists.

Uses LEDs as the light source often within LANs or distances of a couple hundred meters within a campus network

Table 42 Allowed maximum tensile force and crush load

Period of force Tensile load (N) Crush load (N/mm)

Short period 150 500

Long term 80 100

Fiber connectors are indispensable passive components in an optical fiber communication system. They allow the removable connection between optical channels, which makes the optical system debugging and maintenance more convenient. There are multiple types of fiber connectors. Figure

ows an LC connector.

43 sh

Figure 43 Appearance of an LC connector

Follow these guidelines when you connect an optical fiber:

• Before connecting an optical fiber, make sure the connector and cable type match the interface

module.

• The fiber Ethernet port of the firewall supports only the LC connector.

• Fiber connectors are fitted with dust caps. Keep the dust caps secure when the fiber connectors

are in use. Install dust caps when the fiber connectors are not in use to avoid damage to their end face. Replace the dust cap if it is loose or polluted.

Page 64

• Before connecting an optical fiber, use dust free paper and absolute alcohol to clean the end

face of the two fiber connectors. You can brush the end faces only in one direction.

• Never bend or curve a fiber.

• If the fiber has to pass through a metallic board hole or bend along the acute side of mechanical

parts, the fiber must wear jackets or cushions.