H3C SecPath V1000-A Installation Manual

Download

Page 1

H3C SecPath V1000-A Security Gateway

Installation Manual

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Manual Version: T2-08044E-20070622-C-1.03

Page 2

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the content s, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

To obtain the latest information, please access: http://www. h3c.com

Technical Support

customer_service@h3c.com http://www. h3c.com

, TOP G, , IRF, NetPilot,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and

Page 3

About This Manual

I. Command conventions

5 Software Maintenance

6 Hardware Maintenance

7 Troubleshooting

8 Multifunctional Interface Modules

Discusses system software maintenance, including software upgrade and configuration file loading.

Introduces system hardware maintenance, including replacing DDR SDRAM.

Lists common system failures and specific locating methods.

Details appearance, panel and LEDs of the functional modules available on the SecPath 1000, as well as module installation and connection of interface cables.

Convention Description

Boldface

italic

[ ]

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line starting with the # sign is comments.

The keywords of a command line are in Boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are

optional. Alternative items are grouped in braces and separated by

vertical bars. One is selected. Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected. Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.

The argument(s) before the ampersand (&) sign can be entered 1 to n times.

Page 5

II. GUI conventions

Convention Description

< >

[ ]

Button names are inside angle brackets. For example, click <OK>.

Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.

Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

III. Symbols

Convention Description

Means reader be extremely careful. Improper operation

Warning

Caution

 Note Means a complementary description.

may cause bodily injury. Means reader be careful. Improper operation may cause

data loss or damage to equipment.

Environmental Protection

This product has been designed to comply with the requirements on environmental protection. For the proper storage, use and disposal of this product, national laws and regulations must be observed.

Page 6

Installation Manual H3C SecPath V1000-A Security Gateway Table of Contents

Table of Contents

Chapter 1 Product Overview........................................................................................................1-1

1.1 Brief Introduction................................................................................................................ 1-1

1.2 Hardware Features ............................................................................................................ 1-3

1.2.1 Appearance............................................................................................................. 1-3

1.2.2 System Description ................................................................................................. 1-3

1.2.3 LEDs........................................................................................................................ 1-4

1.2.4 Attributes of the Fixed Interfaces ............................................................................ 1-4

1.2.5 MIM ......................................................................................................................... 1-6

Chapter 2 Preparation for Installation.........................................................................................2-1

2.1 Site Requirements ............................................................................................................. 2-1

2.1.1 Temperature/Humidity............................................................................................. 2-1

2.1.2 Cleanness ............................................................................................................... 2-1

2.1.3 ESD Prevention....................................................................................................... 2-2

2.1.4 Electromagnetic Environment ................................................................................. 2-3

2.1.5 Lightning Protection ................................................................................................ 2-3

2.1.6 Mounting Rack ........................................................................................................ 2-3

2.2 Safety Precautions............................................................................................................. 2-3

2.3 Unpacking Check............................................................................................................... 2-4

2.4 Tools, Meters, and Devices ............................................................................................... 2-4

Chapter 3 Hardware Installation .................................................................................................. 3-1

3.1 Installation Procedures ...................................................................................................... 3-1

3.2 Mounting the Device .......................................................................................................... 3-2

3.2.1 Tabletop/Workbench-Mounting the Device............................................................. 3-2

3.2.2 Rack-Mounting the Device...................................................................................... 3-2

3.3 Installing an MIM................................................................................................................ 3-3

3.4 Connecting the Grounding Wire ........................................................................................ 3-3

3.5 Connecting to the Console Terminal ................................................................................. 3-4

3.6 Connecting an Ethernet Interface...................................................................................... 3-5

3.7 Connecting a PSU ............................................................................................................. 3-8

3.8 Verifying Installation........................................................................................................... 3-9

Chapter 4 Booting and Configuration......................................................................................... 4-1

4.1 Booting............................................................................................................................... 4-1

4.1.1 Setting up a Configuration Environment ................................................................. 4-1

4.1.2 Powering up the Security Gateway......................................................................... 4-4

4.1.3 Startup Process....................................................................................................... 4-4

4.2 Configuration Fundamentals.............................................................................................. 4-6

4.2.1 Basic Configuration Procedures.............................................................................. 4-6

Page 7

Installation Manual H3C SecPath V1000-A Security Gateway Table of Contents

4.2.2 Command Line Interface......................................................................................... 4-6

Chapter 5 Software Maintenance................................................................................................. 5-1

5.1 Software Maintenance ....................................................................................................... 5-1

5.1.1 Boot Menu ............................................................................................................... 5-1

5.1.2 Upgrading the Application and Boot ROM Programs Using XModem.................... 5-3

5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM ..................... 5-6

5.1.4 Upgrading an Application Program Using TFTP..................................................... 5-6

5.1.5 Uploading/Downloading a Program/File Using FTP ............................................... 5-8

5.1.6 Recovering/Replacing the Lost Password ............................................................ 5-12

Chapter 6 Hardware Maintenance................................................................................................6-1

6.1 Preparing Tools.................................................................................................................. 6-1

6.2 Opening the Chassis Cover............................................................................................... 6-1

6.3 Replacing a DDR SDRAM ................................................................................................. 6-2

6.3.1 Locating the DDR SDRAMs on the Mainboard....................................................... 6-4

6.3.2 Removing a DDR SDRAM ...................................................................................... 6-5

6.3.3 Installing a DDR SDRAM ........................................................................................ 6-6

6.4 Closing the Chassis Cover ................................................................................................ 6-6

6.5 Replacing an MIM.............................................................................................................. 6-7

Chapter 7 Troubleshooting .......................................................................................................... 7-1

7.1 Troubleshooting the Power System................................................................................... 7-1

7.2 Troubleshooting the Configuration System ....................................................................... 7-1

7.3 Troubleshooting the Software Upgrade............................................................................. 7-2

Chapter 8 Multifunctional Interface Modules ............................................................................. 8-1

8.1 Multifunctional Interface Module Options .......................................................................... 8-1

8.2 Installing and Removing an MIM ....................................................................................... 8-1

8.3 Troubleshooting an MIM .................................................................................................... 8-3

8.4 1FE/2FE Module................................................................................................................ 8-3

8.4.1 Introduction.............................................................................................................. 8-3

8.4.2 Appearance............................................................................................................. 8-3

8.4.3 Interface Attributes .................................................................................................. 8-4

8.4.4 Panel and Interface LEDs ....................................................................................... 8-5

8.4.5 Interface Connection Cable..................................................................................... 8-5

8.4.6 Connecting the Interface Cable............................................................................... 8-8

8.5 1GBE/2GBE Module.......................................................................................................... 8-8

8.5.1 Introduction.............................................................................................................. 8-8

8.5.2 Appearance............................................................................................................. 8-8

8.5.3 Interface Attributes .................................................................................................. 8-9

8.5.4 Panel and Interface LEDs ....................................................................................... 8-9

8.5.5 Interface Connection Cable................................................................................... 8-10

8.5.6 Connecting the Interface Cable............................................................................. 8-11

Page 8

Installation Manual H3C SecPath V1000-A Security Gateway List of Figures

List of Figures

Figure 1-1 Front panel of the SecPath V1000-A.................................................................... 1-3

Figure 3-1 Installation procedure ........................................................................................... 3-1

Figure 3-2 Installing the SecPath V1000-A in a rack ............................................................. 3-3

Figure 3-3 Grounding screw on the SecPath V1000-A.......................................................... 3-4

Figure 3-4 Console cable assembly....................................................................................... 3-5

Figure 3-5 Ethernet cable assembly ...................................................................................... 3-6

Figure 3-6 Power socket on the AC-powered security gateway ............................................ 3-8

Figure 4-1 Local configuration through the console port ....................................................... 4-1

Figure 4-2 Setting up a new connection ................................................................................ 4-2

Figure 4-3 Setting the connection port................................................................................... 4-2

Figure 4-4 Setting communications parameters .................................................................... 4-3

Figure 4-5 Settings tab........................................................................................................... 4-3

Figure 5-1 Send File dialog box ............................................................................................. 5-4

Figure 5-2 Sending File interface........................................................................................... 5-4

Figure 5-3 Setting up an environment for local uploading/downloading using FTP .............. 5-9

Figure 5-4 Setting up an environment for remote uploading/downloading using FTP ........5-10

Figure 6-1 Opening the chassis............................................................................................. 6-2

Figure 6-2 DDR SDRAM maintenance flow........................................................................... 6-3

Figure 6-3 The position of the DDR SDRAMs, Flash, and Boot ROM on the mainboard ..... 6-5

Figure 6-4 Removing a DDR SDRAM....................................................................................6-5

Figure 6-5 Closing the chassis cover..................................................................................... 6-7

Figure 8-1 Installing the MIM – step 1.................................................................................... 8-2

Figure 8-2 Installing a MIM – step 2....................................................................................... 8-2

Figure 8-3 1FE module ..........................................................................................................8-4

Figure 8-4 2FE module ..........................................................................................................8-4

Figure 8-5 1FE module panel ................................................................................................8-5

Figure 8-6 2FE module panel ................................................................................................8-5

Figure 8-7 Ethernet cable ...................................................................................................... 8-6

Figure 8-8 Category-5 twisted-pair cable...............................................................................8-6

Figure 8-9 1GBE module ....................................................................................................... 8-8

iii

Page 9

Installation Manual H3C SecPath V1000-A Security Gateway List of Figures

Figure 8-10 2GBE module .....................................................................................................8-9

Figure 8-11 1GBE module panel............................................................................................ 8-9

Figure 8-12 2GBE module panel ...........................................................................................8-9

Figure 8-13 Ethernet cable .................................................................................................. 8-10

Figure 8-14 Category-5 twisted-pair cable........................................................................... 8-11

Page 10

Installation Manual H3C SecPath V1000-A Security Gateway List of Tables

List of Tables

Table 1-1 System description of the SecPath V1000-A .........................................................1-3

Table 1-2 LEDs on the front panel of the SecPath V1000-A.................................................. 1-4

Table 1-3 Attributes of the console port.................................................................................. 1-4

Table 1-4 Attributes of the AUX port....................................................................................... 1-5

Table 1-5 Attributes of the GE electrical interfaces ................................................................ 1-5

Table 1-6 Attributes of the GE optical interfaces .................................................................... 1-6

Table 2-1 Temperature/Humidity requirements in the equipment room ................................. 2-1

Table 2-2 Limit to the content of dust in an equipment room .................................................2-2

Table 2-3 Limits on the contents of harmful gases in the equipment room............................ 2-2

Table 3-1 Dimensions of the SecPath V1000-A ..................................................................... 3-2

Table 6-1 Memory specifications ............................................................................................ 6-4

Table 8-1 Attributes of the 1FE and 2FE modules .................................................................8-4

Table 8-2 LED behavior.......................................................................................................... 8-5

Table 8-3 Straight-through cable pinout ................................................................................. 8-6

Table 8-4 Crossover cable pinout...........................................................................................8-7

Table 8-5 Interface attributes of the 1GBE/2GBE module ..................................................... 8-9

Table 8-6 LEDs on the 1GBE/2GBE module........................................................................ 8-10

Page 11

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

Chapter 1 Product Overview

1.1 Brief Introduction

H3C SecPath V1000-A Security Gateway (referred to as the security gateway

throughout the manual) is new-generation network security device intended for the use

on enterprise networks. It can act as the core security gateway for small-and

medium-sized enterprises or the convergence and network access gateway for large

enterprises.

H3C SecPath V1000-A Security Gateway (the SecPath V1000-A) provides:

z Two fixed 10/100/1000 Mbps auto-sensing Ethernet interfaces that can be optical

or electrical

z One multifunctional interface module (MIM) extended slot, which can hold

1FE/2FE/1GBE/2GBE

z Dual-power redundancy (AC+AC)

z Temperature sensing inside the chassis

z Network management

With the support to hot-swappable modules, power redundancy and temperature

monitor, the SecPath V1000-A can deliver carrier-level reliability.

The security gateway supports multiple Virtual Private Network (VPN) services, such

as Layer 2 Tunneling Protocol (L2TP) VPN, IP Security (IPsec) VPN, Generic Routing

Encapsulation (GRE) VPN, and Dynamic VPN. It can connect to remote users through

dial-up, leased line, VLAN or tunnel, thus building VPNs in the form of internet, intranet,

or access network. The security gateway brings together the technologies of firewall,

AAA, Network Address Translation (NAT), and Quality of Service (QoS) to provide a

safe and reliable private network over the insecure Internet.

The SecPath V1000-A has the following features:

I. IP VPN solution

Networks benefit enterprises in many ways; one of them is that a company

headquarters can release important information to its branch offices quickly and

conveniently. To interconnect the networks of a company over the Internet, however,

you need VPN technologies. The SecPath V1000-A provides abundant IP VPN

services; among them, L2TP and GRE provide layer 2 and layer 3 tunnels, and IPsec

provides tunnels encapsulated with a security protocol to have a securer network.

The SecPath V1000-A has powerful tunneling capabilities, supporting up to 10000

connections in parallel and with an encryption speed of 250 Mbps.

1-1

Page 12

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

II. Data security and reliability

The security gateway supports:

z NAT. Besides the basic functions, the NAT of the SecPath V1000-A can limit the

number of concurrent connections to a single user. This eliminates the malicious

resource seizures while common network applications are being provided. In

addition, its enhanced NAT ALG function provides NAT traversal for H.323, FTP,

ICMP, and so on.

z AAA and RADIUS user authentication protocols.

z Packet filter and Application Specific Packet Filter (ASPF) to prevent the attacks

from external networks.

z VPN (including GRE and L2TP) with the IPsec and IKE technologies to guarantee

the security of private networks over the Internet.

z Virtual Router Redundancy Protocol (VRRP) to provide backup in case of

communication line or equipment failures. This effectively enhances network

robustness and reliability.

z Deeper application recognition (DAR) to recognize and classify packets more

deeply, thus enhancing the control over data flows.

z Object oriented management, simplifying configuration management and

improving the usability.

III. Online software upgrade

You can upgrade the application and Boot ROM programs on line to add features and

extend functions.

IV. Network management

The security gateway supports the SNMPV3 network management and provides

powerful device management.

V. Regulatory compliance

Designed taking into considerations the national and international standards dominant

in China, North America, Europe, Australia, and Japan, the security gateway complies

with the requirements of these countries and regions in EMC, safety, and network

access.

1-2

Page 13

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

1.2 Hardware Features

1.2.1 Appearance

Figure 1-1 Front panel of the SecPath V1000-A

1.2.2 System Description

Table 1-1 System description of the SecPath V1000-A

Item Description

Slot 1 MIM slot

2 x 10/100/1000 Mbps Ethernet interfaces (applicable to

Fixed interface

Boot ROM 512 KB

DDR SDRAM

Flash

Dimensions (W X D X H)

Input power

Max power 57 W

Operating temperature

Operating humidity (non-condensing)

AC+AC

both optical and electrical modes)

1 auxiliary port (AUX)

1 console port (CON)

Default: 512 MB

Max: 1 GB

Default: 16 MB

Max: 32 MB

436 x 430 x 44 mm (17.2 x 16.9 x 1.7 in.), excluding the rubber feet

Rated voltage range: 100 VAC to 240 VAC, 50/60 Hz

Max voltage range: 90 VAC to 264 VAC, 50/60 Hz

Rated current: 1.0 A

0 to 40°C (32°F to 104°F)

10% to 90%

 Note:

Double Data Rate Synchronous Dynamic Random Access Memory (DDR DSRAM)

stores the communication data of the running system with the CPU.

1-3

Page 14

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

Flash is the major file storing medium where application files, traps, configuration files

are stored.

Boot Read Only Memory (Boot ROM) stores the bootstrap program files.

1.2.3 LEDs

The following table describes the LEDs on the front panel of the SecPath V1000-A and

describes how to read their status.

Table 1-2 LEDs on the front panel of the SecPath V1000-A

LED Description

Power Supply Unit (PSU) LED:

PWR0

PWR1

OFF means the PWR0 is not supplying power to the device; ON means the PWR0 is supplying power to the device.

PSU LED:

OFF means the PWR1 is not supplying power to the device; ON means the PWR1 is supplying power to the device.

System operating status LED:

SYS

ACT

LINK

ACTIVE

On means the system is operating normally; OFF means the system is operating abnormally.

MIM in-position status LED:

Blinking means the MIM is operating normally; OFF means the MIM is operating abnormally.

GE interface LED:

ON means a link is present; OFF means no link is present.

GE interface LED:

ON means data are being transmitted/received on the interface; OFF means no packets are being transmitted/received on the interface.

1.2.4 Attributes of the Fixed Interfaces

I. Console port (CON)

Table 1-3 Attributes of the console port

Attribute Description

Connector RJ45

Standard RS232

Baud rate 9600 (default) – 115200 bps

1-4

Page 15

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

Attribute Description

Connection to an ASCII terminal

Services

Connection to a serial port on a local PC to run terminal emulation program on the PC

Command Line Interface (CLI)

II. Auxiliary port (AUX)

Table 1-4 Attributes of the AUX port

Attribute Description

Connector RJ45

Standard RS232

Baud rate 1200 – 115200 bps

Services

Modem dial-up

Backup

III. Gigabit Ethernet (GE) Interface

On the main control board, the SecPath V1000-A provides two 10/100/1000 Mbps

Ethernet interfaces: Ethernet 0 (right) and Ethernet 1 (left), each providing an optical

interface and an electrical interface (one in use at a time). The electrical interface uses

the RJ45 connector and the optical interface uses the Small Form-Factor Pluggable

(SFP) module.

Five 1000Base-FX SFP optical transceiver options are available for the SecPath

V1000-A: multi-mode short-haul (850 nm), single mode medium-haul (1310 nm), single

mode long-haul (1310 nm), single mode long-haul (1550 nm), and single mode

ultra-long haul (1550 nm). They all provide LC interfaces and are hot swappable.

The following table shows the Ethernet interface attributes of the SecPath V1000-A:

Table 1-5 Attributes of the GE electrical interfaces

Attribute Description

Connector RJ45

Interface type MDI/MDIX auto-sensing

Frame format

Ethernet_II

Ethernet_SNAP

10/100/1000 Mbps auto-sensing

Operating mode

Full duplex/Half-duplex

(1000 Mbps and half-duplex cannot be used at the same time)

1-5

Page 16

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

Table 1-6 Attributes of the GE optical interfaces

Description

Multi-mo

Attribute

short-ha

medium-ha

ul (850

nm)

Connector SFP/LC

Optical fiber

Max transmission segment

Central wavelength

62.5/125 μm

multi-mod e fiber

0.55 km (0.34 mi)

850 nm 1310 nm 1310 nm 1550 nm 1550 nm

9/125μm

single-mod e fiber

10 km (6.21 mi)

Min. -9.5 dBm -9 dBm -2 dBm -4 dBm -4 dBm Transmi tter optical power

Receiver sensitivity

Max 0 dBm -3 dBm 5 dBm 1 dBm 2 dBm

-17 dBm -20 dBm -23 dBm -21 dBm -22 dBm

Single

mode

ul (1310

nm)

Single

mode

short-haul

(1310 nm)

9/125μm

single-mod e fiber

40 km (24.86 mi)

long-haul

(1550 nm)

9/125μm

single-mod e fiber

40 km (24.86 mi)

Single

mode

Single

mode

ultra-long

haul (1550

nm)

9/125μm

single-mod e fiber

70 km (43.5 mi)

1.2.5 MIM

Operating mode

Frame format

1000 Mbps

Full duplex

Ethernet_II

Ethernet_SNAP

 Note:

z When using optical transceivers, select those that have been approved by our

company.

z Before performing switchover between electrical/optical interfaces, you need to first

disable the rate and duplex mode configuration in the current mode (electrical or

optical), and then configure the interface after the switchover.

The SecPath V1000-A provides one extended MIM slot where one of the following

MIMs can be installed:

1-6

Page 17

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview

z 1-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE)

z 2-port 10Base-T/100Base-TX Fast Ethernet interface module (2FE)

z 1-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE)

z 2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (2GBE)

For more information on the MIMs, see “

Chapter 8 Multifunctional Interface Module”.

1-7

Page 18

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation

Chapter 2 Preparation for Installation

2.1 Site Requirements

The security gateway must be used indoors. To guarantee the normal operation and

long service life of your security gateway, install it in an environment that can meet the

requirements in the following subsections.

2.1.1 Temperature/Humidity

The equipment room must maintain adequate temperature and humidity. Long-lasting

high humidity is prone to cause bad insulation and even electricity creepage.

Sometimes the mechanical performance changes of materials, the rustiness and

corrosion of some metal parts are also likely to occur. If the relative humidity is too low,

the captive screws can become loose due to insulation washer contraction. Meanwhile,

the static is likely produced in the dry environments, jeopardizing the CMOS circuit of

the product. The higher the temperature is, the greater the damage to your device.

Long-lasting high temperature can speed up the aging of the insulation materials,

greatly lower the device reliability, and hence significantly shorten its service life.

The following table lists the temperature and humidity requirements.

Table 2-1 Temperature/Humidity requirements in the equipment room

0 – 40oC (32 – 104oF) 10 – 90% (non-condensing)

2.1.2 Cleanness

Dust is a hazard to the operating safety of your device. The dust accumulated on the

chassis can cause electrostatic adsorption, one of the sources that cause the poor

contact of connectors or metal contact points. This not only shortens the service life of

your device but also causes communications failures. When the indoor relative

humidity is low, electrostatic adsorption is more likely to happen.

The equipment room must be free of explosion hazards and the electrical and magnetic

conductible dust as well. The contents of the dust must be limited as shown in the

following table:

Temperature Relative humidity

2-1

Page 19

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation

Table 2-2 Limit to the content of dust in an equipment room

Substance Unit Content

≤ 3 X 104

Dust Particles/m³

(No visible dust on the table top for three days)

Note: diameter of a dust particle ≥ 5μm

Besides the dust, there are rigorous limits on the harmful gases that can accelerate the

erosion and aging of metals, such as salts, acids, and sulfides, as shown in the

following table.

Table 2-3 Limits on the contents of harmful gases in the equipment room

Gas Maximum (mg/m3)

SO2 0.2

H2S 0.006

NH3 0.05

Cl2 0.01

2.1.3 ESD Prevention

Although the security gateway is designed to be electrostatic discharge (ESD)

preventive, the card circuits and even the device can be badly damaged when

excessive static electricity is present.

On the communication network connected to your device, the static electricity mainly

comes from the outside electrical fields, such as outdoor high-voltage power cables

and lightning, and from the indoor environments, floor materials and the internal system

such as the equipment frame. To prevent damage, observe the following:

z Connect your device and the floor to the earth ground properly.

z Keep the equipment room as clean as possible.

z Maintain adequate temperature and humidity.

z Wear an ESD-preventive wrist strap and clothes when handling the circuit board.

z Place the removed circuit board upward on the ESD-preventive workbench, or into

a static shielding bag.

z Hold the circuit board by its edge when observing or moving it, avoiding direct

contact with the elements on it.

2-2

Page 20

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation

2.1.4 Electromagnetic Environment

All interference sources, wherever they are from, impact the security gateway

negatively in the conducted emission patterns of capacitance coupling, inductance

coupling, electromagnetic wave radiation, and common impedance (including the

grounding system) coupling. To resist the interference, make sure to:

z Take effective measures against the interference caused by the power supply

grid.

z Use an earthing system or lightning protection grounding different from that for the

power supply equipment and keep them as far as possible.

z Keep the device far from strong the power radio launchers, radar launchers, and

high frequency and high-current equipment.

z Use electromagnetic shielding when necessary.

2.1.5 Lightning Protection

Although the security gateway is designed to be lightning resistant, your device can get

damaged when excessive lightning is present. To protect your device against lightning,

z Ensure the chassis is connected to the earth ground.

z Ensure the earth point of the power socket is well connected to the earth ground.

z Add a lightning arrester onto the front end of the power input to better protect the

power supply from lightning strikes.

2.1.6 Mounting Rack

When installing the device in a rack, make sure that:

z There is adequate clearance between the air inlet/exhaust vents and the rack for

ventilation.

z The rack has a good ventilation system.

z The rack is firm enough to support the device and its accessories.

z The rack is well earthed.

2.2 Safety Precautions

Be sure that you observe all safety precautions when you install your security gateway

and pay adequate attention to the following icons:

Warning appears in operation procedures that, if performed incorrectly, might

cause bodily injury to the operators or damage the device.

Caution means care should be taken in these operations during installation and

use. Improper operations may result in abnormal running of the device.

2-3

Page 21

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation

Follow these safety precautions when installing or using your security gateway:

z Keep the device far from the moisture and heat sources.

z Make sure that the device is well earthed.

z Always wear an ESD-preventive wrist strap when installing and maintaining the

security gateway, making sure the strap has good skin-contact.

z Do not hot-swap the console cable and auxiliary cable.

z Do not look directly into the fiber Tx port or the optical connector connected to it.

z You are recommended to use Uninterrupted Power Supply (UPS) for the security

gateway.

2.3 Unpacking Check

Check the arrived shipment against the packing list, making sure all the items are

included and in good condition. Contact your agent for shortage or wrong delivery.

2.4 Tools, Meters, and Devices

I. Tools

z Phillips screwdriver

z Flat-blade screwdriver

z ESD-preventive wrist strap

z Static shielding bag

II. Cables

z Grounding wire and power cord

z Console cable

z Interface cable (optional)

III. Meters and devices

z HUB or LAN switch

z Configuration terminal (or PC)

z Multimeter

 Note:

The installation tools, meters and devices are not provided with the security gateway.

2-4

Page 22

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

Chapter 3 Hardware Installation

3.1 Installation Procedures

Start

Install the rack (opt i onal )

Install the Security gateway

Connect the grounding wir e s

Connec t t he po w er c o rd

Connect the Security

gateway to a terminal for

conf i guration

Verify the installation

Power up

Normal?

YES

Power down the

S ecurity gateway and

remove the power cord

Install the MIM

Connec t t he Ethernet

interface

Verify the installation

Connec t t he po w er c o rd /

Power up

End

Troubleshoot

Power down

Figure 3-1 Installation procedure

3-1

Page 23

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

Caution:

Before you install your device, make sure that:

You have read “

Chapter 2 Preparation for Installation” carefully.

The requirements in Chapter 2 are satisfied.

3.2 Mounting the Device

You can install your device on a workbench/tabletop or in a rack.

3.2.1 Tabletop/Workbench-Mounting the Device

If a 19-inch standard rack is unavailable, you can place your security gateway on a

clean workbench/tabletop. To prevent any damage, observe the following:

z Ensure the table is stable and well earthed.

z Reserve the clearance of 10 cm (3.9 in.) around the device for adequate

ventilation.

z Do not place any heavy object on the device.

3.2.2 Rack-Mounting the Device

The security gateway can be placed in a 19-inch standard rack. The following table

shows its dimensions:

Table 3-1 Dimensions of the SecPath V1000-A

Model Dimensions

SecPath V1000-A (W X D X H)

Follow these steps to install the SecPath V1000-A:

Step 1: Check that the rack is stable enough and properly earthed. Attach the

rack-mount brackets to the front or rear of the chassis with screws.

Step 2: Place the device on a shelf in the rack and slide it to a proper position along the

guide rails, reserving a suitable clearance between the device and the guide rails.

Step 3: Fix the brackets to the rack posts with suitable antirust pan-head screws,

making sure that the device is securely fixed.

436 x 430 x 44 mm (17.2 x 16.9 x 1.7 in), excluding the rubber feet

3-2

Page 24

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

(1)

(3)

(2)

(1) Pan-head screws (4) (2) Rack-mount bracket (3) Guide rail

Figure 3-2 Installing the SecPath V1000-A in a rac

3.3 Installing an MIM

For details about installing MIMs, see “Chapter 8 Multifunctional Interface Modules”.

3.4 Connecting the Grounding Wire

Caution:

When installing or using your security gateway, properly connect the grounding wire for

lightning protection and anti-interference.

The security gateway provides a grounding screw, which must be connected to the

earth ground properly to safely channel the faradic current and leakage electricity to the

ground and have the device less susceptible to electromagnetic interference (EMI).

On the rear panel of the SecPath V1000-A, the grounding screw resides at the bottom

right with a grounding mark, as shown in

Figure 3-3.

3-3

Page 25

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

(1) Grounding screw

Figure 3-3 Grounding screw on the SecPath V1000-A

Connect this screw to the earth ground using a grounding wire. The grounding

resistance must be smaller than 5 ohm. If the device is mounted in a 19-inch standard

rack, the rack must be earthed.

Caution:

Lightning strikes can damage your device and the connected device as well. For

secure lightning protection, make sure that your security gateway has a good ground

connection when it is operating.

3.5 Connecting to the Console Terminal

I. Console port

On the security gateway, one RS232 asynchronous serial console port is available for

you to configure the device. For the attributes of the console port, refer to the section

1.2.4 Attributes of the Fixed Interfaces”.

“

II. Console cable

Console cable is an 8-wire shielded cable. At one end of the cable is an RJ45 connector

to the console port on the security gateway; at the other end is a DB9 (female)

connector to the serial port of the console terminal.

Figure 3-4 illustrates a console cable:

3-4

Page 26

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

X3 A

Figure 3-4 Console cable assembly

III. Connecting the console cable

When configuring the security gateway through a console terminal, follow these steps

to connect the console cable:

Step 1: Select a console terminal.

The console terminal can be either a standard ASCII terminal with an RS232 serial port,

or more commonly, a PC.

Step 2: Power down the security gateway and the console terminal; connect the RS232

serial port on the console terminal to the console port on the security gateway through

the console cable.

Step 3: Verify the connection and power up the devices.

The console terminal shows the startup information of the security gateway if the

connection is correct. For details, see “

Chapter 4 Booting and Configuration”.

3.6 Connecting an Ethernet Interface

I. Introduction to the Ethernet interface

The SecPath V1000-A provides two fixed 10/100/1000 Mbps auto-sensing GE

interfaces, each providing an optical interface and an electrical interface (one in use at

a time). For optical interfaces, SFP transceivers are used. For the available SFP

transceiver options, see

II. Ethernet cable

Electrical and optical Ethernet interfaces use different Ethernet cables for connection.

1) Cables for electrical Ethernet interfaces

For an electrical Ethernet interface, you can use a category-5 twisted-pair cable

(straight-through or crossover), as shown in

Table 1-6.

Figure 3-5:

3-5

Page 27

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

Figure 3-5 Ethernet cable assembly

 Note:

In making network cables, shielded cables are preferred for the sake of

electromagnetic compatibility.

2) Cables for optical Ethernet interfaces

For an optical Ethernet interface, you can choose the appropriate fiber-optic,

single-mode or multi-mode, depending on the 1000Base-FX SFP optical transceiver

you are using (see

Table 1-6 for fiber options). Because all the available optical

transceivers use LC optical connectors, your must use the fiber-optic with LC fiber

connectors. All the optical transceivers are hot-swappable.

 Note:

A fiber connector, as defined by the International Telecommunications Union (ITU), is a

passive component that connects two or more fiber-optic segments stably but not

permanently. Fiber connectors are indispensable to an optical communication system,

making it possible to connect and disconnect optical channels.

Following are several fiber connector types:

FC: A round optical connector with screw threads

ST: A round plug-in optical connector

SC: A square optical connector

MT-RJ: A square optical transceiver

LC: A compact optical connector developed by Lucent

 Note:

The fiber-optic selection depends on SFP module. You must specify the desired SFP

modules when you purchase a security gateway. Otherwise, the fiber-optic is not

provided.

3-6

Page 28

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

III. Connecting an Ethernet cable

Take the fixed 10/100/1000 Mbps Ethernet 1 port on the front panel of the SecPath

V1000-A for example. Follow these steps to connect its Ethernet cable:

Caution:

For each fixed Ethernet interface (for example, 10/100/1000 Mbps Ethernet 1 on the

SecPath V1000-A), if both of its electrical and optical ports are connected, the electrical

port is regarded as the operating port by default.

1) Connect the Ethernet electrical port

Caution:

Read the mark above the port to be connected carefully, making sure it is the correct

port.

Step 1: Connect one end of the Ethernet cable to the electrical port of the 10/100/1000

Mbps Ethernet 1 and the other end to the peer device.

Step 2: Check the status of the LINK LED for the Ethernet 1 interface. ON means the Rx

link is present. OFF means no Rx link is present; check the line for the cause.

2) Connect the optical Ethernet port

Caution:

In connecting the fiber-optic, observe the following:

Do not over-bend the fiber-optic. Its curvature radius must be greater than 10 cm (3.9

in.).

Ensure that the Tx and Rx ends are correctly connected.

Ensure that the fiber ends are clean.

3-7

Page 29

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

Caution:

Laser danger: never look into the optical ports that are connected to the laser. It can

harm your eyes.

Step 1: Correctly connect one end of a fiber-optic cable to the Rx port of the

10/100/1000 Mbps interface on the security gateway and the other end to the Tx port on

the peer device. Connect another fiber-optic cable between the Tx port on the security

gateway and the Rx port on the peer device.

Step 2: Power up the SecPath V1000-A and check the status of the LINK LED of the

Ethernet 1 interface. On means the Rx link is present. OFF means no Rx link is present;

check the line for the cause.

3.7 Connecting a PSU

The security gateway is AC-powered.

 Note:

If both PSUs are in use, they can back up each other.

I. AC-input PSU

AC input: 100 VAC to 240 VAC, 50/60 Hz

Figure 3-6 illustrates the power socket on an AC-powered security gateway:

(1) PWR1 switch (2) PWR0 switch (3) AC-input PWR1 (4) AC-input PWR0

Figure 3-6 Power socket on the AC-powered security gateway

3-8

Page 30

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation

II. Recommended power socket

You are recommended to use a 3-core monophase power socket with neutral point.

The neutral point of the socket must be grounded reliably. Normally, the neutral point of

the power supply system in a building was buried in the ground during the construction

and cabling. You must make sure that the power supply for the building is well

grounded before connecting the AC power cord.

III. Connecting an AC-input PSU

Take the SecPath V1000-A for example.

Step 1: Make sure that the PGND on the chassis is securely connected to the earth

ground.

Step 2: Make sure that the power switches are placed in the OFF position. Connect one

end of an AC power cord provided with the device to the socket of AC-input PWR0 on

the left-rear of the chassis and the other end to the AC mains supply.

Step 3: Repeat Step 2 to connect the PWR1. (Skip this step if you use only one PSU.)

Step 4: Place the PWR0 switch into the ON position.

Step 5: Place the PWR1 switch to the ON position. (Skip this step if you use only

PWR0.)

Step 6: Check that the PWR0 and PWR1 LEDs on the front panel light. ON means the

power connections are correct.

Step 7: Check that the SYS LED on the front panel is ON. ON means the hardware

system is working well.

3.8 Verifying Installation

Each time you power up the device during the installation, verify that:

z The device has adequate clearance around it for heat dissipation and the

table/rack is stable enough.

z The proper power supply is used.

z The grounding wire is correctly connected.

z The device is correctly connected to other devices, such as a console terminal.

 Note:

Installation verification is extremely important, because the operations of the security

gateway depend on its stability, grounding, and power supply.

3-9

Page 31

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

Chapter 4 Booting and Configuration

4.1 Booting

You can only configure the security gateway through the console port when you use it

for the first time.

4.1.1 Setting up a Configuration Environment

I. Connecting the device to a console terminal

Connect the RJ45 connector of the console cable to the console port on the security

gateway and the DB9 connector to the serial port on the console terminal, as shown in

Figure 4-1.

RS232 serial interface

Console cable

Figure 4-1 Local configuration through the console port

H3C SecPath V1000-A

Console port

II. Setting terminal parameters

Follow these steps to set terminal parameters on the console terminal, a PC running

Windows98 for example:

Step 1: Start the PC and select [Start/Programs/Accessories/Communications/HyperTe

rminal].

The HyperTerminal window displays the Connection Description dialog box, as shown

Figure 4-2.

4-1

Page 32

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

Figure 4-2 Setting up a new connection

Step 2: Enter the name of the new connection in the Name field and click <OK>. The

dialog box, as shown in

Figure 4-3 pops up.

Step 3: Select the serial port to be used from the Connect Using dropdown menu. The

serial port must be the same port connected by the console cable.

Figure 4-3 Setting the connection port

Step 5: Click <OK>. The Port Settings tab, shown in Figure 4-4, appears and you can

set serial port parameters. Set the following parameters:

z Baud rate = 9600

z Databit = 8

z Parity check = none

z Stopbit = 1

z Flow control = none

4-2

Page 33

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

Figure 4-4 Setting communications parameters

Step 6: Click <OK>. The HyperTerminal dialogue box appears.

Step 7: Select Properties.

Step 8: In the Properties dialog box, select the Settings tab, as shown in

Step 9: Select VT100 or Auto detect in the Emulation dropdown menu.

Step 10: Click <OK>.

Figure 4-5.

Figure 4-5 Settings tab

4-3

Page 34

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

4.1.2 Powering up the Security Gateway

I. Checking before power-up

Before powering up the security gateway, check that:

z Both the power cord and the grounding wire are correctly connected.

z Proper power supply is used.

z The console cable is correctly connected.

z The console terminal (or PC) has been started and the related parameters have

been set on it.

Caution:

Locate the emergency power-off switch in the room before powering up the security

gateway. Then, if an accident occurs, you can quickly shut off the power.

II. Powering up the security gateway

z Turn on the switch of the mains supply.

z Place the power switch(es) on the device into the ON position.

III. Checking/Operating after power-up

After powering up the security gateway, check that:

z The ventilation system is operating well.

After powering up the security gateway, you can hear the sound of the fan blade

spinning and feel the airflow when you put your hands close to the air vents.

z The LEDs on the front panel of the chassis are in normal state.

See the section “

z The console terminal display is correct.

1.2.3 LEDs” for more information on LED state.

After powering up the security gateway, you can see the startup interface on the

console terminal (see the section “

4.1.3 Startup Process”). After the system passes

Power-On Self-Test (POST), press <Enter> as prompted. When “<H3C>” is displayed,

you can proceed to configure the security gateway.

4.1.3 Startup Process

After being powered up, the security gateway first runs the Boot ROM program. The

terminal screen displays the following system information:

4-4

Page 35

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

 Note:

The message displayed on the terminal could vary with Boot ROM versions.

************************************************** * * * H3C SecPath Series Gateway Boot ROM V1.17 * * * **************************************************

Testing memory...OK! 512M bytes DDR SDRAM Memory 16M bytes Flash Memory Hardware Version is 2.0 CPLD Version is 1.0

Press Ctrl-B to enter Boot Menu

Press <Ctrl+B> to enter the Boot menu. Otherwise, the system starts decompressing

the program.

 Note:

To enter the Boot Menu, you must press <Ctrl+B> within three seconds after the

prompt “Press Ctrl-B to Enter Boot Menu…” appears.

The system starts decompression and initialization, and displays:

System is starting... Number 1 memory block start from address 0x23000000 ,length 0xd000000

User interface Con 0 is available. Press ENTER to get started

Press <Enter>. The system displays (if login authentication is not enabled):

<H3C>

The prompt indicates that the security gateway enters user view and is ready for

configuration.

4-5

Page 36

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration

4.2 Configuration Fundamentals

4.2.1 Basic Configuration Procedures

Following are the basic steps that you can follow to configure your security gateway:

Step 1: Figure out detailed networking requirements, including networking objectives,

the role of the security gateway in the network, transmission medium, security policy,

and network reliability.

Step 2: Draw a network topology based on the requirements.

Step 3: Configure IP addresses of the interfaces on the security gateway.

Step 4: Configure routes, and if a dynamic routing protocol is enabled, the parameters

related to the protocol.

Step 5: Configure security settings as required.

Step 6: Configure reliability settings as required.

For more information on the configuration of protocols and functions for the security

gateway, see the Operation Manual and Command Manual of the corresponding

product.

4.2.2 Command Line Interface

I. Features of the CLI

The CLI of the security gateway offers lots of configuration commands for you to

configure and manage the security gateway. The CLI allows you to:

z Configure the device through the console port at the local.

z Telnet to access and manage the local and remote devices.

z Get online help whenever you enter <?>.

z Test network connectivity quickly with network diagnostic tools, such as tracert

and ping.

z Have detailed debugging information for network troubleshooting.

z Enter a command by only entering the conflict-free keyword portion, because the

CLI interpreter supports fuzzy keyword search. For example, you simply need to

enter “dis” for the display command.

II. CLI

In system view, all the commands are put into several groups for the convenience of

management. You can switch between the views by executing the proper commands.

In normal circumstances, you can only execute the commands appropriate to the view

that you access. However, you are allowed to execute in any view some commands in

common use, such as ping, display current-configuration, and interface.

4-6

Page 37

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

Chapter 5 Software Maintenance

5.1 Software Maintenance

The security gateway maintains three types of files:

z Boot ROM program files

z Application program files

z Configuration files

The software maintenance mainly involves upgrading/downloading Boot

ROM/application program files and uploading/downloading configuration files.

5.1.1 Boot Menu

This section introduces the Boot menu that you use in maintaining the software of the

security gateway.

Set up a configuration environment as shown in

Figure 4-1 and then boot the security

gateway. Press <Ctrl+B> when the system prompts “Press Ctrl-B to enter Boot Menu”.

The system displays:

Please input Boot ROM password :

Caution:

z Press <Ctrl+B> within three seconds after the prompt “Press Ctrl-B to Enter Boot

Menu...” appears to access the Boot Menu. Otherwise, the system starts

decompressing the program.

z If you want to access the Boot menu after the system starts decompressing the

program, you need to reboot the security gateway.

Type the correct password and press <Enter>. (If no Boot ROM password is configured,

just press <Enter>.) The system accesses the following Boot menu:

I. Boot menu of the SecPath V1000-A

Boot Menu: 1: Download application program with XMODEM 2: Download application program with NET 3: Display file in flash 4: Delete file from flash

5-1

Page 38

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

5: Start up and ignore configuration 6: Enter debugging environment 7: Boot Rom Operation Menu 8: Do not check the version of the software 9: Exit and reboot Enter your choice(1-9):

Note that:

z To download an application program using XModem, see the section “5.1.2

Upgrading the Application and Boot ROM Programs Using XModem”.

z In downloading an application program using the Ethernet, only TFTP is available

for the SecPath V1000-A. See the section “

Program Using TFTP

z If option 5 is selected, the system starts up with the initial configurations.

z If option 8 is selected, the system ignores the software version of the Boot ROM

” for the procedures.

5.1.4 Upgrading an Application

program, its extended segment, and application program for backward

compatibility. If you fails to upgrade the software because the system decides that

you are using an “invalid version” even when the correct version is used, you can

use the option 7 to ignore the version check during a software upgrading. Note that

this option works only once when you select it. The system resumes version check

after you reboot the security gateway.

II. Boot ROM submenu of the SecPath V1000-A

As mentioned earlier, you can select <7> in the Boot menu to enter the Boot ROM

submenu as follows:

Boot ROM Operation Menu: 1: Download Boot ROM with XModem 2: Download Extended Segment of Boot ROM with XModem 3: Restore Extended Segment of Boot ROM from FLASH 4: Backup Extended Segment of Boot ROM to FLASH 5: Exit to Main Menu Enter your choice(1-5):

The menu provides approaches to Boot ROM upgrade, backup, and restoration. See

the sections “

XModem

” for the procedures.

ROM

5.1.2 Upgrading the Application and Boot ROM Programs Using

” and “5.1.3 Backing up and Restoring the Extended Segment of the Boot

5-2

Page 39

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

Caution:

You are recommended to upgrade the software of the security gateway under the

guidance of support engineers. In addition, when upgrading the security gateway,

make sure the version of the Boot ROM software is consistent with that of the

application program.

5.1.2 Upgrading the Application and Boot ROM Programs Using XModem

You can use the console port to upgrade the software using XModem without the need

of setting up a configuration environment.

I. Upgrading an application program

Step 1: Enter the Boot menu (see the section “5.1.1 Boot Menu”) and enter <1> to

download an application program using XModem. The security gateway supports the

following downloading speeds:

Downloading application program from serial ... Please choose your download speed: 1: 9600 bps 2: 19200 bps 3: 38400 bps 4: 57600 bps 5: 115200 bps 6: Exit to Main Menu Enter your choice(1-6):

Step 2: Choose an appropriate downloading speed (for example, 115200 bps by

entering <5>). The following message appears:

Download speed is 115200 bps. Change the terminal's speed to 115200 bps, and select XModem protocol. Press ENTER key when ready.

Step 3: Change your terminal’s baud rate (see Figure 4-4) to the same baud rate for

software downloading (115200 bps in this example). After that, disconnect the terminal

([Dial-in/Disconnect]), reconnect it ([Dial-in/Dialing]), and press <Enter> to start

downloading. The system displays:

Downloading ... CCCCC

5-3

Page 40

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

 Note:

The new baud rate takes effect only after you reconnect the terminal emulation

program.

Step 4: Select [Transmit/Send File] in the terminal window. The following dialog box

pops up:

Figure 5-1 Send File dialog box

Step 5: Click <Browse>. Select the application file to be downloaded and set protocol to

XModem. Click <Send>. The following interface pops up:

Figure 5-2 Sending File interface

Step 6: After completing the downloading, the system begins writing data to the Flash,

and then displays the following information in the terminal interface, indicating the

completion of the downloading:

Download completed. Writing to flash memory... Please wait, it may take a long time

5-4

Page 41

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

######################################################## Writing FLASH Success.

Please use 9600 bps.Press <ENTER> key to reboot the system.

Restore the speed of the console terminal to 9600 bps as prompted, disconnect and

reconnect the terminal. The system starts up normally.

II. Upgrading the Boot ROM program

Step 1: Enter the Boot Menu (see the section “5.1.1 Boot Menu”) and select <7> to

enter the Boot ROM operation submenu.

Step 2: Enter <1> in the Boot ROM operation submenu to download the Boot ROM

program using XModem. Several speed options are available for you. The subsequent

steps are the same as those described in the section “

program

”.

5.1.2 Upgrading an application

Caution:

You cannot restore the Boot ROM program on site if you fail to upgrade the entire Boot

ROM program. Therefore, you must not upgrade the entire Boot ROM program unless

necessary and under direction of support engineers.

III. Upgrading the extended segment of the Boot ROM

Step 1: Enter the Boot Menu (see the section “5.1.1 Boot Menu”) and select <7> to

enter the Boot ROM operation submenu.

Step 2: Select <2> in the Boot ROM operation submenu to upgrade the extended

segment of the Boot ROM using XModem. Several speed options are available for you.

The subsequent steps are the same as those described in the section "

5.1.2

Upgrading an application program”.

Caution:

This upgrade approach is only used to upgrade a portion of the Boot ROM program, so

you can make a second attempt once errors occur.

5-5

Page 42

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM

I. Backing up the extended segment of the Boot ROM to the Flash

Follow these steps to back up the extended segment of the Boot ROM:

Step 1: Enter the Boot Menu (see the section “

5.1.1 Boot Menu”) and select <7> to

enter the Boot ROM operation submenu.

Step 2: Select <4> in the operation submenu to copy the current extended segment of

the Boot ROM to the Flash.

Backup Extended Segment, are you sure?[Y/N]

Enter <Y>. The system starts backing up the extended segment.

If the backup attempt is successful, the following message appears:

Writing to FLASH.Please wait...#### Backuping Boot ROM program to FLASH successed!

Step 3: When the Boot submenu appears again, select <5> to exit and reboot the

security gateway.

II. Restoring the extended segment of the Boot ROM from the Flash

If faults occur to the extended segment of the Boot ROM or you upgrade it wrongly, you

can restore the extended segment of the Boot ROM from the Flash to the Boot ROM by

taking these steps:

Step 1: Enter the Boot Menu (see the section “

5.1.1 Boot Menu”), and select <7> to

enter the Boot ROM operation submenu.

Step 2: Select <3> in the operation submenu to restore the extended segment of the

Boot ROM from the Flash.

Restore Extended Segment, are you sure?[Y/N]

Enter <Y>. The system starts restoring the extended segment.

If the operation is successful, the system displays:

Writing to Boot ROM.Please wait...###### Restoring Boot ROM program successed!

Step 3: When the Boot submenu appears again, select <5> to exit and reboot the

security gateway.

5.1.4 Upgrading an Application Program Using TFTP

Upgrade an application program with net is to download the application program using

an Ethernet interface. In this approach, the security gateway is the client that needs to

be connected to the TFTP server using one of its fixed Ethernet interfaces.

5-6

Page 43

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

Caution:

The security gateway does not provide TFTP server programs. You should purchase

and install one by yourself.

The SecPath V1000-A can only act as the TFTP client, so you can only upgrade an

application program using TFTP, shown as follows:

z Start the TFTP server

z Start the TFTP server on the PC connected to the Ethernet interface on the

security gateway and set the path to the file to be downloaded.

z Configure the security gateway

Step 1: Start the security gateway and enter the Boot menu (see the section “

5.1.1

Boot Menu”). Select <2> to enter the Net Port Download Menu. The system displays

the following message:

Net Port Download Menu: 1: Change Net Parameter 2: Download From Net 3: Exit to Main Menu Enter your choice(1-3): 1

Step 2: Select <1> to configure the network interface parameters (including the

interface in use and the IP address and subnet mask of the interface) and the TFTP

server parameters (including the IP address of the Ethernet interface on the PC and the

file name of the application program).

Change Download parameter Download device :ETH0 Download file(Max 60 char) :system IP address of ETH0 :192.168.1.15 Subnet mask for ETH0 :255.255.255.0 IP address of the server :192.168.1.10 IP address of the gateway :10.110.95.117

5-7

Page 44

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

Caution:

z The upgrade should be performed through ETH0 on the security gateway.

z The item “IP address of the server: [192.168.1.10]” must be set to the IP address of

the TFTP server connected to the Ethernet interface on the security gateway.

z You are recommended to configure the IP address of the TFTP server network

interface and that of the ETH0 on the security gateway into the same network

segment.

Step 3: After you input the last parameter value, the system displays the following

message and returns to the Net Port Download Menu:

Saving config, please wait...OK! Net Port Download Menu: 1: Change Net Parameter 2: Download From Net 3: Exit to Main Menu Enter your choice(1-3): 2

Step 4: Select <2> to download the application program using TFTP. The system

displays the following message:

Starting the TFTP download...

..........................................................................

.......................

TFTP download completed... File length = [03598640]

Writing program code to FLASH...

Please wait,it needs a long time .Please wait... ######################################################## Writing FLASH Success.

Press <ENTER> key to reboot the system .

The downloading is successful. Press <Enter> to reboot the system.

5.1.5 Uploading/Downloading a Program/File Using FTP

The security gateway can act as the FTP server. Any FTP clients (local or remote)

connected to the security gateway can update configuration files or upgrade

application/Boot ROM programs using FTP. A user can upload/download configuration

5-8

Page 45

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

files and application programs after passing the authentication. The following

subsections describe the procedures.

 Note:

Upload is to transfer files from an FTP client to the security gateway, that is, the put

operation.

Download is to transfer files from the security gateway to an FTP client, that is, the get

operation.

I. Setting up an uploading/downloading environment

z Set up a local uploading/downloading environment using FTP

H3C SecPath V1000-A (FTP Server )

10.110.10.13/24

LAN

Ethernet i

10.110.

nterface

10.10/24

(FTP Client)

Figure 5-3 Setting up an environment for local uploading/downloading using FTP

Step 1: Connect the PC to an Ethernet interface on the security gateway.

Step 2: Assign an IP address, 10.110.10.10 for example, to the Ethernet interface on

the security gateway.

Step 3: Assign an IP address, 10.110.10.13 for example, to the Ethernet interface on

the PC.

Step 4: Copy the application program/Boot ROM/configuration file to a directory, “C:\

version” for example.

Caution:

The IP addresses assigned to the network interfaces of the PC and the security

gateway must reside on the same network segment.

z Set up a remote uploading/downloading environment using FTP

5-9

Page 46

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

10.110.10.13

(FTP Client)

Router

H3C SecPath V1000-A (FTP Server)

WAN

hernet interface

10.110.10.10

Figure 5-4 Setting up an environment for remote uploading/downloading using FTP

Step 1: Connect the PC to an interface on the security gateway through the WAN. The

PC and the security gateway can reside on different network segments.

Step 2: Copy the application program/Boot ROM/configuration file to a directory,

“C:\version” for example.

II. Enabling the FTP server

Follow these steps under the direction of service engineers.

Step 1: Configure an authentication method.

 Note:

You can configure AAA authentication as needed. For more information, see the

section “AAA and RADIUS Configurations” in the Operation Manual and Command Manual of the corresponding product.

Step 2: Add the username and password.

[VPNGateway] local-user VPNGateway

VPNGateway is the username.

Step 3: Add the password.

[VPNGateway-luser-vpngateway] password simple 123

Step 4: Add the service type and specify the FTP directory.

[VPNGateway-luser-vpngateway] service-type ftp ftp-directory flash:

Step 5: Add an authority level.

[VPNGateway] level 3

Step 6: Enable the FTP server.

[VPN Gateway] ftp-server enable

5-10

Page 47

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

After the FTP server is enabled and the user is added onto the security gateway, any

FTP client program can use the username and password to log onto the FTP server.

III. Uploading/Downloading an application program/configuration file and

uploading the Boot ROM program

Step 1: In the DOS environment, access the directory containing the application

program/Boot ROM/configuration file. Execute the ftp command to set up an FTP

connection with the security gateway, for example:

C:\version\ftp 10.110.10.10

If the connection is set up, the following message appears (taking Windows98 for

example):

Connected to 10.110.10.10 220 FTP server ready on VPNGateway at User(10.110.10.10:(none)):

Step 2: Log onto the FTP server using the username and password set on the security

gateway.

User(10.110.10.10:(none)): VPNGateway 331 Password required for ftp Password: 230 User ftp logged in ftp>

Appearance of the prompt “ftp>” indicates that you can begin uploading/downloading

the desired file.

Step 3: Upload/Download the application program/configuration file/Boot ROM.

 Note:

On the security gateway, the default name of the application program is "system”, the

configuration file “config.cfg”, the extended segment of the Boot ROM “bootrom”, and

the entire Boot ROM “bootromfull”.

z Upload the application program/Boot ROM/configuration file

ftp> put =>Type put, meaning to upload local file =>Type the name of the application program/Boot ROM/configure file to be uploaded. remote file =>Type the name of the application program/Boot ROM/configure file to be save in the security gateway.

5-11

Page 48

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance

Upon the completion of uploading, the prompt “ftp>” appears again. Enter <dir> to view

the name and size of the uploaded file on the security gateway. It has the same size as

the original file on the host if the uploading is successful.

Caution:

The Boot ROM upgrade is not complete after the Boot ROM program is uploaded using

the put command. To complete the upgrade, use the upgrade bootrom [ full ]

command to decompress the bootrom/bootromfull program from the root directory in

the Flash and write it to the Boot ROM. After that you have completed the upgrade of

Boot ROM.

z Download an application program/configuration file

ftp> get Type get, meaning to download local file Type the name of the application program/configure file to be saved. remote file Type the name of the application program/configure file in the security gateway.

Step 4: Upon the completion of the uploading/downloading, quit the FTP client

program.

ftp>quit

5.1.6 Recovering/Replacing the Lost Password

Contact our support engineers in case of Boot ROM or user password loss. They can

help your access the security gateway to set a new password.

5-12

Page 49

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

Chapter 6 Hardware Maintenance

6.1 Preparing Tools

z Phillips screwdriver

z Flat-blade screwdriver

z ESD-preventive wrist strap

z Static shielding bag

 Note:

The tools are not provided with the security gateway, so you need to prepare them

yourself.

6.2 Opening the Chassis Cover

Step 1: Power down the security gateway and remove the power cords.

Step 2: Remove the interface cables from the front of the chassis, except for the

grounding wire.

Step 3: Place the security gateway on a flat table, with the rear forward. Use a Phillips

screwdriver to remove the two captive screws securing the cover at the rear of the

chassis.

Step 4: Undo the two captive screws securing the cover at each side of the chassis.

Step 5: Raise the cover to such a height that the edge of the cover is separated from the

bottom of the chassis.

Step 6: Pull the cover towards you until the tabs on the edge of the cover are separated

from the front panel. Put the cover away.

6-1

Page 50

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

(1)

(2)

(1)

(1) Remove the six screws (2) Pull it out towards this direction

Figure 6-1 Opening the chassi

Caution:

z Do not replace the hardware unless necessary and under the guidance of support

engineers.

z There is an anti-dismantle seal on a screw on the chassis. You must keep the seal

intact before your sales representative maintains the security gateway. So you must

contact your sales representative to obtain the permission before you open the

chassis. The company is not liable for any damage or consequence resulted from

users' operation without permission.

z Ensure that the security gateway has no electricity before servicing the device to

avoid bodily injuries and device damages.

z Wear an ESD-preventive wrist strap when servicing the device, making sure it has

good skin-contact.

z You must use the SDRAMs provided by H3C. Otherwise, anomalies might occur to

the device.

6.3 Replacing a DDR SDRAM

Following are the storage media available for the security gateway:

z DDR SDRAM (Synchronous Dynamic RAM): is where the programs of the security

gateway are running.

z Flash memory: stores the programs and configuration files of the security

gateway.

6-2

Page 51

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

z Boot ROM: stores the boot and initialization programs of the security gateway.

Hardware maintenance mainly involves DDR SDRAM replacement.

Follow this maintenance flow to replace a DDR SDRAM:

Start

Prepare the tools

Prepare tools

Prepare the tools

Prepare tools

Prepare the tools

Prepare tools

Prepare the tools

Prepare tools

Open the chassis

Verify the p

Locate the DDR SDRAM

Remove the

Remove the old DDR SDRAM

Install the

Install a new DDR SDRAM

DDR SD

Close the chassis

Complete h

DDR SD

End

mainte

osition of

RAM

old

RAM

new

RAM

ardware

nance

Figure 6-2 DDR SDRAM maintenance flow

A DDR SDRAM is a main board component that you can expand and replace as

needed. Generally, you need to expand a DDR SDRAM for:

z Upgrading the Comware.

z Providing an adequate memory size for retaining a large routing table or

processing tasks that consume huge memory resources.

When booting the security gateway, you can see the following messages:

************************************************** * * * H3C SecPath Series Gateway Boot ROM V1.17 * * * **************************************************

Testing memory...OK!

6-3

Page 52

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

512M bytes DDR SDRAM Memory 16M bytes Flash Memory Hardware Version is 2.0 CPLD Version is 1.0

Press Ctrl-B to enter Boot Menu

“512M bytes DDR SDRAM” means that the security gateway is installed with a DDR

SDRAM of 512M bytes.

 Note:

Note that there is a limit on the times that you can install a DDR SDRAM in a memory

bank.

6.3.1 Locating the DDR SDRAMs on the Mainboard

When removing/installing a DDR SDRAM, make sure to identify the type of mainboard

and the exact position of the DDR SDRAM. See the following table for the types of

memory used in the Security Gateway and the configuration:

Table 6-1 Memory specifications

Item Specifications

Memory type DDR SDRAM

Max size of an identifiable memory bank (MB) 512

Expansion limit

DDR SDRAM can be extended to 1 GB at most.

The following figure shows where the DDR SDRAMs, Flash, and Boot ROM are located

on the mainboard:

6-4

Page 53

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

Figure 6-3 The position of the DDR SDRAMs, Flash, and Boot ROM on the mainboard

Each DDR SDRAM has one positioning recess at its bottom for correct orientation.

When installing a DDR SDRAM into a memory bank, press the positioning recess into

the pin in the bank.

6.3.2 Removing a DDR SDRAM

Step 1: Locate the DDR SDRAM to be replaced on the mainboard.

Step 2: Press the clips at both sides of the DDR SDRAM bank outward with appropriate

pressure, till the DDR SDRAM ejects from the bank.

Figure 6-4 Removing a DDR SDRAM

Step 3: Hold the DDR SDRAM by its non-conductive edge and take it out of the bank.

Place it in a static shielding bag to avoid ESD damages.

6-5

Page 54

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

Caution:

z Hold the DDR SDRAM only by its non-conductive edge, because it is prone to ESD

and could be damaged by incorrect operations.

z You need to exercise some strength to pull the DDR SDRAM out of its bank but do

not overdo it.

z Do not touch the components on the DDR SDRAM by hands.

z The marks “DDR SDRAM1” and “DDR SDRAM2” in Figure 6-3 do not mean the

DDR SDRAMs are divided into basic and extended DDR SDRAMs; they are

identical.

6.3.3 Installing a DDR SDRAM

Follow these steps to install a DDR SDRAM.

Step 1: Locate the memory bank on the mainboard with reference to Figure 6-3.

Step 2: Hold the DDR SDRAM by its non-conductive top edge and place it in the

desired memory bank.

Step 3: Exercise adequate pressure on the DDR SDRAM to press it into the bank.

Press the clips at both sides of the bank inward until the locking pins at the end of the

clips are engaged with the semicircular recesses at the bottom of the DDR SDRAM.

Repeat these steps to install all the DDR SDRAMs.

6.4 Closing the Chassis Cover

Step 1: Place the security gateway on a flat table, with the rear forwards.

Step 2: Hold the chassis cover and align the small tabs on the cover with the edges of

the bottom of the chassis.

Step 3: Push the chassis cover and ensure the tabs on the cover and the tabs on the

top of the front panel are engaged.

Step 4: Lower the chassis cover onto the chassis bottom, engaging the tabs on the

cover with the tabs on the top of the side panels.

6-6

Page 55

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance

(2)

(1)

(2)

(1) Insert the cover towards this direction (2) Install six screws at these places

Figure 6-5 Closing the chassis cove

Step 5: Tighten the six captive screws that are removed in steps 3 and 4 described in

the section “

6.2 Opening the Chassis Cover” to secure the cover to the chassis body.

6.5 Replacing an MIM

For details, see “Chapter 8 Multifunctional Interface Modules“.

(2)

6-7

Page 56

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting

Chapter 7 Troubleshooting

7.1 Troubleshooting the Power System

1) Symptom:

The PWR0/PWR1 LED does not light.

2) Troubleshooting:

Check that:

z The power switch of the PSU is turned on.

z The power switch of the mains supply is turned on.

z The power cord is connected correctly.

z Correct mains supply is used.

Caution:

Do not hot-swap the power cord. Contact your supplier if the PWR0/PWR1 LED does

not light yet after you finish the above operations.

7.2 Troubleshooting the Configuration System

If the security gateway is operating normally after it is powered up, it displays the

start-up information on the console terminal. If the configuration system has failed, it

displays illegible characters or nothing at all.

I. No information on the terminal

1) Symptom:

The powered-up security gateway displays nothing on the console terminal.

2) Troubleshooting:

Step 1: Check that:

z The power system is operating normally.

z The console cable is connected correctly.

Step 2: If you cannot locate the problem yet, check the console cable and the terminal

(e.g., HyperTerminal) parameter settings.

7-1

Page 57

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting

II. Illegible characters on the terminal

1) Symptom:

The powered-up security gateway displays illegible characters on the console terminal.

2) Troubleshooting:

Make sure you have set on your terminal (HyperTerminal):

z Baud rate = 9600

z Databit = 8

z Parity check = none

z Stopbit = 1

z Flow control = none

z Terminal emulation = VT100

Reconfigure the parameters if their values are different.

7.3 Troubleshooting the Software Upgrade

I. Fault 1

1) Symptom:

Start the security gateway and upgrade the Comware using TFTP. The system

displays:

Net Port Download Menu: 1: Change Net Parameter 2: Download From Net 3: Exit to Main Menu Enter your choice(1-3): 2

Starting the TFTP download...

Failed to connect the tftp server!! Please check the network setting!!

2) Troubleshooting:

Check that:

z The TFTP server program is started.

z An Ethernet connection to the TFTP server is present (the IP address is correct

and the network cable is securely connected).

II. Fault 2

1) Symptom:

Start the security gateway and upgrade the Comware using TFTP. The system

displays:

7-2

Page 58

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting

Net Port Download Menu: 1: Change Net Parameter 2: Download From Net 3: Exit to Main Menu Enter your choice(1-3): 2

Starting the TFTP download...

Failed to find the updated file Please check the network setting!!

2) Troubleshooting:

Check that the file to be downloaded exists and you have correctly specified the

directory in the TFTP server.

III. Fault 3

1) Symptom:

Start the security gateway and upgrade the Comware using TFTP. The system

displays:

Net Port Download Menu: 1: Change Net Parameter 2: Download From Net 3: Exit to Main Menu Enter your choice(1-3): 2

Starting the TFTP download...

The downloaded software is not a valid version. Please download the correct version.

2) Troubleshooting:

Check that you are downloading the correct software version.

 Note:

The bar code labels attached to the security gateway unit and the Smart Interface

Cards (SICs) contain the information about production and maintenance. Before you

ask your supplier to repair a failed unit, provide its bar code.

7-3

Page 59

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Chapter 8 Multifunctional Interface Modules

8.1 Multifunctional Interface Module Options

Following are the Multifunctional Interface Modules (MIMs) available for the security

gateway:

I. Ethernet interface modules

z 1-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE)

z 2-port 10Base-T/100Base-TX Fast Ethernet interface module (2FE)

z 1-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE)

z 2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (2GBE)

8.2 Installing and Removing an MIM

Caution:

The electromagnetic shielding (EMS) gaskets on the front panel of an MIM have

special EMS effect for the entire security gateway. So keep the gaskets intact when

removing or replacing an MIM and do not damage them.

Before installing MIMs, read “Chapter 2 Preparation for Installation” carefully.

I. Tools

ESD-preventive wrist strap

II. Installing an MIM

Caution:

Before performing any of the following operations, make sure you have completely

powered down the security gateway to avoid getting electric shocks.

Step 1: Place the security gateway with its front facing towards you.

Step 2: Turn off the mains supply and remove the power cord.

8-1

Page 60

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Step 3: Select a slot and push the MIM into the chassis until it is fully seated in the slot

and its front panel is flush with the front of the chassis.

Step 4: Tighten the captive screws to secure the MIM.

Step 5: Power up the security gateway and check the state of the ACT LED for the slot

on the security gateway. If the LED is flashing, it means the MIM is installed correctly.

Figure 8-1 Installing the MIM – step 1

Figure 8-2 Installing a MIM – step 2

III. Removing an MIM

Step 1: Place the security gateway with its front facing towards you.

Step 2: Turn off the mains supply and remove the power cord.

Step 3: Remove all interface cables from the front of the chassis.

Step 4: Loosen the captive screws at both sides of the MIM.

Step 5: Pull the MIM towards you until it is completely separated from the bottom of the

chassis.

8-2

Page 61

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Caution:

z If you remove an MIM and do not install a new one right away, you must replace the

blanking filler panel to prevent dust and debris from entering the security gateway

and to provide adequate ventilation.

z Do not operate at MIMs near the passageway to avoid accidents to the unit or the

removed MIMs.

8.3 Troubleshooting an MIM

You can read the LEDs on the MIM panel to check that the MIM is correctly installed.

If the MIM on the security gateway does not operate normally, check that:

z Correct interface cables are used.

z The interfaces are working well by reading the interface LEDs.

z The configurations on the MIM are validated by executing the display command.

8.4 1FE/2FE Module

8.4.1 Introduction

1/2-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE/2FE) provides

the communications between the security gateway and LANs.

The 1FE provides one 10/100 Mbps Ethernet interface with the RJ-45 connector while

the 2FE can provide two. Both of them support:

z The transmission segment of 100 meter over the category-5 twisted-pair cable.

z Operating rates of 100 Mbps and 10 Mbps, with auto-sensing.

z Full duplex (commonly used) and half-duplex.

8.4.2 Appearance

I. Appearance of the 1FE module

The following figure shows the 1FE module:

8-3

Page 62

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Figure 8-3 1FE module

II. Appearance of the 2FE module

The following figure shows the 2FE module:

Figure 8-4 2FE module

8.4.3 Interface Attributes

The following table shows the attributes of the 1FE and 2FE modules:

Table 8-1 Attributes of the 1FE and 2FE modules

Attributes

Connector RJ45

Number of connectors 1 2

Cable type Straight-through Ethernet cable

Operating mode

Description

1FE module 2FE module

Full duplex/Half-duplex

10/100 Mbps auto-sensing

8-4

Page 63

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Description

Attributes

1FE module 2FE module

Frame format

8.4.4 Panel and Interface LEDs

The following figure shows the 1FE module panel:

Figure 8-5 1FE module panel

The following figure shows the 2FE module panel:

Ethernet_II

Ethernet_SNAP

10/100BASE-TX

Figure 8-6 2FE module panel

The following table describes the LEDs on the 1FE/2FE module panel and how to read

their status.

Table 8-2 LED behavior

LED Description

LINK OFF means no link is present; ON means a link is present.

OFF means no packets are being transmitted/received on the

ACTIVE

interface; flashing means packets are being transmitted/received on the interface.

8.4.5 Interface Connection Cable

I. Ethernet cable

The FE modules use category-5 twisted-pair cables with RJ45 connectors (see Figure

). Pins 1 and 2 of the connectors are for transmitting data, and Pins 3 and 6 are for

8-7

receiving data.

8-5

Page 64

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Figure 8-7 Ethernet cable

II. Making an Ethernet cable

To make an Ethernet cable with RJ45 connectors using a category-5 twisted-pair cable,

refer to

identified and grouped by colors of the outer insulator. Usually a solid color wire and a

white/solid color wire are organized in pairs. But sometimes, wires are also paired by

color coded points.

Figure 8-8. A category-5 twisted-pair cable is composed of eight wires that are

Blue

Blue White/ Blue

White/ Blue

Pair 1

＜

Orange

＜

Pair 1

Figure 8-8 Category-5 twisted-pair cabl

Table 8-3 Straight-through cable pinout

1 TX+

2 TX- Orange

3 RX+ White (green)

＜

RJ45 Signal

Orange White/ Orange

White/ Orange

White/ Orange Green

Green

Green White/ Green

White/ Green

Brown

Brown White/Brown

White/Brown

Category-5

twisted-pair

cable

White (orange)

Direction of

signal

RJ45

4 –– Blue –– 4

5 –– White (blue) –– 5

6 RX- Green

8-6

Page 65

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

RJ45 Signal

Category-5

twisted-pair

cable

Direction of

signal

RJ45

7 –– White (brown) –– 7

8 –– Brown –– 8

Table 8-4 Crossover cable pinout

RJ45

Direction of

signal

1 TX+

2 TX- Orange

3 RX+ White (green)

Category-5

twisted-pair

cable

White (orange)

Direction of

signal

RJ45

4 –– Blue –– 4

5 –– White (blue) –– 5

6 RX- Green

7 –– White (brown) –– 7

8 –– Brown –– 8

Ethernet cables are divided into two categories: straight-through and crossover.

z Straight-through cable: The sequences of the twisted pairs crimped in the RJ-45

connectors at both ends are the same. It connects a terminal device (PC or router)

to a HUB or LAN Switch.

z Crossover cable: The sequences of the twisted pairs crimped in the RJ-45

connectors at both ends are different. It connects a terminal device (PC or router)

to another terminal device. You make crossover cables by yourself.

 Note:

In making network cables, shielded cables are preferred for the sake of

electromagnetic compatibility.

8-7

Page 66

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

8.4.6 Connecting the Interface Cable

Step 1: Plug one end of the cable to an Ethernet port of the FE module on the security

gateway and another end to the desired device. (For a PC or Router, use a

straight-through cable; for a HUB or LAN Switch, use a crossover cable.)

Step 2: Power up the security gateway and check status of the LINK LED on the FE

module. ON means a link is present. OFF means no link is present and you should

check the connection.

Caution:

Read the mark of a port carefully before you connect it; a wrong connection can cause

damages to the interface module and even the device.

8.5 1GBE/2GBE Module

8.5.1 Introduction

1-/2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE/2GBE)

can provide the communications between the SecPath V1000-A and a LAN.

The 1GBE/2GBE module supports:

z The transmission distance of 100 meters over category-5 twisted-pair cable

z Three operating rates: 1000 Mbps, 100 Mbps, and 10 Mbps, with auto-sensing

z Full-duplex mode

8.5.2 Appearance

Figure 8-9 and Figure 8-10 show respectively the 1GBE and 2GBE module.

Figure 8-9 1GBE module

8-8

Page 67

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Figure 8-10 2GBE module

8.5.3 Interface Attributes

Table 8-5 shows the interface attributes of the 1GBE/2GBE module.

Table 8-5 Interface attributes of the 1GBE/2GBE module

Attribute 1GBE 2GBE

Connector RJ-45

Number of connectors 1 2

Interface type MDI/MDIX

Interface standard 802.3, 802.3u, 802.3ab

Cable type Ethernet cable

Operating mode

8.5.4 Panel and Interface LEDs

Figure 8-11 and Figure 8-12 show respectively the panel of the 1GBE and 2GBE

modules.

Figure 8-11 1GBE module panel

10/100/1000 Mbps, auto-sensing

Full-/half-duplex autonegotiation

Figure 8-12 2GBE module panel

8-9

Page 68

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Table 8-6 describes the LEDs on the 1GBE/2GBE module panel and how to read their

status.

Table 8-6 LEDs on the 1GBE/2GBE module

LED Description

LINK OFF means no link is present; ON means a link is present.

OFF means no packets are being transmitted/received on the

ACT

interface; blinking means packets are being transmitted/received on the interface.

8.5.5 Interface Connection Cable

I. Ethernet cable

The 1GBE/2GBE module uses a category-5 twisted-pair cable with RJ-45 connectors

Figure 8-13). Pins 1 and 2 of the connectors are for transmitting data, and Pins 3

(see

and 6 are for receiving data.

Figure 8-13 Ethernet cable

II. Making an Ethernet cable

To make an Ethernet cable with RJ-45 connectors using a category-5 twisted-pair cable,

refer to

Figure 8-14. A category-5 twisted-pair cable is composed of eight wires that are

identified and grouped by colors of the outer insulator. Usually a solid color wire and a

white/solid color wire are organized in pairs. But sometimes, wires are also paired by

color coded points.

8-10

Page 69

Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules

Blue

Pair 1

White/blue

Orange

Pair 1

White/orange

Green

Pair 1

White/green

Brown

Pair 1

White/brown

Figure 8-14 Category-5 twisted-pair cabl

Ethernet cables are divided into two categories: straight-through and crossover.

z Straight-through cable: The sequences of the twisted pairs crimped in the RJ-45

connectors at both ends are the same. The cable connects a terminal device (PC

or router) to a HUB or LAN Switch.

z Crossover cable: The sequences of the twisted pairs crimped in the RJ-45

connectors at both ends are different. The cable connects a terminal device (PC or

router) to another terminal device. You can make crossover cables by yourself.

For the Ethernet cable pinout, see Low-End and Mid-Range Series Routers Cable Manual.

8.5.6 Connecting the Interface Cable

Step 1: Plug one end of the cable to the GE port on the 1GBE/2GBE module on the

SecPath V1000-A and another end to the peer device. (For a PC or Router, use a

straight-through cable; for a HUB or LAN Switch, use a crossover cable.)

Step 2: Power up the SecPath V1000-A and check the status of the LED for the module

on the front panel of the SecPath V1000-A. ON means the module has passed the

POST and can operate normally; OFF means the POST fails. In the latter case, contact

your agent for help.

Step 3: Check the status of the LINK LED on the 1GBE/2GBE module panel. ON

means a link is present. OFF means no link is present; check the line for the cause.

8-11